Network-adaptive Border Controller DST
Distributed Security for ControlSwitch Networks
The Network-adaptive Border Controller DST (N-aBC DST) is a comprehensive distributed security solution for networks built with the Veraz ControlSwitch. The N-aBC DST offers significant advantages over traditional standalone session border controller products including:
  • Integrated support for wireless and wireline TDM and IP applications: SS7, SIP, H.323, SIP-I, PRI-ISDN, TCAP and CAS.
  • Improved security through global security policies and semantic security rules
  • Lower total cost through integration into the Veraz ControlSwitch and I-Gate 4000 Media Gateway platforms
  • Faster and less complex development of new services through an application-independent security architecture
  • 10:1 VoIP bandwidth reduction while maintaining toll-grade quality
The N-aBC DST is a distributed system that consists of the following components:
  • ControlSwitch IBCF - provides signaling security and session management and is a software element integrated into the ControlSwitch
  • BGW - provides IP media management and is available on the Veraz I-Gate EDGE or I Gate 4000 PRO platforms. The IBCF controls the BGW through a standards-compliant H.248 interface.
Network-adaptive Border Controller DST

The N-aBC DST fully integrates security and session management for both IP (SIP or H.323) and traditional TDM (SS7/IN, PRI-ISDN and CAS) services and full support for SIP-I (GSMA) and SS7 to SIP and H.323 interworking.

The integration of the N-aBC DST into the ControlSwitch means that signaling and media routing, call control and transcoding can be optimized network-wide. The N-aBC DST supports Veraz’s unique RTP mux feature that enables the media path to be defined on a call-by-call basis independent of the signaling path. This provides highly granular real-time media routing algorithms which can be used, for example, to ensure least cost or highest quality paths are used, to implement dynamic load-balancing and, in the event of network congestion or node failure, to reroute around node failures or congestion to ensure service delivery.

The N-aBC DST works in real-time with the ControlSwitch Policy Engine to manage and enforce local and global security policies. This enables the security policies applied at each access point to the network to reflect both what is happening at that node and what is happening across the network in real-time. Standalone SBCs only implement policies driven by information available locally at each node.

The N-aBC DST provides a cost optimized security and session management architecture for ControlSwitch networks. The N-aBC DST is an incremental upgrade of the ControlSwitch and I-Gate 4000 PRO, unlike standalone SBCs, which are a separate overlay solution. In addition, the N-aBC DST is managed by the VerazView EMS which also manages the ControlSwitch and Veraz BGWs. This eliminates the need for a standalone security EMS, simplifies the management of security policies and provides end-to-end QoS reporting, auditing and diagnostics.

The N-aBC DST is architected as an Application Layer Gateway (ALG), unlike traditional SBCs which are typically SIP Back-to-Back User Agents (B2BUA). ALGs provide all of the security capabilities of a B2BUA but are transparent to the end-to-end flow of signaling messages significantly reducing the time and cost to deploy new services.

The N-aBC DST also leverages Veraz’ deep expertise with media bandwidth optimization. The N-aBC DST’s RTP mux feature reduces the bandwidth required to carry VoIP traffic by up to 90% while maintaining toll-quality. This optimization lowers the cost to provide VoIP services and helps minimize the potential for network traffic congestion.

N-aBC DST … The IP Peering Security Solution for ControlSwitch Networks:
Local and network-wide security policies

The N-aBC DST works with the ControlSwitch Policy Engine to enable security policies based on network-wide, real-time data, thereby preventing attacks that are distributed across the network.

Network-optimized routing

The N-aBC DST works in conjunction with the ControlSwitch to ensure network-optimal routing and enables complete, real-time control of the signaling and media path for each session.

10:1 VoIP bandwidth reduction without degradation in voice quality

The N-aBC DST’s RTP mux feature reduces the bandwidth required to carry VoIP sessions by up to 90% without sacrificing voice quality.

Application-independent security and session management

The N-aBC DST is transparent to the user’s signaling packet flow significantly simplifying the process of developing and deploying new services.

Comprehensive support for TDM wireless and wireline applications

The N-aBC DST supports over forty variants of SS7, SIP-I, SS7 to SIP interworking, PRI-ISDN, CAS and TCAP allowing service providers to fully leverage their TDM/IN service investment.

Simplified OAM&P with VerazView EMS

The N-aBC DST is managed as an integral part of the ControlSwitch through the VerazView EMS which eliminates the need for a standalone security EMS.

Semantic security rules

The N-aBC DST checks the semantics and the syntax of SIP messages, significantly increasing the security of the core network.

Energizing Communications
Features & Specifiation

Signaling & Control Protocols
  • SIP
  • SIP-I (GSMA)
  • H.323 Slow & Fast Start
  • H.248
  • SS7 (40+ variants)
  • PRI-ISDN
  • CAS
  • TCAPM
Media Protocols
  • RTP
  • Codecs: G.729 , G.711, G.723
  • T.38 fax
Security
  • NAT and firewall with dynamic pinholing
  • DoS/DDoS attack protection
    • White/Black/Gray IP addr. lists
    • Stateful packet flow inspection
    • DPI of IP/TCP/UDP packets
    • Session rate limiting
  • Syntactic and semantic (50+) security rules
  • Network topology hiding
  • Centralized real-time policy control (ControlSwitch Policy Engine) for both local and network-wide policies
  • Subscriber privacy
  • VLAN support (up to 16*)
  • Fraud detection and prevention
  • TLS and IPSec encryption
Connectivity
  • Far-end firewall and NAT traversal
  • Packetization period and silence suppression interworking
  • Minor signaling protocol fix-ups and repair
  • Call-by-call transcoding:
    • T.38
    • DTMF interworking
  • Inter-VPN connectivity

* Specifications for BGW on the I-Gate 4000 EDGE platform. For information on the BGW on the I-Gate 4000 PRO platform please contact Veraz Networks.


Management (VerazView EMS)
  • End-to-end call trace with packet statistics
  • CDR browser for debugging
  • End-to-end QoS reporting and policing
  • Multi-level DDoS attack alarms
  • End-to-end single CDR generation
Network Cost Optimization
  • Real-time network-wide least cost routing
  • Distributed and fully separable media and signaling resources
  • Network-wide minimized use of codecs
  • RTP Mux: 96% lower IP-IP VoIP bandwidth (G.729)
  • Forced Media Routing
  • Media failover and loadshare
Service Assurance
  • L3 and L5 static/dynamic ACLs
  • Trusted user access during attacks
  • Call-by-call QoS monitoring and reporting
  • ToS bit marking, VLAN mapping
  • Optimized network-wide routing:
    • Failure detect and re-routing
    • Load balancing
Performance Specifications
  • Sessions: 8,000 up to 500,000
  • Call attempts/sec: 50 up to 3,000
  • DDoS: up to 250,000 packets/sec
Power Specifications
BGW* Nominal Max/Min
DC -48/-60V -75/-36V
AC -220/110V 90/265V
IBCF Nominal Max/Min
DC -48/-60V  
AC -220/110V 100/240V
  BGW* IBCF
Max dissipation: 76W 500W


Physical Specifications
  • Dimensions (H*W*D) (mm)
    • IBCF: 44.45 (1U) * 435 * 350
    • BGW: 89 (2U) * 424 * 508
  • Weight (Kg)
    • IBCF: 16Kg
    • BGW*: 4 Kg
  • Network Interfaces
    • IBCF: 4 10/100/1G Ethernet
    • BGW*: 1 10/100, 2 10/100/1G Ethernet
  • Redundancy
    • BGW*: 1+1 (AC, DC power supplies, BPSI main card, Ethernet ports)
    • IBCF: 1+1 AC, DC power
  • Temperature:
      Operating Storage
    IBCF -5°C – 40°C -40°C - 70°C
    BGW* -5°C – 50°C -40°C - 70°C
  • Relative Humidity:
    • IBCF: 5% to 85%
    • BGW*: 10% to 95%
Regulatory Standards
  • Safety
    • BGW*: UL 60950-1:2003, CAN/CSA -C22.2 No. 60950-1-03, CE EN60950-1:2001
    • IBCF: UL/CSA-60950-1, EN60950-1, IEC60950- 1 CB Scheme with all country deviations, IEC825-1, 2, and CFR21 part 1040
  • Environmental
    • BGW*: ETSI - ETS300 019, Telcordia GR-63-CORE
    • IBCF: ETSI – ETS300 386, Telcordia GR-63-CORE
  • EMC
    • BGW*: EN 300 386 V1.3.2 (2003-05), FTZ 1TR9:06-2002, Emission: EN55022, FCC CFR 47 part 15, ICES-003, VCCI V-3/2001.04, CISPR 22:04
    • IBCF: EN55022/CISPR22 Class A, FCC CFR47 Part 15 Class A, EN61000-3-2, EN61000-3-3
  • Immunity
    • BGW*:EN61000-4 2, 3, 4, 5, 6, 11
    • IBCF: EN55024/CISPR24

GLOBAL HEADQUARTERS
VERAZ NETWORKS, Inc
926 Rock Avenue
San Jose, CA 95131 USA
Tel: +1-408-570-9400
Fax: +1-408-546-0081

About Veraz Networks

Veraz Networks, Inc. (NASDAQ: VRAZ), is the leading provider of application, control, and bandwidth optimization products that enable the evolution to the Multimedia Generation Network (MGN). Service providers worldwide use the Veraz MGN portfolio to extend their current application suite and rapidly add customized multimedia services that drive revenue and ensure customer retention. The Veraz MGN separates the control, media, and application layers while unifying management of the network, thereby increasing service provider operating efficiency. Wireline and wireless service providers in over 50 countries have deployed products from the Veraz MGN portfolio, which includes the ControlSwitch™, Network-adaptive Border Controller, I-Gate 4000 Media Gateways, the VerazView Management System, and a set of customizable applications, including the verazVirtu softclient.