The iMN Network-adaptive Border Controller (iMN N-aBC) is a comprehensive access and peering security and session management solution for iMN networks. The iMN N-aBC offers significant advantages over traditional session border controller products including:
- Improved security through global security policies and semantic message checking
- Integrated security for web-services based applications
- Simplified development of new services through application-independent security architecture
- Significantly lower VoIP bandwidth requirements with toll-quality performance
- Integrated network-wide operations, administration and management through VerazView EMS
The iMN N-aBC works with the iMN to enforce real-time local and global security policies. This means that the security and routing policies applied at each access and peering point to the network reflect not only what is happening at that node but what is happening across the network in real-time.
Many of the applications service providers are trying to deploy today are based on web application protocols such as HTTP, DNS, MSRP and XCAP, protocols a traditional SBC does not support. The iMN N-aBC includes both syntactic and semantic checking for all of these protocols which significantly improves security right at the edge of the network.
SBCs are typically implemented as back-to-back user agents (B2BUAs) which are inherently not application transparent and often interfere with the intended behavior of new applications. The iMN N-aBC though is architected as an Application Layer Gateway (ALG). ALGs provide all of the security capabilities of a B2BUA but are transparent to the end-to-end flow of signaling messages which reduces the time and cost to deploy new services.
The iMN N-aBC also leverages Veraz’ deep expertise with media bandwidth optimization. The iMN N-aBC’s RTP mux feature reduces the bandwidth required to carry VoIP traffic by up to 96% while maintaining toll-quality. This lowers the cost to provide IP services and helps minimize the potential for network traffic congestion. In addition, RTP mux enables the media path to be defined on a call-by-call basis independent of the signaling path. This provides highly granular real-time media routing algorithms which can be used, for example, to ensure least cost or highest quality paths are used, to implement dynamic load-balancing and, in the event of network congestion or node failure, to reroute around node failures or congestion to ensure service delivery.
Finally, management of the iMN N-aBC is fully integrated into the VerazView Element Manager eliminating the need for a separate security device management system. This not only lowers the cost of operations but simplifies it as well reducing training costs and the risk of errors.
The iMN N-aBC checks the semantics not just the syntax of SIP messages significantly increasing the security of the core network.
The iMN N-aBC works with the iMN to enable security policies based on network-wide, real-time, data, thereby preventing attacks that are distributed across the network.
The iMN N-aBC works in conjunction with the iMN to ensure network-optimal routing and enables complete, real-time, control of the signaling and media path for each session.
The iMN N-aBC’s RTP mux feature reduces the bandwidth required to carry VoIP sessions by up to 90% without sacrificing voice quality.
The iMN N-aBC is transparent to the user’s signaling packet flow. This significantly simplifies the process of developing and deploying new services.
The iMN N-aBC’s ALG secures web applications based on HTTP, DNS, MRSP and XCAP.
Management of the iMN N-aBC is integrated with the iMN through the VerazView EMS eliminating the need for a standalone security EMS
- SIP
- H.248
- RTP
- Codecs: G.729 , G.711, G.723
- T.38 fax
- NAT and firewall with dynamic pinholing
- DoS/DDoS attack protection
- White/Black/Gray IP addr. lists
- Stateful packet flow inspection
- DPI of IP/TCP/UDP packets
- Session rate limiting
- Syntactic and semantic (50+) security rules
- Network topology hiding
- Centralized real-time policy control (iMN) for both local and network-wide policies
- Subscriber privacy
- VLAN support (up to 16)
- Fraud detection and prevention
- TLS and IPSec encryption
- Far-end firewall and NAT traversal
- Packetization period and silence suppression interworking
- Minor signaling protocol fix-ups and repair
- Call-by-call transcoding:
- Inter-VPN connectivity
- End-to-end call trace with packet statistics
- CDR browser for debugging
- End-to-end QoS reporting and policing
- Multi-level DDoS attack alarms
- End-to-end single CDR generation
- Real-time network-wide least cost routing
- Distributed and fully separable media and signaling resources
- Network-wide minimized use of codecs
- RTP Mux: 96% lower IP-IP VoIP bandwidth (g.729)
- Forced Media Routing
- Media failover and loadshare
- L3 and L5 static/dynamic ACLs
- Trusted user access during attacks
- Call-by-call QoS monitoring and reporting
- ToS bit marking, VLAN mapping
- Optimized network-wide routing:
- Failure detect and re-routing
- Load balancing
- Sessions: up to 8,000 concurrent signaling and media*
- Call attempts/sec: 50
- DoS/DDoS protection: minimum 300,000 packets/sec
*2H08 – Up to 18,000 concurrent signaling and media sessions, or 33,000 signaling only sessions.
- Max dissipation: 76W
| |
Nominal |
Max/Min |
| DC |
-48/-60V |
-75/-36V |
| AC |
-220/110V |
90/265V |
- Dimensions (H*W*D): 89 (2U) * 424 * 508 (mm)
- Weight: 4 (Kg)
- Network Interfaces: 1 10/100, 2 10/100/1G Ethernet
- Redundancy: 1+1 (AC, DC power supplies, BPSI main card, Ethernet ports)
- Temperature:
- Operating -5°C - 50°C
- Storage -40°C - 70°C
- Relative Humidity: BGW: 10% to 95%
- Safety : UL 60950-1:2003, CAN/CSA -C22.2 No. 60950-1-03, CE EN60950-1:2001
- Environmental: ETSI - ETS300 019, Telcordia GR-63-CORE
- EMC: EN 300 386 V1.3.2 (2003-05), FTZ 1TR9:06-2002, Emission: EN55022, FCC CFR 47 part 15, ICES-003, VCCI V-3/2001.04, CISPR 22:04
- Immunity: EN61000-4 2, 3, 4, 5, 6, 11
Veraz Networks, Inc. (NASDAQ: VRAZ), is the leading provider of application, control, and bandwidth optimization products that enable the evolution to the Multimedia Generation Network (MGN). Service providers worldwide use the Veraz MGN portfolio to extend their current application suite and rapidly add customized multimedia services that drive revenue and ensure customer retention. The Veraz MGN separates the control, media, and application layers while unifying management of the network, thereby increasing service provider operating efficiency. Wireline and wireless service providers in over 50 countries have deployed products from the Veraz MGN portfolio, which includes the ControlSwitch™, iMN Multimedia Delivery Platform, Network-adaptive Border Controller, I-Gate 4000 Media Gateways, the VerazView Management System, and a set of customizable applications, including the verazVirtu softclient.
