Skip to main content

Cloud-based session border controllers…now!


Service providers must virtualize session border controllers (SBCs) and deploy them in the cloud to support a new generation of advanced IP communications services. By deploying cloud-based SBCs service providers can reduce capital and operating expenses, accelerate time to market for new services and gain a new ability to scale services in step with the needs of enterprises and consumers.

SBC evolution: From custom platforms to the open cloud

Session border controllers are mandatory components of the service provider network. Deployed at the network border, SBCs cover capabilities such as signaling and media security, service-level agreement assurance and regulatory compliance. These capabilities ensure that voice, video and data communications sessions are controlled, managed and protected in a carrier-grade manner.

Traditional session border controllers are implemented on custom platforms or proprietary hardware. Most of these native SBCs use network processors and digital signal processors (DSPs) to support firewall, media processing and transcoding functionality. Scaling is difficult and expensive with native SBCs. Service providers configure them statically to support a prospective maximum subscriber base size — even though there is no guarantee that the network will grow to this degree.

Cloud-based or virtualized SBCs support the same capabilities as native SBCs but can be deployed on standard high-volume commercial off-the-shelf (COTS) servers. Cloud management platforms like OpenStack enable service providers to deploy COTS servers from different vendors and orchestrate resources to address the requirements of different applications. This flexibility allows service providers to scale and evolve their SBCs in step with subscriber growth, increased usage or changing requirements.

A move to the cloud streamlines operations

SBCs are well suited to cloud deployment. Their functions can be fully virtualized and run on any Network Functions Virtualization (NFV) platform. The shift from native to virtualized SBCs brings several key operational benefits to service providers. For example, the use of vSBCs allows service providers to:

  • Simplify hardware requirements —Virtualized SBCs eliminate the need for closed, customized or proprietary SBC hardware. In a vSBC environment, service providers can acquire hardware with a short lead time and turn it up in weeks instead of months. Existing deployed servers can be quickly reassigned if they are idle or if their capabilities are required to address changing usage patterns.
  • Use resources more efficiently — Virtualized SBCs can be deployed along with other applications on standard IT hardware. Service providers no longer have to keep spares – or keep re-training operations staff – to support each unique hardware platform at each site. Providers can still choose to keep spares after they move to vSBCs. The difference is that they can share these spares across all applications
  • Deliver scalable and shareable infrastructures — Virtualized SBCs use a common, distributed infrastructure that features centralized management and orchestration capabilities. Service providers can achieve new economies of scale by sharing this infrastructure across many applications.
  • Increase automation — Virtualized SBCs support standardized tools that automate the installation, configuration and provisioning of network elements. This automation can help service providers reduce costs and accelerate time to market for new services

Virtualization boosts bottom-line results

SBC virtualization also provides important business benefits to service providers. One such benefit is the ability to optimize total cost of ownership: Unlike native SBCs, virtualized SBCs can be sized to fit the edge profile of the cloud network at deployment time. Service providers can implement virtualized SBCs in small points of presence that support a few thousand subscribers or large central offices or data centers that support millions of subscribers.

What’s more, virtualized SBCs offer service providers a vehicle for using NFV to reduce costs and reach new markets. NFV supports hardware independence and flexible deployment configurations. These capabilities will enable service providers to adapt their networks to a broader range of services. NFV also supports network automation and more efficient resource use. Both will allow service providers to rapidly scale services up or down.

Applied correctly at the network border, NFV can optimize and secure the delivery of advanced communications services. Service providers will need to virtualize all network elements to harness the power of NFV. Virtualized SBCs will be a key point of focus as networks move to the cloud because they process signaling and media traffic and represent a significant proportion of all network resources.

Cloud-based communications unlock new markets

Service providers are serious about deploying Voice over LTE (VoLTE), Web Real-Time Communication (WebRTC) and Rich Communications Services (RCS) on a large scale. They want to drive data usage and revenue growth by extending a New Conversation Experience — featuring crisp voice, clear video, interactive data sessions and IP messaging — to millions of consumers and enterprises.

But growth demands greater capacity. It also demands simpler, faster ways to create, deploy and scale applications. In the search for answers, many are looking to Network Functions Virtualization and the cloud.

By running IMS in the cloud, providers can simplify their networks and gain the means to reduce operating experiences, scale offers on demand and experiment with new services in an affordable way. They can also gain greater agility: The cloud cuts communications service deployment times from 12–18 months to weeks, and reduce service scaling times from months to minutes.

Session border controllers are central components of IMS. Moving SBC solutions to the cloud speeds service maturation by streamlining hardware procurement and installation and making it easier to provision, configure and assign resources. Service providers with virtualized SBCs can add virtual machines (VMs) on demand to support new services or enhance existing ones. For example, a provider can add VMs to meet processing requirements for WebRTC, VoLTE and enterprise mobile communications services. Or, it can temporarily allocate VMs to support high traffic volumes generated by holidays such as Mother’s Day. By capitalizing on the flexibility of virtualized SBCs, service providers can reinvent their communications offerings.

Virtualized SBCs adapt to changing network and market conditions

Adaptability is an important outcome of SBC virtualization. With virtualized SBCs, service providers don’t have to commit to a major hardware and software investment up front and then hope that the service hits the mark with subscribers. The virtualized deployment allows them to launch new services quickly. If the market doesn’t materialize or the need is temporary, they can just as quickly reassign the related resources to other applications.

For example, service providers with virtualized SBCs can deploy network-based firewall or denial- of-service/distributed denial-of-service (DoS/DDoS) attack protection services exactly when and where they are needed. These services can be deployed across physical locations and boundaries and combined with other virtual or physical network services (such as load balancers) though the NFV concept of “service chaining.”

Virtualized SBCs remove the need to accurately predict the magnitude of signaling traffic (RCS traffic), packet traffic (video call percentage) and media processing requirements. Service providers can create highly efficient just-in-time service implementations by launching additional VMs for each independent function type. In addition, some virtualized offer built-in functionality that balances signaling traffic load across multiple VMs. Built-in load balancing allows service providers to scale SBC resources transparently, without making configuration changes to the User Element, IMS core or packet data network gateway.

The end product of virtualized SBC adaptability is an agile, responsive and dynamic virtual environment that scales based on events and configuration updates. This adaptability ensures that businesses can continue to monitor and enforce the same set of security controls and compliance requirements as they move from to the new virtualized environment.

Solutions that boost bearer performance help build credibility

Shifting to cloud-based SBCs will enable service providers to become more adaptable, agile and flexible. But bearer performance will still be the benchmark by which enterprises and consumers judge their offerings. To create credible cloud-based SBC offers, service providers must ensure that these offers maintain or exceed the level of bearer performance delivered by native SBCs.

Service providers rely on SBCs to carry signaling and media traffic. For every media session, an SBC processes approximately 100 packets per second. The amount of media traffic is significantly higher than signaling traffic and requires strict processing adherence to prevent packet loss and minimize latency and jitter.

General-purpose hardware has advanced to the point where it can support 8 or more cores per processor and 2 or more processors per board. Today’s servers combine this high processing power with high memory capacity and high-speed I/O. With respect to basic packet processing, it is now realistic to expect that virtualized SBCs will equal or exceed the performance of native hardware-based SBCs. Media processing and transcoding functions are also supported by virtualized SBC functions, but DSP-based implementations may continue to deliver superior performance over the next few years.

Service providers can choose from many different technology options as they seek to virtualize the data plane. The most mature option combines Single Root I/O Virtualization with Intel® Data Plane Development Kit (DPDK) technology. This combination provides fast packet processing and ensures that virtualized SBCs can deliver the same quality of experience as their native counterparts. Service providers that adopt Intel DPDK technology can lay the groundwork for an optimal cloud implementation with high-capacity throughput that makes bearer processing feasible on COTS hardware.

Cloud-based SBCs: The right choice for the long term

Native SBC solutions will continue to provide value to service providers over the short and medium term. But cloud-based SBC solutions will replace these native solutions over the next 3–5 years, as media processing application costs become competitive and the market begins to recognize the benefits of early vSBC deployments.

For service providers, it is crucial to choose SBCs for the long term. Service providers can start today with a traditional model deployed on COTS servers. They can then expand into data centers and implement cloud-based SBCs when the NFV paradigm matures.

To contact the author or request additional information, please send an email to

Laurent Guegan

About Laurent Guegan

During 20 years at Alcatel-Lucent, Laurent Guégan has worked across a variety of technology domains including xDSL, IP/MPLS and IMS. He has held diverse customer-facing roles including post-sales and pre-sales support, solution manager, and product/solution marketing manager. Laurent has demonstrated several times his ability to address different market segments and now focuses on Alcatel-Lucent IP Border Controllers and Policy Management products.

Ashwin Rana

About Ashwin Rana

Ashwin Rana is Sr. Product Manager at Alcatel-Lucent responsible for strategy and execution of Session Border Controller Products in Plano, Texas. Ashwin brings over 19 years of experience in Security and IP session management products like Session Border Controller, Security Gateway (VPN Concentrator), Load Balancer and Session Manager to Alcatel-Lucent. Prior to joining Alcatel-Lucent Ashwin was Sr. Director of Product Management and Systems Architecture for Security product business line at AudioCodes/Netrake. Ashwin brings wealth of knowledge and experience in Security, VoIP and IP Inter-networking technologies. Ashwin started his career in processor design at Cyrix Corporation and was responsible for cache and bus architecture of next generation high performance, super-scalar, super-pipelined x86 microprocessors. He holds a Master’s degree in Electrical Engineering from the University of Texas at Dallas, Richardson, Texas and earned his bachelor’s degree in electronics engineering at the Birla Vishvakarma Mahavidyalaya, Gujarat, India. Ashwin also holds 11 patents in the areas of network processors, lawful interception and network Security and has published paper on the SIP security in Bell Lab’s Technical Journal.

Article tags