On-premise appliance for IP telephone provisioning, call processing, and device management. Enables Level365 to deliver secure VoIP connections, monitor voice quality, and quickly remediate issues. Provides failover to an alternate internet connection when the primary internet connection is lost, keeping your essential voice services online.
Session Border Controller (SBC)
Level365 positions the SBC at the network perimeter (or border), so it can control and secure the voice traffic and connected devices. The controller connects directly to the internet service provider and runs parallel to any network firewall or router. At this level the SBC performs three primary functions- delivering consistent connectivity, keeping calls and devices secure, and reducing downtime by allowing for a failover to a secondary internet connection.
Redundancy
Whether due to lost productivity or lost revenue, downtime of business-critical systems can be costly. In addition to our cloud-based services, Level365 can increase call availability by leveraging two internet connections for the controller to utilize. This allows the telephones to automatically failover to a secondary internet service which keeps users online and reduces downtime due to a circuit outage.
Performance
Internet firewalls are designed to protect the local network by keeping unwanted traffic out. For voice services, this can lead to communication problems such as one-way or no audio on calls, inconsistent ringing, and telephones not being able to register online. By deploying the SBC, which is a firewall specifically designed for SIP applications, Level365 avoids these pitfalls. This allows for the best user experience, greatly reduces issues, and leaves the voice services in the hands of the experts.
Security
VoIP services and IP telephones are frequent targets of attacks. Some common VoIP attacks include:
- Service theft & fraud: Attackers accessing a VoIP system to route traffic and use network resources without paying for them
- Spoofing: Deliberately modifying or disguising an identity (for example, caller ID) on the network
- DoS/Distributed Denial-of-Service (DDoS) attacks: Flooding a server or SBC with requests to overwhelm its available resources
Level365 thwarts these by utilizing the SBC to protect services and employees via encryption, topology hiding, traffic policing, and call admission control. The SBC only communicates with Level365 cloud servers, preventing unauthorized access and attacks. We also ensure that conversations are secure by encrypting the signaling to prevent communications from being illegally intercepted or tampered with as well as maintaining privacy.
Deployment Options
- Static IP - This is the most common configuration with the controller sitting parallel to the end user firewall/router. An unused static public IP is assigned from the internet service and the controller is connected directly to the internet service provider's equipment (WAN). The LAN port of the controller is connected to the end user’s network switch with a local static IP assigned.
- DHCP - A dynamic (DHCP) internet service may be used if the internet service is dedicated for the controller. The physical connections are the same as a static IP deployment with the controller being connected directly to the ISP equipment (WAN) and a local static IP is assigned for the LAN connection to the end user network switch.
- Proxy ARP Mode - Proxy ARP mode is most often used when there is a single physical handoff available from the internet service provider. The controller manages the voice traffic while acting as a passthrough for the IP address assigned to the end user router/firewall. This allows for efficient routing of both SIP and non-SIP traffic and eliminates the need for additional network equipment.
If only a single connection is available from the ISP, and Proxy ARP mode is not being enabled, a VLAN capable managed switch should be used to share the connection to the end user router/firewall and the SIP session controller.
- VLAN - If a voice VLAN is being utilized, the controller LAN port should be connected to an untagged port on the local network switch. The controller may act as the DHCP server for the IP telephones if needed.