The Contact Center Guide to SBC SIP Trunking

In a time when virtual communications are the new normal, businesses have new, complex problems to solve. Companies modernizing to the cloud rely on session border controllers (SBCs) to connect their media technologies. SBCs secure your company communications while harmonizing your voice, media, and phone system services.


Virtual communications are here to stay, and that presents new challenges for modern companies to plan for. How do you unify your cloud technologies while keeping your company communications secure? When it comes to voice and messaging, the answer for most organizations has been secure SIP trunking via session border controllers. SBC SIP trunking is an industry-standard for midmarket and enterprise organizations. Thanks to the rise of popular platforms like Microsoft Teams, Enterprises have long relied on session border controllers (SBC) for these functions. Now thanks to platforms like Microsoft Teams gaining popularity, SBC solutions are more accessible to companies of all sizes than ever before. 

Understanding SBCs may seem complicated at first. But no need to worry, because that's where we come in! With The Contact Center’s Guide to SBC SIP Trunking, you'll learn:

  • The primary functions a virtual session border controller plays in your tech stack. 
  • What you need to know about how an SBC executes those functions.
  • Tips for selecting the right SBC vendor for your business needs. 
  • How to set up an SBC solution for your company communications.

The 3 Key Functions of Session Border Controllers

Businesses today rely on unified communications to better connect with their customers. The average number of applications used in a companies tech stack continues is only increasing. With so many technologies "talking" to one another, errors are bound to occur. If the technologies aren't synchronized well, they become impossible to manage and effectively useless. More importantly, attaching so many different tools and services to your network creates security and compliance risks for your organization.

Creating a technology ecosystem that's secure and manageable is now a requirement for organizations. This is where a session border controller in your network is critical. Deploying a virtual session border controller serves three critical functions: security, SIP Trunking, and compliance. Let's review what's involved in those functions before exploring how an SBC solution delivers on those requirements.

1. Security

One of the most important roles of a virtual SBC is its security. An SBC was purpose-built to protect VoIP networks from malicious attacks that can endanger your call center. The functionality to block spoofed calls, prevent toll fraud, denial of service (DoS), distributed denial of service (DDoS), and registration storms help regulate communications through the following built-in actions:

Disguising Network Topology. Hosted SBCs can hide private company information, such as IP addresses and network topology (architecture), from hackers trying to access network services. SIP applications use a logical element called B2BUA, which stands for back-to-back user agent, to keep private information hidden and undetectable from prying eyes.

Signal Encryption. SBCs use a scrambling code to lock or unlock SIP-based data by the recipient of “digital” keys. Signal encryption helps weed out eavesdroppers and keep conversations secure at both ends. Transport Layer Security (TLS) and IPsec (IP Security) are standard types of signal encryptions used to authenticate two endpoints of a call.

List Monitoring. Managed SBCs monitor interactions, server registration requests, and use (or over-use) of network resources before it overwhelms the network. The SBC categorizes users into three lists with different levels of network access:

  • Whitelists: Granted full access.
  • Blacklists: Removed/blocked from access.
  • Greylists: Provided partial access.

2. Secure SIP Trunking (BYOC)

Think of SIP Trunking as a virtual connection between your communication platform and your voice services (carriers). This is commonly called Bring Your Own Carrier (BYOC). Rather than relying on one voice service, BYOC means connecting to the best carrier for your needs depending on the scenario. SIP trunks make BYOC possible by acting as the bridge between your phone system and the voice service of your choice.

A popular example of this is Microsoft Teams Direct Routing.

Rather than rely on Microsoft's default VoIP service (known as Calling Plans), Direct Routing allows for BYOC so you can connect other VoIP services to your Teams Phone System. For Teams users, that means better phone number coverage, calling rates, and international call quality compared to Calling Plans. But these networks may use hundreds or even thousands of different protocols and codecs to operate, and those need to be translated into a unified language within your technology ecosystem.

In a growing number of platforms like Teams, SIP Trunking and BYOC are only allowable through a session border controller. Hosted SBCs improve on standard SIP trunking methods by adding layers of security, compliance control, and Quality of Service monitoring into your interconnects. With a session border controller in place, businesses can communicate confidently with customers knowing their SIP trunk connections are safe, secure, and compliant.

3. Compliance

Governing bodies around the world are trying to create new legislation as fast as our technology is evolving. For example, the FCC recently enacted a framework called STIR/SHAKEN to combat the rise of robocalls and spoofed phone numbers, a move that has major implications for any organization terminating to recipients in the US & Canada. However, the FCC has modified its guidelines and legal requirements imposed by STIR/SHAKEN several times since it was passed.

In major markets like India, China, and several Middle Eastern countries like the UAE, regulations governing the use of VoIP are constantly changing. As we move into a world of unified communications, how do you ensure compliance standards are met in every area of your technology ecosystem? 

Enter the third critical function of session border controllers - keeping your organization compliant! Session border controllers ensure every technology and service connected to your organization maintains compliance standards. Just as importantly, an SBC allows you to quickly update your compliance standards across your entire tech stack as regulations evolve. You could describe a hosted SBC as a 3-in-1 gatekeeper, acting as your security guard, traffic & data transcoder, and compliance manager.

Securing Your Network with a Virtual SBC

SBCs aren’t just for SIP trunking! A virtual session border controller safeguards your contact center's communications from malicious traffic and fraudsters trying to gain access to your data. Let's look at some of the specific functions a managed SBC uses to protect your network.

Multimedia Monitoring

Business VoIP networks grow as other types of media are incorporated. New media comes with new codecs. Session border controllers support native codecs, transcoding each session back and forth to ensure the utmost quality of service (QoS) for both parties while screening for potential threats to your infrastructure.

Network Redundancy

Redundancy in a network ensures that call lines are always up and running, even when a disruption occurs. Having network availability through failover routing keeps revenue-generating activities intact. When part of a network falls offline, implementing a business continuity plan can heed a course of action, protecting operations so money doesn’t go to waste. 

Traffic Reporting

Remember how we talked about your session border controller being a 3-in-1 tool? Cloud-hosted SBCs help analyze traffic data that could affect your call center performance KPIs. These devices pull data regarding performance and service-level your company is providing, including:

  • Bandwidth. The maximum rate of data consumed to transfer signals over a network for VoIP services.
  • Latency. Refers to the delay in calls due to network congestion. 
  • Jitter. The latency variance over time. Having “zero jitter” means the same latency is continuous (no change), whereas signals with latency variations have a “degree of jitter” in the network. 
  • SLA Compliance. Metrics such as uptime, first call resolution, and NPS that form your service level agreement.

Bring Your Own Device (BYOD)

BYOD is a policy that companies are implementing so remote employees can access network resources from their personal mobile devices. With hundreds to thousands of devices trying to gain server access, network security is an obvious concern. In addition to thwarting unwelcome visitors from accessing company data, but cloud-based SBCs also prevent application layer attacks like registration storms from endangering servers due to a flood of new requests.

Setting Up a Cloud-Based SBC Solution for SIP Trunking

Cloud-hosted session border controllers are uniquely designed to do a lot of the backend work automatically for your business network. Think of it like “SBC as a service.” These full-service solutions remove the need to manage your own SBC device. Instead of manually following Audiocode’s 130+ SBC step configuration guide, let dedicated experts configure your SBC for SIP trunking and network security. The benefits a virtual SBC include:  

Bring Your Own Carrier (BYOC)

BYOC delivers brands a service where they can keep their voice provider while expanding the reach, functionality, and business tool integrations from another. BYOC + SBC assists organizations with maintaining costs through legacy rates and improving efficiencies through cloud technology and routing features of a third-party provider.

Microsoft Teams Direct Routing is a SIP integration companies are using to modernize their communications, unifying their various platforms into one centralized environment. Bringing a voice carrier - like AVOXI - into your Teams environment helps expand reach to several hard-to-reach countries and access global inventory numbers right from the platform.

SIP Interconnections

Millions of SIP variations exist today, and each one requires real-time translation that’s natively supported by the end-user device. It’s a two-way functionality - sessions are constantly transcoded within the call with every interaction.

NAT Traversal

NAT traversal is useful for companies with remote teams, supporting agents through BYOD policies to safely access internal networks and resources. Personal devices are outfitted with NAT - network address translation - which converts signals between an Internet provider’s address and a private address (assigned by your home WiFi) and all registered devices. NAT traversal instructs the sessions on how to navigate through the router and terminate on a device. 

DMTF tones, or dual-tone multi-frequency, are touch tones necessary for SIP trunking and established legacy technologies. These tones are sent via robust interworking of telephone systems with auto-attendants and preset call routing rules.

Are Session Border Controllers Required for BYOC? 

Technically speaking, SIP trunking does not require a session border controller. However, popular platforms like Teams require a virtual SBC for BYOC. As a response, cloud-based session border controllers are becoming a basic security standard for most organizations taking advantage of BYOC.

SBCs enhance the coverage, quality, and cost-saving benefits of SIP trunking while providing layers of security throughout every connection in your network.

Managing Compliance with Cloud-Hosted SBC Technology

Compliance-heavy industries will enjoy the ease of policy management control with a virtual SBC deployed within their communications infrastructure. These devices are equipped with controls to handle regular policy updates across networks and depending on your business size, you can use one or several devices to enforce compliance. 

There are two types of SBC policy management control systems to consider: 

  • Localized Policy Management. This system is used when the VoIP network lives on a local server. The SBC maintains its own set of unique policies for its subscribers. 
  • Centralized Policy Management. A model used to make regular and automatic updates involving several SBCs simultaneously. Changes are made using a master policy server, ensuring changes are consistent throughout. 

IT professionals can apply updates at any time to one or multiple servers. Businesses with smaller networks generally have one SBC and lean to a localized policy management system, which allows technicians to spend less on resources because it doesn’t require any additional equipment. 

Larger networks may use several SBCs as their communications span multiple servers all over the world. This is where a centralized policy management system comes into effect - and while organizations incur larger upfront costs - companies save more in the long run because one device per network is doing the job of several siloed technologies. 

Setting Up Your Virtual Session Border Controller

An SBC is vitally important to the integrity of your communications network. Deploying a hosted SBC - though worth it - can be quite a tedious task. There are a lot of configurations and integrations of applications and devices your IT team must do prior to testing and troubleshooting. Not having enough internal help could delay the project further. 

You want a reliable, Microsoft-certified virtual SBC for Direct Routing. Below, we’ll talk through the types of SBC vendors that are out there, as well as how to confidently purchase and set up your own device.

Direct vs. Indirect SBC Resellers

  • Service Providers (Carriers). Carriers provide the SIP trunking service and network infrastructure. Owning and monitoring both of these services allows them to offer full-service support and comprehensive Service Level Agreements. 
  • IT Service Providers/Application Service Providers. ITSP/ASPs develop custom niche voice and data applications that extend the functionality of the vendor’s gear. They typically own their own localized switching infrastructure with application servers. 
  • Value-Added Resellers. The value-add services are generally used in the deployment phase and include such services as integrations, consulting, and training. VARs are also actively managing the entire implementation process for their customers. 
  • Systems Integrators. SIs specialize in integrating various hardware and software and customize business applications. They target large multinational companies just like themselves. 
  • Value-Added Distributors. VADs carry manufactured inventory but only sell to resellers. They differentiate themselves by offering enhanced support services (marketing, education, finance, technical resources, etc.) to foster relationships with their customers. 

AVOXI is a voice service carrier as well as a certified SBC provider for Teams. We consult organizations about improving voice services through a session border controller and even offer hosted SBC solutions, where your configuration is project managed by AVOXI from start to finish.

Tips for Choosing an SBC Vendor

When evaluating an SBC to deploy in your network, consider the following factors and questions. Selecting the right type of SBC for your business can greatly impact your call center performance, scalability, and reliability.  

Evaluating Performance:

  • Media Transcoding. How efficient does the hosted SBC transcode various types of media? 
  • Session Performance. Is there a limit to how many voice and video calls it can handle?
  • SIP Interoperability. How well does the SBC connect and “speak” with your network’s other devices and applications?
  • Policy Controls. How does it monitor and control network users and session traffic?
  • Supporting Concurrent Calls. What features complement volume scale?


  • Security. How well does the virtual SBC protect network data from unauthorized users and potential threats?
  • Network Redundancy. What’s the failover solution when part of the call center goes down?
  • Registration Rate. How many registrants can the SBC handle at once?
  • Dual-Tone Multi-Frequency. Will it support legacy equipment?

Manual Configuration vs. Hosted SBC Solutions

You can go two routes with your SBC implementation:

  1. Manually configure your session border controller in-house, or
  2. Leverage a hosted SBC solution to project manage your setup for you. 

A manual configuration is an option if you have the technical expertise and engineering resources necessary within your organization already. However, many enterprises with these resources still prefer a hosted solution as that saves their team time and shortens implementation time. It can also mean fewer mistakes and security concerns, as your implementation is managed by a certified service with expert consultation every step of the way. 

If you decide to go with the in-house approach, there are several steps to consider. We've summarized those steps into a few milestones below, using AudioCode's SBC Guide as a reference.

  1. Configure IP addresses. LAN and WAN IP addresses are assigned and define data routing IP addresses.
  2. Enable SIP SBC mode. Configure media channels and voice coders for transcoding capabilities. 
  3. Configure Inbound and Outbound IP routing. Routing sequence determined for IP inbound and outbound calls. 
  4. Verify pairing between SBC and direct routing. Confirm device can exchange sessions successfully with direct routing. 
  5. Troubleshoot. Test debugging procedures, verify network sniffer applications and firmware.

There’s a lot to oversee when it comes to doing it yourself. Why not let someone else project manage the implementation process and ensure a successful launch into your network?

Learn More About Virtual SBCs for SIP Trunk Security

Get all the benefits of an SBC without all the complex configurations and engineering resources. Let AVOXI project manage your session border controller setup with our certified virtual SBC and rest easy knowing your SBC configuration will be done right the first time.  Modernize your contact center communications with SBC SIP trunking.