Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model
Downloads: This chapterpdf (PDF - 91.0 KB) The complete bookPDF (PDF - 9.9 MB) | Feedback



1:1 redundancy
Mechanism to provide redundancy by ensuring that for each piece of hardware there is a backup that can take over non disruptively.
1:n redundancy
Mechanism to provide redundancy by ensuring that for each n identical pieces of hardware, there is a single backup that can take over non disruptively in the case of a single failure.


AAA address
Authentication, authorization, accounting address. This is the IP address used when contacting billing or authentication servers. AAA performs user/endpoint authentication prior to forwarding a request to an upstream.
  • Call Admission Control (CAC) to control DBE
  • Quality of service (QoS)
  • Network Address Port Translation (NAPT) binding
  • Firewall pinhole
  • Call detail record (CDR) generation for billing
An account represents a service relationship with a remote organization on the SBE. Each adjacency is assigned to an account, which is used to define customer-specific Call Admission Control and routing policy configuration.
admission control policy
A set of rules on the SBE that define system and call level restrictions.
Application layer gateway. A bridge for traffic between two networks. It has knowledge of, and operates at the level of, the application generating the traffic.


Back-to-back user agent. This is a piece of software that links together the signaling flows for two legs of a call, providing a bridge between them with local termination for each leg.


Call Admission Control. This is the set of actions taken by a network during the set-up phase of a call event to determine whether the event should be accepted or rejected.
call policy
An interconnected set of rules used to configure how SBC responds to new call events. It includes number analysis, routing, and CAC.
Communications Assistance for Law Enforcement Act. Passed in 1994, CALEA requires telecommunications carriers in the United States to modify their equipment, facilities, and services to ensure that they are able to comply with authorized electronic surveillance.
Call detail record. The billing record for a phone call.
See PE.
Compressor/decompressor. A codec is any technology for compressing and decompressing data, typically audio or video.
control address
IP address on the SBE or DBE used for terminating the H.248 control traffic between SBE and SBE. Also used in AAA control traffic.
Common Open Policy Service. This is an IETF standard, supplying network switches and hubs with policy rules to help maintain quality of service.
Common Object Request Broker Architecture. CORBA is an architecture and specification for creating, distributing, and managing distributed program objects in a network.


DoS protection
Protects SBE from DoS (Denial of Service) attack.
Data border element, also known as the media proxy. Represents the media-handling portion (RTP, RTCP, and so on) of the SBC. There can be only one DBE per service card. However, the DBE can be partitioned into several virtual DBEs (VDBEs). The DBE supports the following services:
  • Bandwidth allocation, Call Admission Control (CAC), and Service Level Agreement (SLA) Monitoring
  • Policing, marking (DSCP), and rate limiting
  • RSVP proxy
  • Firewall (media pinholes)
  • Security functions
  • NAPT traversing
  • Topology hiding
  • VPN aware (VPN interconnect)
  • Quality monitoring and statistics gathering
DSP service control
Engages in the codec negotiation procedures and enforces policy on codecs being negotiated to control digital signal processor (DSP) service.
Differentiated services. A mechanism for marking IP traffic with different priorities.
Denial of service. A malicious attempt to overload a piece of hardware in some way.
Demilitarized zone. This is a small subnetwork that sits between a trusted private network, such as a corporate LAN, and an untrusted public network, such as the public Internet.


A system designed to protect a computer network from unauthorized access, especially through the Internet.


H.248 (or Megaco) is a VoIP signaling protocol, usually used between a dumb device and a clever controller. It is similar in functionality (if not syntax) to MGCP. It is used to communicate between SBC and DBE in a distributed SBC system.
A protocol used for signaling for VoIP.
Hot software downgrade.


Integrated access device. An IAD is a one-box DSL voice and data solution equipment typically installed at the customer's site.


Lawful intercept
Provides intercept-related information (IRI) and call content intercept (replication of the media streams).
load-related services (sharing and balancing)
SBE may also perform load balancing when it sends a message to multiple upstream or downstream servers.
location ID
Identifies the location of DBE within the network.
Label switched path. The name for a single traffic flow in MPLS.


media address
Pool of IP addresses on the DBE for media relay functionality. A separate pool of addresses is defined for each VPN that the DBE is attached to. All vDBEs within the DBE draw media addresses from these pools.
media bypass
An SBC function allowing media to bypass DBE and flow directly between two endpoints within the same customer network or VPN.
media transcoding device
A type of media gateway that can convert between media codec types in real time. SBEs sometimes include a combination of vDBE and a media transcoding device in the data path of a single call.
See H.248.
Media Gateway Control Protocol. This is a VoIP signaling protocol, usually used between a dumb device and a clever controller. It is similar in functionality (if not syntax) to H.248/Megaco. It is defined in RFC 2705.
Multiprotocol Label Switching. Protocol used for network traffic flow shaping and management.
message scrubbing for identity and address hiding
Hiding end-user identifying information and end-user IP-addresses by adding, removing, or modifying the identity and IP address information in the signaling headers.


Network Address Translator. This is a program or piece of hardware that converts an IP address from a private address to a public address in real time. It allows multiple users to share a single public IP address.
NAT traversal
Detects that the endpoints are behind a NAT device and provide NAT traversal.
Network to network interface. The border between two carriers.
Number analysis
A set of rules to determine whether a called number is valid and, optionally, to assign a category to the call or edit the called number.

Operation, administration, and maintenance.


Provider edge. This is a piece of equipment situated at the edge of a service provider’s network, typically contrasted with Customer Edge (CE) equipment.
Plain old telephone service. This is the standard telephone service that most homes use. It is also referred to as the PSTN.
Public Switched Telephone Network. The world’s collection of interconnected voice-oriented public telephone networks.


Remote Authentication Dial-In User Service. Protocol used by SIG to connect to call accounting services or authentication services.
routing policy
A set of rules on the SBE to determine the next-hop VoIP signaling entity to which a signaling request should be sent. It defines whether a given called number is valid, and if so, where to send outbound signaling.
Realm-Specific Internet Protocol. An IP address translation technique that is an alternative to NAT. RSIP lets an enterprise safeguard many private Internet addresses behind a single public Internet address.
Real-Time Control Protocol. A protocol to carry information on the performance of RTP traffic.
Real-Time Protocol. This is the dominant protocol for carrying VoIP media data. It is defined in
RFC 3550.


Signaling border element (also known as signaling proxy). Represents the signaling agent of the SBC to handle all call processing through SIP or H.323 protocols. There can be only one signaling agent per service card. An SBE typically controls one or more media gateways. The SBE supports the following services:
  • Call Admission Control (CAC)
  • Signaling scrubbing
  • Security functions
  • Routing
  • Registration/authentication
  • Identity hiding
  • Topology hiding
  • Protocol conversion
  • Facilitate transcoding by communicating with the media gateway or media server
Session Description Protocol. A syntax for describing key features of media streams, including codecs, IP addresses and ports, bit rates, and other information. It is defined in RFC 2327.
Session Control Interface (SCI)
SCI controls the various DBE entities in a distributed mode of operation.
signaling address
IP address on the SBE for terminating VoIP signaling (that is, SIP, H.323). A signaling address may be qualified by a VPN ID (VRF name) if the SBE needs to be assigned private addresses specific to particular VPNs.
signaling protocol translation and interworking
Performs protocol translation between different signaling protocols such as SIP and H.323.
Session Initiation Protocol. A protocol used for signaling for VoIP.
Service Level Agreement. The contract between a service provider and the customer that specifies the level of service that will be provided.
Simple Network Management Protocol. An Internet standard that defines methods for remotely managing active network components such as hubs, routers, and bridges.
Simple Object Access Protocol. A way for a web server to call a procedure on another, physically separate web server, and get back a machine-readable result in standard XML format.
Service provider.
Service virtual interface.


Transmission Control Protocol. The connection-oriented, transport-level protocol used in the TCP/IP suite of communications protocols.
Transport Layer Security. A protocol that provides data integrity and privacy on a communications link over the Internet. It allows client/server applications to communicate and is designed to prevent eavesdropping, message forgery, and interference.
topology and infrastructure hiding
Hiding organization topology and infrastructure by removing routing information or by modifying the From/Contact information in the signaling headers.
Technology for converting between different codecs.


User Datagram Protocol. This is a transport layer protocol in the TCP/IP protocol suite, used in the Internet. UDP is used at the two ends of a data transfer. It does not establish a connection or provide reliable data transfer like TCP.
User-to-Network Interface. The border between a service provider and the customer.


Represents a resource partition within a DBE. A VDBE is a type of media gateway. Each VDBE can be controlled by a separate SBE using the H.248 (Megaco) protocol.
Voice over IP.
Virtual Private Network.
Virtual Routing and Forwarding Instances
VoIP signaling peer
Peer device within the VoIP signaling network.
VoIP event
Significant events within the VoIP network, such as new calls, call updates, and subscriber registrations.