Back-to-Back User Agents (B2BUA) Considered Harmful for Service Providers
Technology-savvy observers have witnessed that two concepts for building SIP servers emerged over the past decades — that of a proxy server as specified in RFC3261 and that of a so-called back-to-back user agent (B2BUA).
In this posting I’m building upon a recent discussion in the IETF standardization body, which reconfirmed to me that use of the B2BUAs has a vastly negative impact on service provider’s competition capabilities.
Let’s review those two elements before I proceed to conclusions. The key difference is that a proxy server is a passive element whereas a B2BUA is an active one. The proxy server, inspired in its concepts by IP routers, merely verifies SIP signaling messages and routes them to a proper destination, sometimes partially modifying those. This is the original notion of a SIP server as laid down in the SIP architecture specified in RFC 3261. The architecture has been primarily aiming Internet-grade scalability challenges.
On the contrary, a back-to-back user agent inserts itself actively in SIP calls. It splits a call in two legs and presents itself as callee to the caller and as caller to the callee. This behaviour allows the B2BUA to play a more active role in call processing as it can impersonate both SIP telephones involved in a phone conversation, and implement certain features on their behalf. B2BUAs are frequently located inside so called Session Border Controllers (SBCs).
There have been many educated conversations in the past trying to compare these two concepts to each other. Properties under debate included scalability, transparency, feature richness, level of call control, message integrity, and even more.
Let me however focus on two aspects I consider of utmost importance to service providers: time-to-market and operational expense. These characteristics are of business nature and thus may seem only indirectly related to the technical discussion. However, there are technical properties of B2BUAs that have very direct business impact.
The single greatest disadvantage of B2BUA is broken transparency. The B2BUAs split each call in two “half’s”. Each of the “half’s” is technically speaking a call on its own in that elements of the messages are not guaranteed to be the same. This single design decision makes life very difficult. Obviously troubleshooting becomes difficult if a call is split in pieces that can’t be easily associated with each other. A troubleshooter located in proximity of a caller sees messages which are dramatically different than those a troubleshooter located close to callee gets to see. It is thus rather difficult to correlate both half’s, especially if there are additional errors under failure circumstances.
Since there is no specification for a B2BUA, automated monitoring equipment can’t reduce effort efficiently and complex troubleshooting is left to highly skilled human experts. I believe the direction of impact on customer care cost is rather obvious.
Transparency broken by B2BUA also impairs innovation. The B2BUA’s active control of signaling requires understanding of SIP features that are to be communicated between call parties. That’s different from proxy servers that transparently relay SIP messages from one party to another. The fundamental shortcoming of B2BUA is that it simply can never anticipate SIP features introduced by end-devices.
These are very valuable source of innovation and allow to increase value of service providers’ offering without touching critical infrastructure. Such features are then going to fail traversing the B2BUAs.
Now let’s look how such a feature could look like on the example of identity. I’ve been personally concerned by lack of identity in the Internet generally and with SIP in particular. Lack of verifiable and traceable identity makes email users and analogically SIP users as well too easily vulnerable to malicious communication using spoofed IDs. I also believe that for success of an identity system, it must have a good migration path. In other words, it must be incredibly simple to deploy and use. Here is an idea: could we use a trivial “Is it really you giving me this call” reverse query before we allow an incoming call to ring?
The answer is simple: yes you can if you do NOT use B2BUAs.
To reiterate my point: proxy servers by being passive allow the infrastructure to communicate new signaling features even if they specifically do not understand them. To implement a reverse call verification, end-devices can simply exchange a query between themselves that refers to the call attempt. Callee’s telephone asks the address claimed in call attempt “are you really calling me”? If both parties support this feature, callee’s phone can conclude that a call attempt is having genuine caller id. A SIP proxy server just mediates the reverse query like it does for any other SIP message.
In contract to that, a B2BUA will break such new application. Since it is based on an end-device-implemented feature, the B2BUA probably does not understand the reverse queries. Consequently, it is not able to translate the reference to the initial call in the reverse queries and the caller id verification will fail.
Architecturally seen, broken transparency has a huge price tag associated with it. B2BUAs increase operation cost by making troubleshooting complex and by prohibiting applications that can be deployed in an end-to-end manner without costly interaction with the network infrastructure. In conclusion, I recommend against using B2BUAs in service provider deployments that are concerned with customer care cost and capability to rapidly introduce new services.
No related posts.
For some time now I have been following your Blogs and I have really come to like these now.
Thanks for covering Some great technical aspects along with market reactions to these technologies.
The combination is not often well understood, even by some of the best out in the tech jungle. I have seen some failures due to surplus of innovation.
Thanks for sharing this, I would like to read some more expansion in the same context which compares SBC and sip proxy.
cheers,
Abhishek
While I was intrigued by the title and some of the views I would argue nearly the exact opposite of what you have presented is also true.
A B2BUA acts as a filter for “new features” that clients cannot yet handle. Anyone in the business knows that phones are the last things to be able to accept new features. Have you ever tried sending odd SIP messages to a Polycom or Cisco phone?
Anyway – while I respect your views, many of the assumptions in this blog (which are erroneously eluded to as fact) are just not founded in any real life situations.
The real world answer is – use both as they are different tools meant for different levels of a carrier/provider network.
Use a proxy for edge devices with high visibility and throughput requirements as these can be easily replicated and are inexpensive to deploy – especially in HA mode.
Use a B2BUA between proxies (SBCs are essentially proxies that do NAT). This ensures the best compatibility between the carrier networks and client side networks and devices in both messaging and media.
PSTN provider–>SIP Proxy–>B2BUA–>SIP Proxy–>Client
Client–>SIP Proxy–>B2BUA–>SIP Proxy–>PSTN provider
Jesse,
I totally agree that the features you mentioned, such as interop fixing and NAT traversal are necessary. The misconception is they are considered to be exclusive to B2BUA. There may be and in fact are proxy servers that do provide this functionality. However they do NOT suffer from the limitations a B2BUA has. A typical behavior of a B2BUA is, for example, using different CallIDs for both sides of a call. There is indeed no spec mandating those to be equal, and in fact some consider it a feature they are different. That is however simply a horrible,horrible hack, which makes any attempt to troubleshoot calls a very cumbersome exercise. Try to correlate those two calls and find an error in heavy traffic — I guess you will than change your opinion about what a real life situation is rapidly.
More generally, B2BUAs either by concept or configuration change things in a way that appears beneficial but causes even bigger harm. Failure of Identity/RFC4474 is another brilliant example of the same thing: breaking protocol transparency.
To your question about SIP phones: since about 1999 I have tried sending odd SIP messages to almost any SIP phone on the market and we went with our proxy server to every SIPIT event. We have indeed observed a varying level of feature interoperability. I think it is fair to say that for a PBX feature set, multi-vendor interop simply does not exist. You will find more about that in the BLISS IETF WG. In the field, however, I have not yet met anyone who would have the impractical ambition that every phone on the market was feature-rich, plug-and-play and fully interoperable with any other phone. Not only because of interop but generally because of quality concerns, most buyers, be it enterprises/providers limit themselves within their own administrative domain to two phones known to work. For interdomain traffic, expectation is as low as what PSTN can give you.
Well said and not much I can disagree with there.
I think what we are coming down to is the spirit of my original statement that a proxy and a B2BUA are 2 different tools that have subtle but very meaningful differences.
I still believe B2BUAs have a meaningful place especially in a carrier network when used correctly (DTMF translations come to mind) however I will agree that in many cases B2BUAs are used improperly (or better still – heavy handedly) as proxies which they are not mean to be. Asterisk and FreeSwitch to name a couple are grossly misused in these contexts despite the software authors/maintainers warnings that they are NOT proxies.
On that note I will agree that any time the proper tool isn’t used to accomplish a task that it can be detrimental to the project as a whole. But knowing which is the correct tool for a particular job is often one of our most difficult tasks. Many times the tool is chosen out of familiarity/popularity instead of it’s ability to do the actual task.
Hello there, You’ve done an excellent job. I will certainly digg it and in my view recommend to my friends. I’m confident they will be benefited from this web site.