Running the PBX on public addresses

Session Border Controller

One way to make the PBX available to users from any location is to run it on a public IP address. A session border controller (SBC) is a necessary component for operating a telephony service in the cloud. Vodia had its own SBC from the beginning that has grown into a core component of the PBX.

Designed for the cloud

True multi-tenant

From version 1.0 on, Vodia PBX included a SBC that was designed for running it on a public IP address. This is similar to email and web servers that serve multiple tenants simultaneously. This dramatically reduces costs for cloud instances, number of IPv4 addresses and server maintenance like software updates. 



The SBC in the Vodia PBX handles all necessary encryption algorithms for secure communication. The Vodia PBX terminates WebRTC traffic natively. This makes it possible to call internally from WebRTC-based clients such as the web browser or the Android app to standard VoIP phones. It comes with built-in support for the Let’s Encrypt® service, which makes it easy and fast to obtain the necessary certificates. 


Transport Layer Security, and its now-deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network. Vodia uses TLS wherever possible to secure communication with the PBX.


The Secure Real-time Transport Protocol is a profile for Real-time Transport Protocol intended to provide encryption, message authentication and integrity, and replay attack protection to the RTP data in both unicast and multicast applications. If necessary, the PBX translates between devices that are not able to encrypt and devices that can to maximize the security of the call.


Datagram Transport Layer Security (DTLS) is a protocol used to secure datagram-based communications. It's based on the stream-focused Transport Layer Security, providing a similar level of security

we do it all

NAT traversal

Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation

Far-end NAT traversal

When operated on a public IP address, the PBX automatically detects that a device is located behind a firewall and adjusts the routing to that destination accordingly. This is important for users that work from home and for users that are using the iOS or Android app. There is no need to use a STUN server, which dramatically reduces the installation complexity. 

Near-end NAT traversal

Sometimes, the PBX can not be run on a public IP address, for example when the PBX is run in the LAN or on Amazon EC2. In that case the PBX needs to present the routable address when devices are connecting from outside addresses. At the same time, traffic in the LAN or through VPN will use the private addresses.IPv4


Intrusion detection

When operating on public addresses, it is only a question of time when a scanner will attempt to use the PBX for making phone calls. The PBX keeps track of these attempts and automatically blocks devices and services.

we have it all

Load balancer

The Vodia load balancer can distribute incoming traffic for SIP, HTTP and other protocols to the right server instance in a cluster; when using multiple instances, this improves the resilience against DoS attacks. Multiple SIP trunks can be combined into a single trunk, making it possible to use just one SIP trunk for all PSTN termination needs. Used as a global load balancer, this makes it possible to access PBX instances behind a firewall for maintenance purposes, without having to set up rules in the firewall. This is useful when operating devices such as the Vodia IOP on customer premises.

we do it all

IPv4 and IPv6 support

The Vodia PBX was one of the first to support dual stack IPv4 and IPv6 operation. It is possible to establish calls between IPv4 and IPv6 clients - this makes the migration to IPv6 easier and the Vodia PBX a safe investment


It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks.  It still routes most Internet traffic today, despite the ongoing deployment of a successor protocol, IPv6. IPv4 uses a 32-bit address space which provides 4,294,967,296 (232) unique addresses, but large blocks are reserved for special networking methods.


IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. IPv6 uses a 128-bit address, theoretically allowing 2128, or approximately 3.4×1038 addressesIPv4