SIP Trunk Registration
The Peeredge Switches support SBC supports username / password-based registration of SIP Trunk Members (i.e. SBC/PBXs). Successful registration of a SIP Trunk results in an Address of Record (AOR) that can only be used to route PSTN Inbound (Originating Customer) calls to the customer SBC/PBX/SBCs/PBXs. PSTN Outbound (Terminating Customer) calls do not use the Address of Records (AORs). All SIP Invites from the customer SBC/PBX must be authenticated.
The Peeredge Switches respond SBC responds to all unauthenticated SIP Invites with a SIP 401 Unauthorized message. The SIP 401 message includes a WWW-Authenticate header with a Realm and Nonce. The SBC/PBX uses this information to generate a response (a 32-byte hash of the SIP Digest username, password, realm nc, nounce, cnouce, uri and response) encrypted by the MD5 algorithm. This response and other hashed fields, and encryption algorithm algorithms (i.e. MD5) are included in an Authorization Header in a follow-up SIP Invite. If the Peeredge Switches SBC calculated response matches the response in the Authorization Header, the SIP Invite is accepted.
...
If the SBC/PBX IP addresses are statically defined, 46 Labs recommends authenticating with the source IP address, source port (UDP only), and protocol.