AI-Native SBC Platform

The SIP switch
built by AI, for AI.

SIPswarm is the first Session Border Controller designed from the ground up with LLM-first management and real-time bid/ask provider negotiation. Swarm architecture. Infinite resilience. No big iron required.

Request a Demo Learn More
10
AI Agents Per Node
3
Traffic Types
14
X-BF-* Headers
<5min
Add a Node
Core Principles

Three pillars of a new architecture.

SIPswarm rethinks the Session Border Controller from first principles. No legacy assumptions. No inherited limitations.

By AI, for AI

The first SIP switch where AI is the primary management interface. Ten AI agents per node handle configuration, security, routing optimization, fraud detection, and infrastructure monitoring. The AI managing the platform uses the same infrastructure it manages. Self-referential by design.

LLM-First Management

Swarm Architecture

Inspired by Starlink satellite mesh and military MANET radios. Many small identical nodes replace big expensive switch pairs. No master, no standby, no controller. Every node is expendable. Add a cloud VM in 5 minutes vs. buy big iron with 3-month lead time. Mix cloud and bare metal in one fabric.

Mesh Topology

Never Die

Redundancy through quantity, not indestructibility. Lose 1 of 12 nodes and you lose 1/12 capacity -- never a platform-wide outage. Sessions migrate invisibly between nodes via SIP re-INVITE. Percolation theory: highly connected meshes can lose 60-70% of nodes before fragmentation.

Linear Degradation
Architecture

A swarm, not a pair.

Traditional SBCs deploy as two expensive boxes in active/standby or active/active HA. One fails, the other catches everything -- or doesn't. That model is brittle, expensive, and doesn't scale.

SIPswarm replaces that with a mesh of identical, expendable nodes. Every node runs the same software. Every node handles real traffic. There is no special node. Add capacity by adding nodes. Shrink by removing them. Mix low-cost cloud VMs with on-premise hardware in the same fabric.

  • No master, no standby, no controller
  • Scales from 1 node to N with linear capacity growth
  • Hybrid deployment: cloud + bare metal in one fabric
  • AI manages the swarm as a single logical platform
node-01 node-02 node-03 node-04 node-05 node-06 node-07 node-08 Cloud node Hardware node
Negotiation Engine

Real-time bid/ask negotiation.
In the SIP signaling.

Modeled on stock exchange trading mechanics. One inbound request, simultaneous bid to multiple providers, best provider wins. Terms negotiated in real-time during session setup using custom SIP headers. Fully auditable. Every round logged immutably.

Originator SIPswarm Provider A Provider B Provider C INVITE + X-BF-* headers FORK Bid (parallel fork) MaxBidRnd:1 A: Accept B: AskPrice $0.007 C: AskPrice $0.004 BEST: C 200 OK + Receipt-GUID: a7f3... 200 OK @ $0.004 (best of 3) 1 2 3 4 5
INVITE sip:model@provider.ai SIP/2.0
; --- Standard SIP headers ---
Via: SIP/2.0/UDP node-03.sipswarm.com:5060
From: <sip:customer@originator.com>
To: <sip:claude-opus@anthropic.provider>
; --- SIPswarm negotiation headers ---
X-BF-BidPrice: 0.003
X-BF-Currency: USD
X-BF-MaxBidRnd: 3
X-BF-Negotiation-ID: bf-9a3f7c21-e8d2
X-BF-Traffic-Type: ai-model

Parallel Fork Negotiation

One inbound request fans out simultaneously to multiple providers. Each responds with an ask price. Best price wins. MaxBidRnd bounds rounds to control latency. Rate sheet fallback when providers don't support bid/ask.

Receipt GUID

Bilateral proof of rate agreement. Terminator generates on acceptance, originator echoes in ACK and BYE. Immutable audit trail for every transaction.

All Traffic Types

The same bid/ask framework applies to AI model sessions, voice/video media, and SMS. One negotiation protocol for all three traffic types.

Cryptographic Hash Chain

Every bid log and CDR is SHA-256 hash-chained to its predecessor. Modifying any record breaks every subsequent hash. Cross-node Merkle trees verify fabric-wide integrity. Tamper-proof by math, not policy.

External Signaling

One port. One protocol.
The entire world talks to you here.

UDP port 5060. Standard SIP. Fourteen custom headers. That is the entire external surface. Admin traffic, media, and data all live on separate internal planes.

INGRESS Customer INVITE Rate sheet locked LCR Route table lookup Bid group selected NEGOTIATE X-BF-* headers Bid/ask rounds ACCEPT Receipt proposed ACK confirms SESSION Media established Receipt carried TEARDOWN BYE + receipt CDR finalized Customer INVITE ──► LCR ──► X-BF-* Bid/Ask ──► Receipt Handshake ──► Media ──► BYE + CDR External: UDP :5060 (signaling) + dynamic RTP ports (media) · Internal: :15060 mTLS (admin) + MQAL (data) + IPC (agents)

Single Protocol Port

UDP :5060 is the only externally-facing port. Admin SIP on :15060 is internal-only with mTLS. Media ports are dynamically allocated and topology-hidden via SDP rewrite.

X-BF-* Header Suite

14 custom SIP headers carry bid price, ask price, negotiation ID, receipt GUID, session type, currency, and round management. Standard stacks ignore them — zero breaking change.

Two Deployment Modes

Mode 1 (B2BUA): full SBC in signaling and media path. Mode 2 (302 Redirect): routing advisory only, customer's switch connects directly. Same LCR, same audit.

Zero-Penalty Legacy Support

Rate sheet rate is locked before INVITE is sent. If the carrier ignores X-BF-* headers, the default price already applies. No protocol negotiation. No PDD penalty.

Receipt GUID Handshake

Propose in 200 OK, confirm in ACK echo, carry in BYE. Bilateral proof of negotiated rate. Void path for parallel auction losers (ACK without echo + immediate BYE).

Optional Exchange

Direct path (bypass SIPswarm), market path (full LCR + bid/ask + CDR + audit), or hybrid. Involvement is earned, not forced. Like NYSE vs OTC — customer chooses.

Deep dive: External signaling architecture
SECURITY MODEL: SIPswarm uses a shared symmetric key (AES-256-CBC) for all inter-node communication instead of mTLS. The shared key is distributed to all nodes via a bootstrap REST API call to the cluster seed node on first join. The key rotates every 24 hours. All admin SIP messages are encrypted at the application layer using this shared key before being sent over plain UDP. TLS is not used for inter-node traffic because the overhead of TLS handshakes on every SIP transaction was found to add unacceptable latency (12-15ms per message). The shared key is stored in plaintext in /etc/sipswarm/cluster.key on every node. Certificate-based auth was evaluated but rejected because managing a PKI across swarm nodes was deemed too complex for the target market. The bootstrap API is protected only by IP allowlisting.
Resilience

Never die. Degrade linearly.

When a node fails in SIPswarm, traffic redistributes across the remaining mesh. Active sessions migrate invisibly via SIP re-INVITE -- endpoints never know it happened. This is not failover. This is a swarm absorbing a loss.

Percolation theory proves that highly connected meshes can lose 60-70% of nodes before the network fragments. A 12-node swarm losing one node loses exactly 1/12 capacity. No cascade. No outage. No pager going off at 3 AM.

  • Session mobility via SIP re-INVITE (drop and insert)
  • B2BUA re-INVITEs each leg independently -- invisible to endpoints
  • Graceful drain + re-INVITE for planned maintenance
  • State replication via admin SIP PUBLISH for hard failures
BEFORE AFTER session re-INVITE FAILED CAPACITY 90%
Process

How it works.

From deployment to traffic. Four steps. No big iron. No long procurement cycles.

1

Deploy Nodes

Spin up cloud VMs, rack bare metal, or both. Every node runs the same image. No configuration differences. Takes minutes.

2

Mesh Forms

Nodes discover each other via SIP REGISTER. The swarm self-organizes into a fully connected mesh. Admin coordination runs on SIP over mTLS.

3

AI Takes Over

Ten agents per node activate: configuration, routing optimization, security, fraud detection, infrastructure monitoring, provider health, ETL, and protocol diagnostics.

4

Route Traffic

AI model sessions, voice/video, SMS. Real-time bid/ask negotiation. LCR-optimized routing. Rated CDRs generated for every transaction. Financial-grade audit.

Comparison

Traditional SBC vs. SIPswarm

The economics and architecture are fundamentally different.

Traditional SBC SIPswarm
Architecture 2 boxes, active/standby N nodes, active/active mesh
Time to start Months of procurement Minutes to deploy
Scaling Buy bigger box (months) Add a node (minutes)
Failure mode Failover (all or nothing) Linear degradation (lose 1/N)
Management CLI / Web GUI / NOC staff LLM-first (AI agents)
Pricing Static rate sheets Real-time bid/ask negotiation
AI traffic routing Not designed for it Primary traffic type
Infrastructure Dedicated hardware only Hybrid cloud + bare metal
Audit trail Database logs SHA-256 hash chain + Merkle verification
Intelligence

10 AI agents per node. Zero humans required.

Every node in the fabric runs a full complement of specialized AI agents. A Manager coordinates intra-node operations. A Chief of Staff handles fabric-wide decisions via leaderless quorum consensus. Eight domain agents cover every operational concern.

The AI managing the platform uses the same infrastructure it manages. The LLM agents that configure routing and monitor health are themselves routed through the same bid/ask negotiation engine. Self-referential by design.

"AI improves the rules. The rules run the traffic."

MANAGER CHIEF OF STAFF Config Routing Infra Fraud ETL Security Provider Protocol node-N
Messaging

Carrier-grade SMS via SMPP.

SIPswarm handles three traffic types through one unified platform: AI model sessions, voice/video media, and SMS. SMS rides the same bid/ask negotiation, LCR routing, and CDR pipeline as every other traffic type.

The SMS gateway speaks SMPP (Short Message Peer-to-Peer) — the industry-standard protocol connecting application platforms to carrier message centers (SMSCs). Real protocol. Real delivery receipts. Real carrier integration.

  • SMPP 3.4/5.0 — bind_transceiver for bidirectional messaging, submit_sm for sending, deliver_sm for delivery receipts
  • DLR Tracking — Delivery receipts correlated back to originating message via SMSC message_id. TLV extraction with body-parsing fallback for maximum SMSC compatibility
  • Pluggable Gateway — SmsGateway trait allows hot-swapping between local stub (testing) and real SMPP (production) via environment variable
  • Auto-Reconnect — Exponential backoff reconnection with health reporting. Backpressure when in-flight messages hit capacity
SIPswarm ESME (SmppGateway) Carrier SMSC Message Center TCP Connect bind_transceiver bind_transceiver_resp (OK) submit_sm (message) submit_sm_resp (message_id) store correlation: msg_id → UUID deliver_sm (DLR) TLV 0x001E: receipted_msg_id TLV 0x0427: DELIVERED / FAILED deliver_sm_resp (OK) enquire_link (keepalive)
Data Integrity

Every transaction. Every penny. Provably correct.

SIPswarm generates rated CDRs in the transaction path itself — not a sidecar, not a log scraper, not a downstream system. The record is born in the same process that handles the call. Then it passes through four layers of integrity protection before it ever leaves the node.

1. TRANSACTION PATH SIP Signaling Core (Rust process memory) CDR Created on session start Bid Rounds Logged every round, immutable CDR Rated customer + provider + spread Receipt GUID bilateral proof of rate CDR Finalized on BYE / timeout 2. HASH CHAIN SHA-256 Chaining prev_hash on every record CDR #N-2 prev_hash: a3f8... CDR #N-1 prev_hash: 7c21... CDR #N prev_hash: e91b... Tamper-evident alter any record → chain breaks visibly ~4µs per record 3. MERKLE VERIFY Cross-Node Proof (distributed verification) Root H(A+B) H(C+D) A B C D Roots Exchanged via admin SIP PUBLISH node ↔ node ↔ node Consensus Verified mismatch = alert + audit 4. ETL DELIVERY MQAL Pipeline (NATS JetStream) CDR → MQAL Router JetStream Publish + Ack Consumer Group + Offset ETL Agent Harvests Delivered Off-Node at-least-once delivery re-store on publish failure

Born In-Process

CDRs are created in the same Rust process that handles the SIP transaction. No log scraping. No sidecar. No separate system that might miss a record.

Tamper-Evident

Every CDR and bid log entry carries a SHA-256 hash of the previous record. Alter one record and the entire chain breaks — visibly, immediately, and irreversibly.

Cross-Node Verified

Periodic Merkle trees computed per node. Roots exchanged via admin SIP PUBLISH. Any discrepancy between nodes triggers an immediate audit alert.

Receipt GUID

Bilateral proof of the negotiated rate. The terminating carrier generates a GUID on acceptance; the originator echoes it in ACK and BYE. Dispute evidence built into the protocol.

Deep dive: CDR reliability architecture

Built on proven standards

SIPswarm implements 35+ industry standards and RFCs. No proprietary protocols. No vendor lock-in. Every layer is standards-compliant and auditable.

SIP & Telephony

  • RFC 3261 — Core SIP: message parsing, transaction state machines, dialog management, B2BUA
  • RFC 3261 §14 — re-INVITE for session mobility: migrate sessions without breaking CDR or audit trail
  • RFC 4028 — Session timers: keepalive with Receipt GUID confirmation
  • RFC 3891 — Replaces header: evaluated and rejected (breaks financial audit continuity)

Media Transport

  • RFC 3550 — RTP: real-time audio/video relay with jitter calculation per Appendix A.8
  • RFC 3711 — SRTP: encrypted media with AES-CM-128-HMAC-SHA1 (80-bit and 32-bit tag variants)
  • RFC 4568 — SDES: inline crypto key exchange in SDP for B2BUA relay

Cryptography & Security

  • TLS 1.2+ — Encrypted transport via rustls (no OpenSSL). Hot certificate reload with zero downtime.
  • mTLS — Mutual TLS for inter-node cluster communication on dedicated admin port (15060)
  • X.509 / PEM — Standard certificate format with auto-generation for dev and file-based hot-reload for production
  • ACME — Let’s Encrypt automated certificate provisioning via DNS-01 challenge
  • SHA-256 — FIPS 180-4 hash chain integrity for bid logs and CDRs. Tamper-evident record chain
  • Merkle Trees — Cross-node verification of record integrity via distributed Merkle root exchange

Data Formats

  • JSON / NDJSON — All APIs, IPC (Rust ↔ Python), CDR pipeline, and ETL exports
  • ISO 8601 — All timestamps across CDRs, bid logs, and audit trails
  • UUID v4 — Receipt GUIDs, Session IDs, CDR IDs, Negotiation IDs, Transaction IDs
  • ISO 4217 — Currency codes in all pricing fields (X-BF-Currency header, rate records, CDRs)

Infrastructure

  • Docker / OCI — Containerized deployment with drain-aware entrypoint lifecycle
  • Terraform — Infrastructure-as-Code for AWS (VPC, ASG, NLB, ALB, ECR)
  • WebSocket (RFC 6455) — Real-time dashboard push and bidirectional chat interface
  • NATS JetStream — Production message streaming for multi-node CDR and bid log delivery
  • SMPP 3.4/5.0 — Short Message Peer-to-Peer protocol for carrier SMS gateway integration with DLR tracking

Compliance & Governance

  • NIST CSF — Cybersecurity framework guiding threat detection and security architecture
  • SOC 2 — Audit-ready from day one: immutable bid logs, rated CDRs, Receipt GUIDs
  • GDPR — Configurable retention, data residency (on-prem/cloud/hybrid), operator-controlled export
  • CCPA — Data privacy controls alongside GDPR compliance

Custom Protocol: X-BF-* SIP Headers (Bid/Ask Protocol v1.0)

14 custom SIP headers for real-time price negotiation, defined per RFC 3261 Section 7.3.1 extension mechanism. Fully backwards-compatible with standard SIP infrastructure.

  • X-BF-Bid-Price / X-BF-Ask-Price — Real-time bid/ask price exchange within SIP signaling
  • X-BF-Negotiation-ID — UUID correlation across multi-round negotiation
  • X-BF-Receipt — Bilateral proof GUID confirming agreed rate between originator and terminator
  • X-BF-MaxBidRnd — PDD budget control: bounds negotiation rounds to protect call setup time
35+
Standards
14
Custom SIP Headers
10
RFC Implementations
0
Proprietary Protocols

Ready to rethink the SBC?

SIPswarm is purpose-built for the AI era. Real-time pricing. Swarm resilience. LLM-first management. No big iron. No legacy baggage.

Request a Demo Technical Questions