Lately, I've been thinking and writing (for myself, mostly, but I'm going to send it off to the SIP Forum as well) about session border controllers in a pure SIP network. Here's what I've been able to come up with, and I wanted to share it with you:
1) As long as there are private interests that use the Internet, they will have their own networks they attach to the Internet, and will therefore create a boundary. These boundaries will most likely contain sessions, and they will require control. Therefore, somewhere, there will be seesion border controllers.
2) If pressed to boil them down to their essence, SBCs would perform authentication, encryption, media traffic control and execute policy decisions.
3) Since policy decisions will most likely be complicated, and might tightly integrate with many third party technologies and programs, I think it will be essentially software based. That is, I don't expect this function of SBCs to live in firewalls any time soon.
As I look at Asterisk and SER today, I don't really see either one being excellent at SBC functionality. Here's one hole in the open source world.