Item 1.   Business

Overview

Acme Packet is the leading provider of session border controllers, or SBCs, that enable interactive communications service providers to deliver secure and high quality interactive communications—voice, video and other real-time multimedia sessions—across defined border points where Internet Protocol networks connect, known as network borders. Interactive communications service providers, which we refer to generally as service providers, include cable service providers, wireline and mobile wireless telecommunications service providers, information service providers and data transport service providers. The Internet Protocol, or IP, is a standardized method of transmitting information, such as interactive communications, from one device, such as a personal computer, server, IP telephone and personal digital advisor, to another device over any type of physical private or public network, including the Internet. Our Net-Net products, which consist of our hardware and proprietary software, serve as a central element in unifying the separate IP networks that comprise wireline, wireless and cable networks. Interactive communications service providers can use our products to create a premium service tier that delivers next-generation interactive communications services, such as Voice over IP, or VoIP, with the same quality assurance and security as they historically have offered for voice services over their legacy telephone networks.

SBCs are deployed at the borders between IP networks, such as between two service providers or between a service provider and its business, residential or mobile customers as more fully described below in the sections entitled “Industry Background,” “The Need for a New IP Element,” “Our Solution” and “Our Technology.” SBCs are the only network element currently capable of integrating the control of signaling messages and media flows. This capability complements the roles and functionality of routers, softswitches and data firewalls that operate within the same network. Our Net-Net products support a broad range of communications applications at multiple network border points, providing key control functions in the areas of security, service reach maximization, service level agreement assurance, revenue and profit protection and regulatory compliance, while also supporting next-generation service architectures such as IP Multimedia Subsystem, or IMS. IMS provides a blueprint for building a network capable of delivering IP-based voice, video and multimedia services to subscribers.

We began shipping our Net-Net products in 2002. Since that time, over 360 interactive communications service providers in 75 countries have purchased our products.

We sell our products and support services through approximately 30 distribution partners and our direct sales force. Our distribution partners include many of the largest networking and telecommunications equipment vendors throughout the world.

We were founded in 2000 under the name Primary Networks, Inc. and changed our name to Acme Packet, Inc. in January 2001. Our principal executive offices are located at 71 Third Avenue, Burlington, MA 01803. Our telephone number is (781) 328-4400. Our website address is www.acmepacket.com. Through a link on the Investor Relations section of our Website, we make available the following filings after they are electronically filed with or furnished to the SEC: our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and any amendments to those reports filed or furnished pursuant to Section 13 or 15(d) of the Exchange Act. All such filings are available free of charge.

Industry Background

Since the advent of the Internet, interactive communications service providers have delivered voice and data services separately over the Public Switched Telephone Network, or PSTN, and the Internet. The

3

PSTN, also known as the voice or traditional telephone network, was created decades ago to provide seamless, reliable and secure global voice communications services. Users are accustomed to the high reliability and security of the PSTN, and have high confidence in utilizing it to share personal information and engage in activities such as banking and commerce. The PSTN is limited, however, in its ability to support high bandwidth video and other interactive multimedia services.

The Internet is a collection of IP networks that provides global reach for a broad range of information services such as e-mail, web browsing, electronic commerce and research. IP is a data-oriented protocol which provides communicable unique global addressing among computers. Internet service quality, while adequate for these types of information services, can vary significantly depending upon, among other factors, available bandwidth, how busy a particular web site may be, how many people are using the network at a particular time and the activity being performed. Although the Internet is capable of cost-effectively transmitting any form of traffic that is IP-based, including interactive voice, video and data, it transmits only on a best-efforts basis, because all forms of traffic have the same priority. The Internet, therefore, attempts to deliver all traffic without distinction, which can result in significantly varying degrees of service quality for the same or similar types of traffic transmissions. In addition, Internet communications, unlike those over the PSTN, are subject to disruptive and fraudulent behavior, including identity theft, viruses, unwanted and excessively large input data known as SPAM, unauthorized use, and attempts to circumvent or bypass security mechanisms associated with those services, known as hacking. Although Internet users have adopted many security measures to protect themselves, their networks and their websites, these measures currently are not adequate to provide highly secure, real-time interactive communications.

Evolution to a Converged IP Network

In recent years, interactive communications service providers have experienced a significant decrease in wireline voice revenue due to the competition from voice over IP, or VoIP, and mobile voice services. VoIP technology allows the routing of voice conversations over the Internet. This phenomenon has challenged service providers’ business models, causing a decline in profitability and a significant reduction in capital expenditure budgets. Interactive service providers are focusing their efforts on introducing new revenue-generating opportunities, while rationalizing capital and network operations costs.

IP networks can be designed and operated more cost-effectively than the PSTN. In addition, IP networks are capable of delivering converged voice, video and data service packages to businesses and consumers. Service providers are seeking to provide these next-generation services to enhance their profitability by generating incremental revenue and by reducing subscriber turnover. However, managing two distinct networks—the PSTN and an IP network—is not a viable economic alternative. As a result, service providers are beginning to migrate to a single IP network architecture to serve as the foundation for their next-generation service offerings. In order to successfully transition to a single IP network, however, service providers must maintain the same reliability and security that have for decades exemplified their delivery of voice services.

Challenges of IP Networks in Delivering Session-Based Communications

IP networks were designed initially to provide reliable delivery of data services such as file downloads and web site traffic that are not sensitive to latency, or time delay. If data packets are lost or misdirected, an IP network exhibits tremendous resiliency in re-transmitting and eventually executing the desired user request, which generally is an acceptable result for these types of data services. However, IP networks historically have not been capable of guaranteeing real-time, secure delivery of high quality sessions-based communications such as interactive voice and video.

4

A session is a communications interaction that has a defined beginning and end, and is effective only when transmitted in real-time without latency or delays. In order to enable a session-based communication, a service provider must be able to control the session from its origination point to its defined end point. No single service provider’s IP network extends far enough to enable that level of control, however, and the Internet lacks the fundamental quality of service and security mechanisms necessary to consistently deliver the security and quality of real- time multimedia communications that consumers and businesses require. In order to gain the trust of consumer and business customers, service providers must be able to assure secure and high quality interactive communications across multiple customer networks, access networks and other service provider networks.

The Need for a New IP Network Element

Managing session-based communications

In order to provide secure and high quality interactive communications, IP networks must be able to manage and integrate the communication flows that comprise a session. Each session includes three sets of bidirectional communication flows:

·        Session signaling messages , which are used to initiate, modify or terminate a session;

·        Media streams , which are data packets containing the actual media being exchanged; and

·        Media control messages , which are used to compile information used to report on quality of service levels.

A session is initiated using signaling messages. These messages establish a virtual connection between the participants’ personal computers, IP phones or other IP devices. In addition, they negotiate the IP addresses used for the session’s media streams and control messages as well as the algorithms, referred to as codecs, used to digitize analog voice and video. Various codecs are required for voice and video, and they involve trade-offs between quality and bandwidth efficiency. Once the call is initiated, media streams and control messages flow in both directions between participants. Signaling messages also are used to transfer a call, place a call on hold and terminate a session.

The management of session-based communications is complicated by the following characteristics of today’s IP networks:

·        The identities of the participants are difficult to ascertain and security needs are complex.

·        The number of session signaling protocols, codecs and related standards continues to grow.

·        Addressing schemes are not consistent or compatible across networks.

·        Bandwidth and signaling element resources are finite.

·        Interactive communications service provider business models and regulatory compliance requirements continue to evolve and require network flexibility.

Additionally, unlike typical data communications, not all session-based communications can be treated with the same priority. For example, a 911 call or a high quality enterprise video conference should take priority over a person calling into a reality TV program.

5

Limitations of Existing Network Elements

Successful session-based communications require tight integration between signaling and media control. However, existing network elements such as softswitches, routers and data firewalls do not provide the control functions required for session-based communications.

·        Softswitches, including Session Initiation Protocol, or SIP, servers, H.323 gatekeepers and Media Gateway Control Protocol, or MGCP, call agents, process only signaling messages while performing a variety of signaling-based functions, such as subscriber registration, authentication, authorization and session routing based upon telephone numbers or SIP addresses. Softswitches currently do not provide functions relating to, for example, media control for interactive communication sessions or protection against signaling-based denial of service and distributed denial of service, or DoS/DDoS, attacks. DoS/DDoS attacks prevent network equipment from receiving legitimate network traffic by overloading network equipment with unrequested information.

·        Routers make simple routing decisions for IP packets based upon IP addresses. Routers do not participate in call signaling, and therefore, are unable to recognize the multiple individual data packets that comprise a single voice call or multi-media session. Without signaling intelligence, routers currently are unable to perform key border control functions such as softswitch overload prevention or call routing based upon quality and cost requirements. Routers may use a number of quality of service technologies, such as Multi-Protocol Label Switching or MPLS, Differentiated Services or DiffServ, and Resource Reservation Protocol or RSVP, to provide preferential treatment to certain IP packets. However, routers using these technologies are currently incapable of classifying all the communications flows associated with a single voice call and handling those communications flows correctly as a single entity. Without the ability to identify the multiple individual packets that compromise a session, control call signaling, or understand the access link capacity and utilization, the router is unable to make any call admission or rejection decisions. As a result, the router will continue to send packets along a path even though the session should have been rejected because the quality was insufficient for the requested session. When this overloading of a path occurs, not only is the quality of the session associated with that packet insufficient to support the session, but other sessions using that same path also will suffer degradation.

·        Data firewalls are the most common security element in IP networks. Firewalls work by allowing into the network only traffic that has been requested from inside the network and by presenting a single IP address for all of the personal computers, phones and other devices behind it. The firewall effectively blocks session-based communications because it does not allow incoming calls from unknown endpoints. Furthermore, firewalls are not capable of identifying and protecting against service overloads or DoS/DDoS attacks on other signaling elements such as the softswitch.

Our Solution

We provide a new category of network equipment called the session border controller, or SBC, to enable interactive communications service providers to offer secure and high quality interactive communications across multiple IP networks, including the separate IP networks that comprise wireline, wireless and cable networks. Prior to the advent of the SBC, IP network infrastructure equipment, such as softswitches, routers and data firewalls, were able to initiate and route undifferentiated data, but lacked the ability to target specifically the management of interactive communications sessions. The development of the SBC, unlike many emerging networking products, was not catalyzed by standards bodies, but rather by the pragmatic needs of service providers.

To date, SBCs have been deployed around the world principally to deliver VoIP services, or the routing of voice conversations over the Internet. We believe that there is a significant demand for SBCs that can assure delivery of secure and high quality real-time interactive communications across all IP

6

network borders. Infonetics Research, a market research and consulting firm specializing in data networking and telecommunications, projects that worldwide revenue for SBCs will increase from $143 million in 2006 to $592 million in 2010.

SBCs are deployed at the borders of IP networks, such as between two service providers, referred to as an interconnect border, between a service provider and its business, residential or mobile customers, referred to as access-backbone borders, or between a carrier’s network and its data center, referred to as a data center border. SBCs act as the source and destination for all signaling messages and media streams entering and exiting the provider’s network. To that end, SBCs complement rather than replace softswitches, data firewalls or routers. At all borders, SBCs sit in front of softswitches and make call acceptance or rejection decisions. This function protects the softswitch from both malicious signaling attacks initiated by hackers and non-malicious overloads as well as ensures calls are only accepted when adequate network quality and softswitch resources are available. At many borders, SBCs sit alongside data firewalls. The data firewalls protect web and application servers and PCs from attacks while the SBC protects the softswitch. SBCs augment the simple and different packet-by-packet routing decisions routers make. Unlike routers that make simple and different routing decisions on a packet by packet basis, SBCs are able to classify these flows as a single interactive communication session and make more intelligent routing decisions to use the best path across the network to ensure secure, high quality communications.

·        Security. SBCs protect themselves, softswitches and other elements of the service delivery infrastructure, as well as customer networks, systems and relationships. They protect customer networks and session privacy, and provide DoS/DDoS protection from malicious attacks and non-malicious overloads.

·        Service reach maximization. SBCs extend the reach of offered services by maximizing the different types of networks and devices supported. Support is provided for enabling sessions to traverse existing data firewall and cross network translation, or NAT, devices, bridging private networks using overlapping IP addresses and virtual private networks, or VPNs, mediating between different signaling, transport and encryption protocols, converting between incompatible codecs, and translating signaling-layer telephone numbers, addresses and response codes.

·        Service level agreement assurance. SBCs play a critical role in assuring session capacity and quality. They perform admission control to ensure that both the network and service infrastructure has the capacity to support a session with high quality. SBCs also monitor and report actual session quality to determine compliance with performance specifications set forth in service level agreements between service providers and their customers.

·        Revenue and profit protection. SBCs can help service providers increase revenues and profits by protecting against both bandwidth and quality of service theft, by routing sessions to minimize costs, and by providing accounting and related mechanisms to maximize billable sessions.

·        Regulatory compliance. SBCs support compliance with government-mandated regulations worldwide, including emergency services such as E-9-1-1 and lawful intercept, which involves law enforcement agencies’ electronic surveillance of circuit and packet-mode communications as authorized by judicial or administrative order, such as the Communications Assistance for Law Enforcement Act, or CALEA.

Our SBCs utilize our proprietary technology to process session-based communications at network borders, and are designed to ensure that critical security and quality standards are met. Our key advantages include the following:

·        Significant experience in service provider deployments. We have significant experience in production deployments of SBCs by large interactive communications service providers, including deployments at 23 of the top 25 and 72 of the top 100 wireline, wireless and cable service providers in the world,

7

based on 2006 revenues. Our product functionality and quality have continually improved based on the knowledge about network challenges and complexities that we have acquired through deployments with over 360 large and small wireline, wireless and cable providers across the globe.

·        Breadth of applications and standards support. Our products are capable of processing the most widely used real-time interactive voice, video and multimedia communications sessions at wireline, wireless and cable IP network borders. We support a broad range of IP signaling protocols, such as SIP, H.323 and MGCP/NCS, transport protocols, encryption protocols, codecs, and addressing methods.

·        Depth of border control features. We offer a deep set of session border control features for security, service reach maximization, service level agreement assurance, revenue and profit protection, and regulatory compliance. In addition, our flexible product architecture facilitates rapid adoption of new control features required by emerging services, applications, business models and regulatory requirements.

·        Responsive service and support. Our responsiveness to our customers’ and distribution partners’ new feature requirements and interoperability testing, as well as our commitment to swift problem resolution, has been critical in deployments of our products.

·        Carrier-class platform. Interactive communications service providers operate complex, mission-critical networks that require security protection; high degrees of reliability, availability and maintainability, scalable performance and capacity, space and power-saving hardware design; and comprehensive network management. Products or platforms that satisfy these requirements are known as carrier-class. We have designed our products to be carrier-class.

·        Proven interoperability. We have demonstrated the ability of our SBCs to interoperate with key products being deployed by major vendors for next-generation services, such as softswitches, application servers, media gateways, media servers, policy servers and other communications infrastructure elements.

We believe that these key advantages of our products and services, together with our deployment of our products in approximately 360 service provider networks, make Acme Packet the leading provider of SBCs.

Our Strategy

Our objective is to grow our market and technology leadership in the SBC market. Principal elements of our strategy include:

·        Continue to satisfy the evolving border requirements of large service providers. By continuing to work closely with Tier-1 and other large service providers as they deploy and scale their services, we are well-positioned to gain valuable knowledge that we can use to expand and enhance our products’ features and functionality. Our experience has demonstrated that new services, applications, business models and regulatory requirements will drive the need for supporting new interfaces, protocols and control features. For example, in January 2006, we began delivering support for media using TCP, a transport protocol used for many real-time, interactive gaming applications.

·        Exploit new technologies to enhance product performance and scalability. Our purpose-built hardware platforms incorporate leading edge hardware and proprietary software technology. We will seek to leverage new technologies as they become available to increase the performance, capacity and functionality of our product family, as well as to reduce our costs. For example, our Net-Net 9000 series can increase signaling performance by four to eight times over previously available levels and incorporates essential transcoding, or the ability to change data from one format to another.

8

·        Invest in quality and responsive support. Our professional services team, dedicated to product quality and responsive support, ensures that our customers successfully deploy our products and efficiently transition their subscribers to a converged IP network infrastructure. As we broaden our product platform and increase our product capabilities, we will continue to provide comprehensive service and support targeted at maximizing customer satisfaction and retention.

·        Facilitate and promote service interconnects among our customers. We facilitate and encourage business relationships and interconnections among our customers to extend the reach of their services and, consequently, to increase the value of their services to their customers. We expect that these interconnections, in turn, will lead to increased demand for both our customers’ services and for our products.

·        Leverage distribution partnerships to enhance market penetration. We have approximately 30 distribution partners, which provide us with access to additional customers and increase our market penetration. As we invest in training and tools for our distribution partners’ sales, systems engineering and support organizations, we expect the overall efficiency and effectiveness of these partnerships to increase, which will allow us to dedicate more of our resources to further penetrating the global market for our products and services.

·        Actively contribute to architecture and standards definition processes. As the result of our breadth and depth of experience with actual production deployments of SBCs, we are poised to contribute significantly to organizations developing standards and architectures for next-generation IP networks, such as the Internet Engineering Task Force, 3GPP, ETSI, ATIS, MultiService Forum and PacketCable. We believe that the evolution of these standards and architectures will increasingly be driven by the realities learned from the pragmatic needs of service providers, not by theories.

Our Technology

Our SBCs are designed specifically to make networks “session aware” by enabling them to recognize, manage and integrate the various communication flows that comprise a single session and then treat those media flows as a single session with the appropriate priority, security and routing among other different networks. Acme Packet Session Aware Networking, our technology architecture, enables the delivery of secure and high quality interactive communication sessions across IP network borders. Implemented by the tight integration of our Net-Net OS software and Net-Net hardware platforms, our technology combines five elements that make the network session aware:

·        session routing policy;

·        session signaling service;

·        session media control;

·        session monitoring and reporting; and

·        session security service.

Session Aware Networking is designed to enable these five elements to share information dynamically. The session routing policy element collects the information necessary to guide the session signaling service in the selection of the optimal route across multiple IP networks. The media control element moves voice packets in compliance with security, quality of service, bandwidth and regulatory requirements. The session monitoring and reporting element updates the routing policy element with information about actual signaling element load, bandwidth availability and route performance. The session security service element protects the SBC, service infrastructure, customer networks and sessions among customers’ subscribers.

9

We believe that the combination of these elements creates a comprehensive solution required to deliver secure and high quality interactive communications services across IP network borders.

Session routing policy.    This software-based element defines and collects the information needed to make routing and related decisions. Session routing policy includes the following:

·        Admission control , which determines whether session initiation requests should be accepted based upon signaling element availability and load, bandwidth availability and observed session quality;

·        Routing , which determines the next signaling element on the network based upon multiple metrics, including source, destination, service provider preference, prefix, cost, time-of-day and time-of-week;

·        Load balancing , which determines how sessions should be load balanced across multiple signaling elements on the network utilizing round-robin, hunt, least busy or proportional allocations;

·        Number translations , which specifies how telephone numbers should be manipulated when being forwarded; and

·        Call limiting , which limits number or rate of calls to prevent overloads from less valuable sources or destinations.

Session signaling service.    This software-based element supports a broad range of signaling protocols such as SIP, H.323, MGCP/NCS and H.248. Based on information received from the session routing policy element, the signaling service element selects the best path through the network for each session. It selects the next signaling element in the network, such as user devices, softswitches, gateways and application servers, that each session should visit. To initiate the session, this element signals the next device along the path. If no acceptable path is available, the signaling service rejects the initiation request. It performs network address and port translations for addresses exposed in the signaling messages for security and bridging incompatible networks, strips previous routing information to hide customers or suppliers and adds or strips codecs to ensure codec compatibility. It also determines if the media flows should be released peer-to-peer between endpoints or relayed through the media control element. For relayed sessions, it passes address information for the next signaling element in the path to the media control element. The signaling service also performs protocol repair and interworking by, for example, converting one protocol into another. Lastly, this element is able to track sessions for reporting and billing purposes.

Session media control.    Once the session is established, this hardware-based element controls the media flows that are not released peer-to-peer between endpoints. Media control performs network address and port translations for security and bridging incompatible networks. It relays media to support the ability to address the cross network address translation and firewall devices, applies quality of service markings such as DiffServ bits and virtual area network, or VLAN, tags, performs transcoding between codecs when needed, and polices bandwidth usage in order to prevent, for example, a 64-Kbps voice session from switching to 384-Kbps video without permission. Media control also can extract touch tones embedded in the media flows, replicate the media flows for lawful intercept when required, and detect and repair certain session faults based on limits for items such as call length and maximum idle time. For example, if a signaling message terminating a session is lost, the session media control element notices and terminates the errant connection, freeing resources for other use.

Session monitoring and reporting.   This element compiles signaling and media performance information on a per session basis. Media quality measurements may include objective network attributes, such as delay, jitter and packet loss, or subjective measurements using mean opinion score algorithms. Signaling performance information includes signaling element availability, load and call completion ratios. The reported information is used in fault and performance management and in service level agreement reporting, and is input to subsequent routing and admission control policy decisions.

10