Академический Документы
Профессиональный Документы
Культура Документы
Revision History
Version
Author(s)
Description of Changes
Date
520-0050-00
James Tessier
Initial Release
4/4/2011
Abstract
The use of the RFC 2119 keywords is an attempt to assign the correct requirement levels ("MUST",
"SHOULD", "MAY", etc.).
This document defines a series of configuration recommendations to be used when deploying a Net-Net
Security Director (SD) high availability (HA) pair using local route tables (LRTs). When at conflict with
Customer requirements or desires, the Customers preference SHOULD take precedence.
Applicability
This document is applicable to NN3000 and NN4000 (S-C6.2.0 & above) series Session Directors.
April 2011
Table of Contents
Table of Contents ......................................................................................................................... 2
1.0 Introduction ............................................................................................................................. 3
2.0 Intended Audience ................................................................................................................ 3
3.0 Background ............................................................................................................................ 4
3.1 LRT How To ....................................................................................................................... 4
Preparation ........................................................................................................................................... 4
Procedure .............................................................................................................................................. 4
Updating tables ..................................................................................................................................... 5
Verification ............................................................................................................................................ 5
About the next parameter .................................................................................................................... 5
Using regular expressions with LRTs ..................................................................................................... 6
Using Route Manager Central ............................................................................................................... 6
520-0050-00
Page 2
April 2011
1.0 Introduction
Local route tables (LRTs) give the Net-Net C-series models the ability to locally determine next hops and
map E.164 to SIP URIs. This ability provides extensive scalability and flexibility for routing. Similar to the
ENUM model, the feature allows the SBC to perform a local route table lookup using the telephone
number (TN) of the SIP Request-URI. The local route table XML file defines the matching number and
the resulting regular expression replacement valueas ENUM NAPTR entries would. The Net-Net SBC
uses the resulting regular expression to replace the Request-URI, and it uses the session-group,
hostname or IP address portion to determine the next hop. If either the hostname or IP address matches
a configured session agent or session-group, the request is sent to that session agent/group. Otherwise
it sends the request directly to the hostname or IP address returned.
The Net-Net C-series can also perform a local route table lookup based on a key field, which is useful for
lookups based on routing number (RN) or carrier identification code (CIC). For more information on using
this feature, see the Routing-based RN and CIC section of the ACLI Configuration Guide [3].
Usage of local route tables has certain benefits, but not without design limitations. This document
describes these limitations and provides guidance towards reliability of service and performance
optimizations.
This document highlights LRTs and features available in S-C(x)6.2.0 version of Net-Net OS-C. Please be
aware that there are notable differences in handling LRTs before and after S-C6.2.0 M6. Future
enhancements are planned for LRT features, but they are not covered in this document.
It also presumes that the reader is familiar with standard configuration models and archetypes (e.g., those
listed in the Normative References section of this document).
520-0050-00
Page 3
April 2011
3.0 Background
Local route tables can be used to significantly reduce complexity of configurations requiring large
numbers of routes. Instead of a local-policy configuration object per route, the routes can be defined in
one or more xml files, uploaded to the SBC and referenced through a single local-routing-config object.
Procedure
1. Change the highlighted 10000 to the telephone number or prefix needed for a given
lookup.
2. Change the highlighted !(^.*$)!sip:\1@nexthop.com! to the corresponding next-hop.
3. Reuse the route block for each subsequent local route.
4. Gzip the file (standard package for Linux / download from www.gzip.org for Windows):
a. [root@acmese5 ~]# gzip TenK.xml
b. The new file will be: TenK.xml.gz
5. FTP the .gz file in binary mode to /code/lrt on each SD in an HA pair.
a. If the lrt directory does not exist, it must be created. Create it with mkdir lrt.
b. If this is an HA configuration, it must be uploaded to both systems.
6. Configure a local-routing-config element on the SD with the file-name TenK.xml.gz.
7. Configure a local-policy element on the SD with next-hop lrt:<name of local-routingconfig>.
8. If multiple length prefixes are needed:
a. Configure additional local route tables using the same xml.gz file with different
names and prefix-lengths.
b. Configure additional local-policy-attributes for each table.
520-0050-00
Page 4
April 2011
c. These policy attributes can be weighted to search longer prefixes first. In this
case, use the sip-config option serial-forking=yes to stop searching on a hit.
Updating tables
1. Edit, gzip and upload the new table to /code/lrt on each member of the HA pair.
2. Run notify lrtd refresh <lrt-name> on each member of the HA pair.
a. For example:
Active:
CSE-4250-5# notify lrtd refresh TenK
Refreshing routes from local-route file TenK
CSE-4250-5#
Standby:
CSE-4250-6# notify lrtd refresh TenK
Refreshing routes from local-route file TenK
CSE-4250-6#
Verification
1. From the ACLI, use show lrt route-entry <local-routing-config name> <E.164 number>
520-0050-00
Page 5
April 2011
2. For type regex, the format is !<regular expression>!<string>!. This will match the regular
expression on the original phone number and rewrite on the <string>. RFC 2915 - The
Naming Authority Pointer (NAPTR) DNS Resource Record [1] describes this format.
3. In the regular expression, ^ matches the beginning, . matches any character, .*
matches any number of any characters, $ matches the end and () will group the query
into \n.
4. For example: !(^.*$)!sip:\1@nexthop.com!.
a. (^.*$) is the regular expression.
b. sip:\1@nexthop.com is the replacement string.
c. A lookup on a number such as 17815551212 would match the entire string from
beginning to end and store it into the \1 variable. Thus the replacement request
URI would be sip:17815551212@nexthop.com.
5. The next-hop parameter can also match on session-agent-groups. To enable this
functionality, substitute the host with the session-group and enable enum-sag-match in
the sip-config.
520-0050-00
Page 6
April 2011
2. Add the selected HA pair to the Devices to Update list and click OK:
520-0050-00
Page 7
April 2011
3. Navigate to the Device Route Set Updates tab and select the just created Update Task. Click
Commit to update the table on the HA pair:
520-0050-00
Page 8
April 2011
In versions prior to SC6.2.0 M6, loading the XML file into cache requires completely deleting the current
cache and loading in the new cache. This is CPU intensive and also renders the local cache inaccessible
during the process. Loading new local route tables in these software images should be done in a
maintenance window under low call load.
The Net-Net C-series software was changed in SC6.2.0 M6 (and greater) to reduce processing load
during a refresh. The cost of this was requiring more memory during the load time. In versions
subsequent to SC6.2.0 M6, loading the XML file into cache requires creating a completely new cache,
switching caches and finally deleting the old cache. Although, this is still CPU intensive, it does not affect
call processing. It does require an additional amount of free memory during the process.
In all versions, it is beneficial to split large route tables into a number of smaller files to mitigate
performance issues.
10k
1
1
1
<1
<1
25k
1
2
2
1
1
50k
2
4
4
2
1
75k
3
6
6
3
2
100k
3
8
8
3
2
125k
4
10
10
4
2
250k
8
NA
NA
8
5
Table 2: refresh time (in seconds) under 70% CPU usage call load
Tests where load limiting occurred are marked with an asterisk (*)
520-0050-00
10k
1
1
1
1
1
25k
1
3
3
1
1
50k
2
5
5
2
1
75k
3
7*
8*
3
2
100k
4
11*
11*
4
2
125k
6*
13*
14*
5*
2
250k
10*
NA
NA
10*
5
Page 9
April 2011
Once the load time of an LRT is known, it is possible to determine the potential CPU impact and the
possible load limiting. For instance, if CPU utilization is at 70%, testing has shown that load limiting will
occur on the 4250 when a 75,000 route LRT is loaded and will occur on the 3820 and 4500 CPU1 when a
125,000 route LRT is loaded.
3820 (standard)
4250 (1GB)
4250 (2 GB)
4500 regular Phy card
4500 IPSec/QoS card
0k
83%
59%
71%
83%
79%
125k
80%
49%
66%
80%
75%
250k
76%
40%
61%
76%
71%
500k
69%
19%
50%
68%
64%
1M
54%
NA
27%
54%
49%
2M
26%
NA
NA
25%
20%
It can be seen from this table that each 125k routes uses roughly 100M of memory. The memory usage
is dependent on the size of the lookup and the size of the regex string. Therefore, for most applications,
memory usage will be linear with respect to the number of routes in a table.
Note that the above table does not account for memory usage for other functions on the SBC e.g.
registration cache entries, activated running configuration, session or subscription dialogs. These must be
taken into consideration when dimensioning LRT functionality.
Additionally, in SC6.2.0 M6 and greater, a new LRT is loaded into cache each time it is refreshed, this
causes a temporary increase in memory usage during this process. For instance, if a 125k route table
uses 100M of memory, a table refresh will require an additional 100M of memory.
520-0050-00
Page 10
April 2011
each contains only the minimum number of configuration objects required to pass basic SIP traffic using
LRTs. The same configuration was used for each Acme Packet C-series model number when possible.
8.0 Disclaimer
The content in this document is for informational purposes only and is subject to change by Acme Packet
without notice. While reasonable efforts have been made in the preparation of this publication to assure
its accuracy, Acme Packet assumes no liability resulting from technical or editorial errors or omissions, or
for any damages resulting from the use of this information. Unless specifically included in a written
agreement with Acme Packet, Acme Packet has no obligation to develop or deliver any future release or
upgrade or any feature, enhancement or function.
520-0050-00
Page 11
April 2011
WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
520-0050-00
Page 12
April 2011
520-0050-00
N/A
N/A
enabled
none
admin@console
2010-10-27 17:49:21
lrt:TenK
Peers
replace-uri
disabled
0000
2400
U-S
1
enabled
single
disabled
lrt:Twenty5K
Peers
replace-uri
disabled
0000
2400
U-S
2
enabled
single
disabled
lrt:FiftyK
Peers
replace-uri
disabled
0000
2400
U-S
3
Page 13
state
methods
media-profiles
lookup
next-key
eloc-str-lkup
eloc-str-match
local-routing-config
name
file-name
prefix-length
last-modified-by
last-modified-date
local-routing-config
name
file-name
prefix-length
last-modified-by
last-modified-date
local-routing-config
name
file-name
prefix-length
last-modified-by
last-modified-date
realm-config
identifier
description
addr-prefix
network-interfaces
enabled
single
disabled
TenK
LRTs10k.xml.gz
5
admin@console
2010-11-05 19:37:21
Twenty5k
LRTs25k.xml.gz
6
admin@console
2010-11-05 19:37:54
Fiftyk
LRTs50k.xml.gz
7
admin@console
2010-11-05 19:38:09
Peers
Peering realm
172.16.112.0/24
mm-in-realm
mm-in-network
mm-same-ip
mm-in-system
bw-cac-non-mm
msm-release
qos-enable
generate-UDP-checksum
max-bandwidth
fallback-bandwidth
max-priority-bandwidth
max-latency
max-jitter
max-packet-loss
observ-window-size
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
class-profile
average-rate-limit
access-control-trust-level
invalid-signal-threshold
maximum-signal-threshold
untrusted-signal-threshold
nat-trust-threshold
deny-period
ext-policy-svr
diam-e2-address-realm
symmetric-latching
pai-strip
trunk-context
early-media-allow
520-0050-00
April 2011
M00:0
disabled
enabled
enabled
enabled
disabled
disabled
disabled
disabled
0
0
0
0
0
0
0
ACME_NAT_TO_FROM_IP
0
high
0
0
0
0
30
disabled
disabled
Page 14
enforcement-profile
additional-prefixes
restricted-latching
restriction-mask
accounting-enable
user-cac-mode
user-cac-bandwidth
user-cac-sessions
icmp-detect-multiplier
icmp-advertisement-interval
icmp-target-ip
monthly-minutes
net-management-control
delay-media-update
refer-call-transfer
dyn-refer-term
codec-policy
codec-manip-in-realm
constraint-name
call-recording-server-id
stun-enable
stun-server-ip
stun-server-port
stun-changed-ip
stun-changed-port
match-media-profiles
qos-constraint
sip-profile
sip-isup-profile
block-rtcp
hide-egress-media-update
last-modified-by
last-modified-date
realm-config
identifier
description
addr-prefix
network-interfaces
mm-in-realm
mm-in-network
mm-same-ip
mm-in-system
bw-cac-non-mm
msm-release
qos-enable
generate-UDP-checksum
max-bandwidth
fallback-bandwidth
max-priority-bandwidth
max-latency
max-jitter
max-packet-loss
observ-window-size
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
class-profile
average-rate-limit
access-control-trust-level
invalid-signal-threshold
maximum-signal-threshold
untrusted-signal-threshold
520-0050-00
April 2011
none
32
enabled
none
0
0
0
0
0
disabled
disabled
disabled
disabled
disabled
disabled
0.0.0.0
3478
0.0.0.0
3479
disabled
disabled
admin@console
2010-10-26 16:04:31
Core
Trusted core realm
0.0.0.0
M10:0
disabled
enabled
enabled
enabled
disabled
disabled
disabled
disabled
0
0
0
0
0
0
0
ACME_NAT_TO_FROM_IP
0
high
0
0
0
Page 15
nat-trust-threshold
deny-period
ext-policy-svr
diam-e2-address-realm
symmetric-latching
pai-strip
trunk-context
early-media-allow
enforcement-profile
additional-prefixes
restricted-latching
restriction-mask
accounting-enable
user-cac-mode
user-cac-bandwidth
user-cac-sessions
icmp-detect-multiplier
icmp-advertisement-interval
icmp-target-ip
monthly-minutes
net-management-control
delay-media-update
refer-call-transfer
dyn-refer-term
codec-policy
codec-manip-in-realm
constraint-name
call-recording-server-id
stun-enable
stun-server-ip
stun-server-port
stun-changed-ip
stun-changed-port
match-media-profiles
qos-constraint
sip-profile
sip-isup-profile
block-rtcp
hide-egress-media-update
last-modified-by
last-modified-date
sip-config
state
operation-mode
dialog-transparency
home-realm-id
egress-realm-id
nat-mode
registrar-domain
registrar-host
registrar-port
register-service-route
init-timer
max-timer
trans-expire
invite-expire
inactive-dynamic-conn
enforcement-profile
pac-method
pac-interval
pac-strategy
pac-load-weight
pac-session-weight
pac-route-weight
pac-callid-lifetime
pac-user-lifetime
red-sip-port
red-max-trans
red-sync-start-time
520-0050-00
April 2011
0
30
disabled
disabled
none
32
enabled
none
0
0
0
0
0
disabled
disabled
disabled
disabled
disabled
disabled
0.0.0.0
3478
0.0.0.0
3479
disabled
disabled
admin@console
2010-10-26 15:55:05
enabled
dialog
enabled
Peers
None
0
always
500
4000
32
180
32
10
PropDist
1
1
1
600
3600
1988
10000
5000
Page 16
red-sync-comp-time
add-reason-header
sip-message-len
enum-sag-match
extra-method-stats
registration-cache-limit
register-use-to-for-lp
options
refer-src-routing
add-ucid-header
proxy-sub-events
pass-gruu-contact
sag-lookup-on-redirect
set-disconnect-time-on-bye
last-modified-by
last-modified-date
520-0050-00
April 2011
1000
disabled
4096
disabled
disabled
0
disabled
max-udp-length=0
serial-forking=yes
disabled
disabled
disabled
disabled
disabled
admin@console
2010-10-26 17:56:48
Page 17
April 2011
520-0050-00
N/A
N/A
enabled
none
admin@console
2010-11-22 17:39:26
lrt:TenK
Peers
replace-uri
disabled
0000
2400
U-S
1
enabled
single
disabled
lrt:Twenty5k
Peers
replace-uri
disabled
0000
2400
U-S
2
enabled
single
disabled
lrt:Fiftyk
Peers
replace-uri
disabled
0000
2400
U-S
3
enabled
Page 18
media-profiles
lookup
next-key
eloc-str-lkup
eloc-str-match
local-routing-config
name
file-name
prefix-length
last-modified-by
last-modified-date
local-routing-config
name
file-name
prefix-length
last-modified-by
last-modified-date
local-routing-config
name
file-name
prefix-length
last-modified-by
last-modified-date
realm-config
identifier
description
addr-prefix
network-interfaces
single
disabled
TenK
LRTs10k.xml.gz
5
admin@console
2010-11-05 19:37:21
Twenty5k
LRTs25k.xml.gz
6
admin@console
2010-11-05 19:37:54
Fiftyk
LRTs50k.xml.gz
7
admin@console
2010-11-05 19:38:09
Peers
Peering realm
172.16.112.0/24
mm-in-realm
mm-in-network
mm-same-ip
mm-in-system
bw-cac-non-mm
msm-release
qos-enable
generate-UDP-checksum
max-bandwidth
fallback-bandwidth
max-priority-bandwidth
max-latency
max-jitter
max-packet-loss
observ-window-size
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
class-profile
average-rate-limit
access-control-trust-level
invalid-signal-threshold
maximum-signal-threshold
untrusted-signal-threshold
nat-trust-threshold
deny-period
ext-policy-svr
diam-e2-address-realm
symmetric-latching
pai-strip
trunk-context
early-media-allow
enforcement-profile
additional-prefixes
520-0050-00
April 2011
M00:0
disabled
enabled
enabled
enabled
disabled
disabled
disabled
disabled
0
0
0
0
0
0
0
ACME_NAT_TO_FROM_IP
0
high
0
0
0
0
30
disabled
disabled
Page 19
restricted-latching
restriction-mask
accounting-enable
user-cac-mode
user-cac-bandwidth
user-cac-sessions
icmp-detect-multiplier
icmp-advertisement-interval
icmp-target-ip
monthly-minutes
net-management-control
delay-media-update
refer-call-transfer
dyn-refer-term
codec-policy
codec-manip-in-realm
constraint-name
call-recording-server-id
stun-enable
stun-server-ip
stun-server-port
stun-changed-ip
stun-changed-port
match-media-profiles
qos-constraint
sip-profile
sip-isup-profile
block-rtcp
hide-egress-media-update
last-modified-by
last-modified-date
realm-config
identifier
description
addr-prefix
network-interfaces
mm-in-realm
mm-in-network
mm-same-ip
mm-in-system
bw-cac-non-mm
msm-release
qos-enable
generate-UDP-checksum
max-bandwidth
fallback-bandwidth
max-priority-bandwidth
max-latency
max-jitter
max-packet-loss
observ-window-size
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
class-profile
average-rate-limit
access-control-trust-level
invalid-signal-threshold
maximum-signal-threshold
untrusted-signal-threshold
nat-trust-threshold
deny-period
520-0050-00
April 2011
none
32
enabled
none
0
0
0
0
0
disabled
disabled
disabled
disabled
disabled
disabled
0.0.0.0
3478
0.0.0.0
3479
disabled
disabled
admin@console
2010-10-26 16:04:31
Core
Trusted core realm
0.0.0.0
M10:0
disabled
enabled
enabled
enabled
disabled
disabled
disabled
disabled
0
0
0
0
0
0
0
ACME_NAT_TO_FROM_IP
0
high
0
0
0
0
30
Page 20
ext-policy-svr
diam-e2-address-realm
symmetric-latching
pai-strip
trunk-context
early-media-allow
enforcement-profile
additional-prefixes
restricted-latching
restriction-mask
accounting-enable
user-cac-mode
user-cac-bandwidth
user-cac-sessions
icmp-detect-multiplier
icmp-advertisement-interval
icmp-target-ip
monthly-minutes
net-management-control
delay-media-update
refer-call-transfer
dyn-refer-term
codec-policy
codec-manip-in-realm
constraint-name
call-recording-server-id
stun-enable
stun-server-ip
stun-server-port
stun-changed-ip
stun-changed-port
match-media-profiles
qos-constraint
sip-profile
sip-isup-profile
block-rtcp
hide-egress-media-update
last-modified-by
last-modified-date
sip-config
state
operation-mode
dialog-transparency
home-realm-id
egress-realm-id
nat-mode
registrar-domain
registrar-host
registrar-port
register-service-route
init-timer
max-timer
trans-expire
invite-expire
inactive-dynamic-conn
enforcement-profile
pac-method
pac-interval
pac-strategy
pac-load-weight
pac-session-weight
pac-route-weight
pac-callid-lifetime
pac-user-lifetime
red-sip-port
red-max-trans
red-sync-start-time
red-sync-comp-time
add-reason-header
520-0050-00
April 2011
disabled
disabled
none
32
enabled
none
0
0
0
0
0
disabled
disabled
disabled
disabled
disabled
disabled
0.0.0.0
3478
0.0.0.0
3479
disabled
disabled
admin@console
2010-10-26 15:55:05
enabled
transaction
enabled
Peers
None
0
always
500
4000
32
180
32
10
PropDist
1
1
1
600
3600
1988
10000
5000
1000
disabled
Page 21
sip-message-len
enum-sag-match
extra-method-stats
registration-cache-limit
register-use-to-for-lp
options
refer-src-routing
add-ucid-header
proxy-sub-events
pass-gruu-contact
sag-lookup-on-redirect
set-disconnect-time-on-bye
last-modified-by
last-modified-date
520-0050-00
April 2011
4096
enabled
disabled
0
disabled
max-udp-length=0
serial-forking=yes
disabled
disabled
disabled
disabled
disabled
admin@console
2010-11-22 17:37:30
Page 22
April 2011
520-0050-00
Page 23