Академический Документы
Профессиональный Документы
Культура Документы
S
Session
i Border
B d Controller
C t ll Concepts
C t
ble
fer a
ans
Lesson code: sdcs n - t r
a no
) has ideฺ
ฺ c om t Gu
l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
Lesson Objectives
• Discuss:
– Realms and realm bridging
– Oracle Communications SBC architecture
– Peering (trunking) and Access deployment best current
practices
– Services: signaling, media, routing, and translation
a b le
r
– Session agents and header manipulation sfe n
• Configure: n - tra
n o
– Global SIP parameters and Media Manager s a
) a
hpoolsideฺ
– Realms, SIP interfaces, and steering
m Gu
ฺ c o
ic nt rules, and so on
– Routing policies, header manipulation
i p log tude
@ vo his S
e n to se t
vi © t2014,
(Copyright o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
Re-originated
Request Request Proxy
Signaling and media interfaces, access rules, Signaling and media interfaces, access rules,
security parameters, max sessions and security parameters, max sessions and bandwidth,
bandwidth, number translation, and more… number translation, and more…
A realm:
a b le
• Is a collection of VoIP entities residing in one or more networks s f er
• Typically maps to a service provider
provider, enterprise - t r
enterprise, or end-user
an
population environment. It is defined by a configurationn on element
a sthea environment.
that contains many parameters that applyhto
) i d eฺ
• Is considered as a “Layer 5” definition
ฺ c omandt aG“container”
u of
i c n
resources log de
v oip is Stu
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m lic
A realm Ris a logical definition of a network or a group of networks made up in part by devices
t o
nprovide real-time communication sessions composed of signaling messages and
Vie
that
potentially media flows. These network devices might be call agents, softswitches, SIP
proxies, H.323 gatekeepers, IP PBXs, and so on that are statically defined by IP addresses.
These network devices might also be IP endpoints: SIP phones, IADs, MAs, media gateways,
and so on that are defined by an IP address prefix.
On the SBC, you configure realms (plus their associated configuration objects) to identify
the interfaces, resources, and policies that apply to the signaling and media going through
them.
Realm A Routing
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
Decisions Proxy
Realm C
Realm B
Proxy
Realm D
Realm bridging is the routing of a signaling message coming from a given
a b le
ingress realm to a “next hop” in an egress realm.
s f er
The routing rules (routes, relative cost, and so on) are provided byteither
- r an
“Local-Policy” or “SIP-NAT” configuration elements.
n on
s
Static bridging: Ingress and egress realms are unconditionally a “paired.”
) a
h ideฺ
Example: AC;CA
ฺ c om t G u
Dynamic bridging: Egress realm can be
g i cany, depending
e n on time-of-day,
called number, and so on. iplo tud
vo his S
@
to se t
e n uOracle and/or its affiliates. All rights reserved.
z vi © t2014,
(Copyright o
m ire ense
The goalR
a licCommunications SBC is to bridge realms either statically or
of the Oracle
o When a SIP message is received, the SBC determines what realm it came from.
ent
idynamically.
VKnowing that and consulting routing policies (or other routing elements), a decision is made
as to what will be the egress realm and the next hop in it.
It is very important to remember that the SBC bridging decisions are based solely on
information found in the signaling messages—never Layer 3 information. Layer 3 is always
assumed available and transparent.
Realm bridging may be static or dynamic. Static realm bridging is a one-to-one association
accomplished by using SIP-NAT bridge (legacy configuration), H.323 stack association, or
l
local
l policy.
li
Dynamic realm bridging is a one-to-many association accomplished by either dynamic local
policy (resolution to the next signaling hop can be based on time-of-day, day-of-week, phone
number, URI, domain, and so on) or third-party routing/redirect.
A PSTN
TDM Switch
Service
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
Enterprise
IP Services Provider
or Enterprise
TDM Channels B
PSTN H.323
Service PBX
Provider
TDM Switch
& PSTN GW
ble
fer a
an s
Issues in using
g PSTN services to connect VoIP “islands”:
n - t r
• VoIP-PSTN gateways and the likely need to transcodentwiceo
a
• has ideฺ
Limited number of channels, high cost of ownership
)
• TDM channels are very expensive compared
ฺ c om tot G u
LAN/WAN-equivalent
bandwidth.
l o gic uden
Security and SLA is addressed obyip
the PSTNSt service provider.
@ v his
n t o e t
e
vi © t2014, s
uOracle and/or its affiliates. All rights reserved.
z (Copyright o
m ire ense
R
Traditionally, lic (run by PSTN carriers) have provided the connectivity needed so
a TDM networks
e
that to end users in isolated environments can communicate and service providers can
nVoIP
V i
extend their reach to VoIP enterprises and offer services such as IVR, voicemail, and IM.
Using PSTN services and their related issues often made this connectivity expensive and
sometimes infeasible.
SIP
PBX Enterprise or IP
SD Services Provider
Enterprise
IP Network H.323
PBX
le
Using IP networking provides:
f erab
• Simpler and very flexible deployment a n s
n -t r
• Lower cost and less dependency n o
a
s applications
• Better usage of bandwidth and a wealth of
) hanewi d eฺ
ฺ c om tsessions
Using an SBC will add the necessary security, G u and
gic and
resources control, SLA, QoS monitoring, denso on.
o i plo Stu
@ v his
n t o e t
e
vi © t2014, s
uOracle and/or its affiliates. All rights reserved.
z (Copyright o
m ire ense
Ra lic
nto
Vie
registered here.
SIP
Servers
Registrar
g
Internal
Calls
Trunked calls; no EP
registrations requests e
r a bl
s fe
- t r an
SIP SIPn no
Servers Servers a
) has ideฺ
ฺ c om t G u
Service Provider
g i c e n Service Provider
o i plo Stud
@ v his
n t o e t
e
vi © t2014, s
uOracle and/or its affiliates. All rights reserved.
z (Copyright o
m ire ense
R
The Peering
a model islicgenerally characterized (and there are some exceptions) by the fact that
noe to
nREGISTER requests traverse the SBC.
V i
This model is commonly configured in an SBC that resides between realms:
Service provider Service provider
Service provider Its point-of-presence
Service provider Served enterprise
Register SIP
Server
Realm B: End Users Registrar ble
fer a
an s
n - t r
Calls End users are registered a no
registrar. ) has ideฺ
at the service provider’s
ฺ c om t Gu
l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m
amodel islicgenerally characterized by the fact that endpoints send REGISTER
R
The Access
e nto to a registrar that resides in a different realm.
requests
i
V This model is normally configured in an SBC that resides between realms:
Service provider Served end-user population
Enterprise Remote worker population
SIP
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
H.323
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
a no
) has ideฺ
ฺ c om t Gu
l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lictwo architectures for H.323: Peering and Access.
athere are
R
As with SIP,
to
enrecommended
iThe peering configuration is the GW/GW model. Local policy will be used to
Vbridge both realms, resembling the Policy-Based
Policy Based Realm Bridging SIP configuration.
For the Access architecture, there are two recommended models: registration caching and
registration proxy.
Registration caching is the most straightforward configuration and is the preferred mode when
handling registrations from IP private branch exchanges (IP PBX). In this mode, the SBC will
aggregate terminal aliases under a single registration request (RRQ) towards the core
gatekeeper (GK).
When you configure the registration proxy feature by setting the q931 and dynamic ports in
the core h323-stack, a unique RRQ is sent to the core GK per endpoint in the access network,
and a different callSignallingAddress port is dynamically allocated for each registering
endpoint. The range of dynamic ports for H.245 connections is also defined.
In this mode, the SBC passes most of the parameters in the RRQ transparently from access
to core.
Registrations are routed to the core according to the associated stack field of the access
h323-stack. This model allows for 1-to-1 or many-to-1 access/core configurations.
Unique name
Network interface
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
training(configure)#
g( g )# media-manager
g
training(media-manager)# realm-config
training(realm-config)# identifier peer
training(realm-config)# network-interfaces M00:0
training(realm-config)# addr-prefix 192.168.0.0/24
bl e
training(realm-config)# done
fer a
realm-config
an s
identifier peer
n - t r
addr-prefix 192.168.0.0/24
a no
has ideฺ
network-interfaces M00:0
... )
If used, requests coming
ฺ c om t Gu
from other subnets will
l o gic uden
be rejected.
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m lic because (at least initially) the default values of most parameters
CreatingR a realm is simple
e
will to for many configurations. What must be specified are a unique identifier and the
nwork
V i
network-interface that the realm will use.
If we want to reject traffic that comes from sources that have specific IP addresses (or IP
address range) we can modify the address prefix, which by default is 0.0.0.0 (and which does
not filter out any traffic). More than one prefix can be defined (not shown in the slide).
ble
Physical Interfaces M00 M10
fer a
an s
n - t r
a no
The SBC configuration is very flexible: A) realm has idcan eฺ use a
dedicated network-interface or share ฺ c oamnetwork t G u interface with
other realms. l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m lic
to R
Vien
VoIP networks.
• True___ False ___
Different IP subnets can be within the same realm.
realm
• True___ False ___
Realm bridging is based on Layer 3 (IP) decisions.
ble
• True___ False ___
fer a
an s
p realms can be directly
Multiple y bound to a single
g p physical
y r
interface.
- t
• True___ False ___ n on
a
) h ideinฺ the other
In the peering model, a SIP device must be registered
as
realm. ฺ c om t Gu
o g ic den
• True___ False ___ ip l tu
@ vo his S
e n to se t
vi © t2014,
(Copyright o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
VoIP networks.
•
True___ False ___
Different IP subnets can be within the same realm.
realm
•
True___ False ___
Realm bridging is based on Layer 3 (IP) decisions.
ble
• True___ False ___ sfer a
p realms can be directly
Multiple y bound to a single
g p physical
y r an
interface.
- t
on
• True___ False ___ a n
as
) h ideinฺ the other
In the peering model, a SIP device must be registered
realm. ฺ c om t Gu
o g ic den
• True___ False ___ ip l vo tu
i s S
@
to se t h
e n uOracle and/or its affiliates. All rights reserved.
z vi © t2014,
(Copyright o
m ire ense
Ra lic
nto
Vie
ble
fer a
ans
n - t r
a no
) has ideฺ
ฺ c om t Gu
l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
• Realms are:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
ble
fer a
ans
n - t r
a no
) has ideฺ
ฺ c om t Gu
l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
Default value
ACLI Path: session-router > sip-config
Default value:
training# show running sip-config The SBC acts ab
le
sip-config s
as a B2BUA. f er
state enabled - t r an
operation-mode dialog n onDefault value:
dialog-transparency enableds a The SBC will
home-realm-id ) a
backbone ฺ
h ide NOT change
egress-realm-id ฺ c om t Gu the call-id
Media Media
NAT/Relay NAT/Relay
Function Function
bl e
fer a
a n s
The Edge Proxy Function is the SIP protocol stackoand n r
-t makes
the SBC look like a SIP proxy. a n
) h as eฺ
The SIPD is the B2BUA application responsible
c o m Guidfor most of the
SBC’s signaling behavioral features. g i cฺ ent
o i plo Stud
@ v his
n t o e t
e
vi © t2014, s
uOracle and/or its affiliates. All rights reserved.
z (Copyright o
m ire ense
R a lic
to
Vien
Realm Realm
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
The sip-interface:
• Is the SBC’s Edge Proxy Function a b le
s f er
• Receives and transmits SIP signaling massages ran
o n -t
• Provides a service pipe to the SIP daemon (sipd)n
a
) has itransport
• Defines SIP signaling IP addresses, ports,
d eฺ
ฺ c om t policies
protocols, and various SIP processing G u
l o gic uden
A realm can only have one sip-interface.
p t
oi is S
v
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
sip-interface
state Default value enabled Uniquely identifies the
realm-id access1 sip-interface by referring
description to the realm it serves.
sip-port
address 192.168.0.11 Default value: UDP
port 5060 Other values: TCP, TLS
transport-protocol UDP
tls-profile
Multiple sip-port subelements can
allow-anonymous all
be defined in one sip-interface. ble
sip-port
fer a
address 192.168.0.11
an s
port
t
transport-protocol
t t l
5061
TLS n - t r
tls-profile prof1
a no
has ideฺ
allow-anonymous all
...
)
always m Manyuother parameters that
nat-traversal
30 cฺc
o fine t Gtune the sip-interface
nat-interval
i
g ude behavior. n
registration-caching
p loenabled
...
v o is St
i
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
Realm_a Realm_b
Realms
net.-int. M00:0 net.-int. M10:0
ble
Physical Interfaces M00 M10
fer a
ans
n - t r
n o
A sip-interface can be assigned to only one realm!
s a
) ha ideฺ
ฺ c om t Gu
To see a summary of all existing
l o gicsip-interfaces
d e n type:
oshow S tu
ip virtual-interfaces
v
@ e thi s
t o
n © 2014,uOracle
s and/or its affiliates. All rights reserved.
( v i e
Copyright
o
ez nse t
i r
R am lice
i e nto
V
Host Section
Media Section
Packet sent to host through a queue. 6
Packet is forwarded
Traffic
to Traffic Manager. 5 Manager* 8 Packet is sent
down to NP.
3
A “key” is built from Transcoding
bl e
source address and DSPs
fer a
port, destination
Lookup an s
address and port,
andd L5 protocol.
t l Network
n - t r
Processor 4
Table* Network
a
Processor
no
) h as eฺ
m Guid
Key is looked up. If no entry is
2 9
A L2 frame is
c o
found or source not permitted,
received; IP
PHY
then packet
g
is
i cฺ ent
discarded.
PHY
Packet
sent out.
plo Stud
packet sent to
NP.
o i
v his
t o @ e t
e n s
uOracle and/or its affiliates. All rights reserved.
z vi © t2014,
(Copyright o
m ire ense
Ra lic
nto
Vie
1. Which global element must exist so that the SBC can handle
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
SIP? _________________________
2. When dialog-transparency is set to disabled, Call-IDs will ____
3. How does the sip-interface
p handle media p packets? ________
4. Which of the following are SIP Interface functions?
a. Sending and receiving SIP signaling _____
b. Re-originating SIP messages _____ e
c. Providing a service pipe to the SIP daemon _____ r a bl
s fe
d. Providing policies for SIP processing _____
- t r an
5. no signaling
How can a specific sip-interface be made to support n
a
has ideฺ
over TCP and UDP at the same time? _____________________
)
6. om
How are a specific realm and a sip-interface ubound together?
ฺc nt G
c
_______________________________________________
i
i p log tude
@ vo his S
e n to se t
vi © t2014,
(Copyright o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
1. Which global element must exist so that the SBC can handle
sip-config
SIP? _________________________
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
Edge Edge
SIPD
Proxy Proxy
Application
Function Function
Media Media
NAT/Relay NAT/Relay
Function Function
bl e
fer a
a n s
Provides network address and port translation (NAPT) n r
-t of media
o
n going out to
(RTP) packets coming from the ingress realm aand
the egress realm. ) has ideฺ
ฺ c om t Gu
l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m lic
to R
Vien
Media Section
Packet NATed and 5 Traffic
forwarded to other
network processor. Manager*
3
A “key” is built from Transcoding
ble
source address and DSPs
fer a
port, destination
Lookup a n s
address and port,
and L5 protocol Network
Table** n -t r
(expected to be Processor 4 o
Network
n
RTP).
s a
Processor
Key is looked up. If no entry isha eฺ
2 found, the packet is m ) i d 6
A L2 frame is
ฺ c
discarded. Otherwise, othe t Gu Packet
received, IP
packet sent to
PHY
NAPT.lo
g ic data dforen
entry will supply PHY sent out.
NP.
v oip is Stu
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
v oip is Stu
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m liisc where media-related characteristics, such as media latching, timers,
R
The media-manager
to shaping behaviors are configured.
e
and
i ntraffic
V Media latching determines how the SBC reacts to dynamic media flows. When enabled, the
SBC will “lock down” a flow upon receipt of the first RTP packet at an allocated media port.
HNT RTCP determines whether support of RTCP in the SBC is enabled when it performs
hosted NAT traversal.
Realm Realm
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
The steering-pool:
• Is the SBC’s media interface (for a given realm)
• Receives and transmits RTP packets a b le
s f er
• Defines a media IP address and a pool (range) of ports from
- t r an
which
hi h port(s)
t( ) are dynamically
d i ll allocated
ll t d for otnbli h d
f every established
n
session s a
• Provides call admission control (CAC) by ) a
hsetting ea ฺlimit of
i d
sessions going into and out of acrealm
ฺ c om t Gu
o g i d e n
A realm can have more than one l tu
ip steering-pool.
@ vo his S
e n to se t
vi © t2014,
(Copyright o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m licsets of ports that are used for steering media flows from one realm to
SteeringRpools define
e nto through the SBC. When the SBC is communicating with a device in a specific realm
another,
i
V defined by a steering pool, it will use the steering pool’s IP address and a port number (from
the pool of ports) and, through the SDP body, will indicate to the device to send media there.
a no
) h as eฺ
In the rewritten SDP body, the SBC replaces:
c o m Guid
• The original IP address with the i ฺ
csteering n t
pool’s IP address
l o g d e
• The original port with a o ip allocated
port S tu from the pool
v
@ e thi s
t o
n © 2014,uOracle
s and/or its affiliates. All rights reserved.
( v i e
Copyright
o
ez nse t
i r
Media isR
am ice
“steered” tol flow through the SBC rather than directly between the media endpoints.
e
This
i ntisothe way the SBC will control media. In some cases, where we do not wish to control
V the media, the SBC will not rewrite the SDP body and media will flow directly between the
media endpoints. Media is said to be “released” by the SBC.
Realm a
Realm_a Realm b
Realm_b
Realms
net.-int. M00:0 net.-int. M10:0
The steering pool size limits the maximum number of concurrent calls
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
RTP
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
Backbone
RTCP …
172.16.0.11
1000 UDP ports RTP
Steering Pools
SBC Soft-
Switch
11.160.0.11 … RTCP
RTP
5000 UDP ports
RTCP
… ble
fer a
Access2 2000 UDP ports
ans
Assuming all calls are voice and RTCP is used:
n - t r
• Access1 is limited to 500 calls, and Access2 is limited to 1000 calls.
a no
•
has ideฺ
Calls between Access1 and Access2 (assuming they are routed through the soft-switch) will
)
only require 1000 ports in the Backbone steering pool. Each such call consumes TWO
sessions out of the licensed number of sessions.
ฺ c om t Gu
• gic uden
Calls between Access1 or Access2 and the “rest of the world” will require 3000 ports in the
l o
oip is St
Backbone steering pool. Each such call consumes ONE session out of the licensed number
of sessions. v
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
For the SBC to control media, you must create the following
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
configuration elements:
a. ___________
b. ___________
In order to force the media through the SBC, the SBC will:
a. _______________________________________
Steering pool size should be the same in all realms. le
a b
a. True
s f er
b. False - t r an
n
The total number of ports in all the SBC’s steering pools oisn related to
a
the maximum number of licensed sessions. has eฺ
m ) uid
a. True c o G
g i cฺ ent
b. False lo
oip is Stud
v
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
For the SBC to control media, you must create the following
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
configuration elements:
media-manager
a. ___________
b. ___________
steering-pools
gp
In order to force the media through the SBC, the SBC will:
a. Modify IP addresses and ports in the SDP body
_______________________________________
Steering pool size should be the same in all realms. le
a b
a. True
s f er
b. False - t r an
n
The total number of ports in all the SBC’s steering pools
oisn related to
a
the maximum number of licensed sessions. has eฺ
m ) uid
a. True c o G
g i cฺ ent
b. False lo
oip is Stud
v
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
ble
fer a
ans
n - t r
a no
) has ideฺ
ฺ c om t Gu
l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
Routing is:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
Signaling Signaling
Signaling A Message B C Message D Signaling
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
or Media or Media
Device Device
Media Media
Packet Packet
l o gichardware
– B (dst. IP:Port) will be replaced by D (translated
d e n IP:Port).
oip is Stu
– Performed by the SBC’s media section
v
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m lic
to R
Vien
a b le
The local policy should be preferred over the SIP-NAT mechanism, s f er
which is older and restrictive. - t r an
n n
oin
Translation required for headers other than those shown a the table
s
ha (discussed
can be achieved using header manipulation rules
) i d eฺ later).
ฺ c om t Gu
l o gic uden
* Explained in a later lesson
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m lic
There are
t o R two key configuration elements that provide routing rules: The most commonly
n Local Policy and the older SIP-NAT. While the SIP-NAT can be still used for routing, it is
Vie
used
recommended to only use it (where necessary) for its translation capabilities.
from-address *
to-address 212 617 Matched against number in the Rq-URI
source-realm access1
activate-time N/A This local policy will be looked at when
deactivate-time N/A a request comes from this realm.
state enabled
policy-priority none
policy-attribute Possible destinations for
next-hop 122.22.22.22 the re-originated request
realm backbone
a b le
Times this routeer
...
Route start-time 0000
n
is available s f
tra
end-time 2400
days of week
days-of-week M-F
M F
n -
cost 0
a nohave different
If all routes
app-protocol SIP
a sbe that
costs, with the lowest
policy-attribute
10.3.0.142 m)
h will
i d eฺ
taken.
Route
next-hop
ฺ c o t Gu
realm
nonegi
alpha-tel
c e n
action
l o d
...
v oip is Stu
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m lic of matching criteria and zero or more policy attributes. The matching
The localRpolicy consists
e ntoinclude:
criteria
i
V • Ca g add
Calling address/number/domain/domain
ess/ u be /do a /do a names
a es
• Called address/number/domain/domain name
• Source realm
From and To addresses formats can be
• SIP From Address (From), SIP Request URI (To)
• Domain names
• IP Addresses
Add
• H323 CallingPartyAddress (From) H323 CalledPartyAddress (To)
• * (wild card)
determination
• days-of-week: The combination of days of the week plus holidays that policy attributes
can be considered for preference determination
• realm: The realm of the next hop (that is, is egress realm)
realm). If traffic is routed using the
local policy, and the selected route entry identifies an egress realm, then this realm field
value will take precedence over SIP-NAT.
• next-hop: The next signaling host IP address, fully qualified domain name, session-
agent’s host name, SAG:<session agent group name>, LRT:<local routing table name>, ble
or ENUM:<ENUM server> fer a
ans
• app-protocol:
pp p The signaling
g gpprotocol used when sending g messages
n t r
g to the configured
- g
a no
next-hop. When the SBC receives an ingress signaling message and uses local policy
to determine the message’s destination, it will interwork the signaling between protocols
has ideฺ
(H.323<->SIP or SIP<->H.323) if the signaling type does not match the value configured
)
ฺ c om t Gu
in the app-protocol field. The value is H323 or SIP.
l o gic uden
• cost: The cost configured for local policy to rank policy attributes. This field represents
oip is St
the cost of a route relative to other routes reaching the same destination address. The
v
default value is 0
0.
n t o@ se th
( v ie to u
i r ez nse
m lice
to Ra
n
Vie
to-address 61752
local-policy source-realm happy_com
from-address * policy-attribute
to-address 212 617 next-hop 4.4.4.4
source-realm happy_com realm rrr4
start-time 0000
policy-attribute
next-hop
p 1.1.1.1 end-time 2400 4
realm rrr1 days-of-week U-S
start-time 0000 cost 3
1
end-time 2400 policy-attribute
days-of-week M-F next-hop 5.5.5.5
cost 1 realm rrr5
start-time 1600
5 e
bl
policy-attribute
end-time 1800
next-hop
realm
2.2.2.2
rrr2 days-of-week U-S
fer a
start-time 0000
2
cost 3
ans
end-time
days-of-week
y
2400
U-S local-policy
n - t r
no
cost 3 from-address *
policy-attribute to-address
a
*
as eฺ
next-hop 3.3.3.3 source-realm happy_com
realm rrr3
) h
policy-attribute
3 m Guid
start-time 0000 next-hop 6.6.6.6
end-time 2400
c o realm rrr6
days-of-week U-S
g i cฺ ent start-time 0000
6
plo Stud
cost 3 end-time 2400
o i
v his
days-of-week M-F
cost 5
t o @ e t
e n s
uOracle and/or its affiliates. All rights reserved.
z vi © t2014,
(Copyright o
m ire ense
Ra lic
nto
Vie
to-address 61752
local-policy source-realm happy_com
from-address * policy-attribute
to-address 212 617 next-hop 4.4.4.4
source-realm happy_com realm rrr4
start-time 0000
policy-attribute
next-hop
p 1.1.1.1 end-time 2400 4
realm rrr1 days-of-week U-S
start-time 0000 cost 3
1
end-time 2400 policy-attribute
days-of-week M-F next-hop 5.5.5.5
cost 1 realm rrr5
start-time 1600
5 e
bl
policy-attribute
end-time 1800
next-hop
realm
2.2.2.2
rrr2 days-of-week U-S
fer a
start-time 0000
2
cost 3
ans
end-time
days-of-week
y
2400
U-S local-policy
n - t r
no
cost 3 from-address *
policy-attribute to-address
a
*
as eฺ
next-hop 3.3.3.3 source-realm happy_com
realm rrr3
) h
policy-attribute
3 m Guid
start-time 0000 next-hop 6.6.6.6
end-time 2400
c o realm rrr6
days-of-week U-S
g i cฺ ent start-time 0000
6
plo Stud
cost 3 end-time 2400
o i
v his
days-of-week M-F
cost 5
t o @ e t
e n s
uOracle and/or its affiliates. All rights reserved.
z vi © t2014,
(Copyright o
m ire ense
Ra lic
nto
Vie
privileged.
Once configured, several mechanisms can be associated with
them,, such as access rules,, header manipulation
p rule-sets,, and
traffic rate constraints.
Session agents can be grouped into one logical entity. This is
the basis for redundancy and load-balancing, which the SBC b le
r a
can apply for traffic that goes to that group. sfe n
n - tra
on
a
) has ideฺ
ฺ c om t Gu
l o gic uden
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
v
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m licconfiguration element is the object also known as an “HMR” or a “rule
R
The sip-manipulation
e ntItocan contain one or more (or many) uniquely named header-rules, which are
set.”
i
V subelements. Each header rule can have none or more (or many) uniquely named element-
rules. An element-rule is a subelement in a header-rule.
The rules are processed in a one-pass sequence. Each rule contains an action that can be
taken unconditionally or conditionally.
go through:
• A session agent, or
• A realm
realm, or
• A sip-interface
A rule-set can be applied so it affects either inbound or
outbound traffic, or both. ble
fer a
SIP MSG.
H/W & S/W
SIP Message
ans
Checks
Processing
g
n - t r
& Rewriting
a no
HMR
) has ideฺ HMR
c o m Gu
in-manipulation ic ฺ n t out-manipulation
Caution: Likelyl o g
to affect d e
oip is Stu
routingvdecisions!!!
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m
ahas beenlicwritten (and hopefully tested and verified), it has to be applied. A rule
R
Once a rule
toapplied to traffic as it enters the SBC or just before it exits it. Either way, the rule can
e
can
i nbe
V be applied to traffic that goes to (or comes from) a session agent, to traffic that goes to (or
comes from) a specific realm, or to traffic that goes to (or comes from) a sip-interface that
serves a whole group of nested realms.
A SIP message can come from a session agent in a given realm through the realm’s SIP
interface. If there is more than one rule-set possible (for example, one rule-set is applied to
the session agent and another rule-set is applied to the realm), the SBC will select the rule-set
using the precedence: session-agent, realm, sip-interface.
header-rule
name What do we want to do with this
header-name header? Add, delete, store, le
a b
action manipulate, none? fer s
comparison-type
- t r an
msg type
msg-type Iff used,
d the
h action
n n
o willll only
l
methods be taken upon
s a a match.
match-value
) ha ideฺ
new-value Used toฺreplace c om tthe G uheader value upon
a match
l o gic orudtoedefine n the header value
v oipwhenisaSnew t header is added
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m licSpecifies the header to which this rule applies. In addition to To, From,
R
• header-name:
i e ntoContact, and so on, you can use request-uri and @status-line.
V • action: As shown. In the case of manipulate,
p , the real action is defined in a nested
element rule.
• match-value: Indicates the exact value to be matched. The action that you specify is
only taken if the header value matches. The match value can contain a regular
expression when the comparison-type is set to pattern-rule.
• comparison-type: Specifies the comparison type that the match-value uses. The
options are case-sensitive, case-insensitive, pattern-rule, and boolean.
• msg-type: Specifies the message type that the header rule applies to. The value any
indicates both request and response messages.
• methods: Specifies which specific methods the header rule applies to (for example,
INVITE, ACK, CANCEL). Leaving this field blank indicates all methods.
sip-manipulation
name Remove-header-ex
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2014, Oracle and/or its affiliatesฺ
description
header-rule
name remove_route Removing a header
header-name Route
action delete
msg-type request
new-value
ble
sip-manipulation fer a
name Adding-headers-ex ans
d
description
i ti n - t r
header-rule
a no
Adding a header name
) has ideฺ
add_subject
om t Gu
header-name Subject
ฺ c
action add
l o gic uden msg-type request
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
• Referenced by name
Other items have various forms.
• Easily referenced by predefined “types”
types
ble
fer a
uri-
header-
uri-
display
uri-user uri-host uri-
port
header-
param-name
ans
name
n - t r
a no
h a s header-param
ฺ
) i d e
header-value
ฺ c om t Gu
l o gic uden
uri-header
v oip is St
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic uri-user), you can point precisely to the element that your element
a (for example,
R
Using a type
to act on.
e
rule
i nwill
V In the slide’s
slide s example, tag=g5bcc76
tag g5bcc76 is a parameter, because it is preceded by a “;”
; and
conforms to <name>=<value>. So if you want to act upon the value (g5bcc76), your element
rule will use:
parameter-name tag
New-value h6bcc88
If you want to act upon the name itself (tag), your element rule will use:
Type header-param-name
header param name
New-value Tag3
l $REMOTE_IP
value.
v oip is Stusystem variable. system variable.
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m
a is for alicHMR that is almost always used.
R
This example
to
i e
(A) nshows an incoming INVITE where the From: and the To: headers have explicit IP
V addresses, which we want to change.
(B) shows the desired result.
(C) shows what we want our HMR to do. Note the IP addresses at the bottom and how they
relate to those in the INVITEs.
)
element-rule
om t Gu
name From1
parameter-name
ฺ c
gic uden
type uri-host
action replace
match-val-type ip
l o
oip is St
new-value $LOCAL_IP
v
n t o@ se th
( v ie © t2014,
Copyright
o uOracle and/or its affiliates. All rights reserved.
z
ire ense
a m lic to exactly fulfill our example requirements.
The HMR Rshown is written
o easily see how the values in the HMR correspond to what we wanted to achieve.
e
You
i ntcan
V
When changing the whole value of a header, but not its name, you
should use a ______________ rule.
If you want to set the caller’s name to “Alpha-Tel” on all calls going
out of the SBC, you should:
a. Work on the _________ header a b le
s f er
b. Configure an __________ rule
- t r an
c. The action will be ____________ n on
d. The type we will use to point to the item will s
be
a_________
h a ฺ
o m ) u ide
i c ฺc nt G
i p log tude
@ vo his S
e n to se t
vi © t2014,
(Copyright o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
_____
5 times before typing “save config.”
When changing the whole value of a header, but not its name, you
should use a ______________
header rule.
If you want to set the caller’s name to “Alpha-Tel” on all calls going
out of the SBC, you should:
From:
a. Work on the _________ header a b le
s f er
element
b. Configure an __________ rule
- t r an
replace
c. The action will be ____________ n on
s a_________
d. The type we will use to point to the item willabe Uri-display
ฺ
m ) h uide
i c ฺco nt G
i p log tude
@ vo his S
e n to se t
vi © t2014,
(Copyright o uOracle and/or its affiliates. All rights reserved.
z
ire ense
m lic
to Ra
n
Vie
Vie
n
toRa
i r
( v
m lice
n t
ez nse
ie to u
v
l
o@ se th
o
ฺ
oip is St
c
)
gic uden
om t Gu
a
has ideฺ
n no
- t r an
s
fer a bl
e