SBC Configuration

Security Level: Confidential
Architecture, Principle, and

Configuration of the
SE2600
ISSUE1.0
www.huawei.com
HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Upon completion of this course, you will be able
to:
 Know the application scenarios of the
SE2600.
 Know the main features of the SE2600.
 Know the basic configurations of the
SE2600.

Chapter 1 Overview of the SBC
Chapter 2 Architecture of the SE2600
Chapter 3 Main Features of the SE2600
Chapter 4 Networking and Application Scenarios
of the SE2600
Chapter 5 Software Installation and Upgrade of
the SE2600
Chapter 6 Typical Configurations of the SE2600
Chapter 7 Fault Location
Chapter 8 FAQ

Chapter 1 Overview of the
SBC
1.1 What’s the SBC？
1.2 Why is the SBC required?
1.3 Where is the SBC applied?

Problem in the VoIP Deployment—Signaling NAT/Firewall
Traversal
Core network
NAT Firewall
Intranet
Terminal
Terminal
 Voice over IP (VoIP) users reside in different virtual private networks (VPNs) and their IP addresses may be overlapped.
 The network address translation (NAT)/firewall does not support the application level gateway (ALG) function of VoIP signaling,
including Session Initiation Protocol (SIP), H.323, H.248, and Media Gateway Control Protocol (MGCP) signaling. The ordinary
NAT modifies only the address information at the IP layer of a packet. (See the characters in blue in the right figure.)
 For SIP signaling, after the VoIP user registers, its private network address is recorded in the core network. (See the characters
in red in the right figure.) As a result, signaling fails during the call.
 Regarding the NAT/firewall channel keepalive, if the VoIP terminal does not trigger services for a long time after it is registered,
the NAT/firewall disables its channel. As a result, the VoIP terminal cannot function as the callee.

Problem in the VoIP Deployment—Signaling NAT/Firewall
Traversal
 Common solutions to NAT/firewall traversal of VoIP signaling:
 Upgrade the NAT/firewall at the egress of the enterprise network so that the NAT/firewall
supports the ALG function of VoIP signaling.
——Enterprises are unwilling to pay for it and the VoIP upgrade is performed in conjunction with
the firewall upgrade.
 Upgrade the NAT/firewall at the egress of the enterprise network so that the NAT/firewall
supports the ALG function of network generation network (NGN) signaling.
——Enterprises are unwilling to pay for it.
 The operator gives up the users in the VPN; instead, it provides services only for the users of
the public network.
——The operator is unwilling to give up the very important client (VIC).
 To completely solve the problem, the SBC must be deployed in overlay

mode. Thus, users can access the VoIP network of the operator without
need of changing the devices in the live network and regardless of whether
the NAT/firewall supports the ALG function.

Problem in the VoIP Deployment--Security
 Intelligent trend of the terminal: The terminal is of high capability, such as iPhone.
 Introduction of the soft terminal: The use of the soft terminal brings many security problems of the IP
network to the core network, such as the denial of service (DoS) attack.
 Security capability of the device in the core network: The device in the core network, such as the CSCF
or Softswitch, mainly deals with signaling and services and therefore is not used for attack defense.
 Unlimited resources: A voice terminal, for example, can use more than 128 kbit/s traffic.
 Plane networking: In most network architecture, the terminal or access gateway (AG) directly accesses
the network. The Softswitch is visible to the terminal and packets can directly reach the Softswitch. The
Softswitch is vulnerable to the attack. One Softswitch is responsible for call connections of ten thousands
or even hundred thousands of users. Therefore, once the Softswitch is attacked, the result is disastrous.
Greater capability, heavier responsibility

Problem in the VoIP Deployment--Security
 It is required to deploy a device beside the core network to protect the core network from
different types of attacks:
 Ordinary DoS attack and distributed denial of service (DDoS) attack
 VoIP signaling attacks (The core network in the operator's VPN still hardly defends
against these types of attacks.)
 It is required that the SBC provide the topology hiding function to shield the real IP address
of one party from the other party in the communication, thus implementing security isolation.

Function and Location of the SBC
AS Charging
LIG
IWF
HSS
I/S-CSCF I-BCF
LRF
BGCF
Other IP networks
SGF
P-CSCF MRFC MGCF
PSTN/ISDN
PCRF SPDF
UE PCEF C-BGF MRFP T-MGF I-BGF
IP transport (Access and core)
Access side session border controller (A-SBC): P-CSCF+SPDF+ Core Border Gateway Function (C-BGF)
Interconnect side session border controller (I-SBC): interworking function (IWF) + interconnection border control function (I-BCF) +
interconnection border gateway function (I-BGF)
Typical Networking of the SBC
Core network Peer network
A-SBC I-SBC
Peer network
DSLAM HOME GW GGSN/PDSN

xDSL/LAN WiFi 2G/3G PS
• I-SBC: deployed between two core networks

•A-SBC: deployed between the access network and the core network

Integrated Architecture of the SBC
Signaling
S-CSCF
Media
IMS CN
S-CSCF
SIP
SIP
Access
network IP
BRAS Third party CP
A-SBC I-SBC
A-BGF+P-CSCF+SPDF I-BCF+ I-BGF + IWF
• The A-SBC includes the BGF, P-CSCF, and SPDF. The I-SBC includes the I-BCF, I-
BGF, and IWF. These functions are physically integrated.
• The interface between the A-SBC/I-SBC and the core network is an SIP interface.
• This architecture of the SBC is usually called full proxy.

Distributed Architecture of the SBC
P-CSCF
Signaling
Control NAT traversal
through the COPS interface. I/S-CSCF Media
Diameter I-BCF/IWF
SPDF
COPS
H.248
H.248
Access network
IP
Third Party CP
BRAS C-BGF
I-BGF
If the A-BGF or I-BGF needs to be used in a session, the P-CSCF/SPDF or the I-BCF/SPDF sends a request about media components
description of resource reservation or NAPT binding information, to the specified A-BGF/I-BGF. The A-BGF/I-BGF then performs
corresponding operations according to the policy delivered by the P-CSCF/SPDF or I-BCF/SPDF.
This mode is usually called the BGF mode (signaling NAT + media proxy, MIDCOM). In this mode, the SE2600 provides the following
functions:
Processes media under the control of the SPDF (RM9000) through the Ia interface.
Signaling NAT: In addition to performing signaling NAT, the SBC keeps the NAT channel alive under the control of the P-CSCF through the
COPS interface (a private interface of Huawei). It is because the SBC needs to perform IP-layer signaling NAT and force signaling packets to
pass through the IP route planning, thus having requirements for the IP bearer network.
Note: Signaling NAT consists of signaling NAT of the SBC and the keepalive of the NAT channel attached to the SBC.

Role of Huawei SBC in the IMS
A-SBC
• Signaling proxy + media proxy + embedded P-CSCF
It is a preferred scheme in Vodafone and will be one of the preferred schemes in the
IMS solution in 2010.
• Signaling proxy + media proxy + external P-CSCF
This scheme can be selected in the presence of the P-CSCF.
• Media proxy (C-BGF providing the Ia interface externally)—The SE2600 does not
support it but the SE2300 supports it.
I-SBC
• Signaling proxy + media proxy + embedded I-BCF
It is a preferred scheme in Vodafone and will be one of the preferred schemes in the
IMS solution in 2010. The IWF is optional.
• Media proxy (I-BGF providing the Ia interface externally)—The SE2600 does not
support it but the SE2300 supports it.

Advantages of the IMS Architecture of Integrating Signaling
and Media
• The network topology is simple. The SPDF is not required.

• Network interfaces are simple. The SIP interface is introduced but Gq' and
Ia interfaces can be neglected.
• Costs are saved. The number of network elements (NEs) is reduced, thus
saving the capital expenditure (CAPEX).
• The services, such as lawful interception and emergent calls, can be easily
implemented, which need to be supported on the local access network.
• The services that require signaling and media interworking can be easily
implemented, such as conversion from media dual tone multi-frequency
(DTMF) to SIP INFO.
• The SBC can process many compatibility-related problems, thus avoiding
the compatibility of the core network with the terminal .

Chapter 4 Networking and Application
Scenarios of the SE2600
Chapter 5 Software Installation and
Upgrade of the SE2600
Chapter 6 Typical Configurations of the
SE2600
Chapter 8 FAQ

Architecture of the SE2600—Cabinet and Subrack
1.Power distribution box

2. 1 U dummy panel
3. 2 U dummy panel
4. Switch and cabling frame
5. High-capacity fiber rack (1 U)
6. Processing frame of the GGSN9811
1. Plastic panel of the fan module

2. Fan module
3. Board cage
4. Air intake frame
5. Plastic panel of the power supply
module
6. Power supply module
7. Handle
8. Angle
9. Cabling trough

Architecture of the SE2600—Hardware Components and
Board Configuration
 The SE2600 supports three configuration modes:

Minimum configuration: 2 SPUs; medium configuration: 4 SPUs; maximum configuration: 6
SPUs
The SE2600 in the three configuration modes supports 200 thousand users, 400 thousand
users, and 600 thousand users respectively.
 The SE2600 supports other optional configurations: 2 SRUs, 2 SFUs, and 2 LPUs.

Architecture of the SE2600－Hardware
SRU Control bus

Monitor bus (Redundancy)
FAN FAN
(Redundancy) (Redundancy)
SFU
LPU SFU板 SPU
… …
交换矩阵
Load sharing
LPU (3+1备份)
(4 SFU, 3+1)
SPU
 The SE2600, adopting the distributed hardware structure, consists of the SRU, SPU, SFU,
and LPU. The SRU is responsible for configuration management; the LPU is responsible for
receiving and sending packets; the SFU is responsible for exchanging packets between the
LPU and the SPU; the SPU is responsible for processing SBC services, such as signaling
distribution, signaling proxy, and media proxy.
 The SE2600 supports the DC power module in 1+1 hot backup mode and 9 fans. Thus, even
if one of the fans is faulty, the SE2600 can still work normally.

SRU － Function and Interface
• Interface:  Function:
 Route management
 Data configuration
To M2000  Device
management and
maintenance
 Inter-board outband
Console communication of
the entire system
PDB  System clock

 Storage

SFU－Function and Interface
 Function:
 Implement data exchange between

the LPU and the SPU
 Interface
 Does not provide the external

interface.

SPU－Function and Interface
 Function:
 Signaling proxy
 Media proxy
 P-CSCF
 I-BCF
 C-BGF/I-BGF
 Security
 Quality of service (QoS)
 NAT traversal
 Interface: does not provide
the external interface.

LPU－Function and Interface
 Function:
 The LPU provides the physical interfaces to
connect the external network or network
element (NE), such as the IP multimedia
subsystem (IMS) core network or the
terminal network. The physical interfaces
usually are connected to routers or Ethernet
switches.
 The LPU obtains the routing table from the
SRU.
 Interfaces
 24GE electrical interface
 24GE optical interface
 1 x 10GE interface (Presently, this interface
is not used for the commercial purpose.)

Architecture of the SE2600－Software
P-CSCF E-CSCF I-BCF C/I-BGF

 The SE2600 supports both
the mobile network and the
fixed network. System support subsystem
 One physical SE2600 Backup& Online Message

supports multiple NEs, such switchover loading trace
as the P-CSCF, I-BCF, IWF, Device

Maintenance
Alarm
management management
C-BGF, and I-BGF as well
as the combination of these DOPRA
NEs.
OS Distribution Hardware
 The SE2600 supports the enhancement mechanism management
distributed architecture and Real-time Reliability High performance

database mechanism core scheduler
integrated architecture
planned). OS
NE40-E

Architecture of the SE2600－Highlights
The SE2600 is developed based on the NE40-E. This architecture has the
following advantages:
 The SE2600 features large capacity, high performance, and high integration. An
SE2600, working in 1+1 hot backup mode, supports a maximum of 600 thousand
registered users, 2400 CAPs, and 60 thousand G.711 concurrent two-way media
streams.
 The SE2600 can directly inherit the features of the versatile routing platform
(VRP), such as the dynamic routing protocol, port binding, and bidirectional
forwarding detection (BFD). This ensures the networking reliability.
 The SE2600 adopts the multi-core CPU, thus meeting service requirements while
meeting performance requirements.
 The SE2600 features the flexible software architecture and can work in different
application scenarios, such as the NGN, IMS, user access, international gateway
exchange, and protocol conversion.

Chapter 3 Main Features of the
SE2600
Chapter 4 Networking and
Application Scenarios of the
SE2600
SE2600
Chapter 8 FAQ

2.1 Signaling/Media Processing
2.2 Security
2.3 License
2.4 Reliability
2.5 QoS
2.6 Conversion Solution
2.7 Performance and Configuration Management

Signaling and Media Control －－ Full Proxy
In full proxy mode, the SE2600 adopts the back-to-back user agent (B2BUA) mechanism to process signaling. Signaling is
terminated on the SE2600 and then reinitiated from the SE2600. The destination address of signaling originating from the
terminal is the IP address of the SE2600.
• The media plane of the SE2600 is under the control of its signaling plane. Media ports are dynamically enabled. To be
specific, when a session is set up, media ports are enabled; when this session is closed, media ports are disabled.
• The SE2600 supports precise detection of no media stream. When no media stream passes through the SE2600 within a
specified period, the SE2600 actively releases calls on the network side.
• The SE2600 implements NAT traversal of signaling and media by itself.
SBC
The SE2600 exchanges Session Description Protocol (SDP) messages

according to signaling and dynamically generates media forwarding
entries. Only the media packets of the terminal matching the quintuple of
Attack media packet
the pinhole firewall can be forwarded.
Correct media packet
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential

Signaling and Media Control—MIDCOM Mode (Not
Supported on the SE2600 Presently)
P-CSCF
Signaling
Keep signaling NAT
I/S-CSCF Media
entries alive through
the private COPS
interface. Diameter I-BCF/IWF
SPDF
COPS
H.248
H.248
Access network
IP
3rd Party CP
BRAS C-BGF
I-BGF
Signaling plane
• Signaling packets pass through the BGF and the BGF performs only IP layer NAT for signaling packets.
• The P-CSCF notifies the BGF to perform NAT traversal on the signaling plane through the private COPS interface.
Media plane
• The SPDF (RM9000) controls the BGF through the Ia interface to deal with media streams.
• NAT traversal on the media plane is performed by the BGF.

Implementation of Media NAT Traversal
 IP address of the callee: 20.1.5.9
192.168.1.2 192.168.1.1 | 20.1.2.3 20.1.3.8 | 10.10.3.5 10.10.5.7
Terminal
NAT/FW SBC IMS core network
200
INVITE:
OK: 200
INVITE:
OK: 200
INVITE:
OK:
Source
SourceIP:IP:
20.1.3.8
192.168.1.2 Source
SourceIP:IP:
20.1.3.8
20.1.2.3 Source
SourceIP:IP:
10.10.5.7
10.10.3.5
Dest
DestIP:IP:
192.168.1.2
20.1.3.8 Dest
DestIP:IP:
20.1.2.3
20.1.3.8 Dest
DestIP:IP:
10.10.3.5
10.10.5.7
SDP:20.1.3.8/7003
SDP:192.168.1.2/3008 SDP:20.1.3.8/7003
SDP:192.168.1.2/3008 SDP:20.1.5.9/9000
SDP:20.1.3.8/5007

NAT Traversal of Media Streams
20.1.3.8
192.168.1.2 192.168.1.2 | 20.1.2.3 20.1.5.9
Terminal 1
NAT/FW SBC Terminal 2
RTP:
RTPIP address of the RTP:
RTP(dropped)
RTP RTP:
RTP:
RTP:
Locked
unreachable private
Source IP:IP:
Source 192.168.1.1
network
20.1.3.8 Source
Source IP:
SourceIP: 20.1.2.3
IP:20.1.3.8
20.1.3.8 Source
SourceIP:
Source IP:20.1.5.9
IP: 20.1.5.9
20.1.3.8
S Port 3008
S Port: 7003 SSPort:
S Port
Port::7003
8028
7003 S
SSPort
Port:::9000
Port 9000
5007
Dest
DestIP:IP:
20.1.3.8
192.168.1.2 Dest
DestIP:
Dest IP:20.1.3.8
192.168.1.2
20.1.2.3 Dest
DestIP:
Dest IP:20.1.3.8
IP: 20.1.3.8
20.1.5.9
DD
Port : 7003
Port: 3008 DDPort:
D Port: 7003
Port:3008
8028 D
DDPort:
Port:5007
Port: 5007
9000

How to Keep Signaling NAT Alive?
Why to keep signaling alive?

SIP defines that the reregistration time is 1 hour while the NAT pinhole is enabled for less than five
minutes. Thus, when the SIP terminal is located behind the NAT device and functions as the callee, the
service packets of the caller fail to find the pinhole while passing the NAT device and then are discarded.
Consequently, services fail.
How to keep the NAT pinhole alive?

1. Hello message keepalive: The SE2600 sends Hello messages periodically to the NAT device before the
pinhole function of the NAT device is disabled, thus keeping the pinhole function enabled.
Hello messages are user-defined UDP packets that have the same IP addresses and port numbers as
SIP packets of the terminal. Hello messages are of small size and self-defined and have low requirements
of network bandwidth.
2. SIP OPTIONS message keepalive: The SE2600 sends SIP OPTIONS messages periodically the
through SIP processing program.
3. Change the reregistration time. The SE2600 shortens the reregistration time of the terminal so that the
terminal sends reregistration packets periodically before the pinhole function of the NAT device is disabled.
The advantage of this scheme is that most types of terminals support the change of reregistration time
but meanwhile the scheme aggravates the processing burden of the terminal and the network.

Media Stream Bypass －－Valid in the Full Proxy Mode
 Sometimes, media streams of both communication parties are directly exchanged

without the transfer of the SBC, to avoid media stream wrap and relieve the burden of
the SBC in the proxy for media streams. This is called media stream bypass.
Signaling still
SBC need to pass
the SBC.
Media
implements
interworking
bypassing the
SBC.
Enterprise network Local network

2.2 Security
2.3 License
2.4 Reliability
2.5 QoS

Multiple Security Protection
Application
layer Over load protection/ Call admission control
Topology Malformed AKA/ HTTP Anti-other

hiding packet filtering digest attacks
Anti-signaling flooding
IP layer
IPSec TLS
Media
IP layer firewall pinhole
firewall
Static packet Dynamic packet
filtering filtering
层次化防攻击为电信级业务提供了安全保障。

Powerful Attack Defense Function
 IP spoofing attack defense  Defense against the attack of the IP packet

ACL/packet filtering  Land attack defense carrying the source route
 Smurf attack defense  Defense against the attack of the IP packet

IP layer attack defense
carrying the timestamp record
 Fraggle attack defense
Signaling attack defense  Tracert packet attack defense
 WinNuke attack defense
Call admission control  TCP invalid flag attack defense
 SYN flood attack defense
(CAC)
 Ping of Death attack defense
 ICMP flood attack defense
Media attack defense  Teardrop attack defense
 UDP flood attack defense
Bandwidth embezzlement  IP fragments attack defense
prevention (CAR)  ICMP redirection packet attack defense
 Large ICMP attack defense
Topology hiding  ICMP unreachable packet attack defense
 Source IP-CAR
 IP sweep attack defense  Accelerated UDP session aging
 Port scanning attack defense

ACL/packet filtering DOS & DDOS signaling packet

attack
Signaling attack defense Discard attack

Hacker packets
CAC Zombie
Zombie
Media attack defense
Bandwidth embezzlement
prevention (CAR)
Topology hiding
SE2600
Valid user
Zombie
Session status information about registered

users is saved on the SE2600. The services
of valid users can be processed preferentially.

The SE2600 supports CAC based on:

1) Call capability
ACL/packet filtering 2) Registration capability
3) Bandwidth capability
IP layer attack defense ……
When the allocated resources reach the upper
Signaling attack defense limit, the SE2600 denies the new request.
CAC
prevention (CAR)
Topology hiding SE2600
For example: This user group is assigned a maximum

of 100 concurrent calls. When the 101th concurrent call
request is sent, the SE2600 denies it.

ACL/packet filtering
Attack media packet
Signaling attack defense Valid media packet
CAC
prevention (CAR)
SE2600
Topology hiding
The SE2600 can detect media packets

from the aspects of validity, type, and
size. After detecting that a media packet
is an attack packet, the SE2600 discards
it.

ACL/packet filtering For example: This user is assigned 64 kbit/s bandwidth

for the call. Once the actual call bandwidth exceeds 64
IP layer attack defense kbit/s, the SE2600 actively discards excess bandwidth.
Signaling attack defense
CAC

SE2600
prevention (CAR)
Topology hiding
The SE2600 can check the media bandwidth of the terminal. If

the bandwidth used by the terminal exceeds the subscribed
bandwidth, the SE2600 discards excess bandwidth.

ACL/packet filtering
Signaling attack defense

SE2600 Core network
CAC
Bandwidth
embezzlement
prevention (CAR)
Topology hiding
The SE2600, being deployed between the
terminal and the Softswitch, can hide the
topology of the Softswitch in the core network
from the terminal. The SE2600, being
deployed between the Softswitches, can also
hind the topology of the Softswitch from each
other.

2.2 Security
2.3 License
2.4 Reliability
2.5 QoS

License －－ Working Principle
 License Verification
 License verification during the system startup
 If the license is loaded unsuccessfully or the license verification fails, the system runs with the minimum configuration of the
license.
 If the ESN does not match the ESN running on the SE2600, the system starts the trial period of 60 days and runs with the
authorized configuration of the license. When the trial period expires, the system runs with the minimum configuration of the
license.
 Daily license verification after the system startup
 After the system is started up, the license is verified once at 2 o'clock in the morning every day.
 ESN verification and license effectiveness verification are involved.
 License verification in the case of being activated
 If the license file is loaded successfully and passes the verification, new license authorization information can be used to update
the running status of the license file.
 If the ESN of the license does not match the ESN running on the SE2600, the SE2600 starts the trial period of 60 days and runs
with the authorized configuration of the license file. When the trial period expires, the SE2600 runs with the minimum configuration
of the license file.
 If the license file is loaded unsuccessfully or fails the verification, the current running status of the license file is not changed
 License Running Status
 Normal status
Indicates the running status of the license file that is currently loaded to the system when the equipment serial number (ESN) of the
license file matches the ESN of the SE2600.
 Trial period status
During the verification, if the ESN of the license does not match the ESN running on the SE2600 or the ESN of the license expires, the
SE2600 starts the trial period of 60 days. After 60 days, the SE2600 runs with the minimum configuration of the license file. Service
 Restriction status
After the trial period expires, the SE2600 provides the services and resources according to the minimum configuration of the license file.

License －－ License File Application
 Extracting the ESN
 Concept of the ESN
An ESN is used to identify a device. It is contained in a license file to determine the device to which a license is authorized.
After the license file is loaded to the device, check whether the ESN contained in the license file is the same as the ESN of
the device. The device is authorized only when the ESNs are the same.
 Extraction of the ESN
After the system is started, run display sbc license esn to view the ESN of the current host.
 Applying for the license file
 License file application through the application form
Fill in the license application workflow to obtain the template and then fill in relevant information as required. After the
workflow is submitted, the license center generates the license file according to the submitted application.
 License file generation through the contract
With regard to commercial offices, the production department generates the license file according to ESN information without
need of filling in the application form by technical support personnel.
To apply for a license file, license application personnel (global technical support personnel) need to log in to Huawei license
website (http://license.huawei.com) and then enter the user name, password, LAC, and ESN.
 Exceptional commercial license application
Scenarios for exceptional commercial license application:
• Office switchover (approved by technical support personnel)
• Capacity adjustment (approved by technical support personnel)
• Version upgrade (approved by technical support personnel)
• SBT quotation template (approved by marketing personnel)
This procedure is same as the procedure for the license file application through the application form.

License －－ Control Items
A-SBC I-SBC COMMON
No. Control Item Minimum No. Control Item Minim
No. Control Item Minim
Configurati um
um
on Confi
Confi
gurati
1 Number of registered 100 gurati
on
users on
10 Number of interworking 10
2 Number of AKA-based 0 14 Number of lawfully intercepted 0
gateway sessions
SIP users users
11 H. 323 interworking OFF
3 Number of TLS-based 0 15 Number of media codec 0
gateway
SIP users
12 SIP-H.323 conversion OFF
sessions
4 Number of signaling- 0
compression-based SIP 13 TLS-based SIP OFF 16 TCP-based SIP OFF
users interworking gateway
17 Registration function by replacing OFF
5 Basic P-SCCF function OFF the PBX
18 Signaling attack defense OFF
6 Basic E-CSCF function OFF
19 IP-layer attack defense OFF
7 H.248 access OFF
20 QoS report OFF
8 MGCP access OFF
21 Dual homing OFF
9 E2 interface that is OFF
connected to the 22 Local-policy-based CAC OFF
LRF/CLF
23 Rx interface interconnected with OFF
the external PCRF
24 Basic CDR OFF
25 DIAMETER-based Rf interface OFF
26 IPv6-IPV4/IPV6 conversion OFF

27 Media stream bypass OFF
2.2 Security
2.3 License
2.4 Reliability
2.5 QoS

Call Hot Backup Between Boards
Master board Backup board

• Hot swapping
Session real-time Session real-time
backup backup • Real-time backup of configuration
information, registration information, and
call session information
Switchover Switchover • No call interruption except that a small

number of media packets are discarded
during the switchover
• Continuing a new call upon the

Fault detection Fault detection completion of the switchover
Switching network

Core Pool and Dual Homing
Pool
Site 1 Site 2 Site 3 Site n
Core1 Core2 Core3
Affected traffic is evenly distributed to other sites.
A-SBC
• Dual homing is a special case of the pool.

• The SBC automatically switches to another core network when a core network
fails.
• The SBC switches back when the failed core network recovers.

Link Backup
Dynamic routing protocol IMS core

network
3G SBC
GGSN
IP backbone
network
xDSL
BRAS Interface binding
 Interface binding refers to binding multiple physical interfaces into a logical interface.
When one interface is faulty, services can be switched to other interfaces immediately.
 OSPF dynamic routing can improve link reliability. In the presence of multiple links, if
one link is faulty, OSPF can help reselect an available link through recalculation, thus
improving the networking reliability.
 Usually OSPF convergence is complete within seconds, which cannot meet the
requirements of real-time services. Therefore, OSPF over BFD and static route over
BFD are introduced. When a link is faulty, rerouting can be complete in short time.
Consequently, real-time services are not affected.

2.2 Security
2.3 License
2.4 Reliability
2.5 QoS

Session-based QoS Policy
 Session-based DSCP mark
 Support session-based QoS and provides different QoS marks for different users.
 Session-based bandwidth guarantee
 Support session-based CAR and bandwidth reservation to guarantee bandwidth for each
call.
 Session-based QoS report
 Provide the packet loss rate, packet loss number, jitter, media type, and number of
forwarded RTP packets and bytes of the caller and the callee.

Session-based QoS Policy
The SE2600 provides the DSCP transparent transmission

based on signaling or media streams or DSCP remarking to
guarantee QoS for users. The SE2600 also provides user-
based bandwidth restriction.
SBC
Area with the DSCP

forwarding capability
Media stream
Signaling

2.2 Security
2.3 License
2.4 Reliability
2.5 QoS

SIP-H.323 Conversion － I-SBC Application Scenario
SBC
Gk/gw SIP server
H.323 signaling
Network A SIP signaling
Media stream
H.323 terminal SIP terminal

H.323 terminal
SIP terminal

Media Codec Conversion
Signaling  The SBC in conjunction with the

UMG implements media codec
Media stream
conversion. In nature, the SBC
plus the UMG acts as an SBC
that supports media codec
conversion. The UMG is invisible.
 When the SBC judges that media
G.711 domain AMR domain
SBC codec conversion is required, it
diverts media streams to the UMG
so that media codec conversion is
MGW MGW
performed on the UMG.
UMG8900
 When the SE2600 judges that
Terminal Terminal
media codec conversion is not
required, it lets media streams
pass.

2.2 Security
2.3 License
2.4 Reliability
2.5 QoS
2.7 Performance and Configuration
Management

SE2600 Performance
Item Value
Number of registered users 600 K
CAPS/BHCA 2400 CAPS/ 8.6 M BHCA
Number of concurrent calls 60 K

(G.7110)
Switching capability 640 Gbit/s
Number of IP interfaces 48 GE interfaces

System Two control planes in hot backup
mode, multiple SFUs, power
modules in 1+1 backup mode,
and 9 fans in 9+1 backup mode
Availability 99.999％

Configuration Management
The SE2600 can perform local management through command lines, Telnet,
and SSH. The NMS can performs alarm management over the SE2600:
 Configuration
 Upgrade and maintenance
 NMS
 Configuration: The configuration of the SE2600 is very simple and a total of 50 or
60 command lines need to be configured. Through the Console interface or Telnet,
you can easily manage the SE2600. For the consideration of security, you can
use SSH-based Telnet to configure the SE2600.
 Upgrade and maintenance: The SE2600 supports the version upgrade by FTP or
SFTP. In addition, the SE2600 supports the lossless upgrade in 1+1 hot backup
mode. That is, the backup board is upgraded, services are switched from the
master board to the backup board, and then the master board is upgraded. The
SE2600 also supports user-based debugging, which has detailed logs, alarms,
and the black box for routine maintenance and fault location.
 NMS: The SE2600 can be connected with the NMS through SNMPv1/v2/v3 and
report alarms.

SE2600
Chapter 8 FAQ

Full Proxy Networking (in Distributed Mode)
3G
GGSN
IMS core
network
xDSL
BRAS
HUAWEI TECHNOLOGIES CO., LTD.

Topology of an International Gateway Exchange
IMS core IMS core

network network

Connection Mode—Trunk on a Board to Connect Two Routers
(Through Static Route over BFD)
Router1
SBC
LPU LPU SPU SPU
Router2
Uplink
Downlink
Standby downlink

Typical Networking Application－－A-SBC in the IMS Network
The A-SBC delivers functional entities such as the P-

CSCF, E-CSCF, C-BGF, and SPDF. These functional
entities are physically co-located but logically separated.
 Act as proxy for signaling and media.
 Support lawful interception.
 Support the P-CSCF.
»The SE2600 supports SIP proxy. The P-CSCF, as
the uniform entry of the IMS network, is responsible
for forwarding SIP transactions from the access
network to the S-CSCF in the home network based
on the information recorded during registration.
»The SE2600 supports different authentication
schemes between the terminal and the network.
»The SE2600 supports signaling compression
between the P-CSCF and the terminal.
 Support charging and location information query.
 Support the E-CSCF and emergent calls.
 Support codec conversion.

Typical Networking Application－－I-SBC in the IMS Network
 The I-SBC delivers functional entities such as the I-BCF, I-BGF, and IWF. These
functional entities are physically co-located but logically separated.
 The SE2600 is the transfer point for signaling protocols. All signaling packets between
the two networks pass through the SE2600 to implement functions such as CAC.
 IWF
• The SE2600 supports interworking between the SIP network and the H.323 network.
• The SE2600 supports interworking between the NGN SIP network and the IMS SIP network.
 TrGw
• The SE2600 supports the switching of signaling and media streams between different networks.
 The SE2600 supports media codec conversion between different networks.

Typical Networking Application－－Virtual SBC
l One SE2600 can be partitioned into several A-SBCs to provide services for different subnets or
access networks.
l The multi-subnet functional entity of the SE2600 is implemented through the virtual NE technology.

the SE2600
Chapter 6 Typical Configurations of the SE2600
Chapter 8 FAQ

Software Installation and Upgrade of the SE2600
 Upgrade mode:
 The software installation and upgrade of the SE2600 is implemented by FTP. It is
recommended that the SE2600 act as the FTP client.
 Main area and standby area:
 The flash of the SE2600 is divided into area A and area B that act as the main area and
the standby area in turn.
 If area a is the main area presently, applications are uploaded to area b during the
upgrade.
 During the activation, the standby area becomes the main area and the system is restarted.
 Note: Do not change the file name and directory name of the software package.
Attachment: Contents to be loaded during the software upgrade.
XML file Three .xml files: vercfg.xml, vercfg_NE.xml, and vercfg_schema.xml
Host file In the form of the software package, such as

SE2600V200R008C××SPC×××.CC
BAM In the form of the directory containing a series of subdirectories and files

Upgrade Example
 Make preparations:
 Save host software in the path of D:\download\SE2600 of the FTP server.
 Prepare the software version: SE2600V200R008C00SPC100.
 Upload the software version:
<SE2600> system-view
[SE2600] om-view
[platform-om-view] software download ip 10.10.10.10 user admin password admin dir
C:\download\SE2600 version SE2600V200R008C00SPC100
 The IP address of the FTP server is 10.10.10.10.
 The user name of the FTP server is admin.
 The password of the FTP server is admin.
 The path of the FTP server is D:\download\SE2600.
 The software version is SE2600V200R008C00SPC100.
 Activate the new version:
 [Platform-om-view] software active version SE2600V200R008C00SPC100
 The host is automatically restarted after the new version is activated successfully.

Upgrade Example (II)
 View the current active version.
<Platform> display version
HUAWEI SE2600 Software
SE2600 Version V200R008C00SPC100
Copyright (C) 1997-2006 Huawei Technologies Co., Ltd.
SE2600 uptime is 0 day, 0 hour, 2 minutes
 View version status information: Area b becomes the main area.

<Platform> system-view
[Platform] om-view
[Platform-om-view] display software
Result of software query
------------------------
Storage Area Software Version Software Status Storage Location
Main Area SE2600V200R008C00SPC100 Available hd1:/soft/b
Standby Area SE2600V200R008C00 Available hd1:/soft/a
(Number of results = 2)

SE2600
Chapter 8 FAQ

Basic Configurations of the SE2600
Do as follows to perform the basic configurations of the SE2600:
 Configure IP addresses for the LPU.
 Configure IP addresses for the SPU.
 Configure functional entities.
 Configure mapping groups and well-known port numbers.
 The LPU has physical interfaces. The configurations of the interface addresses
on the SE2600 are the same as those on the SE2300.
 The SPU is responsible for processing services. It provides logical interfaces
only.
 The logical interfaces of the SPU consist of signaling interfaces and physical
interfaces.
 The functional entity, in nature, is a logical SBC. Each functional entity consists
of one or more processing units.
 One processing unit, in nature, is a multi-core CPU. One SPU has two
processing units.
 Mapping groups on the SE2600 are the same as those on the SE2300.

Configuring the LPU
 Both upstream traffic and downstream traffic pass through the LPU. Therefore, the LPU is usually
assigned two IP addresses.
 Interface IP addresses on the LPU can be assigned in either of the following modes:
Configuring the physical interface
When the device traffic is smaller than 2 Gbit/s or the interconnected device does not support
the trunk, the physical interface needs to be configured.
interface GigabitEthernet1/0/0
ip address 202.10.0.2 255.255.255.0
Configuring the Eth-trunk

When the device traffic reaches 6 Gbit/s in either direction, that is, when six GE interfaces need
to be configured in the uplink or downlink direction, many IP addresses are required and
routing is complex. In this case, the Eth-trunk needs to be configured.
interface Eth-Trunk 5
workmode loadbalance
ip address 202.10.0.2 255.255.255.0
# Add physical interfaces to Eth-trunk 5.
eth-trunk 5
eth-trunk 5

Configuring the SPU
 Each SPU has two processing units. For example, two processing units on SPU 3 are 3/0 and 3/1.
 Each processing unit can be divided into 32 interfaces, such as 3/0/0, 3/0/1, and 3/0/31.
 The interfaces used for transmitting signaling packets and media packets have separate names,
such as Signal-if 3/0/0 and Media-if 3/0/0.
 Only one board needs to be configured between the two boards in master/slave mode. For
example, only the boards in slots 3, 5, and 7 need to be configured.
For example:
interface Signal-if3/0/0
ip address 202.10.0.20 255.255.255.255
interface Media-if3/0/0
ip address 202.10.0.21 255.255.255.255

Configuring Functional Entities
 A maximum of six functional entities numbering from 0 to 5 can be configured.
 The functional entity work in two modes: proxy and interworking gateway.
 The functional entity contains at least one processing unit and can contain all processing units.
Each processing unit, however, cannot belong to two or more functional entities.
 A dispatch processing unit needs to be specified in each functional entity.
 Each processing unit belongs to a certain functional entity and accordingly the IP address of this
processing unit also belongs to this functional entity.
For example:
# Configure functional entity 2.
sbc function-entity 2
# Configure the operating mode as the I-SBC.
mode ip-intercom
# Configure 3/0 as the dispatch processing unit
include dispatch process-unit 3/0
# Add 3/1 and 5/0 together with 3/0 to functional entity 1. Thus, 3/0 can process services
in addition to dispatching services. When the system is in the full load, the dispatch
processing unit is not supposed to process services.
include process-unit 3/1
include process-unit 5/0

Configuring Mapping Groups and Well-known Port Numbers
 The configurations of mapping groups and well-known port numbers on the SE2600 are
similar to those on the SE2600.
 Note:
 The IP addresses in the mapping group must belong to a certain functional entity.
Thus, this mapping group also belongs to this functional entity.
 The IP addresses in the mapping group must belong to the same functional entity.
Otherwise, services fail to be distributed.
 The type of the mapping group must be the same as the type of the functional entity:
proxy or intercom-ip.
For example:
sbc mapgroup proxy 10
clientaddr 202.10.0.20
serveraddr 5 10.10.0.20
serveraddr 10 10.10.0.21
media-clientaddr 5 202.10.0.21
media-clientaddr 10 202.10.0.22
media-serveraddr 5 202.10.0.32
media-serveraddr 10 202.10.0.33
softxaddr 5 10.10.30.10
enable
SE2600
Chapter 8 FAQ

Board Resetting
 The causes for board resetting are recorded in the hd1:/log path of the SRU. If a board is
reset, you can download the log file that day from this path to view detailed information.
 If the board is reset because of hardware environment factors, such as over high board
temperature, you can check whether the environment of the equipment room reaches the
requirements.
 If the board is manually reset, relevant operations are recorded in the log.
 If the board is reset because of other causes, collect information and provide collected
information for Huawei R&D engineers.
Collected information involves:
 All the files in hd1:/log and hd1:/diag paths of the master and slave SRUs
 All the files in the Soft directory of the master and slave SRU except the files with the
extension names being cc
 Use the one-key collection command to save running and configuration information to the
file on the master SRU and then run display diagnostic-information hd1:/****.txt to
collect this file.

All Service Interruption
All services are interrupted probably because the SE2600 is faulty, the peripheral device is
faulty, or the link between the SE2600 and the peripheral is faulty. Do as follows to check
the fault:
1. Log in to the SE2600 and then run display device check the status of boards.
2. Run display ip interface brief to check whether the interfaces of the SE2600 are normal
in the link state.
3. Check whether the routes between the SE2600 and its neighboring devices are connected
normally. The specific method is to use the address on the specified Signal-if interface as
the source address to ping the neighboring router and core network device, such as the I-
CSCF and the SoftX3000. If the ping operation fails, it indicates that the route fails. In this
case, check whether the neighboring device works normally.
4. Run display cpu-usage slot board-number to check whether the CPU usage of the SPU
is over high.
5. Run display sbc defend signaling-flood state to check whether the SE2600 is under
attack.
6. If all the preceding check items are normal, contact Huawei technical engineers. The same
applies to the procedures for collecting information and resetting boards.

User Registration Failure
In proxy mode, the user registration failure results from several causes. The following are common scenarios and
solutions:
 After services run a period of time, all newly initiated registration requests fail. In this case, rectify the fault by
referring to the handling method in All Service Interruption.
 During the deployment, commissioning engineers find user registration failures. It is probably caused by incorrect
configurations. In this case, locate the fault according to error codes in the Deployment and Commissioning Guide.
Error codes define several typical configuration errors, which helps directly locate the incorrect configuration.
 In the case of the registration failure of a single user or several users, use the signaling trace function. During the
signaling trace, contents of SIP packets are displayed. Perform the preliminary fault location according to
displayed packet contents to check whether the response packet sent by the Softswitch is the 200 OK packet. If
the fault cannot be located, provide trace information for Huawei R&D personnel. The specific operations in the
signaling trace are as follows:
 In the hidden view, run sbc trace enable to enable the signaling trace function.
 Run sbc trace id 0 srcip IP address of the terminal srcport port number of the terminal to configure the trace
target.
 In the user view, run terminal debugging to enable the debugging function.
 After a user initiates the registration request, relevant information is displayed.
 In the user view run undo terminal debugging to disable the terminal debugging.
 In the hidden view, run undo sbc trace all to delete the trace target.
 In the hidden view, run undo sbc trace enable to disable the signaling trace function.

User Call Failure
 Perform the preliminary fault location according to error codes. For the details
about how to use call error codes, see the Deployment and Commissioning
Guide.
 If the fault cannot be located, contact Huawei R&D personnel. Information
collecting here is same as that in board resetting.

Media Forwarding Failure
 After the signaling connection is set up, run display sbc rtp-session count to
view the number of session tables and to check whether sessions are set up
correctly.
 If the session of a single user is different, run display sbc sip ccb name *** in
the hidden view to view the call CCB and session table by user name.

the SE2600
SE2600
Chapter 8 FAQ

Comparison Between the SE2300 and the SE2600
Product Model SE2300 SE2600
Hardware platform NE20 (in centralized mode) NE40E (in distributed mode)
Software platform VRP VRP＋PGP
Number of cabinets (in NA 1

the full configuration)
Capacity (in the fill Number of registered users: 50 K Number of registered users: 600 K
configuration) Number of calls: 7 K Number of calls: 60 K
Throughput: 2.5 Gbit.s Throughput: 20 Gbit/s
Application mode 1. NGN: acting as a proxy device and 1. IMS: acting as both the A-SBC
an interworking gateway and I-SBC
2. IMS 6.0: acting as a proxy device 2. NGN: acting as a proxy device
and providing the standard Ia and an interworking gateway
interface

Performance Comparison Between the SE2300 and the
SE2600
Product Model SE2300 SE2600
Number of 50 K 600 K
registered users
Number of 7K 60 K
concurrent calls
CAPS NGN: 150 2,400
IMS: 50
BHCA NGN: 540 K 8610 K
IMS: 180 K

Feature Comparison Between the SE2300 and the
SE2600
Product Model SE2300 SE2600 Remarks
1+1 backup between Not support Support
boards
Hot backup between Support Not support The SE2300 does not support 1+1 backup
devices between boards but supports hot backup
between devices (at a single site).
10 GE interface Not support Support
Smooth capacity Not support Support

expansion
Trunk Not support Support
Dynamic routing Not support Support

protocol
P-CSCF Not support Support
E-CSCF Not support Support
C-BGF/I-BGF Support Support The SE2600 does not support the BGF with the
distributed architecture and does not provide the
Ia interface.
I-BCF Not support Support

Thank You
www.huawei.com

SBC Configuration

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

SBC Configuration

Загружено:

Авторское право:

Доступные форматы

Security Level: Confidential

Architecture, Principle, and

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Chapter 2 Architecture of the SE2600

Chapter 3 Main Features of the SE2600

Chapter 4 Networking and Application Scenarios

Chapter 5 Software Installation and Upgrade of

Chapter 6 Typical Configurations of the SE2600

Chapter 7 Fault Location

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

1.1 What’s the SBC？

1.2 Why is the SBC required?

1.3 Where is the SBC applied?

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 To completely solve the problem, the SBC must be deployed in overlay

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

Greater capability, heavier responsibility

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

UE PCEF C-BGF MRFP T-MGF I-BGF

IP transport (Access and core)

Core network Peer network

DSLAM HOME GW GGSN/PDSN

• I-SBC: deployed between two core networks

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

• This architecture of the SBC is usually called full proxy.

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

• The network topology is simple. The SPDF is not required.

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

1.Power distribution box

1. Plastic panel of the fan module

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 The SE2600 supports three configuration modes:

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

SRU Control bus

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

PDB  System clock

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 Implement data exchange between

 Does not provide the external

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

P-CSCF E-CSCF I-BCF C/I-BGF

 One physical SE2600 Backup& Online Message

as the P-CSCF, I-BCF, IWF, Device

distributed architecture and Real-time Reliability High performance

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

The SE2600 exchanges Session Description Protocol (SDP) messages

Correct media packet

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

 IP address of the callee: 20.1.5.9

192.168.1.2 192.168.1.1 | 20.1.2.3 20.1.3.8 | 10.10.3.5 10.10.5.7

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI Confidential