Overview

The SBC Core supports a subset of the functionality required for a full-ICE agent:

  • In controlling role, the SBC initiates connectivity check with a STUN Binding Request. The connectivity check by the SBC is sent in response to the first connectivity check, which is received from the peer. The SBC selects the remote Ip address for media based on the address signaled in the first STUN Binding Request, which is received from the peer. To assert the selection of media, the SBC sends STUN Binding Request with the USE-CANDIDATE attribute.
  • In controlled role, the SBC initiates a single connectivity check with a STUN Binding Request to the peer. This request is sent after receiving a Binding Request from the peer, which contains the USE-CANDIDATE attribute. This behavior is important to complete the full-ICE procedures when inter-operating with WRTC peers such as Google and Chrome.
  • In controlling role, the SBC protects against network loss of STUN message exchanges by introducing internal guard timers and sends STUN Keep-Alive messages at a configurable interval. This functionality is based on the procedures defined in RFC5245.

These functionalities allow the SBC to inter-operate with other ICE peers, which require the connecting peer to act as a full-ICE agent.

When inter-operating with Lync endpoints, which require their own flavor of ICE, this feature extends the existing SBC implementation of ICE-Lync to support the following functionalities:

  • Allows specification of IPv6 candidates at Signaling and in STUN messages.
  • Validates the received STUN messages and attributes based on the MS-ICE2 standards.
  • Protects against network loss of STUN message exchanges by introducing internal guard timers and sends STUN Keep-Alive messages at a configurable interval.

Timers

In pseudo full-ICE and MS-Lync ICE configuration, the SBC determines the controlled or controlling role for a particular media stream. The role is determined based on the controlled attribute in the STUN Binding Request from the peer. The SBC runs following new timers at different stages of the STUN processing:

  • Connectivity Check Phase 1 Timer
  • Connectivity Check phase 2 Timer

  • USE-CANDIDATE Check Timer
  • Keep-Alive Timer

Controlling Role

The SBC assumes the controlling role when the controlled attribute is received in Binding Request for a media stream. In the controlling role, the SBC retrieves the remote media IP or port based on the first Binding Request from the remote end. When the Binding Request with controlled attribute is received, the SBC discontinues the phase 1 connectivity timer and sends initial Binding Request without USE-CANDIDATE. The SBC starts the phase 2 connectivity timer of 5 seconds and wait for the STUN response. Once a successful response is received from the peer to the Binding Request without USE-CANDIDATE, the SBC generates the Binding Request with USE-CANDIDATE and starts the USE-CANDIDATE check timer for 10 seconds. This timer is stopped after a successful binding response is received from the peer.

Controlled Role

The SBC assumes the controlled role when the controlling attribute is received in Binding Request for a media stream.

When a STUN Binding Request with USE-CANDIDATE is received, the SBC sends back the binding response and determines the remote address for media from the received Binding Request message. In the controlled role, the SBC does not send STUN Keep-Alive. When configured as full-ICE, the SBC generates Binding Request towards the peer even when assuming the controlled role. In a controlled role, the SBC re-sends this Binding Request message (without use-candidate attribute) up to 10 times or until a successful response is received from the peer.

Binding request is generated from the SBC only for the pseudo full-ICE support when the SBC acts as controlled agent.

The following table describes the behavior of the timers:

Timers

Timers Applicable Role of SBC StartedStoppedOn ExpiryDuration of the Timer (Seconds)
Connectivity Check phase 1 TimerControlled and controlling role
When full-ICE is negotiated through SDP with the peer and the SBC has either received answer or has sent answer.
When a valid Binding Request message is received from the peer, the stream is either removed or the call is disconnected.
The SBC generates an alarm sonusSbxIceTimerExpiryNotification and clears the call.10
Connectivity Check phase 2 Timer
Controlling role
When the SBC sends a Binding Request without USE-CANDIDATE attribute.
When a successful response is received to the SBC's initial Binding Request, the stream is either removed or the call is disconnected.
The SBC generates an alarm sonusSbxIceTimerExpiryNotification and clears the call.5
USE-CANDIDATE Check Timer
Controlling role
When the SBC sends a Binding Request with USE-CANDIDATE attribute.
When a successful Binding Response is received, the stream is either removed or the call is torn down.
The SBC generates an alarm sonusSbxIceTimerExpiryNotification and clears the call.10
Keep-Alive TimerControlling role
When ICE Keep-Alive message is first sent after receiving successful binding response to SBC's Binding Request with USE-CANDIDATE, the SBC periodically sends a STUN Keep-Alive message on RTP and RTCP ports.
When a valid Binding Request message is received from the peer, the stream is removed or the call is disconnected.
Resend Keep-Alive message.15

For more information on the alarms, refer to the section WebRTC Gateway (WRTC) Alarms.

A new parameter iceKeepaliveTimer is added to Network Address Translator (NAT) Traversal of SIP Trunk Group to enable Keep-Alive timer for ICE. This parameter is supported for Keep-Alive message on RTP port in Lync mode and RTP and RTCP ports in full-ICE mode.

  • Connectivity check timers are applied to both pseudo full-ICE and MS-Lync ICE support.
  • In case of MS-Lync ICE, Keep-Alive messages are sent only to RTP port.

Re-INVITE Generation

Once ICE processing is completed, when the SBC is acting in the ICE controlling role, it generates a Re-INVITE specifying the local and remote candidate addresses that were selected for media. 

The Re-INVITE message is generated when the SBC is configured as either iceLync or iceFull. In the case of full-ICE, the Re-INVITE message is generated only when the remote IP determined through STUN exchange is different from the original C-line IP that the endpoint sent in SDP.

The following call flow diagram provides the pseudo ICE scenario.

Pseudo ICE Call Flow

The MS Lync/Skype Remote Desktop Sharing feature is supported on the following SBC Core platforms:

  • SBC 5000 series
  • SBC 7000
  • SWe on KVM
  • SWe on VMware

  • No labels