In this section:
A zone
is used to group a set of objects unique in a particular customer environment. A zone can contain one SIP signaling port and/or one H.323 signaling port, but up to 16 ports are allowed. A zone can contain multiple SIP and H.323 trunk groups.
Do not create Zone Names using the character sequence DISP* (DISP, DISPL, DISPLA, and so on). Doing so will cause a conflict that results in issues when checking address contexts in the CLI.
Trunk group names must be unique across all address contexts, zones, and trunk group types.
IP peer names must be unique across all address contexts, and zones.
Ribbon recommends using the Transparency Profile to configure transparency on the SBC Core for new deployments, as well as applying additional transparency configurations to existing deployments. Do not use IP Signaling Profile flags in these scenarios because the flags will be retired in upcoming releases.
Refer to the SBC SIP Transparency Implementation Guide for additional information.
Sub-system signaling ports (such as SIP signaling ports, relay ports, D-SBC signaling ports, H.323 signaling ports) must use different IP addresses because each IP address adds one system ACL, and IP addresses are not prioritized when measured in the same ACL. This best practice will avoid any IP addressing overlaps and ensure proper policing of packets.
The high-level CLI syntax for zone object is shown below. For detailed syntax and parameter descriptions, go to a specific page listed above under "Additional pages".
% set addressContext <addressContext name> zone <zone name> id <id #> % set addressContext <addressContext name> zone <zone name> action <dryUp | force> advancePeerControl <disabled | enabled> blockDirection <bothways | incoming | none | outgoing> cac <cac parameter> dialogTransparency <disabled | enabled> disableZoneLevelLoopDetection <disabled | enabled> dnsGroup <dnsGroup name> domainName <string> dryUpTimeout <1-1440 mins> filterSipSrc flexiblePolicyAdapterProfile <profile name> gwSigPort <index #> gwTrunkGroup <TRUNKGROUP NAME> h323SigPort <h323SigPort parameters> h323TrunkGroup <TRUNKGROUP NAME> id <1-4096> ipPeer <ipPeer name> messageManipulation <inputAdapterProfile | outputAdapterProfile> mode <inService | outOfService> mtrmConnPort <index> relayPort <relayPort Index> remoteDeviceType <accessDevice | appServer | core | nni | none> retargetSupport <disabled | useSystemLevelConfiguration> sipHeaderForAnonymousCall <none | remotePartyId> sipRegRelay <disabled | enabled> sipSigPort <index #> sipTrunkGroup <TRUNKGROUP NAME> srvcc eatf <disabled | enabled> tracerouteSigPort
To display the configured Zone and ID assignments:
% show addressContext default zone EXTERNAL zone EXTERNAL { id 2; ipPeer HUMPI_ext_peer { ipAddress 10.34.9.70; ipPort 9065; state enabled; policy { description ""; sip { fqdn ""; } packetServiceProfileId ""; ipSignalingProfileId ""; } } sipSigPort 2 { ipInterfaceGroupName LIF2; ipAddress 10.34.9.104; portNumber 5060; state enabled; transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp; } sipTrunkGroup HUMPI_EXT { state enabled; mode inService; policy { carrier 0000; country 1; sipDomain ""; localizationVariant northAmerica; digitParameterHandling { numberingPlan NANP_ACCESS; ingressDmPmRule ""; egressDmPmRule ""; } callRouting { elementRoutingPriority DEFAULT_IP; } media { packetServiceProfile DEFAULT; } services { classOfService DEFAULT_IP; } signaling { ipSignalingProfile DEFAULT_SIP; }
} signaling { methods { subscribe allow; } } media { mediaIpInterfaceGroupName LIF2; } ingressIpPrefix 10.34.9.70 32; } } % show addressContext default zone INTERNAL zone INTERNAL { id 1; ipPeer HUMPI_int_peer { ipAddress 10.34.9.70; ipPort 7056; state enabled; policy { description ""; sip { fqdn ""; } packetServiceProfileId ""; ipSignalingProfileId ""; }
} sipSigPort 1 { ipInterfaceGroupName LIF1; ipAddress 10.34.9.103; portNumber 5060; state enabled; transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp; } sipTrunkGroup HUMPI_INT { state enabled; mode inService; policy { carrier 0000; country 1; sipDomain ""; localizationVariant northAmerica; digitParameterHandling { numberingPlan NANP_ACCESS; ingressDmPmRule ""; egressDmPmRule ""; } callRouting { elementRoutingPriority DEFAULT_IP; } media { packetServiceProfile DEFAULT; } services { classOfService DEFAULT_IP; } signaling { ipSignalingProfile DEFAULT_SIP; } } signaling { methods { notify allow; } } media { mediaIpInterfaceGroupName LIF1; } ingressIpPrefix 10.34.9.70 32; } }
To display the configured Zone and ID assignments details with display level set to 3:
% show addressContext default zone defaultSigZone displaylevel 3 id 1; gwSigPort 1 { ipInterfaceGroupName ipinterface; ipAddress 1.2.3.4; portNumber 2569; role primary; mode inService; state disabled; } gwTrunkGroup GW1 { state disabled; mode outOfService; action dryUp; dryUpTimeout 5; accMc1Percent 90; accMc2Percent 70; accTimer 0; } h323TrunkGroup tg { state disabled; mode outOfService; action dryUp; dryUpTimeout 5; sendingCompleteEnbloc disabled; } ipPeer ippeer { ipAddress 1.2.3.4; ipPort 0; defaultForIp false; } sipSigPort 1 { ipInterfaceGroupName ipinterface; ipAddressV4 1.2.3.4; ipAddressV6 2001:DB8:85A3::8A2E:370:7334; portNumber 5060; mode inService; state disabled; tcpConnectTimeout 5; dscpValue 0; tlsProfileName defaultTlsProfile; transportProtocolsAllowed sip-udp; }
To display the configured Zone and ID assignments details with display level set to “5”:
% show addressContext default zone defaultSigZone displaylevel 5 id 1; gwSigPort 1 { ipInterfaceGroupName ipinterface; ipAddress 1.2.3.4; portNumber 2569; role primary; mode inService; state disabled; } gwTrunkGroup GW1 { state disabled; mode outOfService; action dryUp; dryUpTimeout 5; accMc1Percent 90; accMc2Percent 70; accTimer 0; packetOutage { minimumDuration 6000; minimumCalls 1000; bandwidthLimitReduction 50; detectionState disabled; detectionInterval 15; } callReservation { inbound 1; state disabled; priorityCallMinimum 1; incomingCallMinimum 1; outgoingCallMinimum 10; silc { state disabled; MC1Percent 75; MC2Percent 25; } } cac { callLimit unlimited; bandwidthLimit unlimited; emergencyOversubscription 10; ingress { callRateMax unlimited; callBurstMax 10; } egress { callRateMax unlimited; callBurstMax 10;
} } media { mediaIpInterfaceGroupName ipinterface; sourceAddressFiltering disabled; } } h323TrunkGroup tg { state disabled; mode outOfService; action dryUp; dryUpTimeout 5; sendingCompleteEnbloc disabled; policy { carrier 0000; country 1; localizationVariant northAmerica; digitParameterHandling { numberingPlan NANP_ACCESS; ingressDmPmRule ""; egressDmPmRule ""; } callRouting { elementRoutingPriority DEFAULT_IP; } media { packetServiceProfile DEFAULT; } services { classOfService DEFAULT_IP; } signaling { ipSignalingProfile DEFAULT_H323; } } packetOutage { minimumDuration 6000; minimumCalls 1000; bandwidthLimitReduction 50; detectionState disabled; detectionInterval 15; } callReservation { inbound 1; state disabled; priorityCallMinimum 1; incomingCallMinimum 1; outgoingCallMinimum 10; silc { state disabled; MC1Percent 75; MC2Percent 25; } } cac { callLimit unlimited; bandwidthLimit unlimited; emergencyOversubscription 10; ingress { callRateMax unlimited; callBurstMax 10; } egress { callRateMax unlimited; callBurstMax 10; } } services { overlapDialing { overlapState disabled; minDigitsForQuery 0; } longDurationCall { ldcTimeout 0; ldcAction noAction; ldcRelCause 41; ldcEmergencyCalls exclude;
} } media { mediaIpInterfaceGroupName ipinterface; sourceAddressFiltering disabled; directMediaAllowed disabled; directMediaGroupId 0; preAllocateResPad disabled; } callRouting { ansSupervisionTimeout 300; crankBackProfile default; respectBearerCapability disabled; } } ipPeer ippeer { ipAddress 1.2.3.4; ipPort 0; defaultForIp false; policy { description ""; sip { fqdn ""; fqdnPort 0; } packetServiceProfile ""; ipSignalingProfile ""; } } sipSigPort 1 { ipInterfaceGroupName ipinterface; ipAddressV4 1.2.3.4; ipAddressV6 2001:DB8:85A3::8A2E:370:7334; portNumber 5060; mode inService; state disabled; tcpConnectTimeout 5; dscpValue 0; tlsProfileName defaultTlsProfile; transportProtocolsAllowed sip-udp; }
To configure Zone CAC:
% set addressContext default zone ZONE1 id 100 commit
To view Zone statistics:
% show table addressContext default zoneCurrentStatistics
To view Zone status:
% show table addressContext default zoneStatus
To configure Trunk Group CAC:
% set addressContext default zone ZONE1 sipTrunkGroup RHEL_1 cac callLimit 200
To view Trunk Group status:
% show table addressContext default zone ZONE1 trunkGroupStatus
To configure SIP Trunk Group CAC:
% set addressContext default zone ZONE1 sipTrunkGroup RHEL_1 cac callLimit 200
To configure registration configurations:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK signaling registration requireRegistration required expires 60 insideExpiresMinimum 3600
To create SIP/H.323 signaling ports inside zone:
% set addressContext default zone INTERNAL5 id 5 sipSigPort 5 ipAddressV4 10.9.89.10 portNumber 4010 transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp ipInterfaceGroupName IFG-INT5 state enabled
To show status/statistics of SIP/H.323 signaling ports:
% show status addressContext a1 zone INTERNAL sipSigPortStatus sipSigPortStatus 1 { state inService; } % show status addressContext a1 zone INTERNAL sipSigPortStatistics sipSigPortStatistics 1 { callRate 0; origCalls 5864747; termCalls 9410868; txPdus 55245380; rxPdus 45825318; txBytes 26211787697; rxBytes 18580071475; inRegs 0; outRegs 0; }
This feature supports configuring multiple SIP signaling ports (up to 16) in the same zone facing the AS:
Below are CLI command examples to configure multiple SIP signaling ports:
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS id 20 sipSigPort 1 ipAddressV4 10.3.255.1 5060 transportProtocolsAllowed sip-tcp, sip-tls-tcp ipInterfaceGroupName LIG2 state enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_AS id 20 sipSigPort 2 ipAddressV4 10.3.255.2 5060 transportProtocolsAllowed sip-udp ipInterfaceGroupName LIG2 state enabled
The following CLI commands enable this feature:
% set global signaling sipSigControls multipleContactsPerAoR enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD sipTrunkGroup TG_IAD signaling registration requireRegistration supported % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD remoteDeviceType accessDevice % set addressContext ADDR_CONTEXT_1 zone ZONE_AS remoteDeviceType appServer
This feature provides the IP address, port number and the transport parameters from the source IP packet carried in the REGISTER message reaching the registrar in the SIP proprietary header- X-Original-Addr.
Use the following CLI command to configure the Endpoint address in X-Header:
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS sipTrunkGroup TG_AS signaling registration includeXOriginalAddr enabled
Once the feature is configured there will be an additional header (X-Original-Addr) in the outgoing SIP Register message as follows:
REGISTER sip:10.3.255.150:5060 SIP/2.0 Via: SIP/2.0/UDP 10.3.255.1:5060;branch=z9hG4bK00B000b62fb005af43f From: <sip:9711000000@10.3.255.150>;tag=gK00000fca To: <sip:9711000000@10.3.255.150> Call-ID: 512_3123187670_1823140541@10.3.255.1 CSeq: 1162827419 REGISTER Max-Forwards: 70 Allow: INVITE, ACK, CANCEL, BYE, REGISTER, REFER, INFO, SUBSCRIBE, NOTIFY, PRACK, UPDATE, OPTIONS, MESSAGE, PUBLISH Contact: <sip:9711000000@10.3.255.1:5060;dtg=TG_INET1;reg-info=200>;q=0.0;expires=3600 X-Original-Addr:ip=10.4.255.150:port=5060:transport=udp User-Agent: iPhone-Time to Call-1.1.1-ios-4.3.3 Content-Length: 0
This feature supports the following:
The following CLI commands are used to configure mapping the source IP/port to the SDP “c=” line:
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 #the criteria % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message # configure the message criteria % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message message messageTypes all % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message message methodType invite % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody messageBody condition regex-match regexp numMatch match string "c=IN IP4" % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody messageBody messageBodyType all % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 type variable % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 operation store % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 operation store to type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 from type value value "c=IN IP4 " % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 type variable operation append % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 from type globalVariable globalVariableValue srcipaddr % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 to type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 type messageBody % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 operation regsub % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 regexp string "c=IN IP4 (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 from type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 to type messageBody messageBodyValue all #enable the state % set profiles signaling sipAdaptorProfile CHANGEIP1 state enabled commit
% set addressContext ADDR_CONTEXT_1 zone ZONE_CUST2 sipTrunkGroup TG_CUST2_1 signaling messageManipulation inputAdapterProfile CHANGEIP1
The SBC supports NAT traversal of Signaling and Media. To configure, perform the following steps:
Enable NAT traversal for Signaling:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal signalingNat enabled
Enable NAT traversal for Media:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal mediaNat enabled
Configure udpKeepaliveTimer:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal udpKeepaliveTimer 60
This value is sent in the 200 OK of the Register to overcome the NAT binding issue. Always configure this value to be smaller.
The SBC supports Direct Media whenever both call legs are in the same directMediaGroupId and the endpoints negotiate the same codec. To configure, perform the following steps:
Enable media:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK media directMediaAllowed enabled
Set packet service profile:
% set profiles media packetServiceProfile DEFAULT flags useDirectMedia enable
SDP transparency supports the transparency of ICE and other parameters that are sent transparently through the SBX.
The following CLI commands facilitate the use of SDP transparency:
Initially, direct media is required to be enabled and configured on both the ingress/egress trunk groups.
% set profiles media packetServiceProfile <DEFAULT_PSP> flags useDirectMedia enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD sipTrunkGroup TG_IAD media directMediaAllowed enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_AS sipTrunkGroup TG_AS media directMediaAllowed enabled
The following CLI command is used to turn on/off the SDP transparency feature on both ingress and egress trunk groups:
% set addressContext default zone ZONE1 sipTrunkGroup SBX10_AS signaling sdpTransparency sdpTransparencyState enabled
Ensure that media PSP DEFAULT is associated to the trunk group.
You delete a zone using the delete addressContext <addressContext name> zone
<zonename
> command. You must delete all objects (SIP/H.323 signaling ports and trunk groups) assigned to a zone before deleting a zone.
In this section:
A zone
is used to group a set of objects unique in a particular customer environment. A zone can contain one SIP signaling port and/or one H.323 signaling port, but up to 16 ports are allowed. A zone can contain multiple SIP and H.323 trunk groups.
Trunk group names must be unique across all address contexts, zones, and trunk group types.
IP peer names must be unique across all address contexts, and zones.
Ribbon recommends using the Transparency Profile to configure transparency on the SBC Core for new deployments, as well as applying additional transparency configurations to existing deployments. Do not use IP Signaling Profile flags in these scenarios because the flags will be retired in upcoming releases.
Refer to the SBC SIP Transparency Implementation Guide for additional information.
Sub-system signaling ports (such as SIP signaling ports, relay ports, D-SBC signaling ports, H.323 signaling ports) must use different IP addresses because each IP address adds one system ACL, and IP addresses are not prioritized when measured in the same ACL. This best practice will avoid any IP addressing overlaps and ensure proper policing of packets.
The high-level CLI syntax for zone object is shown below. For detailed syntax and parameter descriptions, go to a specific page listed above under "Additional pages".
% set addressContext <addressContext name> zone <zone name> id <id #> % set addressContext <addressContext name> zone <zone name> action <dryUp | force> advancePeerControl <disabled | enabled> blockDirection <bothways | incoming | none | outgoing> cac <cac parameter> dialogTransparency <disabled | enabled> disableZoneLevelLoopDetection <disabled | enabled> dnsGroup <dnsGroup name> domainName <string> dryUpTimeout <1-1440 mins> filterSipSrc flexiblePolicyAdapterProfile <profile name> gwSigPort <index #> gwTrunkGroup <TRUNKGROUP NAME> h323SigPort <h323SigPort parameters> h323TrunkGroup <TRUNKGROUP NAME> id <1-4096> ipPeer <ipPeer name> messageManipulation <inputAdapterProfile | outputAdapterProfile> mode <inService | outOfService> mtrmConnPort <index> relayPort <relayPort Index> remoteDeviceType <accessDevice | appServer | core | nni | none> retargetSupport <disabled | useSystemLevelConfiguration> sipHeaderForAnonymousCall <none | remotePartyId> sipRegRelay <disabled | enabled> sipSigPort <index #> sipTrunkGroup <TRUNKGROUP NAME> srvcc eatf <disabled | enabled> tracerouteSigPort
To display the configured Zone and ID assignments:
% show addressContext default zone EXTERNAL zone EXTERNAL { id 2; ipPeer HUMPI_ext_peer { ipAddress 10.34.9.70; ipPort 9065; state enabled; policy { description ""; sip { fqdn ""; } packetServiceProfileId ""; ipSignalingProfileId ""; } } sipSigPort 2 { ipInterfaceGroupName LIF2; ipAddress 10.34.9.104; portNumber 5060; state enabled; transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp; } sipTrunkGroup HUMPI_EXT { state enabled; mode inService; policy { carrier 0000; country 1; sipDomain ""; localizationVariant northAmerica; digitParameterHandling { numberingPlan NANP_ACCESS; ingressDmPmRule ""; egressDmPmRule ""; } callRouting { elementRoutingPriority DEFAULT_IP; } media { packetServiceProfile DEFAULT; } services { classOfService DEFAULT_IP; } signaling { ipSignalingProfile DEFAULT_SIP; }
} signaling { methods { subscribe allow; } } media { mediaIpInterfaceGroupName LIF2; } ingressIpPrefix 10.34.9.70 32; } } % show addressContext default zone INTERNAL zone INTERNAL { id 1; ipPeer HUMPI_int_peer { ipAddress 10.34.9.70; ipPort 7056; state enabled; policy { description ""; sip { fqdn ""; } packetServiceProfileId ""; ipSignalingProfileId ""; }
} sipSigPort 1 { ipInterfaceGroupName LIF1; ipAddress 10.34.9.103; portNumber 5060; state enabled; transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp; } sipTrunkGroup HUMPI_INT { state enabled; mode inService; policy { carrier 0000; country 1; sipDomain ""; localizationVariant northAmerica; digitParameterHandling { numberingPlan NANP_ACCESS; ingressDmPmRule ""; egressDmPmRule ""; } callRouting { elementRoutingPriority DEFAULT_IP; } media { packetServiceProfile DEFAULT; } services { classOfService DEFAULT_IP; } signaling { ipSignalingProfile DEFAULT_SIP; } } signaling { methods { notify allow; } } media { mediaIpInterfaceGroupName LIF1; } ingressIpPrefix 10.34.9.70 32; } }
To display the configured Zone and ID assignments details with display level set to 3:
% show addressContext default zone defaultSigZone displaylevel 3 id 1; gwSigPort 1 { ipInterfaceGroupName ipinterface; ipAddress 1.2.3.4; portNumber 2569; role primary; mode inService; state disabled; } gwTrunkGroup GW1 { state disabled; mode outOfService; action dryUp; dryUpTimeout 5; accMc1Percent 90; accMc2Percent 70; accTimer 0; } h323TrunkGroup tg { state disabled; mode outOfService; action dryUp; dryUpTimeout 5; sendingCompleteEnbloc disabled; } ipPeer ippeer { ipAddress 1.2.3.4; ipPort 0; defaultForIp false; } sipSigPort 1 { ipInterfaceGroupName ipinterface; ipAddressV4 1.2.3.4; ipAddressV6 2001:DB8:85A3::8A2E:370:7334; portNumber 5060; mode inService; state disabled; tcpConnectTimeout 5; dscpValue 0; tlsProfileName defaultTlsProfile; transportProtocolsAllowed sip-udp; }
To display the configured Zone and ID assignments details with display level set to “5”:
% show addressContext default zone defaultSigZone displaylevel 5 id 1; gwSigPort 1 { ipInterfaceGroupName ipinterface; ipAddress 1.2.3.4; portNumber 2569; role primary; mode inService; state disabled; } gwTrunkGroup GW1 { state disabled; mode outOfService; action dryUp; dryUpTimeout 5; accMc1Percent 90; accMc2Percent 70; accTimer 0; packetOutage { minimumDuration 6000; minimumCalls 1000; bandwidthLimitReduction 50; detectionState disabled; detectionInterval 15; } callReservation { inbound 1; state disabled; priorityCallMinimum 1; incomingCallMinimum 1; outgoingCallMinimum 10; silc { state disabled; MC1Percent 75; MC2Percent 25; } } cac { callLimit unlimited; bandwidthLimit unlimited; emergencyOversubscription 10; ingress { callRateMax unlimited; callBurstMax 10; } egress { callRateMax unlimited; callBurstMax 10;
} } media { mediaIpInterfaceGroupName ipinterface; sourceAddressFiltering disabled; } } h323TrunkGroup tg { state disabled; mode outOfService; action dryUp; dryUpTimeout 5; sendingCompleteEnbloc disabled; policy { carrier 0000; country 1; localizationVariant northAmerica; digitParameterHandling { numberingPlan NANP_ACCESS; ingressDmPmRule ""; egressDmPmRule ""; } callRouting { elementRoutingPriority DEFAULT_IP; } media { packetServiceProfile DEFAULT; } services { classOfService DEFAULT_IP; } signaling { ipSignalingProfile DEFAULT_H323; } } packetOutage { minimumDuration 6000; minimumCalls 1000; bandwidthLimitReduction 50; detectionState disabled; detectionInterval 15; } callReservation { inbound 1; state disabled; priorityCallMinimum 1; incomingCallMinimum 1; outgoingCallMinimum 10; silc { state disabled; MC1Percent 75; MC2Percent 25; } } cac { callLimit unlimited; bandwidthLimit unlimited; emergencyOversubscription 10; ingress { callRateMax unlimited; callBurstMax 10; } egress { callRateMax unlimited; callBurstMax 10; } } services { overlapDialing { overlapState disabled; minDigitsForQuery 0; } longDurationCall { ldcTimeout 0; ldcAction noAction; ldcRelCause 41; ldcEmergencyCalls exclude;
} } media { mediaIpInterfaceGroupName ipinterface; sourceAddressFiltering disabled; directMediaAllowed disabled; directMediaGroupId 0; preAllocateResPad disabled; } callRouting { ansSupervisionTimeout 300; crankBackProfile default; respectBearerCapability disabled; } } ipPeer ippeer { ipAddress 1.2.3.4; ipPort 0; defaultForIp false; policy { description ""; sip { fqdn ""; fqdnPort 0; } packetServiceProfile ""; ipSignalingProfile ""; } } sipSigPort 1 { ipInterfaceGroupName ipinterface; ipAddressV4 1.2.3.4; ipAddressV6 2001:DB8:85A3::8A2E:370:7334; portNumber 5060; mode inService; state disabled; tcpConnectTimeout 5; dscpValue 0; tlsProfileName defaultTlsProfile; transportProtocolsAllowed sip-udp; }
To configure Zone CAC:
% set addressContext default zone ZONE1 id 100 commit
To view Zone statistics:
% show table addressContext default zoneCurrentStatistics
To view Zone status:
% show table addressContext default zoneStatus
To configure Trunk Group CAC:
% set addressContext default zone ZONE1 sipTrunkGroup RHEL_1 cac callLimit 200
To view Trunk Group status:
% show table addressContext default zone ZONE1 trunkGroupStatus
To configure SIP Trunk Group CAC:
% set addressContext default zone ZONE1 sipTrunkGroup RHEL_1 cac callLimit 200
To configure registration configurations:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK signaling registration requireRegistration required expires 60 insideExpiresMinimum 3600
To create SIP/H.323 signaling ports inside zone:
% set addressContext default zone INTERNAL5 id 5 sipSigPort 5 ipAddressV4 10.9.89.10 portNumber 4010 transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp ipInterfaceGroupName IFG-INT5 state enabled
To show status/statistics of SIP/H.323 signaling ports:
% show status addressContext a1 zone INTERNAL sipSigPortStatus sipSigPortStatus 1 { state inService; } % show status addressContext a1 zone INTERNAL sipSigPortStatistics sipSigPortStatistics 1 { callRate 0; origCalls 5864747; termCalls 9410868; txPdus 55245380; rxPdus 45825318; txBytes 26211787697; rxBytes 18580071475; inRegs 0; outRegs 0; }
This feature supports configuring multiple SIP signaling ports (up to 16) in the same zone facing the AS:
Below are CLI command examples to configure multiple SIP signaling ports:
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS id 20 sipSigPort 1 ipAddressV4 10.3.255.1 5060 transportProtocolsAllowed sip-tcp, sip-tls-tcp ipInterfaceGroupName LIG2 state enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_AS id 20 sipSigPort 2 ipAddressV4 10.3.255.2 5060 transportProtocolsAllowed sip-udp ipInterfaceGroupName LIG2 state enabled
The following CLI commands enable this feature:
% set global signaling sipSigControls multipleContactsPerAoR enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD sipTrunkGroup TG_IAD signaling registration requireRegistration supported % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD remoteDeviceType accessDevice % set addressContext ADDR_CONTEXT_1 zone ZONE_AS remoteDeviceType appServer
This feature provides the IP address, port number and the transport parameters from the source IP packet carried in the REGISTER message reaching the registrar in the SIP proprietary header- X-Original-Addr.
Use the following CLI command to configure the Endpoint address in X-Header:
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS sipTrunkGroup TG_AS signaling registration includeXOriginalAddr enabled
Once the feature is configured there will be an additional header (X-Original-Addr) in the outgoing SIP Register message as follows:
REGISTER sip:10.3.255.150:5060 SIP/2.0 Via: SIP/2.0/UDP 10.3.255.1:5060;branch=z9hG4bK00B000b62fb005af43f From: <sip:9711000000@10.3.255.150>;tag=gK00000fca To: <sip:9711000000@10.3.255.150> Call-ID: 512_3123187670_1823140541@10.3.255.1 CSeq: 1162827419 REGISTER Max-Forwards: 70 Allow: INVITE, ACK, CANCEL, BYE, REGISTER, REFER, INFO, SUBSCRIBE, NOTIFY, PRACK, UPDATE, OPTIONS, MESSAGE, PUBLISH Contact: <sip:9711000000@10.3.255.1:5060;dtg=TG_INET1;reg-info=200>;q=0.0;expires=3600 X-Original-Addr:ip=10.4.255.150:port=5060:transport=udp User-Agent: iPhone-Time to Call-1.1.1-ios-4.3.3 Content-Length: 0
This feature supports the following:
The following CLI commands are used to configure mapping the source IP/port to the SDP “c=” line:
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 #the criteria % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message # configure the message criteria % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message message messageTypes all % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message message methodType invite % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody messageBody condition regex-match regexp numMatch match string "c=IN IP4" % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody messageBody messageBodyType all % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 type variable % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 operation store % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 operation store to type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 from type value value "c=IN IP4 " % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 type variable operation append % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 from type globalVariable globalVariableValue srcipaddr % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 to type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 type messageBody % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 operation regsub % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 regexp string "c=IN IP4 (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 from type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 to type messageBody messageBodyValue all #enable the state % set profiles signaling sipAdaptorProfile CHANGEIP1 state enabled commit
% set addressContext ADDR_CONTEXT_1 zone ZONE_CUST2 sipTrunkGroup TG_CUST2_1 signaling messageManipulation inputAdapterProfile CHANGEIP1
The SBC supports NAT traversal of Signaling and Media. To configure, perform the following steps:
Enable NAT traversal for Signaling:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal signalingNat enabled
Enable NAT traversal for Media:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal mediaNat enabled
Configure udpKeepaliveTimer:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal udpKeepaliveTimer 60
This value is sent in the 200 OK of the Register to overcome the NAT binding issue. Always configure this value to be smaller.
The SBC supports Direct Media whenever both call legs are in the same directMediaGroupId and the endpoints negotiate the same codec. To configure, perform the following steps:
Enable media:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK media directMediaAllowed enabled
Set packet service profile:
% set profiles media packetServiceProfile DEFAULT flags useDirectMedia enable
SDP transparency supports the transparency of ICE and other parameters that are sent transparently through the SBX.
The following CLI commands facilitate the use of SDP transparency:
Initially, direct media is required to be enabled and configured on both the ingress/egress trunk groups.
% set profiles media packetServiceProfile <DEFAULT_PSP> flags useDirectMedia enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD sipTrunkGroup TG_IAD media directMediaAllowed enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_AS sipTrunkGroup TG_AS media directMediaAllowed enabled
The following CLI command is used to turn on/off the SDP transparency feature on both ingress and egress trunk groups:
% set addressContext default zone ZONE1 sipTrunkGroup SBX10_AS signaling sdpTransparency sdpTransparencyState enabled
Ensure that media PSP DEFAULT is associated to the trunk group.
You delete a zone using the delete addressContext <addressContext name> zone
<zonename
> command. You must delete all objects (SIP/H.323 signaling ports and trunk groups) assigned to a zone before deleting a zone.