CLI Changes in This Release

New CLI in 9.2.0R1

SBX-59346 Beep Tone Required During Recorded Calls

The SBC SIPREC feature is enhanced with:

• The ability to play beep tone in recorded calls. This capability is config driven.
• Operators can configure the tone power, interval between tones, and the direction in which the tone should be played.

In addition to SIPREC feature, you can attach the Beep tone profile to ingress/ egress TGs (without SIPREC) and the beep tone will get played in accordance with the direction mentioned in the beep tone profile.

Command Syntax

The following example shows the syntax for beepToneProfile

set profiles media beepToneProfile <profile_name>
   direction <ingress | egress | both>
   durationBetweenTone <0-65535>
   tonePower <-50-3>

For more information, refer to Beep Tone Profile - CLI.

SBX-86241 Stream RTP/RTCP Stats and DTMF Events to Ribbon Protect

To facilitate monitoring and management of voice quality with the SBC Core and the Ribbon Protect, the SBC Core is enhanced to support the following functionality to allow service providers to see discrete variations in voice quality, as well as monitor SLA and network operations.

• Communicate with Ribbon Protect
• Report media quality statistics (RTP/RTCP) and DTMF packets to Ribbon Protect.

Command Syntax

The following example shows the syntax for mediaProbe:

% set system media mediaProbe
    dscpValue <0-63>
    encryptionType <None>
    format <rtcp>
    mediaProbeAddressContext <addressContext>
    mediaProbeIpInterfaceGroup <mediaIpInterfaceGroup>
    protocolType <udp>
    reportingInterval <1-8>
    state <disabled | enabled>

Command Parameter

For more information, refer to Media System - CLI.

SBX-97041 LDAP for Centralized Authentication

The SBC Core is enhanced in this release to also support Lightweight Directory Access Protocol (LDAP) for external centralized authentication. LDAP is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. It is a simplification of the X. 500 Directory Access Protocol (DAP) used to access directory information. Using this simple authentication method, the LDAP client sends the username and password to the LDAP server.

To support this behavior, the SBC is enhanced with the following CLI/EMA changes:

• Added External Authentication Type option to System Admin to choose LDAP or RADIUS for external centralized authentication.
• Added LDAP Authentication to OAM to configure an LDAP server, as well as LDAP filters, retry criteria and a command to re-enable the LDAP server.
• Added LDAP Status command.

Limitations:

• LDAP authentication is not supported for access to the Platform manager.
• There is no support for specifying the LDAP server address using a FQDN.

Command Syntax

The following example shows the syntax for externalAuthenticationType:

%  set system admin <SYSTEM> externalAuthenticationType <ldap|radius>

Command Parameters

LDAP Authentication

LDAP Server

Use this parameter to configure information to communicate with one or more LDAP servers.

Command Syntax

% set oam ldapAuthentication ldapServer <serverName>
    binddn <name>
    bindMethod <sasl|simple>
    groupNameAttribute <groupName, or empty string>
    ldapServerAddress <IPv4/IPv6 address>
    ldapServerPort <valid port>
    priority <1-3>
    saslMechanism <plain>
    searchbase <base>
    state <disabled|enabled>
    transport <ldaps|tcp|tls>

Command Parameters

LDAP Filters

Use this parameter to configure a set of filters against predefined or custom groups to determine if the specified user is a member of those groups. Each filter is accessed in the order specified in the LDAP Filters table. If a filter returns at least one record, then the user is considered part of that group, and that group name is used.

Command Syntax

% set oam ldapAuthentication ldapFilters
    filter <LDAP filter string>
	groupName <name of CLI group name to login to CLI>
	order <integer>

Command Parameters

LDAP Retry Criteria

Use this parameter to configure the LDAP Server Retry criteria settings. 

Command Syntax

% set oam ldapAuthentication retryCriteria
	retryTimer <500-45000>
	retryCount <1-3>
	oosDuration <0-300>

Command Parameters

Command Example

set oam ldapAuthentication retryCriteria retryTime 1000 retryCount 3 oosDuration 60

Re-enable Server

An LDAP server is marked "unavailable" when the SBC cannot reach it. Use this command to re-enable the LDAP server, which will set the status back to "available".

Command Syntax

% request oam ldapAuthentication ldapServer <servername> reEnableServer

Command Parameters

For more information, refer to:

• External Authentication - CLI
• LDAP Authentication - CLI
• Show Table OAM

SBX-101917 Utilization Field For Peer Overload Throttling

SLB uses a weighted round robin algorithm to load balance the SIP traffic to the registered SBCs. Prior to the version 9.2, the following fields were used to calculate weight which is assigned to each SBC registered to SLB: 

•  503 rejections or the peer loss ratio.
•  SBC capacity, in the range of 0-100 currently defaults to 100. 

The SLB continues to assume the desired behavior is to evenly distribute load to each SBC, with no regard to differences in the capacity or current usage of each SBC. It also does not provide a way to limit call traffic to a registered SBC based on user configuration.

Hence, a utilization field is introduced and is updated every second to the SLB from the SBC. The utilization is calculated as (number of current sessions/estimated max sessions). Weight calculated on SLB is 100-Utilization.

A configurable on SBC is provided to configure a user-defined utilization value which when enabled overrides the above mechanism.

The following CLI commands are deprecated:

system/slb/globalLossRatio
leaf globalLossRatio {
    tailf:display-when "/system/sbcPersonality/role ='slb'";
    type sonusSlbGlobalLossRatioType;
    default 100;
    tailf:info "
        Global Loss Ratio threshold on SLB to generate a trap (Range is 1 - 100 %)
      ";
 }

The following configuration is introduced on the SLB:

% set system slb
globalUtilization <1 ... 100>

The following configuration is introduced on the SBC to override the weight it reports to the SLB:

% set system slb
overloadControlOptions
-     uilizationOverride <disabled | 0 ... 100>

Command Parameters - slb

Command Parameters - sbc

For more information, refer to SIP Aware Front End Load Balancer (SLB) - CLI on the SBC.

New CLI in 9.2.2R0/R1

SBX-106309 Duplicate Address Detection Improvements

In the SBC 9.2.2R1 release, the Duplicate Address Detection (DAD) process job is automatically installed as part of the install/upgrade process. The SBC also adds alarms to indicate duplicate address detection, and alarms to indicate link detection toggling.

DAD Alarms

• sonusIPv6DuplicateManualReviewRebootingNotification
• sonusIPv6DuplicateManualReviewNoRebootNotification

Link Detection Alarms

Alarms are triggered when link detection toggling starts/clears.

• sonusSbxLvmPrgLinkFailureToggleNotification
• sonusSbxLvmPrgLinkFailureToggleClearedNotification
• sonusSbxLvmPrgSwitchoverToRecoverLinksNotification

This feature fixes the DAD failure issue when duplicate IPs are present on two nodes. Due to duplicate IP addresses, link detection failure occurs and the link monitorStatus indicates socketCreateFailed after switch over. 

Toggle Recover Timer

This feature adds the link detection toggleRecoverTimer. The toggleRecoverTimer starts if configured with a non-zero value when the SBX stops toggling between primary and secondary ports - 5 switches in 30 seconds (2 minutes for BFD). When this timer expires, the SBC checks the link status. If the links are not good and the node switchover is possible (checks multiple conditions such as the standby node's state, peer LDG state, and so on), then it initiates the node switchover and triggers an alarm to highlight the condition. If the switchover is not possible, or the switchover doesn't succeed, then the timer restarts.

Command Syntax

% set system admin <systemName> linkDetection toggleRecoverTimer <0-3600>

Command Parameters

Configuration Example

Issue the following commands to start the Toggle Recover Timer on a system named "SBC-1" when it stops toggling between primary and secondary ports.

% set system admin SBC-1 linkDetection toggleRecoverTimer 120
% commit

For more information, refer to Link Detection - CLI.

SBX-85797- SIP Status 607/608 Response Code Support with ISUP 21 Interworking

This feature enables the cause code mapping profile in the SBC to support new set of response codes 607/608/609/610.

For more information, refer to:

• SIP to CPC Cause Mapping Profile - CLI
• CPC to SIP Cause Map Profile - CLI

SIP to CPC Cause Mapping Profile

Command Syntax

% set profiles signaling sipCauseCodeMapping 
	sipToCpcCauseMapProfile <sipToCpcCauseMapProfile> 
		loc3xx <locNxx> 
		loc4xx <locNxx> 
		loc5xx <locNxx> 
		loc6xx <locNxx> 
		locBye <locBye> 
		locCancel <locCancel> 
		cancelCause <cancelCause> 
		baseProfile <defaultCpcSip | defaultQ1912CpcSip | defaultRfc3398CpcSip | defaultTs29163CpcSip | defaultTsgspec17SipCpc> 
		causeMap <causeMap> 
			cpcCause <cpcCause>
			location <loc value>

% show profiles signaling sipCauseCodeMapping sipToCpcCauseMapProfile <sipToCpcCauseMapProfile> displaylevel <displaylevel> 

% delete profiles signaling sipCauseCodeMapping <sipToCpcCauseMapProfile> 

CPC to SIP Cause Map Profile 

Command Syntax

% set profiles signaling sipCauseCodeMapping
	cpcToSipCauseMapProfile <profile name>
		baseProfile <defaultCpcSip | defaultQ1912CpcSip | defaultRfc3398CpcSip | defaultTs29163CpcSip | defaultTsgspec17CpcSip>
		causeMap <CPC cause value>
			location <loc value>
				sipCause <sip cause value>
			q850Reason <Q.850 cause value>
			sipCause <sip cause value>
		includeQ850Reason <disabled | enabled> 
		unrecAction <q1912Procedure | rfc3398Procedure | ts29163Procedure> 

% show profiles signaling sipCauseCodeMapping cpcToSipCauseMapProfile

% delete profiles signaling sipCauseCodeMapping cpcToSipCauseMapProfile <profile name> 

SBX-106857 Use Different Response Codes for CAC Failures

The SBC is enhanced to support a configurable SIP response code for each type of CAC rejection at various levels so that the operator can differentiate between the types of failures. Operators are able to map the different categories of CAC specific internal CPC cause codes to a SIP error response code.

This specific Requirement will address Trunk Group level configurations to allow customer desired SIP response code to use when CAC check fails.

Trunk Group level CAC configuration can also be done using sharedCAC Pool.

If a PSX 'Response Profile' is configured, then the SBC uses a SIP Error Response code as per the PSX returned 'Response Profile'.

Command Syntax

Command Parameters

Configuration Examples

To set SIP response code 505 for TG level Ingress Call limit failure, execute the following CLI.

New CLI in 9.2.3R0

SBX-107845 P-Charging-Vector Header Management Enhancements

The SBC Core's SIP trunk group signaling configuration is enhanced to include a parameter, generateOrReplacePCV, to relay or generate a P-Charging-Vector (PCV) header, depending upon the terminating and originating Inter-Operator Identifier (IOI) values sent in the PCV header.

Use the parameter, generateOrReplacePCV,  to specify the term-IOI and orig-IOI identifiers, as well as enable/disable the option to relay or generate a PCV header using the configured values. By default, this feature is disabled. 

• If the generateOrReplacePCV flag is enabled, the SBC either replaces the term-IOI and orig-IOI values in a PCV header (if present) with the provisioned values, or generates the missing PCV header term-IOI and orig-IOI from the incoming message with the provisioned values. 
• If the sendPCVHeader flag is enabled on an SBC trunk, the SBC sends the PCV header in the outgoing message. If the flag is disabled, the SBC does not add the PCV header to the outgoing message. 

Command Parameters

For more information, refer to SIP TG - Signaling - Generate Or Replace PCV - CLI.

SBX-107111 Scalable CLI screening solution for From and P-Asserted-ID

To replace the Q-series SBC, the SBC Core supports screening of both the From username and the P-Asserted-ID username presented to the SBC from SIP PBX customers. 

To support the requirements on the ERE, the solution uses dmpm as a service. Triggering a service on ERE or PSX uses the reverse lookup mechanism into the DB cache. When the call is processed at the service layer, PES looks up into the in-memory cache with the data received in the call. The matching procedure always starts with the priority of the call processing element type. If it finds a match, then it will execute the service, in this case the dmpm rule. 

• The From username or P-Asserted-ID username received in the ingress INVITE is normalized to E.164 format. These two username values are treated independently. The normalization is applied only if the username has a certain prefix and is received on a certain trunkgroup. It is not mandatory to receive the P-Asserted-ID username for all the calls.
• If the From username or P-Asserted-ID username received in the ingress INVITE does not match the prefixes, then the header is assigned a default value.
• The ERE application can screen on at least 30000 prefixes per trunkrgroup, and 75,000 prefixes per SBC.
• A new flag is added to the feature control profile. When this flag is enabled, PES executes the dmpm rule service even if the route is determined prior to PreRouter Layer. If a rule service other than the dmpm rule service is matching the trigger criteria, it will not be executed.
• There are few cases where the route is determined before the service execution layer for example using DTG, Tgrp and Trunk-context received in the D+ request. For such cases currently service execution is skipped. The ERE executes the DmPm Service even if route for the call is determined before the service execution layer. A control flag is required to execute the DmPm service even if it is routed before pre router layer.

New CLI in 9.2.4R0

SBX-102448 SBC On-hold Race Condition

The SBC is enhanced with the addition of three gateway-specific flags in the SIP trunk group signaling configuration to support the handling of 100rel-based back-to-back 18x responses using SDP changes to block irrelevant Re-INVITE/UPDATE messages between gateways. This configuration will prevent potential one-way audio issues between gateways.

• minimizeRelayingOfMediaChangesAtGwSg
• disableMediaLockDownAtGwSg
• relayDatapathModeChangesAtGwSg

% set addressContext <Address Context name> zone <ZONE_IAD/ZONE_AS> sipTrunkGroup <TG_IAD/TG_AS> signaling disableMediaLockDownAtGwSg <disabled | enabled >
% set addressContext <Address Context name> zone <ZONE_IAD/ZONE_AS> sipTrunkGroup <TG_IAD/TG_AS> signaling minimizeRelayingOfMediaChangesAtGwSg <disabled | enabled>
% set addressContext <Address Context name> zone <ZONE_IAD/ZONE_AS> sipTrunkGroup <TG_IAD/TG_AS> signaling relayDatapathModeChangesAtGwSg <disabled | enabled>

For more information, refer to:

• SIP TG - Signaling - Relay Data Path Mode Changes At GW Signaling - CLI
• SIP TG - Signaling - Disable Media Lockdown At GW Signaling - CLI
• SIP TG - Signaling - Minimize Relaying Media Changes At GW Signaling - CLI
• SIP Trunk Group - Signaling
• Gateway Signaling

SBX-114828 Update SBC Provisioning Limits (add "largeuseracl" SWe Config Profile Option)

The system SWe Config Profile provisioning option "largeuseracl" is added in this release to allow a higher number of IP ACLs for larger networks. The "largeuseracl" profile is applicable to the SBC SWe and SLB with VM Memory ≥ 18 GiB RAM.  Refer to SWe Config Profile Selection - CLI, System - Swe Config Profile Selection (EMA) and SBC Provisioning Limits for details.

% set system sweConfigProfileSelection name <extrasmall | large | largeuseracl | small>