...
The WRTC enabled device employs the ICE procedures and connects to the SBC on a public address. The SBC acts as an ICE -Lite agent to support the WRTC enabled device to punch the pinholes in the NAT for media exchange with the SBC. This can work with any Firewall in front of the WRTC enabled device that can support opening NAT Pinholes for the UDP traffic. The NAT can be Full-Cone, restricted, or symmetric NAT.
...
In this case, media is exchanged between the WRTC enabled device and the SBC. The ICE -Lite mechanism is used to negotiate a relay address for the firewalls in front of the WRTC enabled device to use for media exchange over TCP or http ports. A TURN relay is used with media path to convert RTP/TCP to RTP/UDP towards SBC.
...
Configuring WRTC includes:
| Anchor |
|---|
| Configuring ICE-Lite |
|---|
| Configuring ICE-Lite |
|---|
|
Configuring ICE...
| Info |
|---|
When natTraversal is set for iceSupport, it is recommended that both mediaNat or secureMediaNatPrefix are not configured. |
...
| Code Block |
|---|
|
% set addressContext default zone ZONE_IAD sipTrunkGroup TG_SIPART_IAD services natTraversal iceSupport iceWebrtc
iceFull
|
| Note |
|---|
- SBC uses
iceFull to support faster completion on the ICE exchange as the two end points locks down on the first accessible connection path attempted. - SBC uses
iceWebrtc to allow selection of the optimum connection path, for example, Host vs TURN address.
|
| Anchor |
|---|
| SDP Method for Multiple IP Version |
|---|
| SDP Method for Multiple IP Version |
|---|
|
SDP Method for Multiple IP Version
...
| Anchor |
|---|
| Configuring DTLS-SRTP |
|---|
| Configuring DTLS-SRTP |
|---|
|
Configuring DTLS-SRTP
...
| Code Block |
|---|
|
% set profiles media packetServiceProfile PSP_IAD dtls dtlsCryptoSuiteProfile cp1 |
| Anchor |
|---|
| Enabling the Parameters Under DTLS Crypto Suite Profile |
|---|
| Enabling the Parameters Under DTLS Crypto Suite Profile |
|---|
|
Enabling the ...
DTLS Crypto Suite Profile Parameters
| Code Block |
|---|
|
% set profiles media packetServiceProfile PSP_IAD dtls dtlsCryptoSuiteProfile cp1 dtlsFlags allowDtlsFallback enable enableDtlsSrtp enable |
| Note |
|---|
The allowDtlsFallback parameter enables a fall back to standard RTP when corresponding leg does not have DTLS-SRTP support. If this parameter is disabled, SBC does not allow any other call other than DTLS-SRTP on that leg. |
...
| Enabling the DTLS SRTP and DTLS SCTP Relay Flags in Packet Service Profile |
|---|
| Enabling the DTLS SRTP and DTLS SCTP Relay Flags in Packet Service Profile |
|---|
|
Enabling the DTLS SRTP and DTLS SCTP Relay Flags in Packet Service Profile| Code Block |
|---|
| Code Block |
|---|
language | none |
|---|
% set addressContextprofiles defaultmedia zonepacketServiceProfile ZONEPSP_IAD sipTrunkGroup TG_SIPART_IAD policy media packetServiceProfile PSP_IAD |
| Note |
|---|
The Packet Service Profile can be attached to the ingress, egress, or both ingress and egress Sip Trunk Group. |
...
The SRTP license must be enabled for DTLS support.
The license can be seen by executing the following command:
| Code Block |
|---|
|
% show table system licenseInfo
LICENSE USAGE
FEATURE NAME ID EXPIRATION DATE LIMIT |
Navigate to All > License > Bundle
| Caption |
|---|
|
 Image Removed
|
Defining SMM Rules
As SBC does not support SAVPF, the following SMM rules are applied for inter-working with WRTC endpoints:
...
dtls dtlsFlags dtlsSrtpRelay enable dtlsSctpRelay enable |
| Anchor |
|---|
| Attaching the Packet Service Profile to the Sip Trunk Group |
|---|
| Attaching the Packet Service Profile to the Sip Trunk Group |
|---|
|
Attaching the Packet Service Profile to the Sip Trunk Group| Code Block |
|---|
|
% set addressContext default zone ZONE_IAD sipTrunkGroup TG_SIPART_IAD policy media packetServiceProfile PSP_IAD |
| Note |
|---|
The Packet Service Profile can be attached to the ingress, egress, or both ingress and egress Sip Trunk Group. |
LicensingThe SRTP license must be enabled for DTLS support.
The license can be seen by executing the following command:
| Code Block |
|---|
|
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE rule 1
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE rule 1 criterion 1 type message
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE rule 1 criterion 1 type message message messageTypes all condition exist
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE rule 1 action 2 type messageBody
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE rule 1 action 2 operation regsub
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE rule 1 action 2 regexp string "RTP/SAVP" matchInstance all
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE rule 1 action 2 from type value value "RTP/SAVPF"
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE rule 1 action 2 to type messageBody messageBodyValue all
% set profiles signaling sipAdaptorProfile OUT_SMM_RULE state enable
commit |
Input Adapter Profile
For an audio and video WRTC (chrome) to WRTC (chrome) call, an inputAdaptorProfile SMM rule is required. The SMM rule is dependent on the configuration of the sdpAttributesSelectiveRelay control. This SMM rule is configured on the incoming Trunk Group. The same settings are required when inter-working from WRTC to Acano.
sdpAttributesSelectiveRelay is disabled
| Code Block |
|---|
|
% set addressContext default zone <zone name> sipTrunkGroup <sip Trunk Group name> media sdpAttributesSelectiveRelay disabled
% set profiles signaling sipAdaptorProfile IN_SMM_RULE rule 1 criterion 1 type message message messageTypes all condition exist
% set profiles signaling sipAdaptorProfile IN_SMM_RULE rule 1 action 1 type messageBody
% set profiles signaling sipAdaptorProfile IN_SMM_RULE rule 1 action 1 operation regdel
% set profiles signaling sipAdaptorProfile IN_SMM_RULE rule 1 action 1 regexp string "a=ssrc.*?\r\n" matchInstance all
% set profiles signaling sipAdaptorProfile IN_SMM_RULE rule 1 action 1 to type messageBody messageBodyValue all
% set profiles signaling sipAdaptorProfile IN_SMM_RULE state enable
commit
|
...
...
...
...
system licenseInfo
LICENSE USAGE
FEATURE NAME ID EXPIRATION DATE LIMIT |
Navigate to All > License > Bundle
| Caption |
|---|
|
Image Added |
Defining SMM Rules
As SBC does not support SAVPF, the following SMM rule is applied for inter-working with WRTC endpoints:
| Code Block |
|---|
|
% set profiles signaling sipAdaptorProfile |
...
...
...
% set profiles signaling sipAdaptorProfile |
...
...
...
...
% set profiles signaling sipAdaptorProfile |
...
...
...
type message message messageTypes all condition exist
% set profiles signaling sipAdaptorProfile |
...
OUT_SMM_RULE rule 1 action |
...
...
% set profiles signaling sipAdaptorProfile |
...
OUT_SMM_RULE rule 1 action 2 |
...
...
regsub
% set profiles signaling sipAdaptorProfile |
...
OUT_SMM_RULE rule 1 action 2 |
...
regexp string "RTP/SAVP" matchInstance all
% set profiles signaling sipAdaptorProfile |
...
OUT_SMM_RULE rule 1 action 2 |
...
...
type value value "RTP/SAVPF"
% set profiles signaling sipAdaptorProfile |
...
OUT_SMM_RULE rule 1 action 2 to type messageBody messageBodyValue all
% set profiles signaling sipAdaptorProfile |
...
OUT_SMM_RULE state enable
|
...
These SMM profiles are profile is assigned to the Trunk Group towards the WRTC.
| Note |
|---|
the adpAttributesSelectiveRelay control must be enabled to support WSX-SBC-WSX call scenarios. |
Assigning SMM Profiles to Trunk Group
The SMM profile is applied to the Trunk Group as shown below:
| Code Block |
|---|
|
% set addressContext default zone ZONE_IAD sipTrunkGroup TG_SIPART_IAD signaling messageManipulation outputAdapterProfile OUT_SMM_RULE
|
Other Configuration
| Code Block |
|---|
|
% set addressContext default zone ZONE_IAD sipTrunkGroup ATG_SIPART_IAD services natTraversal mediaNat disabled
% set profiles media packetServiceProfile PSP_IAD rtcpOptions rtcp enable |
| Note |
|---|
The STUN handling for media NAT and ICE are mutually exclusive. Therefore, mediaNAT is disabled when ICE is used. For DTLS, an association is created for both RTP and RTCP. The RTCP control must be enabled for RTCP packets to flow. |
Viewing the Call Detail Status
...
| Code Block |
|---|
|
% show status global callDetailStatus
callDetailStatus 17334272 {
mediaStreams audio;
state Stable;
callingNumber 777;
calledNumber 444;
addressTransPerformed none;
origCalledNum "";
scenarioType SIP_TO_SIP;
callDuration 8;
mediaType passthru;
associatedGcid1 17334272;
associatedGcid2 17334272;
associatedGcidLegId1 1;
associatedGcidLegId2 0;
ingressMediaStream1LocalIpSockAddr "10.54.4.176/ 1026";
ingressMediaStream1RemoteIpSockAddr "10.70.52.67/ 55658";
egressMediaStream1LocalIpSockAddr "10.54.6.176/ 1026";
egressMediaStream1RemoteIpSockAddr "10.70.52.67/ 5124";
ingressMediaStream1Security "rtp-Encrypted rtp-auth rtcp-encrypted rtcp-auth crypto-aescm hmacsha180";
egressMediaStream1Security "rtp-disabled rtcp-disabled";
ingressMediaStream1Bandwidth 135;
egressMediaStream1Bandwidth 127;
ingressMediaStream1IceState ST_ICE_COMPLETE;
egressMediaStream1IceState NONE;
ingressDtlsSrtpStream1 ENABLED;
egressDtlsSrtpStream1 DISABLED;
iceCallTypes "ing-lcl-FULL-ICE-LITE ing-rmt-FULL-ICE eg-lcl-NONE eg-rmt-NONE";
}
|
...
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | The Screen Showing a Successful DTLS Packet Capture |
|---|
|
|
...