Page History
Panel | ||||
---|---|---|---|---|
In this section:
|
New CLI in 11.
01.0R0
SBX-
96767 PEM File Format Support for the Remote Type Certificate86522 Support for TLS 1.3 on SBC Core
The flag v1_3
is added to the TLS Profile to configure TLS 1.3 support. In addition, three Ciphersuites are added to support TLS 1.3Currently, the SBC supports DER encoded files for type "remote" certificates. This feature implementation enhances the SBC to accept the PEM encoded files for "remote" certificates too.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set systemprofiles security pkitlsProfile certificate<tls <certificateprofile name> fileName <1-255 characters> type <local | local-internal | remote> state state v1_3 <disabled | enabled> |
Command Parameters
Parameter
Description
fileName
<filename
> – Certificate content filename in the format:
- Local-Internal: PEM
- Local: PKCS#12
- Remote: DER, PEM
Configuration Examples
Code Block |
---|
set system security pki certificate COMPANY_CA filename company_ca.pem type remote state enabled
commit |
SBX-103594 MSRP B2BUA Support when a=msrp-cema Present
To support the SBC role as "MSRP B2BUA" (even though the SBC receives msrp-cema attribute in the SDP), the SBC is enhanced with a configuration flag msrpB2BUA in the Trunk Group. By default, this flag is disabled.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set addressContext <AC name> zone <Zone name> sipTrunkGroup <TG name> media msrpB2BUA <disabled | enabled> % set profiles security tlsProfile <tls profile name> cipherSuite <cipherSuite1/2/3> tls_aes_128_gcm_sha256 tls_aes_256_gcm_sha384 tls_chacha20_poly1305_sha256 |
Command Parameters
Parameter | Length/Range | Default | Description | M/O |
---|
v1_3 |
n/ |
a | disabled |
This parameter ensures the role of SBC as B2BUA irrespective of the End Point role. Enable this parameter in both trunk groups to handle the msrp-cema attribute received in request/response messages.
disabled
(default)enabled
Configuration Examples
Code Block |
---|
set addressContext default zone zoneIngress sipTrunkGroup TG_ingress media msrpB2BUA enabled
commit |
Code Block |
---|
set addressContext default zone zoneIngress sipTrunkGroup TG_ingress media msrpB2BUA disabled
commit |
SBX-104653 Allow SMM Profile Index Gapping and Rearranging through CLI
A CLI command is introduced to create gap between the SMM rules and allow the user to add new rules in the gap without deleting the rules.
Command Syntax
Code Block |
---|
% request profiles signaling sipAdaptorProfile <profile_name> cmds addGapInRuleList index <0-10000> gap <0-10000> |
Info | ||
---|---|---|
| ||
You can enter the command from both the system-level and configure CLI modes. |
Command Parameters
N/A
Use this parameter to create a gap between the SMM rules in order to add new rules in the gap without deleting the rules.
Gap --
Represents the number of rule positions to move after the input index. Range: 0-10000. Default = 0Index --
Represents the rule after which the gap is created Range: 0-10000. Default = 0
Note: The largest value allowed for the gap is determined based on the sum of rule count and gap.
- The SBC generates an error in the .DBG log if the ruleCount + gap is greater than CPX_MAX_SMM_RULES.
- The SBC generates an error in the .DBG log if the input index value is greater than or equal to Maximum Rule Index of the existing rules (index >= maxRuleIndex).
Enable this flag to configure the SBC to support TLS 1.3 on the ingress and egress legs.
| O | |||
tls_aes_128_gcm_sha256 | n/a | n/a | TLS 1.3 Ciphersuite | O |
tls_aes_256_gcm_sha384 | n/a | n/a | TLS 1.3 Ciphersuite | O |
tls_chacha20_poly1305_sha256 | n/a | n/a | TLS 1.3 Ciphersuite | O |
Configuration Examples
Code Block | ||
---|---|---|
| ||
set profiles security tlsProfile defaultTlsProfile v1_3 enabled
set profiles security tlsProfile defaultTlsProfile cipherSuite1 tls_aes_128_gcm_sha256
set profiles security tlsProfile defaultTlsProfile cipherSuite2 tls_aes_256_gcm_sha384
set profiles security tlsProfile defaultTlsProfile cipherSuite3 tls_chacha20_poly1305_sha256
commit |
SBX-93114 SIP Registrar Functionality Support
The SBC Core is enhanced to support SIP Registrar functionality for SIP end points. This feature allows the Ribbon SBC to act as an Access SBC with Registrar functionality in a single deployment.
SIP TG - Signaling - SIP Local Registrar - CLI
The CLI object sipLocalRegistrar
to support the SIP Registrar functionality is added to the CLI in this release.
Command Syntax
The following CLI shows how to enable the SIP Local Registrar functionality.
Code Block | ||
---|---|---|
| ||
set addressContext <name> zone <name> sipTrunkGroup <name> signaling sipLocalRegistrar <disabled | enabled> |
Configuration Examples
Code Block |
---|
request profiles signaling sipAdaptorProfile SMM_INC cmds addGapInRuleList index 10 gap 5
result success |
SBX-90885 Handling of RCD Passport Headers
The SBC is enhanced to pass the "jcard" and the "call-reason" parameters received in the "Call-Info" header of the SIP INVITE to the PSX when STIR/SHAKEN is enabled. To support this functionality, the flexVariable
type is added to the SIP Adaptor Profile configuration to store up to 16 flex variables received from the PSX as input to the SBC SMM to modify SIP messages on the Egress leg.
Command Syntax
Code Block |
---|
% set profiles signaling sipAdaptorProfile <Profile Name> rule <#> action <#> from type flexVariable
% set profiles signaling sipAdaptorProfile <Profile Name> rule <#> action <#> from flexVariableValue <flexvar1...flexvar16> |
Command Parameters
Parameter | Length/Range | Default | Description |
---|
flexVariable
sipLocalRegistrar | N/A |
disabled | Use this |
Configuration Examples
Code Block |
---|
set profiles signaling sipAdaptorProfile smm1 rule 1 action 1 from type flexVariable
set profiles signaling sipAdaptorProfile smm1 rule 1 action 1 from flexVariableValue flexVar1
commit |
SMM Configuration Examples
Example SMM for REGISTER request, where the username is modified in the Egress register:
Code Block |
---|
set profiles signaling sipAdaptorProfile EBOSMM state enabled
set profiles signaling sipAdaptorProfile EBOSMM advancedSMM enabled
set profiles signaling sipAdaptorProfile EBOSMM profileType messageManipulation
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 1 message messageTypes request
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 1 message methodTypes [ register ]
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 header name to
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 3 type token
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 3 token
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 3 token tokenType uriusername
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 type token
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 operation modify
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 from
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 from type flexVariable
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 from flexVariableValue flexVar1
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 to
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 to type token
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 to tokenValue uriusername
commit |
This example shows the PSX-received LOGO parameter is added as a Call-info header in the Egress INVITE:
Code Block |
---|
set profiles signaling sipAdaptorProfile AddCallinfo state enabled
set profiles signaling sipAdaptorProfile AddCallinfo advancedSMM enabled
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 applyMatchHeader one
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 1 message messageTypes request
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 1 message methodTypes [ invite ]
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 2 type messageBody
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 2 messageBody
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 2 messageBody condition exist
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 3 type flexVariable
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 3 flexVariable
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 3 flexVariable condition exist
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 3 flexVariable variableID flexVar4
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 type header
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 operation add
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 headerPosition last
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 from
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 from type flexVariable
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 from flexVariableValue flexVar4
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 to
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 to type header
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 to value Call-Info
commit |
Example of a flex variable stored in a dialog scope variable, and used in a Re-Invite:
Code Block |
---|
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 type variable
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 operation store
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 from
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 from type flexVariable
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 from flexVariableValue flexVar1
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 to
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 to type variable
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 to variableValue var1
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 to variableScopeValue dialog
commit |
SBX-106619 Voice Analytics to Identify Voice Campaigns
The SBC is enhanced to generate an audio fingerprint file on a sub-set of the calls identified for capture by SIPSG using the SAGE triggering algorithm. For calls where the audio fingerprint is computed, it is computed based on the incoming audio on the Ingress leg of the call. The audio fingerprinting is performed only for the calls where the Ingress leg is encoded using G.711 (A-law or μ-law), G.729AB, G.722, AMR, AMR-WB, EVRC, or EVRCB.
Command Syntax
Code Block |
---|
% set global callTrace sageFingerprint <disable | enable> |
Command Parameters
sageFingerprint
N/A
Enable this flag to generate an audio fingerprint for the incoming calls that can aid in robocalling campaign identification. The back-end systems (such as Identity Hub) use this feature to identify robocalling campaigns and classify individual calls that belong to a robocalling campaign.
Audio fingerprinting is enabled by default. A global configuration option is provided to disable the fingerprinting on the SBC.
disable
– Disabling audio fingerprinting can free the memory allocated to store the associated captured media.enable
(default)
flag to enable the SIP Local Registrar functionality. When enabled, messages are sent to the SIP Local Registrar.
|
Command Example
Code Block | ||
---|---|---|
| ||
set addressContext <name> zone <name> sipTrunkGroup <name> signaling sipLocalRegistrar <disabled | enabled> |
For more information, refer to SIP TG - Signaling - SIP Local Registrar - CLI.
Signaling - Global - CLI - SIP Local Registrar Object
Command Syntax
Code Block | ||
---|---|---|
| ||
% set global signaling sipLocalRegistrar
expires <15-65535>
minExpires<15-65535>
sipRegSubscriberProfile <aor Name>
sipRegAdminState <active | inactive>
sipRegSendChallenge <challengeForNone | challengeForRegister | challengeForRegisterAndInvite>
sipRegAuthRealm <authentication Realm>
sipRegAuthUserName <authentication UserName>
sipRegAuthPassword <authentication Password>
% show global signaling sipLocalRegistrar
sipRegSubscriberProfile <aor Name>
expires
minExpires |
Command Parameters
Parameter | Length/Range | Default | Description | M/O |
---|---|---|---|---|
expires | 15-65535 | 3600 | The Expiry value used for Registration. | O |
minExpires | 15-65535 | 30 | The Min-Expiry value used for Registration. If REGISTER is received with Expires value less than this field, 423 Error is generated | O |
sipRegSubscriberProfile | 1-127 characters | N/A | This represents the Address Of Record (AOR) of the user. This is the mandatory key against which the binding is created. The AOR uses the "user@host" format. For example, testUser@example.com. Also see CLI example below. | M |
sipRegAdminState | N/A | active | Defines if Subscriber state is active or inactive. The choices are:
| O |
sipRegSendChallenge | N/A | challengeForNone | Defines how the Authentication Challenge is sent.
| O |
sipRegAuthRealm | 1-127 characters | N/A | Th Authorization realm for SIP registration. | O |
sipRegAuthUserName | 1-127 characters | N/A | The Authorization user name for SIP registration. | O |
sipRegAuthPassword | 6-32 characters | N/A | DES3 (triple Digital Encryption Standard) encrypted string authentication password for SIP local registration. All ASCII characters from 33 to 126 (except 34 - double quotes) are allowed. Note: If Authentication Password contains ASCII characters, enclose the entire password string with double quotes (" ") . Example using double quotes: "Password1:@\#:########~%&*@#" Since the SBC Registrar supports bulk load configuration, the length of the password string is not validated at the time of entry into the database. The Admin must make sure that length is within the prescribed range (6-32 characters). For such out of bound passwords, authentication can fail with 403 error response. | O |
Command Example
Code Block | ||
---|---|---|
| ||
set global signaling sipLocalRegistrar expires 3500
set global signaling sipLocalRegistrar minExpires 300
set global signaling sipLocalRegistrar sipRegSubscriberProfile testUser@example.com sipRegAdminState active sipRegSendChallenge challengeForRegisterAndInvite sipRegAuthRealm example.com sipRegAuthUserName testUser sipRegAuthPassword password1
show global signaling sipLocalRegistrar sipRegSubscriberProfile testUser@example.com
sipRegAuthUserName testUser;
sipRegAuthRealm example.com;
sipRegAuthPassword $7$FZ5ju2oDUvNyLs8MvuBYmoCo55fOBhnu;
sipRegAdminState active;
sipRegSendChallenge challengeForRegisterAndInvite;
show global signaling sipLocalRegistrar expires
expires 3500
show global signaling sipLocalRegistrar minExpires
minExpires 300
show status global sipLocalRegistrar
sipLocalRegistrarRegStatus 53056@10.xx.xx.70 {
state active;
contactURI sip:53056@10.xx.1xx.xx:5xx0;
expirationTime 3600;
creationTime 2022-09-08T10:23:29+00:00;
refreshTime 0000-00-00T00:00:00+00:00;
remainingTime 3493;
}
sipLocalRegistrarRegCountStatistics entry {
sipRegAttemptCount 1;
sipRegChallengedCount 1;
sipRegStableCount 1;
sipRegFailed403Count 0;
sipRegFailed404Count 0;
sipRegFailed503Count 0;
sipRegFailedOthersCount 0;
}
request global sipLocalRegistrar sipRegCountReset
request global sipLocalRegistrar sipRegistrationDeleteByAor sipRegAor 53056@10.xx.xx.70
result success |
For more information, refer to Signaling - Global - CLI.
SIP Local Registrar - Request CLI
Command Syntax
Code Block | ||
---|---|---|
| ||
% request global sipLocalRegistrar sipLocalRegistrarRegDeleteByAor <aor Name>
% request global sipLocalRegistrar sipRegCountReset |
Command Parameters
Parameter | Length/Range | Default | Description | |||||
---|---|---|---|---|---|---|---|---|
sipLocalRegistrarRegDeleteByAor | N/A | N/A | Use this flag to delete an AOR entry from the Registrar. | |||||
sipRegCountReset | N/A | N/A | Use this parameter to reset the count of statistics.
|
Info | ||
---|---|---|
| ||
The |
For more information, refer to Request Global - CLI.
SIP Local Registrar - Show CLI
Command Syntax
Code Block | ||
---|---|---|
| ||
% show status global sipLocalRegistrar
sipActiveLocalRegistrarRegStatus
sipLocalRegistrarRegCountStatistics
sipLocalRegistrarRegCountCurStats
sipLocalRegistrarRegCountIntStats
% show table global sipLocalRegistrar sipLocalRegistrarRegCountStatistics |
Command Parameters
Parameter | Length/Range | Default | Description |
---|---|---|---|
sipActiveLocalRegistrarRegStatus | N/A | N/A | Shows the status of the AOR registered with the Registrar. If the AOR name is not provided, this shows the data for all the AORs registered at Registrar. |
sipLocalRegistrarRegCountStatistics | N/A | N/A | Shows the attempt/stable/failed counts for registrations received at the Registrar. The statistics displays the following fields.
|
sipLocalRegistrarRegCountCurStats | N/A | N/A | The high water mark of total number of stable registrations for the current interval. |
sipLocalRegistrarRegCountIntStats | N/A | N/A | The high water mark of total number of stable registrations for the reporting interval. |
For more information, refer to Show Status Global.
SBX-111375 LDAP AD authentication support
The parameter ldapConfigurationMode
is added to the ldapAuthentication
configuration for the user to choose the "advanced" mode option to configure the newly-added parameters.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set oam ldapAuthentication ldapConfigurationMode <advanced | legacy>
|
Code Block | ||
---|---|---|
| ||
% set oam ldapAuthentication ldapServer <serverName>
bindMethod <sasl | simple>
binddn <name>
groupNameAttribute <groupName, or empty string>
ldapServerAddress <IPv4, IPv6 or FQDN>
ldapServerPort <valid port>
priority <1-25>
saslMechanism <digest-md5 | plain>
searchbase <1-255 characters>
state <disabled | enabled>
transport <ldaps | tcp | tls> |
Code Block | ||
---|---|---|
| ||
% set oam ldapAuthentication ldapServer <serverName>
bindMethod <sasl | simple>
binddn <name>
ldapServerAddress <IPv4, IPv6 or FQDN>
ldapServerPort <valid port>
priority <1-25>
returnAttribute <1-255 characters>
saslMechanism <digest-md5 | plain>
searchFilter <1-255 characters>
searchbase <1-255 characters>
state <disabled | enabled>
systemPassword <password>
systemUsername <1-255 characters>
transport <ldaps | tcp | tls> |
Command Parameters
ldapAuthentication (New Parameter)
The ldapConfigurationMode
parameter is added to the LDAP Authentication configuration to specify legacy or advanced modes.
Parameter | Length/Range | Default | Description | M/O |
---|---|---|---|---|
ldapConfigurationMode | n/a | legacy | The configuration mode for the LDAP client.
| O |
ldapServer (Updated Parameters)
The following parameters are updated in this release (for both 'legacy' and 'advanced' modes):
Parameter | Length/Range | Description | M/O |
---|---|---|---|
| IPv4 address IPv6 address FQDN | The IPv4 address, IPv6 address or FQDN of the server as a hostname. The supported formats are:
| M |
priority | 1-25 | <priority #> – The server priority, where '1' is the highest priority. | M |
saslMechanism | N/A | The SASL mechanism to use.
| O |
ldapServer (New Parameters)
The following new LDAP Sever parameters are available when ldapConfigurationMode
is set to advanced
:
Parameter | Length/Range | Description | M/O | |||||
---|---|---|---|---|---|---|---|---|
| 1-255 characters | The attribute returned from the search for the group name of the LDAP user. For example, in the above query, if cn is specified as the return attribute, then the returned attribute will be: | O | |||||
| 1-255 characters | The LDAP filter used to search for the group name of the LDAP user. Specify {0} in the search filter to specify the user in the searchFilter. For example: (&(objectClass=group)(member=cn={0},CN=Users,DC=example,DC=tst)) | O | |||||
| string | The password for the LDAP user with Administrative privileges | O | |||||
| 1-255 characters | An LDAP user with Administrative privileges – Leave blank, or enter a user name.
| O |
Configuration Example
An example of LDAP Authentication using the "advanced" mode is provided below:
Code Block | ||
---|---|---|
| ||
set oam ldapAuthentication ldapConfigurationMode advanced
set oam ldapAuthentication ldapServer ldap1 priority 1
set oam ldapAuthentication ldapServer ldap1 state enabled
set oam ldapAuthentication ldapServer ldap1 bindMethod simple
set oam ldapAuthentication ldapServer ldap1 saslMechanism plain
set oam ldapAuthentication ldapServer ldap1 systemUsername CN=Administrator,CN=Users,DC=mdroot,DC=tst
set oam ldapAuthentication ldapServer ldap1 systemPassword xxxyyyzzz
set oam ldapAuthentication ldapServer ldap1 transport ldaps
set oam ldapAuthentication ldapServer ldap1 binddn "cn={0},CN=Users,dc=mdroot,dc=tst"
set oam ldapAuthentication ldapServer ldap1 searchbase CN=Builtin,DC=mdroot,DC=tst
set oam ldapAuthentication ldapServer ldap1 ldapServerAddress rdc1.mdroot.tst
set oam ldapAuthentication ldapServer ldap1 ldapServerPort 636
set oam ldapAuthentication ldapServer ldap1 searchFilter (&(objectClass=group)(member=CN=Administrator,CN=Users,DC=mdroot,DC=tst))
set oam ldapAuthentication ldapServer ldap1 returnAttribute cn |
Configuration Examples
To enable the sageFingerprint:
Code Block |
---|
set global callTrace sageFingerprint enable
commit |
To enable the sageFingerprint:
Code Block |
---|
set global callTrace sageFingerprint disable
commit |