Page History

Add_workflow_for_techpubs

AUTH2	UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
AUTH1	UserResourceIdentifier{userKey=8a00a0c880e94aad0181077fa2530009, userName='null'}
JIRAIDAUTH	SBX-0000
REV5	UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'}
REV6	UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV3	UserResourceIdentifier{userKey=8a00a0c880e94aad0181077fa2530009, userName='null'}
REV1	UserResourceIdentifier{userKey=8a00a0c880e94aad0181077fa2530009, userName='null'}

Panel

In this section:

Table of Contents

maxLevel	3

New CLI in 12.1.2R0

SBX-105148 Support for Diffie-Hellman Group 15 (3072-bit)

To support Diffie-Hellman Group 15 (3072-bit), the option "modp3072" is added to "dhGroup" in the IKE Protection Profile.

Command Syntax

Code Block
% set profiles security ikeProtectionProfile <profile> algorithms dhGroup <modp768 \| modp1024 \| modp1536 \| modp2048 \| modp3072>

Command Parameters

To support Diffie-Hellman Group 15 (3072-bit), "modp3072" is added to "dhGroup."

Parameter Length/Range Default Description M/O

dhGroup

n/a

modp1024

This parameter specifies the DH group(s) supported in the IKE exchange.

modp768
modp1024 (default)
modp1536
modp2048
modp3072

O

Configuration Example

Code Block
set profiles security ikeProtectionProfile exampleProfile algorithms dhGroup modp3072 commit

SBX-118956 IPsec (Signaling) support for CNF solution

The SPD and remote configurations are enhanced to provide the network segment name details.

Command Syntax

Code Block

set addressContext <ac> ipsec spd <spd name> networkSegmentName slb-default-pkt1 ipNameV4 | ipNameV6 SLBPKT1 localPort <port>localIpPrefixLen <prefix length>remoteIpAddr <ip address>remotePort <port> remoteIpPrefixLen <prefix length>
 
set addressContext <ac> ipsec peer <peer name> ipAddress <ip address> preSharedKey <preshared key> localIdentity type ipV4Addr networkSegmentName <network segment name> ipNameV4 | ipNameV6  <IP list name>

Command Parameters

Parameter

Length/Range

Default

Description

M/O

networkSegmentName

24 characters

N/A

Name of network segment

table entry.

M

ipNameV4

24 characters

N/A

Name of the IP list.

M

ipNameV6

24 characters

N/A

Name of the IP list.

M

Configuration Example

Code Block

#IKE Protection Profile
set profiles security ikeProtectionProfile IKE_PROTECT_1 saLifetimeTime 1200
set profiles security ikeProtectionProfile IKE_PROTECT_1 algorithms encryption aesCbc128,_3DesCbc
set profiles security ikeProtectionProfile IKE_PROTECT_1 algorithms integrity hmacSha1,hmacMd5
commit
  
#IPSec Protection Profile
set profiles security ipsecProtectionProfile IPSEC_PROTECT_1 saLifetimeTime 1200
set profiles security ipsecProtectionProfile IPSEC_PROTECT_1 espAlgorithms integrity hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile IPSEC_PROTECT_1 espAlgorithms encryption aesCbc128,_3DesCbc
commit
  
 
#Configure Remote
set addressContext default ipsec peer RACOON2 ipAddress 10.128.254.159 preSharedKey secretsecretsecretsecretsecretsecret localIdentity type ipV4Addr networkSegmentName sc-default-pkt1 ipNameV4 SCPKT1
commit
set addressContext default ipsec peer RACOON2 remoteIdentity type ipV4Addr ipAddress 10.128.254.159
set addressContext default ipsec peer RACOON2 protectionProfile IKE_PROTECT_1
commit
  
#Configure IPSec SPD
set addressContext default ipsec spd RACOON2-SPD1 precedence 999
set addressContext default ipsec spd RACOON2-SPD1 networkSegmentName sc-default-pkt1 ipNameV4 SCPKT1 localPort 0 localIpPrefixLen 32 remoteIpAddr 10.128.254.159 remotePort 0 remoteIpPrefixLen 32
set addressContext default ipsec spd RACOON2-SPD1 action protect
set addressContext default ipsec spd RACOON2-SPD1 protectionProfile IPSEC_PROTECT_1
set addressContext default ipsec spd RACOON2-SPD1 peer RACOON2
set addressContext default ipsec spd RACOON2-SPD1 mode tunnel
set addressContext default ipsec spd RACOON2-SPD1 state enabled
commit
 
#Set the protocol to IKEv1 or IKEv2
set addressContext default ipsec peer RACOON2 protocol ikev1
commit
  
#Enable IPSec on the interfacegroup
set addressContext default ipInterfaceGroup LIGSC1 ipsec enable
commit

SBX-124215 Multi-Country LI for VoLTE IMS

Multiexcerpt include

MultiExcerptName	MCLI Overview
PageWithExcerpt	Multi-Country LI for VoLTE IMS

Multiexcerpt include

MultiExcerptName	MCLI precedence order
PageWithExcerpt	Multi-Country LI for VoLTE IMS

The SBC is enhanced to support multiple CALEA users to align with RAMP. For MCLI, "calea" users from different countries can push the targets to the respective X1 interfaces.

SBX-127690 ACT File Retention and CDR File Naming (for CNe) Enhancements

The following commands are introduced to reset the global sequence number and delete the ACT files after configuring the number of days.

Command Syntax

Code Block
% request oam eventLog typeAdmin acct resetSequenceNumber <disabled \| enabled> % request oam eventLog typeAdmin acct daysToKeep <1-7>

Command Parameters

Parameter Name	Default Value	Param. Description
`resetSequenceNumber`	disabled	Use this parameter to set the flag enable/disable and reset the sequence number. Sequence numbers are appended to accounting filenames when those files contain CDRs.
`daysToKeep`	5	Specify the number of days to keep the ACT files in the backup directory before they are automatically deleted.

Configuration Examples

Code Block
request oam eventLog typeAdmin acct resetSequenceNumber enabled request oam eventLog typeAdmin acct daysToKeep 1 commit

SBX-129092 Support TLS1.3 for OAM-RAMP Connection

The security profile parameter, EmaTlsProfile, is modified to include the TLSv1.3 protocol version.

Command Syntax

Code Block
% set profiles security EmaTlsProfile <EMA TLS Profile name> v1_3 <disabled \| enabled>

Command Parameters

Parameter

Length/Range

Description

M/O

v1_3

N/A

Use this flag to enable or disable TLS version 1.3 for incoming TLS connections from the RAMP.

disabled
enabled (default)

M

Configuration Examples

Code Block
set profiles security EmaTlsProfile TLSprofile1 v1_3 enabled commit

New CLI in 12.1.1R0

SBX-104737 Configurable actions in dry up mode

This feature adds configurable actions while the SBC is in dry-up mode ("out of service mode"). These configurable actions allow the user to silently discard OPTIONS ping or keepalive messages, or to reject these messages with a configurable SIP cause code. Without this feature's configurable actions, the SBC responds to incoming messages with a "503 Service Unavailable" response.

The container dryupModeHandling is added to "global system" and "sipSigPort."

The following four parameters are configurable as part of dryupModeHandling:

optionsKeepalive
optionsKeepaliveRejectReason
oodAndInvite
oodAndInviteRejectReason

Command Syntax

Code Block

title	Example - "global system"

% set global system   
	action <dryup | force>
    anonymizeDtmfLogging <disabled | enabled>
    dryupTimeout <15-1440 mins>
	dryupModeHandling
		optionsKeepalive <disabled | reject | silentDiscard>
		optionsKeepaliveRejectReason <400-699> 
		oodAndInvite <disabled | reject | silentDiscard>
		oodAndInviteRejectReason <400-699>
    mode <inService | outOfService>  
    rFactorComputation <disabled | enabled>

Code Block

title	Example - "zone sipSigPort"

% set addressContext <addressContext name> zone <zone name>
    action <dryup | force>
    dryUpTimeout <1-1440 mins>
    dscpValue <0-63>
    enforceAORMatch <disabled | enabled>
    facState <disabled | system>
    ipAddressV4 <IPv4 address>
    ipAddressV6 <IPv6 address>
    ipInterfaceGroupName <name>
    maskIpAddressforRcb <disabled | enabled>
    maskPortforRcb <disabled | enabled>
    mode <inService | outOfService>
    portNumber <1-65535>
    recorder <disabled | enabled>
    sctpProfileName <name>
    siprec <disabled | enabled>
	sipSigPort <index #>
		dryupModeHandling
			optionsKeepalive <disabled | reject | silentDiscard>
			optionsKeepaliveRejectReason <400-699> 
			oodAndInvite <disabled | reject | silentDiscard>
			oodAndInviteRejectReason <400-699>        
    sipTcpConnectionAgingState <disabled | enabled>
    state <disabled | enabled>
    tcpConnectTimeout <0-180>
    tcpKeepaliveInterval <60-120 seconds>
    tcpKeepaliveProbes <1-10>
    tcpKeepaliveTime <60-7200 seconds>
    tcpUserTimeout < 0 | 10-3600 seconds >   
    tlsProfileName <name>
    transportProtocolsAllowed <sip-sctp | sip-tcp | sip-tls-tcp | sip-udp | sip-ws-tcp | sip-wss-tls>

Command Parameters

Parameter	Length/Range	Default	Description	M/O
`dryupModeHandling`	N/A	N/A	Handles actions while the SBC is in dry-up mode, including: silently discarding OPTIONS ping or keepalive messages, or reject messages with a configurable SIP cause code. `oodAndInvite` `oodAndInviteRejectReason` `optionsKeepalive` `optionsKeepaliveRejectReason`	O
`oodAndInvite`	N/A	disabled	Handles the INVITE and other Out Of Dialog (OOD) messages during dry-up mode. These configurable actions allow the user to silently discard INVITE and other OOD messages, or to reject these messages with a configurable SIP cause code `disabled` (default) `reject` – The SBC rejects messages with a configurable SIP cause code `silentDiscard` – The SBC silently discards INVITE and other OOD messages	O
`oodAndInviteRejectReason`	400-699	503	The SIP cause code used for rejecting the new INVITE, OPTIONS that require further routing, as well as OOD messages (REGISTER, OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INFO, MESSAGE, REFER).	O
`optionsKeepalive`	N/A	disabled	Handles the OPTIONS health-check or Keepalive messages during dry-up mode. `disabled` (default) `reject` – The SBC rejects messages with a configurable SIP cause code `silentDiscard` – The SBC silently discards OPTIONS ping and keepalive messages	O
`optionsKeepaliveRejectReason`	400-699	503	The SIP cause code used for rejecting the keep-alive OPTIONS message.	O

Configuration Examples

Code Block

title	Config example - "global system"

set global system dryupModeHandling optionsKeepalive reject
set global system dryupModeHandling optionsKeepaliveRejectReason 699 
set global system dryupModeHandling oodAndInvite silentDiscard
set global system dryupModeHandling oodAndInviteRejectReason 503
commit

Code Block

title	Config example - "sipSigPort"

set addressContext default zone 1 sipSigPort 2 dryupModeHandling optionsKeepalive silentDiscard
set addressContext default zone 1 sipSigPort 2 dryupModeHandling optionsKeepaliveRejectReason 503 
set addressContext default zone 1 sipSigPort 2 dryupModeHandling oodAndInvite disabled
set addressContext default zone 1 sipSigPort 2 dryupModeHandling oodAndInviteRejectReason 400
commit

SBX-105206 Diameter Rx Support for CNF Solution

The Diameter Protocol (Rx) interface is supported on SBC CNe. The Signaling Gateway (SG) Pod applies the SBC configuration related to DS, D+, DIAMETER, and Lawful Intercept (LI) IMS Signaling, similar to the SLB (Load Balancer). In a VNF environment, the Diameter Agent and Diameter client are located on the same system.

For Diameter Rx in the CNF environment, The Diameter Agent runs on the SC or RS pod with the Diameter Client running on the SG Pod. For Lawful Intercept (LI), the Diameter Client is IM and is co-hosted on the SG Pod with the Diameter client.

The following fields are added to the existing diamNode configuration to enable the IP address and port allocation from the NS/PFE :

ipNamev4
ipNamev6
networkSegmentName

Command Syntax

Code Block

set addressContext default diamNode Diam originRealm pcscf-rf-ims.test primaryOriginHost pcrf1 secondaryOriginHost pcrf2 networkSegmentName sg-default-pkt0 ipNameV4 SGPKT0 ipInterfaceGroupName LIGSG state enabled

Command Parameters

Parameter	Length/Range	Description	M/O
`networkSegmentName`	N/A	Name of the Network Segment Id	O
`ipNamev4`	N/A	The ipV4 address variable name	O
`ipNamev6`	N/A	The ipV6 address variable name	O

Code Block

title	Example

% set addressContext default diamNode Diam originRealm pcscf-rf-ims.test primaryOriginHost pcrf1 secondaryOriginHost pcrf2 networkSegmentName sg-default-pkt0 ipNameV4 SGPKT0 ipInterfaceGroupName LIGSG state enabled

SBX-118955 REGISTER and SUBSCRIBE NOTIFY support for the SBC CNe

This feature describes the CNF Relay Service Pod (RS Pod). This pod handles all OOD non-INVITE messages (including REGISTER) except for OPTIONS, which are sent to the SC pod. This pod includes the following functionalities:

RS Pod writes the data (Reg CB and Relay CB) into the Redis database.
RS Pod supports M:N redundancy.

The GUID parameter is added to the Address Context. A globally Unique GUID is generated by the RS pod for each Relay Cb and RCB. This unique identifier serves as a key to reconstruct that particular call block in case of pod going down.

Command Syntax

Code Block

title	Example

> request addressContext <addressContext name> sipRegistrationDeleteByGuid GUID <guid>
 request addressContext default sipSubscriptionDeleteByGuid GUID  <guid>

 > show commands 
	show status addressContext <addressContext name> cnfSipActiveGroupRegSummaryStatus
	show status addressContext <addressContext name> cnfSipActiveGroupRegStatus
	show status addressContext <addressContext name> cnfSipActiveRegisterNameStatus
	show status addressContext <addressContext name> cnfSipDeletedRegisterNameStatus
	show status addressContext <addressContext name> cnfSipDeletedRegStatus
	show status addressContext <addressContext name> cnfSipSubscriptionStatus

Command Parameters

cnfSipActiveGroupRegStatus

This table presents the active SIP registration status summary for a list of SIP endpoints.

Command Syntax

Code Block

> show status addressContext <addressContext_name> cnfSipActiveGroupRegStatus <id> <guid>
aorName | state | contactURI | nextHopIpAddress | nextHopPortNum | registrarIpAddress | registrarPortNum | extExpirationTime | intExpirationTime | registrarDomainName | regIdIsChild | registrationType |

Command Parameters

Parameter	Description
`aorName`	The E.164 number and host portion plus optional BGID representing the Address of Record of the registering endpoint.
`contactURI`	The SIP CONTACT URI header.
`creationTime`	Octet string that identifies the date and GMT time at which the SIP registration is initiated.
`extExpirationTime`	The external expiration timer value in seconds.
`intExpirationTime`	The internal expiration timer value in seconds.
`nextHopIpAddress`	Next hop TSAP IP address.
`nextHopPortNum`	Next hop TSAP UDP port number.
`regIdIsChild`	Flag to optionally display results where the specified next registration ID is a child.
`registrarDomainName`	SIP registrar's domain name.
`registrarIpAddress`	SIP registrar's IP address.
`registrarPortNum`	SIP registrar's UDP port number.
`regType`	This field indicates the type of registrations. The registration type can be `'normal'` or `'emergency'.`
`state`	The registration state of the endpoint: <challenged \| completed \| deleting \| expired \| initiating \| null \| refreshing \| terminated \| updating>

cnfSipActiveGroupRegSummaryStatus

This table presents the active SIP registration status for a list of SIP endpoints with unique ID.

Command Syntax

Code Block
> show status addressContext <addressContext_name> cnfSipActiveGroupRegSummaryStatus <ip> <guid> aorName \| state \| nextRegIdIsChild \| registrationType \|

Command Parameters

Parameter	Description
`aorName`	The E.164 number and host portion plus optional BGID representing the Address of Record of the registering endpoint.
`nextRegIdIsChild`	Displays the next registration ID if it is a child.
`registrationType`	Registration type. The registration type can be `'normal'` or `'emergency'.`
`state`	The registration state of the endpoint: <challenged \| completed \| deleting \| expired \| initiating \| null \| refreshing \| terminated \| updating>

cnfSipActiveRegisterNameStatus

This table presents the active SIP registration for a list of SIP endpoints.

Command Syntax

Code Block

> show status addressContext <addressContext_name> cnfSipActiveRegisterNameStatus <ip address> <guid>
state | contactURI | nextHopIpAddress | nextHopPortNum | registrarIpAddress | registrarPortNum | externalExpirationTime | internalExpirationTime | creationTime | registrarDomainName | endPointBehindNapt | natPinHoleLearningStatus | securitytMechanismType | registrationType | e2aeMediaSecurity | isRoaming | viaHeaderAddr | transportProtocolToEndpoint | transportProtocolToAS | externalExpirationTimeLeft | internalExpirationTimeLeft | regId | ueRoamingType |
mobileCountryCode | mobileNetworkCode | destinationTrunkName |

Command Parameters

Parameter	Description
`contactURI`	SIP CONTACT URI header.
`creationTime`	Octet string identifying date and GMT time at which the SIP registration is initiated.
`destinationTrunkName`	Name of the destination trunk group.
`e2aeMediaSecurity`	Media-security status of the UE in the registration record <sdes-srtp or none>. If set to `sdes-srtp`, UE has e2ae (end-to-access edge) capability.
`endPointBehindNapt`	If value is“1”, the registered endpoint is behind NAPT; otherwise, value is “0”.
`externalExpirationTime`	The time left, in seconds, before registration expires towards the end point. NOTE: The value shown in this field is only valid when it is greater than 480 seconds due to internal processing
`internalExpirationTime`	The time left, in seconds, before registration expires towards the AS.
`isRoaming`	A value of "1" indicates registered UE is roaming (not on home network). Otherwise, value is "0".
`mobileCountryCode`	Mobile Country Code of the UE's current location.
`mobileNetworkCode`	Mobile Network Code of the UE's current location.
`natPinholeLearningStatus`	NAT pinhole learning process status. <aborted-due-to-traffic \| completed \| completed-due-to-timeout \| disabled \| none \| progressing>
`nextHopIpAddress`	Next hop Transport Service Access Point (TSAP) IP address.
`nextHopPortNum`	Next hop TSAP UDP port number.
`registrarDomainName`	The SIP registrar's domain name.
`registrarIpAddress`	SIP Registrar's IP Address.
`registrarPortNum`	SIP Registrar's UDP port number.
`regType`	This field indicates the type of registrations. The registration type can be `'normal'` or `'emergency'.`
`securityMechanismType`	The security mechanism type used for this registration. <ipsec-3gpp \| none \| tls>
`state`	The registration state of the endpoint: <challenged \| completed \| deleting \| initiating \| null \| refreshing \| terminated \| updating>
`transportProtocolToAS`	The transport protocol used on access toward AS.
`transportProtocolToEndpoint`	The transport protocol used on access towards the endpoint.
`ueRoamingType`	`0` – Home User `1` – Ravel Roaming User `2` – S8HR User Roaming in Visited Network `3` – S8HR User Roaming in Home Network
`viaHeaderAddress`	The IP address of the bottom-most Via header of a SIP Message populated by the very first originator of the REGISTER request.

cnfSipDeletedRegStatus

This table presents the deleted SIP registration status for a list of SIP endpoints with a unique ID.

Command Syntax

Code Block

> show status addressContext <addressContext_name> cnfSipDeletedRegStatus <guid>
aorname | reasoncode | contactURI | nextHopIpAddress | nextHopPortNum | registrarIpAddress | registrarPortNum | creationTime | terminationtime | registrarDomainName |

Command Parameters

Parameter	Description
`aorName`	The E.164 number and host portion plus optional BGID representing the address Of Record of the registering endpoint.
`contactURI`	The SIP CONTACT URI header.
`creationTime`	Octet string that identifies the date and GMT time at which the SIP registration is initiated.
`nextHopIpAddress`	Next hop Transport Service Access Point (TSAP) IP address.
`nextHopPortNum`	Next hop TSAP UDP port number.
`reasonCode`	Registration termination reason. <configProblem \| endpointInitiated \| internalError \| none \| regTimerExpired \| registrationMoved \| registrationRejected \| serviceUnavailable>
`registrarDomainName`	The SIP registrar's domain name.
`registrarIpAddress`	SIP registrar's IP address.
`registrarPortNum`	SIP registrar's UDP port number.
`terminationTime`	Date and GMT time at which the SIP registration is terminated.

cnfSipDeletedRegisterNameStatus

This table presents the deleted SIP registration status for a list of SIP endpoints.

Command Syntax

Code Block

> show status addressContext <addressContext_name> cnfSipDeletedRegisterNameStatus <ip address> <guid>
reasoncode | contactURI | nextHopIpAddress | nextHopPortNum | registrarIpAddress | registrarPortNum | creationTime | terminationtime| registrarDomainName |

Command Parameters

Parameter	Description
`reasonCode`	The registration termination reason.
`contactURI`	The SIP CONTACT URI header.
`nextHopIpAddress`	Next hop IP address.
`nextHopPortNum`	Next hop TSAP UDP port number.
`registrarIpAddress`	Registrar's IP address.
`registrarPortNum`	SIP registrar's UDP port number.
`creationTime`	Octet string that identifies the date and GMT time at which the SIP registration is initiated.
`terminationTime`	Octet string that identifies the date and GMT time at which the SIP registration is terminated.
`registrarDomainName`	The SIP registrar's domain name.

cnfSipSubscriptionStatus

This table presents the active SIP subscription status for a list of SIP endpoints.

Command Syntax

Code Block

> show status addressContext <addressContext_name> cnfSipSubscriptionStatus <ip address> <guid>
callId | state | nextHopIpAddress | nextHopPortNum | previousHopIpAddress | previousHopPortNum | expirationTime | serverDomainName | origEPDomain | subsId |

Command Parameters

Parameter	Description
`callId`	Caller ID that uniquely identified the relayed subscription.
`expirationTime`	The expiration timer value in seconds.
`nextHopIpAddress`	Next hop TSAP IP address.
`nextHopPortNum`	Next hop TSAP UDP port number.
`origEPDomain`	Originating endpoint contact host.
`previousHopIpAddress`	Originating endpoint's IP Address.
`previousHopPortNum`	Originating endpoint's UDP port number.
`serverDomainName`	The SIP subscription server's domain name as received in contact header of 200 OK for SUBSCRIBE.
`state`	The subscription state of the endpoint. (active \| expired \| initiating \| null \| terminated)
`subsId`	A subscriber that uniquely identified the relayed subscription.

SBX-122463 OPTIONS Pings Only When There is No Regular Traffic

The SBC CNe application supports the SIP OPTIONS ping feature. A SIP OPTIONS request is periodically sent to a pre-configured or FQDN IP peer (IPv4 and IPv6 are supported) to check its connectivity status. The OPTIONS request is sent via the Signaling Port of the zone configured for the peer. The OPTIONS ping health check should be disabled when there is SIP traffic from the IP Peer. The OPTIONS ping resumes after the configured InActivityMonitoringTimer timeout is counted from the endpoint's last SIP msg

The InActivityMonitoringTimer parameter is introduced to the Path Check Profile to stop the OPTION ping for the SBC CNe when SIP traffic is active for an endpoint.

Command Syntax

Code Block
% set profiles services pathCheckProfile <Profile Name> InActivityMonitoringTimer <Non Zero Value>

Command Parameters

Parameter Length/Range Default Description M/O

InActivityMonitoringTimer

0-600

0

The interval timer parameter stops the endpoint's OPTION ping for a duration configured under this field when there is SIP traffic from the endpoint. If the timer is set to 0, the OPTiON ping won't be paused for that Path Check Profile. If the interval has a non-zero value, the SBC CNe checks the activity status after the expiry of the interval period.

The recommended value is 4 to 5 times the sendInterval parameter value.

Include Page

	_CNe only
	_CNe only

O

Configuration Examples

Code Block

title	Example

% set profiles services pathCheckProfile PUBS_PCP InActivityMonitoringTimer 5
commit
 
% show profiles services pathCheckProfile PUBS_PCP
InActivityMonitoringTimer 5;

SBX-123618 Signaling Gateway and SG Service for SBC CNF

An option SG is added to the networkSegmentType parameter.

Command Syntax

% set system networkSegmentTable <network_segment_table_name> networkSegmentType <network_segment_type> networkInterfaceName <network_interface_name>

Command Parameters

Parameter

Length/Range

Default

Description

M/O

networkSegmentType

N/A

The network segment type for this configuration.

OAM
PFE
SC_CS (changed to SC)
SG
SLB

M

Parameter

Length/Range

Default

Description

M/O

SG

N/A

When configured, enables the interfacing for non SIP signaling communication.

pkt1
pkt0

M

Configuration Examples

set system networkSegmentTable sg-default-pkt0 networkSegmentType SG networkInterfaceName pkt0
set system networkSegmentTable sg-default-pkt0 prefixV4 24
set system networkSegmentTable sg-default-pkt0 ipNameV4 SGPKT0 ipList [ 10.52.66.225 ]

set addressContext default ipInterfaceGroup LIGSG ipInterface LIFSG mode inService
set addressContext default ipInterfaceGroup LIGSG ipInterface LIFSG state enabled
set addressContext default ipInterfaceGroup LIGSG ipInterface LIFSG networkSegmentName sg-default-pkt0
set addressContext default ipInterfaceGroup LIGSG ipInterface LIFSG ipNameV4 SGPKT0

commit

SBX-123759 Cloud 1:1 SBC displaying System Name in Traps/Alarms and PM stats

The flag useCeNameForSystemName is added at the "system - admin" level.

Command Syntax

Code Block

title	Example

% set system admin vsbcSystem useCeNameForSystemName < disabled | enabled >

Command Parameters

Parameter Length/Range Default Description M/O

useCeNameForSystemName

N/A

disabled

Enable this flag to swap the System Name for the Server Name of traps and stats that only have a System Name (and no Server Name).

disabled (default)
enabled

O

Configuration Examples

Code Block

language	none

set system admin vsbcSystem useCeNameForSystemName enabled
commit

New CLI in 12.1.0R0

SBX-125210 Support for Importing PEM Files and Keys to SBC PKI

The SBC supports importing PEM and DER file types and PrivateKey. To use this functionality, keep the file in an external directory on an active SBC. To support the encrypted private keys, a prompt is raised for the passPhrase when the private key is imported. The imported privateKeys and related fields, such as passPhrases, are stored in a container database (CDB) to ensure robust security. The parameter keyFileName allows importing keys separately. In previous versions, the SBC did not supportthe p12 file import if the FIPS mode was used. Validation is added in the SBC 12.1 build to reject the p12 file import with a reason if the FIPS mode is used.

The parameter keyFileName, is added to allow importing keys separately.

Command Syntax

Code Block

title	Example

% set system security pki certificate <certificate name>
    keyFileName <1-255 characters>
 
% show system security pki

% delete system security pki

Command Parameters

Parameter	Length/Range	Default	Description	M/O
`keyFileName`	0 to 255	N/A	The name of the file containing the private key in DER/PEM format.	O

Configuration Examples

Importing PEM/DER certificates and keys:

Code Block

language	none

set system security pki certificate newcert type local fileName mycert.pem keyFileName mycert.key passPhrase sonus
Commit complete.

The PEM/DER keys are supported:

Code Block
set system security pki certificate newcert4 type local fileName mycert.pem keyFileName mycert.key.der Commit complete.

The PKCS12 certificates are not supported in FIPS mode:

Code Block

set system security pki certificate myp12 state enabled type local fileName mycert.p12 passPhrase sonus
Aborted: 'system security pki certificate': PKCS12 certs are not supported in FIPS mode, please provide both cert and key as PEM/DER.

Importing encrypted keys without passphrase fails:

Code Block

set system security pki certificate newcert3 type local fileName mycert.pem keyFileName mycert.key.enc
Aborted: 'system security pki certificate': Failed to read private key, please verify key/passphrase

SBX-120401 Add support for IPv6 for RADIUS server

The configuration object "vsaVendorType" is added to RADIUS Authentication.

Command Syntax

Code Block

title	Example

% set oam radiusAuthentication radiusServer <serverName>
    authenticationMethod <pap | peapmschapv2>
    mgmtInterfaceGroup <string>
    priority <#>
    radiusNasIp <x.x.x.x>
    radiusServerIp <x.x.x.x>
    radiusServerPort <#>
    radiusSharedSecret <8-128>
    state <disabled | enabled>
	vsaVendorType <none | 0-255>

Command Parameters

Parameter	Length/Range	Default	Description	M/O
`vsaVendorType`	none \| 0-225	none	Select "none" to allow all VSA vendor-types, or a number between 0-225 to only allow the group name to get returned in a VSA with that vendor-type.	O

Configuration Examples

Code Block

language	none

set oam radiusAuthentication radiusServer defaultServer vsaVendorType 123
commit

SBX-113574 CNF SIPREC Support

SIPREC commands are created or updated to support CNe pods. As well, SIPREC commands are updated to accept GUID as a key alongside GCID on the SBC CNe. On the SBC CNe, the OAM pod will execute action commands.

The following GUID commands are added to Request Global:

startRecordByGuid
stopRecordByGuid

The following GCID commands are updated for the SBC CNe:

startRecord
stopRecord

"Globally Unique Identifier" (GUID) Commands

Command Syntax

Code Block

title	startRecordByGuid

% request service SC podName <SC podName | ALL> global siprec startRecordByGuid GUID <GUID> callLeg ingress numOfStreams <1 | 2> srsIpAddress <SRS IP ADDRESS> srsFqdn1 <FQDN> srsPort <SRS PORT> transport <tcp | udp> trunkGroup <TRUNK GROUP NAME> srsIpAddress2 <SRS IP ADDRESS> srsFqdn2 <secondary FQDN> srsPort2 <SRS Port> transport2 <tcp | udp> trunkGroup2 <SIP Trunk Group>

Code Block

title	stopRecordByGuid

% request service SC podName <SC podName | ALL> global siprec stopRecordByGuid GUID <GUID> recorderAddress <IP Address> recorderFqdn <FQDN> recorderPort <Port Number> recorderId <recording session ID>

Command Description

Command Description

startRecordByGuid

Use this command and its sub-parameters to define and initiate a SIPREC recording session identified with GUID.

- callLeg – Call leg associated with this recording session.
  - egress
  - ingress
- GUID – GUID of call to start recording.
- numOfStreams – The number of simultaneous streaming to different Session Recording Server (SRS) IP addresses. (default = 1).
- srsFqdn1 – The FQDN of the SRS server to use for this recording, up to 63 characters. If you specify both an FQDN and individual IP address, the IP address takes precedence.
- srsFqdn2 – The FQDN of a secondary SRS server to use if the media stream is forked, up to 63 characters.
- srsIpAddress – The IP address of the primary recording server.
- srsIpAddress2 – The IP address of the secondary recording server to which the media stream is forked. (only applies when numOfStreams = 2)
- srsPort – The IP port number of the primary recording server.
- srsPort2 – The IP port number of the secondary recording server to which the media stream is forked. (only applies when numOfStreams = 2)
- transport – The transport protocol for recording sessions on the primary SRS IP.
  - tcp
  - udp (default)
- transport2 – The transport protocol for recording sessions on the secondary SRS IP (only applies when numOfStreams = 2)
  - tcp
  - udp (default)
- trunkGroup – The name of the SIPREC trunk group towards primary SRS IP for this recording session.
- trunkGroup2 – The name of the SIPREC trunk group towards secondary SRS IP for this recording session. (only applies when numOfStreams = 2)

stopRecordByGuid

Use this command and its sub-parameters to halt a recording session identified with GUID.

- GUID – GUID of the call to stop recording.
- recorderAddress – The IP address of the recorder to stop the recording of a GUID value.
- recorderFqdn – The FQDN of the SRS server on which to stop a recording, up to 63 characters.
- recorderId – The unique identifier of the recording session to stop. You can determine the recorderId for a session using the show table global SipRecStatus command.
- recorderPort – The port number of the recorder to stop the recording of a GUID value.

Info

title	Note

Commands which take GUID as key need not specify the SC podName and use "ALL" option for podName to trigger the command.

Configuration Examples

Code Block

title	Example - startRecordByGuid

request service SC podName ALL global siprec startRecordByGuid GUID 1234567 callLeg ingress numOfStreams 1 srsIpAddress 123.45.67.89 srsFqdn1 exampledomain.com srsPort 7321 transport udp trunkGroup exampleTrunkGroup 
commit

Code Block

title	Example - stopRecordByGuid

request service SC podName ALL global siprec stopRecordByGuid GUID 1234567 recorderAddress 123.45.67.89 recorderFqdn exampledomain.com recorderPort 1 recorderId testID
commit

"Global Call Identifier" (GCID) Commands

Command Syntax

Code Block

title	startRecord

% request service SC podName <SC podName> global siprec startRecord gcid <gcid> callLeg ingress numOfStreams <1 | 2> srsIpAddress <SRS IP ADDRESS> srsFqdn1 <FQDN> srsPort <SRS PORT> transport <tcp | udp> trunkGroup <TRUNK GROUP NAME> srsIpAddress2 <SRS IP ADDRESS> srsFqdn2 <secondary FQDN> srsPort2 <SRS Port> transport2 <tcp | udp> trunkGroup2 <SIP Trunk Group>

Code Block

title	stopRecord

% request service SC podName <SC podName> global siprec stopRecord gcid <gcid> recorderAddress <IP Address> recorderFqdn <FQDN> recorderPort <Port Number> recorderId <recording session ID>

Command Description

Command Description

startRecord

Use this command and its sub-parameters to define and initiate a SIPREC recording session identified with GCID.

- callLeg – Call leg associated with this recording session.
  - egress
  - ingress
- gcid – GCID of call to start recording.
- numOfStreams – The number of simultaneous streaming to different Session Recording Server (SRS) IP addresses. (default = 1).
- srsFqdn1 – The FQDN of the SRS server to use for this recording, up to 63 characters. If you specify both an FQDN and individual IP address, the IP address takes precedence.
- srsFqdn2 – The FQDN of a secondary SRS server to use if the media stream is forked, up to 63 characters.
- srsIpAddress – The IP address of the primary recording server.
- srsIpAddress2 – The IP address of the secondary recording server to which the media stream is forked. (only applies when numOfStreams = 2)
- srsPort – The IP port number of the primary recording server.
- srsPort2 – The IP port number of the secondary recording server to which the media stream is forked. (only applies when numOfStreams = 2)
- transport – The transport protocol for recording sessions on the primary SRS IP.
  - tcp
  - udp (default)
- transport2 – The transport protocol for recording sessions on the secondary SRS IP (only applies when numOfStreams = 2)
  - tcp
  - udp (default)
- trunkGroup – The name of the SIPREC trunk group towards primary SRS IP for this recording session.
- trunkGroup2 – The name of the SIPREC trunk group towards secondary SRS IP for this recording session. (only applies when numOfStreams = 2)

stopRecord

Use this parameter and its sub-parameters to halt a recording session identified with GCID.

- GCID – GCID of the call to stop recording.
- recorderAddress – The IP address of the recorder to stop the recording of a GCID value.
- recorderFqdn – The FQDN of the SRS server on which to stop a recording, up to 63 characters.
- recorderId – The unique identifier of the recording session to stop. You can determine the recorderId for a session using the show table global SipRecStatus command.
- recorderPort – The port number of the recorder to stop the recording of a GCID value.

Info

title	Note

Commands which take GCID as key must specify the SC podName on which the call is hosted.

Configuration Examples

Code Block

title	Example - startRecord

request service SC podName testPod global siprec startRecord gcid 1234567 callLeg ingress numOfStreams 1 srsIpAddress 123.45.67.89 srsFqdn1 exampledomain.com srsPort 7321 transport udp trunkGroup exampleTrunkGroup
commit

Code Block

title	Example - stopRecord

request service SC podName testPod global siprec stopRecord gcid 1234567 recorderAddress 123.45.67.89 recorderFqdn exampledomain.com recorderPort 1 recorderId testID
commit

SBX-112973 MS Teams Tenant Number Configuration

The SBC is enhanced to send the tenant number in the INPUT DATA to the PES, derived from the REFER SIP message's FROM header. A trunk group option, "Send Refer Transferor Number To PSX" controls this activity. When enabled, the INPUT DATA contains the tenant number from the REFER message. A trunk group parameter, sendReferTransferorNumberToPSX, is added to control sending the transferor number in the INPUT DATA for the PES from the REFER SIP message.

When the control is enabled, the SBC exhibits the same behavior as the Diversion. If the control sendReferTransferorNumberToPSX is enabled and the REFER Transferor number is sent to the PSX, the next INVITE’s To header is mapped from the Redirection Origination Number and becomes different from the RURI, unless the following control is set:

Code Block
% set profiles signaling ipSignalingProfile <IPSP_NAME> egressIpAttributes sipHeadersAndParameters sipToHeaderMapping calledNumber

Command Syntax

Code Block

title	Example

% set addressContext <addressContext name> zone <ZONE NAME> sipTrunkGroup <TG NAME> services sendReferTransferorNumberToPSX <disabled | enabled>

Command Parameters

Parameter Length/Range Default Description M/O

sendReferTransferorNumberToPSX

N/A

disabled

Use this parameter to send the transferor party number to the PSX.

disabled
enabled

O

Configuration Examples

Code Block

language	none

set addressContext default zone SIP_ZONE_AS sipTrunkGroup SIP_TG_AS_V4 services sendReferTransferorNumberToPSX enabled

Internal_display_only

language	none
title	Example

SBX-105149 IPsec Phase 2 support for SHA2 on SWe

SBC SWe only: To support SHA2, the following three options are added to "integrity" in the IPsec Protection Profile:

hmacSha256
hmacSha384
hmacSha512

Command Syntax

Code Block

title	SHA2 - Example

% set profiles security ipsecProtectionProfile <profile> espAlgorithms integrity <hmacMd5 | hmacSha1 | hmacSha256 | hmacSha384 | hmacSha512>

Command Parameters

SBC SWe only: To support SHA2, the following three options are added to "integrity":

hmacSha256
hmacSha384
hmacSha512

Parameter Length/Range Default Description M/O

integrity

n/a

hmacSha1

The IKE Protection Profile Integrity Cipher.

hmacMd5
hmacSha1 (default)
hmacSha256
hmacSha384
hmacSha512

O

Configuration Example

Code Block

title	SHA2 - Configuration Example

set profiles security ipsecProtectionProfile exampleProfile espAlgorithms integrity hmacSha512
commit

SBX-94531 Port speed says 1Gbps for SR-IOV interface in VMWare

The following two CLI commands are altered to hide the "Packet Port Speed" entry:

show table system serverAdmin
show table system serverStatus

Users can still access packet port speed information by entering the following command:

show table system ethernetPort packetPortStatus

Configuration Examples

Code Block

title	WITHOUT FEATURE: "serverAdmin" command

show table system serverAdmin 
       ACTUAL                     DEVICE
       CE      COREDUMP           SMART   MODULAR                PKT PORT     HW SUB
NAME   NAME    PROFILE   ROLE     ATTRIB  TYPE     HW TYPE       SPEED        TYPE
---------------------------------------------------------------------------------------
sbc1  sbc1    default    primary   0      false    ConnexIP5000  speed1Gbps  virtual

Info

title	Note

Observe how the "PKT PORT SPEED" entry in the config example above is now hidden in the example with the feature applied below.

Code Block

title	WITH FEATURE: "serverAdmin" command

show table system serverAdmin
      ACTUAL                     DEVICE
      CE      COREDUMP           SMART   MODULAR                HW SUB
NAME  NAME    PROFILE   ROLE     ATTRIB  TYPE     HW TYPE       TYPE
--------------------------------------------------------------------------
sbc1  sbc1    default   primary   0      false    ConnexIP5000  virtual

Space shortcuts

Page tree

Versions Compared

Old Version 7

New Version 8

Key

New CLI in 12.1.2R0

SBX-105148 Support for Diffie-Hellman Group 15 (3072-bit)

New CLI in 12.1.1R0

SBX-104737 Configurable actions in dry up mode

SBX-105206 Diameter Rx Support for CNF Solution

SBX-118955 REGISTER and SUBSCRIBE NOTIFY support for the SBC CNe

SBX-122463 OPTIONS Pings Only When There is No Regular Traffic

New CLI in 12.1.0R0

SBX-120401 Add support for IPv6 for RADIUS server

SBX-113574 CNF SIPREC Support

"Globally Unique Identifier" (GUID) Commands

"Global Call Identifier" (GCID) Commands

SBX-112973 MS Teams Tenant Number Configuration

SBX-94531 Port speed says 1Gbps for SR-IOV interface in VMWare