Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

In this section:

Table of Contents
maxLevel2

...

Noprint
Panel

...

bgColortransparent

...

Expand

...

Back to Table of Contents

Back to CLI and MIB Changes

Section
Column
Panel

In this section:

Table of Contents
maxLevel3

 

New CLI Commands in This Release

...

titleClick here for expanded TOC...
Table of Contents
maxLevel4
minLevel2

 

Info
titleInfo

Default values are enclosed in square brackets [ ]

...

SBX-49: ICS, Service Continuity, and Miscellaneous Enhancements

contactTransparencyForIsFocusMediaTag:

The flag contactTransparencyForIsFocusMediaTag is added under commonIpAttributes.

...

 

New CLI in 6.2.2R0

SBX-58171 DISA (Federal Govt) requires stronger radius authentication like CHAP or EAP

PEAP/MSCHAPv2 is a new method of authentication added to the RadiusAuthentication functionality. This allows a more secure authentication where the radius password is sent using encryption (PEAP) and authenticated via the Microsoft Challenge Handshake Authentication Protocol (MSHAPv2). A CLI command has been added to set the Radius authentication method:

 

Code Block

...

% set

...

oam

...

radiusAuthentication

...

radiusServer

...

<serverName>

...

authenticationMethod

...

<pap |

...

peapmschapv2>

 

dialogTransparency:

The flag dialogTransparency is added to zone object.

Code Block
languagenone
titlezone dialogTransparency
% set addressContext <addressContext Name> zone <zone Name> dialogTransparency <enabled | disabled>   

 

supportSCSCFRestorationProcedures:

The flag supportSCSCFRestorationProcedures is added to IP Signaling Profile's commonIpAttributes object.

Code Block
languagenone
titleipSignalingProfile commonIpAttributes flags supportSCSCFRestorationProcedures
% set profiles signaling ipSignalingProfile ipSignalingProfile_name commonIpAttributes flags supportSCSCFRestorationProcedures <enable | disable> 

 

sipSigPort:

The following parameters are added to sipSigPort object:

  • action
  • dryUpTimeout
Code Block
languagenone
titlezone sipSigPort action / dryupTimeout
% set addressContext <adddressContext name> zone <zone name> sipSigPort <sipSigPort index> action <dryup | force>

% set addressContext <adddressContext name> zone <zone name> sipSigPort <sipSigPort index> dryUpTimeout <1...1440> 

 

transitIOI:

The parameter transitIOI is added to SIP Trunk Group signaling object.

Code Block
titlesipTrunkGroup signaling transitIOI
% set addressContext <addressContext Name> zone <zone Name> sipTrunkGroup <Sip Trunk Group Name> signaling transitIOI <string>
Noprint

Back to Top

SBX-153: Ability to Define Independent Media Port Range

The parameters mediaPortRange and tcpPortRange are added to both System and SIP Trunk Group Media objects:

mediaPortRange:

Code Block
languagenone
titlesipTrunkGroup media mediaPortRange
% set addressContext <addressContext_Name> zone <zone_Name> sipTrunkGroup <sipTrunkGroup_Name> media mediaPortRange
Possible completions:
  baseUdpPort - Base UDP port number for RTP/RTCP media (inclusive).
  maxUdpPort  - Maximum UDP port number for RTP/RTCP media (inclusive). 
Code Block
languagenone
titlesystem media mediaPortRange
% set system media mediaPortRange
Possible completions:
  baseUdpPort - Base UDP port number for RTP/RTCP media (inclusive).
  maxUdpPort  - Maximum UDP port number for RTP/RTCP media (inclusive). 

tcpPortRange:

Code Block
languagenone
titlesipTrunkGroup media tcpPortRange
% set addressContext <addressContext_Name> zone <zone_Name> sipTrunkGroup <sipTrunkGroup_Name> media tcpPortRange
Possible completions:
  baseServerPort - Base TCP port number for MSRP media (inclusive)
  maxServerPort  - Maximum TCP port number for MSRP media (inclusive) 
Code Block
languagenone
titlesystem media tcpPortRange
% set system media tcpPortRange
Possible completions:
  baseServerPort - Base port number for TCP media Server (inclusive).
  maxServerPort  - Max port number for TCP media Server (inclusive).  
Noprint

Back to Top

SBX-296: Support for SIP Digest with TLS

The tls option is added to sipSecurityMechanism parameter.

Code Block
languagenone
titlesipSecurityMechanism
% set profiles services sipSecurityProfile <sipSecurityProfile name> sipSecurityMechanism <ipsec-3gpp | tls> precedence <1-65535>

SBX-430: Call Trace Option Enhancements For SBC

A new option, level4, is added to the callFilter to trace calls for SIP PDUs only.

Code Block
languagenone
titlecallFilter
% set global callTrace callFilter < callFilter_name> level <level1 | level2 | level3 | level4> 
Noprint

Back to Top

SBX-438: Enhanced SIP URI Transparency Capabilities

The parameter rewriteIdentities is added to the SIP Trunk Group Signaling object to support SIP URI transparency for SIP-URIs present in outbound SIP message.

Code Block
languagenone
titlerewriteIdentities
% set addressContext <address_context_name> zone <zone_name> sipTrunkGroup <STG1> signaling rewriteIdentities <enabled | [disabled]> 

SBX-570: Generating CDRs for SIP Registrations

The following flags and parameter are added in support of logging event records for MESSAGE, OPTIONS and PUBLISH SIP methods:

  • eventAcctState
  • eventAcctPsxInfoState
  • eventAcctMethods (eventMessage, eventOptions, eventPublish)
Code Block
languagenone
titleeventAcct flags/parmaeter
% set oam accounting admin eventAcctState <disable | enable>
 
% set oam accounting admin eventAcctPsxInfoState <disable | enable>
 
% set oam accounting admin eventAcctMethods <eventMessage | eventOptions | eventPublish>

SBX-686: SBC Fallback to G.711 When Detecting a FAX CED tone

The option fallbackToG711AllowPeerToNegotiateFaxRelay is added to the parameter fax toneTreatment.

Code Block
languagenone
titlefallbackToG711AllowPeerToNegotiateFaxRelay
% set profiles media codecEntry <codecentry_name> fax toneTreatment <disconnect | fallbackToG711 | fallbackToG711AllowPeerToNegotiateFaxRelay | faxRelay | faxRelayOrFallbackToG711 | ignoreDetectionAllowPeerToNegotiateFaxRelay | [none]>
Noprint

Back to Top

SBX-1256: Remove Max Simultaneous SUBSCRIBE and NOTIFY Soft Limit

The parameter initialSipSubscribe is added to system congestion policer preferences configuration to define the preference of the initial Subscribe requests during policing. Default value is "2".

Internal cause code congestionPolicing is added to internalSipCauseMapProfile object.

The following counters are added to systemCongestionCurrentStatistics table:

  • avgSubsRate – The average Subscribe rate since the current interval started
  • peakSubsRate – The peak Subscribe arrival rate during the collection interval
  • sipsSubsArrivals – The number of SIP Subscribe arrivals since the current interval started
  • sipsSubsRejects – The number of SIP Subscribe rejects since the current interval started

The following counters are added to systemCongestionIntervalStatistics table:

  • avgSubsRate – The average Subscribe rate during the specified interval
  • peakSubsRate – The peak Subscribe arrival rate during the specified interval
  • sipsSubsArrivals – The number of SIP Subscribe arrivals during the specified interval
  • sipsSubsRejects – The number of SIP Subscribe rejects during the specified interval

The systemCongestionSubsArrivalRate counter is added to systemCongestionStatus table to provide a snapshot of the number of Subscribe arrivals in the last second.

 

Code Block
languagenone
titleinitialSipSubscribe
% set system congestion policer preference initialSipSubscribe <0-3> 
Code Block
languagenone
titlecongestionPolicing
% set profiles signaling sipCauseCodeMapping internalSipCauseMapProfile <profile_name> causeMap congestionPolicing <SIP cause value> 

...

languagenone
titlesystemCongestionStatus

...

SBX-68514 Duplicated autoIndex is Generated

This feature adds the verifyAutoIndex configuration parameter. The verifyAutoIndex configuration parameter checks new entries added to an SBX configuration table that has an Auto Index column to make sure that the newly assigned Auto Index value does not already exist in that table. This configuration parameter is in the admin object of the system-level configuration.

Code Block
% set system admin <system name> verifyAutoIndex <false | true>

 

New CLI in 6.2.1R0

SBX-25205 SRTP to RTP Fallback on Receipt of 488

A new profile retryProfile is added to the profiles object to configure a trigger/action rule to specify that when a particular response code (and optional warning code) is received (the trigger), the SBC performs a fallback action (fallback SRTP to RTP, fallback to IPV4 or fallback to IPV6). The SBC then reattempts an INVITE with the updated Session Description Protocol (SDP) offer based on the action configured for the received error response and warning code.

 

Code Block
% set profiles services retryProfile <retryProfile name>
  attemptRecordGeneration <[disabled] | enabled>
  state <[disabled] | enabled>
  triggerActionRule <1-16>
       sipResponseCode <300-699>
       sipWarningCode <300-399>
       action <1-16>
              actionType <fallBackSrtpToRtp | fallBackToIPV4 | fallBackToIPV6>

 

SBX-54065 and SBX-35444 SWe Capacity Improvement and Estimation

The performance of the SBC VM can be optimized by providing the call mix while configuring the SBC SWe instance. The SBC includes a set of predefined call mixes also known as standard traffic profiles. Additionally, a user can create custom traffic profiles containing a call mix that is more appropriate for the SBC SWe.

The following system profiles are added/updated in this release:

SWe Profile
Description
Change
sweTrafficProfilesProfile configuration of all the standard and custom profiles and their respective call mix.New SWe profile.
sweActiveProfile 

Profile configuration of  the name of active profile and time-stamp of activation.

New standard profile added to the existing configuration at SWe Active Profile - CLI:

  • standard_highcps_callmix_profile
sweCodecMixProfile 

The standard and custom codec mix profile configuration.

New SWe profile.
Code Block
% set system sweTrafficProfiles <profile name> accessScenario true callHoldTime 125 passthroughCodecProfile cmix1 transcodePercent 30 transcodingCodecProfile G711_G729_20ms

 

SBX-67540 Change the flag name for lastProvResponse to lastReceivedSdp for the forking scenarios

Code Block
% set addressContext <name> zone <name> sipTrunkGroup <name> media earlyMedia 
	forkingBehaviour <firstProvResponse | firstRtp | lastReceivedSdp | pemPriority>
	method 
		pEarlyMedia 
			defaultGatingMethod <inactive | recvonly | sendonly | sendrecv>
			egressSupport <disabled | enabled>
		rtpServerTable rtpServerTableName
		sessionAnswer

Hide

Removed feature based on feedback from Shambhu:

SBX-60738 Capacity License for Network Wide Licenses

Several licenses of the SBC are "count-based;" the features dependent on those licenses (known as count-based features) can scale only up to the count permitted by the available number of corresponding licenses. The Service Capacity License, referred as the "SBC-CAPACITY" license, allows the count-based features to use the full capacity of the SBC.  The following changes are made to the SBC CLI:

  • The set system licenseRequired command now includes SBC-CAPACITY license as a possible option. Since SBC-CAPACITY is an "on/off" license, configuration of the the minCount and maxCount parameters is not required. 
  • On successful activation of the SBC-CAPACITY license, the show commands display the license status.
  • Two statistics are added to the show table global command:
    • serviceAuthorisedCurStats
    • serviceAuthorisedIntStats

 

To configure SBC-CAPACITY:

 

% set system licenseRequired SBC-CAPACITY

 

 

To display the table for serviceAuthorisedCurStats:

 

> show table global serviceAuthorisedCurStats

 

 

To display the table for serviceAuthorisedIntStats:

 

> show table global serviceAuthorisedIntStats

SBX-61136 Add 1:1 HA option support for AWS and non D-SBC Cloud

The parameter mgmtMode is added to the system admin status command in this release, and  specifies whether SBC SWe instances are managed manually or through EMS/VNFM.

Two modes for managing the HA/Redundancy of SBC SWe Cloud Network Functions Virtualization (NFV) are supported:

Centralized (default) - Use this mode for traditional HA/redundancy model (1:1 scenario) where one active instance is backed up by one standby instance. In Centralized mode, the SBC configuration is synchronized between active and standby SBCs. The Centralized mode is preferred for deployments where the scale/sessions requirements are low.

Distributed - Use this mode for SBC SWe Cloud deployments where up to N active SBC instances are backed up by a single standby SBC instance (N:1). In this mode, each node is configured separately, and the configuration on active and standby instances are not synchronized. 

The changes in CLI are:

  • The parameter mgmtMode is added to system. This parameter specifies whether the instances are managed either manually, or through EMS/VNFM. There are two supported modes:
    • centralized (default)
    • distributed
  • The rgstatus, serverStatus, and serverAdmin commands are supported on AWS for 1:1 redundancy group. For centralized mode, the commands display details of both active and standby volumes.

 

Code Block
> show table system admin <system name> mgmtMode

 

New CLI in 6.2.0R0

SBX-30086 SBC7K/5K sharedCacLimitsPool Enhancement to Encompass Gateway Trunk Group

The SBC in enhanced with the following CLI to support Gateway CAC functionality. 

Code Block
% set addressContext <address_context_name> zone <zone_name> gwTrunkGroup <gateway_trunk_group_name> parentSharedCacLimitsPoolName <shared_Cac_limits_pool_name>

% set addressContext <name> zone <name> gwTrunkGroup <name> cac
    bandwidthLimit <0-2147483647>
    callLimit <0-2147483647>
    egress
    emergencyOversubscription <0-1000>
    hpcOversubscription <0-100>
    ingress

 

SBX-43651 SBC Supports Pushing Audit Records to Remote Server Using rsyslog.conf File

The SBC is enhanced with the following CLI in support of configuring a remote server IP address, port, and protocol type to push the audit logs to the remote server.

Code Block
% set oam eventLog platformAuditLogs auditLogRemoteHost <IPv4/IPv6 address>
% set oam eventLog platformAuditLogs auditLogPort <1 to 65535>
% set oam eventLog platformAuditLogs auditLogProtocolType <relp | [tcp] | udp>
 
> show table oam eventLog platformAuditLogs

 

SBX-44333 SIPREC Forking to two Recorders

The SBC is enhanced with the following CLI in support of SIPREC on multiple recorders.

The following parameters are added to startRecord of SIPREC object:

  • numOfStreams
  • srsIpAddress2
  • srsPort2
  • trunkGroup2
  • transport2

The parameter recorderAddress is added to stopRecord.

 

Code Block
> request global siprec
    startRecord
        callLeg
            egress

...

ingress

...

    gcid <0-2147483647>

...

   numOfStreams

...

       srsIpAddress <SRS IP

...

ADDRESS>

...

...

...

srsIpAddress2

...

    srsPort <IP port

...

number>

...

    srsPort2 <Ip port

...

number>

...

...

 transport <tcp |

...

udp>

...

...

transport2  <tcp

...

| udp>

...

...

   trunkGroup

...

<TRUNK GROUP

...

NAME>

...

...

...

languagenone
titlesystemCongestionCurrentStatistics

...

...

...

...

...

trunkGroup2

...

...

...

...

stopRecord

...

    gcid

...

<0-2147483647>

...

...

recorderAddress

...

...

recorderPort

 

Additionally, the srsGroupProfile is added to the global servers object.

 

Code Block
% set global servers srsGroupProfile <profile name>
    description <0-199 characters>

...

  loadDistribution <roundRobin |

...

sequence>
    numSimultaneousStream

...

<1-2>

...

srsGroupData <0-7>

...

  ipAddress <IP

...

address>
        ipPort <IP

...

port>

...

    ipTGId <IP TG

...

Id>

...

    transport <tcp

...

| udp> 

 

SBX-45806 Pathcheck Ping using ICMP

The SBC is enhanced with the following configurations in support of Pathcheck ping enhancements:

  • The Path Check Path configuration is added to the System object.
  • The parameter, replyTimeout, is added to the pathCheckProfile configuration.
Code Block
% set system pathCheckPath <Path Check Path name>
    addressContext <addressContext name>

...

ipInterface <IP Interface name>
    ipInterfaceGroup <IPIG

...

name>

...

pathCheckProfile <Patch Check Profile name>
    reportSignalIpAddress <IP

...

address>

...

reportSignalIpPort <Port Id>
    sourceIpAddress <Ip address>

...

 state <[disabled] |

...

enabled>
    targetIpAddress <IP address>

...

  zone <Zone

...

name>
 
% set profiles services pathCheckProfile <profile

...

name>

...

failureResponseCodes <400-699 | all |all4xx | all5xx |

...

all6xx>

...

protocol <icmp | sipOptions>
    recoveryCount <1-10>

...

replyTimeoutCount <1-10>
    sendInterval

...

<1-600>
    transportPreference <preference1 | preference2 | preference3

...

| preference4>

 

SBX-46173 CLI Implementations Improvements

The SBC is enhanced to populate the encapsulated Integrated Service Digital Network User Part (ISUP) calling party even when it is not mapped to P-Asserted_ID in the INPUT DATA that is sent to the PSX. In support of this, the following flags are added to the SIP Trunk Group Signaling object.

  • mapFromHeaderToIsupGap

  • mapIsupCgpnToPAI 

 

Code Block
% set addressContext <name> zone <name> sipTrunkGroup <name> signaling callingParty
    cpcParamFromHeader <[default] | fromheader | paitel>
    fromHdrForCallingParty <disabled | [enabled]>
    mapFromHeaderToIsupGAP <[disabled] | enabled>
    mapIsupCgpnToPAI <[disabled] | enabled>
    paiForCallingParty <disabled | [enabled]>
    ppiForCallingParty <disabled | [enabled]>
    rpiForCallingParty <disabled | [enabled]>
    trustedSourceForIsup <disabled | [enabled]>

 

SBX-47758 DNS Query to an Interface Group Outside the Address Context

The parameter dnsGroup is added under System > Policy Server > Global Config to allow a DNS Group associate with the global configuration of the policy server. This allows the PSX FQDN resolution with a particular DNS Group.

Code Block
% set system policyServer globalConfig dnsGroup <dnsGroupServer_name>

 

SBX-54065 and SBX-35444 SWe Capacity Improvement and Estimation - Phase 1

The SBC is enhanced with the addition of the following  configuration and status commands in support of SBC SWe capacity improvements.

Code Block
% set system sweActiveProfile name <profile name>
    default
    standard_callmix_profile
    standard_msbc_profile
    standard_passthrough_profile
    standard_signaling_profile
    standard_transcoding_profile 
 
> show table system sweTrafficProfiles
> show table system sweActiveProfile
> show table system sweCodecMixProfile
> show table system sweProcessorCapacity
> show table system sweCapacityEstimate

 

SBX-54575 Remove Direct Log Access from sftproot

The SBC is enhanced with the addition of the following flag sftpadminLoginEnabled to the Account Management object to enable or disable the sftpadmin user.

 

Code Block
% set system admin <admin-name> accountManagement sftpadminLoginEnabled <false | [true]>

 

SBX-56559 Alert-Info and P-Early Media Headers Interworking

The SBC is enhanced with the addition of the following SIP Trunk Group flags:

Code Block
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup sipTrunkGroup name> signaling
      aiToPemInterworking <[disabled] | enabled>
      convertAlertToProgress <[disabled] | enabled>

 

SBX-58385 SMM Switch Semantics

The SBC is enhanced with the addition of the switch parameter  to the sipAdaptorProfile

 

Code Block
% set profiles signaling sipAdaptorProfile <name> rule <Index> criterion <Index> switch <Index>
	switchAction <1-128>
	switchValue <value>
	switchRegexpString <regular expression>



Deprecated CLI

Caption
0Table
1Deprecated CLI
3Deprecated CLI
Command / CLI Object ImpactedDeprecated CLIEffective Release
show table systemCongestionStatussystemCongestionMemLevel4.2.6R0
set system congestion"static" option4.2.6R0
set system congestion adaptive MCLevel"mc0" level4.2.6R0
set profiles system overloadProfilestaticMode parameter4.2.6R0
set profiles system overloadProfile "memory" option for setDuration, clearDuration, setThreshold, clearThreshold configurations4.2.6R0
set system adminmanagementIpVersion5.0.0R0
request system admin commandcommitSoftwareUpgrade5.0.0R0
show status system serverSoftwareUpgradeStatus
"committed" option5.0.0R0
show status addressContext <addressContext name> sipSubCountStatistics sipSubCountTotal5.0.5R0
request system admin <system Name> revertSoftwareUpgrade
revertSoftwareUpgrade
5.0.0R0
request system admin <system Name> commitSoftwareUpgrade
commitSoftwareUpgrade
5.0.0R0
H.323 IP Signaling Profile commonIpAttributes flags
  • addPChargingFuncAddr
  • disableMediaLockDown
  • fromHeaderAnonymisation
  • sendRTCPBandwidthInfo
  • sendRtcpPortInSdp
  • terminalPortabilityInterworking
  • usePsxRouteforRegisteredInvite
5.1.0R0
Packet Service ProfilemediaLockDownForPassThrough5.1.0R0
interceptCallDataChannelStatistics
  • primaryTcpChannelStatus.
  • secondaryTcpChannnelStatus.
  • DSRSuccess
  • DSRFailures
5.1.0R0
show table global siprecStatussiprecStatus6.2.0R0
 

Pagebreak

The Service Capacity License, referred as the "SBC-CAPACITY" license, allows the count-based features to use the full capacity of the SBC.

Code Block
languagenone
titlesystemCongestionIntervalStatistics
> show status system systemCongestionIntervalStatistics
systemCongestionIntervalStatistics 336 entry {
    intervalValid         true;
    time                  302394;
    levelMC1Count         0;
    levelMC1TotalTime     0;
    levelMC2Count         0;
    levelMC2TotalTime     0;
    levelMC3Count         0;
    levelMC3TotalTime     0;
    overloadRejects       0;
    avgCallRate           0;
    peakCallRate          0;
    callArrivals          0;
    emergencyCallArrivals 0;
    emergencyCallRejects  0;
    sipRegArrivals        0;
    sipRegRejects         0;
    avgRegRate            0;
    peakRegRate           0;
    maxActiveCalls        0;
    sipSubsArrivals       483888;
    sipSubsRejects        0;
    avgSubsRate           537;
    peakSubsRate          817;
} 
Noprint

Back to Top

SBX-2286: Signaling Port Range Support for Interworking with CUCM

The flag, usePortRangeFlag, is introduced under Signaling of Sip Trunk Group object to allow SBC to use a different IP-Port as a contact for each active registration.

Code Block
languagenone
titleusePortRangeFlag
% set addressContext <address context name> zone <zone name> sipTrunkGroup <TG name> signaling usePortRangeFlag <enabled | [disabled]> 

The sipTrunkgroupPortRangeStatistics  command is added to display portRangeActivePorts and portRangeRegistrationFailures for the specified SIP trunk group.

 

Code Block
languagenone
titlesipTrunkgroupPortRangeStatistics
> show table addressContext ac1 zone ZONE_AS sipTrunkgroupPortRangeStatistics
             PORT
             RANGE   PORT RANGE
             ACTIVE  REGISTRATION
NAME         PORTS   FAILURES
-----------------------------------
ASX_LABSIP3  0       0

SBX-2308: ICE-Lite Support

The following parameters are added to sipTrunkGroup services natTraversal object:

  • iceSupport
  • iceSourceAddressFilterPriority

The ice parameter is added to sipTrunkGroup media object with following options:

  • offerPreference
  • answerPreference

 

Code Block
languagenone
titleiceSupport
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <sipTrunkGroup name> services natTraversal iceSupport <[none] | iceWebrtc | iceLync | iceFull> 
Code Block
languagenone
titleiceSourceAddressFilterPriority
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <sipTrunkGroup name> services natTraversal iceSourceAddressFilterPriority
	serverReflexivePrefixLength <unsignedInt | 0..32, default=16>
	state <disabled | [enabled]>
Code Block
languagenone
titleice
% set addressContext <name> zone <name> sipTrunkGroup <name> media ice
	answerPreference <honorRecvPrec | ipv4 | ipv6 | [matchSigAddrType]>
	offerPreference <ipv4 | ipv6 | [matchSigAddrType]>
Noprint

Back to Top

SBX-2309: DTLS-SRTP Support

The dtlsProfile object is added to Security profiles. The following parameters are added to dtlsProfile. The SBC automatically generates a default DTLS profile once the system is up and running.

The following parameters are added to enable DTLS-SRTP handshake in the Packet Service Profile. 

  • dtlsCryptoSuiteProfile
  • enableDtlsSrtp
  • allowDtlsFallback

Two fields per media stream are added to the global callDetailStatus command (SBC supports six media streams).

  • ingressDtlsSrtpStream
  • egressDtlsSrtpStream

The dtlsSrtpStatistics table is added to the global profile.

 

Code Block
languagenone
titledtlsProfile
% set profiles security dtlsProfile <profile name> 
	CertName   
	cipherSuite1 (default = rsa-with-aes-128-cbc-sha)
	cipherSuite2 (default = nosuite)
	cipherSuite3 (default = nosuite)
	cookieExchange <disabled | [enabled]>
	dtlsRole <client | [server]>
    handshakeTimer <1-60 seconds, default = 5> 
    hashType <md2 | md5 | [sha1] | sha224 | sha256 | sha384 | sha512>
    sessionResumpTimer <0-86400, default = 300>
    v1_0 <disabled | [enabled]>
    v1_1 <[disabled] | enabled>
    v1_2 <[disabled] | enabled>
Code Block
languagenone
titledtlsCryptoSuiteProfile
% set profiles media packetServiceProfile <PSP Name> dtls dtlsCryptoSuiteProfile <Crypto Profile Name>
Code Block
languagenone
titledtlsFlags
% set profiles media packetServiceProfile <PSP Name> dtls dtlsFlags 
	enableDtlsSrtp <enable | [disable]>
	allowDtlsFallback <enable | [disable]>
Noprint

Back to Top

SBX-2311/2312: Interworking RBWF, SIP-I and ASX Subscribers/RBWF for UK-ISUP To BT-IUP

The following parameters are added to the isupSignalingProfile

  • sendPRIonRELforCBWF
  • sendAPPinAPMforCBWF
Code Block
languagenone
titlesendPRIonRELforCBWF
% set profiles signaling isupSignalingProfile <profile_name> sendPRIonRELforCBWF < supported | [unSupported] > 
Code Block
languagenone
titlesendAPPinAPMforCBWF
% set profiles signaling isupSignalingProfile <profile name> sendAPPinAPMforCBWF < supported | [unSupported] >
Noprint

Back to Top

SBX-3087: Need A Command To Dump TLS Certificate Content

The retrieveCertContent parameter is added to request system security command to retrieve content of an existing PKI certificate (local, local-internal and remote).

Code Block
languagenone
titleretrieveCertContent
> request system security pki certificate <certName> retrieveCertContent

SBX-3503: Granular Control of HD Codec Offer or Answer and Transcoding Behavior

The following flags are added to Packet Service Profile configuration to support granular control of HD codec prioritization using Packet Service Profile:

  • HDCodec Preferred
  • Prefer NBPassthru Over HDTranscode
  • Match Offered Codec Group If Nb Only
  • Force Route PSPOrder
Code Block
languagenone
titlepacketServiceProfile
% set profiles media packetServiceProfile <name> flags HDCodecPreferred <[disable] | enable>
 
% set profiles media packetServiceProfile <name> flags HDCodecPreferred enable preferNBPassthruOverHDTranscode <[disable]| enable>  
 
% set profiles media packetServiceProfile <name> flags MatchOfferedCodecGroupIfNbOnly <[disable] | enable>  
 
% set profiles media packetServiceProfile <name> flags forceRoutePSPOrder <[disable] | enable>   

SBX-3889: Embedded Headers Support in 3xx Contact Headers

The flag honorEmbeddedHeadersin3xx is added to IP Signaling Profile's egressIpAttributes redirect flags command to allow SBC to handle embedded headers in 3xx Contact headers.

Code Block
languagenone
titlehonorEmbeddedHeadersin3xx
set profiles signaling ipSignalingProfile <profile name> egressIpAttributes redirect flags honorEmbeddedHeadersin3xx <[disable] | enable> 
Noprint

Back to Top

SBX-3949: IMS Media Security Protocol Negotiation

The e2aeMediaSecurity statistic is added to the sipActiveRegisterNameStatus command to display status of the media-security setting by the UE in the registration record. The  possible values are sdes-srtp or none.

Code Block
languagenone
titlee2aeMediaSecurity
show status addressContext ADDR_CONTEXT_1 sipActiveRegisterNameStatus 
sipActiveRegisterNameStatus 3000@10.54.154.119 256 {
state terminated;
contactURI "";
nextHopIpAddress 10.54.80.17;
nextHopPortNum 5060; 
registrarIpAddress 10.54.80.17;
registrarPortNum 6092;
externalExpirationTime 3600;
internalExpirationTime 0;
creationTime 2014-08-05T10:13:29+00:00;
registrarDomainName "";
endPointBehindNapt 0;
natPinholeLearningStatus none;
securityMechanismType none; 
e2aeMediaSecurity sdes-srtp; 

SBX-4204: IPSec or IMS Authentication and Key Agreement for TCP

The parameter sbxSecMode is added to SIP Security Profile object to specify which mode the SBC will operate under for IMS access security deployments.

Code Block
languagenone
titlesbxSecMode
set profiles services sipSecurityProfile <Security_Profile_Name> sbxSecMode <[sbc-pcsf] | sbc-only>
Noprint

Back to Top

SBX-4418: MSRP DSCP Marking Configurable

The qosValues parameter msrpDscp is added to Packet Service Profile object to provide the capability to configure a MSRP DSCP value.

Code Block
languagenone
titlemsrpDscp
% set profiles media packetServiceProfile <Profile_Name> qosValues msrpDscp <[0]-255> 

SBX-4858: Enabling 60 ms Packet Size for G711 and G729 Codecs

SBC is enhanced to configure a packet size of 60 ms for G.711, G.711ss, G.729a and G.729ab codecs.

Code Block
languagenone
titleg711 / g711ss packetSize
% set profiles media codecEntry <Codec Entry Name> codec g711 packetSize <[10] | 15 | 20 | 25 | 30 | 35 | 40 | 45 | 50 | 55 | 60 |>

% set profiles media codecEntry <Codec Entry Name> codec g711ss packetSize <[10] | 15 | 20 | 25 | 30 | 35 | 40 | 45 | 50 | 55 | 60 |>
Code Block
languagenone
titleg729a / g729ab packetSize
% set profiles media codecEntry <Codec Entry Name> codec g729a packetSize <[10] | 20 | 30 | 40 | 50 | 60>

% set profiles media codecEntry <Codec Entry Name> codec g729ab packetSize <[10] | 20 | 30 | 40 | 50 | 60>

SBX-4903 MS Lync Video Relay

The iceLync enumerator is added to iceSupport parameter as a choice when configuring SBC to interwork with a Microsoft Lync 2010 or 2013 client.

Code Block
languagenone
titleiceLync
% set addressContext <AC name> zone <zone name> sipTrunkGroup <TG name> services natTraversal iceSupport <none | iceWebrtc | iceLync | iceFull> 
Noprint

Back to Top

SBX-23665: SBC MUST Preserve Req-URI Received

SBC is enhanced to transparently send custom and standard userinfo parameters, such as tgrp, trunk-context, cic, rn, received in ENUM response using the IP Signaling Profile includeEnumParameters flag.

Code Block
languagenone
titleincludeEnumParameters
% set profiles signaling ipSignalingProfile <ipsignalingprofile> egressIpAttributes flags includeEnumParameters < enable | [disable] > 

SBX-29604: Move XRM Debug Show Commands to Operational Data

New ipPolicing Statistic

The uFlowStats statistic is added to the command "show system ipPolicing" to provide microflow statistics.

Code Block
languagenone
titleuFlowStats
> show status system ipPolicing uFlowStats
uFlowStats 1 {
    sourceIpAddress      10.10.10.10;
    destinationIpAddress 10.11.12.13;
    sourceIpPort         45506;
    ipProtocol           udp;
    lifGrpId             2;
    policerMode          PktRate;
    policerBucketSize    50;
    policerCreditRate    1023;
    aggPolicer           "ZONE AGG";
    aggPolicerPriority   1;
    packetAccept         1;
    packetDiscard        0;
    byteAccept           527;

Enhancements to Existing CLI Show Commands

The CLI command  "show status/table global callMediaStatus" is enhanced to include the following statistics:

sRTP/sRTPC statistics

  • ingressMediaStream1SrtpAuthFailure – The number of RTP authentication failures on ingress leg
  • ingressMediaStream1SrtpReplayFailure – The number of RTP anti-replay failures on ingress leg
  • egressMediaStream1SrtpAuthFailure – The number of RTP authentication failures on egress leg
  • egressMediaStream1SrtpReplayFailure – The number of RTP anti-replay failures on egress leg

RTCP Statistics

  • ingressMediaStream1RtcpPacketsReceived – The number of RTCP packets received on ingress leg
  • ingressMediaStream1RtcpPacketsSent – The number of RTCP packets transmitted on ingress leg
  • egressMediaStream1RtcpPacketsReceived – The number of RTCP packets received on egress leg
  • egressMediaStream1RtcpPacketsSent – The number of RTCP packets transmitted on egress leg

ICE Statistics

  • ingressMediaStream1StunDtlsPacketsReceived – The number of STUN/DTLS packets received on ingress leg
  • ingressMediaStream1StunDtlsPacketsDiscarded – The number of STUN/DTLS packets discarded on ingress leg
  • egressMediaStream1StunDtlsPacketsReceived – The number of STUN/DTLS packets received on egress leg
  • egressMediaStream1StunDtlsPacketsDiscarded – The number of STUN/DTLS packets discarded on egress leg
Expand
Code Block
languagenone
titlecallMediaStatus
> show status global callMediaStatus
callMediaStatus 786432 {
    mediaStreamsInCall                          audio;
    ingressMacHeader                            0-1B-21-AF-EA-CB;
    egressMacHeader                             0-1B-21-AF-EA-CB;
    ingressBearerType                           voice;
    egressBearerType                            voice;
    ingressCfgAudioType                         G711;
    egressCfgAudioType                          G729AB;
    ingressActAudioType                         g711ulaw;
    egressActAudioType                          g729ab;
    ingressRemPacketsLost                       0;
    ingressRFactorInbound                       93;
    ingressRFactorOutbound                      93;
    egressRemPacketsLost                        0;
    egressRFactorInbound                        82;
    egressRFactorOutbound                       82;
    mediaStream1Label                           audio;
    mediaStream1Codec                           G711;
    ingressMediaStream1PacketsSent              4656;
    ingressMediaStream1PacketsReceived          4651;
    ingressMediaStream1OctetsSent               744960;
    ingressMediaStream1OctetsReceived           799972;
    ingressMediaStream1RtcpPacketsSent          0;
    ingressMediaStream1RtcpPacketsReceived      0;
    ingressMediaStream1PacketsLost              0;
    ingressMediaStream1PacketsDiscarded         0;
    ingressMediaStream1PacketLatency            0;
    ingressMediaStream1InterarrivalJitter       0;
    ingressMediaStream1StunDtlsPacketsReceived  0;
    ingressMediaStream1StunDtlsPacketsDiscarded 0;
    ingressMediaStream1SrtpAuthFailure          0;
    ingressMediaStream1SrtpReplayFailure        0;
    egressMediaStream1PacketsSent               2373;
    egressMediaStream1PacketsReceived           4642;
    egressMediaStream1OctetsSent                17158;
    egressMediaStream1OctetsReceived            148544;
    egressMediaStream1RtcpPacketsSent           0;
    egressMediaStream1RtcpPacketsReceived       0;
    egressMediaStream1PacketsLost               0;
    egressMediaStream1PacketsDiscarded          0;
    egressMediaStream1PacketLatency             0;
    egressMediaStream1InterarrivalJitter        0;
    egressMediaStream1StunDtlsPacketsReceived   0;
    egressMediaStream1StunDtlsPacketsDiscarded  0;
    egressMediaStream1SrtpAuthFailure           0;
    egressMediaStream1SrtpReplayFailure         0;
} 
Noprint

Back to Top

The CLI command "show status addressContext ipAccessControlList defaultAclStatistics" is enhanced to include configuration and statistics data for all VM guest-based default ACL rules.

The existing ACL statistics table is expanded to include the following:

  • "Owner" of each ACL entry (SBC, ePSX, VM, etc.).
  • <Guest Id> of each ACL entry (host, VM1, VM2, etc.)
Code Block
languagenone
titledefaultAclStatistics
> show status addressContext default ipAccessControlList defaultAclStatistics
defaultAclStatistics 9 {
    protocol             UDP;
    application          dns_udp_guest;
    addressContextId     *;
    lifGrpId             *;
    sourceIpAddress      "* (53)";
    destinationIpAddress "* (0)";
    policingMode         PktRate;
    bucketSize           "50 pkt";
    creditRate           "1000 pkt/s";
    polId                0;
    polPriority          0;
    packetAccept         0;
    packetDiscard        0;
    aggPol               none;
    owner                vm;
    vmGuestId            Vm1;
} 
Noprint

Back to Top

Deprecated Commands in This Release

The following CLI commands and statistics are deprecated in this release.

  1. Removed "commitSoftwareUpgrade" attribute from "request system admin" command.

  2. Removed "acceptPercentage" parameter from Overload Profile staticMode object.
  3. Removed “committed” status from “show table system serverSoftwareUpgradeStatus”  command.
  4. Removed 'systemCongestionMemLevel' statistic from systemCongestionStatus command.
  5. Removed "managementIpVersion" parameter from System Admin command.
Noprint

Back to Top

...