Page History

New CLI in 12.1.3R0

SBX-86345 SBC RFC 3261 SIP Cancel Handling Flag

The SBC provides a flag to turn off the current behavior (generate CANCEL immediately) and wait for 100 Trying back from the peer before issuing a CANCEL. The flag Enable 3261 Cancel Handling is added to the IP Signaling Profile under Egress IP Attributes -> Flags.

• When this flag is enabled, it indicates to the gateway initiating an INVITE that it can only send a SIP CANCEL after receiving a SIP provisional response (the SIP CANCEL must conform to RFC 3261).
• When this flag is disabled, this constraint does not apply, and the CANCEL can be sent anytime. This is the default behavior.

Command Syntax

% set profiles signaling ipSignalingProfile <profile_name>  egressIpAttributes flags enable3261CancelHandling <disable | enable>

Command Parameters

SBX-125164 Visibility on Overload situations: Responses to received SIP Options

The SIP OPTIONS messages/responses statistics generation is configurable using the flag sipOptionsStats for trunk group and IP peer configuration. By default, this flag is disabled. Unless this flag is enabled, the statistics are not generated. 

The .csv file generated for these statistics has the following naming convention and content format. There is one entry per SIP Message and per direction.

Command Syntax

% set addressContext <acName> zone <zoneName> ipPeer <ipPeerName> sipOptionsStats <disabled | enabled>
 
% set addressContext <acName> zone <zoneName> sipTrunkGroup <tgName> sipOptionsStats <disabled | enabled>

SBX-126610 MRF transcoded call support for CNe solution - Support RFC 4117

The SBC CNe is enhanced to support the Media Resource Function (MRF) RFC 4117 transcoding to allow external MRF for transcoding subjects for the SBC CNe using the global configuration object "mrfProfile." Media Resource Function (MRF) supports any media inter-working requirement that includes transcoding and transrating. The MRF RFC 4117 transcoding requirements are already supported on the SBC SWe Platform.

Command Syntax

% set global mrfProfile <mrfProfile Name>
    mrfRoutingType <fqdn | IpAddress>
    mrfTgName <mrfTgName Name>
    mrfRequestUri <mrfRequestUri Uri>
    mrfPort <mrfPort Name>
    mrfTransportType <TCP | TLS | UDP>
    mrfMediaIpInterfaceGroupName <mrfMediaIpInterfaceGroupName Name>
    state <disabled | enabled>

Command Parameters

 Configuration Example

set global mrfProfile CNF_MRF mrfRoutingType IpAddress mrfTgName TG_IAD mrfRequestUri ribbon.com mrfPort 8090 mrfTransportType TCP mrfMediaIpInterfaceGroupName LIG1 state enabled
commit

SBX-127000 - SBX-131075 Disconnect CS Session if SIPREC Fails

The SBC is enhanced to disconnect the communication session when the SIPREC fails. The following configuration fields are added under the SBC SRS Group Cluster Profile (to use in the case of the ERE) and PSX SRS Group Cluster Profile (to use in the case of the external PSX):

• minRecordingSession – The SBC disconnects the calls if the minimum number of recording sessions specified in this field is not established within the stipulated time.
• siprecEstablishmentTimeout – The time limit within which the SBC needs to establish the minimum recording session(s).
• siprecReEstablishmentTimeout – The time limit within which the SBC needs to establish the minimum recording session(s) when a SIPREC session fails during a recording. 

When the SBC fails to establish the required number of recording sessions for a given call within the specified time, the SBC clears the communication session.  If the communication session is already established and the SIPREC recording is also in progress, and if the recording fails, the SBC disconnects the call if the recording session is not re-established.

Command Syntax

% set global servers srsGroupCluster <unique srsGroupCluster name> minRecordingsCriteria
  minRecordingSession <0-4 characters>
  siprecEstablishmentTimeout <5-300 characters>
  siprecReEstablishmentTimeout <0-300 characters>

Command Parameters

Configuration Examples

set global servers srsGroupCluster CLUSA minRecordingsCriteria minRecordingSession 2
commit

set global servers srsGroupCluster CLUSA minRecordingsCriteria siprecEstablishmentTimeout 60
Commit

set global servers srsGroupCluster CLUSA minRecordingsCriteria siprecReEstablishmentTimeout 20
commit

SBX-127337 Add Support to Dynamically Configure SSH Cipher/MAC/Kex Algorithms

% set system admin <SYSTEM NAME> sshdConfig <ciphers | macs | kexalgorithms> <ALGORITHMS list>

New CLI in 12.1.2R0

SBX-105148 Support for Diffie-Hellman Group 15 (3072-bit)

To support Diffie-Hellman Group 15 (3072-bit), the option "modp3072" is added to "dhGroup" in the IKE Protection Profile.

Command Syntax

% set profiles security ikeProtectionProfile <profile> algorithms dhGroup <modp768 | modp1024 | modp1536 | modp2048 | modp3072>

To support Diffie-Hellman Group 15 (3072-bit), "modp3072" is added to "dhGroup." 

set profiles security ikeProtectionProfile exampleProfile algorithms dhGroup modp3072
commit

SBX-118956 IPsec (Signaling) support for CNF solution

The SPD and remote configurations are enhanced to provide the network segment name details.

Command Syntax

set addressContext <ac> ipsec spd <spd name> networkSegmentName slb-default-pkt1 ipNameV4 | ipNameV6 SLBPKT1 localPort <port>localIpPrefixLen <prefix length>remoteIpAddr <ip address>remotePort <port> remoteIpPrefixLen <prefix length>
 
set addressContext <ac> ipsec peer <peer name> ipAddress <ip address> preSharedKey <preshared key> localIdentity type ipV4Addr networkSegmentName <network segment name> ipNameV4 | ipNameV6  <IP list name>

Command Parameters

Configuration Example

#IKE Protection Profile
set profiles security ikeProtectionProfile IKE_PROTECT_1 saLifetimeTime 1200
set profiles security ikeProtectionProfile IKE_PROTECT_1 algorithms encryption aesCbc128,_3DesCbc
set profiles security ikeProtectionProfile IKE_PROTECT_1 algorithms integrity hmacSha1,hmacMd5
commit
  
#IPSec Protection Profile
set profiles security ipsecProtectionProfile IPSEC_PROTECT_1 saLifetimeTime 1200
set profiles security ipsecProtectionProfile IPSEC_PROTECT_1 espAlgorithms integrity hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile IPSEC_PROTECT_1 espAlgorithms encryption aesCbc128,_3DesCbc
commit
  
 
#Configure Remote
set addressContext default ipsec peer RACOON2 ipAddress 10.128.254.159 preSharedKey secretsecretsecretsecretsecretsecret localIdentity type ipV4Addr networkSegmentName sc-default-pkt1 ipNameV4 SCPKT1
commit
set addressContext default ipsec peer RACOON2 remoteIdentity type ipV4Addr ipAddress 10.128.254.159
set addressContext default ipsec peer RACOON2 protectionProfile IKE_PROTECT_1
commit
  
#Configure IPSec SPD
set addressContext default ipsec spd RACOON2-SPD1 precedence 999
set addressContext default ipsec spd RACOON2-SPD1 networkSegmentName sc-default-pkt1 ipNameV4 SCPKT1 localPort 0 localIpPrefixLen 32 remoteIpAddr 10.128.254.159 remotePort 0 remoteIpPrefixLen 32
set addressContext default ipsec spd RACOON2-SPD1 action protect
set addressContext default ipsec spd RACOON2-SPD1 protectionProfile IPSEC_PROTECT_1
set addressContext default ipsec spd RACOON2-SPD1 peer RACOON2
set addressContext default ipsec spd RACOON2-SPD1 mode tunnel
set addressContext default ipsec spd RACOON2-SPD1 state enabled
commit
 
#Set the protocol to IKEv1 or IKEv2
set addressContext default ipsec peer RACOON2 protocol ikev1
commit
  
#Enable IPSec on the interfacegroup
set addressContext default ipInterfaceGroup LIGSC1 ipsec enable
commit

SBX-124215 Multi-Country LI for VoLTE IMS

The SBC is enhanced to support multiple CALEA users to align with RAMP. For MCLI, "calea" users from different countries can push the targets to the respective X1 interfaces.

SBX-127690 ACT File Retention and CDR File Naming (for CNe) Enhancements

The following commands are introduced to reset the global sequence number and delete the ACT files after configuring the number of days.

Command Syntax

% request oam eventLog typeAdmin acct resetSequenceNumber <disabled | enabled>
 
% request oam eventLog typeAdmin acct daysToKeep <1-7>

 Command Parameters

Configuration Examples

request oam eventLog typeAdmin acct resetSequenceNumber enabled
request oam eventLog typeAdmin acct daysToKeep 1
commit

SBX-129092 Support TLS1.3 for OAM-RAMP Connection

The security profile parameter, EmaTlsProfile, is modified to include the TLSv1.3 protocol version.

Command Syntax

% set profiles security EmaTlsProfile <EMA TLS Profile name> v1_3 <disabled | enabled>

Command Parameters

Configuration Examples

set profiles security EmaTlsProfile TLSprofile1 v1_3 enabled
commit

 New CLI in 12.1.1R0

SBX-104737 Configurable actions in dry up mode

This feature adds configurable actions while the SBC is in dry-up mode ("out of service mode"). These configurable actions allow the user to silently discard OPTIONS ping or keepalive messages, or to reject these messages with a configurable SIP cause code. Without this feature's configurable actions, the SBC responds to incoming messages with a "503 Service Unavailable" response.

The container dryupModeHandling is added to "global system" and "sipSigPort."

The following four parameters are configurable as part of dryupModeHandling: 

• optionsKeepalive
• optionsKeepaliveRejectReason
• oodAndInvite
• oodAndInviteRejectReason

Command Syntax

% set global system   
	action <dryup | force>
    anonymizeDtmfLogging <disabled | enabled>
    dryupTimeout <15-1440 mins>
	dryupModeHandling
		optionsKeepalive <disabled | reject | silentDiscard>
		optionsKeepaliveRejectReason <400-699> 
		oodAndInvite <disabled | reject | silentDiscard>
		oodAndInviteRejectReason <400-699>
    mode <inService | outOfService>  
    rFactorComputation <disabled | enabled>

% set addressContext <addressContext name> zone <zone name>
    action <dryup | force>
    dryUpTimeout <1-1440 mins>
    dscpValue <0-63>
    enforceAORMatch <disabled | enabled>
    facState <disabled | system>
    ipAddressV4 <IPv4 address>
    ipAddressV6 <IPv6 address>
    ipInterfaceGroupName <name>
    maskIpAddressforRcb <disabled | enabled>
    maskPortforRcb <disabled | enabled>
    mode <inService | outOfService>
    portNumber <1-65535>
    recorder <disabled | enabled>
    sctpProfileName <name>
    siprec <disabled | enabled>
	sipSigPort <index #>
		dryupModeHandling
			optionsKeepalive <disabled | reject | silentDiscard>
			optionsKeepaliveRejectReason <400-699> 
			oodAndInvite <disabled | reject | silentDiscard>
			oodAndInviteRejectReason <400-699>        
    sipTcpConnectionAgingState <disabled | enabled>
    state <disabled | enabled>
    tcpConnectTimeout <0-180>
    tcpKeepaliveInterval <60-120 seconds>
    tcpKeepaliveProbes <1-10>
    tcpKeepaliveTime <60-7200 seconds>
    tcpUserTimeout < 0 | 10-3600 seconds >   
    tlsProfileName <name>
    transportProtocolsAllowed <sip-sctp | sip-tcp | sip-tls-tcp | sip-udp | sip-ws-tcp | sip-wss-tls> 

Command Parameters

Configuration Examples

set global system dryupModeHandling optionsKeepalive reject
set global system dryupModeHandling optionsKeepaliveRejectReason 699 
set global system dryupModeHandling oodAndInvite silentDiscard
set global system dryupModeHandling oodAndInviteRejectReason 503
commit

set addressContext default zone 1 sipSigPort 2 dryupModeHandling optionsKeepalive silentDiscard
set addressContext default zone 1 sipSigPort 2 dryupModeHandling optionsKeepaliveRejectReason 503 
set addressContext default zone 1 sipSigPort 2 dryupModeHandling oodAndInvite disabled
set addressContext default zone 1 sipSigPort 2 dryupModeHandling oodAndInviteRejectReason 400
commit

SBX-105206 Diameter Rx Support for CNF Solution

The Diameter Protocol (Rx) interface is supported on SBC CNe.  The Signaling Gateway (SG) Pod applies the SBC configuration related to DS, D+, DIAMETER, and Lawful Intercept (LI) IMS Signaling, similar to the SLB (Load Balancer).  In a VNF environment, the Diameter Agent and Diameter client are located on the same system.  

For Diameter Rx in the CNF environment, The Diameter Agent runs on the SC or RS pod with the Diameter Client running on the SG Pod. For Lawful Intercept (LI), the Diameter Client is IM and is co-hosted on the SG Pod with the Diameter client.

The following fields are added to the existing diamNode configuration to enable the IP address and port allocation from the NS/PFE :

• ipNamev4
• ipNamev6
• networkSegmentName

Command Syntax

set addressContext default diamNode Diam originRealm pcscf-rf-ims.test primaryOriginHost pcrf1 secondaryOriginHost pcrf2 networkSegmentName sg-default-pkt0 ipNameV4 SGPKT0 ipInterfaceGroupName LIGSG state enabled

Command Parameters

% set addressContext default diamNode Diam originRealm pcscf-rf-ims.test primaryOriginHost pcrf1 secondaryOriginHost pcrf2 networkSegmentName sg-default-pkt0 ipNameV4 SGPKT0 ipInterfaceGroupName LIGSG state enabled

SBX-118955 REGISTER and SUBSCRIBE NOTIFY support for the SBC CNe

This feature describes the CNF Relay Service Pod (RS Pod). This pod handles all OOD non-INVITE messages (including REGISTER) except for OPTIONS, which are sent to the SC pod. This pod includes the following functionalities:

• RS Pod writes the data (Reg CB and Relay CB) into the Redis database.

• RS Pod supports M:N redundancy. 

The GUID parameter is added to the Address Context. A globally Unique GUID is generated by the RS pod for each Relay Cb and RCB. This unique identifier serves as a key to reconstruct that particular call block in case of pod going down.

Command Syntax

> request addressContext <addressContext name> sipRegistrationDeleteByGuid GUID <guid>
 request addressContext default sipSubscriptionDeleteByGuid GUID  <guid>

 > show commands 
	show status addressContext <addressContext name> cnfSipActiveGroupRegSummaryStatus
	show status addressContext <addressContext name> cnfSipActiveGroupRegStatus
	show status addressContext <addressContext name> cnfSipActiveRegisterNameStatus
	show status addressContext <addressContext name> cnfSipDeletedRegisterNameStatus
	show status addressContext <addressContext name> cnfSipDeletedRegStatus
	show status addressContext <addressContext name> cnfSipSubscriptionStatus

Command Parameters

cnfSipActiveGroupRegStatus

This table presents the active SIP registration status summary for a list of SIP endpoints.

Command Syntax

> show status addressContext <addressContext_name> cnfSipActiveGroupRegStatus <id> <guid>
aorName | state | contactURI | nextHopIpAddress | nextHopPortNum | registrarIpAddress | registrarPortNum | extExpirationTime | intExpirationTime | registrarDomainName | regIdIsChild | registrationType |

Command Parameters

cnfSipActiveGroupRegSummaryStatus

This table presents the active SIP registration status for a list of SIP endpoints with unique ID. 

Command Syntax

> show status addressContext <addressContext_name> cnfSipActiveGroupRegSummaryStatus <ip> <guid>
aorName | state | nextRegIdIsChild | registrationType |

Command Parameters

cnfSipActiveRegisterNameStatus

This table presents the active SIP registration for a list of SIP endpoints.

Command Syntax

> show status addressContext <addressContext_name> cnfSipActiveRegisterNameStatus <ip address> <guid>
state | contactURI | nextHopIpAddress | nextHopPortNum | registrarIpAddress | registrarPortNum | externalExpirationTime | internalExpirationTime | creationTime | registrarDomainName | endPointBehindNapt | natPinHoleLearningStatus | securitytMechanismType | registrationType | e2aeMediaSecurity | isRoaming | viaHeaderAddr | transportProtocolToEndpoint | transportProtocolToAS | externalExpirationTimeLeft | internalExpirationTimeLeft | regId | ueRoamingType |
mobileCountryCode | mobileNetworkCode | destinationTrunkName |

Command Parameters

cnfSipDeletedRegStatus

This table presents the deleted SIP registration status for a list of SIP endpoints with a unique ID. 

Command Syntax

> show status addressContext <addressContext_name> cnfSipDeletedRegStatus <guid>
aorname | reasoncode | contactURI | nextHopIpAddress | nextHopPortNum | registrarIpAddress | registrarPortNum | creationTime | terminationtime | registrarDomainName |

Command Parameters

cnfSipDeletedRegisterNameStatus

This table presents the deleted SIP registration status for a list of SIP endpoints. 

Command Syntax

> show status addressContext <addressContext_name> cnfSipDeletedRegisterNameStatus <ip address> <guid>
reasoncode | contactURI | nextHopIpAddress | nextHopPortNum | registrarIpAddress | registrarPortNum | creationTime | terminationtime| registrarDomainName |

Command Parameters

cnfSipSubscriptionStatus 

This table presents the active SIP subscription status for a list of SIP endpoints.

Command Syntax

> show status addressContext <addressContext_name> cnfSipSubscriptionStatus <ip address> <guid>
callId | state | nextHopIpAddress | nextHopPortNum | previousHopIpAddress | previousHopPortNum | expirationTime | serverDomainName | origEPDomain | subsId |

Command Parameters

SBX-122463 OPTIONS Pings Only When There is No Regular Traffic

The SBC CNe application supports the SIP OPTIONS ping feature. A SIP OPTIONS request is periodically sent to a pre-configured or FQDN IP peer (IPv4 and IPv6 are supported) to check its connectivity status. The OPTIONS request is sent via the Signaling Port of the zone configured for the peer. The OPTIONS ping health check should be disabled when there is SIP traffic from the IP Peer. The OPTIONS ping resumes after the configured InActivityMonitoringTimer timeout is counted from the endpoint's last SIP msg

The InActivityMonitoringTimer parameter is introduced to the Path Check Profile to stop the OPTION ping for the SBC CNe when SIP traffic is active for an endpoint.

Command Syntax

% set profiles services pathCheckProfile <Profile Name>
    InActivityMonitoringTimer <Non Zero Value>

Command Parameters

Configuration Examples

% set profiles services pathCheckProfile PUBS_PCP InActivityMonitoringTimer 5
commit
 
% show profiles services pathCheckProfile PUBS_PCP
InActivityMonitoringTimer 5;

SBX-123618 Signaling Gateway and SG Service for SBC CNF

An option SG is added to the networkSegmentType parameter.

Command Syntax

Command Parameters

Configuration Examples

SBX-123759 Cloud 1:1 SBC displaying System Name in Traps/Alarms and PM stats

The flag useCeNameForSystemName is added at the "system - admin" level.

Command Syntax

% set system admin vsbcSystem useCeNameForSystemName < disabled | enabled > 

Command Parameters

Configuration Examples

set system admin vsbcSystem useCeNameForSystemName enabled
commit

New CLI in 12.1.0R0

SBX-125210 Support for Importing PEM Files and Keys to SBC PKI

The SBC supports importing PEM and DER file types and PrivateKey. To use this functionality, keep the file in an external directory on an active SBC. To support the encrypted private keys, a prompt is raised for the passPhrase when the private key is imported. The imported privateKeys and related fields, such as passPhrases, are stored in a container database (CDB) to ensure robust security. The parameter keyFileName allows importing keys separately. In previous versions, the SBC did not supportthe p12 file import if the FIPS mode was used. Validation is added in the SBC 12.1 build to reject the p12 file import with a reason if the FIPS mode is used.

The parameter keyFileName, is added to allow importing keys separately.

Command Syntax

% set system security pki certificate <certificate name>
    keyFileName <1-255 characters>
 
% show system security pki

% delete system security pki

Command Parameters

Configuration Examples

Importing PEM/DER certificates and keys:

set system security pki certificate newcert type local fileName mycert.pem keyFileName mycert.key passPhrase sonus
Commit complete.

The PEM/DER keys are supported:

set system security pki certificate newcert4 type local fileName mycert.pem keyFileName mycert.key.der
Commit complete.

The PKCS12 certificates are not supported in FIPS mode:

set system security pki certificate myp12 state enabled type local fileName mycert.p12 passPhrase sonus
Aborted: 'system security pki certificate': PKCS12 certs are not supported in FIPS mode, please provide both cert and key as PEM/DER.

Importing encrypted keys without passphrase fails:

set system security pki certificate newcert3 type local fileName mycert.pem keyFileName mycert.key.enc
Aborted: 'system security pki certificate': Failed to read private key, please verify key/passphrase

SBX-120401 Add support for IPv6 for RADIUS server

The configuration object "vsaVendorType" is added to RADIUS Authentication.

Command Syntax

% set oam radiusAuthentication radiusServer <serverName>
    authenticationMethod <pap | peapmschapv2>
    mgmtInterfaceGroup <string>
    priority <#>
    radiusNasIp <x.x.x.x>
    radiusServerIp <x.x.x.x>
    radiusServerPort <#>
    radiusSharedSecret <8-128>
    state <disabled | enabled>
	vsaVendorType <none | 0-255>

Command Parameters

Configuration Examples

set oam radiusAuthentication radiusServer defaultServer vsaVendorType 123
commit

SBX-113574 CNF SIPREC Support

SIPREC commands are created or updated to support CNe pods. As well, SIPREC commands are updated to accept GUID as a key alongside GCID on the SBC CNe. On the SBC CNe, the OAM pod will execute action commands.

The following GUID commands are added to Request Global:

• startRecordByGuid
• stopRecordByGuid

The following GCID commands are updated for the SBC CNe:

• startRecord
• stopRecord

"Globally Unique Identifier" (GUID) Commands

Command Syntax

% request service SC podName <SC podName | ALL> global siprec startRecordByGuid GUID <GUID> callLeg ingress numOfStreams <1 | 2> srsIpAddress <SRS IP ADDRESS> srsFqdn1 <FQDN> srsPort <SRS PORT> transport <tcp | udp> trunkGroup <TRUNK GROUP NAME> srsIpAddress2 <SRS IP ADDRESS> srsFqdn2 <secondary FQDN> srsPort2 <SRS Port> transport2 <tcp | udp> trunkGroup2 <SIP Trunk Group>

% request service SC podName <SC podName | ALL> global siprec stopRecordByGuid GUID <GUID> recorderAddress <IP Address> recorderFqdn <FQDN> recorderPort <Port Number> recorderId <recording session ID>

Command Description

Configuration Examples

request service SC podName ALL global siprec startRecordByGuid GUID 1234567 callLeg ingress numOfStreams 1 srsIpAddress 123.45.67.89 srsFqdn1 exampledomain.com srsPort 7321 transport udp trunkGroup exampleTrunkGroup 
commit

request service SC podName ALL global siprec stopRecordByGuid GUID 1234567 recorderAddress 123.45.67.89 recorderFqdn exampledomain.com recorderPort 1 recorderId testID
commit

"Global Call Identifier" (GCID) Commands

Command Syntax

% request service SC podName <SC podName> global siprec startRecord gcid <gcid> callLeg ingress numOfStreams <1 | 2> srsIpAddress <SRS IP ADDRESS> srsFqdn1 <FQDN> srsPort <SRS PORT> transport <tcp | udp> trunkGroup <TRUNK GROUP NAME> srsIpAddress2 <SRS IP ADDRESS> srsFqdn2 <secondary FQDN> srsPort2 <SRS Port> transport2 <tcp | udp> trunkGroup2 <SIP Trunk Group>

% request service SC podName <SC podName> global siprec stopRecord gcid <gcid> recorderAddress <IP Address> recorderFqdn <FQDN> recorderPort <Port Number> recorderId <recording session ID>

Command Description

Configuration Examples

request service SC podName testPod global siprec startRecord gcid 1234567 callLeg ingress numOfStreams 1 srsIpAddress 123.45.67.89 srsFqdn1 exampledomain.com srsPort 7321 transport udp trunkGroup exampleTrunkGroup
commit

request service SC podName testPod global siprec stopRecord gcid 1234567 recorderAddress 123.45.67.89 recorderFqdn exampledomain.com recorderPort 1 recorderId testID
commit

SBX-112973 MS Teams Tenant Number Configuration

The SBC is enhanced to send the tenant number in the INPUT DATA to the PES, derived from the REFER SIP message's FROM header. A trunk group option, "Send Refer Transferor Number To PSX" controls this activity. When enabled, the INPUT DATA contains the tenant number from the REFER message. A trunk group parameter, sendReferTransferorNumberToPSX, is added to control sending the transferor number in the INPUT DATA for the PES from the REFER SIP message. 

When the control is enabled, the SBC exhibits the same behavior as the Diversion. If the control sendReferTransferorNumberToPSX is enabled and the REFER Transferor number is sent to the PSX, the next INVITE’s To header is mapped from the Redirection Origination Number and becomes different from the RURI, unless the following control is set:

% set profiles signaling ipSignalingProfile <IPSP_NAME> egressIpAttributes sipHeadersAndParameters sipToHeaderMapping calledNumber

Command Syntax

% set addressContext <addressContext name> zone <ZONE NAME> sipTrunkGroup <TG NAME> services sendReferTransferorNumberToPSX <disabled | enabled>

Command Parameters

Configuration Examples

set addressContext default zone SIP_ZONE_AS sipTrunkGroup SIP_TG_AS_V4 services sendReferTransferorNumberToPSX enabled

SBX-105149 IPsec Phase 2 support for SHA2 on SWe

SBC SWe only: To support SHA2, the following three options are added to "integrity" in the IPsec Protection Profile:

• hmacSha256
• hmacSha384
• hmacSha512

Command Syntax

% set profiles security ipsecProtectionProfile <profile> espAlgorithms integrity <hmacMd5 | hmacSha1 | hmacSha256 | hmacSha384 | hmacSha512>

Command Parameters

SBC SWe only: To support SHA2, the following three options are added to "integrity":

• hmacSha256
• hmacSha384
• hmacSha512

Configuration Example

set profiles security ipsecProtectionProfile exampleProfile espAlgorithms integrity hmacSha512
commit

SBX-94531 Port speed says 1Gbps for SR-IOV interface in VMWare

The following two CLI commands are altered to hide the "Packet Port Speed" entry:

• show table system serverAdmin
• show table system serverStatus

Users can still access packet port speed information by entering the following command:

• show table system ethernetPort packetPortStatus

Configuration Examples

show table system serverAdmin 
       ACTUAL                     DEVICE
       CE      COREDUMP           SMART   MODULAR                PKT PORT     HW SUB
NAME   NAME    PROFILE   ROLE     ATTRIB  TYPE     HW TYPE       SPEED        TYPE
---------------------------------------------------------------------------------------
sbc1  sbc1    default    primary   0      false    ConnexIP5000  speed1Gbps  virtual

show table system serverAdmin
      ACTUAL                     DEVICE
      CE      COREDUMP           SMART   MODULAR                HW SUB
NAME  NAME    PROFILE   ROLE     ATTRIB  TYPE     HW TYPE       TYPE
--------------------------------------------------------------------------
sbc1  sbc1    default   primary   0      false    ConnexIP5000  virtual

New CLI in 12.0.0R0

SBX-75851 Support RFC 7044 for SIP History-Info

Four flags and an Ingress IP heading are added to the IP Signaling Profile.

Two flags are set at Egress:

• supportRFC7044
• applyHistoryInfoPrivacy

Two flags are set at Ingress:

• supportRFC7044Ingress
• applyHistoryInfoPrivacyIngress

Lastly, an Ingress IP heading is added to support the above two Ingress flags:

• ingressHistoryInformation

Command Syntax

% set profiles signaling ipSignalingProfile <profile name> egressIpAttributes sipHeadersAndParameters callForwarding historyInformation includeHistoryInformation <disable | enable> supportRFC7044 <disable | enable>

% set profiles signaling ipSignalingProfile <profile name> egressIpAttributes sipHeadersAndParameters callForwarding historyInformation includeHistoryInformation <disable | enable> applyHistoryInfoPrivacy <disable | enable>

% set profiles signaling ipSignalingProfile <profile name> ingressIpAttributes ingressHistoryInformation supportRFC7044Ingress <disable | enable>

% set profiles signaling ipSignalingProfile <profile name> ingressIpAttributes ingressHistoryInformation applyHistoryInfoPrivacyIngress <disable | enable>

Command Parameters

supportRFC7044

Enable this flag to set the History-Info header's behavior in accordance with RFC-7044.

• disable (default)
• enable

applyHistoryInfoPrivacy

Enable this flag to anonymize the History-Info header.

• disable (default)
• enable

supportRFC7044Ingress

Enable this flag to set the History-Info header's behavior in accordance with RFC-7044 towards the Ingress leg.

• disable (default)
• enable

applyHistoryInfoPrivacyIngress

Enable this flag to anonymize the History-Info header towards the Ingress leg.

• disable (default)
• enable

Use this heading to enable the following flags:

• supportRFC7044Ingress
• applyHistoryInfoPrivacyIngress

Configuration Examples

set profiles signaling ipSignalingProfile DEFAULT_SIP egressIpAttributes sipHeadersAndParameters callForwarding historyInformation includeHistoryInformation enable supportRFC7044 enable
commit

set profiles signaling ipSignalingProfile DEFAULT_SIP egressIpAttributes sipHeadersAndParameters callForwarding historyInformation includeHistoryInformation enable applyHistoryInfoPrivacy enable
commit

set profiles signaling ipSignalingProfile DEFAULT_SIP ingressIpAttributes ingressHistoryInformation supportRFC7044Ingress enable
commit

set profiles signaling ipSignalingProfile DEFAULT_SIP ingressIpAttributes ingressHistoryInformation applyHistoryInfoPrivacyIngress enable
commit

SBX-116105 Support for Linear 16 (L16) on SBC

Codec Entry

The codec "l16-16" is added to Codec Entry. Select "l16-16" to enable transcoding for the L16 codec.

Command Syntax

% set profiles media codecEntry <name> 
    codec <codec type: l16-16>
    packetSize <10 | 20>
    preferredRtpPayloadType <0-127>

Command Parameters

Codec

Description

M/O

l16-16

Select to allow transcoding for the L16 codec.

O

Configuration Examples

set profiles media codecEntry NewCodec codec l16-16 packetSize 20 preferredRtpPayloadType 96
commit

Codec Routing Priority

The codec "L16" is added to Codec Routing Priority. Select "L16" to enable codec routing priority for the L16 codec.

Command Syntax

% set profiles media codecRoutingPriority <codec: L16>

Command Parameters

Codec

Description

M/O

L16

Select to enable codec routing priority for the L16 codec.

O

Configuration Examples

set profiles media codecRoutingPriority L16 entry L16
commit

Packet Service Profile Entity

The codec "l16" is added to the Codec list for Packet Service Profile Entity. Select "l16" at "This Leg" and/or "Other Leg" to enable transcoding for the L16 codec.

Command Syntax

% set profiles media packetServiceProfile <unique_profile_name> packetToPacketControl
	codecsAllowedForTranscoding
        otherLeg <l16>
        thisLeg <l16>

Command Parameters

Codec

Description

M/O

l16

Select to allow transcoding for the L16 codec.

O

Configuration Examples

set profiles media packetServiceProfile TEST_1 packetToPacketControl codecsAllowedForTranscoding otherLeg l16
set profiles media packetServiceProfile TEST_1 packetToPacketControl codecsAllowedForTranscoding thisLeg l16
commit

SBX-118127 SHAKEN Fields in CDR for Identity Header Passthrough

This feature adds the CLI parameter storeIdentityHdrtoCdr to the SIP Trunk Group > Services CLI. This CLI configuration is used to decide which identity headers are captured in the CDR.

Command Syntax

% set addressContext <address context name> zone <ZONE> sipTrunkGroup <TG> services storeIdentityHdrtoCdr

Command Parameters

N/A

The SBC stores the base64 decoded Identity headers received and sent in the SIP INVITE message. Use this flag to specify the Identity headers to store in the CDR record.

• all
• div
• none (default)
• other
• rcd
• rph
• shaken

When more than one SHAKEN header arrives in the Ingress INVITE, then the following is the order of precedence in which the Identity header is picked: 

1. SHAKEN header with Attestation Level 'A is picked.
2. If more than one SHAKEN header with Attestation 'A' level is present, the top-most A level SHAKEN header is picked.
3. If no Attestation Level 'A' SHAKEN header is present, then Attestation level 'B' SHAKEN header is picked.
4. If more than one SHAKEN header with 'B' level is present, the top most 'B' level SHAKEN header is picked.
5. If no Attestation Level 'B' SHAKEN header is present, then Attestation level 'C' SHAKEN header is picked.
6. If more than one SHAKEN header with Attestation 'C' level is present, the top-most 'C' level SHAKEN header is picked.

Configuration Example

set addressContext default zone <ZONE_IN> sipTrunkGroup <TG_IN> services storeIdentityHdrtoCdr shaken,rph  

For more information, refer to SIP Trunk Group - Services - CLI.

SBX-122231 FIPS 140-3 Support in SBC

In the CLI to enable FIPS mode, the parameter fips-140-2 is changed to fips-140-3. 

Command Syntax

% set system admin <SYSTEM NAME> fips-140-3 mode <disabled | enabled>

Command Parameters

N/A

Use this object to enable FIPS-140-3 mode.

• disabled (default)
• enabled

NOTE: Once you enable fips-140-3 mode, you cannot manually disable it. A fresh software installation is required to set the FIPS-140-3 mode back to 'disabled'.

Configuration Example

set system admin vsbcSystem fips-140-3 mode enabled