The SIPREC protocol defines the interaction between a session recording client (SRC) and a session recording server (SRS), and controls the recording of media transmitted in the context of a communications session (CS) between multiple user agents. The recording session (RS) is established over SIP from the SRC to the SRS.
The supports SIPREC towards multiple recorders based on the Internet Engineering Task Force (IETF) standard. The SBC acts as an SRC sending recording sessions to a third-party SRS when a configured recording-criteria is met, or when a specific recording is initiated through CLI/EMA using the appropriate global call identifier (GCID).
| Multiexcerpt include |
|---|
| MultiExcerptName | Recording Limit |
|---|
| PageWithExcerpt | Session Recording Support |
|---|
|
| Caption |
|---|
|
| Category | RFCs |
|---|
| Use Cases and Requirements for SIP-Based Media Recording (SIPREC) | RFC 6341 | | Media Recording Architecture | RFC 7245 | | Session Initiation Protocol (SIP) Recording Metadata | RFC 7865 | | Session Recording Protocol | RFC 7866 | | Session Initiation Protocol (SIP) Recording Call Flows | RFC 8068 |
|
In the following figure, a basic call is established between SIP phone 1 and SIP phone 2 through the
, which is referred to as a communication session (CS). The
establishes an RS
, based on
the CS
, towards
the SRS. The SBC and SRS may exist in the same or different administrative domains.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | SBC SIP Recording Strategy |
|---|
| 3 | SBC SIP Recording Strategy |
|---|
|
 |
Configuring SIPREC Based Recording
The two methods to trigger a call recording are:
- A call matches call recording criteria causing the Policy Server to trigger the to record the call.
- Initiate recording of a specific call using CLI/EMA and specifying the appropriate GCID.
PSX Configuration
The recording-criteria determine which sessions to record and target SRS information, along with other operational options.
The PSX/ERE uses the following configurable objects when determining whether a call needs to be recorded or not:
- Recording Criteria—contain the rules to match for invoking call recording (this is same for SIPREC and MCT).
- Recorder Profile—contains information about the recorder to use for a particular Recording Entity (obsolete—used in older versions when SRS redundancy is not supported).
- Transport
- IP V4/V6 address and port
- SRS Groups—contains multiple Recording profiles for SRS redundancy (up to 8).
- Transport
- IP V4/V6 address port
- Encryption data (for SRTP)
- IP TG to be used by the SBC for RS session
- Contains data of multiple SRS servers
- Recording Cluster profile—contains multiple SRS Groups for simultaneous recording (up to 4).
| Info |
|---|
|
The PSX/ERE supports provisioning 128 Recording criteria , 256 SRS Group Profiles and 256 SRS Cluster Profiles. |
Recording Criteria
The need to record a call is decided from the PSX based on the following criteria in the given order of priority:
- Recorder type
- Next hop signaling IP address
- Previous hop signaling IP address
- Calling Party Number
- Called Party number
- Ingress TG ID
- Egress TG ID
- Gateway
For detailed configuration information, refer to the section Deploying SBC For SIPREC.
CLI Triggers
You can initiated a recording RTP session for a specific call by providing its GCID through a CLI "request" command. You In the command you provide other details for the recording such as the IP address/port or FQDN/port for the corresponding session recorder in the same CLI command. Refer to Request Global - CLI for more information.
To enable/disable the SIPREC feature on a zone, use following syntax:
| Code Block |
|---|
|
% set addressContext <ADDRESS-CONTEXT> zone <ZONE> sipSigPort <SIP SIGNALLING PORT> siprec <disabled|enabled> |
Refer to Zone - SIP Sig Port - CLI for more information.
To start/stop a specific recording, use the following CLI syntax:
| Code Block |
|---|
|
% request global siprec startRecord gcid <GCID> callLeg ingress numOfStreams <Number of recorders 1 or 2> srsIpAddress <SRS IP ADDRESS> srsFqdn1 <FQDN> srsPort <SRS PORT> transport <tcp | udp> trunkGroup <TRUNK GROUP NAME> srsIpAddress2 <SRS IP ADDRESS> srsFqdn2 <secondary FQDN> srsPort2 <SRS Port> transport2 <tcp | udp> trunkGroup2 <SIP Trunk Group>
% request global siprec stopRecord gcid <GCID> recorderAddress <IP Address> recorderFqdn <FQDN> recorderPort <Port Number> recorderId <recording session ID> |
| Info |
|---|
|
If only the GCID value is mentioned in the stopRecord, all the recordings for that GCID are stopped at once. |
Through CLI you can also list information on any the calls currently being recorded such as the GCID, RTP destinations addresses and the SRS IP address or FQDN. To view SIPREC status, use the following CLI syntax:
| Code Block |
|---|
|
> show table global SipRecStatus
RECORDER RECORDING RX RTP TX RTP RECORDER RECORDER
GCID ADDRESS LEG ADDRESS ADDRESS FQDN ID
555281 10.11.12.13:5060 ingress 10.11.12.13:8000 10.11.12.13:8002 1614567899
|
Recording Procedure
Once the
determines that the call must be recorded, it initiates the SIP INVITE towards the SRS specified in the recording criteria. The SBC:
- Includes a “+sip.src” feature tag extension in the Contact URI
- Includes an Options tag “siprec” in INVITE towards SRS.
- Includes two m= lines, one for the Rx stream and one for the Tx stream.
- The attribute “a=label” identifies the streams in the metadata.
- Adds the RS-call specific data in the rs-metadata XML body. This metadata provides information on the attributes of the communication session (CS).
- <gcid> the global call ID used in the SBC
- Other SIP headers with their corresponding XML tags are added as per configuration
- Sends the SDP offer with the same codec of the call leg that is being recorded towards the SRS.
- When the SRS replies with its media IP/port information in a 200 OK, the SBC transparently duplicates the packets coming/going to the UE towards the SRS using the same codec as the original stream.
| Info |
|---|
|
The does not support transcoding towards the SRS. If the SRS replies back with any other codec, the recording session continues until the SRS terminates the call on its ownSBC-SRS offer-answer negotiation fails, then the SBC sends a BYE message to the SRS and terminates the SIPREC call. |
| Info |
|---|
|
- The does not support “Recording Aware UEs”
- If an INVITE is received from UE with a options tag “require: siprec”, the rejects the request with a 4xx message.
- The does not support SRS initiated recording
- If an INVITE is received from an SRS with a options tag “require: siprec”, the rejects the request with a 4xx message.
- If any request except session keepalive re-INVITE/UPDATE or BYE is received in the context of an RS, the SBC rejects the request with a 405 "Method Not Allowed" message.
|
| Info |
|---|
|
The stops recording a call in one of three ways:- Through a normal CS session disconnect
- Receiving a BYE from the SRS
- Manually through CLI, by providing the GCID for the call in the recording STOP command
|
Supported SIPREC Features
The
SIPREC support includes the following:
- SIPREC is supported on UDP, TCP, and TLS protocols.
- The supports recording SIP and SIP-I calls.
- If the OPTIONS ping mechanism is configured on the IP peer, it is used as a keep-alive mechanism for all the SRSs.
- Troubleshooting a SIPREC recorded call using MCT is only possible when initiated through CLI.
- SRS redundancy
- Simultaneous recording
- Dynamically programmable metadata content
- The SBC records the SIPREC recording information in the CDR.
The address of an SRS can be specified as an FQDN. Based on its DNS configuration, an FQDN can resolve to provide the IP addresses of multiple servers, thus enabling you to include more than eight servers in an SRS group profile.in the CDR.
| Info |
|---|
|
The SIPREC feature is controlled by a system-wide license (-SIPREC). If the license is not available, any SIPREC recording returned by a PSX is ignored. |
SRS Redundancy
The
supports the concept of
Primary primary and secondary SRS servers for redundancy. It supports multiple (up to 8)
srsGroupData objects within an SRS
group profile to represent SRS servers in
a SRS the group. All of
them the servers can be active at any point of time
. The address of an SRS can be specified as an FQDN. Based on its DNS configuration, an FQDN can resolve to provide the IP addresses of multiple servers, thus enabling you to include more than eight servers in an SRS group.- The can load balance among the recorders in the SRS Group group in sequential or round-robin fashion.
- The also supports crank-back mechanism where it tries the next SRS if an SRS does not respond to the RS INVITE or rejects the RS INVITE with a 4xx.
- The also maintains the health check of the SRS servers using OPTIONS pings. If an SRS is marked not reachable, the SBC automatically uses the next server in the SRS group for the next RS session.
| Info |
|---|
|
SRS Redundancy redundancy is supported only when numOfStreams is set to "1" in an SRS Groupgroup. When numOfStreams = "2'", the is already sending media to the redundant recorder. |
| Info |
|---|
|
The SRS is not placed into a blacklist if it fails to respond to an RS INVITE because the blacklist is updated only by the path-check mechanism upon failure to respond to OPTIONS ping. |
Simultaneous Session Recording - SIP Ingress and Egress Legs
The
is enhanced to support simultaneously recording SIP egress and ingress legs during a session, for a total of four recordings (four simultaneous streams: two in the ingress leg, and two in the egress leg).
The
provisions the SIPR recordings towards all 4 recorders, two from Ingress tap point and another two from egress tap point. (Due to NP limitations, four simultaneous recordings cannot be triggered on the same call leg.)
| Info |
|---|
|
- The supports support sending the recording streams to up to four SRS servers simultaneously.
- Each recording criteria can be configured with a Recording Cluster. A Recording Cluster can have up to four SRS Groups.
|
| Include Page |
|---|
| Recordertype_recordingtype |
|---|
| Recordertype_recordingtype |
|---|
|
Example of Simultaneous Session Recording
Below is a diagram illustrating the use case of a simultaneous SIPREC, with first two recordings on Ingres call-leg, and the next two recordings on egress call-leg.
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | An Example of Simultaneous Session Recording |
|---|
|
|
For more information on parameter configurations and CDR field descriptions refer to:
CLI and EMA:
Alarms:
CDR:
SRTP Support for SIPREC Towards SRS
The
supports sending encrypted media streams (Secure Real-Time Transport Protocol (SRTP)) towards SIPREC recorders.The sends the SRTP streams as received from the endpoints.The is configured to perform a different encryption (using dedicated crypto suite profile) towards the Session Recording Server (SRS).Alarms:
CDR:
SRTP Support for SIPREC Towards SRS
The
is configured to send plain RTP packets even when the original communication session (CS) is an SRTP call supports sending encrypted media streams (Secure Real-Time Transport Protocol (SRTP)) towards SIPREC recorders.
With this feature, the
:- Supports SRTP (encrypted streams) towards SIPREC server.
- Provides SIPREC functionality with SRTP calls.
- Provides flexibility by supporting both SRTP or RTP towards the SRS, based on the input control configuration in the
srsGroupData. - Supports sending SRTP packets (encrypted media streams) as received from the endpoints (relay/pass-through).
- Supports sending SRTP packets with a different encryption techniques technique using the crypto suite profile configured in the
srsGroupData. - Provides support to terminate an original SRTP call at the SBC for the SIPREC, such that:
- The encrypted media packets are decrypted at the SBC and are re-encrypted again towards the user endpoint using the crypto suite profile negotiated between the SBC and the UE.
- The decrypted media packets towards the SRS can be:
- Encrypted using the same negotiated crypto suite profile.
- Encrypted using different crypto suite profile as provided by the
srsGroupData. - Send only decrypted media packets (RTP) only towards the SRS based on the configuration (CS crypto is ignored).
The following two options in srsGroupData control SRTP support:
srtp: Specifies whether SRTP is enabled for the SRS or not.cryptoSuiteProfile: If SRTP is enabled, the SBC uses the encryption technique called for in the specified profile for the recording session towards the SRS.
| Info |
|---|
|
- If SRTP is disabled towards SRS, the terminates an original SRTP call as it is supposed to decrypt the media towards SRS.
- If SRTP is enabled and the
srsGroupData provides its own crypto suite profile, the terminates the original SRTP call to encrypt using the srsGroupData crypto suite profile.
|
When SRTP is disabled for the SRS, the
sends unencrypted streams towards the SRS irrespective of
whether the CS is using RTP or SRTP.
When SRTP is enabled for the SRS and if the CS leg that is recorded is not using SRTP:
- If a
cryptoSuiteProfile is configured for the SRS, the sends the SRTP packets using the cryptoSuiteProfile on the recorded leg towards the SRS.
- If a
cryptoSuiteProfile is not configured for the SRS, the sends the RTP packets.
When the CS is using SRTP pass-through:
- If the call is recorded and SRTP is enabled for the SRS, the relays the SRTP packets as recevied received from the user endpoint.
- If SRTP is enabled for the SRS and a
cryptoSuiteProfile is configured, the SBC re-encrypts the media using the configured cryptoSuiteProfile.
When the CS is an SRTP terminated call:
- If a
cryptoSuiteProfile is configured for the SRS, the SBC sends the SRTP packets using the cryptoSuiteProfile on the recorded leg towards the SRS.
- If a
cryptoSuiteProfile is not configured for the SRS, the SBC uses the cryptoSuiteProfile from the CS and sends SRTP packets.
| Info |
|---|
|
The If the SIPREC functionality fails and , the alarm sonusSbxSipRecSrsSelectionFailedNotification is generated in case of the following scenarios: - When the original CS call is SRTP and the SIPREC is triggered through CL.
- When DTLS-SRTP call is supported.
- When the SBC offers SRTP towards the SRS and the SRS answers with either an invalid crypto or with RTP. In this scenario, the tries to find an "offer-answer" match with the next available SRS (SRS redundancy) before failing the SIPREC request.
|
Dynamically Programmable Metadata Content
The
supports SIPREC when the SIPREC specifications were in early drafts (draft-ietf-siprec-xx-06). With the implementation of this feature, the SIPREC standard has evolved to RFCs supports a set of SIPREC specifications (RFC 7245, RFC 7865, RFC 7866, and RFC 8068)
, and provides capability for supporting that include support for "dynamically programmable" selection of metadata content.
- The profile
sipRecMetaDataProfile is introduced to the services to provide provides the capability to configure the headers that are mapped from the target call leg to the XML and the corresponding metadata XML element name. - In case of a basic call, all information is copied from the initial-INVITE message on the leg where the tap is, to the metadata XML. However, The "To" header and "to-tag" is are also copied additionally from the local information (as the to-tag does is not present in the INVITE).
- In case of a SIPREC trigger during a REFER-based transfer, irrespective of where the SIPREC tap is, all information is copied from the initial-INVITE of the new call leg towards the transfer target (C party).
- In case of a CLI-triggered recording, the existing implementation of sending predefined information in metadata XML remains the same (gcid, call-id, from, to). The new configuration of header-metadata mapping is not considered in this scenario.
| Include Page |
|---|
| _callData_max_size |
|---|
| _callData_max_size |
|---|
|
The following call flow diagram displays the XML tag namenames.
| Caption |
|---|
|
|
Example SIP INVITE
An example SIP INVITE is shown below:
INVITE sip:SIPREC-SRS@10.54.80.8:51802 SIP/2.0
Via: SIP/2.0/UDP 10.34.171.39:5060;branch=z9hG4bK00B00021f4cdc2590c2
From: "SIPREC-SRC" <sip:SIPREC-SRC@10.34.171.39>;tag=gK00000237
To: "SIPREC-SRS" <sip:SIPREC-SRS@10.54.80.8>
Call-ID: 35651585_16777218_133945398@10.34.171.39
CSeq: 787532 INVITE
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,BYE,REGISTER,REFER,INFO,SUBSCRIBE,NOTIFY,PRACK,UPDATE,OPTIONS,MESSAGE,PUBLISH
Accept: application/sdp, application/rs-metadata-request,application/rs-metadata
Contact: "SIPREC-SRC" <sip:SIPREC-SRC@10.34.171.39:5060>;+sip.src
Require: siprec
Supported: timer,100rel
Session-Expires: 1800
Min-SE: 90
Content-Length: 4560
Content-Type: multipart/mixed;boundary=sonus-content-delim
MIME-Version: 1.0
--sonus-content-delim
Content-Disposition: session; handling=required
Content-Length: 296
Content-Type: application/sdp
v=0
o=Sonus_UAC 748003 60371 IN IP4 10.34.171.39
s=SIP Media Capabilities
t=0 0
m=audio 1052 RTP/SAVP 0
c=IN IP4 10.54.4.51
a=label:1
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:k3NkQB3Tkr23twOMMjd8YjvLI/XPdgE+a1D8FDho
a=rtpmap:0 PCMU/8000
a=sendonly
a=maxptime:10
m=audio 1050 RTP/SAVP 0
c=IN IP4 10.54.4.51
a=label:2
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:k3NkQB3Tkr23twOMMjd8YjvLI/XPdgE+a1D8FDho
a=rtpmap:0 PCMU/8000
a=sendonly
a=maxptime:10
--sonus-content-delim
Content-Disposition: recording-session
Content-Length: 3976
Content-Type: application/rs-metadata+xml
<?xml version="1.0" encoding="UTF-8"?>
<recording xmlns='urn:ietf:params:xml:ns:recording:1'>
<datamode>complete</datamode>
<group group_id="OTIxYzk4MDAtN2RkYy0xMA==">
<associate-time>2018-08-09T08:31:44Z</associate-time>
<callData xmlns='http://ribboncommunications.com/siprec/calldata'>
<xTo><sip:+1999@10.54.80.8:51801;user=phone>;tag=1</xTo>
<xVia>SIP/2.0/UDP 10.34.171.34:5060;branch=z9hG4bK00B0000a25afeb7eee5</xVia>
<xCSeq>844797 INVITE</xCSeq>
<xFrom>"sipp" <sip:sanrayana@10.34.171.34>;tag=gK0000011e</xFrom>
<xContentType>application/sdp</xContentType>
<xMaxForwards>70</xMaxForwards>
<srsgrpId>GR1</srsgrpId>
<xAcceptContact>*;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel"</xAcceptContact>
<xPPreferredIdentity>"sipp" <sip:sanrayana@10.54.80.8:5061></xPPreferredIdentity>
<mprofileVers>v1.0</mprofileVers>
<gcid>35651585</gcid>
</callData>
</group>
<session session_id="OTIxYzlhM2UtN2RkYy0xMA==">
<group-ref>OTIxYzk4MDAtN2RkYy0xMA==</group-ref>
<start-time>2018-08-09T08:31:44Z</start-time>
</session>
<participant participant_id="OTIxYzk4MDEtN2RkYy0xMA==">
<nameID aor="sanrayana@10.34.171.34:5060">
<name xml:lang="en">sipp</name>
</nameID>
</participant>
<participant participant_id="OTIxYzk4MDItN2RkYy0xMA==">
<nameID aor="+1999@10.54.80.8">
<name xml:lang="en"> </name>
</nameID>
</participant>
<stream stream_id="OTIxYzk4MDQtN2RkYy0xMA==" session_id="OTIxYzlhM2UtN2RkYy0xMA==">
<label>1</label>
<associate-time>2018-08-09T08:31:44Z</associate-time>
</stream>
<stream stream_id="OTIxYzk4MDUtN2RkYy0xMA==" session_id="OTIxYzlhM2UtN2RkYy0xMA==">
<label>2</label>
<associate-time>2018-08-09T08:31:44Z</associate-time>
</stream>
<sessionrecordingassoc session_id="OTIxYzlhM2UtN2RkYy0xMA==">
<associate-time>2018-08-09T08:31:44Z</associate-time>
</sessionrecordingassoc>
<participantsessionassoc participant_id="OTIxYzk4MDEtN2RkYy0xMA==" session_id="OTIxYzlhM2UtN2RkYy0xMA==">
<associate-time>2018-08-09T08:31:44Z</associate-time>
</participantsessionassoc>
<participantsessionassoc participant_id="OTIxYzk4MDItN2RkYy0xMA==" session_id="OTIxYzlhM2UtN2RkYy0xMA==">
<associate-time>2018-08-09T08:31:44Z</associate-time>
</participantsessionassoc>
<participantstreamassoc participant_id="OTIxYzk4MDEtN2RkYy0xMA==">
<send>OTIxYzk4MDQtN2RkYy0xMA==</send>
<recv>OTIxYzk4MDUtN2RkYy0xMA==</recv>
</participantstreamassoc>
<participantstreamassoc participant_id="OTIxYzk4MDItN2RkYy0xMA==">
<send>OTIxYzk4MDUtN2RkYy0xMA==</send>
<recv>OTIxYzk4MDQtN2RkYy0xMA==</recv>
</participantstreamassoc>
</recording>