SIP Profiles

A profile allows you to create a specific set of characteristics different from the standard

SIP ARS Profile

To achieve efficient device failover to the backup/secondary Application Server, the

These ARS profiles can be assigned to the services section of a SIP trunk group to enforce the blacklisting and recovery of any SIP peer(s) associated with the trunk group. If no recovery algorithm is specified when configuring a SIP ARS profile, the recovery algorithm default values are used as indicated below:

• recoveryAlgProbeDuration: 1 second
• recoveryAlgProbeInterval: 1 second
• recoveryAlgProbeMethod: sip-options
• recoveryAlgProbeNumResponses: 1
• recoveryAlgTimerDuration: 1 second
• recoveryAlgorithm: probe

See the following pages for configuration details:

• EMA: Service Profiles - Sip Ars Profile
• CLI: SIP ARS Profile - CLI

SIP Call Admission Control Profile

The

See the following pages for configuration details:

• EMA: Profiles - Sip CAC Profile
• CLI: SIP CAC Profile - CLI

SIP/CPC Cause Code Mapping Profiles

The Cause Map Profile, SIP-to-CPC and CPC-to-SIP mappings provide customized tables on the

See the following pages for configuration details:

• EMA: Signaling Profiles - Sip Cause Code Mapping
• CLI: SIP/CPC Cause Code Mapping Profiles

SIP Emergency Call Profile

This object creates and configures an Emergency Call Profile for SIP calls used to host emergency call criteria. The emergency call classification methods are:

• Emergency Call Marking: The cpc-priority in P-Asserted Identities is present in the INVITE message, and the CPC parameter of the SIP EMERGENCY PROFILE is set to “priority”.
• Prefix Matching (up to three prefixes): At least one of the three emergency prefixes is configured in SIP EMERGENCY PROFILE and the R-URI header in the INVITE message matches one of the three emergency prefixes. The emergency prefix is an alphanumeric string that consists of numeric digits (phone number). For more information see Call Admission Controls topic.
• URN Prefix: Emergency prefix URN, for example “services:sos”.
• X-EMG Header: Use this flag to determine whether SIP X-EMG header should be accepted as an emergency call indicator.

See the following pages for configuration details:

• EMA: Service Profiles - Emergency Call Profile
• CLI: Emergency Call Profile - CLI

SIP JIP Profile

The Jurisdiction Information Parameter (JIP) is a 6-digit field (NPA-NXX format) in an IAM message to indicate the geographic location of the originating caller or switch.

The inclusion of the JIP parameter in SIP INVITE message allows the 

JIP information can be carried in the P-Asserted-ID/FROM and P-DCS-Billing-Info headers of SIP INVITE message and in the PDCS header in a 3xx response. The

Multiple controls can be enabled at a time to select the header or parameter from which JIP value will be extracted. When multiple controls are configured, JIP information is extracted in the following order:

• RN PARAMETER IN PAI
• JIP PARAMETER IN PAI
• RN PARAMETER IN FROM
• JIP PARAMETER IN PDCS

See the following pages for configuration details:

• EMA: Service Profiles - Sip Jip Profile
  
• CLI: SIP JIP Profile - CLI
  

SIP OCSP Profile

The Online Certificate Status Protocol (OCSP) enables

When a peer sends certificates, an OCSP client (e.g. SIPFE) issues a status request to an OCSP responder and suspends acceptance of the certificates in question until the responder provides a response. The OCSP client needs the address/URL of the OCSP responder, the certificate to be checked, and the certificate issuer’s certificate. The OCSP URL can be FQDN or IPv4 address plus port number.

The

The

• As a TLS server with Client Authentication enabled, the
  Unable to show "metadata-from": No such page "_space_variables"
  checks OCSP status when the TLS client sends its certificate chain to the
  Unable to show "metadata-from": No such page "_space_variables"
  . Upon receiving Certificate Verify from client, the
  Unable to show "metadata-from": No such page "_space_variables"
  performs OCSP status checking for each certificate in the chain after validating signature, expiration time, etc. for each certificate in the chain.
• When acting as a TLS client, SBC checks OCSP status when the peer TLS server sends its certificate chain to the
  Unable to show "metadata-from": No such page "_space_variables"
  . The
  Unable to show "metadata-from": No such page "_space_variables"
  then performs OCSP status checking for each certificate in the chain.

Key Concepts

The user may create up to four OCSP profiles per system, each specifying the OCSP capabilities and protocol parameters applying to one or more TLS connections that use the profile (a SIP/TLS connection may reference an OCSP profile in its assigned TLS profile). The OCSP profile is referenced by the existing TLS profile.

• OCSP capability
  • enabled
  • disabled (default)
• Default responder URI (default: blank):
  
  • IPv4 address and port number, or
  • FQDN
• AIA override:
  • enabled - Forces the use of configured Default responder for OCSP validation regardless of whether or not the certificate being validated references a responder by AIA.
  • disabled (default) - The responder referenced via AIA by the certificate being validated is used, or the Default responder as configured is used only if the AIA is not available.
• OCSP response waiting time - If the corresponding OCSP response does not return before the time expires after sending an OCSP request, the response is considered unavailable.
  
  • Range: 1-16 seconds, default = 2.

When configuring an OCSP profile, be aware that you may delete a given OCSP profile when it is not referenced by any TLS connections.

When OCSP is enabled for a TLS connection, every individual certificate in the chain presented by the peer device during the establishment of the connection is validated against an OCSP responder for its revocation status.

When the

Linux DNS Client Support

Linux DNS client functionality is required for OpenSSL OCSP API to translate a FQDN to an IPv4 address. To populate the file with DNS server addresses, use following CLI commands.

% set addressContext default dnsGroup d1 type mgmt server dns1 ipAddress 10.11.12.13 state enabled
% set addressContext default dnsGroup d1 type mgmt server dns2 ipAddress 10.11.12.15 state enabled

See the following pages for command details:

• EMA: Security Configuration - Ocsp Profile
• CLI: OCSP Profile - CLI

SIP Security Profile

The SIP Security Profile feature defines the type and behavior of security mechanism to apply to the

See the following pages for command details:

• EMA:  Service Profiles - Sip Security Profile
• CLI: SIP Security Profile - CLI

Transparency Profile

The

If a header is not in the transparency configurable, existing “Unknown Header Transparency” and explicit header transparency flag semantics shall apply.

This feature allows you to add previously “unknown” headers to the TP making them “semi-known” to the system, as well as add “known” headers thus eliminating the need for IP Signaling Profile (IPSP) transparency control flags for those headers. An "unknown" header is defined as a header that, if present in an incoming SIP message, is parsed as a generic “unknown” header, but is treated as a “known” header with respect to transparency by allowing individual transparency control towards it.

If you configure a Contact header in the Transparency Profile, it is treated as full contact header transparency.

Support for known headers (with or without IPSP transparency flags) is available for INVITE, REGISTER and OOD messages. Support for selective unknown header transparency is available for INVITE, REGISTER messages.

The following message body headers cannot be used when configuring a Transparency Profile:

• Content-Encoding
• Mime-Version
• Content-Disposition

The

See the following pages for command details:

• EMA: Service Profiles - Transparency Profile
• CLI: Transparency Profile - CLI