A zone is used to group a set of objects unique in a particular customer environment. A zone can contain one SIP signaling port and/or one H.323 signaling port, but up to 16 ports are allowed. A zone can contain multiple SIP and H.323 trunk groups.

Note

Trunk group names must be unique across all address contexts, zones, and trunk group types. 

Note

IP peer names must be unique across all address contexts, and zones.

IMPORTANT

The Transparency Profile is the recommended method of configuring transparency on the SBC Core for new deployments as well as when applying additional transparency configurations to existing deployments. Do not use IP Signaling Profile flags in these scenarios because the flags will be retired in upcoming releases.

Refer to the SBC SIP Transparency Implementation Guide for additional information.

Note

Sub-system signaling ports (such as SIP signaling ports, relay ports, D-SBC signaling ports, H.323 signaling ports) must use different IP addresses because each IP address adds one system ACL, and IP addresses are not prioritized when measured in the same ACL. This best practice will avoid any IP addressing overlaps and ensure proper policing of packets.

High-Level Command Syntax

The high-level CLI syntax for zone object is shown below. For detailed syntax and parameter descriptions, go to a specific page listed above under "Additional pages".

% set addressContext <addressContext name> zone <zone name>  
	id <id #>

% set addressContext <addressContext name> zone <zone name>  
	action <dryUp | force>
    advancePeerControl <disabled | enabled>
    blockDirection <bothways | incoming | none | outgoing>
    cac <cac parameter>
	dialogTransparency <disabled | enabled>
	disableZoneLevelLoopDetection <disabled | enabled>
	dnsGroup <dnsGroup name>
	domainName <string>
	dryUpTimeout <1-1440 mins>
    filterSipSrc 
	flexiblePolicyAdapterProfile <profile name>
	gwSigPort <index #> 
	gwTrunkGroup <TRUNKGROUP NAME>
	h323SigPort <h323SigPort parameters>
	h323TrunkGroup <TRUNKGROUP NAME>
	id <1-4096>
	ipPeer <ipPeer name>
	messageManipulation <inputAdapterProfile | outputAdapterProfile>
	mode <inService | outOfService>
    mtrmConnPort <index>
	relayPort <relayPort Index>
	remoteDeviceType <accessDevice | appServer | core | nni | none>
	retargetSupport <disabled | useSystemLevelConfiguration>
	sipHeaderForAnonymousCall <none | remotePartyId>
	sipRegRelay <disabled | enabled>
	sipSigPort <index #>
	sipTrunkGroup <TRUNKGROUP NAME>
	srvcc eatf <disabled | enabled>
	tracerouteSigPort

Command Examples

To display the configured Zone and ID assignments:

% show addressContext default zone EXTERNAL
zone EXTERNAL {
    id 2;
    ipPeer HUMPI_ext_peer {
        ipAddress 10.34.9.70;
        ipPort    9065;
        state     enabled;
        policy {
            description            "";
            sip {
                fqdn "";
            }
            packetServiceProfileId "";
            ipSignalingProfileId   "";
        }
    }
    sipSigPort 2 {
        ipInterfaceGroupName      LIF2;
        ipAddress                 10.34.9.104;
        portNumber                5060;
        state                     enabled;
        transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp;
    }
    sipTrunkGroup HUMPI_EXT {
        state enabled;
        mode  inService;
        policy {
            carrier             0000;
            country             1;
            sipDomain           "";
            localizationVariant northAmerica;
            digitParameterHandling {
                numberingPlan   NANP_ACCESS;
                ingressDmPmRule "";
                egressDmPmRule  "";
            }
            callRouting {
                elementRoutingPriority DEFAULT_IP;
            }
            media {
                packetServiceProfile DEFAULT;
            }
            services {
                classOfService DEFAULT_IP;
            }
            signaling {
                ipSignalingProfile DEFAULT_SIP;
            }
       
 
  }
        signaling {
            methods {
                subscribe allow;
            }
        }
        media {
            mediaIpInterfaceGroupName LIF2;
        }
        ingressIpPrefix 10.34.9.70 32;
    }
}
% show addressContext default zone INTERNAL
zone INTERNAL {
    id 1;
    ipPeer HUMPI_int_peer {
        ipAddress 10.34.9.70;
        ipPort    7056;
        state     enabled;
        policy {
            description            "";
            sip {
                fqdn "";
            }
            packetServiceProfileId "";
            ipSignalingProfileId   "";
        }
   }
    sipSigPort 1 {
        ipInterfaceGroupName      LIF1;
        ipAddress                 10.34.9.103;
        portNumber                5060;
        state                     enabled;
        transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp;
    }
    sipTrunkGroup HUMPI_INT {
        state enabled;
        mode  inService;
        policy {
            carrier             0000;
            country             1;
            sipDomain           "";
            localizationVariant northAmerica;
            digitParameterHandling {
                numberingPlan   NANP_ACCESS;
                ingressDmPmRule "";
                egressDmPmRule  "";
            }
            callRouting {
                elementRoutingPriority DEFAULT_IP;
            }
            media {
                packetServiceProfile DEFAULT;
            }
            services {
                classOfService DEFAULT_IP;
            }
            signaling {
                ipSignalingProfile DEFAULT_SIP;
            }
        }
        signaling {
            methods {
                notify allow;
            }
        }
        media {
            mediaIpInterfaceGroupName LIF1;
        }
        ingressIpPrefix 10.34.9.70 32;
    }
}

 

To display the configured Zone and ID assignments details with display level set to 3:

% show addressContext default zone defaultSigZone displaylevel 3
id 1;
gwSigPort 1 {
    ipInterfaceGroupName ipinterface;
    ipAddress            1.2.3.4;
    portNumber           2569;
    role                 primary;
    mode                 inService;
    state                disabled;
}
gwTrunkGroup GW1 {
    state         disabled;
    mode          outOfService;
    action        dryUp;
    dryUpTimeout  5;
    accMc1Percent 90;
    accMc2Percent 70;
    accTimer      0;
}
h323TrunkGroup tg {
    state                 disabled;
    mode                  outOfService;
    action                dryUp;
    dryUpTimeout          5;
    sendingCompleteEnbloc disabled;
}
ipPeer ippeer {
    ipAddress    1.2.3.4;
    ipPort       0;
    defaultForIp false;
}
sipSigPort 1 {
    ipInterfaceGroupName      ipinterface;
    ipAddressV4               1.2.3.4;
    ipAddressV6               2001:DB8:85A3::8A2E:370:7334;
    portNumber                5060;
    mode                      inService;
    state                     disabled;
    tcpConnectTimeout         5;
    dscpValue                 0;
    tlsProfileName            defaultTlsProfile;
    transportProtocolsAllowed sip-udp;
}

To display the configured Zone and ID assignments details with display level set to “5”:

% show addressContext default zone defaultSigZone displaylevel 5
id 1;
gwSigPort 1 {
    ipInterfaceGroupName ipinterface;
    ipAddress            1.2.3.4;
    portNumber           2569;
    role                 primary;
    mode                 inService;
    state                disabled;
}
gwTrunkGroup GW1 {
    state         disabled;
    mode          outOfService;
    action        dryUp;
    dryUpTimeout  5;
    accMc1Percent 90;
    accMc2Percent 70;
    accTimer      0;
    packetOutage {
        minimumDuration         6000;
        minimumCalls            1000;
        bandwidthLimitReduction 50;
        detectionState          disabled;
        detectionInterval       15;
    }
    callReservation {
        inbound             1;
        state               disabled;
        priorityCallMinimum 1;
        incomingCallMinimum 1;
        outgoingCallMinimum 10;
        silc {
            state      disabled;
            MC1Percent 75;
            MC2Percent 25;
        }
    }
    cac {
        callLimit                 unlimited;
        bandwidthLimit            unlimited;
        emergencyOversubscription 10;
        ingress {
            callRateMax  unlimited;
            callBurstMax 10;
        }
        egress {
            callRateMax  unlimited;
            callBurstMax 10;
    }
    }
    media {
        mediaIpInterfaceGroupName ipinterface;
        sourceAddressFiltering    disabled;
    }
}
h323TrunkGroup tg {
    state                 disabled;
    mode                  outOfService;
    action                dryUp;
    dryUpTimeout          5;
    sendingCompleteEnbloc disabled;
    policy {
        carrier             0000;
        country             1;
        localizationVariant northAmerica;
        digitParameterHandling {
            numberingPlan   NANP_ACCESS;
            ingressDmPmRule "";
            egressDmPmRule  "";
        }
        callRouting {
            elementRoutingPriority DEFAULT_IP;
        }
        media {
            packetServiceProfile DEFAULT;
        }
        services {
            classOfService DEFAULT_IP;
        }
        signaling {
            ipSignalingProfile DEFAULT_H323;
        }
    }
    packetOutage {
        minimumDuration         6000;
        minimumCalls            1000;
        bandwidthLimitReduction 50;
        detectionState          disabled;
        detectionInterval       15;
    }
    callReservation {
        inbound             1;
        state               disabled;
        priorityCallMinimum 1;
        incomingCallMinimum 1;
        outgoingCallMinimum 10;
        silc {
            state      disabled;
            MC1Percent 75;
            MC2Percent 25;
        }
    }
    cac {
        callLimit                 unlimited;
        bandwidthLimit            unlimited;
        emergencyOversubscription 10;
        ingress {
            callRateMax  unlimited;
            callBurstMax 10;
        }
        egress {
            callRateMax  unlimited;
            callBurstMax 10;
        }
    }
    services {
        overlapDialing {
            overlapState      disabled;
            minDigitsForQuery 0;
        }
        longDurationCall {
            ldcTimeout        0;
            ldcAction         noAction;
            ldcRelCause       41;
            ldcEmergencyCalls exclude;
        }
    }
    media {
        mediaIpInterfaceGroupName ipinterface;
        sourceAddressFiltering    disabled;
        directMediaAllowed        disabled;
        directMediaGroupId        0;
        preAllocateResPad         disabled;
    }
    callRouting {
        ansSupervisionTimeout   300;
        crankBackProfile        default;
        respectBearerCapability disabled;
    }
}
ipPeer ippeer {
    ipAddress    1.2.3.4;
    ipPort       0;
    defaultForIp false;
    policy {
        description          "";
        sip {
            fqdn     "";
            fqdnPort 0;
        }
        packetServiceProfile "";
        ipSignalingProfile   "";
    }
}
sipSigPort 1 {
    ipInterfaceGroupName      ipinterface;
    ipAddressV4               1.2.3.4;
    ipAddressV6               2001:DB8:85A3::8A2E:370:7334;
    portNumber                5060;
    mode                      inService;
    state                     disabled;
    tcpConnectTimeout         5;
    dscpValue                 0;
    tlsProfileName            defaultTlsProfile;
    transportProtocolsAllowed sip-udp;
}


To configure Zone CAC:

% set addressContext default zone ZONE1 id 100
commit

To view Zone statistics:

% show table addressContext default zoneCurrentStatistics

To view Zone status:

% show table addressContext default zoneStatus

To configure Trunk Group CAC:

% set addressContext default zone ZONE1 sipTrunkGroup RHEL_1 cac callLimit 200

To view Trunk Group status:

% show table addressContext default zone ZONE1 trunkGroupStatus

To configure SIP Trunk Group CAC:

% set addressContext default zone ZONE1 sipTrunkGroup RHEL_1 cac callLimit 200

To configure registration configurations:

% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK signaling registration requireRegistration required expires 60 insideExpiresMinimum 3600

To create SIP/H.323 signaling ports inside zone:

% set addressContext default zone INTERNAL5 id 5 sipSigPort 5 ipAddressV4 10.9.89.10 portNumber 4010 transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp ipInterfaceGroupName IFG-INT5 state enabled

To show status/statistics of SIP/H.323 signaling ports:

% show status addressContext a1 zone INTERNAL sipSigPortStatus
sipSigPortStatus 1 {
    state inService;
}
% show status addressContext a1 zone INTERNAL sipSigPortStatistics
sipSigPortStatistics 1 {
    callRate  0;
    origCalls 5864747;
    termCalls 9410868;
    txPdus    55245380;
    rxPdus    45825318;
    txBytes   26211787697;
    rxBytes   18580071475;
    inRegs    0;
    outRegs   0;
}

Different Signaling Port per AoR Contact

This feature supports configuring multiple SIP signaling ports (up to 16) in the same zone facing the AS:

  • As much as possible, select a different egress SIP signaling port for multiple contacts for the same AoR.
  • All requests from a registered user are sent out on the egress side through the same SIP signaling port towards the registrar.

Below are CLI command examples to configure multiple SIP signaling ports:

% set addressContext ADDR_CONTEXT_1 zone ZONE_AS id 20 sipSigPort 1 ipAddressV4 10.3.255.1 5060 transportProtocolsAllowed sip-tcp, sip-tls-tcp ipInterfaceGroupName LIG2 state enabled
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS id 20 sipSigPort 2 ipAddressV4 10.3.255.2 5060 transportProtocolsAllowed sip-udp ipInterfaceGroupName LIG2 state enabled

The following CLI commands enable this feature:

% set global signaling sipSigControls multipleContactsPerAoR enabled
% set addressContext ADDR_CONTEXT_1 zone ZONE_IAD sipTrunkGroup TG_IAD signaling registration requireRegistration supported
% set addressContext ADDR_CONTEXT_1 zone ZONE_IAD remoteDeviceType accessDevice
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS remoteDeviceType appServer

Registering Endpoint Address in X-Header

This feature provides the IP address, port number and the transport parameters from the source IP packet carried in the REGISTER message reaching the registrar in the SIP proprietary header- X-Original-Addr.

Use the following CLI command to configure the Endpoint address in X-Header:

% set addressContext ADDR_CONTEXT_1 zone ZONE_AS sipTrunkGroup TG_AS signaling registration includeXOriginalAddr enabled

Output

Once the feature is configured there will be an additional header (X-Original-Addr) in the outgoing SIP Register message as follows:

REGISTER sip:10.3.255.150:5060 SIP/2.0
Via: SIP/2.0/UDP 10.3.255.1:5060;branch=z9hG4bK00B000b62fb005af43f
From: <sip:9711000000@10.3.255.150>;tag=gK00000fca
To: <sip:9711000000@10.3.255.150>
Call-ID: 512_3123187670_1823140541@10.3.255.1
CSeq: 1162827419 REGISTER
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE, REGISTER, REFER, INFO, SUBSCRIBE, NOTIFY, PRACK, UPDATE, OPTIONS, MESSAGE, PUBLISH
Contact: <sip:9711000000@10.3.255.1:5060;dtg=TG_INET1;reg-info=200>;q=0.0;expires=3600
X-Original-Addr:ip=10.4.255.150:port=5060:transport=udp
User-Agent: iPhone-Time to Call-1.1.1-ios-4.3.3
Content-Length: 0

SMM for Mapping Source IP/Port to SDP “c=” Line

This feature supports the following:

  • Overwrites the IP address in the SDP connection information (“c=”) line with the source IP address of the received message.

The following CLI commands are used to configure mapping the source IP/port to the SDP “c=” line:

% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1
#the criteria
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message
# configure the message criteria
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message message messageTypes all
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message message methodType invite
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody messageBody condition regex-match regexp numMatch match string "c=IN IP4"
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody messageBody messageBodyType all
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 type variable
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 operation store
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 operation store to type variable variableValue var1
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 from type value value "c=IN IP4 "
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 type variable operation append
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 from type globalVariable globalVariableValue srcipaddr
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 to type variable variableValue var1
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 type messageBody
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 operation regsub
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 regexp string "c=IN IP4 (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 from type variable variableValue var1
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 to type messageBody messageBodyValue all
#enable the state
% set profiles signaling sipAdaptorProfile CHANGEIP1 state enabled
commit

Output

 % set addressContext ADDR_CONTEXT_1 zone ZONE_CUST2 sipTrunkGroup TG_CUST2_1 signaling messageManipulation inputAdapterProfile CHANGEIP1

Configuring NAT

The SBC supports NAT traversal of Signaling and Media. To configure, perform the following steps:

  • Enable NAT traversal for Signaling:

    % set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal signalingNat enabled
  •   Enable NAT traversal for Media:

    % set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal mediaNat enabled
  • Configure udpKeepaliveTimer:

    % set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal udpKeepaliveTimer 60

This value is sent in the 200 OK of the Register to overcome the NAT binding issue. Always configure this value to be smaller.

Configuring Direct Media

The SBC supports Direct Media whenever both call legs are in the same directMediaGroupId and the endpoints negotiate the same codec. To configure, perform the following steps:

  • Enable media:

    % set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK media directMediaAllowed enabled
  • Set packet service profile:

    % set profiles media packetServiceProfile DEFAULT flags useDirectMedia enable

SDP Transparency

SDP transparency supports the transparency of ICE and other parameters that are sent transparently through the SBX.

The following CLI commands facilitate the use of SDP transparency:

Initially, direct media is required to be enabled and configured on both the ingress/egress trunk groups.

% set profiles media packetServiceProfile <DEFAULT_PSP> flags useDirectMedia enabled
% set addressContext ADDR_CONTEXT_1 zone ZONE_IAD sipTrunkGroup TG_IAD media directMediaAllowed enabled
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS sipTrunkGroup TG_AS media directMediaAllowed enabled

The following CLI command is used to turn on/off the SDP transparency feature on both ingress and egress trunk groups:

% set addressContext default zone ZONE1 sipTrunkGroup SBX10_AS signaling sdpTransparency sdpTransparencyState enabled

Ensure that media PSP DEFAULT is associated to the trunk group.

Deleting a Zone

You delete a zone using the delete addressContext <addressContext name> zone <zonename> command. You must delete all objects (SIP/H.323 signaling ports and trunk groups) assigned to a zone before deleting a zone.

 

  • No labels