In this section:
The SIPREC protocol defines the interaction between a Session Recording Client (SRC) and a Session Recording Server (SRS), and controls the recording of media transmitted in the context of a communications session (CS) between multiple user agents. The Recoding Session (RS) is established over SIP from SRC to SRS.
The SBC Core supports SIPREC towards multiple recorders based on the Internet Engineering Task Force (IETF) standard. The SBC acts as an SRC sending recording sessions to a third-party SRS when a configured recording-criteria is met.
Session recording is used for various purposes such as complying with regulation, monitoring quality of service of representatives as well as storing call information for quality analysis. The SBC Core supports the following proprietary SIP recording interfaces: Access to the Media Capture Tool is restricted to privileged, password-protected user accounts. Tracking of its use is tracked by AUD logging. The SBC can record all the calls in the system. The number of recording sessions depends on the available interface bandwidth.
In the figure SIPREC Support SBC SIP Recording Strategy, the basic call is established between SIP phone 1 and SIP phone 2 through the SBC, which is known as communication session (CS). The SBC establishes an RS based on CS towards SRS. The SBC and SRS may exist in the same or different administrative domains.
The two methods to trigger a call recording are:
The recording-criteria determine, which sessions to record, SRS information along with other operational options.
The PSX/ERE uses the following configurable objects when determining whether a call needs to be recorded or not:
The PSX/ERE supports provisioning 128 Recording criteria , 256 SRS Group Profiles and 256 SRS Cluster Profiles.
The need to record a call is decided from the PSX based on the following criteria in the given order of priority:
For detailed configuration information, refer to the section Deploying SBC For SIPREC
To enable/disable SIPREC feature, use following syntax:
% set addressContext <ADDRESS-CONTEXT> zone <ZONE> sipSigPort <SIP SIGNALLING PORT> siprec <disabled|enabled>
To start/stop a recording, the following CLI syntax applies:
% request global sipRec startRecord gcid <GCID> callLeg ingress numOfStreams <Number of recorders 1 or 2> srsIpAddress <SRS IP ADDRESS> srsPort <SRS PORT> transport <tcp | udp> trunkGroup <TRUNK GROUP NAME> srsIpAddress2 <SRS IP ADDRESS> srsPort2 <SRS Port> transport2 <tcp | udp> trunkGroup2 <SIP Trunk Group> % request global sipRec stopRecord gcid <GCID> recorderAddress <IP Address> recorderPort <Port Number>
If only the GCID value is mentioned in the stopRecord
, all the multiple recordings for that GCID are stopped at once.
To view SIPREC status, use CLI syntax:
> show table global SipRecStatus RECORDER RX RTP TX RTP RECORDING GCID ADDRESS ADDRESS ADDRESS LEG 1 10.11.12.13:5060 10.11.12.13:8000 10.11.12.13:8002 ingress
Refer to Zone - SIP Sig Port - CLI and Request Global - CLI pages for CLI command details.
Once the SBC determines that the call must be recorded, it initiates the SIP INVITE towards the SRS specified in the recording criteria.
The SBC does not support transcoding towards the SRS. If the SRS replies back with any other codec, the recording session continues until the SRS terminates the call on its own.
For configuring SIPREC feature, refer to the section Deploying SBC For SIPREC.
The SBC stops recording a call in one of the three ways:
The SBC supports following SIPREC features:
The SIPREC feature is controlled by a system-wide SBC license (SBC-SIPREC). If the license is not available, any SIPREC recording returned by a PSX is ignored.
The SBC supports the concept of Primary and secondary SRS servers for redundancy. It supports multiple (up to 8) SRS servers in a SRS Group. All of them can be active at any point of time.
SRS Redundancy is supported only when numOfStreams
is set to "1" in an SRS Group. When numOfStreams
= "2'", the SBC is already sending media to the redundant recorder.
Modified: for 8.2.1
The ARS capability enables the SBC to determine whether a server is reachable and provides the ability to temporarily "blacklist" a server IP address if necessary. Within an ARS profile you define when to blacklist a peer, in this case an SRS server, and a recovery algorithm that defines when to remove blacklisting, restoring the server into service. You can assign an ARS profile to the SIP trunk group that handles traffic toward the SRS servers.
An ARS profile offers three types of blacklisting criteria. In the context of monitoring SRS servers, they apply as follows:
Once the SBC blacklists an SRS server using any of the previous criteria, the SBC does not attempt to send the SRS server any recording requests until it recovers, as specified in the profile.
Refer to the following pages for more information:
The CAC capability provides a method to avoid overload by applying limits on bandwidth usage and call sessions toward the SRS server. To apply CAC rules to a specific SRS server, you configure an IP Peer object to represent the SRS server, and then attach to it a SIP CAC profile that specifies the limits and rules you want to impose. You can define CAC limits within a SIP CAC profile in terms of both bandwidth usage limits and call limits.
SIP CAC profiles specify CAC limits for a specific endpoint (peer), in this case an SRS server. Although the SIP CAC profile object includes a wide range of parameters, only the top-level and egress-endpoint-level parameters apply in the context of SRS servers. Specifically, you can use the following CAC parameters when creating a SIP CAC profile to apply to an IP peer that represents an SRS server:
The SBC imposes the limits configured in the SIP CAC profile when determining whether to send SIPREC traffic towards the server to which it is assigned. If a SIPREC request fails due to CAC limits and a redundant SRS server is configured, the SBC attempts to send the request to the next available redundant SRS server.
Refer to the following pages for more information:
The SBC is enhanced to support simultaneously recording SIP egress and ingress legs during a session, for a total of four recordings (four simultaneous streams: two in the ingress leg, and two in the egress leg).
The SBC provisions the SIPR recordings towards all 4 recorders, two from Ingress tap point and another two from egress tap point. (Due to NP limitations, four simultaneous recordings cannot be triggered on the same call leg.)
recordingType
to "both legs" or "all legs".Below is a diagram illustrating the use case of a simultaneous SIPREC, with first two recordings on Ingres call-leg, and the next two recordings on egress call-leg.
For more information on parameter configurations and CDR field descriptions refer to:
CLI and EMA:
Alarms:
CDR:
The SBC supports sending encrypted media streams (Secure Real-Time Transport Protocol (SRTP)) towards the SIPREC recorders.
With this feature, the SBC:
srsGroupData
.srsGroupData.
srsGroupData
.The following two options are added to the srsGroupData
:
srtp
: Specifies whether SRTP is enabled for the SRS or not.cryptoSuiteProfile
: If SRTP is enabled, encrypt recording session using this crypto details.srsGroupData
crypto suite profile.When SRTP is disabled for the SRS, the SBC sends unencrypted streams towards the SRS irrespective of the CS is using RTP or SRTP.
When SRTP is enabled for the SRS and if the CS leg that is recorded is not using SRTP:
cryptoSuiteProfile
is configured for the SRS, the SBC sends the SRTP packets using the cryptoSuiteProfile
on the recorded leg towards the SRS. cryptoSuiteProfile
is not configured for the SRS, the SBC sends the RTP packets. When the CS is using SRTP pass-through:
cryptoSuiteProfile
is configured, the SBC re-encrypts the media using the configured cryptoSuiteProfile
.When the CS is an SRTP terminated call:
cryptoSuiteProfile
is configured for the SRS, the SBC sends the SRTP packets using the cryptoSuiteProfile
on the recorded leg towards the SRS. cryptoSuiteProfile
is not configured for the SRS, the SBC uses the cryptoSuiteProfile
from the CS and sends SRTP packets.The SIPREC functionality fails and the alarm sonusSbxSipRecSrsSelectionFailedNotification is generated in case of following scenarios:
The SBC supports SIPREC when the SIPREC specifications were in early drafts (draft-ietf-siprec-xx-06). With the implementation of this feature, the SIPREC standard has evolved to RFCs (RFC 7245, RFC 7865, RFC 7866, and RFC 8068), and provides capability for supporting "dynamically programmable" selection of metadata content.
sipRecMetaDataProfile
is introduced to the services to provide the capability to configure the headers that are mapped from the target call leg to the XML and the corresponding metadata XML element name.The following call flow diagram displays the XML tag name.
An example SIP INVITE is shown below:
INVITE sip:SIPREC-SRS@10.54.80.8:51802 SIP/2.0 Via: SIP/2.0/UDP 10.34.171.39:5060;branch=z9hG4bK00B00021f4cdc2590c2 From: "SIPREC-SRC" <sip:SIPREC-SRC@10.34.171.39>;tag=gK00000237 To: "SIPREC-SRS" <sip:SIPREC-SRS@10.54.80.8> Call-ID: 35651585_16777218_133945398@10.34.171.39 CSeq: 787532 INVITE Max-Forwards: 70 Allow: INVITE,ACK,CANCEL,BYE,REGISTER,REFER,INFO,SUBSCRIBE,NOTIFY,PRACK,UPDATE,OPTIONS,MESSAGE,PUBLISH Accept: application/sdp, application/rs-metadata-request,application/rs-metadata Contact: "SIPREC-SRC" <sip:SIPREC-SRC@10.34.171.39:5060>;+sip.src Require: siprec Supported: timer,100rel Session-Expires: 1800 Min-SE: 90 Content-Length: 4560 Content-Type: multipart/mixed;boundary=sonus-content-delim MIME-Version: 1.0 --sonus-content-delim Content-Disposition: session; handling=required Content-Length: 296 Content-Type: application/sdp v=0 o=Sonus_UAC 748003 60371 IN IP4 10.34.171.39 s=SIP Media Capabilities t=0 0 m=audio 1052 RTP/SAVP 0 c=IN IP4 10.54.4.51 a=label:1 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:k3NkQB3Tkr23twOMMjd8YjvLI/XPdgE+a1D8FDho a=rtpmap:0 PCMU/8000 a=sendonly a=maxptime:10 m=audio 1050 RTP/SAVP 0 c=IN IP4 10.54.4.51 a=label:2 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:k3NkQB3Tkr23twOMMjd8YjvLI/XPdgE+a1D8FDho a=rtpmap:0 PCMU/8000 a=sendonly a=maxptime:10 --sonus-content-delim Content-Disposition: recording-session Content-Length: 3976 Content-Type: application/rs-metadata+xml <?xml version="1.0" encoding="UTF-8"?> <recording xmlns='urn:ietf:params:xml:ns:recording:1'> <datamode>complete</datamode> <group group_id="OTIxYzk4MDAtN2RkYy0xMA=="> <associate-time>2018-08-09T08:31:44Z</associate-time> <callData xmlns='http://ribboncommunications.com/siprec/calldata'> <xTo><sip:+1999@10.54.80.8:51801;user=phone>;tag=1</xTo> <xVia>SIP/2.0/UDP 10.34.171.34:5060;branch=z9hG4bK00B0000a25afeb7eee5</xVia> <xCSeq>844797 INVITE</xCSeq> <xFrom>"sipp" <sip:sanrayana@10.34.171.34>;tag=gK0000011e</xFrom> <xContentType>application/sdp</xContentType> <xMaxForwards>70</xMaxForwards> <srsgrpId>GR1</srsgrpId> <xAcceptContact>*;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel"</xAcceptContact> <xPPreferredIdentity>"sipp" <sip:sanrayana@10.54.80.8:5061></xPPreferredIdentity> <mprofileVers>v1.0</mprofileVers> <gcid>35651585</gcid> </callData> </group> <session session_id="OTIxYzlhM2UtN2RkYy0xMA=="> <group-ref>OTIxYzk4MDAtN2RkYy0xMA==</group-ref> <start-time>2018-08-09T08:31:44Z</start-time> </session> <participant participant_id="OTIxYzk4MDEtN2RkYy0xMA=="> <nameID aor="sanrayana@10.34.171.34:5060"> <name xml:lang="en">sipp</name> </nameID> </participant> <participant participant_id="OTIxYzk4MDItN2RkYy0xMA=="> <nameID aor="+1999@10.54.80.8"> <name xml:lang="en"> </name> </nameID> </participant> <stream stream_id="OTIxYzk4MDQtN2RkYy0xMA==" session_id="OTIxYzlhM2UtN2RkYy0xMA=="> <label>1</label> <associate-time>2018-08-09T08:31:44Z</associate-time> </stream> <stream stream_id="OTIxYzk4MDUtN2RkYy0xMA==" session_id="OTIxYzlhM2UtN2RkYy0xMA=="> <label>2</label> <associate-time>2018-08-09T08:31:44Z</associate-time> </stream> <sessionrecordingassoc session_id="OTIxYzlhM2UtN2RkYy0xMA=="> <associate-time>2018-08-09T08:31:44Z</associate-time> </sessionrecordingassoc> <participantsessionassoc participant_id="OTIxYzk4MDEtN2RkYy0xMA==" session_id="OTIxYzlhM2UtN2RkYy0xMA=="> <associate-time>2018-08-09T08:31:44Z</associate-time> </participantsessionassoc> <participantsessionassoc participant_id="OTIxYzk4MDItN2RkYy0xMA==" session_id="OTIxYzlhM2UtN2RkYy0xMA=="> <associate-time>2018-08-09T08:31:44Z</associate-time> </participantsessionassoc> <participantstreamassoc participant_id="OTIxYzk4MDEtN2RkYy0xMA=="> <send>OTIxYzk4MDQtN2RkYy0xMA==</send> <recv>OTIxYzk4MDUtN2RkYy0xMA==</recv> </participantstreamassoc> <participantstreamassoc participant_id="OTIxYzk4MDItN2RkYy0xMA=="> <send>OTIxYzk4MDUtN2RkYy0xMA==</send> <recv>OTIxYzk4MDQtN2RkYy0xMA==</recv> </participantstreamassoc> </recording>