In this section:
Default values are enclosed in square brackets [ ]
PEAP/MSCHAPv2 is a new method of authentication added to the RadiusAuthentication functionality. This allows a more secure authentication where the radius password is sent using encryption (PEAP) and authenticated via the Microsoft Challenge Handshake Authentication Protocol (MSHAPv2). A CLI command has been added to set the Radius authentication method:
% set oam radiusAuthentication radiusServer <serverName> authenticationMethod <pap | peapmschapv2>
This feature adds the verifyAutoIndex
configuration parameter. The verifyAutoIndex
configuration parameter checks new entries added to an SBX configuration table that has an Auto Index column to make sure that the newly assigned Auto Index value does not already exist in that table. This configuration parameter is in the admin object of the system-level configuration.
% set system admin <system name> verifyAutoIndex <false | true>
A new profile retryProfile
is added to the profiles object to configure a trigger/action rule to specify that when a particular response code (and optional warning code) is received (the trigger), the SBC performs a fallback action (fallback SRTP to RTP, fallback to IPV4 or fallback to IPV6). The SBC then reattempts an INVITE with the updated Session Description Protocol (SDP) offer based on the action configured for the received error response and warning code.
% set profiles services retryProfile <retryProfile name> attemptRecordGeneration <[disabled] | enabled> state <[disabled] | enabled> triggerActionRule <1-16> sipResponseCode <300-699> sipWarningCode <300-399> action <1-16> actionType <fallBackSrtpToRtp | fallBackToIPV4 | fallBackToIPV6>
The performance of the SBC VM can be optimized by providing the call mix while configuring the SBC SWe instance. The SBC includes a set of predefined call mixes also known as standard traffic profiles. Additionally, a user can create custom traffic profiles containing a call mix that is more appropriate for the SBC SWe.
The following system profiles are added/updated in this release:
SWe Profile | Description | Change |
---|---|---|
sweTrafficProfiles | Profile configuration of all the standard and custom profiles and their respective call mix. | New SWe profile. |
sweActiveProfile | Profile configuration of the name of active profile and time-stamp of activation. | New standard profile added to the existing configuration at SWe Active Profile - CLI:
|
sweCodecMixProfile | The standard and custom codec mix profile configuration. | New SWe profile. |
% set system sweTrafficProfiles <profile name> accessScenario true callHoldTime 125 passthroughCodecProfile cmix1 transcodePercent 30 transcodingCodecProfile G711_G729_20ms
% set addressContext <name> zone <name> sipTrunkGroup <name> media earlyMedia forkingBehaviour <firstProvResponse | firstRtp | lastReceivedSdp | pemPriority> method pEarlyMedia defaultGatingMethod <inactive | recvonly | sendonly | sendrecv> egressSupport <disabled | enabled> rtpServerTable rtpServerTableName sessionAnswer
The parameter mgmtMode
is added to the system admin status
command in this release, and specifies whether SBC SWe instances are managed manually or through EMS/VNFM.
Two modes for managing the HA/Redundancy of SBC SWe Cloud Network Functions Virtualization (NFV) are supported:
Centralized (default) - Use this mode for traditional HA/redundancy model (1:1 scenario) where one active instance is backed up by one standby instance. In Centralized mode, the SBC configuration is synchronized between active and standby SBCs. The Centralized mode is preferred for deployments where the scale/sessions requirements are low.
Distributed - Use this mode for SBC SWe Cloud deployments where up to N active SBC instances are backed up by a single standby SBC instance (N:1). In this mode, each node is configured separately, and the configuration on active and standby instances are not synchronized.
The changes in CLI are:
mgmtMode
is added to system. This parameter specifies whether the instances are managed either manually, or through EMS/VNFM. There are two supported modes:rgstatus, serverStatus
, and serverAdmin
commands are supported on AWS for 1:1 redundancy group. For centralized mode, the commands display details of both active and standby volumes.
> show table system admin <system name> mgmtMode
The SBC in enhanced with the following CLI to support Gateway CAC functionality.
% set addressContext <address_context_name> zone <zone_name> gwTrunkGroup <gateway_trunk_group_name> parentSharedCacLimitsPoolName <shared_Cac_limits_pool_name> % set addressContext <name> zone <name> gwTrunkGroup <name> cac bandwidthLimit <0-2147483647> callLimit <0-2147483647> egress emergencyOversubscription <0-1000> hpcOversubscription <0-100> ingress
The SBC is enhanced with the following CLI in support of configuring a remote server IP address, port, and protocol type to push the audit logs to the remote server.
% set oam eventLog platformAuditLogs auditLogRemoteHost <IPv4/IPv6 address> % set oam eventLog platformAuditLogs auditLogPort <1 to 65535> % set oam eventLog platformAuditLogs auditLogProtocolType <relp | [tcp] | udp> > show table oam eventLog platformAuditLogs
The SBC is enhanced with the following CLI in support of SIPREC on multiple recorders.
The following parameters are added to startRecord
of SIPREC object:
numOfStreams
srsIpAddress2
srsPort2
trunkGroup2
transport2
The parameter recorderAddress
is added to stopRecord
.
> request global siprec startRecord callLeg egress ingress gcid <0-2147483647> numOfStreams srsIpAddress <SRS IP ADDRESS> srsIpAddress2 srsPort <IP port number> srsPort2 <Ip port number> transport <tcp | udp> transport2 <tcp | udp> trunkGroup <TRUNK GROUP NAME> trunkGroup2 stopRecord gcid <0-2147483647> recorderAddress recorderPort
Additionally, the srsGroupProfile
is added to the global servers object.
% set global servers srsGroupProfile <profile name> description <0-199 characters> loadDistribution <roundRobin | sequence> numSimultaneousStream <1-2> srsGroupData <0-7> ipAddress <IP address> ipPort <IP port> ipTGId <IP TG Id> transport <tcp | udp>
The SBC is enhanced with the following configurations in support of Pathcheck ping enhancements:
replyTimeout
, is added to the pathCheckProfile configuration.% set system pathCheckPath <Path Check Path name> addressContext <addressContext name> ipInterface <IP Interface name> ipInterfaceGroup <IPIG name> pathCheckProfile <Patch Check Profile name> reportSignalIpAddress <IP address> reportSignalIpPort <Port Id> sourceIpAddress <Ip address> state <[disabled] | enabled> targetIpAddress <IP address> zone <Zone name> % set profiles services pathCheckProfile <profile name> failureResponseCodes <400-699 | all |all4xx | all5xx | all6xx> protocol <icmp | sipOptions> recoveryCount <1-10> replyTimeoutCount <1-10> sendInterval <1-600> transportPreference <preference1 | preference2 | preference3 | preference4>
The SBC is enhanced to populate the encapsulated Integrated Service Digital Network User Part (ISUP) calling party even when it is not mapped to P-Asserted_ID in the INPUT DATA that is sent to the PSX. In support of this, the following flags are added to the SIP Trunk Group Signaling object.
mapFromHeaderToIsupGap
mapIsupCgpnToPAI
% set addressContext <name> zone <name> sipTrunkGroup <name> signaling callingParty cpcParamFromHeader <[default] | fromheader | paitel> fromHdrForCallingParty <disabled | [enabled]> mapFromHeaderToIsupGAP <[disabled] | enabled> mapIsupCgpnToPAI <[disabled] | enabled> paiForCallingParty <disabled | [enabled]> ppiForCallingParty <disabled | [enabled]> rpiForCallingParty <disabled | [enabled]> trustedSourceForIsup <disabled | [enabled]>
The parameter dnsGroup
is added under System > Policy Server > Global Config to allow a DNS Group associate with the global configuration of the policy server. This allows the PSX FQDN resolution with a particular DNS Group.
% set system policyServer globalConfig dnsGroup <dnsGroupServer_name>
The SBC is enhanced with the addition of the following configuration and status commands in support of SBC SWe capacity improvements.
% set system sweActiveProfile name <profile name> default standard_callmix_profile standard_msbc_profile standard_passthrough_profile standard_signaling_profile standard_transcoding_profile > show table system sweTrafficProfiles > show table system sweActiveProfile > show table system sweCodecMixProfile > show table system sweProcessorCapacity > show table system sweCapacityEstimate
The SBC is enhanced with the addition of the following flag sftpadminLoginEnabled
to the Account Management object to enable or disable the sftpadmin
user.
% set system admin <admin-name> accountManagement sftpadminLoginEnabled <false | [true]>
The SBC is enhanced with the addition of the following SIP Trunk Group flags:
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup sipTrunkGroup name> signaling aiToPemInterworking <[disabled] | enabled> convertAlertToProgress <[disabled] | enabled>
The SBC is enhanced with the addition of the switch
parameter to the sipAdaptorProfile
.
% set profiles signaling sipAdaptorProfile <name> rule <Index> criterion <Index> switch <Index> switchAction <1-128> switchValue <value> switchRegexpString <regular expression>
The Service Capacity License, referred as the "SBC-CAPACITY" license, allows the count-based features to use the full capacity of the SBC.