In this section:
Do not create Zone Names using the character sequence DISP* (DISP, DISPL, DISPLA, and so on). Doing so will cause a conflict that results in issues when checking address contexts in the CLI.
A zone
is used to group a set of objects unique in a particular customer environment. A zone can contain one SIP signaling port and/or one H.323 signaling port, but up to 16 ports are allowed. A zone can contain multiple SIP and H.323 trunk groups.
Trunk group names must be unique across all address contexts, zones, and trunk group types.
IP peer names must be unique across all address contexts, and zones.
Ribbon recommends using the Transparency Profile to configure transparency on the SBC Core for new deployments, as well as applying additional transparency configurations to existing deployments. Do not use IP Signaling Profile flags in these scenarios because the flags will be retired in upcoming releases.
Refer to the SBC SIP Transparency Implementation Guide for additional information.
Sub-system signaling ports (such as SIP signaling ports, relay ports, D-SBC signaling ports, H.323 signaling ports) must use different IP addresses because each IP address adds one system ACL, and IP addresses are not prioritized when measured in the same ACL. This best practice will avoid any IP addressing overlaps and ensure proper policing of packets.
High-Level Command Syntax
The high-level CLI syntax for zone object is shown below. For detailed syntax and parameter descriptions, go to a specific page listed above under "Additional pages".
% set addressContext <addressContext name> zone <zone name> id <id #> % set addressContext <addressContext name> zone <zone name> action <dryUp | force> advancePeerControl <disabled | enabled> blockDirection <bothways | incoming | none | outgoing> cac <cac parameter> crankBackProfile <profile name> dialogTransparency <disabled | enabled> disableZoneLevelLoopDetection <disabled | enabled> dnsGroup <dnsGroup name> domainName <string> dryUpTimeout <1-1440 mins> filterSipSrc flexiblePolicyAdapterProfile <profile name> generateCallIdWithDialogTransparency <disabled | enabled> gwSigPort <index #> gwTrunkGroup <TRUNKGROUP NAME> h323SigPort <h323SigPort parameters> h323TrunkGroup <TRUNKGROUP NAME> id <1-4096> ipPeer <ipPeer name> messageManipulation <inputAdapterProfile | outputAdapterProfile> mode <inService | outOfService> mtrmConnPort <index> relayPort <relayPort Index> remoteDeviceType <accessDevice | appServer | core | nni | none> retargetSupport <disabled | useSystemLevelConfiguration> sipHeaderForAnonymousCall <none | remotePartyId> sipRegRelay <disabled | enabled> sipSigPort <index #> sipTrunkGroup <TRUNKGROUP NAME> srvcc eatf <disabled | enabled> tracerouteSigPort
Command Examples
To display the configured Zone and ID assignments:
To display the configured Zone and ID assignments details with display level set to 3:
To display the configured Zone and ID assignments details with display level set to “5”:
To configure Zone CAC:
% set addressContext default zone ZONE1 id 100 commit
To view Zone statistics:
% show table addressContext default zoneCurrentStatistics
To view Zone status:
% show table addressContext default zoneStatus
To configure Trunk Group CAC:
% set addressContext default zone ZONE1 sipTrunkGroup RHEL_1 cac callLimit 200
To view Trunk Group status:
% show table addressContext default zone ZONE1 trunkGroupStatus
To configure SIP Trunk Group CAC:
% set addressContext default zone ZONE1 sipTrunkGroup RHEL_1 cac callLimit 200
To configure registration configurations:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK signaling registration requireRegistration required expires 60 insideExpiresMinimum 3600
To create SIP/H.323 signaling ports inside zone:
% set addressContext default zone INTERNAL5 id 5 sipSigPort 5 ipAddressV4 10.9.89.10 portNumber 4010 transportProtocolsAllowed sip-udp,sip-tcp,sip-tls-tcp ipInterfaceGroupName IFG-INT5 state enabled
To show status/statistics of SIP/H.323 signaling ports:
% show status addressContext a1 zone INTERNAL sipSigPortStatus sipSigPortStatus 1 { state inService; } % show status addressContext a1 zone INTERNAL sipSigPortStatistics sipSigPortStatistics 1 { callRate 0; origCalls 5864747; termCalls 9410868; txPdus 55245380; rxPdus 45825318; txBytes 26211787697; rxBytes 18580071475; inRegs 0; outRegs 0; }
Different Signaling Port per AoR Contact
This feature supports configuring multiple SIP signaling ports (up to 16) in the same zone facing the AS:
- As much as possible, select a different egress SIP signaling port for multiple contacts for the same AoR.
- All requests from a registered user are sent out on the egress side through the same SIP signaling port towards the registrar.
Below are CLI command examples to configure multiple SIP signaling ports:
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS id 20 sipSigPort 1 ipAddressV4 10.3.255.1 5060 transportProtocolsAllowed sip-tcp, sip-tls-tcp ipInterfaceGroupName LIG2 state enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_AS id 20 sipSigPort 2 ipAddressV4 10.3.255.2 5060 transportProtocolsAllowed sip-udp ipInterfaceGroupName LIG2 state enabled
The following CLI commands enable this feature:
% set global signaling sipSigControls multipleContactsPerAoR enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD sipTrunkGroup TG_IAD signaling registration requireRegistration supported % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD remoteDeviceType accessDevice % set addressContext ADDR_CONTEXT_1 zone ZONE_AS remoteDeviceType appServer
Registering Endpoint Address in X-Header
This feature provides the IP address, port number and the transport parameters from the source IP packet carried in the REGISTER message reaching the registrar in the SIP proprietary header- X-Original-Addr.
Use the following CLI command to configure the Endpoint address in X-Header:
% set addressContext ADDR_CONTEXT_1 zone ZONE_AS sipTrunkGroup TG_AS signaling registration includeXOriginalAddr enabled
Output
Once the feature is configured there will be an additional header (X-Original-Addr) in the outgoing SIP Register message as follows:
REGISTER sip:10.3.255.150:5060 SIP/2.0 Via: SIP/2.0/UDP 10.3.255.1:5060;branch=z9hG4bK00B000b62fb005af43f From: <sip:9711000000@10.3.255.150>;tag=gK00000fca To: <sip:9711000000@10.3.255.150> Call-ID: 512_3123187670_1823140541@10.3.255.1 CSeq: 1162827419 REGISTER Max-Forwards: 70 Allow: INVITE, ACK, CANCEL, BYE, REGISTER, REFER, INFO, SUBSCRIBE, NOTIFY, PRACK, UPDATE, OPTIONS, MESSAGE, PUBLISH Contact: <sip:9711000000@10.3.255.1:5060;dtg=TG_INET1;reg-info=200>;q=0.0;expires=3600 X-Original-Addr:ip=10.4.255.150:port=5060:transport=udp User-Agent: iPhone-Time to Call-1.1.1-ios-4.3.3 Content-Length: 0
SMM for Mapping Source IP/Port to SDP “c=” Line
This feature supports the following:
- Overwrites the IP address in the SDP connection information (“c=”) line with the source IP address of the received message.
The following CLI commands are used to configure mapping the source IP/port to the SDP “c=” line:
% set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 #the criteria % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message # configure the message criteria % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message message messageTypes all % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 1 type message message methodType invite % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody messageBody condition regex-match regexp numMatch match string "c=IN IP4" % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 criterion 2 type messageBody messageBody messageBodyType all % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 type variable % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 operation store % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 operation store to type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 1 from type value value "c=IN IP4 " % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 type variable operation append % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 from type globalVariable globalVariableValue srcipaddr % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 2 to type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 type messageBody % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 operation regsub % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 regexp string "c=IN IP4 (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 from type variable variableValue var1 % set profiles signaling sipAdaptorProfile CHANGEIP1 rule 1 action 3 to type messageBody messageBodyValue all #enable the state % set profiles signaling sipAdaptorProfile CHANGEIP1 state enabled commit
Output
% set addressContext ADDR_CONTEXT_1 zone ZONE_CUST2 sipTrunkGroup TG_CUST2_1 signaling messageManipulation inputAdapterProfile CHANGEIP1
Configuring NAT
The SBC supports NAT traversal of Signaling and Media. To configure, perform the following steps:
Enable NAT traversal for Signaling:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal signalingNat enabled
Enable NAT traversal for Media:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal mediaNat enabled
Configure udpKeepaliveTimer:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK services natTraversal udpKeepaliveTimer 60
This value is sent in the 200 OK of the Register to overcome the NAT binding issue. Always configure this value to be smaller.
Configuring Direct Media
The
Enable media:
% set addressContext default zone EXTERNAL sipTrunkGroup EXT_NETWORK media directMediaAllowed enabled
Set packet service profile:
% set profiles media packetServiceProfile DEFAULT flags useDirectMedia enable
SDP Transparency
SDP transparency supports the transparency of ICE and other parameters that are sent transparently through the SBX.
The following CLI commands facilitate the use of SDP transparency:
Initially, direct media is required to be enabled and configured on both the ingress/egress trunk groups.
% set profiles media packetServiceProfile <DEFAULT_PSP> flags useDirectMedia enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_IAD sipTrunkGroup TG_IAD media directMediaAllowed enabled % set addressContext ADDR_CONTEXT_1 zone ZONE_AS sipTrunkGroup TG_AS media directMediaAllowed enabled
The following CLI command is used to turn on/off the SDP transparency feature on both ingress and egress trunk groups:
% set addressContext default zone ZONE1 sipTrunkGroup SBX10_AS signaling sdpTransparency sdpTransparencyState enabled
Ensure that media PSP DEFAULT is associated to the trunk group.
Deleting a Zone
You delete a zone using the delete addressContext <addressContext name> zone
<zonename
> command. You must delete all objects (SIP/H.323 signaling ports and trunk groups) assigned to a zone before deleting a zone.