In this section:

An IP interface group is a named object containing one or more IP interfaces (IP addresses). The IP interface group is address-context-specific (permanently bound to a particular address context), and is the primary tool to manage disjointed networks (separate networks that are not designed to communicate directly). An IP Interface Group is the local manifestation of a segregated network domain. The service section of an IP trunk group and a signaling port typically reference an IP interface group in order to restrict signaling and/or media activity to that IP interface group.



Note

The SBC 5400 and SBC 7000 systems support creating IP Interface Groups containing sets of IP interfaces that are not "processor friendly" (i.e. carried on physical Ethernet ports served by separate processors). However, restrictions exist regarding the usage of such Interface Groups.

For complete details, refer to Configuring IP Interface Groups and Interfaces.

Command Syntax

% set addressContext <addressContext_name> ipInterfaceGroup <ipInterfacegroup_name>
	ipInterface <ipInterface_name>
		action <dryup | force>
		altIpAddress <IP Address>
		altMediaIpAddresses <IPv4/IPv6 address>
		altPrefix <(unsignedInt) 0-128>
		bandwidth <bandwidth_value>
		bwContingency <bwContingency_value>
		ceName (not used)
		dryupTimeout <#>
		ipAddress <IP Address>
		mode <inService | Outofservice>
		portName <mgmt0 | mgmt1 | pkt0 | pkt1 | pkt2 | pkt3>
		prefix <(unsignedInt) 0-128>
		state <disabled | enabled>
		vlanTag <vlanTag_name>
	ipsec <disabled | enabled>
	ipsecForMedia <disable | enable>
 	
SWe N:1 HA or cloud-based IP interface syntax using metavariables:
 
% set addressContext <addressContext_name> ipInterfaceGroup <ipInterfacegroup_name> ipInterface <ipInterface_name>
	altIpVars <altIpVars_metaVariable>
	ipPublicVarV4 <ipPublicVarV4_metaVariable>
	ipPublicVarV6 <ipPublicVarV6_metaVariable>
	ipVarV4 <ipVarV4_metaVariable>
	ipVarV6 <ipVarV6_metaVariable>
	prefixVarV4 <prefixVarV4_metaVariable>
	prefixVarV6 <prefixVarV6_metaVariable>
	vlanTagVar <vlanTagVar_metaVariable>
 
 
% show addressContext <addressContext_name> ipInterfaceGroup <ipInterfacegroup_name> ipInterface <ipInterface_name>
	displaylevel <displaylevel>
	action
	altIpAddress
	altIpVars
	altMediaIpAddresses
	altPrefix 
	bandwidth
	bwContingency
	dryupTimeout 
	ipAddress
	ipPublicVarV4
	ipPublicVarV6
	ipVar4
	ipVar6
	mode 
	portName
	prefix
	prefixVarV4
	prefixVarV6
	state
	vlanTag
	vlanTagVar
 
% show addressContext <addressContext_name> ipInterfaceGroup <ipInterfacegroup_name> ipsec 
 
% delete addressContext <addressContext_name> ipInterfaceGroup <ipInterfacegroup_name> ipInterface <ipInterface_name>

Command Parameters

IP Interface Group Parameters

IP Interface Group Parameters

ParameterLength/RangeDescription

ipInterfaceGroup

1-23

A group of IP interfaces for the specified address context.

The SBC supports sharing of IP address by media and the signaling objects. In order to share media and signaling by same IP address, both IP interfaces must belong to same IP interface group.

ipsec

N/A

Administrative state of the IPsec support for this interface group.

  • disabled (default) – IPsec support is off for all interfaces in the group.
  • enabled – IPsec support is on for all interfaces in the group.
ipsecForMediaN/A


Note

This feature applies to SBC 7000 only.


The parameter ipsecForMedia in the ipInterfaceGroup CLI supports media over IPsec. The ipsecForMedia parameter works in conjunction with the ipsec state parameter already available in the same CLI. The ipsec Admin State field enables or disables IPsec on the LIF Group as a whole. Prior to the SBC 10.1.2 release, the ipsec parameter was only applicable to signaling and Lawful Intercept (LI) traffic - whichever the LIF Group was used for. Starting with the SBC 10.1.2, it also applies to media, but only if the ipsecForMedia parameter is also enabled.

  • You must enable the existing ipsec parameter for any use of IPsec.

  • You must also enable the ipsecForMedia parameter to support media over IPsec

NOTE: To support media over IPsec, you must enable both the ipsec and ipsecForMedia parameters. Calls using this IP Interface Group will only succeed if the media packets match a media SPD entry. Whenever ipsecForMedia state is disabled, only media SAs are deleted. If only the ipsec state is disabled, then only the signaling/LI SAs are deleted.

Currently, whenever ipsec state is disabled on a LIF group, isakmp ports on the interfaces belonging to the LIF group are closed. If the ipsec state is disabled on LIF group but the ipsecForMedia state is enabled, then isakmp ports are not closed, and vice-a-versa.

For additional information, refer to IPsec for Media, Configuring SBC for IPsec Media and IPsec SPD - CLI.


To establish IPsec SAs for media traffic, enable ipsecForMedia of a media ipInterfaceGroup as well as the  administrative "state" of the media IPsec SPD.  

  • disable (default)
  • enable

Modified: for 10.1.2


ipInterface

1-23

Specifies the IP interface name.

NOTE: The SBC 5400/7000 supports a maximum of 4,096 IP interfaces.

NOTE: The SBC SWe supports a maximum of 128 IP interfaces.

See the IP Interface Parameters (Basic) and/or IP Interface Parameters (SWe N:1 HA or Cloud-Based Deployments) tables for parameter descriptions.

IP Interface Parameters (Basic)

IP Interface Parameters (Basic)

Parameter

Length/Range

Description

action

N/A

Action to take when putting the IP interface out of service:

  • dryUp
  • force

altIpAddress

N/A

The alternative (secondary) IP address for the configured packet IP interface. The alternative IP address is optional, but if used must be a different IP address type than ipAddress parameter.

The following IP address types are supported:

  • IPv4 – This is IPv4 address in dotted decimal form (for   example 128.127.50.224).
  • IPv6 – This is IPv6 address in hexadecimal/colon form (for example,   1280:1276:3350:2224:2222:3333:8888:1245 or fd00:21:445:128::7880).

NOTE: Modify the alternative IP address only after changing the packet IP interface to disabled state.

altMediaIpAddresses IPv4 and/or IPv6 address(es)

Use this parameter to specify up to 254 additional IPv4 and/or IPv6 media IP addresses on this IP interface. Any combination of IPv4 and IPv6 is allowed. The following rules apply when configuring alternate media IP addresses:

  • An IPv4/IPv6 alternate media IP address is only allowed if an IPv4/IPv6 address is defined in the primary or alternate (main) address.
  • An alternate media IP address must be in the same network as the primary media address (of the same IP version). Hence, CPX needs to determine the subnet based on the primary/alt IP address and primary/alt prefix, and then verify that the given alternate media address is on the same subnet.
  • An alternate media IP address may be added while the IP interface is enabled and in-service. However, the IP can only be deleted when the IP interface state is set to "disabled".

altPrefix

0-128

Alternative IP subnet prefix of this interface.

bandwidth

0-2147483647

Maximum amount of bandwidth allowed in units of bytes per second for this IP interface.

  • 0 – Allow bandwidth subscriptions up to the maximum supported on the physical port.
  • <non-zero> – Allow up to the specified number of bytes per second on this IP interface. The aggregate of this number and all previously provisioned IP interfaces must not exceed the physical port bandwidth.

NOTE: When calculating bandwidth size, keep in mind that an IPv6 header size (40 bytes) is twice as large as IPv4 header (20 bytes), thus reducing the number of messages when using IPv6.

bwContingency

0-100

The percentage of maximum bandwidth reserved for contingency (that is, non-media).

The maximum bandwidth is the bandwidth normally available for media on the interface. (This is based on the configured bandwidth limit or the physical port bandwidth limit minus approximately 5% for signaling traffic). The contingency factor effectively reserves a portion of this bandwidth for non-media.

ceName

1-255

The name of the computing element that hosts the port used by this IP interface.

NOTE: ceName is currently not used by the SBC.

dryupTimeout

1-1440

The dry-up timeout in minutes (e.g. the number of minutes to wait before taking the interface out of service). This is started at the point where the command to make the interface out of service is issued. This is only applicable for media traffic, if there is no media traffic on the interface then it is immediately taken out of service. (default = 60)

NOTE: To do a dry-up for an interface used only for Signaling, perform a dry-up procedure of the sipSigPort associated to the interface.

ipAddress

N/A

The primary IP address of the interface. The following IP address types are supported:

  • IPv4 – This is V4 IP address in dotted decimal form (for example 128.127.50.224).
  • IPv6 – This is V6 IP address in hexadecimal/colon form (for example,   1280:1276:3350:2224:2222:3333:8888:1245 or fd00:21:445:128::7880).

NOTE: Duplicate Address Detection procedures are performed on interfaces configured with IPv6 addresses. If a duplicate address is found in the network, a warning message is output to Linux logs at /var/log/syslog and /var/log/messages.

Example message:

“Nov 12   08:52:35 SBC-1 kernel: [854194.740638] mgt1: IPv6 duplicate address   fc00::100:0:0:100:1 detected“

mode

N/A

The operational mode of the IP interface:

  • inService (default) – This state is set by default when state is enabled.
  • outOfService – Set mode to “outOfService” before changing the state to “disabled”.

NOTE: When setting mode to 'outOfService', be sure to also set state to 'disabled'.

portName

N/A

The physical port name used by this IP interface. Supported physical port names are:

  • mgmt0 – Primary management Ethernet port for OAM.
  • mgmt1 – Secondary management Ethernet port for OAM.
  • pkt0 – First Gigabit Ethernet port used for signaling and media traffic.
  • pkt1 – Second Gigabit Ethernet port used for signaling and media traffic.
  • pkt2 – Third Gigabit Ethernet port used for signaling and media traffic.
  • pkt3 – Fourth Gigabit Ethernet port used for signaling and media traffic.

Packet ports (pkt) identify the physical ports used for signaling and media, whereas media ports are UDP ports used to carry media traffic.

NOTE: ipInterfaceGroup and ipInterface should not be configured for mgmt0 and mgmt1 ports. Instead, configure mgmt0 and mgmt1 ports using mgmtIpInterfaceGroup and mgmtIpInterface.

prefix

0-128

The IP subnet prefix of this Interface. Default = 16.

state

N/A

Administrative state of   the IP interface.

  • disabled (default) – In this state the IP interface is inactive and does not respond to a ping.
  • enabled – In this state the IP interface is active and responds to a ping if the Ethernet cable is connected.

vlanTag

2-4094

VLAN tags are required if more than one IP Interface is associated with a single physical port on the SBC. Enter a value from 2 to 4094.

NOTE: A vlanTag is exclusive to a physical port. Therefore, the SBC does not create two interfaces with the same vlanTag on the same physical port.

IP Interface Parameters (SWe N:1 HA or Cloud-Based Deployments)

Note

The following parameters are configured using metavariable names. Use the command 'show table system metaVariable' to view the actual values.

IP Interface Parameters (SWe N:1 HA or Cloud-Based)

ParameterDescription
altIpVarsName of the configuration variable (metavariable) used to fetch an additional IP address on this IP interface.
ipPublicVarV4Name of the configuration variable used to fetch a public/floating IPv4 address for this IP interface.
ipPublicVarV6Name of the configuration variable used to fetch a public/floating IPv6 address for this IP interface.
ipVarV4Name of the configuration variable used to fetch an IPv4 address for this IP interface.
ipVarV6Name of the configuration variable used to fetch IPv6 address for this IP interface.
prefixVarV4Name of the configuration variable used to fetch a subnet prefix for IPv4 address of this IP interface.
prefixVarV6Name of the configuration variable used to fetch a subnet prefix for IPv6 address of this IP interface.
vlanTagVarName of the configuration variable used to fetch the vlanTag for this IP interface.

Command Example

To configure an internal and external IP interface group:

% set addressContext default ipInterfaceGroup EXTERNAL_IPIG ipInterface IPIF0_300 ceName ALNSBC01A portName pkt0 ipAddress 135.165.134.142 prefix 27 mode outOfService state disabled vlanTag 300
% set addressContext default ipInterfaceGroup INTERNAL_IPIG ipInterface IPIF2_200 ceName ALNSBC01A portName pkt2 ipAddress 135.165.130.115 prefix 27 mode outOfService state disabled vlanTag 200

% commit


To support media over IPsec:

set addressContext AC1 ipInterfaceGroup IG1 ipsec enabled ipsecForMedia enable

To display configuration information regarding all IP interfaces:

% show addressContext default ipInterfaceGroup
ipInterfaceGroup EXTERNAL_IPIG {
    ipInterface IPIF0_300 {
        ceName    ALNSBC01A;
        portName  pkt0;
        ipAddress 135.165.134.142;
        prefix    27;
        mode      outOfService;
        state     disabled;
        vlanTag   300;
    }
}
ipInterfaceGroup INTERNAL_IPIG {
    ipInterface IPIF2_200 {
        ceName    ALNSBC01A;
        portName  pkt2;
        ipAddress 135.165.130.115;
        prefix    27;
        mode      outOfService;
        state     disabled;
        vlanTag   200;
    }
}

To display configuration information regarding all IP interfaces with display level set to 3:

% show addressContext default ipInterfaceGroup displaylevel 3
ipInterfaceGroup EXTERNAL_IPIG {
    ipInterface IPIF0_300;
}
ipInterfaceGroup INTERNAL_IPIG {
    ipInterface IPIF2_200;
}

To display interface status:

> show table addressContext default ipInterfaceGroup TRUST_IPIG ipInterfaceStatus
                                                   RX       TX       NUM    ALLOCATED  ACTUAL     BW
NAME         IFINDEX  OPER STATE    OOS REASON     PACKETS  PACKETS  CALLS  BANDWIDTH  BANDWIDTH  DEVIATION
-------------------------------------------------------------------------------------------------------------
TRUST_IPIF1  26       resAllocated  notApplicable  3483     3400     0      0          0          0


To configure a virtual IP interface for IP interface group LIG1, and then display the metavariable values associated with the metavariables.

set addressContext default ipInterfaceGroup LIG1 ipInterface LIF1 ceName vsbc portName pkt0 ipVarV4 IF2.IPV4 prefixVarV4 IF2.PrefixV4 ipPublicVarV4 IF2.FIPV4
commit
show table system metaVariable
CE NAME NAME VALUE
-------------------------------------------------------------------
vsbc1-192.168.100.122 IF0.Port Mgt0
vsbc1-192.168.100.122 IF1.IPV4 192.168.100.122
vsbc1-192.168.100.122 IF1.Port Ha0
vsbc1-192.168.100.122 IF2.GWV4 10.7.1.1
vsbc1-192.168.100.122 IF2.GWV6 fd00:10:6b21:2007::1
vsbc1-192.168.100.122 IF2.IPV4 10.7.94.100
vsbc1-192.168.100.122 IF2.IPV6 fd00:10:6b21:2007::300
vsbc1-192.168.100.122 IF2.Port Pkt0
vsbc1-192.168.100.122 IF3.GWV4 10.8.1.1
vsbc1-192.168.100.122 IF3.GWV6 fd00:10:6b21:2008::1
vsbc1-192.168.100.122 IF3.IPV4 10.8.94.100
vsbc1-192.168.100.122 IF3.IPV6 fd00:10:6b21:2008::300
vsbc1-192.168.100.122 IF3.Port Pkt1
vsbc1-192.168.100.122 IF2.VlanId 2007
vsbc1-192.168.100.122 IF3.VlanId 2008
vsbc1-192.168.100.122 IF1.PrefixV4 24
vsbc1-192.168.100.122 IF2.PrefixV4 16
vsbc1-192.168.100.122 IF2.PrefixV6 64
vsbc1-192.168.100.122 IF3.PrefixV4 16
vsbc1-192.168.100.122 IF3.PrefixV6 64
vsbc1-192.168.100.122 PKT0_ALT_01.IP 10.7.94.101
vsbc1-192.168.100.122 PKT0_ALT_02.IP fd00:10:6b21:2007::301
vsbc1-192.168.100.122 PKT0_ALT_01.IFName IF2
vsbc1-192.168.100.122 PKT0_ALT_02.IFName IF2