In this section:
The SBC Core supports tracing routes for specific peer IP addresses. The The To allow the Internet Control Message Protocol (ICMP) packets from different routers when the For the traceroute
utility provided by the GNU/Linux is utilized as a base for this functionality. This feature handles and processes the traceroute
requests from the Signaling Gateway (SG).traceroute
functionality for a peer IP address is invoked by sending a traceroute
request message to the Traceroute
module. The message contains details of the peer's IP address, which is processed by the TRCRT/Traceroute
module. This feature supports the following scenarios:traceroute
request to log the route for the blacklisted server.traceroute
request to log the route for the peer GW server.traceroute
starts, an Access Control List (ACL) entry is configured. As soon as the traceroute
output is available, this ACL entry is removed.traceroute
utility to work, a higher precedence "IP ACL rule" is created to accept ICMP traffic on the SIP Signaling port. This rule overrides any "deny-all" or "deny-ICMP" User ACL rule configured by the Administrator. This higher precedence "IP ACL rule" is created before the start of traceroute
for an endpoint, and is be removed as soon as the traceroute
is over. Thus, for the brief duration of traceroute
, the ICMP traffic to the Signaling port is allowed from any IP address, even if "deny-ICMP" or "deny-all" User ACL rules are configured in the system.
% set addressContext <addressContext_Name> zone <zone_Name> tracerouteSigPort probeMethod <icmp | udp> state <disabled | enabled>
To enable the Traceroute functionality and configure the probeMethod
parameter for the defaultSigZone
:
set addressContext default zone defaultSigZone tracerouteSigPort state enabled probeMethod icmp commit