In this section:

 

 

 

Related article:

Overview

The SBC Core supports tracing routes for specific peer IP addresses. The traceroute utility provided by the GNU/Linux is utilized as a base for this functionality. This feature handles and processes the traceroute requests from the Signaling Gateway (SG).

The traceroute functionality for a peer IP address is invoked by sending a traceroute request message to the Traceroute module. The message contains details of the peer's IP address, which is processed by the TRCRT/Traceroute module. This feature supports the following scenarios:

  • If the ARS blacklists a server, SIP Signaling Gateway (SIPSG)  sends a traceroute request to log the route for the blacklisted server.
  • When the Gateway-Gateway (GW-GW) TCP connection is lost and cannot be restored, the Gateway Signaling Gateway (GWSG) sends traceroute request to log the route for the peer GW server.
  • When the establishment of a GW-GW connection fails.
  • When a peer IP address is blacklisted by the PathCheck process via the ARS mechanism.

To allow the Internet Control Message Protocol (ICMP) packets from different routers when the traceroute starts, an Access Control List (ACL) entry is configured. As soon as the traceroute output is available, this ACL entry is removed.

 

Note

For the traceroute utility to work, a higher precedence "IP ACL rule" is created to accept ICMP traffic on the SIP Signaling port. This rule overrides any "deny-all" or "deny-ICMP" User ACL rule configured by the Administrator. This higher precedence "IP ACL rule" is created before the start of traceroute for an endpoint, and is be removed as soon as the traceroute is over. Thus, for the brief duration of traceroute, the ICMP traffic to the Signaling port is allowed from any IP address, even if "deny-ICMP" or "deny-all" User ACL rules are configured in the system.


Command Syntax

% set addressContext <addressContext_Name> zone <zone_Name> tracerouteSigPort
	probeMethod <icmp | udp>
	state <disabled | enabled>

Command Parameters

 

Traceroute Sig Port Parameters

ParameterDescription
tracerouteSigPort

Configuration to provide Traceroute functionality for a peer IP for this zone.

probeMethod

The Traceroute probe method.

  • icmp
  • udp (default)
state

Use this flag to enable/disable Traceroute functionality for this zone.

  • disabled (default)
  • enabled

Configuration Example

To enable the Traceroute functionality and configure the probeMethod parameter for the defaultSigZone:

set addressContext default zone defaultSigZone tracerouteSigPort state enabled probeMethod icmp
commit

  • No labels