Cisco Unified Border Element (SP Edition) Configuration Guide: Distributed Model
Overview of Cisco Unified Border Element (SP Edition) Distributed Model
Downloads: This chapterpdf (PDF - 336.0KB) The complete bookPDF (PDF - 2.2MB) | Feedback

Cisco Unified Border Element (SP Edition) Distributed Model Overview

Table Of Contents

Cisco Unified Border Element (SP Edition) Distributed Model Overview

Contents

General Overview

Distributed and Unified Models

Supported Features on the Cisco Unified Border Element (SP Edition) Distributed Model

Deployment of the Cisco Unified Border Element (SP Edition) Distributed Model

Cisco Unified Border Element (SP Edition) DBE Deployment Scenario


Cisco Unified Border Element (SP Edition) Distributed Model Overview


This chapter presents an overview of the Cisco Unified Border Element (SP Edition), supported features, and deployment of Cisco Unified Border Element (SP Edition) on the Cisco ASR 1000 Series Routers.

Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be commonly referred to in this document as the session border controller (SBC).

Contents

General Overview

Supported Features on the Cisco Unified Border Element (SP Edition) Distributed Model

Deployment of the Cisco Unified Border Element (SP Edition) Distributed Model

Cisco Unified Border Element (SP Edition) DBE Deployment Scenario

General Overview

Cisco Unified Border Element (SP Edition) is integrated with other features on the Cisco ASR 1000 Series Routers without requiring additional application-specific hardware, such as service blades. Cisco Unified Border Element (SP Edition) is integrated with Layer 2 and Layer 3 services, such as security, QoS, IP Multicast, that eliminate the need to create an overlay network of standalone SBC appliances. With Integrated SBC, SBC functionality and routing functionality both reside on the Cisco ASR 1000 Series Router. The integration also allows SBC to build on the security and admission control features and virtual private network (VPN) awareness of the Cisco ASR 1000 Series Routers.

In general, session border controllers are used as key components in interconnecting Voice over IP (VoIP) and multimedia networks of different enterprise customers and service providers. SBCs are deployed at the edge of networks to meet the need for secure, intelligent border element functions. Using SBCs, the end user can make voice and video calls to another end user without being concerned about protocols, network reachability, or safety of the network.

The SBC enables direct IP-to-IP interconnect between multiple administrative domains for session-based services providing protocol interworking, security, and admission control and management. The SBC is a session-aware device that controls access to VoIP and other types of primarily media-related networks. A primary purpose of an SBC is to protect the interior of the network from excessive call load and malicious traffic.

The SBC functions break down into two logically distinct areas:

The signaling border element (SBE) function. SBEs may support functions that include interworking between various signaling protocols such as H.323 and Session Initiation Protocol (SIP), call admission control, advanced routing policy management, network attack detection, or call billing using RADIUS or DIAMETER. As part of the call admission control function, an SBE informs the data border element (DBE) of the various quality of service (QoS) and Network Address and Port Translation (NAPT) requirements for the call. An SBE typically controls one or more media gateways.

An SBE may be known as a media gateway controller (MGC).

The data border element (DBE) controls access of media packets to the network, provides differentiated services and quality of service (QoS) for different media streams, and prevents service theft. The DBE consists of a set of data path functions and responds to the requests made by the SBE to open pinholes, taking into account the specified Network Address Translation (NAT)/firewall traversal and QoS requirements.

The distributed model of the Cisco Unified Border Element (SP Edition) implements the DBE function on the Cisco ASR 1000 Series Aggregation Services Routers. A table of DBE-supported features is listed in Table 1-1.

Figure 1-1 shows an example of SBC high-level architecture; your SBC architecture may differ.

Figure 1-1 Example of SBC High-Level Architecture

Distributed and Unified Models

The SBC can operate in two modes or models—unified and distributed.

In the unified model, both the SBE and DBE logical entities co-exist on the same network element.

In the distributed model, the SBE and the DBE entities reside on different network elements. Logically, each of the SBE entities could control multiple DBE elements. The DBE is controlled by one SBE at any one time.

Figure 1-2 illustrates the Unified SBC model.

Figure 1-2 Unified SBC Model

Cisco Unified Border Element (SP Edition) can run under the distributed model and provide the DBE functionality.

The distributed model offers advantages over the unified model:

Scalable to a larger number of sessions.

Operational advantages, because the SBE can be upgraded or serviced separately from the DBE.

The distributed model aligns well with typical voice deployments where the SBE can be co-located with part of the call agent.

The many-to-many interface offers capability to load share and balance across networks. Operators have the flexibility to optimize on loading of the SBE or DBE.

Figure 1-3 illustrates the Distributed SBC model.

Figure 1-3 Distributed SBC Model

Supported Features on the Cisco Unified Border Element (SP Edition) Distributed Model

The supported features roadmap lists the features documented in this guide and provides links to where they are documented. Any related configuration commands for a feature are listed and documented in Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model at:

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html


Note Table 1-1 lists only the Cisco IOS XE software releases that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.


Table 1-1 lists features and associated commands that are supported on the Cisco Unified Border Element (SP Edition) DBE deployment on the Cisco ASR 1000 Series Routers.

Table 1-1 Supported Features on Cisco Unified Border Element (SP Edition) Distributed Model 

Release
Feature Name
Related SBC Commands
Chapter Where Documented

Cisco IOS XE Release 2.1

Billing and Call Detail Records

None.

Chapter 12 "Quality Monitoring and Statistics Gathering"

Cisco IOS XE Release 2.1

DBE Signaling Pinhole Support

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

DBE Status Notification

None.

Chapter 12 "Quality Monitoring and Statistics Gathering"

Cisco IOS XE Release 2.1

DSCP Marking and IP Precedence Marking

None.

Chapter 5 "Quality of Service and Bandwidth Management"

Cisco IOS XE Release 2.1

DTMF Interworking on the Cisco Unified Border Element (SP Edition) Distributed Model

dtmf-duration

Chapter 3 "DTMF Interworking on the Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.1

Enabling the Optional H.248 Packages

package

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.1

Enhanced Event Notification and Auditing

h248-association-timeout

h248-event-storage

h248-preserve-gates

Chapter 12 "Quality Monitoring and Statistics Gathering"

Cisco IOS XE Release 2.1

Extension to H.248 Audit Support

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

Extension to H.248 Termination Wildcarding Support

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

Firewall (Media Pinhole Control)

None.

Chapter 9 "Security in Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.1

Flexible Address Prefix Provisioning

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

H.248 Address Reporting Package

None.

Chapter 9 "Security in Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.1

H.248 Gate Information (Ginfo) Package Becomes Optional

None.

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.1

H.248 Network Package Quality Alert Event and Middlebox Pinhole Timer Expired Event

h248-media-alert-event

Chapter 12 "Quality Monitoring and Statistics Gathering"

Cisco IOS XE Release 2.1

H.248 Segmentation Package Support

package segment max-pdu-size

package segment seg-timer-value

show sbc dbe controllers

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.1

H.248 Session Failure Reaction Package

None.

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.1

H.248 Termination State Control Package

show sbc dbe media-flow-stats

show sbc dbe signaling-flow-stats

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.1

H.248 Traffic Management Package Support

None.

Chapter 5 "Quality of Service and Bandwidth Management"

Cisco IOS XE Release 2.1

Syntax-Level Support for H.248 VLAN Package

show sbc dbe media-flow-stats

show sbc dbe signaling-flow-stats

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.1

H.248.1v3 Support

h248-version

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.1

Cisco Unified Border Element (SP Edition) High Availability

None.

Chapter 11 "High-Availability Support,"

Cisco IOS XE Release 2.1

Interim Authentication Header Support

transport (see interim-auth-header keyword)

Superseded by Interim Authentication Header Full Support

Cisco IOS XE Release 2.1

IP NAPT Traversal Package and Latch and Relatch Support

h248-napt-package

Chapter 9 "Security in Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.1

IPv4 Support for Twice NAPT

None.

Chapter 13 "Topology Hiding"

Cisco IOS XE Release 2.1

IPv6 Inter Subscriber Blocking

None.

Chapter 13 "Topology Hiding"

Cisco IOS XE Release 2.1

IPv6 Support

ipv6 address (session border controller)

media-address ipv6

media-address pool ipv6

port-range (ipv6)

debug sbc filter (see ipv6 keyword)

show sbc dbe media-flow-stats (see ipv6 keyword)

show sbc dbe signaling-flow-stats (see ipv6 keyword)

Chapter 13 "Topology Hiding"

Cisco IOS XE Release 2.1

Local Source Properties (Address and Port)

None.

Chapter 9 "Security in Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.1

Locally Hairpinned Sessions

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

Logging Level feature in Configuring the H.248 Logging Level

logging level

logging filter control protocol

Chapter 2 "Configuring the Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.1

Media Address Pools

media-address pool ipv4

media-address pool ipv6

port-range

Chapter 4 "Media Address Pools"

Cisco IOS XE Release 2.1

MGC-Controlled Gateway-Wide Properties

None.

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.1

MGC-Specified Local Addresses or Ports

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

MultiStream Terminations

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

NAPT and NAT Traversal

None.

Chapter 9 "Security in Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.1

Nine-Tier Termination Name Hierarchy

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

Optional Local and Remote Descriptors

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

Provisioned Inactivity Timer

h248-inactivity-duration

Chapter 12 "Quality Monitoring and Statistics Gathering"

Cisco IOS XE Release 2.1

QoS Bandwidth Allocation

None.

Chapter 5 "Quality of Service and Bandwidth Management"

Cisco IOS XE Release 2.1

Remote Source Address Mask Filtering

media-address ipv4

media-address pool ipv4

Chapter 9 "Security in Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.1

RTCP Policing

None.

Chapter 5 "Quality of Service and Bandwidth Management"

Cisco IOS XE Release 2.1

RTP-Specific Behavior Support

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

ServiceChange Notification for Interface Status Change

sbc interface-id

termination-id rootidname

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

T-MAX Timer

tmax-timer

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

tsc-Delay Timer

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.1

transaction-pending functionality

transaction-pending

Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model (http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html)

Cisco IOS XE Release 2.1

Two-Rate Three-Color Policing and Marking

control-dscp marker-dscp pdr-coefficient

show sbc dbe forwarder-stats

Chapter 5 "Quality of Service and Bandwidth Management"

Cisco IOS XE Release 2.2

Full Support for Wildcard Response

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.2

H.248 Protocol—Acknowledgment Support for Three-Way Handshake

None.

Chapter 7 "H.248 Packages—Signaling and Control"

Cisco IOS XE Release 2.2

H.248 ServiceChange Handoff

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.2

Full Support for Interim Authentication Header

transport

inbound

outbound

Chapter 9 "Security in Cisco Unified Border Element (SP Edition) Distributed Model"

Cisco IOS XE Release 2.2

Improved Media Timeout Detection

media-timeout

Chapter 12 "Quality Monitoring and Statistics Gathering,"

Cisco IOS XE Release 2.2

IPsec Pinhole Support—Twice NAT for IPv4 and No NAT for IPv6

media-address ipv4

media-address pool ipv4

media-address ipv6

media-address pool ipv6

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.3

In-Service Provisioning of H.248 Controllers

None.

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 2.3

RTCP maximum burst size policing parameter feature in RTCP Policing

None.

Chapter 5 "Quality of Service and Bandwidth Management"

Cisco IOS XE Release 2.6

Optional Tman Bandwidth Parameter Policing

bandwidth-police tman

Quality of Service and Bandwidth Management

Cisco IOS XE Release 2.6

Return Local and Remote Descriptors in H.248 Reply

local-remote-desc always

H.248 Services—Signaling and Control

Cisco IOS XE Release 2.6

SBC End-Point Switching

None.

H.248 Services—Signaling and Control

Cisco IOS XE Release 2.6.2

H.248 Timers

tmax baseroot

Chapter 6 "H.248 Services—Signaling and Control"

Cisco IOS XE Release 3.1S

ETSI Ia Profile on SBC

h248-profile

bandwidth-fields mandatory

Chapter 8 "ETSI Ia Profile on SBC"


Deployment of the Cisco Unified Border Element (SP Edition) Distributed Model

Deployment of the DBE function on the Cisco ASR 1000 Series Routers integrates a subset of the Cisco Unified Border Element (SP Edition) feature set with Cisco IOS XE software. A likely deployment scenario is that typical routing and broadband features are configured on the Cisco ASR 1000 Series Routers serving as the DBE operating with an external SBE. The Cisco Unified Border Element (SP Edition) functionality on the Cisco ASR 1000 Series Routers comprises both DBE and SBE functions, with DBE being the first to be deployed.

DBE deployment of the Cisco Unified Border Element (SP Edition) feature set is an optional feature supported on the Cisco ASR 1000 Series Routers. DBE deployment on the Cisco ASR 1000 Series Routers does not include SBE support and no SBE-related CLIs are implemented.

In the deployed distributed model, the SBE and the DBE entities reside on different network elements and the DBE is controlled by one SBE at any one time. The SBE interacts with the DBE using the H.248 Megaco (media gateway controller) protocol. The SBE controls the DBE via the H.248 interface. In this model, the bearer (or media flow) always flows through the DBE, and the SBE participates only in the signaling flow.

The DBE is responsible for the media flows and consists of a set of data path functions. The DBE responds to the requests made by the SBE to open pinholes, taking into account the specified NAT/firewall traversal and QoS requirements.

For the DBE, a new interface type is defined for the SBC virtual interface. You configure a virtual interface as part of the SBC configuration and the virtual interface has media IPs as primary or secondary IP addresses. The SBC virtual interface does not support any existing Cisco IOS features.

The Cisco IOS XE image containing Cisco Unified Border Element (SP Edition) software leverages existing Cisco IOS install and packaging facilities for software release, delivery, and installation.

Cisco IOS commands have been introduced to configure the DBE. For information on commands, see Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model at:

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html

Cisco Unified Border Element (SP Edition) DBE Deployment Scenario

One potential deployment scenario for the distributed model of Cisco Unified Border Element (SP Edition) is in a network architecture where the service provider (SP) provides voice, data, and video services to their residential broadband customers over a single link.

This scenario requires the SP to provide capabilities such as opening pinholes for the duration of a conversation, and doing this without exposing the devices behind the firewall to malicious threats. In addition, given that voice is extremely sensitive to issues such as delay, latency, and packet loss, ensuring adequate performance is a challenge. QoS mechanisms can be implemented to ensure proper priority is assigned to voice packets.

In this deployment scenario, multiple applications share a common link. Thus a mechanism that will limit bandwidth available to individual applications to ensure appropriate end-to-end quality is needed. For voice, this would involve correctly marking the packet to ensure appropriate priority, as well as controlling the number of simultaneous calls at the network entry point. Because the SP cannot dictate what IP phones their customers use, protocol conversion functionality is needed—especially H.323-to-SIP conversion.

Service providers require measurement of traffic for reporting and billing purposes in this potential scenario. Some carriers may also want to offer service level agreement (SLA) for voice, for which they want to be able to provide their customers with the proof that these SLAs are being met.

Figure 1-4 illustrates a deployment where Integrated SBC is used for VoIP interworking.

Figure 1-4 Integrated SBC Used for VoIP Interworking