Configuring Cisco Session Border Controllers
This section describes the Cisco TelePresence Exchange System configuration requirements for the session border controller (SBC) functionality.
This section includes the following topics:
•Creating a Session Border Controller Interface
•Creating a Management Interface
•Creating the SBC Instance
•Configuring the Signaling Border Element
•Defining a Media Address
The procedures in this section assume that a Cisco Aggregation Series Router (Cisco ASR) serves as an SBC, and that the router is installed and active in the network. See the Release Notes for the Cisco TelePresence Exchange System document for information about the Cisco routers that support SBC functionality. The document is available at http://www.cisco.com/go/ctx-relnotes.
For more information about configuring the SBC on the Cisco ASR, see the Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model document at http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html.
For more details on the commands shown in the configuration commands below, see the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model document at http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html.
Note Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be referenced in this document as the session border controller (SBC).
Creating a Session Border Controller Interface
You must create an SBC interface for each SBC module in the Cisco ASR and assign at least one primary IP address to the interface.
Procedure
To configure the SBC interface, do the following procedure:
|
|
|
Step 1 |
Router# configure terminal
|
Enters global configuration mode. |
Step 2 |
Router(config)# interface sbc
interface-number
|
Creates a virtual SBC interface on the Cisco ASR. |
Step 3 |
Router(config-if)# ip address
{IPv4 ip address} {IPv4 subnet
address}
|
Assigns a primary IP address and subnet mask to the SBC interface. |
Step 4 |
Router(config-if)# ip address
{IPv4 ip address} {IPv4 subnet
address} secondary
|
(Optional) Assigns a secondary IP address and subnet mask to the SBC interface. |
The following example shows how to create an SBC interface and assign primary and secondary IP addresses and subnet masks:
Router(config)# interface sbc 1
Router(config-if)# ip address 10.22.141.100 255.255.255.248
Router(config-if)# ip address 10.22.141.101 255.255.255.248 secondary
Router(config-if)# ip address 10.22.141.102 255.255.255.248 secondary
Creating a Management Interface
You must define at least one management interface on the Cisco ASR for Telnet and SSH remote access.
Procedure
To define a management interface, do the following procedure:
|
|
|
Step 1 |
Router(config)# GigabitEthernet
module / slot / port
|
Enters interface configuration mode for the specified interface. |
Step 2 |
Router(config-if)# ip address
{IPv4 ip address} {IPv4 subnet
address}
|
Assigns an IP address and subnet mask to the management interface. |
Step 3 |
Router(config-if)# negotiation
auto
|
Enables negotiation of the speed, duplex mode, and flow control on the Gigabit Ethernet interface. |
The following example shows how to configure a management interface:
Router(config)# interface GigabitEthernet 0/0/0
Router(config-if)# ip address 10.22.139.84 255.255.255.224
Router(config-if)# negotiation auto
Creating the SBC Instance
To configure the signaling border element (SBE) and data border element (DBE) on the SBC, you first create an SBC instance.
Procedure
To create the SBC instance, do the following procedure:
|
|
|
Step 1 |
Router(config)# sbc
service-name
|
Creates the SBC instance and enters SBC configuration mode. |
Step 2 |
|
Enters SBE configuration mode. |
Step 3 |
Router(config-sbc-sbe)#
secure-media
|
Enables media pass through, which configures the SBC to treat every media flow as an encrypted media flow. This action enables DTLS and SRTP media packets to pass through the SBC. |
The following example shows how to create the SBC instance and enable secure media pass through:
Router(config)# sbc mmsbc
Router(config-sbc-sbe)# secure-media
Configuring the Signaling Border Element
You configure the signaling border element (SBE) to enable SIP signaling functionality such as header and method profiles, header editors, adjacencies, call admission control policies, route tables and blacklists.
SBE configuration is described in the following sections:
•Configuring Default Profiles
•Configuring Editors
•Creating Adjacencies
•Configuring CAC Policy
•Configuring Call Policies
•Configuring SIP Timers
•Defining Blacklists
Configuring Default Profiles
Procedure
To configure the default profiles on the SBE, do the following procedure:
|
|
|
Step 1 |
Router(config)# sbc
service-name
|
Enters SBC configuration mode for the specified SBC instance. |
Step 2 |
|
Enters SBE configuration mode. |
Step 3 |
Router(config-sbc-sbe)#
sip-header profile profile-name
|
Configures a header profile for the SBE. Enter default as the profile-name to configure the default header profile. The default profile is used for all adjacencies that do not have a specific profile configured. |
Step 4 |
Router(config-sbc-sbe-mep-hdr)#
blacklist
|
Configures this editor to be a blacklist. Note By default, editors are whitelists. |
Step 5 |
Router(config-sbc-sbe-sip-hdr)#
header header-name
|
Adds the specified header to the profile. |
Step 6 |
Router(config-sbc-sbe-sip-hdr-e
le)# action pass
{add-first-header | add-header
| as-profile | drop-msg | pass
| replace-name | replace-value
| strip}
|
Configures the action to take on the header. For the Cisco TelePresence Exchange System configuration, always set the action pass, which allows the message to proceed. You also need to set the action to replace-value, which replaces the header content (value). |
Step 7 |
Router(config-sbc-sbe-sip-hdr-e
le)# exit
Router(config-sbc-sbe-sip-hdr)#
exit
|
Exits the header profile configuration mode. |
Step 8 |
Router(config-sbc-sbe)# sip
method-profile default
|
Configure a method profile for the SBE. Enter default as the profile-name to configure the default method profile. The default profile is used for all adjacencies that do not have a specific profile configured. |
Step 9 |
Router(config-sbc-sbe-sip-mth)#
pass-body
|
Permits SIP message bodies to pass through. |
Step 10 |
Router(config-sbc-sbe-sip-mth)#
method method-name
|
Adds a method with a specified name to a SIP message profile. |
Step 11 |
Router(config-sbc-sbe-sip-mth)#
action pass
|
Configures the action to take for the message. For the Cisco TelePresence Exchange System configuration, always set the action to pass, which allows the message to proceed. |
Step 12 |
Router(config-sbc-sbe-sip-mth)#
exit
|
Exits the method profile configuration mode. |
Step 13 |
Router(config-sbc-sbe)# sip
option-profile default
|
Configures the default SIP option profile for either a SIP option white list or black list profile on the SBE. |
Step 14 |
Router(config-sbc-sbe-sip-opt)#
option opt-name
|
Adds an option to the profile. |
Step 15 |
Router(config-sbc-sbe-sip-opt)#
exit
|
Exits the option profile configuration mode. |
The following example shows how to define default header and method profiles:
Router(config)# sbc mmsbc
Router(config-sbc-sbe)# sip-header profile default
Router(config-sbc-sbe-mep-hdr)# blacklist
Router(config-sbc-sbe-sip-hdr-prf)# header Allow entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header Min-SE entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header Reason entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header SERVER entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header DIVERSION entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header Allow-Events entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header session-expires entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action replace-value value 1800
Router(config-sbc-sbe-sip-hdr-prf)# header RESOURCE-PRIORITY entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe)# sip method-profile default
Router(config-sbc-sbe-sip-mth)# pass-body
Router(config-sbc-sbe-sip-mth)# method INFO
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method REFER
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method NOTIFY
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method OPTION
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method UPDATE
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method SUBSCRIBE
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe)# sip-option profile default
Router(config-sbc-sbe-sip-opt)# option TIMER
Router(config-sbc-sbe-sip-opt)# option Require
Router(config-sbc-sbe-sip-opt)# option REPLACES
Router(config-sbc-sbe-sip-opt)# option Proxy-Require
Router(config-sbc-sbe-sip-opt)# exit
Configuring Editors
This section shows how to configure inbound and outbound SIP header editors for the SBC.
You must make sure that the SBC is not removing the contact header parameters that are required for the TC5 endpoints to connect to Cisco TelePresence Multipoint Switch (CTMS) meetings by using an interactive voice response (IVR) resource.
Procedure
To configure inbound and outbound SIP header editors, do the following procedure:
|
|
|
Step 1 |
Router(config-sbc-sbe)# sip
header-editor editor-name
|
Configures a header editor. You must specify the name of the header editor. For the Cisco TelePresence Exchange System configuration, specify an editor for both inbound and outbound. |
Step 2 |
Router(config-sbc-sbe-mep-hdr)
# blacklist
|
Configures this editor to be a blacklist. Note By default, editors are whitelists. |
Step 3 |
Router(config-sbc-sbe-mep-hdr)
# store-rule [entry
entry-number]
|
Creates a store-rule context to extract variables from the headers. Specify the filtered entry number. By default, the value is 1. |
Step 4 |
Router(config-sbc-sbe-mep-hdr-
ele-act)# condition
[comparison-type |
boolean-operator | operator |
comparison-value]
|
Specifies one or more conditions for the action to be effective. Specify the comparison-type as the header-name name header-value that is used as the content of a different header. Specify the operator as [not] regex-match that is used for regular expression matching (BRE). Specify the store-as that is used to store rules only. |
Step 5 |
Router(config-sbc-sbe-mep-hdr-
ele-act)# exit
|
Exits the SIP header editor header action configuration mode. |
Step 6 |
Router(config-sbc-sbe-mep-hdr)
# header header-name [entry
entry-number]
|
Adds a header to a SIP message editor. Specify the name of the header to be added to the header editor. Valid names are 1 to 32 characters in length (inclusive) and case-sensitive. Specify the filtered entry number. The range is from 1 to 99. |
Step 7 |
Router(config-sbc-sbe-mep-hdr-
ele)# action
{add-first-header| add-header
| replace-name |
replace-value} {value word}
|
Configures an action to be taken on a header editor. You must add the first occurrence of a header (no action occurs if a header already exists). Then, specify the string that is used in conjunction with the action. The string is up to 256 characters. For the Cisco TelePresence Exchange System configuration, always set the action to add-first-header for the inbound editor and replace-value for both inbound and outbound editors. |
Step 8 |
Router(config-sbc-sbe-sip-hdr-
ele-act)# condition
[comparison-type |
boolean-operator | operator |
comparison-value]
|
Specifies one or more conditions for the action to be effective. Specify the comparison-type as the variable that is used to match on variable content. Specify the boolean-operator as is-defined that is used to test if a variable is defined. Specify the operator as [not] eq that is defined as equals or not equal. Then, specify a character string or numeric value to compare. |
Step 9 |
Router(config-sbc-sbe-mep-hdr-
ele-act)# exit
Router(config-sbc-sbe-mep-hdr)
#
|
Exits the SIP header editor header action configuration mode and returns back to SIP header editor configuration mode. |
Step 10 |
Router(config-sbc-sbe-mep-hdr-
ele)# action {as-editor |
drop-msg | pass | strip}
|
Configures an action to be taken on a header editor. For the Cisco TelePresence Exchange System configuration, always set the action to strip to delete the caller display name to avoid reporting issues from the TPS for both inbound and outbound editors. |
The following example shows how to define inbound SIP header editors:
Router(config)# sbc mmsbc
Router(config-sbc-sbe)# sip header-editor in1
Router(config-sbc-sbe-mep-hdr)# blacklist
Router(config-sbc-sbe-mep-hdr)# store-rule entry1
Router(config-sbc-sbe-mep-hdr-ele-act)# condition header-name contact header-value
regex-match ";\(.*\)" store-as param
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# store-rule entry2
Router(config-sbc-sbe-mep-hdr-ele-act)# condition header-name session-expires header-value
regex-match ";\(.*\)" store-as refreshparam
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# header ctc-hdr-param entry 1
Router(config-sbc-sbe-mep-hdr-ele)# action add-first-header value "${param}"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable param is-defined eq true
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# header remote-party-id entry 1
Router(config-sbc-sbe-mep-hdr-ele)# action strip
Router(config-sbc-sbe-mep-hdr)# header session-expires entry 1
Router(config-sbc-sbe-mep-hdr-ele)# action replace-value value 1800
Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable refreshparam is-defined eq
false
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# header session-expires entry 2
Router(config-sbc-sbe-mep-hdr-ele)# action replace-value value "1800;${refreshparam}"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable refreshparam is-defined eq true
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# header p-asserted-identity entry 1
Router(config-sbc-sbe-mep-hdr-ele)# action strip
Router(config-sbc-sbe-mep-hdr-ele)# exit
Router(config-sbc-sbe-mep-hdr)# header p-preferred-identity entry 1
Router(config-sbc-sbe-mep-hdr-ele)# action strip
The following example shows how to define outbound SIP header editors:
Router(config)# sbc mmsbc
Router(config-sbc-sbe)# sip header-editor out1
Router(config-sbc-sbe-mep-hdr)# blacklist
Router(config-sbc-sbe-mep-hdr)# store-rule entry1
Router(config-sbc-sbe-mep-hdr-ele-act)# condition header-name ctc-hdr-param header-value
store-as param
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# store-rule entry2
Router(config-sbc-sbe-mep-hdr-ele-act)# condition header-name contact header-value
regex-match "<\(.*\)>" store-as ctc
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# header contact entry1
Router(config-sbc-sbe-mep-hdr-ele)# action replace-value value "<${ctc}>;${param}"
Router(config-sbc-sbe-mep-hdr-ele-act)# condition variable ctc is-defined eq true
Router(config-sbc-sbe-mep-hdr-ele-act)# condition and variable param is-defined eq true
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# header contact entry2
Router(config-sbc-sbe-mep-hdr-ele)# action replace-value value "<${ctc}>"
Router(config-sbc-sbe-sip-hdr-ele-act)# condition variable ctc is-defined eq true
Router(config-sbc-sbe-sip-hdr-ele-act)# condition and variable param is-defined eq false
Router(config-sbc-sbe-mep-hdr-ele-act)# exit
Router(config-sbc-sbe-mep-hdr)# header ctc-hdr-param entry1
Router(config-sbc-sbe-mep-hdr-ele)# action strip
Creating Adjacencies
An adjacency represents a signaling relationship with a remote call agent. The adjacency defines protocol-specific parameters as well as admission control and routing policy. Each incoming call is matched to an adjacency, and each outgoing call is routed out over an adjacency.
You need to create adjacencies between the SBE and the following network elements:
•Cisco Application Control Engine
•Hosted Cisco Unified Communications Manager
•Both Cisco TelePresence Exchange System call engines
Also, you need to create an adjacency for each remote service provider to which we provide interconnect service.
Procedure
To create an adjacency, do the following procedure:
|
|
|
Step 1 |
Router(config-sbc-sbe)# adjacency
(sip | h323} adjacency-name
|
Enters configuration mode for the specified SIP or H.323 adjacency. For the Cisco TelePresence Exchange System configuration, enter sip as the type of adjacency. |
Step 2 |
Router(config-sbc-sbe-adj-sip)# nat
force-off
|
Configures network address translation (NAT) for the adjacency. Note The nat force-off option is the only supported option in this configuration. The nat force-off option sets the SIP adjacency to assume that all endpoints are not behind a NAT device. |
Step 3 |
Router(config-sbc-sbe-adj-sip)#
editor-type {editor | profile}
|
Specifies the editor type for the SIP adjacency to apply. For the Cisco TelePresence Exchange System configuration, always enter editor as the default for using the method, header, option, parameter, or body editor. |
Step 4 |
Router(config-sbc-sbe-adj-sip)#
header-editor {inbound}
{editor-name}
|
Sets a specified header editor for inbound signaling on the SBE SIP adjacency. You must specify the name of the header editor to be set for inbound signaling on the adjacency. |
Step 5 |
Router(config-sbc-sbe-adj-sip)#
header-editor {outbound}
{editor-name}
|
Sets a specified header editor for outbound signaling on the SBE SIP adjacency. You must specify the name of the header editor to be set for outbound signaling on the adjacency. |
Step 6 |
Router(config-sbc-sbe-adj-sip)#
hunting-trigger error-codes
|
Configures SIP to retry routing to the adjacency if it receives one of the specified error codes. |
Step 7 |
Router(config-sbc-sbe-adj-sip)#
preferred-transport {tcp|udp}
|
Sets the preferred transport protocol for SIP signaling on the adjacency. |
Step 8 |
Router(config-sbc-sbe-adj-sip)#
signaling-address{ipv4_IP_address|i
pv6_IP_address}
|
Configures the local IP signaling address of the SIP adjacency. |
Step 9 |
Router(config-sbc-sbe-adj-sip)#
statistics method summary
|
Enables SIP method statistics on the adjacency. |
Step 10 |
Router(config-sbc-sbe-adj-sip)#
signaling-port port-num [max-
port-num]
|
Configures the local port number for the signaling address of the SIP adjacency. Specify a maximum port number to configure a range of port values. The default port number is 5060. |
Step 11 |
Router(config-sbc-sbe-adj-sip)#
remote-address ipv4 remote-address
|
Restricts the set of remote signaling peers that can be contacted over the adjacency to those with the given IP address prefix. Note For Cisco TelePresence Exchange System configuration, enter the virtual IP (VIP) address of the Cisco ACE as the remote address. |
Step 12 |
Router(config-sbc-sbe-adj-sip)#
signaling-peer peer-name
|
Configures the SIP adjacency to use the specified remote signaling-peer. Specify the IPv4 address of the signaling peer in dotted-decimal format. Note For Cisco TelePresence Exchange System configuration, enter the VIP address of the Cisco ACE as the signaling peer. |
Step 13 |
Router(config-sbc-sbe-adj-sip)#
attach
|
Attaches the adjacency to the SBC instance. The adjacency is now available for SIP call processing. |
The following example shows how to create an adjacency between the SBE and the Cisco ACE:
Router(config)# sbc mmsbc
Router(config-sbc-sbe)# adjacency sip SBC-ACE
Router(config-sbc-sbe-adj-sip)# nat force-off
Router(config-sbc-sbe-adj-sip)# editor-type editor
Router(config-sbc-sbe-adj-sip)# header-editor inbound in1
Router(config-sbc-sbe-adj-sip)# hunting-trigger 408 500 503
Router(config-sbc-sbe-adj-sip)# preferred-transport tcp
Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.22.141.100
Router(config-sbc-sbe-adj-sip)# statistics method summary
Router(config-sbc-sbe-adj-sip)# signaling-port port-num 5060
Router(config-sbc-sbe-adj-sip)# remote-address ipv4 10.22.141.98 255.255.255.255
Router(config-sbc-sbe-adj-sip)# signaling-peer 10.22.141.98
Router(config-sbc-sbe-adj-sip))# attach
The following example shows how to create an adjacency between the SBC and the Unified CM and how to define a call admission control policy for the SBE:
Router(config)# sbc mmsbc
Router(config-sbc-sbe)# adjacency sip UNCM-SBC
Router(config-sbc-sbe-adj-sip)# nat force-off
Router(config-sbc-sbe-adj-sip)# editor-type editor
Router(config-sbc-sbe-adj-sip)# header-editor inbound in1
Router(config-sbc-sbe-adj-sip)# header-editor outbound out1
Router(config-sbc-sbe-adj-sip)# hunting-trigger 408 500 503
Router(config-sbc-sbe-adj-sip)# preferred-transport tcp
Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.22.141.100
Router(config-sbc-sbe-adj-sip)# statistics method summary
Router(config-sbc-sbe-adj-sip)# signaling-port port-num 5060
Router(config-sbc-sbe-adj-sip)# remote-address ipv4 10.22.139.70 255.255.255.255
Router(config-sbc-sbe-adj-sip)# signaling-peer 10.22.139.70
Router(config-sbc-sbe-adj-sip)# attach
The following example shows how to create an adjacency between the SBC and the first Cisco TelePresence Exchange System call engine:
Router(config)# sbc mmsbc
Router(config-sbc-sbe)# adjacency sip sol1-ctc2-eng1
Router(config-sbc-sbe-adj-sip)# nat force-off
Router(config-sbc-sbe-adj-sip)# editor-type editor
Router(config-sbc-sbe-adj-sip)# header-editor inbound in1
Router(config-sbc-sbe-adj-sip)# hunting-trigger 408 500 503
Router(config-sbc-sbe-adj-sip)# preferred-transport tcp
Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.22.160.104
Router(config-sbc-sbe-adj-sip)# statistics method summary
Router(config-sbc-sbe-adj-sip)# signaling-port 5060
Router(config-sbc-sbe-adj-sip)# remote-address ipv4 10.22.160.70 255.255.255.255
Router(config-sbc-sbe-adj-sip)# signaling-peer 10.22.160.70
Router(config-sbc-sbe-adj-sip)# attach
The following example shows how to create an adjacency between the SBC and the second Cisco TelePresence Exchange System call engine:
Router(config)# sbc mmsbc
Router(config-sbc-sbe)# adjacency sip sol1-ctc2-eng2
Router(config-sbc-sbe-adj-sip)# nat force-off
Router(config-sbc-sbe-adj-sip)# editor-type editor
Router(config-sbc-sbe-adj-sip)# header-editor inbound in1
Router(config-sbc-sbe-adj-sip)# hunting-trigger 408 500 503
Router(config-sbc-sbe-adj-sip)# preferred-transport tcp
Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.22.160.104
Router(config-sbc-sbe-adj-sip)# statistics method summary
Router(config-sbc-sbe-adj-sip)# signaling-port 5060
Router(config-sbc-sbe-adj-sip)# remote-address ipv4 10.22.160.71 255.255.255.255
Router(config-sbc-sbe-adj-sip)# signaling-peer 10.22.160.71
Router(config-sbc-sbe-adj-sip)# attach
Configuring CAC Policy
You need to define call admission control (CAC) policy to instruct the SBC to ignore the media bandwidth fields in the session description protocol (SDP) messages.
Procedure
To define a CAC policy, do the following procedure:
|
|
|
Step 1 |
Router(config-sbc-sbe)#
cac-policy-set policy-set-id
|
Creates a new CAC policy set for the SBE. The new CAC policy set is empty until you define additional parameters for the policy. |
Step 2 |
Router(config-sbc-sbe-cacpolicy)#
first-cac-table table-name
|
Defines the first policy table to process when performing the admission control stage of policy. |
Step 3 |
Router(config-sbc-sbe-cacpolicy)#
cac-table table-name
|
Creates an admission control table for the CAC policy set created in Step 1. |
Step 4 |
Router(config-sbc-sbe-cacpolicy
-cactable)# table-type policy set
|
Configures the CAC table type. Policy set specifies that the event is applied to all entries in the table. |
Step 5 |
Router(config-sbc-sbe-cacpolicy
-cactable)# entry entry-id
|
Creates an entry in the CAC table. |
Step 6 |
Router(config-sbc-sbe-cacpolicy
-cactable-entry)# media
bandwidth-fields ignore
|
Sets the media flag to ignore the media bandwidth fields (b-line) in the session description protocol (SDP) messages. The SBC will use the CODEC value in the SDP message to calculate the baseline bandwidth required for the media stream. |
Step 7 |
Router(config-sbc-sbe-cacpolicy
-cactable-entry)# action
cac-complete
|
Configures the action to perform after this entry in the CAC table. The cac-complete keyword specifies that no further action is required for this CAC policy. |
Step 8 |
Router(config-sbc-sbe-cacpolicy
-cactable-entry)# exit
|
Exits the CAC table entry configuration mode. |
Step 9 |
Router(config-sbc-sbe-cacpolicy)#
complete
|
Marks the end of a CAC policy set definition. |
Step 10 |
Router(config-sbc-sbe-cacpolicy)#
exit
|
Exits the CAC policy configuration mode. |
Step 11 |
Router(config-sbc-sbe)#
active-cac-policy-set policy-set-id
|
Sets the active CAC policy set within the SBE. |
The following example shows how to define a call admission control policy for the SBE:
Router(config-sbc-sbe)# cac-policy-set 1
Router(config-sbc-sbe-cacpolicy)# first-cac-table BW
Router(config-sbc-sbe-cacpolicy)# cac-table BW
Router(config-sbc-sbe-cacpolicy-cactable)# table-type policy set
Router(config-sbc-sbe-cacpolicy-cactable)# entry 1
Router(config-sbc-sbe-cacpolicy-cactable-entry)# media bandwidth-fields ignore
Router(config-sbc-sbe-cacpolicy-cactable-entry)# action cac-complete
Router(config-sbc-sbe-cacpolicy-cactable-entry)# exit
Router(config-sbc-sbe-cacpolicy)# complete
Router(config-sbc-sbe-cacpolicy)# exit
Router(config-sbc-sbe)# active-cac-policy-set 1
Configuring Call Policies
Create a call policy set to contain the incoming and outgoing route tables. The route tables provide a mapping of each incoming and outgoing call to its corresponding adjacency.
Entries in the SBC route table must match the corresponding entries in the Cisco TelePresence Exchange System routing tables. The carrier ID that you insert on an incoming route (or use as the match parameter on an outgoing route) needs to match the SBC Tag field in the Cisco TelePresence Exchange System. See the "Configuring Routes" section for information about configuring routes on the Cisco TelePresence Exchange System.
Procedure
To create a call policy set and configure the route tables, do the following procedure:
|
|
|
Step 1 |
Router(config-sbc-sbe)#
call-policy-set policy-set-id
|
Creates a new policy set for processing calls within the SBE. |
Step 2 |
Router(config-sbc-sbe-rtgpolicy)#
first-call-routing-table
table-name
|
Configures the name of the first routing table for new-call events. |
Step 3 |
Router(config-sbc-sbe-rtgpolicy)#
rtg-src-adjacency-table table-id
|
Creates a new routing table whose entries match the source adjacency. |
Step 4 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable)# entry entry-id
|
Creates an entry in the routing table. |
Step 5 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# action
{complete | {next-table
go-to-table-name } }
|
Specifies the next routing table to process if the event matches the entry. Action complete specifies that no further action is required. |
Step 6 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# edit-cic
replace ds
|
Replaces the carrier ID in the SIP message with the specified digit string. |
Step 7 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# dst-adjacency
target-adjacency
|
Configures the destination adjacency for calls that match this table entry. |
Step 8 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# match-adjacency
key
|
Configure the source adjacency as the match value for this table entry. |
Step 9 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# exit
|
Exits the routing table entry (rtgtable-entry) mode. |
Step 10 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable)# exit
|
Exits the routing table (rtgtable) mode. |
Step 11 |
Router(config-sbc-sbe-rtgpolicy)#
rtg-carrier-id-table table-id
|
Creates a new routing table whose entries match the carrier ID field. |
Step 12 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable)# entry entry-id
|
Creates an entry in the routing table. |
Step 13 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# action
{complete | {next-table
go-to-table-name } }
|
Specifies the next routing table to process if the event matches the entry. Action complete specifies that no further action is required. |
Step 14 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# edit-cic
replace ds
|
Replaces the carrier ID in the SIP message with the specified digit string. |
Step 15 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# dst-adjacency
target-adjacency
|
Configures the destination adjacency of an entry in a routing table. |
Step 16 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# match-cic key
|
Configures the carrier ID match value of the entry. |
Step 17 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable-entry)# exit
|
Exits the routing table entry (rtgtable-entry) mode. |
Step 18 |
Router(config-sbc-sbe-rtgpolicy
-rtgtable)# exit
|
Exits the routing table (rtgtable) mode. |
Step 19 |
Router(config-sbc-sbe-rtgpolicy)#
complete
|
Marks the end of a call policy set definition. |
Step 20 |
Router(config-sbc-sbe-rtgpolicy)#
exit
|
Exits the routing policy (rtgpolicy) mode. |
Step 21 |
Router(config-sbc-sbe)#
active-call-policy-set
policy-set-id
|
Activates the call policy set. |
The following example shows how to create a call policy for the SBE and match it to an adjacency:
Router(config-sbc-sbe)# call-policy-set 1
Router(config-sbc-sbe-rtgpolicy)# first-call-routing-table INCOMING
Router(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table INCOMING
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 200
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-ACE
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency WMT-ADJ1
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 400
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-ACE
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-UNCM
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 3
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-ACE
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 4
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-Engine1
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 5
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-Engine2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit
Router(config-sbc-sbe-rtgpolicy)# rtg-carrier-id-table OUTGOING
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 0
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency WMT-ADJ1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-cic 200
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 0
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-UNCM
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-cic 200
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-rtgtable)# exit
Router(config-sbc-sbe-rtgpolicy)# complete
Router(config-sbc-sbe-rtgpolicy)# exit
Router(config-sbc-sbe)# active-call-policy-set 1
Configuring SIP Timers
Procedure
To define a SIP timer for call processing within the SBE, do the following procedure:
|
|
|
Step 1 |
Router(config-sbc-sbe)# sip timer
|
Enters the SIP timer configuration mode. |
Step 2 |
Router(config-sbc-sbe-sip-tmr)#
tcp-idle-timeout interval
|
Specifies the minimum time, in milliseconds, that the TCP connection stays active when it is not processing any traffic. After the timeout period expires, the TCP connection closes. The default value is 120,000 ms. |
Step 3 |
Router(config-sbc-sbe-sip-tmr)#
tcp-connect-timeout interval
|
Specifies the time, in milliseconds, that the SBC waits for a SIP TCP connection to a remote peer to complete before timing out. The default value is 30,000 ms. |
Step 4 |
Router(config-sbc-sbe-sip-tmr)#
exit
|
Exits the SIP timer configuration mode. |
The following example shows how to set a SIP timer for the SBE:
Router(config-sbc-sbe)# sip timer
Router(config-sbc-sbe-sip-tmr)# tcp-idle-timeout 120000
Router(config-sbc-sbe-sip-tmr)# tcp-connect-timeout 5000
Router(config-sbc-sbe-sip-tmr)# exit
Note The values shown in the previous example are the recommended values for the Cisco TelePresence Exchange System configuration.
Defining Blacklists
Procedure
To define a global blacklist for the SBE, do the following procedure:
|
|
|
Step 1 |
Router(config-sbc-sbe)#
blacklist global
|
Creates a global blacklist for configuring event limits. |
Step 2 |
Router(config-sbc-sbe-blacklist
-global)# reason event
|
Configures the event type for which SBC applies the limit. |
Step 3 |
Router(config-sbc-sbe-blacklist
-global-reason)# timeout number
{milliseconds|seconds|minutes|
hours|days}
|
Defines the length of time that packets are blocked from the source if the number of authentication requests exceed the set limit. |
Step 4 |
Router(config-sbc-sbe-blacklist
-global-reason)# exit
|
Exits reason configuration mode. |
Step 5 |
Router(config-sbc-sbe-blacklist
-global)# exit
|
Exits blacklist global mode. |
Step 6 |
Router(config-sbc-sbe)#
blacklist global
address-default
|
Configures a default event limit for all addresses within the SBE. |
Step 7 |
Router(config-sbc-sbe-blacklist
-global)# reason event
|
Defines an event type that triggers application of the blacklist. |
Step 8 |
Router(config-sbc-sbe-blacklist
-global-reason)# timeout number
{milliseconds|seconds|minutes|
hours|days}
|
Defines the length of time that packets are blocked from the source if the number of authentication requests exceeds the set limit. |
Step 9 |
Router(config-sbc-sbe-blacklist
-global)# exit
|
Exits blacklist global mode and completes configuration of default event limits for all addresses. |
The follow example shows how to set a global blacklist for the SBE:
Router(config-sbc-sbe)# blacklist global
Router(config-sbc-sbe-blacklist-global)# reason authentication-failure
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason bad-address
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason routing-failure
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason endpoint-registration
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason policy-rejection
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason corrupt-message
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global-reason)# exit
Router(config-sbc-sbe)# blacklist global address-default
Router(config-sbc-sbe-blacklist-global)# reason authentication-failure
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason bad-address
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason routing-failure
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason endpoint-registration
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason policy-rejection
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason corrupt-message
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global-reason)# exit
Router(config-sbc-sbe-blacklist-global)# exit
Defining a Media Address
Configure a local media address for traffic that arrives on the SBE for each defined SBC virtual IP address (see the "Creating a Session Border Controller Interface" section). The SBC inserts its own address into the media stream.
After you configure a local media address, the media address cannot be modified while the SBE service is active.
The media address is a pool of IP addresses on the SBE for media relay functionality.
Procedure
To define a media address, do the following procedure:
|
|
|
Step 1 |
Router(config)# sbc
service-name \
|
Enters SBC configuration mode for the specified SBC instance. |
Step 2 |
Router(config-sbc)#
media-address ipv4 IPv4 ip
address
|
Configures a local media address for traffic that arrives on the DBE. Define one media address for each of the SBC virtual IP addresses. |
Step 3 |
Router(config-sbc-media
-address)# port-range
min-port max-port any
|
Defines the valid port range for the media address. The optional any keyword specifies that the class of service affinity for the port range is any class of service. If the port-range command is not configured, the default min-port value is 16384, the default max-port value is 32767, and the default class of service affinity is any. |
Step 4 |
Router(config-sbc-media
-address)# exit
|
Exits the media address configuration mode. |
Step 5 |
|
Enters DBE configuration mode. |
Step 6 |
Router(config-sbc-dbe)# media
timeout timeout
|
Sets the maximum time in seconds that an SBE waits after receiving the last media packet on a call before cleaning up the call resources. |
Step 7 |
Router(config-sbc-dbe)#
activate
|
Activates the DBE. |
The following example shows how to define a local media address for each defined SBC virtual IP address:
Router(config-sbc)# media-address ipv4 10.22.141.102
Router(config-sbc-media-address)# port-range 16384 32766 any
Router(config-sbc-dbe)# media timeout 600
Router(config-sbc-dbe)# activate