Cisco IOS XR Session Border Controller Configuration Guide, Release 3.4 - About SBC Deployment Models [Cisco IOS XR Software]

Table Of Contents

About SBC Deployment Models

SBC Configuration Areas

SBC Configuration Prerequisites

SBC Adjacencies

SBC Billing

SBC Policies

SBC Transcoding

SBC Interworking Dual Tone Multifrequency

SBC QoS—Marking

SBC Redundancy—High Availability

SBC Firewall Traversal and Network Address Translator

SBC Multi-VRF

End-to-End SBC Configuration Example on Cisco XR 12000 Series Router

Using the Glossary

About SBC Deployment Models

The Session Border Controller (SBC) enables direct IP-to-IP interconnect between multiple administrative domains for session-based services providing protocol interworking, security, and admission control and management. The SBC is a voice over IP (VoIP) device that sits on the border of a network and controls call admission to that network.

The primary purpose of an SBC is to protect the interior of the network from excessive call load and malicious traffic. Additional functions provided by the SBC include media bridging and billing services.

The SBC is available as a service in the Cisco XR 12000 Series Router. In line with other services on the router, the SBC is implemented on a service card. For Cisco IOS XR Software Release 3.4, the SBC application runs on a Multiservice Blade (MSB). (See the "SBC Configuration Prerequisites" module for more details).

SBC service includes two functional areas:

•Signaling SBC function—Managed by the signaling border element (SBE), controls access of VoIP signaling messages to the core of the network, and manipulates the contents of these messages. It does this by acting as a Session Initiation Protocol (SIP) back-to-back user agent (B2BUA) or H.323 gateway.

•Media SBC function—Managed by the data border element (DBE), controls access of media packets to the network, provides differentiated services and quality of service (QoS) for different media streams, and prevents service theft. It does this by acting as a real-time transport protocol (RTP) proxy.

The SBC can operate in two modes or deployment models, as follows:

•Unified—In the unified model, both the SBE and DBE logical entities co-exist on the same network element. In this model, the signaling entity controls the media local to the router and to a single service card (the MSB).

•Distributed—In the distributed model, the SBE and the DBE entities reside on different network elements. Logically, each of the SBE entities control multiple DBE elements, and each DBE could be controlled by multiple SBE entities. The SBE interacts with the DBE entities using a session controller interface (SCI). The SCI interface supports the H.248 protocol.

Note For Cisco IOS XR Software Release 3.4, the SBE is not supported in the distributed model.

In this model, the bearer always flows through the DBE, and the SBE participates only in the signaling flow. This model must be used in conjunction with a third-party SBE that supports the DBE H.248 profile

The distributed model offers advantages over the unified model, as follows:

•Scalable to a larger number of sessions.

•Operational advantages, because the SBE can be upgraded or serviced separately from the DBE.

•The distributed model aligns well with typical voice deployments where the SBE can be co-located or part of the call agent.

•The many-to-many interface offers capability to load share and balance across networks. Operators have the flexibility to optimize on loading of the SBE or DBE.

However, most SBC deployments are configured following the unified model. The distributed model can only be used with a third-party SBE (and in this case, the SBC is used for the SBC media function only).

Figure 1-1 illustrates the relationships between SBEs, DBEs, and other network elements:

Figure 1-1 Relationships Between SBEs, DBEs and Other Network Elements

SBC Configuration Areas

SBC services involve numerous configurations. Each of following configuration areas include multistep procedures summarized in the following sections:

•SBC Configuration Prerequisites

•SBC Adjacencies

•SBC Billing

•SBC Policies

•SBC Transcoding

•SBC Interworking Dual Tone Multifrequency

•SBC QoS—Marking

•SBC Redundancy—High Availability

•SBC Firewall Traversal and Network Address Translator

•SBC Multi-VRF

Additional information supporting the configuration areas are included in these sections:

•End-to-End SBC Configuration Example on Cisco XR 12000 Series Router

•Using the Glossary

SBC Configuration Prerequisites

For Release 3.4, the multiservice blade (MSB) maintains the primary role as the SBC services card. The SBC application is installed on the MSB as part of its own package installation envelope (PIE) service package.

Before you configure SBC-specific configuration areas, consider the following prerequisite configuration requirements:

•Installing SBC PIE on the MSB boot service card

•Creating and assigning an SBC service to a service card

•Assigning SBC role to an MSB service card

•Defining an SBC switched virtual interface (SVI) and IP address for the interface

•Enabling routing for SVI

For more details, see the "SBC Configuration Prerequisites" module.

SBC Adjacencies

Accounts and adjacencies are the key objects used to control signaling. An account represents a service relationship with a remote organization on the SBE with which the SBC interacts. Within each account, one or more signaling adjacencies must be defined to connect the SBC to devices within that organization.

An adjacency represents a signaling relationship with a remote call agent. There is one adjacency defined per external call agent. The adjacency is used to define protocol-specific parameters as well as admission control and routing policy. Each adjacency belongs within an account. Each incoming call is matched to an adjacency, and each outgoing call is routed out over a second adjacency.

For more details, see the "Implementing SBC Adjacencies" module.

SBC Billing

The SBC billing component includes the following core features:

•Compatibility with existing billing systems—SBC billing fits seamlessly into a provider's existing billing architecture, using existing mechanisms to obtain billing information similar to existing solutions.

•Integration with next-generation technologies and solutions—SBC employs next-generation billing technologies so that service information from SBC, softswitches, voicemail, and unified messaging applications can be collated and billed in a distributed environment.

The function of the billing component can be broadly divided into two modes:

•Standalone, record-based call logging.

•Third-party integrated, distributed RADIUS-based call and event logging.

For more details, see the "Implementing SBC Billing" module.

The "Additional Information about Billing Support" appendix contains information on SBC billing.

SBC Policies

An SBC policy is a set of rules configured on the SBE that defines how different kinds of VoIP events are treated by the SBC. An SBC policy allows the user to control the VoIP signaling and media that passes through the SBC at an application level.

For more details, see the "Implementing SBC Policies" module.

SBC Transcoding

Transcoding is the process of translating a media stream encoded using one codec into a media stream encoded using another codec. For example, translating a media stream encoded as pulse code modulation u-law (PCMU) into one encoded as G.726-32.

You transcode configurations to configure the capabilities of external media transcoding devices because these devices cannot be discovered automatically. (In-band autodiscovery of transcoder capabilities is currently not supported. Therefore, transcoding must be performed when configuring all connections to all current remote transcoding devices.)

For more details, see the "Implementing SBC Transcoding" module.

SBC Interworking Dual Tone Multifrequency

SBC automatically selects the best dual tone multifrequency (DTMF) signaling technique based on the capabilities of the endpoints in a call. DTMF interworking is employed only if the caller and callee support non-overlapping DTMF event mechanisms (for example, if the caller supports sending DTMF using the SIP INFO method only and the callee supports receiving DTMF using in-channel RFC 2833 RTP signaling only).

For more details, see the "Implementing SBC Interworking DTMF" module.

SBC QoS—Marking

SBC supports quality of service (QoS) profiles that the integrator configures for IP packet marking on the data path. IP packet marking is used in the SBC in the following contexts:

•Configure media packet (RTP [real-time transport protocol] and RTCP [real-time control protocol]) marking based on a per call scope

•Support Differentiated Services Code Point (DSCP) marking as well as IP precedence/ToS marking for voice service

•Provide the ability to mark media packet differently depending on which branch of the call they are sent on. (That is, mark packets sent to the caller differently than packets sent to the callee)

For more details, see the "Implementing SBC QoS (Marking)" module.

SBC Redundancy—High Availability

SBC fault tolerance is based on a 1:1 paired-protection model. For each service card running active SBC components, there can be one service card providing failure protection. The same services must be provisioned on both cards (one as the primary card, one as the standby card), and the service cards are then said to be paired. Although from a Cisco XR 12000 Series Router perspective, service cards are always running in active mode, SBC services running on these cards run as either the primary service or the standby service.

For more details, see the "Implementing SBC Redundancy (High Availability)" module.

SBC Firewall Traversal and Network Address Translator

The SBC enables VoIP signaling and media to be received from and directed to a device behind a firewall and NAT (network address translator) at the border of an adjacent network, without requiring the device or firewall to be upgraded. In brief, the SBC achieves this by rewriting the IP addresses and ports in the call signaling headers and the SDP blocks attached to these messages. SBC does not support options for keeping pinholes open. Instead, SBC registers messages for signaling pinhole maintenance and RTP packets for media.

For more details, see the "Implementing SBC Firewall Traversal and NAT" module.

SBC Multi-VRF

The SBC support for multi-VRF (VPN routing and forward) on customer edge (CE) devices (that is, customer premise routers) feature provides the capability of suppressing provider edge (PE) checks that act to prevent loops when the PE is performing a mutual redistribution of packets. Multi-VRF allows for the use of only one router to accomplish the tasks that multiple routers usually perform. It runs on a network without the requirement of Multiprotocol Label Switching (MPLS) and Border Gateway Protocol (BGP) installed.

For more details, see the "Implementing SBC Multi-VRF" module.

End-to-End SBC Configuration Example on Cisco XR 12000 Series Router

The "End-to-End SBC Configuration Example on a Cisco XR 12000 Series Router" section shows a complete SBC configuration on a Cisco XR 12000 Series Router.

Using the Glossary

Critical to working within SBC technology is understanding basic terminology specific to SBC. Terminology is defined in detail where configuration areas are described in this guide. However, the glossary section provides working terminology for SBC technology and its many required configurations.

For more details, see the Glossary.

	Cisco IOS XR Session Border Controller Configuration Guide, Release 3.4
	About SBC Deployment Models
Cisco IOS XR Session Border Controller Configuration Guide, Release 3.4 Preface About SBC Deployment Models SBC Configuration Prerequisites Implementing SBC Adjacencies Configuring SIP Method Profile Configuring Header Profiles Restricting Codecs SIP Tel URI Support SIP Timer Implementing SBC Policies Tracking Policy Failure Statistics Implementing SBC Firewall Traversal and NAT Implementing SBC Interworking DTMF SIP 3xx Redirect Responses SIP Call Hold SIP Call Transfer Encrypted SIP Signaling SIP Outbound Authentication Implementing SBC QoS (Marking) DoS Prevention and Dynamic Blacklisting Unexpected Source Address Alerting Implementing SBC Billing Implementing SBC Redundancy (High Availability) Implementing SBC Multi-VRF Implementing SBC Transcoding Configuring DBE Overload Reporting Media Address Pools Early Media Fax Support Appendix A: End-to-End SBC Configuration Example on a Cisco XR 12000 Series Router Appendix B: Additional Information about Billing Support Glossary	Download this chapter About SBC Deployment Models Download the complete book Book-level PDF: Cisco IOS XR Session Border Controller Configuration Guide, Release 3.4 (PDF - 4 MB) Table Of Contents About SBC Deployment Models SBC Configuration Areas SBC Configuration Prerequisites SBC Adjacencies SBC Billing SBC Policies SBC Transcoding SBC Interworking Dual Tone Multifrequency SBC QoS—Marking SBC Redundancy—High Availability SBC Firewall Traversal and Network Address Translator SBC Multi-VRF End-to-End SBC Configuration Example on Cisco XR 12000 Series Router Using the Glossary About SBC Deployment Models The Session Border Controller (SBC) enables direct IP-to-IP interconnect between multiple administrative domains for session-based services providing protocol interworking, security, and admission control and management. The SBC is a voice over IP (VoIP) device that sits on the border of a network and controls call admission to that network. The primary purpose of an SBC is to protect the interior of the network from excessive call load and malicious traffic. Additional functions provided by the SBC include media bridging and billing services. The SBC is available as a service in the Cisco XR 12000 Series Router. In line with other services on the router, the SBC is implemented on a service card. For Cisco IOS XR Software Release 3.4, the SBC application runs on a Multiservice Blade (MSB). (See the "SBC Configuration Prerequisites" module for more details). SBC service includes two functional areas: •Signaling SBC function—Managed by the signaling border element (SBE), controls access of VoIP signaling messages to the core of the network, and manipulates the contents of these messages. It does this by acting as a Session Initiation Protocol (SIP) back-to-back user agent (B2BUA) or H.323 gateway. •Media SBC function—Managed by the data border element (DBE), controls access of media packets to the network, provides differentiated services and quality of service (QoS) for different media streams, and prevents service theft. It does this by acting as a real-time transport protocol (RTP) proxy. The SBC can operate in two modes or deployment models, as follows: •Unified—In the unified model, both the SBE and DBE logical entities co-exist on the same network element. In this model, the signaling entity controls the media local to the router and to a single service card (the MSB). •Distributed—In the distributed model, the SBE and the DBE entities reside on different network elements. Logically, each of the SBE entities control multiple DBE elements, and each DBE could be controlled by multiple SBE entities. The SBE interacts with the DBE entities using a session controller interface (SCI). The SCI interface supports the H.248 protocol. Note For Cisco IOS XR Software Release 3.4, the SBE is not supported in the distributed model. In this model, the bearer always flows through the DBE, and the SBE participates only in the signaling flow. This model must be used in conjunction with a third-party SBE that supports the DBE H.248 profile The distributed model offers advantages over the unified model, as follows: •Scalable to a larger number of sessions. •Operational advantages, because the SBE can be upgraded or serviced separately from the DBE. •The distributed model aligns well with typical voice deployments where the SBE can be co-located or part of the call agent. •The many-to-many interface offers capability to load share and balance across networks. Operators have the flexibility to optimize on loading of the SBE or DBE. However, most SBC deployments are configured following the unified model. The distributed model can only be used with a third-party SBE (and in this case, the SBC is used for the SBC media function only). Figure 1-1 illustrates the relationships between SBEs, DBEs, and other network elements: Figure 1-1 Relationships Between SBEs, DBEs and Other Network Elements SBC Configuration Areas SBC services involve numerous configurations. Each of following configuration areas include multistep procedures summarized in the following sections: •SBC Configuration Prerequisites •SBC Adjacencies •SBC Billing •SBC Policies •SBC Transcoding •SBC Interworking Dual Tone Multifrequency •SBC QoS—Marking •SBC Redundancy—High Availability •SBC Firewall Traversal and Network Address Translator •SBC Multi-VRF Additional information supporting the configuration areas are included in these sections: •End-to-End SBC Configuration Example on Cisco XR 12000 Series Router •Using the Glossary SBC Configuration Prerequisites For Release 3.4, the multiservice blade (MSB) maintains the primary role as the SBC services card. The SBC application is installed on the MSB as part of its own package installation envelope (PIE) service package. Before you configure SBC-specific configuration areas, consider the following prerequisite configuration requirements: •Installing SBC PIE on the MSB boot service card •Creating and assigning an SBC service to a service card •Assigning SBC role to an MSB service card •Defining an SBC switched virtual interface (SVI) and IP address for the interface •Enabling routing for SVI For more details, see the "SBC Configuration Prerequisites" module. SBC Adjacencies Accounts and adjacencies are the key objects used to control signaling. An account represents a service relationship with a remote organization on the SBE with which the SBC interacts. Within each account, one or more signaling adjacencies must be defined to connect the SBC to devices within that organization. An adjacency represents a signaling relationship with a remote call agent. There is one adjacency defined per external call agent. The adjacency is used to define protocol-specific parameters as well as admission control and routing policy. Each adjacency belongs within an account. Each incoming call is matched to an adjacency, and each outgoing call is routed out over a second adjacency. For more details, see the "Implementing SBC Adjacencies" module. SBC Billing The SBC billing component includes the following core features: •Compatibility with existing billing systems—SBC billing fits seamlessly into a provider's existing billing architecture, using existing mechanisms to obtain billing information similar to existing solutions. •Integration with next-generation technologies and solutions—SBC employs next-generation billing technologies so that service information from SBC, softswitches, voicemail, and unified messaging applications can be collated and billed in a distributed environment. The function of the billing component can be broadly divided into two modes: •Standalone, record-based call logging. •Third-party integrated, distributed RADIUS-based call and event logging. For more details, see the "Implementing SBC Billing" module. The "Additional Information about Billing Support" appendix contains information on SBC billing. SBC Policies An SBC policy is a set of rules configured on the SBE that defines how different kinds of VoIP events are treated by the SBC. An SBC policy allows the user to control the VoIP signaling and media that passes through the SBC at an application level. For more details, see the "Implementing SBC Policies" module. SBC Transcoding Transcoding is the process of translating a media stream encoded using one codec into a media stream encoded using another codec. For example, translating a media stream encoded as pulse code modulation u-law (PCMU) into one encoded as G.726-32. You transcode configurations to configure the capabilities of external media transcoding devices because these devices cannot be discovered automatically. (In-band autodiscovery of transcoder capabilities is currently not supported. Therefore, transcoding must be performed when configuring all connections to all current remote transcoding devices.) For more details, see the "Implementing SBC Transcoding" module. SBC Interworking Dual Tone Multifrequency SBC automatically selects the best dual tone multifrequency (DTMF) signaling technique based on the capabilities of the endpoints in a call. DTMF interworking is employed only if the caller and callee support non-overlapping DTMF event mechanisms (for example, if the caller supports sending DTMF using the SIP INFO method only and the callee supports receiving DTMF using in-channel RFC 2833 RTP signaling only). For more details, see the "Implementing SBC Interworking DTMF" module. SBC QoS—Marking SBC supports quality of service (QoS) profiles that the integrator configures for IP packet marking on the data path. IP packet marking is used in the SBC in the following contexts: •Configure media packet (RTP [real-time transport protocol] and RTCP [real-time control protocol]) marking based on a per call scope •Support Differentiated Services Code Point (DSCP) marking as well as IP precedence/ToS marking for voice service •Provide the ability to mark media packet differently depending on which branch of the call they are sent on. (That is, mark packets sent to the caller differently than packets sent to the callee) For more details, see the "Implementing SBC QoS (Marking)" module. SBC Redundancy—High Availability SBC fault tolerance is based on a 1:1 paired-protection model. For each service card running active SBC components, there can be one service card providing failure protection. The same services must be provisioned on both cards (one as the primary card, one as the standby card), and the service cards are then said to be paired. Although from a Cisco XR 12000 Series Router perspective, service cards are always running in active mode, SBC services running on these cards run as either the primary service or the standby service. For more details, see the "Implementing SBC Redundancy (High Availability)" module. SBC Firewall Traversal and Network Address Translator The SBC enables VoIP signaling and media to be received from and directed to a device behind a firewall and NAT (network address translator) at the border of an adjacent network, without requiring the device or firewall to be upgraded. In brief, the SBC achieves this by rewriting the IP addresses and ports in the call signaling headers and the SDP blocks attached to these messages. SBC does not support options for keeping pinholes open. Instead, SBC registers messages for signaling pinhole maintenance and RTP packets for media. For more details, see the "Implementing SBC Firewall Traversal and NAT" module. SBC Multi-VRF The SBC support for multi-VRF (VPN routing and forward) on customer edge (CE) devices (that is, customer premise routers) feature provides the capability of suppressing provider edge (PE) checks that act to prevent loops when the PE is performing a mutual redistribution of packets. Multi-VRF allows for the use of only one router to accomplish the tasks that multiple routers usually perform. It runs on a network without the requirement of Multiprotocol Label Switching (MPLS) and Border Gateway Protocol (BGP) installed. For more details, see the "Implementing SBC Multi-VRF" module. End-to-End SBC Configuration Example on Cisco XR 12000 Series Router The "End-to-End SBC Configuration Example on a Cisco XR 12000 Series Router" section shows a complete SBC configuration on a Cisco XR 12000 Series Router. Using the Glossary Critical to working within SBC technology is understanding basic terminology specific to SBC. Terminology is defined in detail where configuration areas are described in this guide. However, the glossary section provides working terminology for SBC technology and its many required configurations. For more details, see the Glossary.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks