Table Of Contents

Implementing SBC Policies

Contents

Prerequisites for Implementing Policies

Information About Implementing Policies

SBC Policies

Policy Events

Policy Stages

Policy Sets

Policy Tables

Number Analysis Policies

Number Validation

Number Categorization

Digit Manipulation

Routing

Routing Tables and Adjacencies

Number Manipulation

Hunting

MultiARQ Hunting

Call Admission Control

Call Admission Control

Media Bypass in Call Admission Control

How to Implement Policies

Configuring Number Analysis Tables

Configuring Number Validation

Configuring Number Categorization

Configuring Routing Tables

Configuring a Destination Address Table

Configuring the Destination, Source Domain, and Carrier ID Tables

Configuring Number Manipulation

Configuring Hunting and MultiARQ Hunting

Activating a Routing Policy Set

Configuring Call Admission Control Policy Sets and CAC Tables

Activating a CAC Policy Set

Configuration Examples of Implementing Number Analysis

Configuring Number Validation: Example

Configuring Number Categorization: Example

Configuration Example of Implementing Call Routing

Configuration Example of Implementing Call Admission Control Policy Sets and CAC Tables

Where to Go Next

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Related Command Summary

Implementing SBC Policies

---

An SBC policy is a set of rules that define how the SBC treats different kinds of voice over IP (VoIP) events. An SBC policy allows you to control the VoIP signaling and media that passes through the SBC at an application level.

---

Note For a complete description of commands used in this chapter, refer to the Cisco IOS XR Session Border Controller Command Reference. To locate documentation for other commands that appear in this chapter, use the command reference master index, or search online.

---

Feature History for Implementing SBC Policies

Release	Modification
Release 3.3.0	This feature was introduced on the Cisco XR 12000 Series Router.
Release 3.4.0	No modification.
Release 3.5.0	No modification.
Release 3.6.0	No modification.

Contents

•Prerequisites for Implementing Policies

•Information About Implementing Policies

•How to Implement Policies

•Configuration Examples of Implementing Number Analysis

•Configuration Example of Implementing Call Routing

•Configuration Example of Implementing Call Admission Control Policy Sets and CAC Tables

•Where to Go Next

•Additional References

•Related Command Summary

Prerequisites for Implementing Policies

The following prerequisites are required to implement SBC policies:

•You must be in a user group associated with a task group that includes the proper task IDs for SBC commands being used. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

•You must install and activate the package installation envelope (PIE) for the SBC software.

For detailed information about PIE installation, refer to the Upgrading and Managing Cisco IOS XR Software module in the Cisco IOS XR Getting Started Guide.

Information About Implementing Policies

An SBC policy is a set of rules that define how the SBC treats different kinds of voice over IP (VoIP) events. An SBC policy allows you to control the VoIP signaling and media that passes through the SBC at an application level. Figure 11 shows an overview of policy control flow.

Figure 11 Policy Control Overview

Number analysis and routing are configured in one type of configuration set, admission control is configured in another.

Number analysis (NA) determines whether a set of dialed digits represents a valid telephone number (based on number validation, number categorization, or digit manipulation). Call routing determines the VoIP signaling entity to which a signaling request should be sent. A destination adjacency is chosen for the signaling message based on various attributes of the message (for example, based on source account or adjacency). Routing policy is applied to new call events and to subscriber registration events.

Call Admission Control (CAC) limits the number of concurrent calls and registrations, and restricts the media bandwidth dedicated to active calls. It allows for load control on other network elements by rate limiting. Certain events can be completely blocked (using a blacklist) or freely allowed (using a whitelist), based on certain attributes.

Not all policies are mandatory:

•To call between subscribers, only endpoint routing policy is required.

•To call between telephone numbers, only call routing policy is required.

•Number analysis and admission control are optional, although they are likely to be required by the user.

Policies refer to accounts and adjacencies by name. Therefore, you may find it useful to configure and name adjacencies before configuring policies although this is not required.

The following sections describe the concepts critical to understanding how to implement SBC policies:

•SBC Policies

•Number Analysis Policies

•Routing

SBC Policies

This section describes the following SBC policies:

•Policy Events

•Policy Stages

•Policy Sets

•Policy Tables

Policy Events

Policies are applied to the following events:

•New calls—When new calls are signaled to the SBC, the SBC applies a policy to determine what happens to the new call request and what constraints the call must satisfy during its lifetime.

•Call updates—If one of the endpoints in a call attempts to renegotiate new media parameters, the SBC applies policy to ratify the attempt.

•Subscriber registrations—If a subscriber attempts to register through the SBC, the SBC applies policy to determine what happens to the registration request.

Policy Stages

There are three distinct stages of a policy, which are applied in strict order to the policy events. The stages in which policy is applied are as follows:

•Number analysis

•Routing

•Admission control

Some of these policy stages are skipped for particular types of events. Figure 12 shows the sequence of the policy stages for each type of event.

Figure 12 Policy Stages for Event Types

If the policy stages fail, the call is rejected and the failure is propagated back to the calling device (using either session initiation protocol (SIP) or H.323 signaling, as appropriate) with the error codes in Table 9.

Table 9 Policy Stage Errors 

Component	Resulting SIP Error Code	Resulting H.323 Error
Number analysis	604 "Does not exist anywhere"	Q.931 Release Complete UUIE with H.225 Reason field unreachableDestination
Routing	604 "Does not exist anywhere"	Q.931 Release Complete UUIE with H.225 Reason field unreachableDestination
Call Admission Control	503 "Service Unavailable"	Q.931 Release Complete UUIE with H.225 Reason field noPermission

---

Note If the call fails at the routing or Call Admission Control phase, it is released. There is no attempt to retry. Whether or not to retry is left to the upstream (calling) device to decide.

---

The following sections describe policy stages in more detail:

•Number Analysis

•Routing

•Admission Control

Number Analysis

Number Analysis (NA) determines whether a set of dialed digits represents a valid telephone number. This is achieved by configuring one or more tables of valid dialed digit strings using a limited-form regular-expression syntax, then matching the actual dialed digits against the different strings in the tables.

NA policy is applied only to new call events. If NA determines that a new call does not contain a valid set of dialed digits, the SBC rejects the call, using the error code described in the "Policy Stages" section.

NA rules are sensitive to the source account and source adjacency of a call, which allows different dial plans to be configured for different customer organizations, or even for different endpoints.

In addition to validating a dialed number, NA policy can also:

•Reformat the dialed digits into canonical form; for example, E.164 format.

•Label the call with a category, which is used by the later stages of policy.

Routing

Routing determines the next-hop VoIP signaling entity to which a signaling request should be sent. Routing of VoIP signaling messages occurs in two stages:

•Policy-based routing—The first stage of routing. In policy-based routing, a destination adjacency is chosen for the signaling message, based on various attributes of the message, discussed later.

•Protocol-based routing—Takes place after policy-based routing. Protocol-based routing uses a VoIP protocol-specific mechanism to deduce a next-hop IP address from the signaling peer configured for the destination adjacency chosen by policy-based routing.

For example, if the destination adjacency is a SIP adjacency and the signaling peer is uk.globalisp.com, the SBC uses domain name server (DNS) or IP lookup to determine the IP address and port of the SIP server for the domain uk.globalisp.com, and forwards the appropriate signaling message to that IP address and port.

Routing policy is applied to new call events and to subscriber registration events.

If a new call event matches an existing subscription, the call is routed automatically to the source IP address and port of the original subscriber registration. No configured policy is required to achieve this, and no configured policy can influence the routing of such calls.

Routing policy is not applied to call update events; call update signaling messages are routed automatically to the destination adjacency that was chosen for the new call event that originated the call.

It is possible that an event cannot be routed, if its attributes do not match a suitable configured routing rule. In such cases, the SBC rejects the event using a suitable error code.

Admission Control

Call admission control determines whether an event should be granted or refused based on configured limits for network resource utilization. There are two reasons for performing admission control.

•To defend load-sensitive network elements, such as softswitches, against potentially harmful levels of load precipitated by singular events, such as Do attacks, natural or man-made disasters, or mass-media phone-ins.

•To police the Service Level Agreements (SLAs) between organizations, to ensure that the levels of network utilization defined in the SLA are not exceeded.

Call admission control policy is applied to all event types. If an event is not granted by admission control policy, then the SBC rejects it with a suitable error code.

Policy Sets

A policy set is a group of policies that can be active on the SBC at any one time. If a policy set is active, then the SBC uses the rules defined within it to apply policy to events. You can create multiple policy sets on a single SBC; this feature has two potential uses:

•It enables you to atomically modify the configured policy by creating a copy of the currently active policy set, making all necessary changes, reviewing the modified policy, and then switching the active policy set. If a problem is discovered with the new policy set after it is activated, the SBC can be switched back to using the previous policy set with a single command.

•It enables you to create different policy sets for use at different times and to switch between them at the appropriate times.

Number analysis and routing are configured in a call policy set. Admission control is configured in a CAC policy set.

Only one policy set of each type can be active at any given time. You can switch the active policy set at any time. You cannot modify the currently active policy set, but can modify policy sets that are not active.

A new policy set either can be created empty (that is, without any configured policies), or created as a copy of another policy set. A policy set can be deleted, provided that it is not the active policy set.

When the SBC is initialized, there are no active policy sets. At any time after initialization, the active policy set can be undefined. While there is no active routing policy, each event that requires routing is rejected.

Policy Tables

All policy on the SBE is configured in a set of tables. This section describes the overall structure of the policy tables, as described in the following sections:

•Nomenclature

•Application of Policy

•Policy Table Example

Nomenclature

This section defines some terms that we later use when discussing policy tables.

A policy table has the following properties:

•A name that uniquely identifies the table within the scope of a single policy set. Tables in different policy sets may have the same name.

•A type, which defines the criterion that is used to select an entry from the table.

•A collection of table entries.

A policy table entry is a member of a policy table. It has the following properties:

•A value to match on (the match value). The semantics of this value are determined by the table type. No two entries in the same table may have identical match values.

•An optional action to perform on the event, if it matches this entry.

•An optional name of the next table to search for policy, if the event matches this entry.

Application of Policy

The policy tables are searched whenever an event occurs. The policy to be applied to the event is built up as the tables are searched.

The policy sets contains the following properties, which define which policy tables are searched at each stage of the policy calculation. The call policy set contains:

•First NA policy table to process

•First routing policy table to process for calls

•First routing policy table to process for endpoint registrations

The CAC policy set contains:

•First admission control policy table

When an event occurs, the policy tables are searched as follows. This procedure is followed once for every stage of policy to which an event is subjected.

•The first table for the particular stage of the policy calculation is obtained from the active configuration set.

•The policy table is processed as follows.

•The type of the table defines which of the event's attributes (for example, the destination number or the source adjacency) is examined by this table. This attribute is compared against the match value of every entry in the table. This results in either exactly one entry matching the event, or no entries matching the event.

•If an entry matches the event, then the action associated with that entry is performed. After the action is performed, if the entry contains the name of a next table, that table is processed. If there is no next table, then the policy calculation is complete and processing for this stage of policy ends.

•If no entry matches the event, then the policy calculation is complete and processing for this stage of policy ends.

Policy Table Example

The following example illustrates the flow of control as policy tables are parsed at a particular stage of policy for a particular event. The event in this example is a new call, received from source account with destination number 129. The stage of policy considered here is routing.

This example is provided for illustrative purposes only; routing tables are described in detail in the "Routing" module.

Figure 13 shows the relevant routing tables.

Figure 13 Policy Table Example

The policy calculation begins by looking up the first policy table to be used by the routing stage. This is the table with name RtgAnalyzeSourceAccount. This table is processed as follows:

•The match-type of the table is src-account, so the source account of the new call event is compared with each of the entries in this table.

•The table entry that matches on csi provides a match for this new call event. There is no action associated with this entry, but the entry points to a next table with name RtgAnalyzeDestCSINumber.

The flow of control then passes to the table with name RtgAnalyzeDestCSINumber. This table is processed as follows:

•The match-type of the table is dst-number, so the destination number of the new call event is compared with each of the entries in this table.

•The table entry that matches on 1xx provides a match for this new call event. The action associated with this entry is performed; that is, the destination adjacency for the new call event is set to csi-chester.

•This entry does not point to a next table, so the policy calculation for the routing stage ends.

This example shows successful routing of the new call. The outcome is successful because the destination adjacency of the new call is selected before the policy calculation finishes. It is entirely possible for the outcome of routing to be unsuccessful for a new call if the routing policy tables do not assign a destination adjacency to the call before the routing policy calculation ends. For example, the routing policy illustrated above does not successfully route a new call whose source account is csi and whose destination number is 911.

In this example, a single entry is selected from each table that is traversed during the calculation. In general, at most one entry in any policy table matches an event to which policy is being applied. In cases in which more than one entry would match an event, the best matching entry is selected.

Number Analysis Policies

Three different types of Number Analysis (NA) policies are configured within NA tables. These types of NA policies are applied simultaneously to new calls and are described in the following sections:

•Number Validation

•Number Categorization

•Digit Manipulation

Number Validation

Number validation is fundamental to the process of traversing number analysis policy tables. A number is validated if the NA tables are traversed and the final entry examined contains an action of accept. A number is not valid if the NA tables are traversed, and the final entry examined contains an action of reject. A number also is not valid if, at any stage of processing the NA tables, a table with no matching entries is encountered.

Number analysis tables can be one of the following types:

•dst-number—Tables of this type contain entries whose match values represent complete numbers. In such tables, an entry matches an event if the entire dialed digit string exactly matches the match value of the entry.

•dst-prefix—Tables of this type contain entries whose match values represent number prefixes. In such tables, an entry matches an event if there exists a subset of the dialed digit string, consisting of consecutive digits taken from the front of the dialed digit string, that exactly matches the match value of the entry.

•src-account—Tables of this type contain entries whose match values are the names of accounts. In such tables, an entry matches an event if the name of the source account of the event exactly matches the match value of the entry.

•src-adjacency—Tables of this type contain entries whose match values are the names of adjacencies. In such tables, an entry matches an event if the name of the source account of the event exactly matches the match value of the entry.

•carrier-id—Tables of this type contain entries matching the carrier ID.

Digit-matching NA Tables

The format of the match values of entries in NA tables that match on the destination number or destination number prefix is a limited-form, regular expression string representing a string of dialed digits. The syntax used is described in Table 10.

Table 10 Syntax of Match Values for Entries in Digit-matching NA Tables 

X	Any numerical digit 0 - 9.
( )	The digit within the parentheses is optional. For example, (0)XXXX represents 0XXXX and XXXX.
[ ]	One of the digits within the square brackets is used. For example, [01]XXX represents 0XXX and 1XXX. A range of values can be represented within the square brackets. For example, [013-5]XXX represents 0XXX, 1XXX, 3XXX, 4XXX and 5XXX.
*	The * key on the telephone.
#	The # key on the telephone.

In such tables, it is always possible that more than one entry in the table may match a particular digit string. For example, entries that match 1xx and 12x both match a digit string 129. However, a single entry must be chosen from each table, so the SBC chooses the best matching entry by applying the following rules in the order given.

---

Step 1 Choose the longest explicit match.

If the NA table is a dst-prefix type, it is possible that more than one entry specifies an explicit number (that is, one that contains no X characters or [ ] constructs) and matches the dialed number of the event. In this situation, the entry with the longest number has priority.

For example, the dialed number begins 011, the number validation table is a dst-prefix type, and there are two matching entries with numbers 01 and 011. The entry with the number 011 takes priority, because it is a longer number.

Step 2 If there is no explicit match, choose the longest wildcard match.

If the table does not contain an explicit entry to match the dialed number of the event, the longest wildcard entry that matches takes priority.

Step 3 If there are multiple wildcard matches of the same length, choose the most explicit.

For example, the dialed number is 02083661177, the NA table is a dst-number type, and there are two matching entries with match values 0208XXXXXXX and 0208366XXXX. In the first entry, the fifth digit is a wildcard; in the second entry, the eighth digit is a wildcard, so the second entry takes priority.

If the same number is dialed, and a different NA table has matching entries [01]208XXXXXXX and 0XXXXXXXXXX, the second entry takes priority, because in the first entry the first digit is a wildcard.

---

Number Categorization

Events can be placed into user-defined categories during NA processing. This is achieved by specifying a categorization action in an entry of an NA table. Categories are useful, because they may be referred to later during the admission control policy stage.

At most, one category may be associated with an event. If, during processing of the NA tables, categories are assigned to an event multiple times, then the last category to be assigned is used. When a category is assigned to an event, it cannot be deleted, only replaced with another category.

Digit Manipulation

During NA, it is often a requirement to normalize numbers—in other words, convert them from the internal format used by a particular organization or service provider to a canonical format understood globally in the Interned and PSTN.

This is achieved by specifying one or more of the following actions in an entry of an NA table:

•debriefing n—This action removes the leading n digits from the dialed digit string, or deletes the entire string if it is n or fewer digits long.

•del_suffix n—This action removes the final n digits from the dialed digit string, or deletes the entire string if it is n or fewer digits long.

•add_prefix digit string—This action adds the given digit string to the front of the dialed digit string.

•replace digit string—This action replaces the entire dialed digit string with the given digit string.

Routing

This section describes the following routing policies:

•Routing Tables and Adjacencies

•Number Manipulation

•Hunting

•MultiARQ Hunting

Routing Tables and Adjacencies

This section explains how routing tables are configured on the SBC.

The inputs to the policy-based routing stage are as follows:

•The destination number of the event, which is the post-NA dialed digit string (that is, it may have been modified from the original dialed digit string)—This input is present only if the event is a new call.

•The source number of the event—This input is present only if the event is a new call.

•The source adjacency of the event.

•The source account of the event.

The routing policy tables examine some or all of these inputs, and produce one of the following outputs:

•A single destination adjacency.

•A group of adjacencies used for load balancing. One of these is chosen, depending on the load previously sent to the adjacencies in this group.

Routing tables represent one of the following types:

•dst-address—Tables of this type contain entries matching the dialed number (after number analysis). These values are either complete numbers or number prefixes (depending on whether the prefix parameter is given). Without the prefix parameter, an entry matches an event if the dialed digit string exactly matches the match value of the entry. With the prefix parameter, an entry matches an event if there exists a subset of the dialed digit string, consisting of consecutive digits taken from the front of the dialed digit string that exactly matches the match value of the entry.

•src-address—Tables of this type contain entries matching the dialer's number or SIP user name. These values are either complete numbers or number prefixes (depending on whether the prefix parameter is given). Without the prefix parameter, an entry matches an event if the entire digit string representing the calling number exactly matches the match value of the entry. With the prefix parameter, an entry matches an event if there exists a subset of the digit string that represents the calling number, consisting of consecutive digits taken from the front of this string that exactly match the match value of the entry.

•src-account—Tables of this type contain entries matching the names of accounts. In such tables, an entry matches an event if the name of the source account of the event exactly matches the match value of the entry.

•src-adjacency—Tables of this type contain entries matching the names of adjacencies. In such tables, an entry matches an event if the name of the source account of the event exactly matches the match value of the entry.

•src-domain—Tables of this type contain entries matching the source domain names.

•dst-domain—Tables of this type contain entries matching the destination domain names.

•carrier-id—Tables of this type contain entries matching the carrier ID.

•round-robin-table—A group of adjacencies are chosen for an event if an entry in a routing table matches that event and points to a round-robin adjacency table in the next-table action. A round-robin adjacency table is a special type of policy table, whose events do not have any match-value parameters, nor next-table actions. Its actions are restricted to setting the destination adjacency.

The rules specified in the "Digit-matching NA Tables" section govern the format and matching rules of the match-values of the entries in routing tables of type dst-number, dst-prefix, src-number and src-prefix.

Number Manipulation

The number manipulation feature enables you to specify various number manipulations that can be performed on a dialed number after a destination adjacency has been selected.

This enhancement affects the billing functionality as it allows the SBC to display both the original and the edited dialed number for a call. For example:

    <party ty"e="o"ig" pho"e="02083661177"/>

    <party ty"e="t"rm" pho"e="02083671"31" editphone="4402083671231"/>

The number manipulation feature requires that the edit action be allowed in the routing policy entries. The edit action takes the same parameters as the edit action for the number analysis tables, enabling you to delete a number of characters from the beginning or end of the dialed string, add digits to the start of the string, or replace the entire string with another. For example, if the following table were matched:

call-policy-set 1

  rtg-src-adjacency-table table1

    entry 1

      match SipAdj1

      edit del-prefix 3

      dst-adjacency SipAdj2

      action complete

    end

  end

then the dialed string would have the first of its digits deleted.

---

Note The category of a call cannot be changed in a routing table. Categories are only assigned during number analysis.

---

Hunting

This enhancement enables the SBC to hunt for other routes or destination adjacencies in case of a failure. Hunting means the route is retried. There are several ways in which failures can occur, including

•CAC policy refuses to admit a call.

•Routing Policy Services are unable to route a call.

•A call setup failure is received via SIP or H323.

If a CAC policy fails to allow a call, you can attempt to reroute the call using RPS, and try the call admission policy again. If the SBC receives a call setup failure from SIP or H323, and the error code is one of the newly configurable sets, then the SBC retries the routing.

MultiARQ Hunting

MultiARQ hunting enables the SBC to hunt for other routes or destination adjacencies using a non-standard H.323 mechanism based on issuing multiple ARQs to a Gatekeeper for a single call.

MultiARQ hunting works in the following way:

•An H.323 endpoint on the SBC sends an admissionRequest (ARQ) to a Gatekeeper as part of establishing an outbound call leg.

•The Gatekeeper contacts other network entities and identifies one or more potential endpoints.

•The Gatekeeper returns an admissionConfirm (ACF) which contains a single destinationInfo and no alternateEndpoints.

•The SBC attempts to contact the endpoint identified in the ACF. The endpoint either rejects the call, or the endpoint is unreachable, and the configuration of hunting triggers indicates that hunting is possible.

•If the hunting mode controlling this call is multiARQ, the SBC issues a second ARQ to the Gatekeeper, indicating the same conferenceID as the original ARQ. This is not a standard H.323 behavior. Note that the SBC has not issued a DRQ to the SBC prior to sending this second ARQ.

•The Gatekeeper may contact other network entities in order to identify further suitable endpoint identifiers.

•The Gatekeeper returns an ACF containing a single destinationInfo and the call attempt continues as per the first received ACF.

•The hunting cycle described above continues until one of the following conditions is met:

–An endpoint is contacted and the call completes.

–A Gatekeeper ARQ retry is required but a hard coded limit on the number of permitted retry ARQs has been reached. This limit is currently set to 32.

–The Gatekeeper returns an admissionReject, implying that there are no further suitable endpoint identifiers.

–An endpoint returns a rejectReason which is not configured as a hunting trigger.

–An endpoint cannot be contacted and connectFailed is not configured as a hunting trigger.

For cases where the call fails, the following processing is performed.

•If the call failed as a result of a Gatekeeper returning an admissionReject for the initial ARQ, no disengageRequest is sent to the Gatekeeper, the call is rejected, and further hunting cannot be performed by the Routing Policy Services (RPS).

•If the call failed as a result of a Gatekeeper returning an admissionReject for a second or subsequent ARQ, which is the indication that multiARQ hunting has exhausted a list of possible targets, no disengageRequest is sent to the Gatekeeper, the call is rejected, but further hunting may be performed by the Routing Policy Services (RPS).

•If the call failed as a result of a connection failure or a reject reason, which is not configured as a hunting trigger, a disengageRequest is sent to the Gatekeeper, the call is rejected, and further hunting cannot be performed by the Routing Policy Services (RPS).

A limit on the maximum number of permitted ARQs is required to avoid a Denial of Service (DoS) type problem or attack. If multiARQ hunting is enabled but the Gatekeeper keeps returning the same destinationInfo (or repeats the cycle of endpoints in a series of ARQs) then there may be no trigger to end the hunting phase. Imposing a limit on the number ARQs provides a backstop against such a problem.

Call Admission Control

This section describes the following:

•Call Admission Control

•Media Bypass in Call Admission Control

Call Admission Control

Call Admission Control (CAC) limits the number of concurrent calls and registrations, and restricts the media bandwidth dedicated to active calls. It allows for load control on other network elements by rate limiting. Certain events can be completely blocked (using a blacklist) or freely allowed (using a whitelist), based on certain attributes.

Call admission control determines whether an event should be granted or refused based on configured limits for network resource utilization. There are two reasons for performing admission control.

•To defend load-sensitive network elements, such as softswitches, against potentially harmful levels of load precipitated by singular events, such as Do attacks, natural or man-made disasters, or mass-media phone-ins.

•To police the Service Level Agreements (SLAs) between organizations, to ensure that the levels of network utilization defined in the SLA are not exceeded.

Call admission control policy is applied to all event types. If an event is not granted by admission control policy, then the SBC rejects it with a suitable error code.

Media Bypass in Call Admission Control

The media bypass feature allows the media packets to bypass the SBC, enabling the endpoints to communicate directly to each other. Media packets flow directly without going through the DBE component of the SBC after the call signaling is performed. Signaling packets still flow through the SBC as usual. The configuration is set per adjacency, and allows media bypass across different adjacencies.

In the 3.4.1 release of the SBC, CAC can control whether media-bypass is on or off. The media bypass is configured both per adjacency and in CAC. However, the default is still to perform media bypass if the adjacencies are on the same VPN. In addition, CAC can turn media bypass off based on destination or source prefix and account.

The requirements for this new feature are the following:

•The media-bypass-forbid option must be set in a CAC table.

•The CAC configuration takes priority over the configuration set on the adjacency.

•To perform media bypass between two adjacencies, the following precedence rules take effect:

–Both adjacencies must be on the same VPN.

–Both adjacencies must be allowed to perform media bypass by CAC.

–Both adjacencies must have their per-adjacency media bypass on.

How to Implement Policies

SBC policies are configured and activated as described in the following sections:

•Configuring Number Validation: Example

•Configuring Number Categorization: Example

•Configuring Number Analysis Tables

•Configuring Routing Tables

•Configuring Number Manipulation

•Configuring Hunting and MultiARQ Hunting

•Configuring Call Admission Control Policy Sets and CAC Tables

•Activating a CAC Policy Set

Configuring Number Analysis Tables

This task configures a number analysis table. The types of number analysis configuration are described in the following sections:

•Configuring Number Validation

•Configuring Number Categorization

Configuring Number Validation

This task configures number validation for a number analysis table.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. call-policy-set policy-set-id

5. first-number-analysis-table table-name

6. na-dst-prefix-table table-name

7. comment number-analysis-table-comment

8. entry entry-id

9. match-prefix key

10. action [next-table goto-table-name | accept | reject]

11. category category-name

12. entry entry-id

13. edit action

14. edit-cic [del-prefix pd] | [del suffix sd] | [add-prefix pa] | [replace ds]

15. match-prefix key

16. action [next-table goto-table-name | accept | reject]

17. category category-name

18. entry entry-id

19. match-prefix key

20. action [next-table goto-table-name | accept | reject]

21. category category-name

22. exit

23. exit

24. show

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mySbc RP/0/0/CPU0:router(config-sbc)#	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe RP/0/0/CPU0:router(config-sbc-sbe)#	Enters the mode of an SBE entity within an SBC service.
Step 4	call-policy-set policy-set-id Example: RP/0/0/CPU0:router(config-sbc-sbe)# call-policy-set 1 RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)#	Enters the mode of routing policy set configuration within an SBE entitiy, creating a new policy set, if necessary.
Step 5	first-number-analysis-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# first-number-analysis-table hotel_table	Configures the name of the first policy table to process when performing the number analysis stage of policy.
Step 6	na-dst-prefix-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# na-dst-prefix-table hotel_table RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable)#	Enters the mode for configuring a number analysis table whose entries match the prefix (the first several digits) of the dialed number within the context of an SBE policy set. Commands for other number analysis tables: •na-carrier-id-table—This table requires additional commands match-cic and edit-cic (see below) •na-dst-number-table •na-src-accoun-table •na-src-adjacency-table
Step 7	comment number-analysis-table-comment Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable)# comment "My first number analysis table" RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable)#	Configures the comment to describe the number anaylsis table. •number-analysis-table-comment is a descriptive text string delimited by double-quotes. The no version of the command removes the comment.
Step 8	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable)# entry 1 RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)#	Enters the mode for configuring an entry in a number analysis table, creating the entry, if necessary.
Step 9	match-prefix key | match-cic cic Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# match-prefix XXX	Configures the match value of an entry in the number analysis table. •The match-prefix key argument is a string used to match the prefix (the starting part) of the dialed number. •The match-cic cic argument is used with the na-carrier-id-table command and configures the match carrier ID code in a table whose entries match the whole dialed number.
Step 10	action [next-table goto-table-name | accept | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# action accept	Configures the action of an entry in a number analysis table. Possible actions are: •Configure the name of the next number analysis table to process if the event matches this entry using the next-table keyword and the goto-table-name argument. •Configure the call to be accepted if it matches the entry in the table using the accept keyword. •Configure the call to be rejected if it matches the entry in the table using the reject keyword.
Step 11	category category-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# category external	Configures the category of an entry in the number analysis table.
Step 12	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# entry 2	Enters the mode for configuring an entry in a number analysis table, creating the entry, if necessary.
Step 13	edit [del-prefix pd] | [del suffix sd] | [add-prefix pa] | [replace ds] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# edit del-prefix 1	Configures a dial-string manipulation action in a number analysis table. You are not allowed to do this if the table is part of the active policy set. The no version of the command deletes the edit action of the given entry in the routing table. The edit command can be set to the following values: •del-prefix pd—Delete prefix pd, where pd is a positive integer specifying a number of digits to delete from the front of the dialed string. •del-suffix sd—Delete suffix sd, where sd is a positive integer specifying a number of digits to delete from the end of the dialed string. •add-prefix pa—Add prefix pa, where pa is a string of digits to add to the front of the dialed string. •replace ds—Replace ds, where ds is a string of digits that replaces the dialed string. In the example to the left, the edit command sets entry 2 to delete 1 digit from the first beginning of the dialed string in the number analysis table.
Step 14	edit-cic [del-prefix pd] | [del suffix sd] | [add-prefix pa] | [replace ds] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# edit-cic del-prefix 1	Configures a carrier identification code (CIC) manipulation action in any number analysis table. You are not allowed to do this if the table is part of the active policy set. The no version of the command destroys the match value. •del-prefix pd: A positive integer specifying a number of digits to delete from the front of the carrier ID string. •del-suffix sd: A positive integer specifying a number of digits to delete from the end of the carrier ID string. •add-prefix pa: A string of digits to add to the front of the carrier ID string. •replace ds: A string of digits to replace the carrier ID string with. The following command sets entry 2 to delete the first digit of the carrier ID in the current number analysis table. If you wish to remove the carrier ID entirely from outgoing messages, he should specify a replacement string of 0 or a prefix deletion string of 4. For example, edit-cic del-prefix 4 OR edit-cic replace 0
Step 15	match-prefix key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# match-prefix 9XXX	Configures the match value of an entry in the number analysis table. The key argument is a string used to match the start of the dialed number.
Step 16	action [next-table goto-table-name | accept | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# action accept	Configures the action of an entry in a number analysis table. Possible actions are: •Configure the name of the next number analysis table to process if the event matches this entry using the next-table keyword and the goto-table-name argument. •Configure the call to be accepted if it matches the entry in the table using the accept keyword. •Configure the call to be rejected if it matches the entry in the table using the reject keyword.
Step 17	category category-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# category external	Configures the category of an entry in the number analysis table.
Step 18	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# entry 3	Enters the mode for configuring an entry in a number analysis table, creating the entry, if necessary.
Step 19	match-prefix key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# match-prefix 8XXX	Configures the match value of an entry in the number analysis table. The key argument is a string used to match the start of the dialed number.
Step 20	action [next-table goto-table-name | accept | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# action accept	Configures the action of an entry in a number analysis table. Possible actions are: •Configure the name of the next number analysis table to process if the event matches this entry using the next-table keyword and the goto-table-name argument. •Configure the call to be accepted if it matches the entry in the table using the accept keyword. •Configure the call to be rejected if it matches the entry in the table using the reject keyword.
Step 21	category category-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# category bar	Configures the category of an entry in the number analysis table.
Step 22	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# exit	Exits from the entry mode to the natable mode.
Step 23	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable)# exit	Exits from the natable mode to the callpolicy mode.
Step 24	show Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)#	Displays the current configuration information.

Configuring Number Categorization

This task configures number categorization for a number analysis table.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. call-policy-set policy-set-id

5. first-number-analysis-table table-name

6. na-src-account-table table-name

7. entry entry-id

8. match-account key

9. action [next-table goto-table-name | accept | reject]

10. entry entry-id

11. match-account key

12. action [next-table goto-table-name | accept | reject]

13. entry entry-id

14. match-account key

15. action [next-table goto-table-name | accept | reject]

16. na-dst-prefix-table table-name

17. entry entry-id

18. match-prefix key

19. category category-name

20. action [next-table goto-table-name | accept | reject]

21. entry entry-id

22. match-prefix key

23. category category-name

24. action [next-table goto-table-name | accept | reject]

25. commit

26. exit

27. exit

28. show

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mySbc RP/0/0/CPU0:router(config-sbc)#	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe RP/0/0/CPU0:router(config-sbc-sbe)#	Enters the mode of an SBE entity within an SBC service.
Step 4	call-policy-set policy-set-id Example: RP/0/0/CPU0:router(config-sbc-sbe)# call-policy-set 1 RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)#	Enters the mode of routing policy set configuration within an SBE entitiy, creating a new policy set if necessary.
Step 5	first-number-analysis-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# first-number-analysis-table check_account	Configures the name of the first policy table to process when performing the number analysis stage of policy.
Step 6	na-src-account-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# na-src-account-table check_account RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable)#	Enters the mode for configuring a number analysis table within the context of an SBE policy set with the entries of the table matching the source account.
Step 7	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable)# entry 1 RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)#	Enters the mode for configuring an entry in a number analysis table, creating the entry, if necessary.
Step 8	match-account key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# match-account hotel_foo	Configures the match value of an entry in the number analysis table. The key argument is a string used to match the source account.
Step 9	action [next-table goto-table-name | accept | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# action next-table hotel_dialing_plan	Configures the action of an entry in a number analysis table. Possible actions are: •Configure the name of the next number analysis table to process if the event matches this entry using the next-table keyword and the goto-table-name argument. •Configure the call to be accepted if it matches the entry in the table using the accept keyword. •Configure the call to be rejected if it matches the entry in the table using the reject keyword.
Step 10	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# entry 2	Enters the mode for configuring an entry in a number analysis table, creating the entry, if necessary.
Step 11	match-account key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# match-account hotel_bar	Configures the match value of an entry in the number analysis table. The key argument is a string used to match the source account.
Step 12	action [next-table goto-table-name | accept | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# action next-table hotel_dialing_plan	Configures the action of an entry in a number analysis table. Possible actions are: •Configure the name of the next number analysis table to process if the event matches this entry using the next-table keyword and the goto-table-name argument. •Configure the call to be accepted if it matches the entry in the table using the accept keyword. •Configure the call to be rejected if it matches the entry in the table using the reject keyword.
Step 13	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# entry 3	Enters the mode for configuring an entry in a number analysis table, creating the entry, if necessary.
Step 14	match-account internal Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# match-account internal	Configures the match value of an entry in the number analysis table. The key argument is a string used to match the source account.
Step 15	action [next-table goto-table-name | accept | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# action accept	Configures the action of an entry in a number analysis table. Possible actions are: •Configure the name of the next number analysis table to process if the event matches this entry using the next-table keyword and the goto-table-name argument. •Configure the call to be accepted if it matches the entry in the table using the accept keyword. •Configure the call to be rejected if it matches the entry in the table using the reject keyword.
Step 16	na-dst-prefix-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-na table-entry)# na-dst-prefix-table hotel_dialing_plan	Enters the mode for configuring a number analysis table within the context of an SBE policy set with the entries of the table matching the start of the dialed number.
Step 17	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# entry 1	Enters the mode for configuring an entry in a number analysis table, creating the entry, if necessary.
Step 18	match-prefix key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# match-prefix XXX	Configures the match value of an entry in the number analysis table. The key argument is a string used to match the start of the dialed number.
Step 19	category category-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# category internal_call	Specifies the category of an entry in a number analysis table.
Step 20	action [next-table goto-table-name | accept | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# action accept	Configures the action of an entry in a number analysis table. Possible actions are: •Configure the name of the next number analysis table to process if the event matches this entry using the next-table keyword and the goto-table-name argument. •Configure the call to be accepted if it matches the entry in the table using the accept keyword. •Configure the call to be rejected if it matches the entry in the table using the reject keyword.
Step 21	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# entry 2	Enters the mode for configuring an entry in a number analysis table, creating the entry, if necessary.
Step 22	match-prefix key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# match-prefix 9XXX	Configures the match value of an entry in the number analysis table. The key argument is a string used to match the start of the dialed number.
Step 23	category category-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# category external_call	Specifies the category of an entry in a number analysis table.
Step 24	action [next-table goto-table-name | accept | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# action accept	Configures the action of an entry in a number analysis table. Possible actions are: •Configure the name of the next number analysis table to process if the event matches this entry using the next-table keyword and the goto-table-name argument. •Configure the call to be accepted if it matches the entry in the table using the accept keyword. •Configure the call to be rejected if it matches the entry in the table using the reject keyword.
Step 25	commit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# commit	Saves configuration changes. Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 26	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# exit	Exits from the entry mode to the natable mode.
Step 27	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable)# exit	Exits from the natable mode to the callpolicy mode.
Step 28	show Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# show	Displays the current configuration information.

Configuring Routing Tables

Configuring a Destination Address Table

This task configures a dst-address routing table.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. call-policy-set policy-set-id

5. first-call-routing-table table-name

6. rtg-dst-address-table table-name

7. entry entry-id

8. match-address key

9. prefix

10. dst-adjacency target-adjacency

11. action [next-table goto-table-name | complete | reject]

12. exit

13. entry entry-id

14. match-address key

15. prefix

16. dst-adjacency target-adjacency

17. action [next-table goto-table-name | complete | reject]

18. exit

19. entry entry-id

20. match-address key

21. prefix

22. dst-adjacency target-adjacency

23. action [next-table goto-table-name | complete | reject]

24. exit

25. entry entry-id

26. match-address key

27. prefix

28. dst-adjacency target-adjacency

29. action [next-table goto-table-name | complete | reject]

30. exit

31. complete

32. commit

33. show

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mysbc	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	call-policy-set policy-set-id Example: RP/0/0/CPU0:router(config-sbc-sbe)# call-policy-set 1	Enters the mode of routing policy set configuration within an SBE entity.
Step 5	first-call-routing-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# first-call-routing-table ROUTE-ON-DEST-NUM	Configures the name of the first policy table to process when performing the routing stage of policy for new-call events.
Step 6	rtg-dst-address-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# rtg-dst-address-table MyRtgTable	Enters the configuration mode of a routing table within the context of an SBE policy set with the entries of the table matching the dialed number (after number analysis).
Step 7	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable)# entry 1	Enters the mode for configuring an entry in a routing table, creating the entry, if necessary.
Step 8	match-address key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# match-address 334	Configures the match value of an entry in a routing table. To create a routing table that routes on user name, use the existing rtg-dst-address-table or rtg-src-address-table and put a textual value in the match-address field. The SBC skips number analysis and performs only routing when the SIP message contains a user name. The SBC decides that an address is a user name (as opposed to a phone number) if it contains any character other than: \n\n0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, plus, hyphen, period, open-round-bracket, close-round-bracket. When the SBC has decided that an address is a user name, the "X" in the routing tables is treated not as a wildcard character, but as a literal "X". For example, the match value of "X" matches the username "X", but not "A".
Step 9	prefix Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# prefix	Configures the match-address of this entry to match the start of the destination address.
Step 10	dst-adjacency target-adjacency Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# dst-adjacency SIP-AS540-PSTN-GW2	Configures the destination adjacency of an entry in a routing table.
Step 11	action [next-table goto-table-name | complete | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# action complete	Configures the action to take if this routing entry is chosen. Possible actions are: •Set the name of the next routing table to process if the event matches this entry. This is done using the next-table keyword and the goto-table-name argument. •Complete the action using the complete keyword. •Reject the indicated action using the reject keyword.
Step 12	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# exit	Exits the entry mode to the rtgtable mode.
Step 13	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable)# entry 2	Enters the mode for configuring an entry in a routing table, creating the entry, if necessary.
Step 14	match-address key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# match-address 434	Configures the match value of an entry in a routing table. To create a routing table that routes on user name, use the existing rtg-dst-address-table or rtg-src-address-table and put a textual value in the match-address field. The SBC skips number analysis and performs only routing when the SIP message contains a user name. The SBC decides that an address is a user name (as opposed to a phone number) if it contains any character other than: \n\n0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, plus, hyphen, period, open-round-bracket, close-round-bracket. When the SBC has decided that an address is a user name, the "X" in the routing tables is treated not as a wildcard character, but as a literal "X". For example, the match value of "X" matches the username "X", but not "A".
Step 15	prefix Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# prefix	Configures the match-address of this entry to match the start of the destination address.
Step 16	dst-adjacency target-adjacency Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# dst-adjacency SIP-AS540-PSTN-GW1	Configures the destination adjacency of an entry in a routing table.
Step 17	action [next-table goto-table-name | complete | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# action complete	Configures the action to take if this routing entry is chosen. Possible actions are: •Set the name of the next routing table to process if the event matches this entry. This is done using the next-table keyword and the goto-table-name argument. •Complete the action using the complete keyword. •Reject the indicated action using the reject keyword.
Step 18	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# exit	Exits the entry mode to the rtgtable mode.
Step 19	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable)# entry 3	Enters the mode for configuring an entry in a routing table, creating the entry, if necessary.
Step 20	match-address key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# match-address 354	Configures the match value of an entry in a routing table. To create a routing table that routes on user name, use the existing rtg-dst-address-table or rtg-src-address-table and put a textual value in the match-address field. The SBC skips number analysis and performs only routing when the SIP message contains a user name. The SBC decides that an address is a user name (as opposed to a phone number) if it contains any character other than: \n\n0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, plus, hyphen, period, open-round-bracket, close-round-bracket. When the SBC has decided that an address is a user name, the "X" in the routing tables is treated not as a wildcard character, but as a literal "X". For example, the match value of "X" matches the username "X", but not "A".
Step 21	prefix Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# prefix	Configures the match-address of this entry to match the start of the destination address.
Step 22	dst-adjacency target-adjacency Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# dst-adjacency H323-AS540-PSTN-GW2	Configures the destination adjacency of an entry in a routing table.
Step 23	action [next-table goto-table-name | complete | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# action complete	Configures the action to take if this routing entry is chosen. Possible actions are: •Set the name of the next routing table to process if the event matches this entry. This is done using the next-table keyword and the goto-table-name argument. •Complete the action using the complete keyword. •Reject the indicated action using the reject keyword.
Step 24	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# exit	Exits the entry mode to the rtgtable mode.
Step 25	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable)# entry 4	Enters the mode for configuring an entry in a routing table, creating the entry, if necessary.
Step 26	match-address key Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# match-address 454	Configures the match value of an entry in a routing table. To create a routing table that routes on user name, use the existing rtg-dst-address-table or rtg-src-address-table and put a textual value in the match-address field. The SBC skips number analysis and performs only routing when the SIP message contains a user name. The SBC decides that an address is a user name (as opposed to a phone number) if it contains any character other than: \n\n0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, plus, hyphen, period, open-round-bracket, close-round-bracket. When the SBC has decided that an address is a user name, the "X" in the routing tables is treated not as a wildcard character, but as a literal "X". For example, the match value of "X" matches the username "X", but not "A".
Step 27	prefix Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# prefix	Configures the match-address of this entry to match the start of the destination address.
Step 28	dst-adjacency target-adjacency Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# dst-adjacency H323-AS540-PSTN-GW1	Configures the destination adjacency of an entry in a routing table.
Step 29	action [next-table goto-table-name | complete | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# action complete	Configures the action to take if this routing entry is chosen. Possible actions are: •Set the name of the next routing table to process if the event matches this entry. This is done using the next-table keyword and the goto-table-name argument. •Complete the action using the complete keyword. •Reject the indicated action using the reject keyword.
Step 30	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable-entry)# exit	Exits the entry mode to the rtgtable mode.
Step 31	complete name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable)# complete	Completes the full routing policy set when you have committed the full set.
Step 32	commit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy-rt gtable)# commit	Saves the configuration changes to the running configuration file and remains within the configuration session.
Step 33	show Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# show	Displays the current configuration information.

Configuring the Destination, Source Domain, and Carrier ID Tables

This task configures dst-domain and src-domain and carrier ID routing tables.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. call-policy-set policy-set-id

5. rtg-src-domain-table table-name | rtg-dst-domain-table table-name | rtg-carrier-id-table table-name

6. comment routing-table-comment

7. entry entry-id

8. match-domain key | match-cic cic

9. edit action

10. edit-cic [del-prefix pd] | [del suffix sd] | [add-prefix pa] | [replace ds]

11. action [next-table goto-table-name | complete | reject]

12. dst-adjacency target-adjacency

13. commit

14. exit

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mysbc	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	call-policy-set policy-set-id Example: RP/0/0/CPU0:router(config-sbc-sbe)# call-policy-set 1	Enters the mode of routing policy set configuration within an SBE entity.
Step 5	rtg-src-domain-table table-name | rtg-dst-domain-table table-name | rtg-carrier-id-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# rtg-src-domain-table MyRtgTable	Enters the configuration mode of a routing table (creating a new table if necessary) whose entries match the source or destination domains, or carrier ID respectively. You are not allowed to enter the submode of routing table configuration in the context of the active policy set. The no version of the command destroys the routing table. A routing table may not be destroyed if it is in the context of the active policy set.
Step 6	comment routing-table-comment Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable)# comment "My first routing table"	Configures a comment to describe a routing table within the context of an SBE policy set.
Step 7	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable)# entry 1	Enters the mode for configuring an entry in a routing table, creating the entry, if necessary. entry-id is a number that uniquely identifies an entry in the newly created routing table.
Step 8	match-domain key | match-cic cic Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# match-domain ^cisco.com$	Creates or modifies the matching domain or carrier id code (CIC) of an entry in a routing table. •key is regular expression, not just a string. •cic is the carrier ID that matches the entry in a routing table
Step 9	edit action Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# edit del-prefix 1	Configures a dial-string manipulation action in the routing table. You are not allowed to do this if the table is part of the active policy set. The no version of the command deletes the edit action of the given entry in the routing table. The edit command can be set to the following values: •del-prefix pd—Delete prefix pd, where pd is a positive integer specifying a number of digits to delete from the front of the dialed digit string. •del-suffix sd—Delete suffix sd, where sd is a positive integer specifying a number of digits to delete from the end of the dialed digit string. •add-prefix pa—Add prefix pa, where pa is a string of digits to add to the front of the dialed string. •replace ds—Replace ds, where ds is a string of digits that replaces the dialed string. In the example to the left, the edit command sets entry 1 to delete 1 digit from the first beginning of the dialed string in the routing table "MyRtgTable".
Step 10	edit-cic [del-prefix pd] | [del suffix sd] | [add-prefix pa] | [replace ds] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# edit-cic del-prefix 1	Configures a carrier identification code (CIC) manipulation action in any routing table. You are not allowed to do this if the table is part of the active policy set. The no version of the command destroys the match value. •del-prefix pd: A positive integer specifying a number of digits to delete from the front of the carrier ID string. •del-suffix sd: A positive integer specifying a number of digits to delete from the end of the carrier ID string. •add-prefix pa: A string of digits to add to the front of the carrier ID string. •replace ds: A string of digits to replace the carrier ID string with. The following command sets entry 2 to delete the first digit of the carrier ID in the current routing table. If you wish to remove the carrier ID entirely from outgoing messages, he should specify a replacement string of 0 or a prefix deletion string of 4. For example, edit-cic del-prefix 4 OR edit-cic replace 0
Step 11	action [next-table goto-table-name | complete | reject] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# action complete	Configures the action to take if this routing entry is chosen. Possible actions are: •Set the name of the next routing table to process if the event matches this entry. This is done using the next-table keyword and the goto-table-name argument. •Complete the action using the complete keyword. •Reject the indicated action using the reject keyword.
Step 12	dst-adjacency target-adjacency Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# dst-adjacency SIP-AS540-PSTN-GW2	Configures the destination adjacency of an entry in a routing table.
Step 13	commit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# commit	Saves the configuration changes to the running configuration file and remains within the configuration session.
Step 14	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# exit	Exits the current mode of the configuration.

Configuring Number Manipulation

This task enables you to specify various number manipulations that can be performed on a dialed number after a destination adjacency has been selected.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. call-policy-set policy-set-id

5. rtg-src-address-table table-id

6. rtg-src-adjacency-table table-id

7. rtg-src-account-table table-id

8. rtg-round-robin-table table-id

9. rtg-carrier-id-table table-id

10. rtg-dst-address-table table-id

11. entry entry-id

12. edit action

13. edit-cic [del-prefix pd] | [del suffix sd] | [add-prefix pa] | [replace ds]

14. commit

15. exit

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mysbc	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	call-policy-set policy-set-id Example: RP/0/0/CPU0:router(config-sbc-sbe)# call-policy-set 1	Enters the mode of the routing policy set configuration in the SBE mode, creating a new policy set if necessary
Step 5	rtg-src-address-table table-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# rtg-src-address-table MySrcAddressTable	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the dialer's number or SIP user name within the context of an SBE policy set. You are not allowed to enter the submode of routing table configuration in the context of the active policy set. The no version of the command destroys the routing table. A routing table may not be destroyed if it is in the context of the active policy set.
Step 6	rtg-src-adjacency-table table-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# rtg-src-adjacency-table MySrcAdjTable	Enters the configuration mode of a routing table (creating one if necessary) within the context of an SBE policy set whose entries match the source adjacency.
Step 7	rtg-src-account-table table-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# rtg-src-account-table MySrcAccTable	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the source account within the context of an SBE policy set.
Step 8	rtg-round-robin-table table-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# rtg-round-robin-table MyRobinTable	Enters the configuration mode of a policy table, whose events do not have any match-value parameters, nor next-table actions. Its actions are restricted to setting the destination adjacency. A group of adjacencies are chosen for an event if an entry in a routing table matches that event and points to a round-robin adjacency table in the next-table action.
Step 9	rtg-carrier-id-table table-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# rtg-carrier-id-table MyCarrierIdTable	Enters the configuration mode of a routing table (creating one if necessary) within the context of an SBE policy set whose entries match the carrier ID You are not allowed to enter the mode of the routing table configuration in the context of the active policy set. The no version of the command destroys the routing table. A routing table may not be destroyed if it is in the context of the active policy set.
Step 10	rtg-dst-address-table table-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy)# rtg-dst-address-table MyRtgTable	Enters the configuration mode of a routing table (creating one if necessary) within the context of an SBE policy set whose entries match the dialed number (after number analysis) or SIP user name You are not allowed to enter the submode of routing table configuration in the context of the active policy set. The no version of the command destroys the routing table. A routing table may not be destroyed if it is in the context of the active policy set.
Step 11	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable)# entry 1	Enters the mode for configuring an entry in a routing table, creating the entry if necessary.
Step 12	edit action Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# edit del-prefix 1	Configures a dial-string manipulation action in the routing table. You are not allowed to do this if the table is part of the active policy set. The no version of the command deletes the edit action of the given entry in the routing table. The edit command can be set to the following values: •del-prefix pd—Delete prefix pd, where pd is a positive integer specifying a number of digits to delete from the front of the dialed digit string. •del-suffix sd—Delete suffix sd, where sd is a positive integer specifying a number of digits to delete from the end of the dialed digit string. •add-prefix pa—Add prefix pa, where pa is a string of digits to add to the front of the dialed string. •replace ds—Replace ds, where ds is a string of digits that replaces the dialed string. In the example to the left, the edit command sets entry 1 to delete 1 digit from the first beginning of the dialed string in the routing table "MyRtgTable".
Step 13	edit-cic [del-prefix pd] | [del suffix sd] | [add-prefix pa] | [replace ds] Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- natable-entry)# edit-cic del-prefix 1	Configures a carrier identification code (CIC) manipulation action in any routing table. You are not allowed to do this if the table is part of the active policy set. The no version of the command destroys the match value. •del-prefix pd: A positive integer specifying a number of digits to delete from the front of the carrier ID string. •del-suffix sd: A positive integer specifying a number of digits to delete from the end of the carrier ID string. •add-prefix pa: A string of digits to add to the front of the carrier ID string. •replace ds: A string of digits to replace the carrier ID string with. The following command sets entry 2 to delete the first digit of the carrier ID in the current routing table. If you wish to remove the carrier ID entirely from outgoing messages, you should specify a replacement string of 0 or a prefix deletion string of 4. For example, edit-cic del-prefix 4 OR edit-cic replace 0
Step 14	commit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# commit	Saves the configuration changes to the running configuration file and remains within the configuration session.
Step 15	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-callpolicy- rtgtable-entry)# exit	Exits the entry mode of the configuration.

Configuring Hunting and MultiARQ Hunting

This task enables SBC to hunt for other routes or destination adjacencies in case of a failure.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. sip | h323 | adjacency sip adjacency-name | adjacency h323 adjacency-name

5. hunting-trigger error-codes

6. hunting-mode mode

7. commit

8. exit

9. show services sbc service-name sbe h323|sip hunting-trigger

10. show services sbc service-name sbe h323 hunting-mode

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mysbc	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	sip | h323 | adjacency sip adjacency-name | adjacency h323 adjacency-name Example: RP/0/0/CPU0:router(config-sbc-sbe)# sip	Enters one of the following four modes: •sip—The SIP mode comprising all SIP adjacencies where the configured failure return codes cause hunting to occur. •h323—The H.323 mode comprising all h323 adjacencies where the configured failure return codes cause hunting to occur. •adjacency sip—A destination SIP adjacency where the configured failure return codes cause hunting to occur. This command overrides any globally configured retry error codes. •adjacency h323—A destination H.323 adjacency where the configured failure return codes cause hunting to occur. This command overrides any globally configured retry error codes.
Step 5	hunting-trigger error-codes Example: RP/0/0/CPU0:router(config-sbc-sbe-sip)# hunting-trigger 415 480	Configures which failure return codes cause hunting to occur in one of the following four modes: •sip (global SIP scope) •h323 (global H.323 scope) •adjacency sip (destination SIP adjacency) •adjacency h323 (destination H.323 adjacency) error-codes can have the following values: •In the sip and adjacency sip modes, error-codes represent a space-separated list of SIP numeric error codes. The example to the left configures SIP to retry routing if it receives a "415" (media unsupported) or "480" (temporarily unavailable) error. •In the h323 and adjacency h323 modes, error-codes represent a space-separated list of H.323 textual error codes: –noBandwidth –unreachableDestination –destinationRejection –noPermission –gatewayResources –badFormatAddress –securityDenied –the internally-defined value "connectFailed" If you type no hunting-trigger, then all error codes are cleared out. If you type no hunting-trigger x y, then just the codes x and y are removed from the configured list. If you enter hunting-trigger x followed by hunting-trigger y, then x is replaces with y. To set both x and y as hunting triggers, enter hunting-trigger x y. Note In the case of the adjacency h323 mode, enter the noRetry value to specify that routing should never be retried for this adjacency no matter what failure return code is received.
Step 6	hunting-mode mode Example: RP/0/0/CPU0:router(config-sbc-sbe-h323)# hunting-trigger noBandwidth securityDenied RP/0/0/CPU0:router(config-sbc-sbe-h323)# hunting-mode multiARQ	The multiARQ command is used only in h323 and adjacency h323 modes. This task enables SBC to hunt for other routes or destination adjacencies in case of a failure, using a non-standard H.323 mechanism based on issuing multiple ARQs to a Gatekeeper for a single call. hunting-mode configures the form of hunting to perform if hunting is triggered. Possible values for mode are: •alternateEndpoints •multiARQ If the hunting mode is not defined, the default is alternateEndpoints. The no version of this command restores the hunting mode to the default of alternateEndpoints. It does not disable hunting completely. The example to the left configures H.323 to retry routing if it receives a "noBandwidth" or "securityDenied" error codes, and to perform hunting using the multiARQ feature.
Step 7	commit Example: RP/0/0/CPU0:router(config-sbc-sbe-h323)# commit	Saves the configuration changes to the running configuration file and remains within the configuration session.
Step 8	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-h323)# exit	Exits the current mode of the configuration.
Step 9	show services sbc service-name sbe h323|sip hunting-trigger Example: RP/0/0/CPU0:router# show services sbc mysbc sbe h323|sip hunting-trigger	Shows the H.323 or SIP hunting triggers.
Step 10	show services sbc service-name sbe h323 hunting-mode	Shows the H.323 hunting mode.

Activating a Routing Policy Set

This task activates a number analysis and routing policy set.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. active-call-policy-set policy-set-id

5. commit

6. show

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mysbc	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	active-call-policy-set policy-set-id Example: RP/0/0/CPU0:router(config-sbc-sbe)# active-call-policy-set 1	Sets the active routing policy set within an SBE entity.
Step 5	commit Example: RP/0/0/CPU0:router(config-sbc-sbe)# commit	Saves the configuration changes to the running configuration file and remains within the configuration session.
Step 6	show Example: RP/0/0/CPU0:router(config-sbc-sbe)# show	Displays the current configuration information.

Configuring Call Admission Control Policy Sets and CAC Tables

This optional task configures Call Admission Control policy sets and CAC tables.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. cac-policy-set policy-set-id

5. first-cac-scope scope-name

6. first-cac-table table-name

7. cac-table table-name

8. match-type table-type

9. entry entry-id

10. force-limited-call-hold

11. media-bypass-forbid

12. match-value key

13. max-num-calls mnc

14. max-call-rate mcr

15. max-bandwidth mbw bwsize

16. callee-privacy callee-priv-setting

17. action [next-table goto-table-name | cac-complete]

18. exit

19. entry entry-id

20. match-value key

21. max-num-calls mnc

22. max-call-rate mcr

23. max-bandwidth mbw bwsize

24. transcode-deny

25. max-regs mr

26. action [next-table goto-table-name | cac-complete]

27. exit

28. exit

29. complete

30. commit

31. show

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mysbc	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	cac-policy-set policy-set-id Example: RP/0/0/CPU0:router(config-sbc-sbe)# cac-policy-set 1	Enters the mode of Call Admission Control (CAC) policy set configuration within an SBE entity, creating a new policy set if necessary.
Step 5	first-cac-scope scope-name Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy)# first-cac-scope global	Configures the scope at which to begin defining limits when performing the admission control stage of policy. The scope-name argument configures the scope at which limits should be initially defined. Possible values are: •global •call Also, one or more of the following scopes can be defined in a comma-separated list: •src-adjacency •dst-adjacency •src-number •dst-number •src-account •dst-account Features can be enabled or disabled per adjacency group through CAC configuration the same way this is done per individual adjacencies. The scope-names for adjacency groups are: •adj-group •src-adj-group •dst-adj-group
Step 6	first-cac-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy)# first-cac-table StandardListByAccount	Configures the name of the first policy table to process when performing the admission control stage of policy.
Step 7	cac-table table-name Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy)# cac-table StandardListByAccount	Enters the mode for configuration of an admission control table (creating one if necessary) within the context of an SBE policy set.
Step 8	match-type table-type Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable)# match-type dst-account	Configures the match-type of an admission control table within the context of an SBE policy set. The table-type argument controls the syntax of the match-value fields of the entries in the table. Possible available table-types are: •policy-set •dst-prefix •src-prefix •src-adjacency •src-account •dst-adjacency •dst-account •category •event-type •all Features can be enabled or disabled per adjacency group through CAC configuration the same way this is done per individual adjacencies. The table-types for adjacency groups are: •adj-group •src-adj-group •dst-adj-group The match-type parameter must be supplied when creating a table. The adj-group match type matches on either source or destination adjacency group.
Step 9	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable)# entry 1	Enters the mode to create or modify an entry in an admission control table.
Step 10	force-limited-call-hold Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# force-limited-call-hold	When a call is put on hold, the SBC changes media address or port by suppressing media format changes. This can result in a failure of a SIP endpoint in the call, which cannot copy with a change of media address and port. Use this command to prevent SBC from changing media address or port by suppressing media format changes when a call is put on hold. Note This command is used only with endpoints that do not support changing of media address or port mid-call; the command enables such endpoints to successfully hold and resume. If the command is applied to endpoints that support address or port changes, some application features may fail, such as music on hold. The no version of this command does not prevent the SBC from changing media address or port when a call is put on hold. The default: command is not enabled. Note This command is supported only on Cisco XR 12000 Series Router.
Step 11	media-bypass-forbid Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# media-bypass-forbid	Configures whether media-bypass is forbidden for this entry in an admission control table. You are not allowed to do this if the table is part of the active policy set. The no version of the command allows media bypass for this entry in the admission control table.
Step 12	match-value key Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# match-value SIP-CUSTOMER-1	Configures the match-value of an entry in an admission control table. The key argument is a string used to match events. The format of the key is determined by the match-type of the enclosing table. The match-value is the name of the adjacency you defined. Typically, all the match values are defined in the adjacencies. The match-type indicates which of these defined parameters in the adjacency are used for a match criteria. For example, the match-types can be the name of the adjacency name in general, the call-originating adjacency (src-adjacency), or the call-terminating adjacency (dst-adjacency). Matching on account-id is another way to define policies which are generic for a group of adjacencies. For example, a gold, silver, and default class of customer. For a gold class customer, you can define the account-id as gold and set a gold policy indicating service-class and other parameters permitted for gold customers. Typically the first-cac-scope defines the scope at which the policy is implied either for the entire system, or depending on the granularity required, for the adjacency or the call. However, when you use a match-type of policy-set, the scope of the policy is defined by the match-value parameter.
Step 13	max-num-calls mnc Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# max-num-calls 100	Configures the maximum number of calls of an entry in an admission control table.
Step 14	max-call-rate mcr Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# max-call-rate 20	Configures the maximum number of calls per minute for an entry in an admission control table.
Step 15	max-bandwidth mbw bwsize Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# max-bandwidth 1000000 bps	Configures the maximum bidirectional bandwidth for an entry in an admission control table. For example, if a max-bandwidth value is configured, the SBC allows half of this value in each direction. The mbw argument is a positive integer specifying the total maximum rate at which call media should be admitted in both directions (in bytes per second). The bwsize argument specifies the transfer size to which mbw refers. Possible values are: •bps •Kbps •Mbps •Gbps
Step 16	callee-privacy [callee-priv-setting] Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# callee-privacy never	Configures the level of privacy processing to perform on messages sent from callee to caller. The callee_priv_setting argument indicates the specific callee privacy setting. Possible values are: •never—Indicates to never hide identity. •account-boundary—Indicates to hide identity only if caller is different account from callee. •always—Indicates to always hide identity.
Step 17	action [next-table goto-table-name | cac-complete] Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# action cac-complete	Configures the action to perform after this entry in an admission control table. Possible actions are: •Identify the next CAC table to process using the next-table keyword and the goto-table-name argument. •Stop processing for this scope using the cac-complete keyword.
Step 18	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# exit	Exits from entry to cactable mode.
Step 19	entry entry-id Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable)# entry 2	Enters the mode to create or modify an entry in an admission control table.
Step 20	match-value key Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# match-value SIP-CUSTOMER-2	Configures the match-value of an entry in an admission control table. The key argument is a string used to match events. The format of the key is determined by the match-type of the enclosing table.
Step 21	max-num-calls mnc Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# max-num-calls 110	Configures the maximum number of calls of an entry in an admission control table.
Step 22	max-call-rate mcr Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# max-call-rate 30	Configures the maximum call rate for an entry in an admission control table.
Step 23	max-bandwidth mbw bwsize Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# max-bandwidth 2000000 bps	Configures the maximum bidirectional bandwidth for an entry in an admission control table. For example, if a max-bandwidth value is configured, the SBC allows half of this value in each direction. The mbw argument is a positive integer specifying the total maximum rate at which call media should be admitted in both directions (in bytes per second). The bwsize argument specifies the transfer size to which mbw refers. Possible values are: •bps •Kbps •Mbps •Gbps
Step 24	transcode-deny Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# transcode-deny	Forbids transcoding for this entry in an admission control table.
Step 25	max-regs mr Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# max-regs 500	Configures the maximum call number of subscriber registrations for an entry in an admission control table.
Step 26	action [next-table goto-table-name | cac-complete] Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# action cac-complete	Configures the action to perform after this entry in an admission control table. Possible actions are: •Identify the next CAC table to process using the next-table keyword and the goto-table-name argument. •Stop processing for this scope using the cac-complete keyword.
Step 27	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# exit	Exits from entry to cactable mode.
Step 28	exit Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable)# exit	Exits from cactable to cacpolicy mode.
Step 29	complete Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# complete	Completes the CAC policy set when you have committed the full set.
Step 30	commit Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable-entry)# commit	Saves configuration changes. Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
Step 31	show Example: RP/0/0/CPU0:router(config-sbc-sbe-cacpolicy- cactable)# show	Displays the current configuration information.

Activating a CAC Policy Set

This task activates a CAC policy set.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. active-cac-policy-set policy-set-id

5. commit

6. show

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure Example: RP/0/0/CPU0:router# configure	Enables global configuration mode.
Step 2	sbc service-name Example: RP/0/0/CPU0:router(config)# sbc mysbc	Enters the mode of an SBC service. •Use the service-name argument to define the name of the service.
Step 3	sbe Example: RP/0/0/CPU0:router(config-sbc)# sbe	Enters the mode of an SBE entity within an SBC service.
Step 4	active-cac-policy-set policy-set-id Example: RP/0/0/CPU0:router(config-sbc-sbe)# active-cac-policy-set 1	Sets the active CAC policy set within an SBE entity.
Step 5	commit Example: RP/0/0/CPU0:router(config-sbc-sbe)# commit	Saves the configuration changes to the running configuration file and remains within the configuration session.
Step 6	show Example: RP/0/0/CPU0:router(config-sbc-sbe)# show	Displays the current configuration information.

Configuration Examples of Implementing Number Analysis

This section provides the following configuration examples:

•Configuring Number Validation: Example

•Configuring Number Categorization: Example

Configuring Number Validation: Example

The following example shows how to configure number validation for a number analysis table:

config

sbc mySbc

 sbe

  call-policy-set 1

    first-number-analysis-table hotel_table

    na-dst-prefix-table hotel_table

      entry 1 

        match-prefix XXX 

        action accept

      entry 2 

        match-prefix 9XXX 

        action accept

Configuring Number Categorization: Example

The following example shows how to configure number categorization for a number analysis table:

config 

sbc mySbc 

 sbe

  call-policy-set 1

    first-number-analysis-table check-accounts

    na-src-account-table check_accounts

      entry 1 

        match-account hotel_foo 

        action next-table hotel_dialing_plan

      entry 2 

        match-account hotel_bar 

        action next-table hotel_dialing_plan

      entry 3 

        match-account internal 

        action accept

    na-dst-prefix-table hotel_dialing_plan

      entry 1 

        match-prefix XXX 

        category internal_call 

        action accept

      entry 2

        match-prefix 9XXX

        category external_call

        action accept

        commit

        exit

Configuration Example of Implementing Call Routing

The following example shows how to configure call routing with no load balancing:

config

sbc_mySbc sbe

  call-policy-set 1

    first-call-routing-table start_routing

    rtg-table start_routing match-type dst-prefix

      entry 1

        match XXX

        next-table internal_routing

      entry 2

        match XXXX

        next-table external_routing

    routing-table internal_routing match-type src-adjacency

      entry 1

        match sip_to_foo

        dst-adjacency sip_to_foo

      entry 2

        match sip_to_bar

        dst-adjacency sip_to_bar

    routing-table external_routing match-type dst-prefix

      entry 1

        match 208111

        dst-adjacency sip_to_foo

      entry 2

        match 208222

        dst-adjacency sip_to_bar

      entry 3

        match X

        dst-adjacency sip_to_softswitch

Configuration Example of Implementing Call Admission Control Policy Sets and CAC Tables

The following example shows how to configure call admission control policy sets and CAC tables:

config

sbc SBE-NODE2-SBE1

   sbe

      cac-policy-set 1

         first-cac-scope global 

         first-cac-table STANDARD-LIST-BY-ACCOUNT 

         cac-table STANDARD-LIST-BY-ACCOUNT match-type dst-account 

            entry 1

               media-bypass-forbid

	           match-value SIP-CUSTOMER-1 

               max-num-calls 100

               max-call-rate 20 

               max-bandwidth 1000000 bps

               callee-privacy never

               action cac-complete

               commit

               exit

            entry 2

               match-value SIP-CUSTOMER-2 

               max-num-calls 100

               max-call-rate 20 

               max-bandwidth 1000000 bps

               transcode deny

               max-regs 500

               action cac-complete

               exit

               exit

               complete

               commit

Where to Go Next

After configuring policies that meet your configuration needs, you can configure billing. To configure billing, see the "Implementing SBC Billing" module in this book.

Additional References

The following sections provide references related to implementing SBC policies.

Related Documents

Related Topic	Document Title
Cisco IOS XR master command reference	Cisco IOS XR Master Commands List
Cisco IOS XR SBC interface configuration commands	Cisco IOS XR Session Border Controller Command Reference
Initial system bootup and configuration information for a router using the Cisco IOS XR Software	Cisco IOS XR Getting Started Guide
Cisco IOS XR command modes	Cisco IOS XR Command Mode Reference

Standards

Standards	Title
No new or modified standards are supported by this feature, and support from existing standards has not been modified by this feature.	—

MIBs

MIBs	MIBs Link
—	To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

RFCs	Title
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.	—

Technical Assistance

Description	Link
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/techsupport

Related Command Summary

This section provides an alphabetical list of the commands related to implementing policies on the Cisco XR 12000 Series Router. For more information about the commands, see the Cisco IOS XR Session Border Controller Command Reference.

Command	Purpose
action [next-table goto-table-name | accept | reject]	Configures the action to perform after this entry in an admission control table.
active-cac-policy-set policy-set-id	Sets the active CAC policy set within an SBE entity.
call-policy-set policy-set-id	Enters the mode of routing policy set configuration within an SBE entity.
category category-name	Configures the category of an entry in a number analysis table.
comment number-analysis-table-comment | routing-table-comment	Configures the comment to describe a number analysis or routing table.
edit	Configures a dial-string manipulation action in a number analysis table.
edit-cic	Configures a carrier identification code (CIC) editing action in the number analysis table.
entry entry-id	Enters the mode for configuring an entry in a number analysis or routing table, creating the entry, if necessary.
first-call-routing-table table-name	Configures the name of the first policy table to process when performing the routing stage of policy for new-call events.
first-number-analysis-table table-name	Configures the name of the first policy table to process when performing the number analysis stage of policy.
first-reg-routing-table table-name	Configures the name of the first policy table to process when performing the routing stage of policy for subscriber registration events.
force-limited-call-hold	Prevents the SBC from changing media address or port by suppressing media format changes when a call is put on hold. This command is used only with endpoints that do not support changing of media address or port mid-call; the command enables such endpoints to successfully hold and resume. If the command is applied to endpoints that support address or port changes, some application features may fail, such as music on hold.
hunting-trigger error-codes	Configures which failure return codes cause hunting to occur in the sip, h323, adjacency sip and adjacency h323 modes.
hunting-mode mode	This task enables SBC to hunt for other routes or destination adjacencies in case of a failure, using a non-standard H.323 mechanism based on issuing multiple ARQs to a Gatekeeper for a single call. The multiARQ command is used only in h323 and adjacency h323 modes.
match-account key	Configures the account to match for an entry a number analysis table whose entries match against the source account.
match-address key	Configures the match value of an entry in a routing table whose entries match the destination or source dialed number. To create a routing table that routes on user name, use the existing rtg-dst-address-table or rtg-src-address-table and put a textual value in the match-address field. The SBC skips number analysis and performs only routing when the SIP message contains a user name. The SBC decides that an address is a user name (as opposed to a phone number) if it contains any character other than: \n\n0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, plus, hyphen, period, open-round-bracket, close-round-bracket. When the SBC has decided that an address is a user name, the "X" in the routing tables is treated not as a wildcard character, but as a literal "X". For example, the match value of "X" matches the username "X", but not "A".
match-cic key	Configures the match carrier identification code (CIC) entry in a number analysis table whose entries match the carrier ID.
match-prefix key	Enters the mode for configuring the match value of an entry in a number analysis table whose values match the source adjacency of the dialed number.
match-type table-type	Configures the match-type of an admission control table within the context of an SBE policy set. Available table-types are: •policy-set •dst-prefix •src-prefix •src-adjacency •src-account •dst-adjacency •dst-account •category •event-type •all Features can be enabled or disabled per adjacency group through CAC configuration the same way this is done per individual adjacencies. The table-types for adjacency groups: •adj-group •src-adj-group •dst-adj-group The match-type parameter must be supplied when creating a table. The adj-group match type matches on either source or destination adjacency group.
match-value key	Configures the match-value of an entry in an admission control table. The match-value is the name of the adjacency you defined. Typically, all the match values are defined in the adjacencies. The match-type indicates which of these defined parameters in the adjacency are used for a match criteria. For example, the match-types can be the name of the adjacency name in general, the call-originating adjacency (src-adjacency), or the call-terminating adjacency (dst-adjacency). Matching on account-id is another way to define policies which are generic for a group of adjacencies. For example, a gold, silver, and default class of customer. For a gold class customer, you can define the account-id as gold and set a gold policy indicating service-class and other parameters permitted for gold customers. Typically the first-cac-scope defines the scope at which the policy is implied either for the entire system, or depending on the granularity required, for the adjacency or the call. However, when you use a match-type of policy-set, the scope of the policy is defined by the match-value parameter.
na-carrier-id-table table-name	Enters the configuration mode of a number analysis table (creating one if necessary) whose entries match the carrier ID within the context of an SBE policy set.
na-dst-number-table table-name	Enters the configuration mode of a number analysis table within the context of an SBE policy set with entries of the table matching the whole dialed number.
na-dst-prefix-table table-name	Enters the configuration mode of a number analysis table within the context of an SBE policy set with entries of the table matching the start of the dialed number.
na-src-account-table table-name	Enters the configuration mode of a number analysis table within the context of an SBE policy set with entries of the table matching the source account.
na-src-adjacency-table table-name	Enters the configuration mode of a number analysis table within the context of an SBE policy set with entries of the table matching the source adjacency of the dialed number.
rtg-carrier-id-table table-name	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the carrier ID within the context of an SBE policy set.
rtg-dst-address-table table-name	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the dialed (destination) number within the context of an SBE policy set.
rtg-dst-domain-table table-name	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the name of the destination domain name within the context of an SBE policy set.
rtg-round-robin-table table-name	Enters the configuration mode of a policy table, whose events do not have any match-value parameters, nor next-table actions. Its actions are restricted to setting the destination adjacency. A group of adjacencies are chosen for an event if an entry in a routing table matches that event and points to a round-robin adjacency table in the next-table action.
rtg-src-account-table table-name	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the source account within the context of an SBE policy set.
rtg-src-address-table table-name	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the dialer's (source) number or SIP user name within the context of an SBE policy set.
rtg-src-adjacency-table table-name	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the source adjacency within the context of an SBE policy set.
rtg-src-domain-table table-name	Enters the configuration mode of a routing table (creating one if necessary) whose entries match the name of the source domain name within the context of an SBE policy set.