Cisco 7600 Series Routers Session Border Controller Configuration Guide - Secure Media Passthrough [Cisco 7600 Series Routers]

Table Of Contents

Secure Media Passthrough

Contents

Prerequisites—Secure Media Passthrough

Restrictions for Secure Media Passthrough

Configuring Secure Media Passthrough

Example of Configuring Secure Media Passthrough

Secure Media Passthrough

The SBC allows you to configure the DBE to accept secure media passthrough. By default, this feature is disabled.

When the DBE is configured to accept secure media passthrough, such as Secure Real-Time Protocol (SRTP), Secure RTP Control Protocol (SRTCP), or Datagram Transport Layer Security (DTLS) packets, SBC reserves additional bandwidth to ensure that the DBE allows these packets to pass through.

The DBE allows secure RTP packets to flow through without performing RTP packet checks. This feature enables 10 percent more bandwidth per flow to accommodate the increase in the packet size due to encryption. However, this increase is not reflected in the media flow statistics.

For a complete description of commands used in this chapter, refer to Chapter 39, "Cisco Session Border Controller Commands." To locate documentation for other commands that appear in this chapter, use the command reference master index, or search online.

Feature History for Secure Media Passthrough

Release

Modification

Release 3.1.00

This feature was introduced on the Cisco 7600 series router.

Contents

This module contains the following sections:

•Prerequisites—Secure Media Passthrough

•Restrictions for Secure Media Passthrough

•Configuring Secure Media Passthrough

•Example of Configuring Secure Media Passthrough

Prerequisites—Secure Media Passthrough

The following prerequisites are required to implement SBC secure media passthrough:

•On the Application Control Engine Module (ACE), you must be an Admin user to enter SBC commands. For more information, see the Application Control Engine Module Administration Guide at http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_book09186a00806838f4.html

•Before implementing secure media, the SBC must already be created. See the procedures described in Chapter 2, "ACE Configuration Prerequisites for the SBC".

Restrictions for Secure Media Passthrough

Review the following restrictions for secure media:

•With this feature enabled, RTCP related statistics in dbe media-flow-stats will be displayed as unknown.

Configuring Secure Media Passthrough

SUMMARY STEPS

1. configure

2. sbc service-name

3. dbe

4. secure-media

5. end

DETAILED STEPS

Command or Action

Purpose

Step 1

configure
Example:

host1/Admin# configure

Enables global configuration mode.

Step 2

sbc service-name
Example:

host1/Admin(config)# sbc mysbc

Enters a submode where alerts can be configured for unexpected source addresses.

Use the service-name argument to define the name of the service.

Step 3

dbe
Example:

host1/Admin(config-sbc)# dbe

Enters a submode where alerts can be configured for unexpected source addresses.

Step 4

secure-media
Example:

host1/Admin(config-sbc-dbe)# secure-media

Configures the DBE to allow secure media, such as DTLS and SRTP packets, to pass through.

Step 5

end
Example:

host1/Admin(config-sbc-dbe-vdbe-global)# end

Exits the unexpected-source-alerting mode to DBE mode.

Example of Configuring Secure Media Passthrough

This section provides a sample configuration for the ssecure media feature.

To configure secure media passthrough, use the following commands:
host1/Admin# configure
host1/Admin(config)# sbc mysbc
host1/Admin(config-sbc)# dbe
host1/Admin(config-sbc-dbe)# secure-media
host1/Admin(config-sbc-dbe-vdbe-global)# end