-
Cisco Unified Border Element (SP Edition) Configuration Guide: Distributed Model
-
Preface
-
Overview of Cisco Unified Border Element (SP Edition) Distributed Model
-
Configuring Cisco Unified Border Element (SP Edition) Distributed Model
-
DTMF Interworking
-
Media Address Pools
-
Quality of Service and Bandwidth Management
-
H.248 Packages - Signaling and Control
-
H.248 Services - Signaling and Control
-
Cisco Unified Border Element (SP Edition) Distributed Model Security
-
Topology Hiding
-
High Availability Support
-
Quality Monitoring and Statistics Gathering
-
Table Of Contents
Cisco Unified Border Element (SP Edition) Distributed Model Overview
Distributed and Unified Models
Supported Features on Cisco Unified Border Element (SP Edition) Distributed Model
Deployment of Cisco Unified Border Element (SP Edition) Distributed Model
Cisco Unified Border Element (SP Edition) DBE Deployment Scenario
Cisco Unified Border Element (SP Edition) Distributed Model Overview
This chapter presents an overview of the Cisco Unified Border Element (SP Edition), supported features, and deployment of Cisco Unified Border Element (SP Edition) on the Cisco ASR 1000 Series Routers.
Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be commonly referred to in this document as the session border controller (SBC).
Contents
•
Supported Features on Cisco Unified Border Element (SP Edition) Distributed Model
•
•
General Overview
Cisco Unified Border Element (SP Edition) is integrated with other features on the Cisco ASR 1000 Series Routers without requiring additional application-specific hardware, such as service blades. Cisco Unified Border Element (SP Edition) is integrated with Layer 2 and Layer 3 services, such as security, QoS, IP Multicast, that eliminate the need to create an overlay network of standalone SBC appliances. With Integrated SBC, SBC functionality and routing functionality both reside on the Cisco ASR 1000 Series Router. The integration also allows SBC to build on the security and admission control features and virtual private network (VPN) awareness of the Cisco ASR 1000 Series Routers.
In general, session border controllers are used as key components in interconnecting Voice over IP (VoIP) and multimedia networks of different enterprise customers and service providers. SBCs are deployed at the edge of networks to meet the need for secure, intelligent border element functions. Using SBCs, the end user can make voice and video calls to another end user without being concerned about protocols, network reachability, or safety of the network.
The SBC enables direct IP-to-IP interconnect between multiple administrative domains for session-based services providing protocol interworking, security, and admission control and management. The SBC is a session-aware device that controls access to VoIP and other types of primarily media-related networks. A primary purpose of an SBC is to protect the interior of the network from excessive call load and malicious traffic.
The SBC functions break down into two logically distinct areas, as follows:
•
An SBE may be known as a media gateway controller (MGC).
•
The distributed model of the Cisco Unified Border Element (SP Edition) implements the DBE function on the Cisco ASR 1000 Series Aggregation Services Routers. A table of DBE-supported features is listed in Table 1-1.
Figure 1-1 shows an example SBE/DBE architecture; your SBC architecture may differ.
Figure 1-1 Example of SBC High Level Architecture
Distributed and Unified Models
The SBC can operate in two modes or models—unified and distributed.
•
•
Figure 1-2 illustrates the unified model.
Figure 1-2 Unified SBC Model
Cisco Unified Border Element (SP Edition) can run under the distributed model and provide the DBE functionality.
The distributed model offers advantages over the unified model, as follows:
•
•
•
•
Figure 1-3 illustrates the distributed model.
Figure 1-3 Distributed SBC Model
Supported Features on Cisco Unified Border Element (SP Edition) Distributed Model
The supported features roadmap lists the features documented in this guide and provides links to where they are documented. Any related configuration commands for a feature are listed and documented in the Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model.
Note
Table 1-1 lists features in alphabetical order and associated commands that are supported on the Cisco Unified Border Element (SP Edition) DBE deployment on the Cisco ASR 1000 Series Routers.
Table 1-1 Supported Features on Cisco Unified Border Element (SP Edition) Distributed Model
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
dtmf-duration
Cisco IOS XE Release 2.1
package
Cisco IOS XE Release 2.1
h248-association-timeout
h248-event-storage
h248-preserve-gates
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.2
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
H.248 Network Package Quality Alert Event and Middlebox Pinhole Timer Expired Event
h248-media-alert-event
Cisco IOS XE Release 2.2
H.248 Protocol—Acknowledgment Support for Three-Way Handshake
None.
Cisco IOS XE Release 2.1
package segment max-pdu-size
package segment seg-timer-value
show sbc dbe controllers
Cisco IOS XE Release 2.2
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
show sbc dbe media-flow-stats
show sbc dbe signaling-flow-stats
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
show sbc dbe media-flow-stats
show sbc dbe signaling-flow-stats
Cisco IOS XE Release 2.1
h248-version
Cisco IOS XE Release 2.2
media-timeout
Cisco IOS XE Release 2.3
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
Interim Authentication Header Support
transport (see interim-auth-header keyword)
Superseded by Interim Authentication Header Full Support
Cisco IOS XE Release 2.2
transport
inbound
outbound
Cisco IOS XE Release 2.1
h248-napt-package
Cisco IOS XE Release 2.2
IPsec Pinhole Support—Twice NAT for IPv4 and No NAT for IPv6
media-address ipv4
media-address pool ipv4
media-address ipv6
media-address pool ipv6
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
ipv6 address (session border controller)
media-address ipv6
media-address pool ipv6
port-range (ipv6)
debug sbc filter (see ipv6 keyword)
show sbc dbe media-flow-stats (see ipv6 keyword)
show sbc dbe signaling-flow-stats (see ipv6 keyword)
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
Logging Level in Configuring H.248 Logging Level
logging level
logging filter control protocol
Chapter 2, "Configuring Integrated Session Border Controller"
Cisco IOS XE Release 2.1
media-address pool ipv4
media-address pool ipv6
port-range
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
h248-inactivity-duration
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
media-address ipv4
media-address pool ipv4
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.3
RTCP maximum burst size policing parameter feature in RTCP Policing
None.
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
sbc interface-id
termination-id rootidname
Cisco IOS XE Release 2.1
tmax-timer
Cisco IOS XE Release 2.1
None.
Cisco IOS XE Release 2.1
transaction-pending functionality
transaction-pending
Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model
Cisco IOS XE Release 2.1
control-dscp marker-dscp pdr-coefficient
show sbc dbe forwarder-stats
Deployment of Cisco Unified Border Element (SP Edition) Distributed Model
Deployment of the DBE function on the Cisco ASR 1000 Series Routers integrates a subset of the Cisco Unified Border Element (SP Edition) feature set with Cisco IOS XE software. A likely deployment scenario is that typical routing and broadband features are configured on the Cisco ASR 1000 Series Routers serving as the DBE operating with an external SBE. The Cisco Unified Border Element (SP Edition) functionality on the Cisco ASR 1000 Series Routers comprises both DBE and SBE functions, with DBE being the first to be deployed.
DBE deployment of the Cisco Unified Border Element (SP Edition) feature set is an optional feature supported on the Cisco ASR 1000 Series Routers. DBE deployment on the Cisco ASR 1000 Series Routers does not include SBE support and no SBE-related CLIs are implemented.
In the deployed distributed model, the SBE and the DBE entities reside on different network elements and the DBE is controlled by one SBE at any one time. The SBE interacts with the DBE using the H.248 Megaco (media gateway controller) protocol. The SBE controls the DBE via the H.248 interface. In this model, the bearer (or media flow) always flows through the DBE, and the SBE participates only in the signaling flow.
The DBE is responsible for the media flows and consists of a set of data path functions. The DBE responds to the requests made by the SBE to open pinholes, taking into account the specified NAT/firewall traversal and QoS requirements.
For the DBE, a new interface type is defined for the SBC virtual interface. You configure a virtual interface as part of the SBC configuration and the virtual interface has media IPs as primary or secondary IP addresses. The SBC virtual interface does not support any existing Cisco IOS features.
The Cisco IOS XE image containing Cisco Unified Border Element (SP Edition) software leverages existing Cisco IOS install and packaging facilities for software release, delivery, and installation.
Cisco IOS commands have been introduced to configure the DBE. For information on commands, see the Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model.
Cisco Unified Border Element (SP Edition) DBE Deployment Scenario
One potential deployment scenario for the distributed model of Cisco Unified Border Element (SP Edition) is in a network architecture where the service provider (SP) provides voice, data, and video services to their residential broadband customers over a single link.
This scenario requires the SP to provide capabilities such as opening pinholes for the duration of a conversation, and doing this without exposing the devices behind the firewall to malicious threats. In addition, given that voice is extremely sensitive to issues such as delay, latency, and packet loss, ensuring adequate performance is a challenge. QoS mechanisms can be implemented to ensure proper priority is assigned to voice packets.
In this deployment scenario, multiple applications share a common link. Thus a mechanism that will limit bandwidth available to individual applications to ensure appropriate end-to-end quality is needed. For voice, this would involve correctly marking the packet to ensure appropriate priority, as well as controlling the number of simultaneous calls at the network entry point. Because the SP cannot dictate what IP phones their customers use, protocol conversion functionality is needed—especially H.323-to-SIP conversion.
Service providers require measurement of traffic for reporting and billing purposes in this potential scenario. Some carriers may also want to offer service level agreement (SLA) for voice, for which they want to be able to provide their customers with the proof that these SLAs are being met.
Figure 1-4 illustrates a deployment where Integrated SBC is used for VoIP interworking.
Figure 1-4 Integrated SBC Used for VoIP Interworking
