Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model
Configuring SIP SDP Attribute Passthrough
Download this chapter
Configuring SIP SDP Attribute PassthroughConfiguring SIP SDP Attribute Passthrough
Download the complete book
Cisco Unified Border Element (SP Edition) Configuration Guide: Unified ModelCisco Unified Border Element (SP Edition) Configuration Guide: Unified Model (PDF - 9 MB)
give_us_feedback

Table Of Contents

Configuring SIP SDP Attribute Passthrough

Restrictions for Configuring SIP SDP Attribute Passthrough

Information about SIP SDP Attribute Passthrough

Configuring SIP SDP Attribute Passthrough

Example of SIP SDP Attribute Passthrough


Configuring SIP SDP Attribute Passthrough

Cisco Unified Border Element (SP Edition) by default passes through all a= lines in SIP messages containing SDP offers and answers that it forwards. You can also configure Cisco Unified Border Element (SP Edition) to block certain a= lines, either by specifying a whitelist (a finite set of a=lines that are passed through, with all others blocked), or alternatively a blacklist (a finite set of a=lines that are blocked, with all others passed through). Additionally, user exits in the Cisco Unified Border Element (SP Edition) code base allow customers to write their own code to insert and/or strip one or more media-level a= lines when processing an offer on an answer.

Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be commonly referred to in this document as the session border controller (SBC).

For a complete description of commands used in this chapter, refer to the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model at http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html.

For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or a Cisco IOS master commands list.

Feature History for SIP SDP Attribute Passthrough

Release
Modification

Cisco IOS XE Release 2.4

The SIP SDP Attribute Passthrough feature was introduced on the Cisco ASR 1000 Series Aggregation Services Routers.


Restrictions for Configuring SIP SDP Attribute Passthrough

Review the following restrictions forSIP SDP Attribute Passthrough:

The existing reflect behavior is not supported.

Wildcard or prefix matching of attribute lines is not supported.

Distinguishing media-level from session-level a-lines for the purposes of matching is not supported.

Sophisticated matching conditions (for example, apply only to video streams or apply only to offers) are not supported.

Attribute blocking in media bypass calls is not supported.

Blocking function is restricted to unknown attributes.

The following attributes are ignored by unknown attribute policy because this may interfere with the correct operation of the SBC.

a=rtpmap

a=fmtp

a=sendonly

a=recvonly

a=inactive

a=sendrecv

a=ptime

a=mid

a=group

a=curr

a=des

a=conf

a=crypto.

At the point where the policy is applied, a (rate-limited) warning log is issued if the policy attempts to delete one of these lines.

Information about SIP SDP Attribute Passthrough

Additional per-call storage is needed to store the SDP policy that is being applied. This is expected to be ~160 bytes per call.

Configuring SIP SDP Attribute Passthrough

This section contains the steps for implementing SIP SDP Attribute Passthrough.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. sip sdp-match-table table-name1

5. action whitelist/blacklist

6. match-string attribute-name1

7. match-string attribute-name2

8. exit

9. sip sdp-match-table table-name2

10. action whitelist/blacklist

11. match-string attribute-name1

12. match-string attribute-name3

13. exit

14. sip sdp-policy-table table-name1

15. match-table table-name 1

16. exit

17. sip sdp-policy-table table-name2

18. match-table table-name2

19. exit

20. cac-policy-set number

21. first-cac-table table-name

22. first-cac-scope scope

23. cac-table table-name

24. table-type {policy-set | limit {list of limit tables}}

25. entry number

26. match-value value

27. action action-name

28. caller-inbound-policy policytab-name

29. caller-outbound-policy policytab-name

30. callee-inbound-policy policytab-name

31. callee-outbound-policy policytab-name

32. exit

33. exit

34. complete

35. exit

36. active-cac-policy-set number

37. end

38. show sbc service-name sbe cac-policy-set number table number entry number

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

Router# configure

Enables global configuration mode.

Step 2 

sbc service-name

Example:

Router(config)# sbc mysbc

Enters the mode of an SBC service.

Use the service-name argument to define the name of the service.

Step 3 

sbe

Example:

Router(config-sbc)# sbe

Enters the mode of the signaling border element (SBE) function of the SBC.

Step 4 

sip sdp-match-table table-name

Example: 
Router(config-sbc-sbe)# sip sdp-match-table 1

Adds an existing sdp-match-table into policy.

Step 5 

action whitelist/blacklist

Example:

Router(config-sbc-sbe-sdp-match-tbl)# action blacklist

Specifies an SDP policy table action.

Step 6 

match-string attribute-name1

Example:

Router(config-sbc-sbe-sdp-match-tbl)# match-string X-sqn1

Configures an SDP attribute matching string.

Step 7 

match-string attribute-name1

Example:

Router(config-sbc-sbe-sdp-match-tbl)# match-string X-sqn2

Configures an SDP attribute matching string.

Step 8 

exit

Example:

Router(config-sbc-sbe-sdp-match-tbl)# exit

Returns to the previous submode.

Step 9 

sip sdp-match-table table-name

Example: 
Router(config-sbc-sbe)# sip sdp-match-table 2

Adds an existing sdp-match-table into policy.

Step 10 

action whitelist/blacklist

Example:

Router(config-sbc-sbe-sdp-match-tbl)# action blacklist

Adds an action allowing a defined set of attributes and blocking the remaining attributes.

Step 11 

match-string attribute-name1

Example:

Router(config-sbc-sbe-sdp-match-tbl)# match-string X-sqn1

Configures an SDP attribute matching string.

Step 12 

match-string attribute-name1

Example:

Router(config-sbc-sbe-sdp-match-tbl)# match-string X-sqn2

Configures an SDP attribute matching string.

Step 13 

exit

Example:

Router(config-sbc-sbe-sdp-match-tbl)# exit

Returns to the previous submode.

Step 14 

sip sdp-policy-table table-name

Example:

Router(config-sbc-sbe-sip)# sip sdp-policy-table foo

Configures an SDP policy table.

Step 15 

match-table table-name

Example:

Router(config-sbc-sbe-sdp-policy-tbl)# match-ta- ble matchtab2

Configure an SDP match table used in a policy.

Step 16 

exit

Example:

Router(config-sbc-sbe-sip-adj)# exit

Returns to the previous submode.

Step 17 

sip sdp-policy-table table-name

Example:

Router(config-sbc-sbe)# sip sdp-policy-table foo2

Configures an SDP policy table.

Step 18 

match-table table-name

Example:

Router(config-sbc-sbe-sdp-policy-tbl)# match-ta- ble matchtab3

Configure an SDP match table used in a policy.

Step 19 

exit

Example:

Router(config-sbc-sbe-sdp-policy-tbl)# exit

Returns to the previous submode.

Step 20 

cac-policy-set number

Example:

Router(config-sbc-sbe)# cac-policy-set 1

Enters the submode of CAC policy set configuration.

Step 21 

first-cac-table table-name

Example:

Router(config-sbc-sbe-cacpolicy)# first-cac-ta- ble RootCacTable

Configures the name of the first policy table to process when performing the admission control stage of policy.

Step 22 

first-cac-scope scope

Example:

Router(config-sbc-sbe-cacpolicy)# first-cac-scope src-adjacency

Configures the scope at which to begin defining limits when performing the admission control stage of policy.

Step 23 

cac-table table-name

Example:

Router(config-sbc-sbe-cacpolicy)# cac-table Root- CacTable

Creates or configures an admission control table.

Step 24 

table-type {policy-set | limit {list of limit tables}}

Example:

Router(config-sbc-sbe-cacpolicy-cactable)# ta- ble-type limit call-priority


Configures the table type of a CAC table within the context of an SBE policy set.

The list of limit tables argument controls the syntax of the match-value fields of the entries in the table. Available Limit tables are:

account—Compare the name of the account.

adj-group—Compare the name of the adjacency group.

adjacency—Compare the name of the adjacency.

all—No comparison type. All events match this type.

call-priority—Compare with call priority.

category—Compare the number analysis assigned category.

dst-account—Compare the name of the destination account.

dst-adj-group—Compare the name of the destination adjacency group.

dst-adjacency—Compare the name of the destination adjacency.

dst-prefix—Compare the beginning of the dialed digit string.

event-type—Compare with CAC policy event types.

src-account—Compare the name of the source account.

src-adj-group—Compare the name of the source adjacency group.

src-adjacency—Compare the name of the source adjacency.

src-prefix—Compare the beginning of the calling number string.

Features can be enabled or disabled per adjacency group through CAC configuration the same way this is done per individual adjacencies. The adj-group table type matches on either source or destination adjacency group.

Step 25 

entry number

Example:

Router(config-sbc-sbe-cacpolicy-cactable)# entry 1

Creates or modifies an entry in a table.

Step 26 

match-value key

Example:

Router(config-sbc-sbe-cacpolicy-cactable-entry)# match-value immediate

Configures the match-value of an entry in a CAC Limit table. It is only relevant for Limit table types.

The key argument is a string or a keyword based on the table type. The format of the key is determined by the Limit table type (for example, Limit event-type tables or Limit call-priority tables).

For Limit event-type tables (table-type limit event-type), the match value string options are the following:

call-update—Compare the beginning of the calling number string.

endpoint-reg—Compare the name of the destination adjacency.

new-call—Compare the beginning of the dialed digit string.

For Limit call-priority tables (table-type limit call-priority), the match value string options are the following:

critical—Match calls with resource priority 'critical'.

flash—Match calls with resource priority 'flash'.

flash-override—Match calls with resource priority 'flash-override'.

immediate—Match calls with resource priority 'immediate'.

priority—Match calls with resource priority 'priority'.

routine—Match calls with resource priority 'routine'.

For all other Limit tables, enter a name or digit string

WORD—Name or digit string to match. (Max Size 255).

Step 27 

action action-name

Example:

Router(config-sbc-sbe-cacpolicy-cactable-entry)# action cac-complete

Specifies the action to take if this entry is chosen.

Step 28 

caller-inbound-policy policytab-name

Example:

Router(config-sbc-sbe-cacpolicy-cactable-entry)# caller-inbound-policy policytab1

Configures a caller inbound SDP policy table.

Step 29 

caller-outbound-policy policytab-name

Example:

Router(config-sbc-sbe-cacpolicy-cactable-entry)# caller-outbound-policy policytab1

Configures a caller outbound SDP policy table.

Step 30 

callee-inbound-policy policytab-name

Example:

Router(config-sbc-sbe-cacpolicy-cactable-entry)# callee-inbound-policy policytab2

Configures a callee inbound SDP policy table.

Step 31 

callee-outbound-policy policytab-name

Example:

Router(config-sbc-sbe-cacpolicy-cactable-entry)# callee-outbound-policy policytab2

Configures a callee outbound SDP policy table.

Step 32 

exit

Example:

Router(config-sbc-sbe-cacpolicy-cactable-entry)# exit

Returns to the previous submode.

Step 33 

exit

Example:

Router(config-sbc-sbe-cacpolicy-cactable)# exit

Returns to the previous submode.

Step 34 

complete

Example:

Router(config-sbc-sbe-cacpolicy)# complete

Performs a consistency check on the CAC policy set.

Step 35 

exit

Example:

Router(config-sbc-sbe-cacpolicy)# exit

Returns to the previous submode.

Step 36 

active-cac-policy-set number

Example:

Router(config-sbc-sbe)# active-cac-policy-set 1

Enters the active CAC policy set.

Step 37 

end

Example:

Router(config-sbc-sbe)# end

Exits SBE mode and enters Privileged EXEC mode.

Step 38 

show sbc service-name sbe cac-policy-set number table number entry number

Example:

Router# do show sbc interwork sbe cac-policy-set 1 table 1 entry 1

Displays detailed information for a given entry in a CAC policy table.

Example of SIP SDP Attribute Passthrough

This section provides a sample configuration and output for SIP SDP Attribute Passthrough. 

Router# config t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# sbc interwork

Router(config-sbc)# sbe

Router(config-sbc-sbe)# sip sdp-match-table matchtab1

Router(config-sbc-sbe-sdp-match-tbl)# action blacklist

Router(config-sbc-sbe-sdp-match-tbl)# match-string X-sqn

Router(config-sbc-sbe-sdp-match-tbl)# match-string X-cap

Router(config-sbc-sbe-sdp-match-tbl)# exit

Router(config-sbc-sbe)# sip sdp-match-table matchtab2

Router(config-sbc-sbe-sdp-match-tbl)# action blacklist

Router(config-sbc-sbe-sdp-match-tbl)# match-string X-sqn

Router(config-sbc-sbe-sdp-match-tbl)# match-string X-pc-csuites-rtp

Router(config-sbc-sbe-sdp-match-tbl)# exit

Router(config-sbc-sbe)# sdp-policy-table policytab1

Router(config-sbc-sbe-sdp-policy-tbl)# match-table matchtab1

Router(config-sbc-sbe-sdp-policy-tbl)# exit

Router(config-sbc-sbe)# sip sdp-policy-table policytab2

Router(config-sbc-sbe-sdp-policy-tbl)# match-table matchtab2

Router(config-sbc-sbe-sdp-policy-tbl)# exit

Router(config-sbc-sbe)# cac-policy-set 1

Router(config-sbc-sbe-cacpolicy)# first-cac-table 1

Router(config-sbc-sbe-cacpolicy)# first-cac-scope global

Router(config-sbc-sbe-cacpolicy)# cac-table 1

Router(config-sbc-sbe-cacpolicy-cactable)# table-type limit src-adjacency 

Router(config-sbc-sbe-cacpolicy-cactable)# entry 1

Router(config-sbc-sbe-cacpolicy-cactable-entry)# match-value sipp1

Router(config-sbc-sbe-cacpolicy-cactable-entry)# action cac-complete  

Router(config-sbc-sbe-cacpolicy-cactable-entry)# caller-inbound-policy policytab1

Router(config-sbc-sbe-cacpolicy-cactable-entry)# caller-outbound-policy policytab1

Router(config-sbc-sbe-cacpolicy-cactable-entry)# callee-inbound-policy policytab2

Router(config-sbc-sbe-cacpolicy-cactable-entry)# callee-outbound-policy policytab2

Router(config-sbc-sbe-cacpolicy-cactable-entry)# exit

Router(config-sbc-sbe-cacpolicy-cactable)# exit

Router(config-sbc-sbe-cacpolicy)# complete 

Router(config-sbc-sbe-cacpolicy)# exit

Router(config-sbc-sbe)# active-cac-policy-set 1


This section provides a sample configuration and output for SIP SDP Attribute Passthrough. 

Router(config-sbc-sbe)# do show sbc interwork sbe cac-policy-set 1 table 1 entry 1

SBC Service "interwork"

Policy set 1 table 1 entry 1

  Match value               sipp1

  Action                    CAC policy complete

  Max calls                 Unlimited

  Max call rate             Unlimited

  Max in-call rate          Unlimited

  Max out-call rate         Unlimited

  Max registrations         Unlimited

  Max reg. rate             Unlimited

  Max bandwidth             Unlimited

  Max channels              Unlimited

  Transcoder                Allowed

  Caller privacy setting    Never hide

  Callee privacy setting    Never hide

  Early media               Allowed

  Early media direction     Both

  Early media timeout       0

  Restrict codecs to list   default

  Restrict caller codecs to list   default

  Restrict callee codecs to list   default

  Media bypass              Allowed

  SRTP Transport            Not Set

  Callee hold setting       Standard

  Caller hold setting       Standard

  Number of calls rejected by this entry    0

  Caller inbound SDP policy                 policytab1

  Caller outbound SDP policy                policytab1

  Callee inbound SDP policy                 policytab2

  Callee outbound SDP policy                policytab2