IBCF Processing Support
Users can configure Cisco Unified Border Element (SP Edition) to perform the role of an Interconnection Border Control Function (IBCF) Session Initiation Protocol (SIP) border gateway, both managing requests across a network border between IP Multimedia Subsystem (IMS) core networks and interworking with non-IMS core networks.
When functioning as an IBCF, Cisco Unified Border Element (SP Edition) supports the following IBCF functions:
- Adding to Path header on REGISTER
- Modifying Service Route header
- Routing based on SIP Route headers
- Topology hiding
- Screening of SIP signaling
- IBCF inherit profiles
- Passthrough of From, To, and Contact headers
- Passthrough of request Uniform Resource Identifier (URI) on REGISTER
- Interworking with Proxy Call Session Control Function (P-CSCF), Interrogating Call Session Control Function (I-CSCF, and Serving Call Session Control Function (S- CSCF)
- Handling messages from untrusted domains
- Adding Record-Route headers on outbound messages for adjacencies with IBCF profiles.
Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be commonly referred to in this document as the session border controller (SBC).
For a complete description of the commands used in this chapter, refer to the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model at:
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html.
For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or a Cisco IOS master commands list.
Note For Cisco IOS XE Release 2.4, this feature is supported in the unified model only.
Feature History for IBCF Support
|
|
Cisco IOS XE Release 2.4 |
This feature was introduced on the Cisco CRS-1 along with support for the unified model. |
Contents
This module contains the following sections:
Restrictions for Implementing IBCF Support
The following features are not included in the IBCF support:
- Blacklist or whitelist header-values-content-type, content-disposition, and content-language headers
- Blacklist or whitelist MIME bodies
- Session timer
- Co-location with I-CSCF
- Cisco Unified Border Element (SP Edition) does not reject long message bodies.
- Cisco Unified Border Element (SP Edition) does not check the length of SIP bodies.
- Cisco Unified Border Element (SP Edition) does not provide a default implementation of the Encryption User Exit.
- Cisco Unified Border Element (SP Edition) does not hide network devices that are identified by IP addresses.
- Cisco Unified Border Element (SP Edition) does not support the full IBCF handling of failed REGISTERs.
- Cisco Unified Border Element (SP Edition) does not provide interoperability between IMS and other SIP domains.
- The IBCF selection of a new entry point for forwarding REGISTER requests is limited to SIP Server Location procedures (as per IETF RFC 3263) and is applicable only if the initial server selected does not respond.
Information About IBCF Support
This section contains the following subsections:
Adding to Path Header on REGISTER
When Cisco Unified Border Element (SP Edition) is configured to perform the role of an IBCF gateway, the IBCF adds itself to the Path header to ensure that all INVITE requests to the subscriber are routed via the IBCF.
Modifying Service-Route Header on REGISTER
The Service-Route header is analogous to the Path header, but it is used to specify the list of devices a call should traverse for calls originating from a subscriber. By default, the IBCF does not modify the Service-Route header sent on REGISTER responses. However, if topology hiding is required, then the IBCF encrypts the header elements that match its configured HomeNetworkId.
Routing Based on SIP Route Headers
You can configure Cisco Unified Border Element (SP Edition) to route Dialog-creating requests, such as INVITE, to the next hop-IP address based on the Route header, which ensures that the SIP messages go through the specified border gateways between networks and the S-CSCF that handled the User Agent (UA) REGISTER.
Topology Hiding
Cisco Unified Border Element (SP Edition) hides those parts of the routing-related headers that reveal the internal topology of the SBC network. But this feature also ensures that the headers are usable for INVITE requests and other methods.
Screening of SIP Signaling
When configured to perform the role of an IBCF gateway, Cisco Unified Border Element (SP Edition) does not screen certain SIP headers using profile whitelists and blacklists.
IBCF Inherit Profiles
IBCF inherit profiles comprise a collection of related configuration appropriate to a particular network role. IBCF Inherit profiles may be configured for an application on a per-adjacency basis.
Cisco Unified Border Element (SP Edition) supports the following IBCF inherit profiles:
- preset-ibcf-ext-untrusted
- preset-ibcf-external
- preset-ibcf-internal
Use of an IBCF inherit profile dynamically assigns a method profile, header profile, and/or option profile to a call based on the inherit-profile selected. Table 56-1 shows which IBCF inherit profile has an effect on which specific method profile, header profile, and option profile.
The effect is not visible in the adjacency configuration for header-profile, method-profile or option profiles, and can be overridden by explicit configuration of header, method, option profiles as needed.
Table 56-1 Effect of IBCF Inherit Profiles on Method, Header and Option Profiles
|
|
|
|
preset-ibcf-ext-untrusted |
preset-ibcf-utr-in-mth preset-ibcf-utr-out-mth Type: Blacklist Actions: No methods rejected |
preset-ibcf-utr-in-hdr Type: Blacklist Actions: Removes P-Charging-Vector. Removes P-Asserted-Identity. Removes P-Access-Network-Info. Removes P-Charging-Function-Addresses preset-ibcf-utr-out-hdr Type: Blacklist Actions: Removes P-Charging-Function-Addresses |
preset-ibcf-utr-in-opt preset-ibcf-utr-out-opt Type: Blacklist Actions: No options (passes on all) |
preset-ibcf-external |
preset-ibcf-ext-in-mth preset-ibcf-ext-out-mth Type: Blacklist Actions: No methods rejected |
preset-ibcf-ext-in-hdr Type: Blacklist Actions: Removes no headers (passes all) preset-ibcf-ext-out-hdr Type: Blacklist Actions: Removes P-Charging-Vector. Removes P-Charging-Function-Addresses |
preset-ibcf-ext-in-opt preset-ibcf-ext-out-opt Type: Blacklist Actions: No options (passes on all) |
preset-ibcf-internal |
preset-ibcf-int-in-mth preset-ibcf-int-out-mth Type: Blacklist Actions: No methods rejected |
preset-ibcf-int-in-hdr preset-ibcf-int-out-hdr Type: Blacklist Actions: Removes no headers (passes all) |
preset-ibcf-int-in-opt preset-ibcf-int-out-opt Type: Blacklist Actions: No options (passes on all) |
Passthrough of From, To, and Contact Headers
For Dialog-creating and Out-of-dialog requests, Cisco Unified Border Element (SP Edition) allows the From, To, and Contact header URIs to pass through without modifying them. For dialog headers, Cisco Unified Border Element (SP Edition) uses the values corresponding to those on the Out-of-dialog requests.
Passthrough of Request URI on REGISTER
Cisco Unified Border Element (SP Edition) allows the Request URI on a REGISTER message to pass through without modifying it.
Interworking with P-CSCF, I-CSCF, and S-CSCF
When performing the role of an IBCF gateway, Cisco Unified Border Element (SP Edition) allows the CSCF-specific headers on SIP messages to pass through.
Handling Messages from Untrusted Domains
When Cisco Unified Border Element (SP Edition) is acting as an IBCF entry point, it handles out-of-dialog requests from untrusted domains as follows:
- Cisco Unified Border Element (SP Edition) rejects all REGISTER requests with a 403 response.
- Cisco Unified Border Element (SP Edition) removes all P-Asserted-Identity headers, P-Access-Network-Info headers, P-Charging-Vector headers, and P-Charging-Function-Address headers from other requests.
- Cisco Unified Border Element (SP Edition) rejects requests if the router contains the Orig parameter.
Implementing IBCF Support
Configuring the Domain Names to Use for IBCF Adjacencies
SUMMARY STEPS
1. configure terminal
2. sbc service-name
3. sbe
4. sip home network identifier domain-name
5. sip encryption key string
6. adjacency sip adjacency-name
7. inherit profile preset-ibcf-internal
8. home network identifier domain-name
9. encryption key string
10. exit
DETAILED STEPS
|
|
|
Step 1 |
configure terminal
Router# configure terminal |
Enables global configuration mode. |
Step 2 |
sbc service-name
Router(config)# sbc mysbc |
Enters the mode of an SBC service.
- Use the service-name argument to define the name of the service.
|
Step 3 |
sbe
Router(config-sbc)# sbe |
Enters the mode of a SBE entity within an SBC service. |
Step 4 |
sip home network identifier domain-name
Router(config-sbc-sbe)# sip home network identifier mydomain.com |
Configures the specified domain name as the global home network identifier for use in all SIP IBCF adjacencies. Use the domain-name argument to specify the domain name of the SIP adjacency. |
Step 5 |
sip encryption key string
Router(config-sbc-sbe)# encryption key code1 |
Configures a global encryption key for all SIP IBCF adjacencies.
- Use the string value to specify the encryption key to use for all SIP IBCF adjacencies.
|
Step 6 |
adjacency sip adjacency-name
Router(config-sbc-sbe)# adjacency sip sipadj |
Enters the mode of an SBE SIP adjacency.
- Use the adjacency-name argument to define the name of the SIP adjacency.
|
Step 7 |
inherit profile preset-ibcf-internal
Router(config-sbe-adj-sip)# inherit profile preset-ibcf-internal |
Configures a global inherit profile and specifies a preset IBCF internal profile. |
Step 8 |
home network identifier network-name
Router(config-sbc-sbe-adj-sip)# home network identifier Cisco.com |
Configures a home network identifier on an IBCF adjacency. Use the network-name argument to specify the name of the home network identifier. |
Step 9 |
encryption key string
Router(config-sbc-sbe-adj-sip)# encryption key code2 |
Configures an encryption key on the SIP IBCF adjacency.
- Use the string argument to specify the encryption key for the SIP IBCF adjacency.
|
Step 10 |
exit
Router(config-sbc-sbe-adj-sip)# exit |
Exits the SIP adjacency mode to the SBE mode. |