Configuring the Cisco Unified Border Element
(SP Edition) Distributed Model
This chapter describes fundamental configuration tasks required for typical data border element (DBE) deployment of the Cisco Unified Border Element (SP Edition). The Cisco ASR 1000 Series Aggregation Services Router serves as the DBE. The DBE operates with a Signaling Border Element (SBE), also called a media gateway controller (MGC).
For a complete description of the commands used in this chapter, see Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model at:
http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html.
Cisco Unified Border Element (SP Edition) was formerly known as the integrated session border controller. It is commonly referred to as the session border controller (SBC) in this document.
Contents
This chapter provides information about the following topics:
•Prerequisites for the Cisco Unified Border Element (SP Edition) Distributed Model
•Restrictions for the Cisco Unified Border Element (SP Edition) Distributed Model
•Configuring the Cisco Unified Border Element (SP Edition) DBE Deployment
•Configuring the H.248 Logging Level
•Configuration Examples
•Cisco H.248 Profile
Prerequisites for the Cisco Unified Border Element (SP Edition) Distributed Model
When running SBC with 500 or more active calls, ensure you configure the huge buffer size to 65535 bytes with the buffer huge size 65535 command. The increased buffer size is required because by default Cisco IOS software sets the "huge" buffer size to be 18084 bytes, which is not large enough for H.248 audit responses when there are more than 500 active calls.
Note For information on the number of active calls that can be reported or audited with a huge buffer of 65535 bytes, see the "Number of Active Calls That Can Be Audited" section.
Restrictions for the Cisco Unified Border Element (SP Edition) Distributed Model
The following are not supported by the SBC function on the Cisco ASR 1000 Series Routers:
•Signaling Border Element (SBE) function and SBE CLIs
•Digital signal processing (DSP)
•Network management system (NMS) configuration
•Transcoding
•SBC virtual interface does not support any existing Cisco IOS features
Note When a VRF is removed from an SBC interface that is in use by an activated SBC, the IP addresses are not removed automatically by the SBC. The user has to manually remove the IP addresses when the SBC is deactivated.
Configuring the Cisco Unified Border Element (SP Edition) DBE Deployment
This section contains steps to configure a typical DBE on the Cisco ASR 1000 Series Routers.
Prerequisites
When running SBC with 500 or more active calls, configure the huge buffer size to 65535 bytes with the buffer huge size 65535 command to ensure the buffer is large enough for H.248 audit responses.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface sbc {interface-number}
4. ip address ip-address
5. exit
6. sbc {sbc-name} dbe
7. vdbe [global]
8. h248-version version
9. h248-napt-package [napt | ntr]
10. local-port {port-num}
11. control-address h248 ipv4 {A.B.C.D}
12. controller h248 {controller-index}
13. remote-address ipv4 {A.B.C.D}
14. remote-port {port-num}
15. transport {udp | tcp} [interim-auth-header]
16. exit
17. attach-controllers
18. exit
19. location-id {location-id}
20. media-address ipv4 {A.B.C.D}
21. exit
22. activate
23. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables the privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface sbc {interface-number}
Router(config)# interface sbc 1 |
Creates an SBC virtual interface and enters into interface configuration mode. |
Step 4 |
ip address ip-address
Router(config-if)# ip address 1.1.1.1 255.0.0.0 |
Configures an IP address on the SBC virtual interface. |
Step 5 |
exit
Router(config-if)# exit |
Exits interface configuration mode. |
Step 6 |
sbc {sbc-name} dbe
Router(config)# sbc mySbc dbe |
Creates the DBE service on the SBC and enters into SBC-DBE configuration mode. |
Step 7 |
vdbe [global]
Router(config-sbc-dbe)# vdbe global |
Enters into VDBE configuration mode with a default DBE named "global". Only one DBE is supported and its name must be "global". |
Step 8 |
h248-version version
Router(config-sbc-dbe-vdbe)# h248-version 3 |
Specifies that the DBE uses an H.248 version when it forms associations with an H.248 controller. Version 2 is the default. |
Step 9 |
h248-napt-package [napt | ntr]
Router(config-sbc-dbe-vdbe)# h248-napt-package napt |
Defines whether the DBE uses the Network Address and Port Translation (NAPT) or NAT Traversal (NTR) H.248 package for signaling NAT features. NTR is the default. |
Step 10 |
local-port {port-num}
Router(config-sbc-dbe-vdbe)# local-port 2947 |
Configures the DBE to use the specific local port number when connecting to the default media gateway controller (MGC). |
Step 11 |
control-address h248 ipv4 {A.B.C.D}
Router(config-sbc-dbe-vdbe)# control-address h248 ipv4 210.229.108.254 |
Configures the DBE to use a specific IPv4 H.248 control address, which is the local IP address the DBE uses as its own address when connecting to the SBE. |
Step 12 |
controller h248 {controller-index}
Router(config-sbc-dbe-vdbe)# controller h248 1 |
Configures the H.248 controller for the DBE and enters into Controller H.248 configuration mode. In the example, the configured number 1 identifies the H.248 controller for the DBE. |
Step 13 |
remote-address ipv4 {A.B.C.D}
Router(config-sbc-dbe-vdbe-h248)# remote-address ipv4 210.229.108.252 |
Configures the IPv4 remote address of the H.248 controller for the SBE. In the example, 210.229.108.252 is configured as the remote SBE IP address. |
Step 14 |
remote-port {port-num}
Router(config-sbc-dbe-vdbe-h248)# remote-port 2947 |
Configures the port number of the H.248 controller that is used to connect to the SBE. |
Step 15 |
transport {udp | tcp} [interim-auth-header]
Router(config-sbc-dbe-vdbe-h248)# transport udp interim-auth-header |
Configures the DBE to use either UDP or TCP for H.248 control signaling. The command also configures the H.248 controller to insert the interim authentication header into the H.248 messages and set all fields in the header to zeroes. |
Step 16 |
exit
Router(config-sbc-dbe-vdbe-h248)# exit |
Exits Controller H.248 configuration mode. |
Step 17 |
attach-controllers
Router(config-sbc-dbe-vdbe)# attach-controllers |
Attaches the DBE to an H.248 controller. |
Step 18 |
exit
Router(config-sbc-dbe-vdbe)# exit |
Exits VDBE configuration mode. |
Step 19 |
location-id {location-id}
Router(config-sbc-dbe)# location-id 1 |
Configures a location ID for the DBE. The location ID is used by the network to route calls. |
Step 20 |
media-address ipv4 {A.B.C.D}
Router(config-sbc-dbe)# media-address ipv4 1.1.1.1 |
Adds the IPv4 address to the set of addresses, which can be used by the DBE as a local media address. This address is the SBC virtual interface address. Enters into media-address configuration mode. Configure this command for each IP address that you specified under the SBC virtual interface in Step 4. |
Step 21 |
exit
Router(config-sbc-dbe-media-address)# exit |
Exits the media-address configuration mode and enters into SBC-DBE configuration mode. |
Step 22 |
activate
Router(config-sbc-dbe)# activate |
Initiates the DBE service of the SBC. |
Step 23 |
end
Router(config-sbc-dbe)# end |
Exits SBC-DBE configuration mode and returns to the privileged EXEC mode. |
Examples
The DBE does not always attach or detach from its controller immediately. You can use the show sbc dbe controllers command to display status information on whether the controller is attached or detached.
The following example uses the show sbc dbe controllers command to display status information showing that the VDBE with a location ID of 1 on an SBC called "mySbc" is attached to its controller:
Router# show sbc mySbc dbe controllers
Media gateway controller in use:
Sent Received Failed Retried
Remote address: 210.229.108.252:2944 (using default port)
Troubleshooting Tips
The following are troubleshooting tips that may be helpful after you get your SBC into production.
"Bad getbuffer" Log Message
You run over 500 active calls on your DBE deployment and you receive the following log message:
*Feb 11 11:35:52.909: %SYS-2-GETBUF: Bad getbuffer, bytes= 34506
-Process= "SBC main process", ipl= 0, pid= 183
-Traceback= 70EDFC 747354 9942D0 AFC6E4 B01AC4 29637B0 2960FCC 24C7F04 24C7918 24C7AD0
24D97AC 24D8790 2987C70
*Feb 11 11:35:52.909: %SBC-2-MSG-0303-0046: (sckrecv2.c 991)
*Feb 11 11:35:52.909: %SBC-2-MSG-0303-0025: (sckis.c 112)
General sockets layer error detected.
*Feb 11 11:35:52.909: %SBC-2-MSG-2E01-0014: (gctpfsm.c 730)
An association with a peer has become disconnected.
Peer's address = 200.10.255.252
Change your huge buffer size to 65535 bytes. This is the recommended huge buffer size for deployment of more than 500 active calls due to the need for increased buffer size for H.248 audit responses.
Number of Active Calls That Can Be Audited
The number of active calls that can be reported or audited with a huge buffer of 65535 bytes depends on the following:
•The number of calls that can be audited depends on the details of the pinholes because these affect the size of the audit records.
•Using UDP as your H.248 transport may limit auditable calls. You can remove this limitation by using the Segmentation Package and configuring the huge buffer size to be equal to or greater than the segmentation PDU size.
What to Do Next
See the "Configuring the H.248 Logging Level" section if you want to set console logging other than default logging and turn on H.248 logging messages.
See Chapter 4 "Media Address Pools," for information on what to configure next on the DBE.
See the "In-Service Provisioning of H.248 Controllers" section for information on configuring a new controller or making changes to a controller.
Configuring the H.248 Logging Level
This section contains steps to configure a sample configuration where console logging for H.248 messages sent and received is turned on and the H.248 protocol message filter is enabled to display only the H.248 text without any internal message logs.
SUMMARY STEPS
1. enable
2. configure terminal
3. sbc {sbc-name} dbe
4. vdbe [global]
5. h248-version version
6. h248-napt-package [napt | ntr]
7. local-port {port-num}
8. control-address h248 ipv4 {A.B.C.D}
9. logging level [value]
10. logging filter control protocol (Optional)
11. controller h248 {controller-index}
12. remote-address ipv4 {A.B.C.D}
13. remote-port {port-num}
14. exit
15. attach-controllers
16. exit
17. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables the privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
sbc {sbc-name} dbe
Router(config)# sbc global dbe |
Creates the DBE service on the SBC and enters into SBC-DBE configuration mode. |
Step 4 |
vdbe [global]
Router(config-sbc-dbe)# vdbe global |
Enters into VDBE configuration mode with a default DBE named "global". Only one DBE is supported and its name must be "global". |
Step 5 |
h248-version version
Router(config-sbc-dbe-vdbe)# h248-version 3 |
Specifies that the DBE uses an H.248 version when it forms associations with an H.248 controller. Version 2 is the default. |
Step 6 |
h248-napt-package [napt | ntr]
Router(config-sbc-dbe-vdbe)# h248-napt-package napt |
Defines whether the DBE uses the Network Address and Port Translation (NAPT) or NAT Traversal (NTR) H.248 package for signaling NAT features. NTR is the default. The example shows how to configure the DBE to use NAPT. |
Step 7 |
local-port {port-num}
Router(config-sbc-dbe-vdbe)# local-port 2971 |
Configures the DBE to use the specific local port number when connecting to the default media gateway controller (MGC). |
Step 8 |
control-address h248 ipv4 {A.B.C.D}
Router(config-sbc-dbe-vdbe)# control-address h248 ipv4 200.50.1.41 |
Configures the DBE to use a specific IPv4 H.248 control address, which is the local IP address the DBE uses as its own address when connecting to the SBE. |
Step 9 |
logging level [value]
Router(config-sbc-dbe-vdbe)# logging level 30 |
Sets a specified logging level to generate detailed logs of H.248 messages sent and received. Turns on console logging for the specified level and logs above that level. |
Step 10 |
logging filter control protocol
Router(config-sbc-dbe-vdbe)# logging filter control protocol |
(Optional) Sets the H.248 protocol message filter for console logging to display only the H.248 text without any internal message logs. |
Step 11 |
controller h248 {controller-index}
Router(config-sbc-dbe-vdbe)# controller h248 2 |
Configures the H.248 controller for the DBE and enters into Controller H.248 configuration mode. In the example, the configured number 2 identifies the H.248 controller for the DBE. |
Step 12 |
remote-address ipv4 {A.B.C.D}
Router(config-sbc-dbe-vdbe-h248)# remote-address ipv4 200.50.1.254 |
Configures the IPv4 remote address of the H.248 controller for the SBE. In the example, 200.50.1.254 is configured as the remote SBE IP address. |
Step 13 |
remote-port {port-num}
Router(config-sbc-dbe-vdbe-h248)# remote-port 2971 |
Configures the port number of the H.248 controller that is used to connect to the SBE. |
Step 14 |
exit
Router(config-sbc-dbe-vdbe-h248)# exit |
Exits Controller H.248 configuration mode. |
Step 15 |
attach-controllers
Router(config-sbc-dbe-vdbe)# attach-controllers |
Attaches the DBE to an H.248 controller. |
Step 16 |
exit
Router(config-sbc-dbe-vdbe)# exit |
Exits VDBE configuration mode. |
Step 17 |
end
Router(config-sbc-dbe)# end |
Exits SBC-DBE configuration mode and returns to the privileged EXEC mode. |
Enabling the H.248 Logging Requests and Responses
Because the default logging level of 63 is set on by default, you can use the logging level command to enable other logging levels. In particular, logging level 30 generates logs showing H.248 requests sent and responses received. The logging level command sets the severity logging level on the DBE and limits logging messages displayed on the console to messages for that specified level and above. For example a specified logging level of 30 would display log messages from logging levels 30, 40, 50, 60, 70, 80, and 90. The lower the logging level, the more syslog bandwidth is taken up.
You may want to consider the Cisco IOS console rate limiting configuration when you set your SBC logging level. Setting the SBC logging level to a level below the default of 63 can cause a substantial volume of messages to be generated. These messages are subject to standard Cisco IOS console rate limiting behavior, where warning and lower-level messages can be rate limited. Therefore, these messages and other messages may be dropped from the console output. However, they are still recorded in the logging buffer, which you can examine. Refer to the logging rate-limit command in the document titled Cisco IOS Configuration Fundamentals and Network Management Command Reference for more information.
Note Some messages may be displayed on the standby Route Processor (RP) because some of the components remain in the active stage on the standby RP and may produce those messages.
SBC debug commands that set the logging level and the H.248 protocol message filter, such as debug sbc log-level and debug sbc filter, can be enabled at the same time.
The logging level command works with SBC and Cisco IOS debug commands as follows:
•If logging and logging level are enabled by the logging level command, logging can only be disabled by the logging level command. The undebug all and no debug sbc log-level commands have no effect.
•If logging and logging level are enabled by a debug command, logging can be disabled by the undebug all and no debug sbc log-level commands.
•If two different logging levels are set by both a debug command and the logging level command, the lower logging level is applied.
•If the same level is set using both the logging level command and a debug command,—to turn off logging for that level, you must disable logging using both the logging level command and the debug command.
Example
The following example shows a sample log output produced on an H.248 ADD request with logging level set to 30:
*Sep 10 06:38:39.039: %SBC-7-MSG-2E01-0092: SBC/MG-CTRL: (gctarecv.c
1397) Application has completed processing a transaction asynchronously
*Sep 10 06:38:49.539: %SBC-7-MSG-2E01-0050: SBC/MG-CTRL: (gctphash.c
701) A hash table has been resized.
The previous size of the hash table was 1024 entries.
The new size of the hash table is 512 entries.
Configuration Examples
This section provides the following configuration examples:
•Configuring an SBC DBE Deployment
•Configuring the Primary IP and Primary Media IP Addresses
•Configuring the Secondary IP and Secondary Media IP Addresses
Configuring an SBC DBE Deployment
The following steps list the tasks you need to do to configure an SBC DBE deployment on the Cisco ASR 1000 Series Routers:
1. Create an SBC virtual interface.
2. Configure IP addresses on the SBC virtual interface.
3. Create the DBE service on the SBC.
4. Configure the default VDBE.
5. Take the default use-any-local-port command behavior.
6. Configure the DBE to use a local H.248 control address to connect to the SBE.
7. Configure the H.248 controller for the DBE.
8. Configure the remote address of the H.248 controller for the SBE.
9. Attach the DBE to an H.248 controller.
10. Configure a location ID for the DBE.
11. Add an IPv4 address so it can be used by the DBE as a local media address.
12. Initiate the DBE service of the SBC.
The following is a sample configuration representing the ordered tasks used to configure an SBC DBE deployed on the Cisco ASR 1000 Series Routers:
ip address 1.1.1.1 255.0.0.0
control-address h248 ipv4 210.229.108.254
remote-address ipv4 210.229.108.252
media-address ipv4 1.1.1.1
Configuring the Primary IP and Primary Media IP Addresses
The following example shows the running configuration where the primary IP address and primary media IP addresses have been configured:
control-address h248 ipv4 210.229.108.254
remote-address ipv4 210.229.108.252
media-address ipv4 1.1.1.1 <== primary local media IP address added using primary IP addr
ip address 1.1.1.1 255.0.0.0 <=== primary IP address was configured on SBC interface
Configuring the Secondary IP and Secondary Media IP Addresses
The following example shows the running configuration where a secondary IP address and secondary media IP address are configured after the primary IP address and primary media address have been configured:
control-address h248 ipv4 210.229.108.254
remote-address ipv4 210.229.108.252
media-address ipv4 1.1.1.1
media-address ipv4 25.25.25.25 <=== secondary media IP addr added using secondary IP addr
ip address 25.25.25.25 255.0.0.0 secondary <= secondary IP addr configured on SBC interf.
ip address 1.1.1.1 255.0.0.0
Cisco H.248 Profile
H.248 profiles define option values, sets of packages, naming conventions, and other details for an entire set of applications. The SBC DBE deployment for the Cisco ASR 1000 Series Routers currently supports only one profile, SBC_GateControl. The SBC_GateControl profile, a Cisco internal profile based on ITU-T Recommendation H.248.1 Version 2, defines functionality between the DBE and the MGC.
Overview of Profile
The profile connection model supports the following:
•Maximum number of contexts: Provisioned
•Maximum number of terminations per context: 68
•Allowed terminations type combinations: (IP,IP)
Table 2-1 shows the context attributes and values that are supported by the profile.
Table 2-1 Context Attributes
|
|
|
Topology |
No |
N/A |
Priority Indicator |
Yes |
0 to 15 |
Emergency Indicator |
Yes |
ON/OFF |
IEPS Indicator |
Yes |
ON/OFF |
Context Attribute Descriptor |
No |
N/A |
ContextIDList Parameter |
No |
N/A |
AND/OR Context Attribute |
No |
N/A |
The termination ID structure is provisioned in the MGC. The MGC is at liberty to choose any termination naming structure. The DBE can accept 3 to 9 fields in the termination ID structure.
The following H.248 subseries transports are supported by the profile:
•Supported transports: TCP or UDP
•Segmentation supported: UDP: Optional
Use of the Interim Authentication Header defined in H.248.1v2 is optional within this profile.
Profile Packages
This section specifies the packages that are supported in this profile. Mandatory packages are packages that are supported in the profile. Optional packages are packages that may be supported in the profile.
Table 2-2 shows the mandatory packages supported by the Cisco profile.
Table 2-2 Mandatory Packages
|
|
|
Base Root |
root |
2 |
Congestion Handling |
chp |
1 |
DTMF Detection |
dd |
1 |
DTMF Generation |
dg |
1 |
Diffserv |
ds |
1 |
Extended VPN Discrimination |
evpnd |
1 |
Inactivity Timer |
it |
1 |
Middlebox or EMP |
emp |
1 |
NAT Traversal |
ntr |
1 |
Network |
nt |
1 |
RTP |
rtp |
1 |
Traffic Management |
tman |
1 |
Table 2-3 shows the optional packages supported by the Cisco profile.
Table 2-3 Optional Packages
|
|
|
|
Address Reporting |
adr |
1 |
Extension to ipnapt package |
End Point Statistics |
epstat |
1 |
— |
Enhanced Root |
eroot |
N/A |
Proprietary package |
Enhanced Traffic Management |
etman |
1 |
— |
Gate Information |
ginfo |
1 |
— |
Gate Recovery Information |
gri |
1 |
— |
Generic |
g |
1 |
— |
IP NAPT Traversal |
ipnapt |
1 |
— |
Media Gateway Overload Control |
ocp |
1 |
— |
Segmentation |
seg |
1 |
Applicable for UDP transport where sufficiently large messages are required to be supported |
Session Failure Reaction |
sfr |
1 |
— |
Termination State Control |
tsc |
1 |
— |