Configuring Cisco Unified Border Element (SP Edition)

This chapter describes how to configure the data border element (DBE) and signaling border element (SBE) for Cisco Unified Border Element (SP Edition).

Note that the DBE configuration is still required when running in the unified model because the DBE configuration provides the information necessary for the RTP media to flow.

Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be commonly referred to in this document as the session border controller (SBC).

For a complete description of the commands used in this chapter, refer to the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model at:

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html

For information about all Cisco IOS commands, use the Command Lookup Tool at
http://tools.cisco.com/Support/CLILookup or a Cisco IOS master commands list.

Configuring Unified Model

This section contains the following information on configuring the unified model:

Configuring SBE in the Unified Model

This section describes how to configure a SBE on a Cisco ASR 1000 Series Routers:

Prerequisites

  • In the unified mode, you must configure the SBE before the DBE.
  • You need to configure blacklisting to override default blacklisting thresholds when the SBE is configured and before you start using Cisco Unified Border Element (SP Edition). See the Dynamic Blacklisting Behavior for configuration information.
  • When running Cisco Unified Border Element (SP Edition) with 500 or more active calls, configure the huge buffer size to 65535 bytes with the buffer huge size 65535 command. The increased buffer size is required because by default Cisco IOS software sets the “huge” buffer size to be 18084 bytes, which is not large enough for audit responses when there are more than 500 active calls.

Configuration Tip

We strongly recommend you use different addresses for signaling and media addresses to avoid scenarios where reservation for media port range can prevent call signaling packets from reaching the route processor (RP). In this scenario, if the SBC attempts to receive a call using a port that has been reserved by the SBC for media, packets will be dropped, rather than forwarded to the RP. This type of scenario is more likely to occur for H.323 and SIP calls using TCP transport.

SUMMARY STEPS

1. configure

2. sbc sbc-name

3. sbe

4. adjacency sip adjacency-name

5. signaling-address ipv4 ipv4_IP_address

6. signaling-port port_num

7. remote-address ipv4 ip-address ip-mask

8. signaling-peer peer_name

9. signaling-peer-port port_num

10. attach

11. exit

12. adjacency sip adjacency-name

13. signaling-address ipv4 ipv4_IP_address

14. signaling-port port_num

15. remote-address ipv4 ip-address ip-mask

16. signaling-peer peer_name

17. signaling-peer-port port_num

18. attach

19. call-policy-set policy-set-id

20. first-call-routing-table table-name

21. rtg-src-adjacency-table table-id

22. entry entry-id

23. action

24. dst-adjacency target-adjacency

25. match-adjacency key

26. exit

27. entry entry-id

28. action

29. dst-adjacency target-adjacency

30. match-adjacency key

31. complete

32. active-call-policy-set policy-set-id

33. activate

34. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1

configure terminal

 
Router# configure terminal

Enters global configuration mode.

Step 2

sbc sbc-name

 
Router(config)# sbc mySbc

Creates the SBC service on Cisco Unified Border Element (SP Edition) and enters into SBC configuration mode.

Step 3

sbe

 

Router(config-sbc)# sbe

Enters the mode of the signaling border element (SBE) function of the SBC.

Step 4

adjacency sip adjacency-name

 

Router(config-sbc-sbe)# adjacency sip

Access

Enters the mode of an SBE SIP adjacency.

Use the adjacency-name argument to define the name of the service.

Note A functional SBC needs a minimum of two adjacencies configured.

Step 5

signaling-address ipv4 ipv4_IP_address

 

Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 88.103.29.100

Specifies the local IPv4 signaling address of the SIP adjacency.

Step 6

signaling-port port_num

 

Router(config-sbc-sbe-adj-sip)# signaling-port 5060

Specifies the local signaling port of the SIP adjacency.

Step 7

remote-address ipv4 ip-address ip-mask

 

Router(config-sbc-sbe-adj-sip)# remote-address 200.200.200.0 255.255.255.0

Restricts the set of remote signaling peers contacted over the adjacency to those with the given IP address prefix.

Step 8

signaling-peer peer_address

 

Router(config-sbc-sbe-adj-sip)# signaling-peer 200.200.200.118

Specifies the remote signaling peer for the SIP adjacency to use.

Step 9

signaling-peer-port port_num

 

Router(config-sbc-sbe-adj-sip)# signaling-peer-port 5060

Specifies the remote signaling-peer port for the SIP adjacency to use.

Step 10

attach

 

Router(config-sbc-sbe-adj-sip)#

Attaches the adjacency.

Step 11

exit

 

Router(config-sbc-sbe-adj-sip)# exit

Exits SBE SIP adjacency configuration mode and enters SBE mode.

Step 12

adjacency sip adjacency-name

 

Router(config-sbc-sbe)# adjacency sip

Core

Enters the mode of an SBE SIP adjacency.

Use the adjacency-name argument to define the name of the service.

Step 13

signaling-address ipv4 ipv4_IP_address

 

Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 88.103.33.100

Specifies the local IPv4 signaling address of the SIP adjacency.

Step 14

signaling-port port_num

 

Router(config-sbc-sbe-adj-sip)# signaling-port 5060

Specifies the local signaling port of the SIP adjacency.

Step 15

remote-address ipv4 ip-address ip-mask

 

Router(config-sbc-sbe-adj-sip)# remote-address 200.200.200.0 255.255.255.0

Restricts the set of remote signaling peers contacted over the adjacency to those with the given IP address prefix.

Step 16

signaling-peer peer_address

 

Router(config-sbc-sbe-adj-sip)# signaling-peer 200.200.200.118

Specifies the remote signaling peer for the SIP adjacency to use.

Step 17

signaling-peer-port port_num

 

Router(config-sbc-sbe-adj-sip)# signaling-peer-port 5060

Specifies the remote signaling-peer port for the SIP adjacency to use.

Step 18

attach

 

Router(config-sbc-sbe-adj-sip)# attach

Attaches the adjacency.

Step 19

call-policy-set policy-set-id

 

Router(config-sbc-sbe-callpolicy)# call-policy-set 1

Enters the mode of routing policy set configuration within an SBE entity, creating a new policy set, if necessary.

Note There can only be one call policy set at any given time.

Step 20

first-call-routing-table table-name

 

Router(config-sbc-sbe-callpolicy)# first-call-routing-table start-table

Configures the name of the first policy table to process when performing the routing stage of policy for new-call events.

Step 21

rtg-src-adjacency-table table-id

 

Router(config-sbc-sbe-callpolicy)# rtg-src-adjacency-table start-table

Enters the configuration mode of a routing table (creating one if necessary) within the context of an SBE policy set whose entries match the source adjacency.

Step 22

entry entry-id

 

Router(config-sbc-sbe-callpolicy-rtgtable)# entry 1

Enters the mode for configuring an entry in a routing table, creating the entry if necessary.

Step 23

action [next-table goto-table-name | complete | reject]

 

Router(config-sbc-sbe-callpolicy-rtgtable-entry)# action complete

Configures the action to take if this routing entry is chosen. Possible actions are:

  • Set the name of the next routing table to process if the event matches this entry. This is done using the next-table keyword and the goto-table-name argument.
  • Complete the action using the complete keyword.
  • Reject the indicated action using the reject keyword.

Step 24

dst-adjacency target-adjacency

 

Router(config-sbc-sbe-callpolicy-rtgtable-entry) # dst-adjacency Core

Configures the destination adjacency of an entry in a routing table.

Step 25

match-adjacency target-adjacency

 

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency Access

Configures the match value of an entry in a number analysis or routing table whose entries match against the source adjacency.

Step 26

exit

 

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit

Exits mode for configuring an entry in a routing table and enters configuration mode of a routing table to create an entry.

Step 27

entry entry-id

 

Router(config-sbc-sbe-callpolicy-rtgtable)# entry 2

Enters the mode for configuring an entry in a routing table, creating the entry if necessary.

Step 28

action [next-table goto-table-name | complete | reject]

 

Router(config-sbc-sbe-callpolicy-rtgtable-entry)# action complete

Configures the action to take if this routing entry is chosen. Possible actions are:

  • Set the name of the next routing table to process if the event matches this entry. This is done using the next-table keyword and the goto-table-name argument.
  • Complete the action using the complete keyword.
  • Reject the indicated action using the reject keyword.

Step 29

dst-adjacency target-adjacency

 

Router(config-sbc-sbe-callpolicy-rtgtable-entry)# dst-adjacency Access

Configures the destination adjacency of an entry in a routing table.

Step 30

match-adjacency target-adjacency

 

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency Core

Configures the match value of an entry in a number analysis or routing table whose entries match against the source adjacency.

Step 31

complete

 

Router(config-sbc-sbe-cacpolicy-cactable-entry)# complete

Completes the CAC policy set when you have committed the full set.

Step 32

active-call-policy-set policy-set-id

 

Router(config-sbc-sbe)# active-call-policy-set 1

Sets the active routing policy set within an SBE entity.

Step 33

activate

 

Router(config-sbc-sbe)# activate

Initiates the SBC service.

Step 34

end

 

Router(config-sbc-sbe)# end

Exits SBC-DBE configuration mode and returns to EXEC mode.

Modifying Existing Call Policy Set

A policy set is a group of policies that can be active on Cisco Unified Border Element (SP Edition) at any one time. If a policy set is active, then Cisco Unified Border Element (SP Edition) uses the rules defined within it to apply policy to events. Routing and number analysis are configured in a call policy set.

Only one policy set of each type can be active at any given time. You can switch the active policy set at any time. You cannot modify the currently active policy set without deactivating it. However you can modify policy sets that are not active. A policy set can be deleted, provided that it is not the active policy set.

To modify an existing call policy set, you must first deactivate it with the no active call-policy-set command and then execute a no complete command.

The following task deactivates the active call-policy-set.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. no active-call-policy-set policy-set-id

5. no complete

6. exit

DETAILED STEPS

 

 
Command or Action
Purpose

Step 1

configure

 

Router# configure

Enables global configuration mode.

Step 2

sbc sbc-name

 

Router(config)# sbc mysbc

Creates the SBC service on Cisco Unified Border Element (SP Edition) and enters into SBC configuration mode.

 

Step 3

sbe

 

Router(config-sbc)# sbe

Enters the mode of an SBE entity within an SBC service.

Step 4

no active-call-policy-set policy-set-id

 

Router(config-sbc-sbe)# no active-call-policy-set 1

deactivates the active routing policy set within an SBE entity.

Step 5

no complete

 

Router(config-sbc-sbe-cacpolicy-cactable-entry)# no complete

Does not complete the active routing policy set.

Step 6

exit

 

Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit

Exits the current mode of the configuration.

Replacing an Existing Call Policy Set

Only one policy set of each type can be active at any given time. You can replace or switch the active policy set at any time. To do that, first deactivate the existing call policy set. Then activate the new call policy set for it to take effect.

SUMMARY STEPS

1. configure

2. sbc service-name

3. sbe

4. no active-call-policy-set policy-set-id

5. active-call-policy-set policy-set-id

6. complete

7. exit

DETAILED STEPS

 

 
Command or Action
Purpose

Step 1

configure

 

Router# configure

Enables global configuration mode.

Step 2

sbc service-name

 

Router(config)# sbc mysbc

Enters the mode of an SBC service.

  • Use the service-name argument to define the name of the service.

Step 3

sbe

 

Router(config-sbc)# sbe

Enters the mode of an SBE entity within an SBC service.

Step 4

no active-call-policy-set policy-set-id

 

Router(config-sbc-sbe)# no active-call-policy-set 1

Deactivates the active routing policy set within an SBE entity.

Step 5

active-call-policy-set policy-set-id

 

Router(config-sbc-sbe)# active-call-policy-set 6

Activates the new active routing policy set that is replacing the prior active routing policy set.

Step 6

complete

 

Router(config-sbc-sbe-cacpolicy-
cactable-entry)# no complete

Completes the active routing policy set.

Step 7

exit

 

Router(config-sbc-sbe-rtgpolicy-
rtgtable-entry)# exit

Exits the current mode of the configuration.

Memory Alerting

The Memory Alerting feature enables you to configure the number of active calls on an SBC based on the amount of free memory available on the device.

For example, an ASR1000 may support 5000 maximum active calls and support other features as well. In a scenario where the upper limit to the active calls is not configured, and other non-SBC features are also in use, there is a possibility that the SBC might use the system memory to a point that even the basic functions of the ASR1000 gets affected due to memory fragmentation or lack of memory.

The Memory Alerting feature enables you to configure thresholds and drop rates for various memory availability levels. This prevents the SBC from consuming memory for new calls or call registrations.

The Memory Alerting feature consists of four levels, Minor, Major, Critical, and Halt. The levels are defined based on the amount of processor memory available at a given time. Processor memory is checked after every ten new calls to determine the memory available.

You can configure the percentage of memory available to trigger each level, and define the number of calls to be rejected (0 to 10) from a set of 10 calls.

Table 3-1 represents the default percentages and drop rates.

 

Table 3-1 SBC Memory Alerting Levels, Default Memory Percentages, and Calls Rejected

Level
Default Percentage of Memory Remaining
Number of Calls Rejected

Minor

<= 25%

0 of 10

Major

<= 20%

4 of 10

Critical

<= 15%

9 of 10

Halt

<= 10%

10 of 10


Note You cannot configure or modify the level Halt. If only 10 or lesser percentage of memory is available on the device, SBC stops accepting new calls.


Whenever a memory level change occurs, a message similar to the following is displayed on the console:

*July 2010 10:25:56.489:%SBC_COMP-3-MEMORY_ALERT: SBC memory congestion level has changed from CRITICAL to MINOR.
Usage: 883638296 of 1774290032 bytes.

 

Use the [no] reject-threshold [ level ] memory [ percentage ] [ reject rate ] command to configure the memory threshold and reject rate for new calls.

Configuring Memory Alerting

This task configures the reject threshold and reject rate for new calls.

SUMMARY STEPS

1. configure

2. sbc sbc-name

3. sbe

4. reject-threshold

5. end

6. show sbc sbc-name sbe call-stats reject-threshold

DETAILED STEPS

 

 
Command or Action
Purpose

Step 1

configure terminal

 

Router# configure terminal

Enables global configuration mode.

Step 2

sbc sbc-name

 

Router(config)# sbc mySbc

Enables entry into the mode of an SBC service.

Use the sbc-name argument to define the name of the SBC.

Step 3

sbe

 

Router(config-sbc)# sbe

Enables entry into the mode of an SBE entity within an SBC service.

Step 4

reject-threshold

 

Router(config-sbc-sbe)# reject-threshold major memory 20 5

Configures the memory threshold and reject rate for new calls.

Step 5

end

 

Router(config-sbc-sbe)# end

Enable exit from the config-sbc-sbe mode.

Step 6

show sbc sbc-name sbe call-stats reject-threshold

 

Router# show sbc mySbc sbe call-stats reject-threshold

Shows the reject threshold details for the selected SBC.

Configuring DBE in the Unified Model

This section describes how to configure a DBE on a Cisco ASR 1000 Series Routers in the unified model.

The DBE configuration is still required when running in the unified model because the DBE configuration provides the information necessary for the RTP media to flow.

Prerequisites

When running Cisco Unified Border Element (SP Edition) with 500 or more active calls, configure the huge buffer size to 65535 bytes with the buffer huge size 65535 command to ensure the buffer is large enough for audit responses.

SUMMARY STEPS

1. configure

2. sbc sbc-name

3. media-address ipv4 A.B.C.D

4. activate

5. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1

configure

 
Router# configure terminal

Enters global configuration mode.

Step 2

sbc sbc-name

 
Router(config)# sbc mySbc

Creates the SBC service on Cisco Unified Border Element (SP Edition) and enters into SBC-DBE configuration mode.

Step 3

media-address ipv4 {A.B.C.D}

 

Router(config-sbc)# media-address ipv4 1.1.1.1

Adds the IPv4 address which can be used by the DBE as a local media address. This address is the SBC virtual interface address.

Step 4

activate

 

Router(config-sbc)# activate

Initiates the SBC service, for DBE and SBE.

Step 5

end

 

Router(config-sbc)# end

Exits SBC-DBE configuration mode and returns to Exec mode.

Configuring Cisco Unified Border Element (SP Edition) Unified Model: Example

The following is an example of a Cisco Unified Border Element (SP Edition) unified model configuration:

Router# show run sbc
Generating configuration....
sbc test
sbe
adjacency sip Access
signaling-address ipv4 88.103.29.100
signaling-port 5060
remote-address ipv4 200.200.200.0 255.255.255.0
signaling-peer 200.200.200.118
signaling-peer-port 5060
attach
adjacency sip Core
signaling-address ipv4 88.103.33.100
signaling-port 5060
remote-address ipv4 200.200.200.0 255.255.255.0
signaling-peer 200.200.200.118
signaling-peer-port 5060
attach
call-policy-set 1
first-call-routing-table start-table
rtg-src-adjacency-table start-table
entry 1
action complete
dst-adjacency Core
match-adjacency Access
entry 2
action complete
dst-adjacency Access
match-adjacency Core
complete
active-call-policy-set 1
 
media-address ipv4 88.103.29.100
media-timeout 30
deactivation-mode normal
activate

Configuring Memory Alerting: Example

The following example shows how to configure memory threshold and reject rate for new calls:

Router# configure
Router(config)# sbc mySbc
Router(config-sbc)# sbe
Router(config-sbc-sbe)# reject-threshold minor memory 30 0
Router(config-sbc-sbe)# reject-threshold major memory 20 5
Router(config-sbc-sbe)# reject-threshold critical memory 15 9
Router(config-sbc-sbe)# end
Router# show sbc mySbc sbe call-stats reject-threshold
Level Memory Trigger Action
-------------------------------------------------
minor < 30 percent 0 in 10 calls dropped
major < 20 percent 5 in 10 calls dropped
critical < 15 percent 9 in 10 calls dropped
halt < 10 percent 10 in 10 calls dropped
Current level: NORMAL
Total calls rejected due to low memory threshold: 0

Image Upgrade Procedure for Cisco Unified Border Element
(SP Edition)

The following procedures describe how to perform an image upgrade.


Step 1 Copy the Cisco Unified Border Element (SP Edition) image from the tftp location onto your hard disk:

Step 2 Check if the node has two RP cards using the show platform command.

If the node has two RP cards, copy the image to the standby card using the following command:

Router# copy harddisk:asr1000rp1new_image.bin stby-harddisk:asr1000rp1new_image.bin

Step 3 Do a no boot system of the existing image on the Active RP using the following command:

Router(config)# no boot system harddisk:asr1000rp1old_image.bin

Step 4 Start the upgrade using the following command:

RTP-ASR-1(config)# boot system harddisk:asr1000rp1<new_image>.bin

Step 5 Do a show run to check if the changes are reflected.

Step 6 Reload the node using the reload command:

Router# reload
 
System configuration has been modified. Save? [yes/no]: y
Building configuration...
[OK]
Proceed with reload? [confirm] y

Step 7 To verify that the new image is loaded after the “reload,” use the show version command.

Step 8 After the upgrade, check that all the cards have come up in the Active state by using the show platform command.