IP Realm Support

The IP Realm feature is supported on the Cisco Unified Border Element (SP Edition) unified model. This feature allows the grouping of addresses known to a data border element (DBE) into realms and supports a method for the signaling border element (SBE) to specify which realm it requires an address from. IP Realm support enables an IP realm to be configured under an adjacency and to be associated with a media address pool.

Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be commonly referred to in this document as the session border controller (SBC).

For a complete description of the commands used in this chapter, refer to the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model at:

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html.

For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or a Cisco IOS master commands list.

Feature History for Support for IP Realm

 

Release
Modification

Cisco IOS XE Release 2.5

This feature was introduced on the unified model on the Cisco IOS XR.

Contents

This module contains the following sections:

Prerequisites

The following prerequisites are required to implement Support for IP Realm:

Before implementing Support for IP Realm, Cisco Unified Border Element (SP Edition) must already be configured.

Information About IP Realm Support on the Unified Model

The IP Realm feature is supported in the unified model by means of the configuration of the IP realm under an adjacency and the IP realm association with a media address or a pool of media addresses. In effect, the adjacency is configured with the realm it belongs to, and the media address or a pool of media addresses is configured to belong to a realm. A call coming in on an adjacency is matched up with a specific media address or media address pool based on the configured realm.

The IP Realm feature adds support to both the SIP and H.323 adjacency configuration to require calls on specific adjacencies to request addresses from a specific realm. For example, when media addresses are to be allocated, the media pools with realm configuration matching the realm configuration on the adjacency are used. If there is no media pool with a matching realm configuration, then pools without any realm tags are used. If there is one or more pools that can be used, the selection criteria is not deterministic.

Each DBE address range may only belong to a single realm. This realm may be changed while the SBC is activated. However the realm change only affects calls set up after the realm change is made and does not affect calls already in existence.

Each adjacency may only select addresses from a single realm. The realm for an adjacency may be changed at any time, but the changed realm only affects new calls.

If there is no address pool with a matching realm the call setup is rejected, resulting in a SIP request failing with error code 503 “Service Unavailable” and an H.323 release complete with a release completion reason of “gatewayResources.”

Media Address Assignment

The user is able to assign a media address or a media address range to a particular realm. If a realm parameter is specified on an incoming adjacency, the SBC selects a media address or an address from a pool that has a matching realm. This allows users to customize their realm matching to implement features, such as wildcarding of realms.


Note All of the other address range selection criteria must also match, that is, VPN ID, class of service (for port ranges).


If the IP realm configuration is absent under the adjacency, then an address is selected from a pool with any or no realm.

If an IP realm is specified under the adjacency, but there is no address pool with a matching realm, the call setup is rejected, resulting in an error code from the DBE of 510 “Insufficient resources.”

IP Realm Identifier

The IP Realm Identifier is used to indicate to which packet network the media addresses belong. The IP Realm identifier is a string, which may be in a domain name format, for example, “mynet.net” or any other string format. The format of the realm string is up to the user with certain restrictions.

The IP Realm Identifier should be provisioned between the SBE and the DBE. Each of the different IP realms possibly interconnecting with a DBE should have a different identifier.

Realms strings are case-insensitive and are made up of the characters in Table 9-1 .

 

Table 9-1 IP Realm Identifier String - Allowed Character Set

Allowed Characters
ASCII
Allowed Characters
ASCII
Allowed Characters
ASCII

A - Z

0x41 - 0x5A

&

0x26

?

0x3F

a - z

0x61 - 0x7A

!

0x21

@

0x40

0 - 9

0x30 - 0x39

_

0x5F

^

0x5E

+

0x2B

/

0x2F

`

0x60

-

0x2D

0x27

~

0x7E

*

0x2A

$

0x24

\

0x5C

(

0x29

)

0x29

%

0x25

|

0x7C

.

0x2E

 

 

Configuring IP Realm Under an Adjacency—Unified Model

To configure an IP Realm under an adjacency in the unified model, you need to perform both of the following tasks:

  • Tag the adjacency with the realm it belongs to using the realm command.
  • Configure the media address or media addresses in a pool to belong to a realm using the media-address ipv4 or media-address pool ipv4 command.

Tagging an Adjacency with a Realm

In the SBC unified model, the adjacencies need to be tagged with the realm that they belong to. This will enable subsequent calls to use media addresses from that realm.

The following example shows how to tag the SIP adjacency Cisco-gw with the realm cisco.com:

Router(config)# sbc mySbc
Router(config-sbc)# sbe
Router(config-sbc-sbe)# adjacency sip Cisco-gw
Router(config-sbc-sbe-adj-sip)# realm cisco.com

The following example shows the running configuration after the SIP adjacency Cisco-gw is tagged with the realm cisco.com:

Router# show run
adjacency sip Cisco-gw
signaling-address ipv4 200.100.50.8
realm cisco.com

Configuring a Media Address or a Pool of Media Addresses to Belong to a Realm

In the SBC unified model, you must configure either a media address or the pool of media addresses to be associated with a realm. If the port range is not configured, the SBC selects the default port range.

The following example configures the media address 40.0.0.1 to belong to the cisco.com realm:

Router(config-sbc)# media-address ipv4 40.0.0.1 realm cisco.com
Router(config-sbc-media-address)# port-range 10000 20000 any

The following example configures a pool of media addresses from which the SBC can select. The SBC can select any address from 40.0.0.2 to 40.0.0.31 as the media address to be associated with the cisco.com realm:

Router(config-sbc)# media-address pool ipv4 40.0.0.2 40.0.0.31 realm cisco.com
Router(config-sbc-media-address)# port-range 10000 20000 any

The following example shows the running configuration after configuring media address 40.0.0.1 to the cisco.com realm:

Router# show run
media-address ipv4 40.0.0.1 realm cisco.com
port-range 10000 20000 any

Show Commands—Unified Model

The following are show commands that can be used to display IP realm information in the unified model.

The show sbc dbe addresses command lists the H.248 control addresses, media addresses, and IP realm information configured on a DBE:

Router# show sbc global dbe addresses
 
SBC Service "global"
No controllers configured.
Media-Address: 40.0.0.1
VRF: Global
Port-Range (Service-Class): 10000-20000 (any)
Realm: cisco.com

The show sbc sbe adjacencies command lists the adjacencies information, including the IP realm information, configured on an SBE:

Router# show sbc global sbe adjacencies Cisco-gw detail
 
SBC Service "global"
Adjacency Cisco-gw (SIP)
Status: Detached
Signaling address: 111.45.103.119:default
Signaling-peer: :5060 (Default)
Force next hop: No
Account:
Group: None
In header profile: Default
Out header profile: Default
In method profile: Default
Out method profile: Default
In body profile: None
Out body profile: None
In UA option prof: Default
Out UA option prof: Default
In proxy opt prof: Default
Out proxy opt prof: Default
Priority set name: None
Local-id: None
Rewrite REGISTER: Off
Target address: None
NAT Status: Auto Detect
Reg-min-expiry: 3000 seconds
Fast-register: Enabled
Fast-register-int: 30 seconds
Register aggregate: Disabled
Registration Required: Disabled
Register Out Interval: 0 seconds
Parse username params: Disabled
Supported timer insert:Disabled
Suppress Expires: Disabled
p-asserted-id header-value: not defined
p-assert-id assert: Disabled
Authenticated mode: None
Authenticated realm: None
Auth. nonce life time: 300 seconds
IMS visited NetID: None
Inherit profile: Default
Force next hop: No
Home network Id: None
UnEncrypt key data: None
SIPI passthrough: No
Passthrough headers:
Media passthrough: No
Client authentication: No
Incoming 100rel strip: No
Incoming 100rel supp: No
Out 100rel supp add: No
Out 100rel req add: No
Parse TGID parms: No
IP-FQDN inbound:
IP-FQDN outbound:
FQDN-IP inbound:
FQDN-IP outbound:
Outbound Flood Rate: None
Hunting Triggers: Global Triggers
Add transport=tls param: Disabled
Redirect mode: Pass-through
Security: Untrusted-Unencrypted
Ping: Disabled
Ping Interval: 32 seconds
Ping Life Time: 32 seconds
Ping Peer Fail Count: 3
Ping Trap sending: Enabled
Ping Peer Status: Not Tested
Rewrite Request-uri: Disabled
Registration Monitor: Disabled
DTMF SIP NOTIFY Relay: Enabled
DTMF SIP NOTIFY Interval: 2000
DTMF SIP default duration: 200
DTMF Preferred Method: SIP NOTIFY
Realm : cisco.com
Statistics setting: Disabled