Configuring Cisco Session Border Controllers


Revised June 30, 2011

This section describes the Cisco TelePresence Exchange System configuration requirements for the session border controller (SBC) functionality.

This section includes the following topics:

Creating a Session Border Controller Interface

Creating a Management Interface

Creating the SBC Instance

Configuring the Signaling Border Element

Defining a Media Address

The procedures in this section assume that a Cisco Aggregation Series Router (Cisco ASR) serves as an SBC, and that the router is installed and active in the network. See the Release Notes for the Cisco TelePresence Exchange System document for information about the Cisco routers that support SBC functionality. The document is available at http://www.cisco.com/go/ctx-relnotes.

For more information about configuring the SBC on the Cisco ASR, see the Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model document at http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html.

For more details on the commands shown in the configuration commands below, see the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model document at http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html.


Note Cisco Unified Border Element (SP Edition) was formerly known as Integrated Session Border Controller and may be referenced in this document as the session border controller (SBC).


Creating a Session Border Controller Interface

You must create an SBC interface for each SBC module in the Cisco ASR and assign at least one primary IP address to the interface.

Procedure

To configure the SBC interface, do the following procedure:

 
Command
Purpose

Step 1 

Router# configure terminal

Enters global configuration mode.

Step 2 

Router(config)# interface sbc 
interface-number

Creates a virtual SBC interface on the Cisco ASR.

Step 3 

Router(config-if)# ip address 
{IPv4 ip address} {IPv4 subnet 
address}

Assigns a primary IP address and subnet mask to the SBC interface.

Step 4 

Router(config-if)# ip address 
{IPv4 ip address} {IPv4 subnet 
address} secondary

(Optional) Assigns a secondary IP address and subnet mask to the SBC interface.

The following example shows how to create an SBC interface and assign primary and secondary IP addresses and subnet masks:

Router(config)# interface sbc 1
Router(config-if)# ip address 10.22.141.100 255.255.255.248
Router(config-if)# ip address 10.22.141.101 255.255.255.248 secondary
Router(config-if)# ip address 10.22.141.102 255.255.255.248 secondary

Creating a Management Interface

You must define at least one management interface on the Cisco ASR for Telnet and SSH remote access.

Procedure

To define a management interface, do the following procedure:

 
Command
Purpose

Step 1 

Router(config)# GigabitEthernet 
module / slot / port 

Enters interface configuration mode for the specified interface.

Step 2 

Router(config-if)# ip address 
{IPv4 ip address} {IPv4 subnet 
address}

Assigns an IP address and subnet mask to the management interface.

Step 3 

Router(config-if)# negotiation 
auto

Enables negotiation of the speed, duplex mode, and flow control on the Gigabit Ethernet interface.

The following example shows how to configure a management interface:

Router(config)# interface GigabitEthernet 0/0/0
Router(config-if)# ip address 10.22.139.84 255.255.255.224
Router(config-if)# negotiation auto

Creating the SBC Instance

To configure the signaling border element (SBE) and data border element (DBE) on the SBC, you first create an SBC instance.

Procedure

To create the SBC instance, do the following procedure:

 
Command
Purpose

Step 1 

Router(config)# sbc 
service-name

Creates the SBC instance and enters SBC configuration mode.

Step 2 

Router(config-sbc)# sbe

Enters SBE configuration mode.

Step 3 

Router(config-sbc-sbe)# 
secure-media

Enables media pass through, which configures the SBC to treat every media flow as an encrypted media flow. This action enables DTLS and SRTP media packets to pass through the SBC.

The following example shows how to create the SBC instance and enable secure media pass through:

Router(config)# sbc mmsbc
Router(config-sbc)# sbe
Router(config-sbc-sbe)# secure-media

Configuring the Signaling Border Element

You configure the signaling border element (SBE) to enable SIP signaling functionality such as header and method profiles, adjacencies, call admission control policies, route tables and blacklists.

SBE configuration is described in the following sections:

Configuring Default Profiles

Creating Adjacencies

Configuring CAC Policy

Configuring Call Policies

Configuring SIP Timers

Defining Blacklists

Configuring Default Profiles

Procedure

To configure the default profiles on the SBE, do the following procedure:

 
Command
Purpose

Step 1 

Router(config)# sbc 
service-name

Enters SBC configuration mode for the specified SBC instance.

Step 2 

Router(config-sbc)# sbe

Enters SBE configuration mode.

Step 3 

Router(config-sbc-sbe)# 
sip-header profile profile-name

Configures a header profile for the SBE. Enter default as the profile-name to configure the default header profile. The default profile is used for all adjacencies that do not have a specific profile configured.

Step 4 

Router(config-sbc-sbe-sip-hdr)# 
header header-name

Adds the specified header to the profile.

Step 5 

Router(config-sbc-sbe-sip-hdr-e
le)# action pass 
{add-first-header | add-header 
| as-profile | drop-msg | pass 
| replace-name | replace-value 
| strip}

Configures the action to take on the header. For the Cisco TelePresence Exchange System configuration, always set the action to pass, which allows the message to proceed.

Step 6 

Router(config-sbc-sbe-sip-hdr-e
le)# exit
Router(config-sbc-sbe-sip-hdr)# 
exit

Exits the header profile configuration mode.

Step 7 

Router(config-sbc-sbe)# sip 
method-profile default

Configure a method profile for the SBE. Enter default as the profile-name to configure the default method profile. The default profile is used for all adjacencies that do not have a specific profile configured.

Step 8 

Router(config-sbc-sbe-sip-mth)# 
pass-body

Permits SIP message bodies to pass through.

Step 9 

Router(config-sbc-sbe-sip-mth)# 
method method-name

Adds a method with a specified name to a SIP message profile.

Step 10 

Router(config-sbc-sbe-sip-mth)# 
action pass

Configures the action to take for the message. For the Cisco TelePresence Exchange System configuration, always set the action to pass, which allows the message to proceed.

Step 11 

Router(config-sbc-sbe-sip-mth)# 
exit

Exits the method profile configuration mode.

Step 12 

Router(config-sbc-sbe)# sip 
option-profile default

Configures the default SIP option profile for either a SIP option white list or black list profile on the SBE.

Step 13 

Router(config-sbc-sbe-sip-opt)# 
option opt-name

Adds an option to the profile.

Step 14 

Router(config-sbc-sbe-sip-opt)# 
exit

Exits the option profile configuration mode.

The following example shows how to define default header and method profiles:

Router(config)# sbc mmsbc
Router(config-sbc)# sbe
Router(config-sbc-sbe)# sip-header profile default
Router(config-sbc-sbe-sip-hdr-prf)# header Allow entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header Reason entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header SERVER entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header DIVERSION entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header Allow-Events entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header session-expiry entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header Session-Expires entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe-sip-hdr-prf)# header RESOURCE-PRIORITY entry 1
Router(config-sbc-sbe-sip-hdr-prf-ent)# action pass
Router(config-sbc-sbe)# sip method-profile default
Router(config-sbc-sbe-sip-mth)# pass-body
Router(config-sbc-sbe-sip-mth)# method INFO
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method REFER
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method INVITE
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method NOTIFY
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method OPTION
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method UPDATE
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe-sip-mth)# method SUBSCRIBE
Router(config-sbc-sbe-sip-mth)# action pass
Router(config-sbc-sbe)# sip-option profile default
Router(config-sbc-sbe-sip-opt)# option TIMER
Router(config-sbc-sbe-sip-opt)# option REPLACES
Router(config-sbc-sbe-sip-opt)# exit

Creating Adjacencies

An adjacency represents a signaling relationship with a remote call agent. The adjacency defines protocol-specific parameters as well as admission control and routing policy. Each incoming call is matched to an adjacency, and each outgoing call is routed out over an adjacency.

You need to create adjacencies between the SBE and the following network elements:

Cisco Application Control Engine

Hosted Cisco Unified Communications Manager

Both Cisco TelePresence Exchange System call engines

Also, you need to create an adjacency for each remote SP to which we provide interconnect service.Procedure

To create an adjacency, do the following procedure:

 
Command
Purpose

Step 1 

Router(config-sbc-sbe)# adjacency 
(sip | h323} adjacency-name

Enters configuration mode for the specified SIP or H.323 adjacency. For the Cisco TelePresence Exchange System configuration, enter sip as the type of adjacency.

Step 2 

Router(config-sbc-sbe-adj-sip)# nat 
force-off

Configures network address translation (NAT) for the adjacency.

Note The nat force-off option is the only supported option in this configuration.

The nat force-off option sets the SIP adjacency to assume that all endpoints are not behind a NAT device.

Step 3 

Router(config-sbc-sbe-adj-sip)# 
hunting-trigger error-codes

Configures SIP to retry routing to the adjacency if it receives one of the specified error codes.

Step 4 

Router(config-sbc-sbe-adj-sip)# 
preferred-transport {tcp|udp}

Sets the preferred transport protocol for SIP signaling on the adjacency.

Step 5 

Router(config-sbc-sbe-adj-sip)# 
signaling-address{ipv4_IP_address|i
pv6_IP_address}

Configures the local IP signaling address of the SIP adjacency.

Step 6 

Router(config-sbc-sbe-adj-sip)# 
signaling-port port-num [max- 
port-num]

Configures the local port number for the signaling address of the SIP adjacency. Specify a maximum port number to configure a range of port values. The default port number is 5060.

Step 7 

Router(config-sbc-sbe-adj-sip)# 
statistics-setting summary

Enables the show sbc sbe sip-method-stats command to display a summary level of statistics about SIP request names.

Step 8 

Router(config-sbc-sbe-adj-sip)# 
remote-address ipv4 remote-address

Restricts the set of remote signaling peers that can be contacted over the adjacency to those with the given IP address prefix.

Note For Cisco TelePresence Exchange System configuration, enter the virtual IP (VIP) address of the Cisco ACE as the remote address.

Step 9 

Router(config-sbc-sbe-adj-sip)# 
signaling-peer peer-name

Configures the SIP adjacency to use the specified remote signaling-peer. Specify the IPv4 address of the signaling peer in dotted-decimal format.

Note For Cisco TelePresence Exchange System configuration, enter the VIP address of the Cisco ACE as the signaling peer.

Step 10 

Router(config-sbc-sbe-adj-sip)# 
attach 

Attaches the adjacency to the SBC instance. The adjacency is now available for SIP call processing.

The following example shows how to create an adjacency between the SBE and the Cisco ACE:

Router(config)# sbc mmsbc
Router(config-sbc)# sbe
Router(config-sbc-sbe)# adjacency sip SBC-ACE
Router(config-sbc-sbe-adj-sip)# nat force-off
Router(config-sbc-sbe-adj-sip)# hunting-trigger 408 500 503
Router(config-sbc-sbe-adj-sip)# preferred-transport tcp
Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.22.141.100
Router(config-sbc-sbe-adj-sip)# statistics-setting summary
Router(config-sbc-sbe-adj-sip)# signaling-port port-num 5060
Router(config-sbc-sbe-adj-sip)# remote-address ipv4 10.22.141.98 255.255.255.255
Router(config-sbc-sbe-adj-sip)# signaling-peer 10.22.141.98
Router(config-sbc-sbe-adj-sip))# attach 

The following example shows how to create an adjacency between the SBC and the Unified CM and how to define a call admission control policy for the SBE:

Router(config)# sbc mmsbc
Router(config-sbc)# sbe
Router(config-sbc-sbe)# adjacency sip UNCM-SBC
Router(config-sbc-sbe-adj-sip)# nat force-off
Router(config-sbc-sbe-adj-sip)# hunting-trigger 408 500 503
Router(config-sbc-sbe-adj-sip)# preferred-transport tcp
Router(config-sbc-sbe-adj-sip)# signaling-address ipv4 10.22.141.100
Router(config-sbc-sbe-adj-sip)# signaling-port port-num 5060
Router(config-sbc-sbe-adj-sip)# remote-address ipv4 10.22.139.70 255.255.255.255
Router(config-sbc-sbe-adj-sip)# signaling-peer 10.22.139.70
Router(config-sbc-sbe-adj-sip)# attach

Configuring CAC Policy

You need to define call admission control (CAC) policy to instruct the SBC to ignore the media bandwidth fields in the session description protocol (SDP) messages.

Procedure

To define a CAC policy, do the following procedure:

 
Command
Purpose

Step 1 

Router(config-sbc-sbe)# 
cac-policy-set policy-set-id

Creates a new CAC policy set for the SBE. The new CAC policy set is empty until you define additional parameters for the policy.

Step 2 

Router(config-sbc-sbe-cacpolicy)# 
first-cac-table table-name

Defines the first policy table to process when performing the admission control stage of policy.

Step 3 

Router(config-sbc-sbe-cacpolicy)# 
cac-table table-name

Creates an admission control table for the CAC policy set created in Step 1.

Step 4 

Router(config-sbc-sbe-cacpolicy 
-cactable)# table-type policy set

Configures the CAC table type. Policy set specifies that the event is applied to all entries in the table.

Step 5 

Router(config-sbc-sbe-cacpolicy 
-cactable)# entry entry-id

Creates an entry in the CAC table.

Step 6 

Router(config-sbc-sbe-cacpolicy 
-cactable-entry)# media 
bandwidth-fields ignore

Sets the media flag to ignore the media bandwidth fields (b-line) in the session description protocol (SDP) messages. The SBC will use the CODEC value in the SDP message to calculate the baseline bandwidth required for the media stream.

Step 7 

Router(config-sbc-sbe-cacpolicy 
-cactable-entry)# action 
cac-complete

Configures the action to perform after this entry in the CAC table. The cac-complete keyword specifies that no further action is required for this CAC policy.

Step 8 

Router(config-sbc-sbe-cacpolicy 
-cactable-entry)# exit

Exits the CAC table entry configuration mode.

Step 9 

Router(config-sbc-sbe-cacpolicy)# 
complete

Marks the end of a CAC policy set definition.

Step 10 

Router(config-sbc-sbe-cacpolicy)# 
exit

Exits the CAC policy configuration mode.

Step 11 

Router(config-sbc-sbe)# 
active-cac-policy-set policy-set-id

Sets the active CAC policy set within the SBE.

The following example shows how to define a call admission control policy for the SBE:

Router(config-sbc-sbe)# cac-policy-set 1
Router(config-sbc-sbe-cacpolicy)# first-cac-table BW
Router(config-sbc-sbe-cacpolicy)# cac-table BW
Router(config-sbc-sbe-cacpolicy-cactable)# table-type policy set
Router(config-sbc-sbe-cacpolicy-cactable)# entry 1
Router(config-sbc-sbe-cacpolicy-cactable-entry)# media bandwidth-fields ignore
Router(config-sbc-sbe-cacpolicy-cactable-entry)# action cac-complete
Router(config-sbc-sbe-cacpolicy-cactable-entry)# exit
Router(config-sbc-sbe-cacpolicy)# complete
Router(config-sbc-sbe-cacpolicy)# exit
Router(config-sbc-sbe)# active-cac-policy-set 1

Configuring Call Policies

Create a call policy set to contain the incoming and outgoing route tables. The route tables provide a mapping of each incoming and outgoing call to its corresponding adjacency.

Entries in the SBC route table must match the corresponding entries in the Cisco TelePresence Exchange System routing tables. The carrier ID that you insert on an incoming route (or use as the match parameter on an outgoing route) needs to match the SBC Tag field in the Cisco TelePresence Exchange System. See the "Configuring Routes" section on page 12-1 for information about configuring routes on the Cisco TelePresence Exchange System.

Procedure

To create a call policy set and configure the route tables, do the following procedure:

 
Command
Purpose

Step 1 

Router(config-sbc-sbe)# 
call-policy-set policy-set-id

Creates a new policy set for processing calls within the SBE.

Step 2 

Router(config-sbc-sbe-rtgpolicy)# 
first-call-routing-table 
table-name

Configures the name of the first routing table for new-call events.

Step 3 

Router(config-sbc-sbe-rtgpolicy)# 
rtg-src-adjacency-table table-id

Creates a new routing table whose entries match the source adjacency.

Step 4 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable)# entry entry-id

Creates an entry in the routing table.

Step 5 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# action 
{complete | {next-table 
go-to-table-name } }

Specifies the next routing table to process if the event matches the entry. Action complete specifies that no further action is required.

Step 6 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# edit-cic 
replace ds

Replaces the carrier ID in the SIP message with the specified digit string.

Step 7 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# dst-adjacency 
target-adjacency

Configures the destination adjacency for calls that match this table entry.

Step 8 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# match-adjacency 
key

Configure the source adjacency as the match value for this table entry.

Step 9 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# exit

Exits the routing table entry (rtgtable-entry) mode.

Step 10 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable)# exit

Exits the routing table (rtgtable) mode.

Step 11 

Router(config-sbc-sbe-rtgpolicy)# 
rtg-carrier-id-table table-id

Creates a new routing table whose entries match the carrier ID field.

Step 12 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable)# entry entry-id

Creates an entry in the routing table.

Step 13 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# action 
{complete | {next-table 
go-to-table-name } }

Specifies the next routing table to process if the event matches the entry. Action complete specifies that no further action is required.

Step 14 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# edit-cic 
replace ds

Replaces the carrier ID in the SIP message with the specified digit string.

Step 15 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# dst-adjacency 
target-adjacency

Configures the destination adjacency of an entry in a routing table.

Step 16 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# match-cic key

Configures the carrier ID match value of the entry.

Step 17 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable-entry)# exit

Exits the routing table entry (rtgtable-entry) mode.

Step 18 

Router(config-sbc-sbe-rtgpolicy 
-rtgtable)# exit

Exits the routing table (rtgtable) mode.

Step 19 

Router(config-sbc-sbe-rtgpolicy)# 
complete

Marks the end of a call policy set definition.

Step 20 

Router(config-sbc-sbe-rtgpolicy)# 
exit

Exits the routing policy (rtgpolicy) mode.

Step 21 

Router(config-sbc-sbe)# 
active-call-policy-set 
policy-set-id

Activates the call policy set.

The following example shows how to create a call policy for the SBE and match it to an adjacency:

Router(config-sbc-sbe)# call-policy-set 1
Router(config-sbc-sbe-rtgpolicy)# first-call-routing-table INCOMING
Router(config-sbc-sbe-rtgpolicy)# rtg-src-adjacency-table INCOMING
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 200 
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-ACE
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency WMT-ADJ1
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 400 
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-ACE
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-UNCM
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 3
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-ACE
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 4
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-Engine1
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 5
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action next-table CIC-OUTGOING
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-adjacency SBC-Engine2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit

Router(config-sbc-sbe-rtgpolicy)# rtg-carrier-id-table OUTGOING
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 0 
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency WMT-ADJ1
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-cic 200 
Router(config-sbc-sbe-rtgpolicy-rtgtable)# entry 2
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# action complete
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# edit-cic replace 0 
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# dst-adjacency SBC-UNCM
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# match-cic 200 
Router(config-sbc-sbe-rtgpolicy-rtgtable-entry)# exit
Router(config-sbc-sbe-rtgpolicy-rtgtable)# exit
Router(config-sbc-sbe-rtgpolicy)# complete
Router(config-sbc-sbe-rtgpolicy)# exit
Router(config-sbc-sbe)# active-call-policy-set 1

Configuring SIP Timers

Procedure

To define a SIP timer for call processing within the SBE, do the following procedure:

 
Command
Purpose

Step 1 

Router(config-sbc-sbe)# sip timer

Enters the SIP timer configuration mode.

Step 2 

Router(config-sbc-sbe-sip-tmr)# 
tcp-idle-timeout interval

Specifies the minimum time, in milliseconds, that the TCP connection stays active when it is not processing any traffic. After the timeout period expires, the TCP connection closes. The default value is 120,000 ms.

Step 3 

Router(config-sbc-sbe-sip-tmr)# 
tcp-connect-timeout interval

Specifies the time, in milliseconds, that the SBC waits for a SIP TCP connection to a remote peer to complete before timing out. The default value is 30,000 ms.

Step 4 

Router(config-sbc-sbe-sip-tmr)# 
exit

Exits the SIP timer configuration mode.

The following example shows how to set a SIP timer for the SBE:

Router(config-sbc-sbe)# sip timer
Router(config-sbc-sbe-sip-tmr)# tcp-idle-timeout 120000
Router(config-sbc-sbe-sip-tmr)# tcp-connect-timeout 5000
Router(config-sbc-sbe-sip-tmr)# exit

Note The values shown in the previous example are the recommended values for the Cisco TelePresence Exchange System configuration.


Defining Blacklists

Procedure

To define a global blacklist for the SBE, do the following procedure:

 
Command
Purpose

Step 1 

Router(config-sbc-sbe)# 
blacklist global

Creates a global blacklist for configuring event limits.

Step 2 

Router(config-sbc-sbe-blacklist
-global)# reason event

Configures the event type for which SBC applies the limit.

Step 3 

Router(config-sbc-sbe-blacklist 
-global-reason)# timeout number 
{milliseconds|seconds|minutes| 
hours|days}

Defines the length of time that packets are blocked from the source if the number of authentication requests exceed the set limit.

Step 4 

Router(config-sbc-sbe-blacklist 
-global-reason)# exit

Exits reason configuration mode.

Step 5 

Router(config-sbc-sbe-blacklist 
-global)# exit

Exits blacklist global mode.

Step 6 

Router(config-sbc-sbe)# 
blacklist global 
address-default

Configures a default event limit for all addresses within the SBE.

Step 7 

Router(config-sbc-sbe-blacklist
-global)# reason event

Defines an event type that triggers application of the blacklist.

Step 8 

Router(config-sbc-sbe-blacklist 
-global-reason)# timeout number 
{milliseconds|seconds|minutes| 
hours|days}

Defines the length of time that packets are blocked from the source if the number of authentication requests exceeds the set limit.

Step 9 

Router(config-sbc-sbe-blacklist 
-global)# exit

Exits blacklist global mode and completes configuration of default event limits for all addresses.

The follow example shows how to set a global blacklist for the SBE:

Router(config-sbc-sbe)# blacklist global
Router(config-sbc-sbe-blacklist-global)# reason authentication-failure
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason bad-address
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason routing-failure
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason endpoint-registration
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason policy-rejection
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason corrupt-message
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global-reason)# exit

Router(config-sbc-sbe)# blacklist global address-default
Router(config-sbc-sbe-blacklist-global)# reason authentication-failure
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason bad-address
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason routing-failure
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason endpoint-registration
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason policy-rejection
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global)# reason corrupt-message
Router(config-sbc-sbe-blacklist-global-reason)# timeout 1 milliseconds
Router(config-sbc-sbe-blacklist-global-reason)# exit
Router(config-sbc-sbe-blacklist-global)# exit
Router(config-sbc-sbe)#

Defining a Media Address

Configure a local media address for traffic that arrives on the SBE for each defined SBC virtual IP address (see the "Creating a Session Border Controller Interface" section). The SBC inserts its own address into the media stream.

After you configure a local media address, the media address cannot be modified while the SBE service is active.

The media address is a pool of IP addresses on the SBE for media relay functionality.

Procedure

To define a media address, do the following procedure:

 
Command
Purpose

Step 1 

Router(config)# sbc 
service-name \

Enters SBC configuration mode for the specified SBC instance.

Step 2 

Router(config-sbc)# 
media-address ipv4 IPv4 ip 
address

Configures a local media address for traffic that arrives on the DBE. Define one media address for each of the SBC virtual IP addresses.

Step 3 

Router(config-sbc-media 
-address)# port-range 
min-port max-port any

Defines the valid port range for the media address.

The optional any keyword specifies that the class of service affinity for the port range is any class of service.

If the port-range command is not configured, the default min-port value is 16384, the default max-port value is 32767, and the default class of service affinity is any.

Step 4 

Router(config-sbc-media 
-address)# exit

Exits the media address configuration mode.

Step 5 

Router(config-sbc)# dbe

Enters DBE configuration mode.

Step 6 

Router(config-sbc-dbe)# media 
timeout timeout

Sets the maximum time in seconds that an SBE waits after receiving the last media packet on a call before cleaning up the call resources.

Step 7 

Router(config-sbc-dbe)# 
activate

Activates the DBE.

The following example shows how to define a local media address for each defined SBC virtual IP address:

Router(config-sbc)# media-address ipv4 10.22.141.102 
Router(config-sbc-media-address)# port-range 16384 32766 any
Router(config-sbc-dbe)# media timeout 600
Router(config-sbc-dbe)# activate