Contents
This module contains the following sections:
Prerequisites
The following prerequisite is required to implement IPv6 Support:
Before implementing IPv6 Support, Cisco Unified Border Element (SP Edition) must already be configured.
Restrictions
The following are restrictions for IPv6 support on the Cisco Unified Border Element (SP Edition):
- H.323 over IPv6 is not supported.
- H.248 over IPv6 is not supported.
- The SBC does not support receiving and sending multiple IP addresses per media stream.
For more information, refer to RFC 4091, The Alternative Network Address Types (ANAT) Semantics for the Session Description Protocol (SDP) Grouping Framework and ICE (Interactive Connectivity Establishment).
- DNS look up over IPv6 is not supported.
- RADIUS (accounting and authentication) over IPv6 is not supported.
Information About IPv6 Support
In Cisco IOS XE Release 2.6, Cisco Unified Border Element (SP Edition) supports IPv6 addressing on the unified model for SIP signaling and media in the following ways:
- IPv4 to IPv6 SIP signaling interworking
- IPv4 to IPv6 media interworking
- IPv6 to IPv6 SIP signaling
- IPv6 to IPv6 media RTP interworking
- AAAA DNS query support
IPv6 to IPv6 RTP interworking on the media plane have been supported on the distributed model. The unified model now can enable IPv6 to IPv6 SIP signaling calls and IPv4 to IPv6 SIP signaling and media interworking calls.
The default behavior is that SBC assumes that the media address type to be used must match the signaling address type configured on the adjacency. Thus the default behavior which can be overridden by configuring a Call Admission Control (CAC) policy is for the media (RTP) to use the same version as used by signaling (SIP). The IP version used by SIP is dictated by the IP addresses configured on the adjacency. For example, if the incoming SIP INVITE comes in on an IPv4 adjacency and is routed out via an IPv6 adjacency, the incoming RTP will come over IPv4 and will be sent out over IPv4
IPv6 support for SIP calls affects the following SBC functions and existing unified SBC features:
- SIP URIs—IPv6 addresses are parsed in SIP URIs.
- Interworking IPv4 and IPv6 Adjacencies:
– IPv6 addresses are passed through without modification in the Contact Username Passthrough feature.
– SBC supports IP/fully-qualified domain name (FQDN) entries for IPv6 adjacencies
Note An adjacency can be configured for either IPv4 or IPv6 addresses only. Combinations of IPv4 and IPv6 addresses on the same adjacency are not supported.
Note An adjacency configured for IPv4 cannot be changed to IPv6 and vice-versa, without deleting and recreating the adjacency. If the adjacency is referred to in the routing or CAC tables, these references must be removed before unconfiguring the adjacency.
- TLS over IPv6—Handles IPv6 addresses for adjacencies configured for SIP over Transport Layer Security (TLS) encryption.
- Access Authentication for SIP over IPv6
Supports IPv6 adjacencies for SIP inbound authentication to challenge inbound SIP requests.
For an incoming call over an IPv6 adjacency if the adjacency is configured for access authentication or inbound authentication, the call is challenged with a nonce (similar to what occurs in IPv4 addressing). The subsequent REGISTER message must have authentication parameters that should result in a RADIUS Access Request or an Access Accept (or reject) message. Note that the communication with the RADIUS server occurs over IPv4.
- Billing for IPv4 and IPv6 Calls
Packetcable billing records do not have IP addresses embedded in them. Therefore, billing for IPv6 calls work in the same manner as for IPv4 calls and no additional configuration is needed in billing and RADIUS configuration.
However only IPv4 addressing is supported for communicating with the RADIUS server. Both authentication and accounting requests go over IPv4, even when the requests are coming over an IPv6 adjacency. The control address used as source address in RADIUS requests is IPv4 only.
The billing manager local address goes in the NAS IP address field of RADIUS requests. This address is also an IPv4 address.
- SRTP Passthrough mode—No additional configuration changes for IPv6 addressing.
- Media bypass in Call Admission Control—The SBC must not attempt to perform media bypass between endpoints with different IP versions, even if media bypass CAC policy permits it.
- Blacklist Support—Supports the configuration of blacklist entries with IPv6 addresses or prefixes in the same way as IPv4 addresses.
- Logging—Displays IPv6 and IPv4 addresses.
- Late-to-Early Media Interworking—Supports calls terminating and originating from an IPv6 adjacency.
- Softswitch Shielding—Supports IPv6 endpoints registering with a softswitch.
- Call Hold—Supports IPv4 to IPv6 call interworking.
Using “c=0.0.0.0” as specified in RFC 2543 to indicate call hold is not valid with IPv6 addresses, and you must use “a=sendonly/inactive” to indicate a call hold.
- ToS/DSCP Marking for Signaling Messages—Supports DSCP marking for outgoing IPv4 and IPv6 signaling packets.
- SIP Header Manipulation—Supports the passthrough header TO and FROM functionality for IPv6 to IPv4 interworked calls by passing the headername unchanged for incoming calls.
SBC rewrites the CONTACT header for outgoing calls.
- DTMF Interworking—Supports IPv6 adjacencies.
- IP Realms—Supports IPv6 adjacencies. IP addresses are assigned based on the realm configured on the IPv6 or IPv4 adjacency.
- SIP Instant Messaging—Supports IPv4 to IPv6 interworked calls.
- SIP IP-FQDN URI Translation—Supports IP-FQDN entries for IPv6 adjacencies.
- Domain Name Lookup (DNS)—Supports name lookup for IPv6 addresses and supports both A and AAAA DNS queries. DNS lookup happens over IPv4.
- Fast Registration—Supports IPv6 addresses.
- High Availability—IPv4 to IPv6 and IPv6 to IPv6 calls behave the same as IPv4 to IPv4 calls during failover.
Calls over UDP are replicated. For calls made over TCP, the signaling state is not replicated and will generate a TCP reset on receiving any SIP message after switchover.
- Media Hair-pinning—Supports IPv6 to IPv6 call hair pinning in the same manner as IPv4 to IPv4 calls. With media hair-pinning, calls come in and go back out on the same adjacency.
Note IPv4 to IPv6 hair-pinning is not supported because an adjacency can only be an IPv4 adjacency or an IPv6 adjacency.
- 3xx Redirect Messages—Supports redirection from IPv4 to IPv6 and from IPv6 to IPv4.
3xx represents a class of SIP response codes used in SIP to indicate that the sender of the request should try the request to an alternate URI or URIs that are presented in the 3xx response. Some of the widely-used response code examples are 301 “Moved Temporarily” or 302 “Moved Permanently.”
Performing ISSU for IPv6 Calls
When performing ISSU to upgrade to a higher version Cisco IOS XE release, IPv4 to IPv4 calls migrate successfully to the higher version.
Before performing ISSU to migrate to a lower version release, you must first unconfigure all IPv6 adjacencies and remove all active IPv6 call states. You can clear calls through IPv6 adjacencies with the no attach force abort command. This command executes a forced detach, tearing down calls without signaling their end.
When performing ISSU to downgrade to a lower version Cisco IOS XE release, for example from Cisco IOS XE Release 2.6 to 2.5, if there is any IPv6 configuration or any active calls through an IPv6 adjacency, an error message is reported. If the user continues with the ISSU, the system will reach stateful switchover (SSO) without the SBC configuration being available on the standby processor. Before performing a downgrade, unconfigure all IPv6 configuration and dynamic state (for example, IPv6 to IPv6 and IPv6 to IPv4 calls, as well as IPv6 blacklists).
Configuring IPv6
To configure Cisco Unified Border Element (SP Edition) for IPv6 to IPv6 calls or IPv4 to IPv6 interworked calls, configure the local and remote addresses on the adjacency with IPv6 addresses.
If you have a peer or another SBC in your network that supports both IPv4 and IPv6 addresses, then you should define two adjacencies on the local SBC, one adjacency with IPv4 addresses and a second adjacency with IPv6 addresses.
Configuration Examples
The following example shows the asr1 SBC configured with IPv6 and IPv4 signaling and remote addresses on several SIP adjacencies and the 1 call policy set using a round-robin routing rule to implement call routing:
Note The caller and callee commands have been used in this procedure. In some scenarios, the branch command can be used as an alternative to the caller and callee command pair. The branch command has been introduced in Release 3.5.0. See the “Configuring Directed Nonlimiting CAC Policies” section for information about this command.
control address aaa ipv4 33.33.36.1
radius accounting server1
sip header-profile ccmpf1
sip method-profile method1
sip method-profile ccmmethod1
sip method-profile ccmmethod2
inherit profile preset-p-cscf-access
visited network identifier open-ims.test
local-id host pcscf.open-ims.test
signaling-address ipv6 2001:A401::33:33:36:1
statistics method summary
remote-address ipv6 2001::/64
signaling-peer 2001::10:0:120:19
header-profile inbound ccmpf1
header-profile outbound ccmpf1
method-profile inbound ccmmethod2
method-profile outbound ccmmethod2
signaling-address ipv4 33.33.36.1
statistics method summary
remote-address ipv4 10.0.50.134 255.255.255.255
signaling-peer 10.0.50.134
media-late-to-early-iw incoming
media-late-to-early-iw outgoing
header-profile inbound ccmpf1
header-profile outbound ccmpf1
signaling-address ipv4 33.33.36.1
statistics method summary
remote-address ipv4 10.0.50.135 255.255.255.255
signaling-peer 10.0.50.135
signaling-address ipv4 33.33.36.1
statistics method summary
remote-address ipv4 10.0.50.136 255.255.255.255
signaling-peer 10.0.50.136
signaling-address ipv4 33.33.36.1
statistics method summary
remote-address ipv4 10.0.7.23 255.255.255.255
inherit profile preset-core
signaling-address ipv6 2001:A401::33:33:36:1
statistics method summary
remote-address ipv6 2001::216:ECFF:FE3B:40DD/128
signaling-peer opensips.cisco.com
registration target address opensips.cisco.com
header-name From passthrough
adjacency sip CCM135-IPV6
header-profile inbound ccmpf1
header-profile outbound ccmpf1
method-profile inbound ccmmethod2
method-profile outbound ccmmethod2
signaling-address ipv6 2001:A401::33:33:36:1
statistics method summary
remote-address ipv6 2001::10:0:50:135/128
signaling-peer 2001::10:0:50:135
adjacency sip CCM135-vrfb
signaling-address ipv4 10.190.7.97
statistics method summary
remote-address ipv4 10.0.50.135 255.255.255.255
signaling-peer 10.0.50.135
adjacency sip CCM136-IPv6
header-profile inbound ccmpf1
header-profile outbound ccmpf1
method-profile inbound ccmmethod2
method-profile outbound ccmmethod2
signaling-address ipv6 2001:A401::33:33:36:1
statistics method summary
remote-address ipv6 2001::10:0:50:136/128
signaling-peer 2001::10:0:50:136
adjacency sip SIPP81-IPv6
signaling-address ipv6 2001:A401::33:33:36:1
statistics method summary
remote-address ipv6 2001::/64
signaling-peer 2001::10:0:244:81
first-call-routing-table ROUTE-ON-DEST-NUM
first-reg-routing-table REG-ROUTE-ON-SRC-ADJ
rtg-src-adjacency-table REG-ROUTE-ON-SRC-ADJ
rtg-round-robin-table ROUND-ROBIN
dst-adjacency CCM136-IPv6
rtg-dst-address-table ROUTE-ON-DEST-NUM
action next-table ROUND-ROBIN
match-address 536X digits
action next-table ROUND-ROBIN
match-address 7898X digits
action next-table ROUND-ROBIN
match-address 491X digits
action next-table ROUND-ROBIN
match-address 526X digits
action next-table ROUND-ROBIN
match-address 496X digits
match-address 4553X digits
match-address 789X digits
match-address 5678X digits
match-address 5677X digits
match-address 516X digits
support-type sip-dns-naptr
sip ip-fqdn-mapping 1 ipv6 2001::10:0:50:137 ccm137.cisco.com ip-to-fqdn
local-address ipv4 33.33.36.1
cache path harddisk:/cdr/
packetcable-em 1 transport radius server1
local-address ipv4 33.33.36.1
blacklist global ipv6 2002::10:0:0:1
blacklist critical global ipv6 2003::10:0:0:1
reason authentication-failure
subscriber sip:bob@isp.example.com
sip-contact 2001::10:1:1:2
delegate-registration sip:reg@isp.example.com
header-name supported add path
media-address ipv4 33.33.36.2
media-address ipv6 2001:A401::33:33:36:2
The following example shows different signaling and media addresses configured on the SBC asr1, where the signaling address configured is ipv6 and the media address configured is ipv4:
signaling-address ipv6 2001:A401::33:33:36:1
statistics method summary
remote-address ipv6 2001::10:0:56:186/128
signaling-peer 2001::10:0:56:186
signaling-address ipv6 2001:A401::33:33:36:1
statistics method summary
remote-address ipv6 2009::100:0:0:4/128
signaling-peer 2009::100:0:0:4
first-call-routing-table table1
rtg-dst-address-table table1
match-address 123X digits
media-address ipv4 33.33.36.10
IPv6 Configuration Commands
This section describes the configuration commands used to configure various types of IPv6 addressing or show output listing IPv6 addresses.
For details of the following commands, see the Cisco Unified Border Element (SP Edition) Command Reference: Unified Model at http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html
Table 54-1 lists the new commands introduced in Cisco IOS XE Release 2.6.
Table 54-1 New Commands Introduced in Cisco IOS XE Release 2.6
|
|
callee media-type { ipv4 | ipv6 | inherit | both } |
To configure the media address type settings for a callee on the Cisco Unified Border Element (SP Edition). Use the no form of this command to disable the media address type settings for a callee. |
caller media-type { ipv4 | ipv6 | inherit | both } |
To configure the media address type settings for a caller on the Cisco Unified Border Element (SP Edition). Use the no form of this command to disable the media address type settings for a caller. |
Table 54-2 lists the commands modified for IPv6 addressing in Cisco IOS XE Release 2.6.
Table 54-2 Commands Modified for IPv6 Addressing in Cisco IOS XE Release 2.6
|
|
blacklist [ critical ] global [address-default | { ipv4 { addr } | ipv6 { addr }} [ tcp { tcp-port } | udp { udp-port } | default-port-limit] ] |
The ipv6 keyword was added. Use this command to enter the mode for configuring the default event limits for the IPv6 address. For IPv6, only global option can be used. |
clear sbc sbc-name sbe blacklist [ critical ] { ipv4 addr | ipv6 addr } [{udp | tcp} port] |
The ipv6 keyword was added. To clear the blacklist for the specified Session Border Controller (SBC) service. |
remote-address {ipv4 ip-address ip-mask | ipv6 ip-address / prefix-length } |
The ipv6 keyword was added. To configure either an H.323 or SIP adjacency to restrict the set of remote signaling peers that can be contacted over the adjacency to those with a given IP address prefix. To remove this configuration, use the no form of this command. |
show sbc sbc-name sbe addresses |
The output of this command was modified. |
show sbc sbc-name sbe adjacencies {adjacency-name} [detail] |
The output of this command was modified. |
show sbc sbc-name sbe blacklist critical { ipv4 addr | ipv6 addr } [ tcp tcp-port | udp udp-port ] |
The ipv6 keyword was added. The command was updated to show all configured critical blacklists for IPv6 addresses. |
show sbc sbc-name sbe blacklist [ source] { ipv4 IP address | ipv6 IP address } |
The ipv6 keyword was added. |
show sbc name sbe cac-policy-set [ id [ table name [ entry id ]] | active [ table name [ entry id ] ] ] [ detail ] |
The output of this command was modified. |
show sbc sbc-name sbe calls |
To provide details of IPv6 calls. |
show sbc sbc-name sbe call-stats {all | global | src-sccount name | dst-account name | src-adjacency name | dst-adjacency name } period |
To list the number of active IPv6 calls. |
show sbc sbc-name sbe addresses |
The output of this command was modified. |
show sbc sbc-name sbe sip ip-fqdn-mapping |
Displays the IP-FQDN mapping table. The output of this command was modified to include IPv6 details. |
signaling-address {ipv4 ipv4_IP_address | ipv6 ipv6_IP_address } |
To define the local signaling address of an H.323 (IPv4 only) or SIP adjacency. The ipv6 keyword was added. To return to the default behavior, use the no form of this command. |
sip ip-fqdn-mapping index { ipv4 | ipv6 } ip-address fqdn {both-ways | ip-to-fqdn} |
To configure SIP IP-to-FQDN mapping on signaling border elements (SBEs). The ipv6 keyword was added. |
Table 54-3 lists the command modified for IPv6 addressing in Cisco IOS XE Release 3.1.0S.
Table 54-3 Command Modified for IPv6 Addressing in Cisco IOS XE Release 3.1.0S
|
|
blacklist [ critical ] vpn { vpn-name } [ address-default [ address-family { ipv4 | ipv6 }] | address-family { ipv4 | ipv6 } | ipv4 addr [ tcp { tcp-port } | udp { udp-port } | default-port-limit ] | ipv6 addr [ tcp { tcp-port } | udp { udp-port } | default-port-limit ] ] |
The ipv6 keyword was added. Use this command to enter the mode for configuring the default event limits for the IPv6 address in a VPN. |
Table 54-4 lists the command modified for IPv6 addressing in Cisco IOS XE Release 3.5.0S.
Table 54-4 Command Modified for IPv6 Addressing in Cisco IOS XE Release 3.5.0S
|
|
branch media-type { ipv4 | ipv6 | inherit | both } |
Configures the media address type settings for a caller or callee on the Cisco Unified Border Element (SP Edition). Use the no form of this command to disable the media address type settings for the caller or callee. |