Professional Documents
Culture Documents
AudioCodes Academy
https://www.audiocodes.com/services-support/audiocodes-academy
Course Objectives
2
Lessons & Course Timetable
Day 1 Day 3
AudioCodes Introduction SBC Media Handling
AudioCodes Devices Management Interfaces Hands-on Lab 3 – SBC Transcoding
AudioCodes Documentation SBC Number & Message Manipulation
Gateways and SBCs Product Line Hands-on Lab 4 – SBC Manipulation
Hands-on Lab 1 – Management Interface Usage SBC Security
Day 2 Day 4
SBC Application Description Digital Gateways Basic Configuration
SBC Basic Terminology SBC Survivability
SBC Configuration SBC High Availability
Debugging Tools – Syslog Hands-on Lab 5 – SBC Survivability
SBC Wizard (optional)
Hands-on Lab 2 – SBC Routing Certification Exam
3
Lesson 1
AudioCodes Introduction
AudioCodes in a glance
https://www.audiocodes.com/corporate/about-audiocodes
5
Global Presence and Support
• Worldwide presence:
• Headquarters: Israel
• North America: USA and Canada
• APAC: Singapore, China, Japan, India, Korea, Australia, Hong Kong, etc.
• EMEA: Germany, UK, France, Netherland, Russia, Italy, South Africa, Poland, Sweden, etc.
• CALA: Brazil, Mexico, Argentina, Colombia, etc.
• Global Distribution Network covering more than 100 countries
• Support Centers covering all time zones
• 3 Logistics Centers in North America, EMEA and APAC
6
Broadest Portfolio of Products
Management/Apps
Routing Manager OVOC UMP Apps
Room Solutions
& IP Phones All-In-One
405 445 450/C450 C470 Video Collaboration Bar Personal Webcam UC-HRS Speakers Conference Phone
Pure SBC
Mediant 2600/B Mediant 4000/B Mediant 90xx Mediant SE Software Edition
Hybrid SBC/Gateway
Mediant 500/L Mediant 800B/C Mediant 1000B Mediant 3100
Gateways/Adaptors
MediaPack 1xx MediaPack 124 MediaPack 20x MediaPack 5xx MediaPack 1288
7
The Voice Experts @ Your Service
Test
5 10 20 25 30 35
9 3
12
End to End 9 3
Managed Services 6
8
Technical Training – Certification Levels
• Participation
VoIP & SIP Fundamentals (1 day)
* No prerequisite • AudioCodes Certificated Associate (ACA)
• AudioCodes Certificated Professional (ACP) 10
AudioCodes Website
https://www.audiocodes.com 11
Lesson 2
13
Management and Maintenance Options
Embedded Web Server Command Line Interface (CLI)
14
Assigning Networking Parameters
15
Default Factory IP Address
Product Default
MP 11x FXS and FXS/FXO devices – 10.1.10.10/16
MP 124 FXO devices – 10.1.10.11/16
MP 5xx
MP 1288
Mediant 500/L/Li E-SBC
Mediant 800B/C E-SBC
Mediant 1000B E-SBC
192.168.0.2/24
Mediant 2600 SBC
Mediant 3100 SBC
Mediant 4000/B SBC
Mediant 9030/9080 SBC
Software SBC (Mediant SE/VE/CE)
192.168.0.2 /24
192.168.0.7 /24
17
Assigning IP Address – HTTP
18
Assigning IP Address – Command Line Interface (CLI)
• Establish a Console using COM/VGA, or remote using SSH/Telnet session with the device
• Use these communications (COM) port settings:
• Baud Rate: 115,200 bps
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
19
Assigning IP Address – RS-232
Username: Admin
Username: Admin
Password: Admin Password: *****
Mediant 800#
20
Assigning IP Address – DHCP
• After the Device is powered up if DHCP is enabled (DHCPEnable = 1), the Device
attempts to obtain its IP address and other network parameters from the DHCP server
21
Configuration File (ini file)
;**************
;** Ini File **
;**************
;Board: M800B
;HW Board Type: 72 (M800)
;FK Board Type: 77 (M500) Serial Number = Decimal representation of the last
;Serial Number: 11257565 6 digits of the MAC address (i.e., 00:90:8f:ab:c6:dd)
;BID: abc6dd:19
;Software Version: 7.40A.500.017
; Stream: 7.4.500
; Dictionary found: yes 7.40.500 – Major software version
;DSP Software Version: 5014AE3_R => 0724.42
;Board IP Address: 10.15.7.20
A – Indicates that this is a SIP version (e.g., not Megaco)
;Board Subnet Mask: 255.255.0.0 017 – Minor software version
;Board Default Gateway: 10.15.0.1
;CPU: Cavium Networks Octeon V0.1 @ 500Mhz, total 2 core(s), 2 cpu(s), 1 socket(s)
;Core(s) mapping:
;core #0, on cpu #0, on socket #0
;core #1, on cpu #1, on socket #0
;Memory: 512 MB
;Flash size: 64 MB
;Cloud Type: Undefined
; Number of DSP Cores: 3
;Num of physical LAN ports: 4
;SBC Sessions Capability:
; Local License: 184 SBC Sessions (up to 184 if all legacy telephony interfaces are disabled)
; Pool License: 0 SBC Sessions (from License Pool Manager)
; Total (Actual): 0 SBC Sessions (up to 184 if all legacy telephony interfaces are disabled)
; TDM Sessions Used for SBC Sessions: 34
; Key features:
; Board Type: 77
22
Configuration File (ini file)
Stand-alone Parameters
Table Parameters
23
ini File Parameters
• Case insensitive
• Subsection names are optional
• Lines beginning with semi-colon (;) as first character are ignored
• When a parameter is missing from the ini file, its default is assigned
• Number of spaces before and after equal ( = ) is irrelevant
• Values of string parameters must be placed between two single quotes ( ‘ ’ )
• Syntax errors in value can cause unexpected errors (may be set to wrong values)
• Syntax error in the parameter name is ignored (error message is generated)
[Optional Sub Section Name]
Parameter_Name1 = Parameter_Value
Parameter_Name2 = Parameter_Value
Parameter_Name3 = ‘String’
; REMARK
24
ini File Table Parameters
• Tables are used in ini files to represent parameters that have several instances
(e.g., Coders, Proxy servers, Routing tables, etc.)
• Examples:
25
AudioCodes INI Viewer & Editor
• A simple viewer and editor for configuration (INI) files used by AudioCodes Media
Gateway and Session Border Controller (SBC) products
• Modes:
• View Mode:
• Standalone and Table parameters can be
viewed in a very friendly way
• Text Mode:
• Provides less fancy but more scalable
presentation of large INI files (without any
missing table lines)
• Edit Mode:
• Standalone and Table parameters can be
edited (modified, added, removed, etc.) for
a very easy way of changing their contents
• Once this is done, the new INI file can be
saved and uploaded to the device in order
to apply the new configuration
26
AudioCodes INI Viewer & Editor – View Mode
View Mode
27
AudioCodes INI Viewer & Editor – TXT Mode
TXT Mode
28
AudioCodes INI Viewer & Editor – Edit Mode
Edit Mode
29
Accessing the Web Interface
31
GUI Areas
Navigation Tree
32
Tool Bar
Button Description
Save Saves parameter settings to flash memory
Restart Restarts the device
Opens a drop-down menu list with frequently needed commands:
Configuration Files to load or save an ini file
Auxiliary File to load auxiliary files such as: Dial Plans, Call Progress Tones, others
Actions
License Key to determine features, capabilities and available resources
Software Upgrade to upgrade the device's software
Configuration wizard
Alarm Bell icon Displays the number of active alarms generated by the device
Opens a drop-down menu and:
Logon Name (like Shows the logged in user’s access level and session time
Admin) Allow password change
Allows to Logout
Drop-down list of document names (e.g., Release Notes, Security Guidelines, Installation Manual and User's Manual) that
if clicked, opens the document (resource) from AudioCodes website
33
Stand-alone Parameters
• Parameters that are not contained in a table are referred to as stand-alone parameters
Stand-alone parameters
34
Modifying/Saving Parameters
• If you click the Apply button after modifying parameters a red rectangle appears
surrounding the Save button
• This is a reminder to save your settings to flash memory
• If you click the Apply button after modifying parameters that take effect only after
a device Restart, a red rectangle appears surrounding the both, the Save and
Restart buttons
• This is a reminder to later save your settings to flash memory and Restart the
device
36
Stand-alone Parameters Indications Meaning
37
Table Parameters – General Description
Page title (name of table) Navigation bar for scrolling Filter for searching
Also displays the number of through the table's pages parameters and values
configured rows as well as the
number of invalid rows
39
Numbers Notation for Routing and Manipulation
• Flexible numbers notations for describing the prefix and/or suffix Username Pattern
5
source and/or destination phone numbers and SIP URI usernames: 5*
5#
(5)
▪ Prefix [n-m] or Suffix (n-m) 5x*
▪ Represents a range of numbers 976[4,5,7-9]xxx#
[3-5,7,9]
▪ Prefix [n,m,...] or Suffix (n,m,...) [100-108,222,244,600-620]
▪ Represents multiple numbers 6[600-700]#
6[600-700]
▪ Multiple ranges such as [n-m,s-t] are also supported [1,8][12,34][5000-5100]
▪ x (letter ‘x’) [2000000-2000099]
2[2,6,7,9]
▪ Represents any single digit 2[1-4]
▪ * (asterisk symbol) 1xxx
1xxx#
▪ Represents any number (88[1-4])
976(99)
▪ # (Hash symbol) *
▪ Represents the end of a number
40
Numbers Notation – Examples
• [2,3,4,5,8]xxx
• Represents four-digit numbers or more that start with 2, 3, 4, 5 or 8
• Can write: [2-5,8]xxx
• [5200-5299]#
• Represents four-digit numbers that start with 5200 to 5299
• 12345
• Represents any number that starts with 12345
• 12345xx#
• Represents seven-digit numbers that start with 12345 (from 1234500 to 1234599)
• 4[000-599]#
• Represents four-digit numbers that start with 4 [4000 to 4599]
• (100)
• Represents any number that finishes with 100
• (266[1-9])
• Represents any number that finishes with 2661 to 2669
• 1[2,7][33,66]
• Represents any number that start with 1233, 1266, 1733 or 1766 41
Fields to Match
• Device attempts to match patterns at the top of the table first (first match)
• More specific rules should be at the top and more generic ones at the bottom
• Tables may contain parameters assigned a value which is a row referenced from
another table
43
Table Parameters Invalid Values Indications
• When adding a row:
• If a mandatory parameter’s value, which is a row referenced from another table is not assigned,
after clicking Apply, an error message is displayed at the bottom of the dialog box
• Clicking Cancel closes the dialog box and the row is not added to the table
• To add the row, you must configure the parameter
44
Table Parameters Invalid Values Indications
• When editing a row:
• If a parameter’s configuration is changed so that it's no longer assigned with a referenced
row from another table, when the dialog box is closed, the Invalid Line icon appears for
the table in which the parameter is configured, in the shown locations:
• Parameter names (standalone or table) and values can be searched in the Web interface
• The search key can include the full parameter name (Web or ini file name) or a substring of it
• For a substring, all parameters containing the substring in their names are listed in the search result
• The search key for a parameter value can include alphanumeric and certain characters
• The key can be a complete value or a partial value
• When the device completes the search, it displays a list of found results based on the search
key
• Each possible result, when clicked, opens the page on which the parameter or value is located
47
Searching for Configuration Parameters
Search can
be by name
or by value
48
Setup Menu: IP Network Option
• Home Page: NETWORK VIEW
Ethernet Groups
can be, edited
or viewed
Physical Ports
can be, edited
or viewed
49
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW
Trunk Groups
can be added IP top view (i.e.
Tel view
related to the WAN)
(i.e. related to the PSTN)
SIP Interfaces can be added SIP Interfaces can be added Media Realms can
and shown at the top or and shown at the top or be added and shown
bottom (GW application) bottom (SBC application) at the top or bottom
50
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW
Click to edit,
show, or delete
parameters or
tables
51
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW
52
Setup Menu: Administration Option
• Home Page: TIME & DATE
54
Maintenance Actions
• Restart Device: After a Web Restart, the device starts from Flash
• Lock: The device doesn't accept any new incoming calls
• Save to Flash: Save the running configuration to the memory
• Graceful Option: Shutdown will perform only after X configured sec. or no more active traffic exists
55
Maintenance: Configuration File
56
Configuration Package Files
• ini.ini (ini configuration file)
• LOGO.dat (image file used as the logo in the Web interface)
• FAVICON.dat (favicon file used for Web browsers)
• CPT.dat (Call Progress Tone file)
• PRT.dat (Pre-recorded Tone file)
• AMD.dat (Answer Machine Detection file)
• SBC_Wizard.dat (SBC Configuration Wizard template file)
• CAS file (present only if a CAS file was previously loaded to the device)
• Certificate files (<ctx_id>.crt, <ctx_id>.root, <ctx_id>.pkey)
57
Maintenance: Auxiliary Files
• Various auxiliary files can be loaded to the device
58
Maintenance: Upgrading & Downgrading Software
• The device can be updated with software (cmp file), configuration (ini file),
auxiliary files and license key using:
• Web/CLI interface
• Automatic Update Mechanism
• BootP/TFTP utility
59
Maintenance: License Key
• Supplied with SBC and digital gateways (not relevant for MP-1xx)
• Determines features, capabilities and available resources
• Provided in string format or in a txt file to be loaded to the device
• Stored in the device's non-volatile flash memory
• After loading the new key, the device must be Restart
• Two options for manage the license:
• Local on the SBC
• By AudioCodes OVOC
60
License Types for SBCs
• Local License
• By loading a license key to the device, without requiring the OVOC
• Fixed License
• Allows a 'tenant' operator to update licenses from a central pool in a simple process
• The operator can allocate and de-allocate the licenses for the devices in the pool according to their
capacity requirements
• Recommended when multiple SBCs are deployed and centrally managed
• Floating License – Cloud Mode
• This mode manages the license per customer in the Cloud using the AudioCodes Floating License
Service
• Floating License – Flex Pool Mode
• It supports a Floating License across a network without the need to connect to a public cloud
61
License Types for SBCs
Fixed License Floating License – Cloud Mode
Total 100
Sessions AudioCodes Floating
License Server
63
Device License Key in Fixed Pool Mode
64
Device License Key in Cloud Mode
65
Device License Key in Flex Pool Mode
66
Monitor Menu
• Home Page: MONITOR
67
Device Information
68
Troubleshoot Menu
69
Auto-Completion Editor
• Auto-completion for parameters whose values are configured using a special syntax
• An Editor button is displayed alongside their fields, which when clicked, opens a syntax editor
• As text is typed in the field, the user is prompted with optional syntax
70
AdminPage
71
Lesson 3
AudioCodes Documentation
Lesson Objectives
73
Obtaining AudioCodes Documentation
• You can access all AudioCodes' documentation from AudioCodes Web site:
• Technical documentation
• User manuals
• Hardware installation manuals
• Configuration notes
• Release notes
• Homologation material
• Regulatory information
• Partner/channel material
• Interoperability guides
• Marketing material
• White papers
• Application notes
• Product notices
74
Obtaining Document
https://www.audiocodes.com/library/technical-documents 75
Obtaining Document (Cont.)
• Use the following filters to search
for you document:
76
Hardware Installation Manual – Specific Documentation
77
User’s Manual – Specific Documentation
• Release Notes
• One per software release
• Includes:
• New features
• Updates
• Bugs fixing
• Workarounds on existing constraints
• Others
79
Complementary Guides
• Complementary Guides
• Includes
• Reference Guides
• Design Guides
• Security Guidelines
• Utilities Guides
• Others
• Identified by software release version
80
Configuration Notes
• Configuration Notes
• Document providing a detailed description on how
to configure a specific feature/function/application
for a product
• Normally referenced by the User’s Manual
81
Lesson 4
83
Analog Gateways Overview
• MediaPack (MP) analog gateways
• MP-1xx:
• 2 to 24 analog ports
• FXS, FXO, or mixed FXS and FXO ports
• Zero-Touch Provisioning
• The latest maintenance firmware version is 6.6
• MP-5xx:
• 2 or 8 analog FXS ports
• Zero-Touch Provisioning
• Branch Survivability
• SBC capability
• MP-1288:
• 288 analog FXS ports
• 3U Chassis
• Dual Power Supplies
• SBC capability
84
Digital Gateways Overview
85
SBC Portfolio
Hybrid SBC/Gateway
Mediant 500/L Mediant 800B/C Mediant 1000B Mediant 3100
Pure SBC
Mediant 2600 Mediant 4000/B Mediant 90xx Mediant SE Software Edition
86
Hybrid SBC Portfolio
Mediant 500L/Li E-SBC Mediant 500 E-SBC Mediant 800B/C E-SBC Mediant 1000B E-SBC Mediant 3100 SBC
MSBR √ √ √ X X
OSN X X √ √ X
87
Pure SBC Portfolio
Mediant 2600 SBC Mediant 4000/B SBC Mediant 9030/9080 SBC Mediant SE
Large Enterprise, Large Enterprise,
Enterprise, Service Providers,
End customer Service Providers, Service Providers,
Contact Center OEM
Contact Centers Contact Centers
SIP trunking, SIP trunking, SIP Trunking,
Application SIP Trunking
Service Provider Access SBC Service Provider Access SBC SP Access SBC
Sessions 600 5000 30000/70000 70000
SRTP-RTP 600 3000/5000 30000/40000 40000
9600 without Media 9600 without Media
400 without MPM 800 without MPM Transcoder Transcoder
Transcoding
600 with MPM4 2400/5000 with MPM 30000 with Media 25000 with Media
Transcoder (Only 9080) Transcoder
Registers Up to 8000 Up to 20000 Up to 200000/500000 Up to 500000
OSN √ √ X X
88
Virtual & Cloud SBC Portfolio
89
Open Solutions Network (OSN) Server Hosted Mediant
Memory 16 GB Up to 32 GB
Mediant 1000B
Mediant Types Mediant 2600B (just for SBA) Mediant 800C
Mediant 4000B
90
Multi-Service Business Routers – MSBR
92
SBCs journey to the cloud
Active calls
and grow as needed Dynamic
15000 allocation 0.6
10000 0.4
5000 0.2
0 0
calls Resources
93
Mediant Cloud Edition SBC (Mediant CE)
• Separated signaling and media processing (built out of dedicated functional blocks)
• Elastic Media Cluster (traffic-based scalability)
• Full SBC functionality
• Single management point
• Multi Cloud (Amazon AWS and Microsoft Azure)
• Built-in HA Signaling and management
CLI
SC SC REST
Stack API
Manager
MC MC MC MC MC … Stack Manager
- REST API for all actions
media media media - CLI for scripting languages
- NFV and DevOps API
Virtual infrastructure
(compute, storage, networking)
94
Hands-on Lab 1
97
SBC Definition
• A device/application which:
• Manages a VoIP session by performing:
• Session setup
• Call conducting
• Session tear down
• Enforces VoIP Security
• Often installed at a demarcation point between one network
segment (Un-Trusted) and another (Trusted)
98
What are Session Border Controllers For?
99
Where are SBCs located?
SMB / Enterprise
Provider Z
Service Provider
E-SBC
• Interoperability
• Enterprise Security
• Service Resiliency
• Quality of Service
• Legacy connectivity
• Routing
Branch
100
SBC Implementations
101
Applications / Topologies
Enterprise
Network
IP-Phones users
FEU
IP-PBX ITSP
102
Applications / Topologies
• Hosted IP-PBX
Enterprise
Network
IP-Phone users
SBC
LAN WAN
Hosted
IP-PBX
103
Applications / Topologies
IP-Phones Enterprise
Network
LAN 1
SBC
IP-Phones
LAN 2
IP-PBX
104
Logical SBC Connections – One Leg LAN
IP-Phone
Firewall
LAN WAN
IP-PBX
DMZ
ITSP
105
Logical SBC Connections – One Leg DMZ
IP-Phone
Firewall
LAN WAN
IP-PBX
DMZ
ITSP
106
Logical SBC Connections – One-Leg DMZ and One-Leg LAN
IP-Phone
Firewall
LAN WAN
IP-PBX
DMZ
ITSP
107
Physical SBC Connections
• VLAN-Aware Switch
LAN
• Only 1 port required (1 cable)
• Optional: 2 ports, 1+1 redundancy (2 cables)
DMZ
108
SBC VoIP Features
• NAT Traversal
• Transcoding
• Topology Hiding
• VoIP Firewall
• SIP Routing
• SIP Normalization
• Survivability
109
NAT Traversal
IP-PBX
FW Public IP address
182.30.15.20
Enterprise WAN
LAN
110
SBC Conversion
• Coder Transcoding
• RTP <-> SRTP
• Fax/Modem translations
• RFC 2833 <-> Transparent DTMF <-> SIP INFO
• Transrating
SRTP RTP
G.711 G.729
IP-PBX ptime:20 T.38 ITSP
RFC 2833 ptime:30
SIP INFO
111
Topology Hiding
112
Security – VoIP Firewall
• SIP Signaling
SIP Invite
• SIP classification
• Deep Stateful Packet Inspection (SPI) of all SIP signaling packets
• Packets not belonging to a valid SIP dialog are discarded
Layer 3-4
Firewall
Discard Message
• RTP
• Opening pin holes according to Offer/Answer negotiation Authenticate
Message admitted
113
Comprehensive Security
IDS Security
Abnormal behavior detection Server
Enterprise
Core
CAC
Classification #calls,
Message /Routing call rate,
TLS and Policy SIP layer bit rate,…
Internet/Peers SRTP Malformed access list
SIP SIP
Context
Identification
114
SBC Routing
115
SIP Normalization
116
SBC Survivability
117
Lesson 6
• B2BUA
• Maintains independent sessions toward the endpoints
• Processing an incoming request as a User Agent Server (UAS) on the inbound leg
• Processing the outgoing request as a User Agent Client (UAC) on the outbound leg
• SIP messages are modified regarding headers between the legs
• The device's interworking features may be applied
119
Signaling Routing Domain (SRD)
120
Media Realms
121
SIP Interface
122
IP Group
• An entity with a set of definitions and behaviors which represents a SIP Group in the IP
Network
• 3 Types of IP Group:
• Server: Used when the destination address is known
• User: Represents a group of users where their location is dynamically obtained by the device when
REGISTER
• Gateway: Applicable where the SBC receives requests to and from a gateway representing multiple
users
• Used to classify incoming SIP dialog-initiating requests to a source IP Group, based on Proxy
Set ID
• Used in IP-to-IP routing rules to denote the source and destination of the call
• It is highly recommended not do modify IP Group ID 0
• This IP Group is used for several reasons (e.g., PSTN fallback)
123
Proxy Set
Firewall)
• There are four steps in the classification process:
2
1. Device‘s registration database (AOR)
2. Proxy Set 3
3. Classification Table
4. Reject or Allow unclassified source
4
• IP-to-IP routing rules define the routes for routing calls between SIP entities
• The routing rules typically employ IP Groups to denote the source and
destination of the call
• Various other source and destination methods can be used
126
SBC Routing
• IP-to-IP call destination can be:
• Server IP Group associated with Proxy Set
• Registration Database and User IP Group
• Destination address based on: IP-Address or Host Name (FQDN)
• Internal
• Gateway (Hybrid SBC)
• Based on Dial Plan File (internal DB)
• External ENUM server query (external DB)
• External LDAP server query (external DB)
• Third-party Routing Server (external DB)
• Based on Hunt Group
• Based on incoming Request-URI
• Alternative routing
• Re-routing of SIP requests
• Call Forking
• IP Group Set
• Destination Tag
• Least Cost Routing (LCR)
127
CMR Process (CMR = Classify, Manipulate, Route)
Reject Dialog
Leg1
Incoming Outgoing
SIP Interface Classification Routing
Message Message
Leg2
Pre-Parsing
Manipulation Inbound Outbound
(SIP Interface) Message Manipulation Set Message Manipulation Set
(Source IP Group) (Destination IP Group)
Pre-Classification
Manipulation
(SIP Interface)
Inbound (before routing) Outbound (after routing)
Source and/or Destination Source and/or Destination
Number Manipulation Number Manipulation
(Optional)
128
SIP Trunk Example
IP-PBX
TLS 5067 or TCP 5068
SBC
DefaultSRD
Analog Lines
PSTN
PSTN
129
Lesson 7
SBC Configuration
Lesson Objectives
131
Topology Configuration Example – One Leg LAN
Configuration Stage:
SBC IP: 10.15.11.1 /16 ITSP 1. IP Interface
IP-PBX
Server 1: 200.100.10.5 2. SRD
IP: 10.15.11.2 /16
Server 2: 200.100.10.1 3. Media Realms
Transport Type: TCP 4. SIP Interface
Transport Type: UDP
Listening Port: 5050 5. Proxy Set
Listening Port: 5060
Media Realm: 7000 (50 legs) 6. IP-Group
Media Realm: 8000 (50 legs) 7. IP Profile
Coder: G.711Alaw
Coder: G.711Alaw 8. Routing
9. NAT Translation
10. Classification
Firewall
LAN IP: 10.15.0.1
WAN: 200.100.10.2
132
Configure IP Addresses – IP Interface Table
133
IP Address – Physical to Interface
134
Initial Topology View
Default values for SRDs, IP Groups, Proxy Set, SIP Interfaces, Media Realms
135
Media Realm Table
• The default Media Realm is used for SIP Interfaces and IP Groups for which
you have not assigned a Media Realm
136
RTP UDP Port Spacing
• Ports are allocated in chunks of 2, 4, 5 or 10 (device dependent) called media session legs
137
Configuring Media Realms – Example
138
SIP Interface Table
• Default SIP Interface is already pre-configured and assigned to the default SRD
• Defines a local listening port for SIP signaling traffic on a local logical IP network
139
SIP Interface Table Record
• Select SBC or
GW application
• Defines the SIP response code that the device sends if a received SIP request
(OPTIONS, REGISTER, or INVITE) fails the SBC Classification process
• The valid value can be a SIP response code from 400 through 699, or it can be set to 0
to not send any response at all (recommended for security reasons)
• The default response code is 500 (Server Internal Error)
140
Configure SIP Interface Table – Example
141
IP to Local Signaling and Media Resources
• Multiple SIP Interfaces represent multiple layer 3 networks
• Media Realm shared between multiple SIP Interfaces
Media Realm 1
LAN Vlan1
IP Interface 1
Physical Network 1
SIP Interface 2
Media Realm 2
SIP Interface 3
SIP Interface 4
IP Interface 3
Media Realm 4
WAN/DMZ
Physical Network 2
SIP Interface 5
SIP Interface 6
142
Proxy Sets Table
143
Proxy Sets Table
• Define the Proxy Set Name
• Select Redundancy mechanisms
Select SBC or GW
SIP Interface Enable Load Balancing
Enable Keep-Alive
144
Proxy Address Child Table
145
Define Proxy Set IP-PBX – Example
146
Define Proxy Set ITSP – Example
147
IP Group Table
148
IP Group Table – General Parameters
IP Group Name
• Defines a hostname, which the device uses to overwrite the hostname of the URI in certain SIP headers
• When the device forwards a SIP message to this IP Group, the configured hostname overwrites the host
part in SIP headers that are concerned with the source of the message
• The parameter is applicable only when the IP Group is the destination of the call
• This parameter has higher priority than the 'SIP Group Name' parameter of the source IP Group
150
IP Group Table – SBC Other Tabs
151
Define IP Group 1 (IP-PBX) – Example
152
Define IP Group 2 (ITSP) – Example
153
IP Profile
154
IP Profile
• The configurable parameters for the IP Profile are divided into sections:
• General parameters
• Media Security parameters Related to SRTP
• SBC Signaling parameters
• SBC Early Media parameters
• SBC Registration parameters
Related to SIP Signaling on the SBC
• SBC Forward and Transfer parameters
• SBC Hold parameters
• SBC Media parameters
• SBC Fax parameters Related to Media on the SBC
• Media parameters
• Quality of Service parameters
• Jitter Buffer parameters
• Gateway General parameters
• Voice
• Gateway DTMF parameters
• Gateway Fax and Modem parameters
• Answer Machine Detection parameters
• Local Tones parameters 155
IP Profile
156
IP to IP Routing Table
157
IP to IP Routing Table – General and Match Sections
Route Row / Alternative Route / Forking Group
158
IP to IP Routing Table – Action Section
Determines the destination type to which the outgoing SIP dialog is sent.
This can be IP Group, Destination Address, LDAP, Gateway, internal, etc.
Defines a SIP response code (e.g., 200 OK) or a redirection response. The
parameter is applicable only when the 'Destination Type' parameter in this
table is configured to Internal – example: Reply(Response='200') 159
Configuring IP-to-IP Call Routing Rules – Example
160
Define NAT Translation – Example
• NAT rules for translating source IP addresses per VoIP interface:
• SIP Control
• Media Traffic
• The Global address is set in the SIP Via and Contact headers as well as in the o= and c= SDP fields
161
Define Classification Rules (Optional)
162
Message Conditions (Optional)
163
Lesson 8
• Collecting data
• Use the relevant data collection tools for problem investigation
165
What is Syslog?
166
Syslog Message Format - Example
08:39:09.716 10.15.12.1 local3.notice [S=12504] [BID=5e88ae:123] (N 12163) SIPSocketReliable(#48) Released - SocketID=311
08:39:10.510 10.15.12.1 local3.notice [S=12505] [SID=5e88ae:123:342] (N 12164) (#5380)gwSession[Allocated]. Handle:2D3992C0; Global session ID: a06e4f5cb322d7a5
08:39:10.510 10.15.12.1 local3.notice [S=12506] [SID=5e88ae:123:342] (N 12165) SIPAppMngr::ClassifyByProxySet - Message was classified by ProxySet 3 to IPGroup 3
08:39:10.510 10.15.12.1 local3.notice [S=12507] [SID=5e88ae:123:342] (N 12166) Classification Succeeded - Source IP Group #3 (ITSP2)
08:39:10.514 10.15.12.1 syslog.error 4 packets missing
08:39:10.516 10.15.12.1 local3.notice [S=12512] [SID=5e88ae:123:342] (N 12171) ResourceCounter: SBC leg +1 [1/200]
08:39:10.516 10.15.12.1 local3.notice [S=12513] [SID=5e88ae:123:342] (N 12172) CAC: Add SBC Outgoing INVITE, IPG 1 (Teams): 1, SRD 0 (DefaultSRD): 1, SipIF 0 (Teams): 1
08:39:10.516 10.15.12.1 local3.notice [S=12514] [SID=5e88ae:123:342] (N 12173) ResourceCounter: SBC leg +1 [2/200]
08:39:10.516 10.15.12.1 local3.notice [S=12515] [SID=5e88ae:123:342] (N 12174) (#114)Route found (2), Route by IPGroup, IP Group 3 -> 1 (ITSP2 -> Teams)
Timestamp and Message Sequence Number Unique SIP call session and device identifier (SID)
IP Address In this example 4 messages Example: SID=5e88ae:123:342
were lost <last 6 characters of device's MAC address>
<number of times device has been restarted>
<unique SID counter indicating the call session
Type of Message
Syslog generates the following types of messages:
• error: Indicates that a problem has been identified that requires immediate handling
• warning: Indicates an error that might occur if measures are not taken to prevent it
• notice: Indicates that an unusual event has occurred
• info: Indicates an operational message
• debug: Messages used for debugging
167
Enabling Syslog
• Enable Syslog
• Set Syslog Server IP
address and port
• Select the Syslog level
(recommended ‘Detailed’)
168
Message Log
• View the Syslog messages sent by the device
169
AudioCodes Syslog Viewer
• A Syslog application provided by AudioCodes
170
AudioCodes Syslog Viewer
Open Saved File Zoom In/Out Freeze Display Search Options Search
Search Text
171
AudioCodes Syslog Viewer
• Syslog can be enabled simultaneously in several devices, reporting to the same Syslog Server
172
AudioCodes Syslog Viewer
• SIP/SDP messages are properly arranged to be easily identified for analysis
173
AudioCodes Syslog Viewer
• The SIP/SDP flow diagram can be viewed, refreshed and exported
174
AudioCodes Syslog Viewer
• The SIP/SDP <-> ISDN flow diagram can be viewed
175
AudioCodes Syslog Viewer
• Each arrow on the SIP/SDP flow diagram points to the right place in the trace
Points to
Highlighted Points to
176
AudioCodes Syslog Viewer
• CDR info
177
AudioCodes Syslog Viewer
• Extracting Single Call
178
AudioCodes Syslog Viewer
Options
179
Lesson 9
• User-friendly online tool designed to get AudioCodes Mediant SBC up and running
quickly and easily
• Step-by-step setup process, presenting the configuration options in a clear way
• Eliminates configuration errors and troubleshooting
• Easy to install Windows-based application
• Includes predefined configurations for a wide range SBC deployments (SIP trunk,
hosting etc.) with a variety of service providers and IP-PBXs
• Automatic software updates
• Built-in online help
• Available as web built-in and stand-alone application
181
Welcome Page
182
SIP Trunk Configuration
183
System Parameters
184
Interfaces
185
IP-PBX Parameters
186
ITSP Parameters
187
Number Manipulation
188
Remote Users (FEU)
189
Summary
190
Finish
191
Hands-on Lab 2
SBC Routing
Lesson 10
194
SBC Media Handling
• Media Behavior – establishing, managing and terminating media sessions within SIP protocol
• Media sessions are created using SIP Offer/Answer mechanism and, if successful, the result is
a bidirectional media flow (Audio, Fax, Modem, DTMF)
• Each Offer/Answer may be negotiated on more than one media session of different types
(e.g., Audio and Fax, Audio and Video)
• In SIP dialog, multiple Offer/Answer transactions may occur
• Each transaction may change media session characteristics (IP address, port, coders, media
types and RTP mode)
195
Media Capabilities
• NAT Traversal
• SBC changes SDP address to its own
197
Media Handling Modes
1. No Media Anchoring
2. Media Anchoring without Transcoding (Transparent)
3. Media Anchoring with Transcoding
IP-PBX ITSP
198
No Media Anchoring
• Enables SBC signaling capabilities without handling RTP/SRTP (media) flow between
remote SIP UAs
• RTP packet flow does not traverse the SBC; instead, 2 SIP UAs establish a direct RTP/SRTP
flow between one another
• Signaling continues to traverse SBC with minimal intermediation and involvement to
enable SBC capabilities such as routing
IP-PBX1 IP-PBX2
SIP Signaling
Media 199
No Media Anchoring
• Benefits:
• Saves network bandwidth
• Reduces CPU usage
200
No Media Anchoring – SDP Offer/Answer
SBC IP address: Incoming SDP Offer Outgoing SDP Offer
LAN: 10.15.11.1
v=0 v=0
o=AC 256624978 46177966 IN IP4 10.15.7.18 o=AC 256624978 46177966 IN IP4 10.15.7.18
s=SBC-Call s=SBC-Call
t=0 0 t=0 0
m=audio 6080 RTP/AVP 8 18 96 m=audio 6080 RTP/AVP 8 18 96
c=IN IP4 10.15.7.18 c=IN IP4 10.15.7.18
a=sendrecv a=sendrecv
a=ptime:20 a=ptime:20
IP-PBX1 a=rtpmap:8 PCMA/8000 a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000 a=rtpmap:18 G729/8000 IP-PBX2
a=fmtp:18 annexb=no a=fmtp:18 annexb=no
a=rtpmap:96 telephone-event/8000 a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-15,16 a=fmtp:96 0-15
202
No Media Anchoring – SIP Interface Level
• Enables direct media flow or media bypass between endpoints associated with the SIP
Interface for SBC calls
• Disable = (Default) Media Anchoring is employed, whereby the media stream traverses the device
• Enable = Direct Media is enabled; Media stream flows directly between the endpoints
• Enable when Same NAT = Direct Media is enabled; Media stream flows directly between the
endpoints if they are located behind the same NAT
203
No Media Anchoring – IP Profile Level
• Direct media occurs between all UAs whose IP Profiles have the same tag value
(non-empty value)
204
Media Anchor without Transcoding (Transparent)
IP-PBX ITSP
SIP Signaling
Media
205
Media Anchoring without Transcoding (Transparent)
• To direct RTP to flow through SBC, all IP address fields in the SDP are modified:
• IP-Address, Session and Version ID
• Session connection attribute
• Media connection attribute
• Media port number
206
Transparent – SDP Offer/Answer
SBC IP addresses: Incoming SDP Offer Outgoing SDP Offer
LAN: 10.15.11.1
WAN: 200.100.10.20
v=0 v=0
o=PBX 257389510 1288747123 IN IP4 10.15.7.18 o=AC 2140747574 1560030007 IN IP4 200.100.10.20
s=SBC-Call s=SBC-Call
t=0 0 t=0 0
m=audio 6090 RTP/AVP 8 18 96 m=audio 7030 RTP/AVP 8 18 96
c=IN IP4 10.15.7.18 c=IN IP4 200.100.10.20
a=sendrecv a=sendrecv
a=ptime:20 a=ptime:20
IP-PBX a=rtpmap:8 PCMA/8000 a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000 a=rtpmap:18 G729/8000 ITSP
RTP a=fmtp:18 annexb=no a=fmtp:18 annexb=no RTP
8050 a=rtpmap:96 telephone-event/8000 a=rtpmap:96 telephone-event/8000 6040
a=fmtp:96 0-15,16 a=fmtp:96 0-15
6090 7030
• SBC performs transcoding when there are no common coders between 2 UAs involved in a
specific session
• RTP traverses the SBC, and each leg uses a different coder or coder parameters
• Transcoding is performed when an SDP answer from one UA does not include any coder
included in offer previously sent by the other UA
• For transcoding, SBC can be configured to add media capabilities to UAs of a specific IP
Group, then perform transcoding when selected coder in answer SDP doesn’t appear in
original offer
• DSP resources are required
IP-PBX ITSP
SIP Signaling
Media A
Media B 208
Transcoding – SDP Offer/Answer
SBC IP addresses: Incoming SDP Offer Outgoing SDP Offer
LAN: 10.15.11.1
WAN: 200.100.10.20 v=0
v=0 o=AC 1996517464 72690348 IN IP4 200.100.10.20
o=PBX 1741090166 564924681 IN IP4 10.15.7.18 s=SBC-Call
s=SBC-Call t=0 0
t=0 0 m=audio 7040 RTP/AVP 8 18 9 96 Extended Coder
m=audio 6120 RTP/AVP 8 0 96 c=IN IP4 200.100.10.20
c=IN IP4 10.15.7.18 a=sendrecv
a=sendrecv a=ptime:20
IP-PBX a=ptime:20 a=rtpmap:8 PCMA/8000
a=rtpmap:8 PCMA/8000 a=rtpmap:18 G729/8000 ITSP
a=rtpmap:0 PCMU/8000 a=fmtp:18 annexb=no
RTP RTP
a=rtpmap:96 telephone-event/8000 a=rtpmap:9 G722/8000
8020 a=fmtp:96 0-15,16 a=rtpmap:96 telephone-event/8000 6070
a=fmtp:96 0-15
6120 7040
210
Media Security
• Enables Secure Real-Time Transport Protocol (SRTP)
211
SRTP-RTP Transcoding
• SBC supports SRTP-RTP transcoding
• IP Profile parameter SBC Media Security Mode enforces
SBC legs to use SRTP/RTP
• Options:
• As is: SBC passes the media as is (default)
• Secure: SBC leg negotiate only SRTP media lines
• RTP media lines are removed from incoming SDP Offer/Answer
• Not Secure: SBC leg negotiate only RTP media lines
• SRTP media lines are removed from incoming Offer/Answer
• Both: Each Offer/Answer is extended (if it hasn’t been already)
to two media lines – one RTP and the other SRTP
• Offer Both - Answer Prefer Secured: The device prefers
secured media on the outgoing SDP answer
212
Extension Coders
1 Add G.729 2
G.711 + G.723 G.711 + G.723 + G.729
Group 2
Extended coder list contains:
G.711, G.729
213
Extension Coders
214
Extension Coders
• Assign Coder Group to IP Profile
215
Allowed Coders Group
Remove G.723
1 G.723 + G.711 G.711 2
Group 2
Allowed Coders Group contains:
G.722
G.711
216
Allowed Coders – Incoming Offered
Call Dropped
G.723 + G.711
Group 1 Group 2
Allowed Coders Group contains: Allowed Coders Group contains:
G.726 G.711
G.723
Remove G.723
G.723 + G.711 G.711
Group 1 Group 2
Allowed Coders Group contains: Allowed Coders Group contains:
G.711 G.711
G.726 G.723
217
Allowed Audio Coders Group
218
Assign Allowed Audio Coder Group to IP Profile
219
Allowed Coders Mode
• Restriction
• Checks for a match between Allowed Coders of the incoming group and the offered coders
• At least one must match
• SBC removes all coders arriving in incoming SDP except matched coders in outgoing
Allowed Coders Group
• only coders common to offered SDP and Allowed Coders Group are used
• Preference
• SBC reprioritizes coders based on Allowed Coders Group
• The coders received in the SDP offer are listed after the Allowed Coders
• Restriction and Preference
• Enables both, removes disallowed coders and reprioritizes coders
220
Allowed Coders Mode
• Determines mode of Allowed Coders feature
• Impacts Extension Coders priority
• Configured in IP Profile Settings (SBC Media Section)
221
Change Coder Priority
222
Extended Coders Behavior
• Orders the coders in the outgoing SIP message
• Applicable only if an Extension Coders Group is assigned to the IP Profile
• Doesn’t Include Extensions: Extension coders are added at the end of the coder list (default)
• Include Extensions: Extension coders arranged according to order in the Allowed Coders Group table
223
Change Coder Priority – Include Extensions
224
Coder Transcoding Flow
Server 1 Server 2
SBC
Extension
Coders Allowed Extension Allowed
(not used) Coders Coders Coders
Call 1 IP Group 1 IP Group 2
IP Profile IP Profile
Call 2
Allowed Extension Allowed Extension
Coders Coders Coders Coders
(not used)
225
Media Handling Example 1
IP-PBX: ITSP:
G.711A-law G.729
G.729
226
Media Handling Example 1
G.729
No Change
G.729
227
Media Handling Example 2
IP-PBX: ITSP:
G.711A-law G.729
G.729 G711A-Law
228
Media Handling Example 2
• To avoid G.711A negotiation, remove it from the outgoing offer and allow just G.729
229
Media Handling Example 2
• In ITSP’s IP Profile, assign the Allowed Audio Coders Group, to offer only G.729
230
Media Handling Example 2
G.729
No Change
G.729
231
Media Handling Example 3
IP-PBX: ITSP:
G.711A-law G.729
232
Media Handling Example 3
233
Media Handling Example 3
• In ITSP’s and the IP-PBX’s IP Profiles, assign the Extension Coders Group to add
the miss coders to the offering
234
Media Handling Example 3
G.729 G.711A
Transcoding Transcoding
G.711A G.729
235
Media Handling Example 4
IP-PBX: ITSP:
G.711A-law G.729
G.711U-law G.711A-law
G.723 G.726
236
Media Handling Example 4
• Create an Allowed Audio Coders Group and select G.729, G.711A and G.726 coders
237
Media Handling Example 4
• Add G.729 and G.726 to the outgoing offering:
• Create Coders Group and select G.729 and G.726 coders
238
Media Handling Example 4
• ITSP IP Profile:
• Select Extension Coders Group to add G.729 and G.726 to the outgoing
• Select Allowed Audio Coders Group, to remove G.711U and G.723
• Select Allowed Coders Mode = Restriction and Preference, to perform both
• Media Settings:
• Extended Coders Behavior = Include Extensions
239
Media Handling Example 4
Remove
G.711U+G.723
G.729+G.711A+G.726
G.729
Transcoding
G.711A
240
Hands-on Lab 3
SBC Transcoding
Lesson 11
243
Reminder: CMR Process
Reject Dialog
Leg1
Incoming Outgoing
SIP Interface Classification Routing
Message Message
Leg2
Pre-Parsing
Manipulation Inbound Outbound
(SIP Interface) Message Manipulation Set Message Manipulation Set
(Source IP Group) (Destination IP Group)
Pre-Classification
Manipulation
(SIP Interface)
Inbound (before routing) Outbound (after routing)
Source and/or Destination Source and/or Destination
Number Manipulation Number Manipulation
(Optional)
244
SBC Number Manipulation
• Done according to manipulation tables, similar to what’s done for routing
• Inbound manipulations are done before routing
• Inbound manipulation rule matching can be done by:
• Source IP Group
• Source and/or destination host and/or user prefixes
• Outbound manipulations are done after routing
• Outbound manipulation rule matching can be done by
• Destination IP Group
• Source IP Group
• Source and/or destination host and/or user prefixes
• Message Condition
• Tags
• Calling Name Pattern 245
Inbound and Outbound Number Manipulation
• IP-to-IP Inbound and Outbound manipulation lets you manipulate the user part of
the SIP URI in the SIP message for a specific entity
• Inbound manipulation is done on messages received from the SIP entity
• Outbound manipulation is done on messages sent to the SIP entity
User@Host
1000@10.15.11.1
246
SBC Inbound Number Manipulations
248
SBC Inbound Number Manipulations – Match Area
• Name
• Additional Manipulation: use same matching
condition as row listed above
• Manipulation Purpose: Defines the purpose
of the manipulation
• Manipulated Item: Determines whether the Source or Destination SIP URI user part is
manipulated
• Remove From Left
• Remove From Right
• Leave From Right: Defines the number of characters that you want retained from
the right of the user part
• Prefix to Add
• Suffix to Add
250
SBC Outbound Number Manipulations
• Configure rules to manipulate SIP URI user part (Source and Destination) of
outbound SIP dialog requests
• Rules can be applied to user-defined SIP request type (INVITE, SUBSCRIBE
and/or REGISTER)
• Manipulation of Destination URI user part performed on these SIP headers:
• Request URI
• To
• Remote-Party-ID (if it exists)
• Manipulation of Source URI user part is performed on these SIP headers:
• From
• P-Asserted (if it exists)
• P-Preferred (if it exists)
• Remote-Party-ID (if it exists)
251
SBC Outbound Number Manipulations
252
SBC Outbound Number Manipulations Match Area
253
SBC Outbound Number Manipulations Action Area
• Same parameters as in Inbound except for:
• Manipulated Item
• Determines whether the Source, Destination SIP URI or Calling Name user part is manipulated
• Privacy Restriction Mode
• Determines user privacy handling by restricting source user identity in outgoing SIP dialogs
Transparent (default)
Don’t change privacy
Restrict
Remove Restriction
254
Message Manipulation
255
Why SIP Message Manipulation?
• Key SBC requirements:
• Each customer has distinct requirements for SBC fundamentals of Security, Interworking and Interoperability
• Multiple devices support SIP but do not interwork because of differences in how the protocol is implemented
or interpreted
• Manipulation customizes SIP messaging on either side to what devices in that network segment expect
• ITSPs or enterprises may have policies for which SIP messaging fields should be present before a SIP call
enters their network
• Resolves incompatibilities between SIP devices inside the enterprise network or between networks
• Self-service programmable tool that saves the time required to develop a software ‘patch’ for each customer
256
Message Manipulation
257
Post-classification Manipulation
• IP Group pages display 2 fields:
• Inbound manipulation set: Set of rules to apply to incoming messages (from this IP Group)
• Outbound manipulation set: Set of rules to apply to outgoing messages (to this IP Group)
• Applied per message and not per call
• For example:
• IP Group 1 has 2 Message Manipulation Sets, one for Outbound and one for Inbound, for the same call:
• Incoming INVITE goes through Inbound MMS
• 100, 180 and 200 OK responses go through Outbound MMS
• IP Group 2 has 2 Message Manipulation Sets, one for Outbound and one for Inbound, for the same call:
• Outgoing INVITE goes through Outbound MMS
• 100, 180 and 200 OK responses go through Inbound MMS
Invite Invite
• Message Manipulation Table used to configure rules and relate them to a set of rules
• Rule configuration enables adding, modifying or removing most message content
• A rule can be conditionally applied
• Removing/Adding mandatory SIP Headers is not allowed, modifying Mandatory SIP Headers
is allowed, performed only on requests to initiate new dialogs:
• Mandatory Headers in INVITE message include:
• Request URI, To, From, Contact, Via, CSeq, Call-Id and Max-Forwards
• Mandatory SDP headers in INVITE message include:
• v, o, s, t ,c, m
259
Message Manipulation – Syntax
260
General – Manipulation Set ID
261
Assign Message Manipulations to SIP Interface
• Pre-Classification, message manipulation is done on inbound SIP messages before
the call classifies
• The Set ID is assigned to SIP Interface
262
Assign Message Manipulations to IP Group
• Post-Classification, message manipulation is done on inbound and/or outbound SIP
messages after the call has been successfully classified
• The MMS ID is assigned to IP Group for inbound and/or outbound messages
263
General – Row Role
264
Match – Message Type
• The Message Type to manipulate General Match Action
• Rule applied only if this is the message type Name
Manipulation Row Message
Condition
Action Action Action
Set ID Role Type Subject Type Value
• Syntax: method.message-role.response-code
• Method
• Invite, Subscribe, Refer, etc.: Rule applies only to specific messages
• Unknown: Unknown methods also allowed
• Any (or empty): No limitation on method type
• Message-role
• Request: Rule applies only on requests
• Response: Rule applies only on Response message
Examples:
• Invite
• Response-code • Invite.Request
• 3xx: Any redirection response • Invite.Response.180
• Register
• 200: Only 200 OK response
• Any.Response.3xx
265
Match – Condition
• Rule-matching criteria (conditions) General Match Action
• If criterion (condition) exists, rule applies Name
Manipulation Row Message
Condition
Action Action Action
Set ID Role Type Subject Type Value
266
Action – Action Subject
• Header on which manipulation is performed
General Match Action
• Message element that changes
Manipulation Row Message Action Action Action
Name Condition
Set ID Role Type Subject Type Value
• Remove Suffix = removes the value from the end of the element string
268
Action – Action Value
• Syntax: (string/message-element/param)("+"(string/message-element/param))
• String
• ‘test.local’, ‘<sip:100@121.10.10.10:5067>’
• Message-element
• header.from.url.user, header.contact.url.user
• Param
• param.ipg.src.user, param.call.dst.host Examples:
• '3600‘
• Combination • ‘Bob’
• param.ipg.dst.host + ‘.com’ • header.to.url.host
• 'Mike@'+Header.To.URL.Host.Name
• Param.IPG.Dst.User+'com'
269
SIP Message Normalization
• Feature that can be enabled per manipulation rule when Action Type is set to "Normalize“
• Removes unknown or non-standard SIP message elements before forwarding the message
• These elements can include SIP headers, SIP header parameters, and SDP body fields
• The device normalizes the following SIP elements:
• Message:
• Removes unknown or non-standard SIP headers
• URLs:
• User part is normalized
• Headers:
• Unknown header parameters are removed
• URLs are normalized
• SDP Body:
• Removes unnecessary SDP fields
• Removes unknown media with all its attributes 270
SIP Message Normalization – Examples
• Example 1:
• To header before normalization:
• To: <sip:1-800-300-500;phone-context=1@10.33.2.17;user=phone;UnknownUrlParam>
• To header after normalization:
• To: <sip:1800300500@10.33.2.17;user=phone>
• Example 2:
• All the headers to be normalized
271
SIP Message Normalization – Body Example
General Match Action
Manipulation Set
Name Row Role Message Type Condition Action Element Action Type Action Value
ID
Use Current
Example 3 4 invite body.sdp Normalize
Condition
273
SIP Message Manipulation – Example Rules
274
Example: Change Referred-By to Diversion
• ITSP expects Diversion and not Referred-By
275
SIP Interface Pre-Parsing Manipulation Sets
• Messages can be manipulated in their original format (plain text) as received from
the network
• Pre-Parsing Manipulation is done before Pre-Classification Manipulation and
Classification
• Pre-parsing rules assigned to the SIP Interface
• Regular expression (regex) is used to search for (match) in the incoming message as
well as to replace the matched pattern
• Parent – Child Table type
276
SIP Interface Pre-Parsing
• Messages can be manipulated in their original format (plain text) as received from the network
• Pre-Parsing Manipulation is done before Pre-Classification Manipulation and Classification
• Pre-parsing rules assigned to the SIP Interface
• Regular expression (regex) is used to search for (match) in the incoming message as well as to replace the matched
pattern
• Parent – Child Table type
277
Hands-on Lab 4
SBC Manipulation
Lesson 12
SBC Security
Lesson Objectives
280
Introduction
• Identity theft
• Phishing and "man-in-the-middle" can be used to acquire caller identification information
to gain unauthorized access to services and information
• Eavesdropping
• The ability to listen to or record calls on VoIP networks - personal privacy violations
• Spam over Internet Telephony (SPIT)
• The delivery of unsolicited calls or voicemails can inundate networks, annoy subscribers,
and diminish the usefulness of VoIP networks
283
Security Solution
284
SBC Security Features
• Network
• VLAN Separation
• Firewall
• Topology Hiding
• SBC
• Advanced SIP Firewall Filtering Rules (Classification rules)
• Advanced Call Admission Control (CAC) to enforce limits
• Intrusion Detection System (IDS)
• SIP Protection – Filter methods
• Signaling Security – TLS
• Media Security – SRTP
• Block Unregistered Users
• Management
• HTTPS
• SSH
• SNMP 285
Enhanced Multi-Tenant Security Support
286
Topology Hiding
287
Topology Hiding – Example
• Host name in the From header of Invite messages received from the IP Group or the Request-
URI host name used in Invite and Register messages sent to the IP Group
288
Implement Layer 3/4 (Network) Firewall
• SBC default:
• If the end of the table is reached without a match, the packet is accepted
289
Layer 3/4 Traffic Firewall Rules – Example
290
Call Admission Control
291
Encryption
• Secure Signaling:
• TLS: TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3
• DTLS: DTLS 1.0 and DTLS 1.2
• Re. Handshake
• Mutual authentication
• Certificate Revocation Checking
• Verify Subject Alt Name against the provisioned proxy name
• Secure RTP (SRTP):
• RFC 4568 (voice, video)
• SRTP enforcement
292
Secure SIP using TLS
293
Secure Media (RTP) Traffic
294
Block Unused SIP Ports
295
Classification Table
296
Condition Table
297
Block Unclassified Incoming Calls
• Block incoming calls that cannot be classified to an IP Group, or based on the rules in the Classification table
• If unclassified calls aren’t blocked, they’re sent to the default SRD/IP Group, so illegal calls can pass
• SBC rejects unclassified calls by default
298
Message Policy Table
• SIP message policy rules for blocking (blacklist) unwanted incoming SIP messages or allowing
(whitelist) receipt of desired messages
• Blacklist and whitelist for defined methods and for defined bodies
• Assigned to SIP Interfaces associated with the relevant IP Groups
299
Intrusion Detection System (IDS)
• The device's Intrusion Detection System (IDS) feature detects malicious attacks
on the device
• The IDS configuration is based on IDS Policies/set of rules
• Each rule defines a type of malicious attack to detect and the number of
attacks (alarm threshold)
• SNMP traps send to notify of malicious activity and/or whether an attacker has
been added to or removed from the blacklist
• IDS Tables:
• Global Parameters – enables IDS
• Policy Table – defines IDS Policies and Rules
• Match Table – assigns the IDS Policies to targets under attack (SIP Interface) and/or
source of attacks (Proxy Set and/or subnet address)
300
Registration Restriction Control
301
Limit SBC Registered Users per IP Group
302
Limit SBC Registered Users per SIP Interface
303
Limit SBC Registered Users per SRD
304
Registration Restriction Control
• Ensure that calls from unregistered users are blocked (rejected) and that calls from
only registered users are allowed
305
Block Unregistered Users
306
Block Unauthenticated Registration
• Blocks unauthenticated users from registering into the SBC’s database per SRD or SIP
Interface
• SBC then only registers users authenticated by a SIP proxy server
307
Define Strict IP to IP Routing Rules
• Define specific IP2IP routing rules accurately and correctly avoiding asterisks (*) if possible
• Route Source IP Group to Destination IP Group correctly to achieve the required call outcome
• Inaccurate or weak routing rules can easily result in Service Theft
308
Secure Management Connections
309
Secure Management Connections (cont.)
User levels: Defines a Secure Socket Shell (SSH) Defines the duration (in days) of
Monitor public key for RSA public-key the validity of the password. Allows the same user account to
Administrator authentication (PKI) of the remote 0 means that the password is log in to the device from different
Security Administrator user when logging into the device's always valid. sources (i.e., IP addresses).
Master CLI through SSH The default is 90
311
Authentication Server
312
Secure Management Connections (cont.)
313
Secure Management Connections (cont.)
314
Secure Management Connections (cont.)
315
Secure Management Connections (cont.)
316
Lesson 13
318
Configuring TDM Bus
• TDM Bus Clock Source (Network/Internal)
• Clock source on which the gateway synchronizes
• TDM Bus Local Reference
• Determines the Trunk ID used to synchronize the
gateway’s clock when using external clock
• TDM Bus PSTN Auto Clock Reverting
• Enables the PSTN trunk Auto-Fallback Reverting feature
• TDM Bus PSTN Auto FallBack Clock
• Disable = Recovers the clock from the E1/T1 line defined
by parameter ‘TDM Bus Local Reference’
• Enable = Recovers the clock from any connected
synchronized slave E1/T1 line
• Apply only if the TDM Bus Clock Source parameter is set to Network and TDM
Bus PSTN Auto Clock Reverting is set to Enable
• PCM Law Select (A-law/µ-law)
• Usually A-Law for E1 and µ-Law for T1
319
Configuring Key Trunk Parameters
320
Configuring Key Trunk Parameters
• Protocol Type
• Sets the PSTN protocol to be used for this trunk
• If ‘Protocol Type’ of all PRI trunks displays 'None', select the protocol type (E1/T1) for a single trunk and
Restart the gateway
• Only after the Restart you will be able to continue configuring the trunks
• Clock Master
• Determines Tx clock source of E1/T1 line
• Recovered (0) = Generate clock according to Rx of E1/T1 line
• Generated (1) = Generate clock according to internal TDM bus
• ISDN Termination Side
• User side = ISDN User Termination Side (TE)
• Network side = ISDN Network Termination Side (NT)
• Select 'User side' when the PSTN or PBX side is configured as 'Network side’ and vice-versa
321
Configuring Key Trunk Parameters
322
Digital Trunk Points of Information
• All Trunk spans must be of the same Line Type (all E1 or all T1)
• Different flavors of same Line Type (E1/T1) can be configured on available Trunks
(e.g., E1 Euro ISDN and E1 QSIG)
• Trunks are referenced in ini file and Syslog messages as ‘0-3’ regardless of whether
physical Trunks are numbered ‘1-4’
323
Trunk Group Table – E1/T1 and/or FXS
• Used to assign Trunk Groups, Profiles and logical telephone numbers to the
gateway's channels
• Trunks or B-Channels that are not defined are disabled
324
Trunk Group Settings
• Determines the method by which new calls are assigned to channels within each Trunk
Group ID
• If such a rule doesn't exist (for a specific Trunk Group), the global rule defined by the
Gateway General Settings’ Channel Select Mode parameter applies
325
Coder Group Table
• Allows you to configure coders for the Gateway
• The first coder in the list has the highest priority
• A coder can appear only once in the table
• The Packetization Time determines how many coder payloads are combined into a single RTP packet
• The Gateway always uses the packetization time requested by the remote side for sending RTP packets
• Enable/Disable the Silence Suppression option per coder
326
Gateway Routing Tables
327
Tel-to-IP Routing Table
• Used to route calls from Tel to IP
328
IP-to-Tel Routing Table
• Used to route calls from IP to Tel
329
Number Manipulation
330
Routing Mode Parameters
• The Tel to IP Routing Mode and IP to Tel Routing Mode parameters determine the
order between routing calls to Trunk Groups and manipulation of the number
• Route calls before manipulation (default)
• Route calls after manipulation
331
Lesson 14
SBC Survivability
Lesson Objectives
333
SBC Survivability
334
SBC Survivability
2
ITSP1
3
E1/T1
PSTN
4
Enterprise
LAN
335
Survivability Methodology
337
Define Alternative Reasons Set Table
• The Alternative Reasons Set table lets you configure groups of SIP response codes for SBC call release
(termination) reasons that trigger alternative routing
• This feature works together with the Proxy Hot Swap feature, which is configured in the Proxy Sets table
• If no response, or ICMP or SIP 408 response is received, the SBC attempts to use the alternative route
even if no entries are configured in the ‘Alternative Reasons Set table‘
338
Define Alternative Reasons Rules Table
339
Assign the Alternative Reasons Set to Destination IP Group
• To apply your configured alternative routing reason rules, you need to assign the
Alternative Reasons Set for which you configured the rules, to the relevant IP Group
in the IP Groups table, using the 'SBC Alternative Routing Reasons Set' parameter
340
SBC Survivability for IP-PBX Users
Normal Mode
Survivability Mode
Fallback to PSTN
341
Define Media Realms
342
Define SIP Interfaces
343
Define Proxy Set – IP-PBX
344
Define Proxy Set – ITSP1
345
Define Proxy Set – ITSP2
346
Define IP Groups
347
IP to IP Routing Table – Options Termination
348
IP to IP Routing Table – IP-PBX to ITSP1 (Primary Route)
349
IP to IP Routing Table – IP-PBX to ITSP2 (Alternative Route)
350
IP to IP Routing Table – Calls to IP-PBX
351
Define Alternative Routing Set
• If no response, or ICMP or SIP 408 response is received, the SBC attempts to use the
alternative route even if no entries are configured in the ‘Alternative Routing Set‘
352
Assign the Alternative Reasons Set to Destination IP Group
353
Configure the TDM Bus for the Gateway
354
Configure the Digital Trunk
355
Configure the Trunk Group – E1/T1
• Used to assign Trunk Groups, Profiles and logical telephone numbers to the
gateway's channels
356
Configure the Trunk Group Settings
• Determines the method by which new calls are assigned to channels
within each Trunk Group
357
IP to Tel Routing
358
Tel to IP Routing
359
Define IP to IP Routing Table
• Add the Gateway entry to SBC IP-to-IP Routing Table:
360
SBC Survivability for LAN Users
Server IP-Group
Hosted IP-PBX
Server 1: 201.10.1.1
Server 2: 201.10.1.2
User IP-Group
Normal Mode
Survivability Mode
361
Define IP Group – LAN Users
362
User IP Group Classification
363
Define IP to IP Routing Table
• Terminate Options
364
Define IP to IP Routing Table
365
Define IP to IP Routing Table
366
Define IP to IP Routing Table
367
Define IP to IP Routing Table
368
Define IP to IP Routing Table
369
Lesson 15
371
High Availability Overview
• The device's High Availability (HA) feature provides 1+1 system redundancy using
two Mediant devices
• If failure occurs in the active device, a switchover occurs to the redundant device
which takes over the call handling process ensuring the continuity of call services
• All active calls (signaling and media) are maintained upon switchover
• Only IP calls are maintained during a switchover
• For those devices supporting the Gateway function, PSTN calls are dropped by sending
a SIP BYE message to the IP side. This is because only the active device is physically
connected to the PSTN interfaces
372
High Availability Architecture
ITSP
Active Mediant
SYNC
IP-PBX
New Active
Standby Mediant
Mediant
Enterprise
LAN
374
Two Box Redundancy flow
ITSP
Active
New Mediant
Standby Mediant
IP-PBX
SYNC
New Active Mediant
Enterprise
LAN
375
HA License Key
376
High Availability Configuration
• Since both devices have the same IP address, in the initial configuration stage,
they cannot both be connected to the network
• To initially configure HA:
1. Configure HA on the first device
2. Save the configuration to flash and power down
3. Configure HA on the second device
4. Save the configuration to flash and Restart
5. Power up the first device
377
IP Interfaces
Maintenance Interface
378
Physical Network Connections
Maintenance
379
HA Setting
• The remote maintenance IP Interface
• Devices Names
• Network Monitor:
• The SBC can monitor a specified network entity, using pings
• If the device does not receive a ping response from the entity, a switchover to the redundant device occurs
• Defines the minimum number of monitored rows (configured in the HA Network Monitor
table) whose destinations are unreachable that are required to trigger an HA switchover
• The valid value is 1 to 10. The default is 1
380
HA Network Monitor
• Network Monitor:
• The SBC can monitor a specified network entity, using pings
• If the device does not receive a ping response from the entity, a switchover to the redundant device occurs
381
Preempt Mode
382
Preempt Mode
383
HA Status in the Monitor Page
384
Initialization Process
385
HA Software Upgrade
386
High Availability Maintenance
387
Hands-on Lab 5
SBC Survivability
Thank You