AudioCodes SBC Essentials & Configuration

AudioCodes SBC
Essentials & Configuration
AudioCodes Academy
https://www.audiocodes.com/services-support/audiocodes-academy
Course Objectives
• After completing this course, you will be able to:

• Identify the AudioCodes products supporting the Session Border Controller (SBC) functionality
• Identify the functions of the SBC
• Understand how the SBC handles SIP messages
• Understand the reasons for Number and Message Manipulation
• Understand the Survivability concept
• Be familiar with the SBC Security features
• Understand the basic Gateway functionality
2
Lessons & Course Timetable
Day 1 Day 3
AudioCodes Introduction SBC Media Handling
AudioCodes Devices Management Interfaces Hands-on Lab 3 – SBC Transcoding
AudioCodes Documentation SBC Number & Message Manipulation
Gateways and SBCs Product Line Hands-on Lab 4 – SBC Manipulation
Hands-on Lab 1 – Management Interface Usage SBC Security
Day 2 Day 4
SBC Application Description Digital Gateways Basic Configuration
SBC Basic Terminology SBC Survivability
SBC Configuration SBC High Availability
Debugging Tools – Syslog Hands-on Lab 5 – SBC Survivability
SBC Wizard (optional)
Hands-on Lab 2 – SBC Routing Certification Exam
3
Lesson 1
AudioCodes Introduction
AudioCodes in a glance
• Market leader in VoIP networking products

• Recognized brand for quality & performance
• Deployed in over than 100 countries in service provider and enterprise networks
• Global partnerships with leading telecom players
• Large Fortune 100 install base
• 1000+ employees worldwide, ~40% R&D
• More than 30 years of VoIP expertise
• Public since 1999 (NASDAQ:AUDC)
https://www.audiocodes.com/corporate/about-audiocodes
5
Global Presence and Support
• Worldwide presence:
• Headquarters: Israel
• North America: USA and Canada
• APAC: Singapore, China, Japan, India, Korea, Australia, Hong Kong, etc.
• EMEA: Germany, UK, France, Netherland, Russia, Italy, South Africa, Poland, Sweden, etc.
• CALA: Brazil, Mexico, Argentina, Colombia, etc.
• Global Distribution Network covering more than 100 countries
• Support Centers covering all time zones
• 3 Logistics Centers in North America, EMEA and APAC
6
Broadest Portfolio of Products
Management/Apps
Routing Manager OVOC UMP Apps
Room Solutions
& IP Phones All-In-One
405 445 450/C450 C470 Video Collaboration Bar Personal Webcam UC-HRS Speakers Conference Phone
Virtual & Cloud SBC

Mediant VE (Virtual Edition) Mediant CE (Cloud Edition)
Pure SBC
Mediant 2600/B Mediant 4000/B Mediant 90xx Mediant SE Software Edition
Hybrid SBC/Gateway
Mediant 500/L Mediant 800B/C Mediant 1000B Mediant 3100
Gateways/Adaptors
MediaPack 1xx MediaPack 124 MediaPack 20x MediaPack 5xx MediaPack 1288
7
The Voice Experts @ Your Service
Network Voice Project Planning & Site Survey, AudioCodes

Readiness Management Design Installation & Academy
Assessments Design
Implementation
Implement
Test
5 10 20 25 30 35
24x7 Technical Hardware Local Technician Software Remote

Support Replacement Dispatch Upgrades Monitoring
12
9 3
12
End to End 9 3
Managed Services 6
8
Technical Training – Certification Levels
• ACA – AudioCodes Certified Associate

• Basic level certification
• Required for the installation and maintenance of AudioCodes devices
• ACP – AudioCodes Certified Professional

• Advanced level certification
• Required for the installation, maintenance and advanced troubleshooting
of all AudioCodes networking products in advanced customer scenarios
• Prerequisite: ACA certification and 6 months of field experience as ACA
* Certificates are valid for two years

9
AudioCodes Academy – Recommended training path
SBC - Advanced Routing & Multitenancy (4 days)

* Required: AudioCodes SBC - Advanced Interworking & Security
SBC - Advanced Interworking & Security (4 days)

* Required: AudioCodes SBC - Essentials & Configuration
SBC in a Microsoft Teams Environment – Troubleshooting (1 day)

* Required: AudioCodes SBC in Microsoft Teams Environment
SBC in Microsoft Teams Environment (1 day)

SBC Testing & Troubleshooting (3 days)

SBC - Essentials & Configuration (4 days)

* Recommended: VoIP & SIP Fundamentals
• Participation
VoIP & SIP Fundamentals (1 day)
* No prerequisite • AudioCodes Certificated Associate (ACA)
• AudioCodes Certificated Professional (ACP) 10
AudioCodes Website
https://www.audiocodes.com 11
Lesson 2
AudioCodes Devices Management Interfaces

Objectives
• After completing this lesson, you will:

• Be familiar with the AudioCodes GUI
• Know how to assign IP Networking parameters
• Be familiar with the Maintenance Interface
• Understand ini file structure
• Know how to upgrade/downgrade firmware
• Know how to update the License Key
13
Management and Maintenance Options
Embedded Web Server Command Line Interface (CLI)
Configuration file (ini file) REST-based programs (as OVOC)
14
Assigning Networking Parameters
• HTTP using Web browser

• Console/CLI
• DHCP
15
Default Factory IP Address
Product Default
MP 11x FXS and FXS/FXO devices – 10.1.10.10/16
MP 124 FXO devices – 10.1.10.11/16
MP 5xx
MP 1288
Mediant 500/L/Li E-SBC
Mediant 800B/C E-SBC
Mediant 1000B E-SBC
192.168.0.2/24
Mediant 2600 SBC
Mediant 3100 SBC
Mediant 4000/B SBC
Mediant 9030/9080 SBC
Software SBC (Mediant SE/VE/CE)
Mediant 500/L/Li MSBR LAN – 192.168.0.1/24 (DHCP Server enable)

Mediant 800 MSBR WAN – DHCP Client
16
Assigning IP Address – HTTP
• Disconnect the SBC from the network and connect it to a PC

• Change the PC’s IP address and subnet mask to correspond with the SBC's factory default
networking parameters
• Open a Web browser and access SBC Web interface
• Browser to the IP NETWORK >> CORE ENTITIES >> IP Interfaces web page
• Change the networking parameters
• Reconnect the SBC and your PC to the network
• Restore your PC’s IP address and subnet mask to their original settings
• Reconnect to the SBC Web browser and save the configuration to the flash
192.168.0.2 /24
192.168.0.7 /24
17
Assigning IP Address – HTTP
18
Assigning IP Address – Command Line Interface (CLI)
• Establish a Console using COM/VGA, or remote using SSH/Telnet session with the device
• Use these communications (COM) port settings:
• Baud Rate: 115,200 bps
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
• At the CLI prompt, type the following (case sensitive):

• Default Username: Admin
• Default Password: Admin
19
Assigning IP Address – RS-232
Username: Admin
Username: Admin
Password: Admin Password: *****
Mediant 800> enable

Password: Admin Password: *****
Mediant 800# configure network
Mediant 800(config-network)# interface network-if 0
Mediant 800(network-if-0)# ip-address 10.15.17.55

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit’ command
Mediant 800(network-if-0)# prefix-length 16

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit' command
After ‘exit’ the address Mediant 800(network-if-0)# gateway 10.15.0.1

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit' command
changed. For remote
connection, logon Mediant 800(network-if-0)# exit
again using the new IP
Mediant 800(config-network)# exit
address
Mediant 800# write
Writing configuration...done
Mediant 800#
20
Assigning IP Address – DHCP
• Dynamic Host Control Protocol: Provides a mechanism for allocating IP addresses

dynamically so that addresses can be reused
• After the Device is powered up if DHCP is enabled (DHCPEnable = 1), the Device
attempts to obtain its IP address and other network parameters from the DHCP server
21
Configuration File (ini file)
;**************
;** Ini File **
;**************
;Board: M800B
;HW Board Type: 72 (M800)
;FK Board Type: 77 (M500) Serial Number = Decimal representation of the last
;Serial Number: 11257565 6 digits of the MAC address (i.e., 00:90:8f:ab:c6:dd)
;BID: abc6dd:19
;Software Version: 7.40A.500.017
; Stream: 7.4.500
; Dictionary found: yes 7.40.500 – Major software version
;DSP Software Version: 5014AE3_R => 0724.42
;Board IP Address: 10.15.7.20
A – Indicates that this is a SIP version (e.g., not Megaco)
;Board Subnet Mask: 255.255.0.0 017 – Minor software version
;Board Default Gateway: 10.15.0.1
;CPU: Cavium Networks Octeon V0.1 @ 500Mhz, total 2 core(s), 2 cpu(s), 1 socket(s)
;Core(s) mapping:
;core #0, on cpu #0, on socket #0
;core #1, on cpu #1, on socket #0
;Memory: 512 MB
;Flash size: 64 MB
;Cloud Type: Undefined
; Number of DSP Cores: 3
;Num of physical LAN ports: 4
;SBC Sessions Capability:
; Local License: 184 SBC Sessions (up to 184 if all legacy telephony interfaces are disabled)
; Pool License: 0 SBC Sessions (from License Pool Manager)
; Total (Actual): 0 SBC Sessions (up to 184 if all legacy telephony interfaces are disabled)
; TDM Sessions Used for SBC Sessions: 34
; Key features:
; Board Type: 77
22
Configuration File (ini file)
Stand-alone Parameters
Table Parameters
23
ini File Parameters
• Case insensitive
• Subsection names are optional
• Lines beginning with semi-colon (;) as first character are ignored
• When a parameter is missing from the ini file, its default is assigned
• Number of spaces before and after equal ( = ) is irrelevant
• Values of string parameters must be placed between two single quotes ( ‘ ’ )
• Syntax errors in value can cause unexpected errors (may be set to wrong values)
• Syntax error in the parameter name is ignored (error message is generated)
[Optional Sub Section Name]
Parameter_Name1 = Parameter_Value
Parameter_Name2 = Parameter_Value
Parameter_Name3 = ‘String’
; REMARK
24
ini File Table Parameters
• Tables are used in ini files to represent parameters that have several instances
(e.g., Coders, Proxy servers, Routing tables, etc.)
• Examples:
25
AudioCodes INI Viewer & Editor
• A simple viewer and editor for configuration (INI) files used by AudioCodes Media
Gateway and Session Border Controller (SBC) products
• Modes:
• View Mode:
• Standalone and Table parameters can be
viewed in a very friendly way
• Text Mode:
• Provides less fancy but more scalable
presentation of large INI files (without any
missing table lines)
• Edit Mode:
• Standalone and Table parameters can be
edited (modified, added, removed, etc.) for
a very easy way of changing their contents
• Once this is done, the new INI file can be
saved and uploaded to the device in order
to apply the new configuration
26
AudioCodes INI Viewer & Editor – View Mode
View Mode
27
AudioCodes INI Viewer & Editor – TXT Mode
TXT Mode
28
AudioCodes INI Viewer & Editor – Edit Mode
Edit Mode
29
Accessing the Web Interface
Default Username: Admin

Default Password: Admin
30
GUI Areas
Company Logo Menu Bar Containing the Menus:

• Setup
• Monitor
• Troubleshoot
31
GUI Areas
Work pane: Where configuration pages are displayed

Tab bar containing tabs pertaining to the selected menu:
• Setup menu:
• IP Network
• Signaling & Media
• Administration
• Monitor menu:
• Monitor
• Troubleshoot menu:
• Troubleshoot
Navigation Tree
32
Tool Bar
Button Description
Save Saves parameter settings to flash memory
Restart Restarts the device
Opens a drop-down menu list with frequently needed commands:
Configuration Files to load or save an ini file
Auxiliary File to load auxiliary files such as: Dial Plans, Call Progress Tones, others
Actions
License Key to determine features, capabilities and available resources
Software Upgrade to upgrade the device's software
Configuration wizard
Alarm Bell icon Displays the number of active alarms generated by the device
Opens a drop-down menu and:
Logon Name (like Shows the logged in user’s access level and session time
Admin) Allow password change
Allows to Logout
Drop-down list of document names (e.g., Release Notes, Security Guidelines, Installation Manual and User's Manual) that
if clicked, opens the document (resource) from AudioCodes website
33
Stand-alone Parameters
• Parameters that are not contained in a table are referred to as stand-alone parameters
Stand-alone parameters
34
Modifying/Saving Parameters
• When changing parameter values, the changed

parameter has a yellow background
• To save configuration changes to volatile memory

(RAM), click the Apply button
• A dot appears next to parameters changed from
their default values
• Modifications to parameters with on-the-fly

capabilities are immediately applied to the device
and immediately take effect
• Parameters displayed with a lightning symbol are
not changeable on-the-fly and require a device
Restart 35
Modifying/Saving Parameters
• If you click the Apply button after modifying parameters a red rectangle appears
surrounding the Save button
• This is a reminder to save your settings to flash memory
• If you click the Apply button after modifying parameters that take effect only after
a device Restart, a red rectangle appears surrounding the both, the Save and
Restart buttons
• This is a reminder to later save your settings to flash memory and Restart the
device
36
Stand-alone Parameters Indications Meaning
Parameters changed and not applied are highlighted
A dot appears next to parameters changed from their

default values and when the Apply button was clicked
Changes on parameters displaying a lightning-bolt icon,

require to be saved to flash memory followed by a device
Restart for your changes to take effect
Typically required parameters are displayed in bold font
An invalid value for a parameter reverts to its previous

value and is surrounded by a colored border
To get help on a parameter, hover your mouse over the

parameter's field
A pop-up help appears, displaying a brief description of
the parameter
37
Table Parameters – General Description
Page title (name of table) Navigation bar for scrolling Filter for searching
Also displays the number of through the table's pages parameters and values
configured rows as well as the
number of invalid rows
Added table rows displaying

Adds a new row to the table only some of the table
Modifies the selected row parameters
Deletes the selected row
Detailed view of a selected row, displaying all parameters
Link to open the "child" table of the "parent" table

Only appears if the table has a "child" table
38
Table Syntax
• The table is divided into three main areas: General, Matching characteristics and Action to take
• If the incoming call matches the characteristics of a rule, then the call is sent to the destination
configured for that rule
• Non-configured parameter fields may appear with different values, for example: “-1”, “0” or empty
39
Numbers Notation for Routing and Manipulation
• Flexible numbers notations for describing the prefix and/or suffix Username Pattern
5
source and/or destination phone numbers and SIP URI usernames: 5*
5#
(5)
▪ Prefix [n-m] or Suffix (n-m) 5x*
▪ Represents a range of numbers 976[4,5,7-9]xxx#
[3-5,7,9]
▪ Prefix [n,m,...] or Suffix (n,m,...) [100-108,222,244,600-620]
▪ Represents multiple numbers 6[600-700]#
6[600-700]
▪ Multiple ranges such as [n-m,s-t] are also supported [1,8][12,34][5000-5100]
▪ x (letter ‘x’) [2000000-2000099]
2[2,6,7,9]
▪ Represents any single digit 2[1-4]
▪ * (asterisk symbol) 1xxx
1xxx#
▪ Represents any number (88[1-4])
976(99)
▪ # (Hash symbol) *
▪ Represents the end of a number
40
Numbers Notation – Examples
• [2,3,4,5,8]xxx
• Represents four-digit numbers or more that start with 2, 3, 4, 5 or 8
• Can write: [2-5,8]xxx
• [5200-5299]#
• Represents four-digit numbers that start with 5200 to 5299
• 12345
• Represents any number that starts with 12345
• 12345xx#
• Represents seven-digit numbers that start with 12345 (from 1234500 to 1234599)
• 4[000-599]#
• Represents four-digit numbers that start with 4 [4000 to 4599]
• (100)
• Represents any number that finishes with 100
• (266[1-9])
• Represents any number that finishes with 2661 to 2669
• 1[2,7][33,66]
• Represents any number that start with 1233, 1266, 1733 or 1766 41
Fields to Match
• Device attempts to match patterns at the top of the table first (first match)
• More specific rules should be at the top and more generic ones at the bottom
Take the rule up
‘551’ will never match because ’55’

matches every prefix that starts with ’55’
42
Assigning Rows from other Tables
• Tables may contain parameters assigned a value which is a row referenced from
another table
A View button opens the row-

referenced table
43
Table Parameters Invalid Values Indications
• When adding a row:
• If a mandatory parameter’s value, which is a row referenced from another table is not assigned,
after clicking Apply, an error message is displayed at the bottom of the dialog box
• Clicking Cancel closes the dialog box and the row is not added to the table
• To add the row, you must configure the parameter
44
• When editing a row:
• If a parameter’s configuration is changed so that it's no longer assigned with a referenced
row from another table, when the dialog box is closed, the Invalid Line icon appears for
the table in which the parameter is configured, in the shown locations:
Page title of the table. The total number of invalid

rows in the table is also displayed with the icon
'Index' column of the row to which the parameter belongs
Item in the Navigation tree that opens the table

45
• When a parameter assigned a value which is an invalid row referenced from

another
• The Invalid Reference Line Icon is displayed for the table in which the parameter is
configured, in the shown locations
Page title of the table. The total number of invalid rows in

the table is also displayed with the icon
'Index' column of the row to which the parameter belongs
Item in the Navigation tree that opens the table 46

Searching for Configuration Parameters
• Parameter names (standalone or table) and values can be searched in the Web interface
• The search key can include the full parameter name (Web or ini file name) or a substring of it
• For a substring, all parameters containing the substring in their names are listed in the search result
• The search key for a parameter value can include alphanumeric and certain characters
• The key can be a complete value or a partial value
• When the device completes the search, it displays a list of found results based on the search
key
• Each possible result, when clicked, opens the page on which the parameter or value is located
47
Searching for Configuration Parameters
Search can
be by name
or by value
48
Setup Menu: IP Network Option
• Home Page: NETWORK VIEW
IP Interfaces can be added, VLANs can be

edited, viewed or deleted added, edited,
viewed or deleted
Ethernet Groups
can be, edited
or viewed
Physical Ports
can be, edited
or viewed
49
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW
Trunk Groups
can be added IP top view (i.e.
Tel view
related to the WAN)
(i.e. related to the PSTN)
SIP Interfaces can be added SIP Interfaces can be added Media Realms can
and shown at the top or and shown at the top or be added and shown
bottom (GW application) bottom (SBC application) at the top or bottom
IP bottom view (i.e.

related to the LAN)
IP Groups can be added
50
Click to edit,
show, or delete
parameters or
tables
Hover to see the

basic configuration
51
Direct links to the SBC’s

Direct links to the main parameters and
Gateway’s main tables
parameters and tables
The links between SIP Interfaces, Media

Realms and IP Groups are shown
Indications of valid or invalid configuration on tables or parameters
52
Setup Menu: Administration Option
• Home Page: TIME & DATE
Displays and allows to configure

the UTC, offset and DST
Displays and allows

to configure the
local time and date
Displays and allows to

configure the NTP server
information
53
Web Local Users Table
54
Maintenance Actions
• Restart Device: After a Web Restart, the device starts from Flash
• Lock: The device doesn't accept any new incoming calls
• Save to Flash: Save the running configuration to the memory
• Graceful Option: Shutdown will perform only after X configured sec. or no more active traffic exists
55
Maintenance: Configuration File
To restore the defaults, use ‘Restore Factory Defaults’

with/without checked ‘Preserve basic connectivity’
Load/Save .ini Configuration File Addition way, use an empty ini file
Load/Save .cli Configuration File
Configuration, Auxiliary and Certificate files can be

loaded to and saved from the device as a single,
packaged file
The feature is typically used for backup and loading
the backup to other devices
56
Configuration Package Files
• ini.ini (ini configuration file)
• LOGO.dat (image file used as the logo in the Web interface)
• FAVICON.dat (favicon file used for Web browsers)
• CPT.dat (Call Progress Tone file)
• PRT.dat (Pre-recorded Tone file)
• AMD.dat (Answer Machine Detection file)
• SBC_Wizard.dat (SBC Configuration Wizard template file)
• CAS file (present only if a CAS file was previously loaded to the device)
• Certificate files (<ctx_id>.crt, <ctx_id>.root, <ctx_id>.pkey)
57
Maintenance: Auxiliary Files
• Various auxiliary files can be loaded to the device
58
Maintenance: Upgrading & Downgrading Software
• The device can be updated with software (cmp file), configuration (ini file),
auxiliary files and license key using:
• Web/CLI interface
• Automatic Update Mechanism
• BootP/TFTP utility
59
Maintenance: License Key
• Supplied with SBC and digital gateways (not relevant for MP-1xx)
• Determines features, capabilities and available resources
• Provided in string format or in a txt file to be loaded to the device
• Stored in the device's non-volatile flash memory
• After loading the new key, the device must be Restart
• Two options for manage the license:
• Local on the SBC
• By AudioCodes OVOC
60
License Types for SBCs
• Local License
• By loading a license key to the device, without requiring the OVOC
• Fixed License
• Allows a 'tenant' operator to update licenses from a central pool in a simple process
• The operator can allocate and de-allocate the licenses for the devices in the pool according to their
capacity requirements
• Recommended when multiple SBCs are deployed and centrally managed
• Floating License – Cloud Mode
• This mode manages the license per customer in the Cloud using the AudioCodes Floating License
Service
• Floating License – Flex Pool Mode
• It supports a Floating License across a network without the need to connect to a public cloud
61
License Types for SBCs
Fixed License Floating License – Cloud Mode
Total 100
Sessions AudioCodes Floating
License Server
Local + Local + Local +

50 Sessions 15 Sessions 35 Sessions Customer X
Floating License – Flex Pool Mode

Total 600
Sessions
Unlimited Sessions
Dynamic sessions allocation

REST message
62
Local License Key
63
Device License Key in Fixed Pool Mode
64
Device License Key in Cloud Mode
65
Device License Key in Flex Pool Mode
66
Monitor Menu
• Home Page: MONITOR
Shows the IP Address, Firmware, Type of Devices and Serial Number
Displays status and information

on the hardware
Displays statistics and information

on calls, transactions and
registration
67
Device Information
68
Troubleshoot Menu
• Home Page: MESSAGE LOG
69
Auto-Completion Editor
• Auto-completion for parameters whose values are configured using a special syntax
• An Editor button is displayed alongside their fields, which when clicked, opens a syntax editor
• As text is typed in the field, the user is prompted with optional syntax
70
AdminPage
• Used to configure parameters that don’t appear in the Web interface
71
Lesson 3
AudioCodes Documentation
Lesson Objectives

• Understand how to obtain technical documentation from AudioCodes’ Web site
• Be familiar with the different documents that AudioCodes publishes regularly for its' products
• Understand how to use the documents for configuration and maintenances purposes
73
Obtaining AudioCodes Documentation
• You can access all AudioCodes' documentation from AudioCodes Web site:
• Technical documentation
• User manuals
• Hardware installation manuals
• Configuration notes
• Release notes
• Homologation material
• Regulatory information
• Partner/channel material
• Interoperability guides
• Marketing material
• White papers
• Application notes
• Product notices
74
Obtaining Document
https://www.audiocodes.com/library/technical-documents 75
Obtaining Document (Cont.)
• Use the following filters to search
for you document:
76
Hardware Installation Manual – Specific Documentation
• Hardware description and step-by-step

procedures for installing and cabling the device
• Divided into chapters, such as:
• Overview of the product
• Unpacking the device
• Physical description
• Mounting the device
• Cabling the device
• Hardware maintenance
77
User’s Manual – Specific Documentation
• Main document for configuration and maintenance

• Divided into parts, such as:
• Overview of the product
• Getting started
• Management tools
• General System Settings
• General Configuration
• Specific applications’ description and configuration
• Maintenance
• Status, Performance Monitoring and Reporting
• Diagnostics
• Appendixes
• Identified by software release version
78
Release Notes
• Release Notes
• One per software release
• Includes:
• New features
• Updates
• Bugs fixing
• Workarounds on existing constraints
• Others
79
Complementary Guides
• Complementary Guides
• Includes
• Reference Guides
• Design Guides
• Security Guidelines
• Utilities Guides
• Others
• Identified by software release version
80
Configuration Notes
• Configuration Notes
• Document providing a detailed description on how
to configure a specific feature/function/application
for a product
• Normally referenced by the User’s Manual
81
Lesson 4
Gateways and SBCs Product Line

Lesson Objectives
• After completing this lesson you’ll be able to:

• Identify AudioCodes analog and digital gateways
• Identify AudioCodes products that support SBC
83
Analog Gateways Overview
• MediaPack (MP) analog gateways
• MP-1xx:
• 2 to 24 analog ports
• FXS, FXO, or mixed FXS and FXO ports
• Zero-Touch Provisioning
• The latest maintenance firmware version is 6.6
• MP-5xx:
• 2 or 8 analog FXS ports
• Zero-Touch Provisioning
• Branch Survivability
• SBC capability
• MP-1288:
• 288 analog FXS ports
• 3U Chassis
• Dual Power Supplies
• SBC capability
84
Digital Gateways Overview
• Digital PRI and BRI VoIP gateways

• SBC capability
• Analog capability (some of them)
Mediant 500L Mediant 500 Mediant 1000B
Mediant 800B Mediant 800C Mediant 3100
85
SBC Portfolio
Hybrid SBC/Gateway
Mediant 500/L Mediant 800B/C Mediant 1000B Mediant 3100
Pure SBC
Mediant 2600 Mediant 4000/B Mediant 90xx Mediant SE Software Edition
Virtual & Cloud SBC

Mediant VE (Virtual Edition) Mediant CE (Cloud Edition)
86
Hybrid SBC Portfolio
Mediant 500L/Li E-SBC Mediant 500 E-SBC Mediant 800B/C E-SBC Mediant 1000B E-SBC Mediant 3100 SBC
Small Enterprise, SMB, SMB, SME, Enterprise,

End customer SMB
Branch Branch Branch Service Providers
SIP Trunk, SIP Trunk,
Demarcation Device, SIP Trunking, SIP Trunking,
Application Survivability, Survivability,
SIP Trunking TDM Trunking TDM Trunking
TDM Trunking TDM Trunking
Sessions 60 250 250/400 150 5000
SRTP-RTP 60 200 250/300 120 5000
Transcoding N/A N/A 57/114 96 3700
Registers 200 1500 1500/2000 600 20000
4*Analog, 4*Analog, 12*Analog, 8*BRI, 24*Analog, 20*BRI,

Media Gateway 8*64 E1/T1
4*BRI 1*E1/T1 2/4*E1/T1 6*E1 or 8*T1
MSBR √ √ √ X X
OSN X X √ √ X
87
Pure SBC Portfolio
Mediant 2600 SBC Mediant 4000/B SBC Mediant 9030/9080 SBC Mediant SE
Large Enterprise, Large Enterprise,
Enterprise, Service Providers,
End customer Service Providers, Service Providers,
Contact Center OEM
Contact Centers Contact Centers
SIP trunking, SIP trunking, SIP Trunking,
Application SIP Trunking
Service Provider Access SBC Service Provider Access SBC SP Access SBC
Sessions 600 5000 30000/70000 70000
SRTP-RTP 600 3000/5000 30000/40000 40000
9600 without Media 9600 without Media
400 without MPM 800 without MPM Transcoder Transcoder
Transcoding
600 with MPM4 2400/5000 with MPM 30000 with Media 25000 with Media
Transcoder (Only 9080) Transcoder
Registers Up to 8000 Up to 20000 Up to 200000/500000 Up to 500000
OSN √ √ X X
88
Virtual & Cloud SBC Portfolio
Mediant VE Mediant CE (Cloud Edition)

Enterprise
Enterprise
End customer ISVs & OEMs
Service Providers
Service Providers
SIP Trunking SIP Trunking
Application
Service Provider Access SBC Service Provider Access SBC
Sessions 24000 50000
SRTP to RTP 10000 50000
Transcoding 12000 with Media Transcoder 38000 with Media Component
Registers 75000 100000
89
Open Solutions Network (OSN) Server Hosted Mediant
Parameter OSN4B OSN (7, 8 or 9)
CPU Intel® Xeon® Intel® Atom
Memory 16 GB Up to 32 GB
Hard Drives Up to 1000 GB HDD or 120GB SSD Up to 256 GB SSD
Mediant 1000B
Mediant Types Mediant 2600B (just for SBA) Mediant 800C
Mediant 4000B
90
Multi-Service Business Routers – MSBR
• Wide range of WAN interfaces

• 10/100/1000 Base-T Copper Ethernet interface
• 2 Dual-Mode (100Base-X and 1000Base-X) SFPs
• ADSL2+, SHDSL, VDSL2 vectoring
• 3G/4G/5G
• Gigabit Ethernet LAN with option for PoE
• Routing, switching and QoS
• Stateful firewall and VPN
• Integrated session border controller (SBC)
• Analog and digital telephony interfaces
• Products:
• Mediant 500/L/Li
• Mediant 800B/C 91
Media Processing Module (MPM)
• Optional, customer-ordered AMC-based module

• Provides additional Digital Signaling Resources (DSP) required for transcoding call sessions
• Different MPM module types are available:
• MPM4 module, providing 4 DSPs (up to 600 sessions)
• MPM8 module, providing 8 DSPs (up to 2400 sessions)
• MPM8B module, providing 8 DSPs (up to 2400 sessions)
• MPM12B module, providing 12 DSPs (up to 3250 sessions)
• Up to three MPM modules can be installed

• MPM4 and MPM8 module types can be installed in the same Mediant 2600/4000 chassis
• MPM8B and MPM12B module types can be installed in the same Mediant 4000B chassis
92
SBCs journey to the cloud
• SBC traffic demands are dynamic 30000

Fixed
1.2
allocation
• Sizing an SBC for worst-case scenario
25000 1
is cost prohibitive
• SBC elasticity is key for resource
20000 0.8
optimization – you can start small Active Calls
Active calls
and grow as needed Dynamic
15000 allocation 0.6
10000 0.4
5000 0.2
0 0
calls Resources
93
Mediant Cloud Edition SBC (Mediant CE)
• Separated signaling and media processing (built out of dedicated functional blocks)
• Elastic Media Cluster (traffic-based scalability)
• Full SBC functionality
• Single management point
• Multi Cloud (Amazon AWS and Microsoft Azure)
• Built-in HA Signaling and management
CLI
SC SC REST
Stack API
Manager
MC MC MC MC MC … Stack Manager
- REST API for all actions
media media media - CLI for scripting languages
- NFV and DevOps API
Virtual infrastructure
(compute, storage, networking)
94
Hands-on Lab 1
Management Interface Usage

Lesson 5
SBC Application Description

Lesson Objectives
• After completing this lesson you’ll know:

• Where and how to have the SBC located
• SBC functions
97
SBC Definition
• A device/application which:
• Manages a VoIP session by performing:
• Session setup
• Call conducting
• Session tear down
• Enforces VoIP Security
• Often installed at a demarcation point between one network
segment (Un-Trusted) and another (Trusted)
98
What are Session Border Controllers For?
• Connectivity (Connect between any SIP servers)

• Security (DDoS, Call theft, Eavesdropping)
• Quality Assurance (Monitor call quality, Report on quality
issues, Quality enhancements, Call recording)
• Regulatory Compliance (Emergency calls, lawful interception)
• Media Services (RTP/SRTP, Coder Transcoding)
• Statistics and Billing information
99
Where are SBCs located?
Access SBC Peering SBC Provider X

• Carrier Security • Routing
• Normalization • Transcoding
• Load balancing • Interoperability
• Throttling Provider Y
SMB / Enterprise
Provider Z
Service Provider
E-SBC
• Interoperability
• Enterprise Security
• Service Resiliency
• Quality of Service
• Legacy connectivity
• Routing
Branch
100
SBC Implementations
• Logical Applications/Topologies options:

• Local IP-PBX with SIP Trunk by ITSP
• Hosted IP-PBX
• Two Local IP-PBXs (SIP Normalization)
• Logical Deployment options:
• SBC connected with one leg to LAN
• SBC connected with one leg to DMZ
• SBC connected with one leg to DMZ and another leg to LAN
• Physical SBC Connections:
• Number of ports used for each logical connection, with/without 1+1 port redundancy
101
Applications / Topologies
• Local IP-PBX with SIP Trunk by ITSP
Enterprise
Network
IP-Phones users
FEU
LAN SBC SIP Trunk WAN
IP-PBX ITSP
102
• Hosted IP-PBX
Enterprise
Network
IP-Phone users
SBC
LAN WAN
Hosted
IP-PBX
103
• Two Local IP-PBXs (SIP Normalization)
IP-Phones Enterprise
Network
LAN 1
SBC
IP-Phones
LAN 2
IP-PBX
104
Logical SBC Connections – One Leg LAN
IP-Phone
Firewall
LAN WAN
IP-PBX
DMZ
ITSP
105
Logical SBC Connections – One Leg DMZ
IP-Phone
Firewall
LAN WAN
IP-PBX
DMZ
ITSP
106
Logical SBC Connections – One-Leg DMZ and One-Leg LAN
IP-Phone
Firewall
LAN WAN
IP-PBX
DMZ
ITSP
107
Physical SBC Connections
• One-Leg (DMZ or LAN) LAN
• Only 1 port required (1 cable)

• Optional: 2 ports, 1+1 redundancy (2 cables)
DMZ
• VLAN-Aware Switch
LAN
• Only 1 port required (1 cable)
• Optional: 2 ports, 1+1 redundancy (2 cables)
DMZ
• Two-Legs (LAN and DMZ)

LAN
• 2 ports used (2 cables)
• 4 ports used, 1+1 redundancy (4 cables)
DMZ
108
SBC VoIP Features
• NAT Traversal
• Transcoding
• Topology Hiding
• VoIP Firewall
• SIP Routing
• SIP Normalization
• Survivability
109
NAT Traversal
• Enables communication with ITSP/SIP Trunk using globally unique IP addresses
IP-PBX
FW Public IP address
182.30.15.20
Enterprise WAN
LAN
SBC IP address ITSP

10.15.11.1 Soft Switch
110
SBC Conversion
• Coder Transcoding
• RTP <-> SRTP
• Fax/Modem translations
• RFC 2833 <-> Transparent DTMF <-> SIP INFO
• Transrating
SRTP RTP
G.711 G.729
IP-PBX ptime:20 T.38 ITSP
RFC 2833 ptime:30
SIP INFO
111
Topology Hiding
• Hides the Internal Network

• SBC implements back-to-back user agent (B2BUA):
• Strips all incoming SIP Via header fields and creates a new Via value
for the outgoing message
• Independent Route/Record Route per leg
• Use SBC Contact info
• Change Call-ID per leg
• Restrict Caller-ID
• Host Name modification
112
Security – VoIP Firewall
• SIP Signaling
SIP Invite
• SIP classification
• Deep Stateful Packet Inspection (SPI) of all SIP signaling packets
• Packets not belonging to a valid SIP dialog are discarded
Layer 3-4
Firewall
Discard Message
• RTP
• Opening pin holes according to Offer/Answer negotiation Authenticate
• Deep Packet Inspection (DPI) of all RTP packets

Layer 5-7
• Once a dialog is disconnected, related Pin-Holes also disconnect SBC VoIP
Firewall
Message admitted
113
Comprehensive Security
IDS Security
Abnormal behavior detection Server
Layer 3-4 Access List

Wire Speed
Rate limiting
Enterprise
Core
CAC
Classification #calls,
Message /Routing call rate,
TLS and Policy SIP layer bit rate,…
Internet/Peers SRTP Malformed access list
SIP SIP
Context
Identification
114
SBC Routing
• Calls routing is based on several factors

• Route based query to external or internal database
• Multiple destination types
• Termination
115
SIP Normalization
• Solves interoperability issues between SIP user agents

• Manipulation of SIP URI user and host
• SIP Header Manipulations
• P-Asserted-ID conversions
• Session timer conversions
• Early media conversions
• Register to ITSP on behalf of the IP-PBX
• Flexible REFER and Forward handling
• And more
116
SBC Survivability
• Three survivability features:

1. Routing calls to alternative routes such as:
• ITSP
• IP-PBX
2. Routing calls between user agents in the local network using a dynamic DB
(built according to registrations of SIP user agents)
3. Fallback to the PSTN based on E1/T1 connection (Hybrid devices)
117
Lesson 6
SBC Basic Terminology

Main SBC Operation Modes
• B2BUA
• Maintains independent sessions toward the endpoints
• Processing an incoming request as a User Agent Server (UAS) on the inbound leg
• Processing the outgoing request as a User Agent Client (UAC) on the outbound leg
• SIP messages are modified regarding headers between the legs
• The device's interworking features may be applied
UAC UAS UAC UAS

Request Request
• Stateful Proxy Server

• SIP messages traverse the device transparently (with minimal interference) between
the inbound and outbound legs
• No topology hiding UAC UAS
Request
119
Signaling Routing Domain (SRD)
• Logical representation of the entire SIP-based VoIP network containing groups of

SIP users and servers
• Typically, only a single SRD is required, and this is the recommended configuration
topology
• Multiple SRDs can be used for multi-tenant deployments, where it "splits" the
device into multiple logical devices
120
Media Realms
• Range of UDP ports associated with an IP network interface

• Used by SBC to perform media (Audio, Video, Fax) anchoring functionality
• Defines maximum number of sessions (based on the ports range)
• Can be assigned to the SIP Interface and/or the IP Group
121
SIP Interface
• The SIP Interface represents a Layer-3 network (Bounded)

• SIP Interface is associated with one and only one SRD
• It defines a local SBC listening port for SIP signaling traffic on a local, logical IP
Network Interface
• Defines the application, SBC or GW (relevant just for Hybrid devices)
• The SIP Interface is used to receive and send SIP messages with a specific SIP entity
(IP Group)
• Multiple SIP Interfaces may represent multiple SIP entities in the VoIP network:
• SIP Trunk
• LAN IP-PBX
• Remote WAN users
122
IP Group
• An entity with a set of definitions and behaviors which represents a SIP Group in the IP
Network
• 3 Types of IP Group:
• Server: Used when the destination address is known
• User: Represents a group of users where their location is dynamically obtained by the device when
REGISTER
• Gateway: Applicable where the SBC receives requests to and from a gateway representing multiple
users
• Used to classify incoming SIP dialog-initiating requests to a source IP Group, based on Proxy
Set ID
• Used in IP-to-IP routing rules to denote the source and destination of the call
• It is highly recommended not do modify IP Group ID 0
• This IP Group is used for several reasons (e.g., PSTN fallback)
123
Proxy Set
• Represents the destination (address) of the Server-type IP Group

• A Proxy Set is a group of Proxy servers defined by IP address or Fully Qualified
Domain Name (FQDN)
• Keep alive mechanism can be implemented
• Each Proxy server address can define:
• Destination SIP port
• Transport type
• Load balancing
• Redundancy mechanisms
• Can be used for message classification
• It is highly recommended not do modify Proxy Set ID 0 (it’s used by IP Group ID 0)
124
Classification Process
• Process that identifies the incoming SIP dialog request

as belonging to a specific source IP Group
• If the SBC doesn't find a matching criterion
(i.e., classification fails), the dialog is rejected (SIP 1
Firewall)
• There are four steps in the classification process:
2
1. Device‘s registration database (AOR)
2. Proxy Set 3
3. Classification Table
4. Reject or Allow unclassified source
4
• Each stage is done only if the previous stage fails

125
IP-to-IP Routing
• IP-to-IP routing rules define the routes for routing calls between SIP entities
• The routing rules typically employ IP Groups to denote the source and
destination of the call
• Various other source and destination methods can be used
126
SBC Routing
• IP-to-IP call destination can be:
• Server IP Group associated with Proxy Set
• Registration Database and User IP Group
• Destination address based on: IP-Address or Host Name (FQDN)
• Internal
• Gateway (Hybrid SBC)
• Based on Dial Plan File (internal DB)
• External ENUM server query (external DB)
• External LDAP server query (external DB)
• Third-party Routing Server (external DB)
• Based on Hunt Group
• Based on incoming Request-URI
• Alternative routing
• Re-routing of SIP requests
• Call Forking
• IP Group Set
• Destination Tag
• Least Cost Routing (LCR)
127
CMR Process (CMR = Classify, Manipulate, Route)
Reject Dialog
No match No match No match
Leg1
Incoming Outgoing
SIP Interface Classification Routing
Message Message
Leg2
Pre-Parsing
Manipulation Inbound Outbound
(SIP Interface) Message Manipulation Set Message Manipulation Set
(Source IP Group) (Destination IP Group)
Pre-Classification
Manipulation
(SIP Interface)
Inbound (before routing) Outbound (after routing)
Source and/or Destination Source and/or Destination
Number Manipulation Number Manipulation
(Optional)
128
SIP Trunk Example
IP-PBX
TLS 5067 or TCP 5068
SBC
DefaultSRD
Media Port Pool SBC Tables: Media Port Pool

(Ports 7000-7500) Classification Process (Ports 6000-6500)
IP2IP Routing Tables
SBC Manipulation
SBC SIP Interface SBC SIP Interface
UDP port 5085 UDP port 5060
Enterprise TCP port 5068 WAN
LAN TLS port 5067
Gateway Tables:
IP-to-Tel Table
Gateway SIP Interface (Optional) Gateway SIP Interface (Optional)
Tel-to-IP Table
UDP port 5050 GW Routing Tables TCP port 5070
GW Manipulation Tables
Fax Server ITSP

FXS E1
UDP 5085 UDP 5060
Analog Lines
PSTN
PSTN
129
Lesson 7
SBC Configuration
Lesson Objectives
• After completing this lesson you’ll know how to:

• Configure the parameters required by the SBC
131
Topology Configuration Example – One Leg LAN
Configuration Stage:
SBC IP: 10.15.11.1 /16 ITSP 1. IP Interface
IP-PBX
Server 1: 200.100.10.5 2. SRD
IP: 10.15.11.2 /16
Server 2: 200.100.10.1 3. Media Realms
Transport Type: TCP 4. SIP Interface
Transport Type: UDP
Listening Port: 5050 5. Proxy Set
Listening Port: 5060
Media Realm: 7000 (50 legs) 6. IP-Group
Media Realm: 8000 (50 legs) 7. IP Profile
Coder: G.711Alaw
Coder: G.711Alaw 8. Routing
9. NAT Translation
10. Classification
Firewall
LAN IP: 10.15.0.1
WAN: 200.100.10.2
132
Configure IP Addresses – IP Interface Table
133
IP Address – Physical to Interface
134
Initial Topology View
Default values for SRDs, IP Groups, Proxy Set, SIP Interfaces, Media Realms
135
Media Realm Table
• The default Media Realm is used for SIP Interfaces and IP Groups for which
you have not assigned a Media Realm
136
RTP UDP Port Spacing
• Ports are allocated in chunks of 2, 4, 5 or 10 (device dependent) called media session legs
137
Configuring Media Realms – Example
138
SIP Interface Table
• Default SIP Interface is already pre-configured and assigned to the default SRD
• Defines a local listening port for SIP signaling traffic on a local logical IP network
139
SIP Interface Table Record
• Select Network Interface • Assigns a Media Realm
• Select SBC or
GW application
• Select UDP, TCP

and/or TLS port/s
• Defines the SIP response code that the device sends if a received SIP request
(OPTIONS, REGISTER, or INVITE) fails the SBC Classification process
• The valid value can be a SIP response code from 400 through 699, or it can be set to 0
to not send any response at all (recommended for security reasons)
• The default response code is 500 (Server Internal Error)
140
Configure SIP Interface Table – Example
141
IP to Local Signaling and Media Resources
• Multiple SIP Interfaces represent multiple layer 3 networks
• Media Realm shared between multiple SIP Interfaces
SBC SIP Interface 1
Media Realm 1
LAN Vlan1
IP Interface 1
Physical Network 1
SIP Interface 2
Media Realm 2
SIP Interface 3
SIP Interface 4
IP Interface 3
Media Realm 4
WAN/DMZ
Physical Network 2
SIP Interface 5
IP Interface 4 Media Realm 5
SIP Interface 6
142
Proxy Sets Table
143
Proxy Sets Table
• Define the Proxy Set Name
• Select Redundancy mechanisms
Defines an arbitrary name to easily

identify the Proxy Set Not configured , Parking or Homing
Set Hot Swap
Select SBC or GW
SIP Interface Enable Load Balancing
Enable Keep-Alive
144
Proxy Address Child Table
• Enter Proxy IP address or FQDN

• Enter Destination SIP port & Transport type
145
Define Proxy Set IP-PBX – Example
146
Define Proxy Set ITSP – Example
147
IP Group Table
148
IP Group Table – General Parameters
IP Group Name
Defines the display location of the IP

Group in the Topology view
3 types: Server, User, Gateway
Proxy Set Name associated with the Server

IP Group
IP Profile, assigned to the IP Group. The
default is ‘None’
Media Realm, assigned to the IP Group.

Choose the name defined in the Media
Realm Table from the drop-down list
The Request-URI host name used in INVITE

and REGISTER messages sent to this IP
Group, or the host name in the From
header of INVITE messages received from
this IP Group
149
IP Group Table – SBC General Parameters
Enables classification of incoming SIP dialogs (INVITEs) to the IP
Group, based on the Proxy Set assigned to the IP Group
(Applicable only to Server-type IP Groups)
Defines the device's operational mode for the IP Group.

Options:
• Not Configured = (Default)
• B2BUA
• Call Stateful Proxy
• Defines a hostname, which the device uses to overwrite the hostname of the URI in certain SIP headers
• When the device forwards a SIP message to this IP Group, the configured hostname overwrites the host
part in SIP headers that are concerned with the source of the message
• The parameter is applicable only when the IP Group is the destination of the call
• This parameter has higher priority than the 'SIP Group Name' parameter of the source IP Group
150
IP Group Table – SBC Other Tabs
Inbound/Outbound Message Manipulation Set:

Assigns a Message Manipulation Set (rule) to the IP Group
151
Define IP Group 1 (IP-PBX) – Example
152
Define IP Group 2 (ITSP) – Example
153
IP Profile
• A set of configuration parameters

• Provides high-level adaptation when connected to a variety of equipment, each
of which requires different system behavior
• Assigned to IP Groups
154
IP Profile
• The configurable parameters for the IP Profile are divided into sections:
• General parameters
• Media Security parameters Related to SRTP
• SBC Signaling parameters
• SBC Early Media parameters
• SBC Registration parameters
Related to SIP Signaling on the SBC
• SBC Forward and Transfer parameters
• SBC Hold parameters
• SBC Media parameters
• SBC Fax parameters Related to Media on the SBC
• Media parameters
• Quality of Service parameters
• Jitter Buffer parameters
• Gateway General parameters
• Voice
• Gateway DTMF parameters
• Gateway Fax and Modem parameters
• Answer Machine Detection parameters
• Local Tones parameters 155
IP Profile
156
IP to IP Routing Table
157
IP to IP Routing Table – General and Match Sections
Route Row / Alternative Route / Forking Group
Defines the IP Group from where the IP call is received
Defines the SIP dialog request type:

• All (default)
• INVITE
• REGISTER
• SUBSCRIBE
• INVITE and REGISTER
• INVITE and SUBSCRIBE
• OPTIONS
From Message Condition Table
158
IP to IP Routing Table – Action Section
Determines the destination type to which the outgoing SIP dialog is sent.
This can be IP Group, Destination Address, LDAP, Gateway, internal, etc.
Defines a SIP response code (e.g., 200 OK) or a redirection response. The
parameter is applicable only when the 'Destination Type' parameter in this
table is configured to Internal – example: Reply(Response='200') 159
Configuring IP-to-IP Call Routing Rules – Example
160
Define NAT Translation – Example
• NAT rules for translating source IP addresses per VoIP interface:
• SIP Control
• Media Traffic
• The Global address is set in the SIP Via and Contact headers as well as in the o= and c= SDP fields
161
Define Classification Rules (Optional)
162
Message Conditions (Optional)
163
Lesson 8
Debugging Tools – Syslog

Troubleshooting Guidelines
• Understanding the problem

• What are the expected results?
• What are the actual results?
• Collecting data
• Use the relevant data collection tools for problem investigation
165
What is Syslog?
• Standard for forwarding log messages in an IP network

• A Syslog server is used to remotely record logging information
• Syslog information sent by the device is a collection of error, warning and system
messages that record every internal operation of the device
• Syslog messages are marked with a sequential number
• A Syslog server usually adds the time the message was received and the source IP
address
166
Syslog Message Format - Example
08:39:09.716 10.15.12.1 local3.notice [S=12504] [BID=5e88ae:123] (N 12163) SIPSocketReliable(#48) Released - SocketID=311
08:39:10.510 10.15.12.1 local3.notice [S=12505] [SID=5e88ae:123:342] (N 12164) (#5380)gwSession[Allocated]. Handle:2D3992C0; Global session ID: a06e4f5cb322d7a5
08:39:10.510 10.15.12.1 local3.notice [S=12506] [SID=5e88ae:123:342] (N 12165) SIPAppMngr::ClassifyByProxySet - Message was classified by ProxySet 3 to IPGroup 3
08:39:10.510 10.15.12.1 local3.notice [S=12507] [SID=5e88ae:123:342] (N 12166) Classification Succeeded - Source IP Group #3 (ITSP2)
08:39:10.514 10.15.12.1 syslog.error 4 packets missing
08:39:10.516 10.15.12.1 local3.notice [S=12512] [SID=5e88ae:123:342] (N 12171) ResourceCounter: SBC leg +1 [1/200]
08:39:10.516 10.15.12.1 local3.notice [S=12513] [SID=5e88ae:123:342] (N 12172) CAC: Add SBC Outgoing INVITE, IPG 1 (Teams): 1, SRD 0 (DefaultSRD): 1, SipIF 0 (Teams): 1
08:39:10.516 10.15.12.1 local3.notice [S=12514] [SID=5e88ae:123:342] (N 12173) ResourceCounter: SBC leg +1 [2/200]
08:39:10.516 10.15.12.1 local3.notice [S=12515] [SID=5e88ae:123:342] (N 12174) (#114)Route found (2), Route by IPGroup, IP Group 3 -> 1 (ITSP2 -> Teams)
Timestamp and Message Sequence Number Unique SIP call session and device identifier (SID)
IP Address In this example 4 messages Example: SID=5e88ae:123:342
were lost <last 6 characters of device's MAC address>
<number of times device has been restarted>
<unique SID counter indicating the call session
Type of Message
Syslog generates the following types of messages:
• error: Indicates that a problem has been identified that requires immediate handling
• warning: Indicates an error that might occur if measures are not taken to prevent it
• notice: Indicates that an unusual event has occurred
• info: Indicates an operational message
• debug: Messages used for debugging
167
Enabling Syslog
• Enable Syslog
• Set Syslog Server IP
address and port
• Select the Syslog level
(recommended ‘Detailed’)
168
Message Log
• View the Syslog messages sent by the device
169
AudioCodes Syslog Viewer
• A Syslog application provided by AudioCodes
170
Stop/Start Writing Log Flow Diagram
Clear On-Line Syslog Pause/Resume Logging Disable Auto scroll Options
Open Saved File Zoom In/Out Freeze Display Search Options Search
Search Text
Number of Error and

Total Number of Warning Messages in
lines in the Log File the Log File
171
• Syslog can be enabled simultaneously in several devices, reporting to the same Syslog Server
Syslog form different IP Addresses can be viewed
172
• SIP/SDP messages are properly arranged to be easily identified for analysis
173
• The SIP/SDP flow diagram can be viewed, refreshed and exported
SIP Flow Diagram
174
• The SIP/SDP <-> ISDN flow diagram can be viewed
175
• Each arrow on the SIP/SDP flow diagram points to the right place in the trace
Points to
Highlighted Points to
176
• CDR info
177
• Extracting Single Call
178
Options
179
Lesson 9
SBC Wizard (Optional)

SBC Wizard – Overview
• User-friendly online tool designed to get AudioCodes Mediant SBC up and running
quickly and easily
• Step-by-step setup process, presenting the configuration options in a clear way
• Eliminates configuration errors and troubleshooting
• Easy to install Windows-based application
• Includes predefined configurations for a wide range SBC deployments (SIP trunk,
hosting etc.) with a variety of service providers and IP-PBXs
• Automatic software updates
• Built-in online help
• Available as web built-in and stand-alone application
181
Welcome Page
182
SIP Trunk Configuration
183
System Parameters
184
Interfaces
185
IP-PBX Parameters
186
ITSP Parameters
187
Number Manipulation
188
Remote Users (FEU)
189
Summary
190
Finish
191
Hands-on Lab 2
SBC Routing
Lesson 10
SBC Media Handling

Lesson Objectives
• After completing this lesson you’ll:

• Understand the way SBC handles media
• Know SBC media handling security features
• Be able to configure basic and advanced coder transcoding
194
SBC Media Handling
• Media Behavior – establishing, managing and terminating media sessions within SIP protocol
• Media sessions are created using SIP Offer/Answer mechanism and, if successful, the result is
a bidirectional media flow (Audio, Fax, Modem, DTMF)
• Each Offer/Answer may be negotiated on more than one media session of different types
(e.g., Audio and Fax, Audio and Video)
• In SIP dialog, multiple Offer/Answer transactions may occur
• Each transaction may change media session characteristics (IP address, port, coders, media
types and RTP mode)
195
Media Capabilities
• Media capabilities exchanged in Offer/Answer transactions:

• Media Types (Audio, Secure Audio, Video, Fax, Text)
• IP addresses and ports of media flow
• Media flow mode (send-receive, receive-only, send-only, inactive)
• Media Coders (coders and their characteristics used in each media flow)
• Other (standard or proprietary) v=0
o=AudiocodesGW 500661992 500661991 IN IP4 10.15.7.19
media and session characteristics s=Phone-Call
b=CT:1000
t=0 0
m=audio 6010 RTP/AVP 18 2 96
c=IN IP4 10.15.7.19
a=ptime:20
a=sendrecv
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:2 G726-32/8000
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-15
196
SBC Media Security
• NAT Traversal
• SBC changes SDP address to its own
• Firewall and Security

• RTP Pin-Holes – only RTP packets related to a successful Offer/Answer negotiation
traverse the SBC
• Deep Packet Inspection (DPI) of the RTP that flows through the opened Pin-Holes
• Late Rogue Detection – once a dialog is disconnected, related Pin-Holes also disconnect
197
Media Handling Modes
1. No Media Anchoring
2. Media Anchoring without Transcoding (Transparent)
3. Media Anchoring with Transcoding
IP-PBX ITSP
198
No Media Anchoring
• Enables SBC signaling capabilities without handling RTP/SRTP (media) flow between
remote SIP UAs
• RTP packet flow does not traverse the SBC; instead, 2 SIP UAs establish a direct RTP/SRTP
flow between one another
• Signaling continues to traverse SBC with minimal intermediation and involvement to
enable SBC capabilities such as routing
IP-PBX1 IP-PBX2
SIP Signaling
Media 199
No Media Anchoring
• Unlike regular SBC implementation:

• Does not perform manipulation on SDP data (Offer/Answer transaction) such as ports,
IP address, coders
• Opening voice channels, and allocating IP Media ports are not required
• Benefits:
• Saves network bandwidth
• Reduces CPU usage
200
No Media Anchoring – SDP Offer/Answer
SBC IP address: Incoming SDP Offer Outgoing SDP Offer
LAN: 10.15.11.1
v=0 v=0
o=AC 256624978 46177966 IN IP4 10.15.7.18 o=AC 256624978 46177966 IN IP4 10.15.7.18
s=SBC-Call s=SBC-Call
t=0 0 t=0 0
m=audio 6080 RTP/AVP 8 18 96 m=audio 6080 RTP/AVP 8 18 96
c=IN IP4 10.15.7.18 c=IN IP4 10.15.7.18
a=sendrecv a=sendrecv
a=ptime:20 a=ptime:20
IP-PBX1 a=rtpmap:8 PCMA/8000 a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000 a=rtpmap:18 G729/8000 IP-PBX2
a=fmtp:18 annexb=no a=fmtp:18 annexb=no
a=rtpmap:96 telephone-event/8000 a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-15,16 a=fmtp:96 0-15
Outgoing Answer Incoming Answer

10.15.7.18 10.15.7.21
v=0 v=0
o=AC 751920232 1406453965 IN IP4 10.15.7.21 o=AC 1805430843 446730239 IN IP4 10.15.7.21
t=0 0 t=0 0
m=audio 6030 RTP/AVP 8 96 m=audio 6030 RTP/AVP 8 96
c=IN IP4 10.15.7.21 c=IN IP4 10.15.7.21
a=rtpmap:8 PCMA/8000 a=rtpmap:8 PCMA/8000
a=fmtp:96 0-15 a=fmtp:96 0-15
201
No Media Anchoring – Global Parameter
• Enables the Direct Media feature for
all SBC calls, whereby SIP signaling is
handled by the device without
handling the media flow between
the user agents (UA)
• The RTP packets do not traverse the
device
202
No Media Anchoring – SIP Interface Level
• Enables direct media flow or media bypass between endpoints associated with the SIP
Interface for SBC calls
• Disable = (Default) Media Anchoring is employed, whereby the media stream traverses the device
• Enable = Direct Media is enabled; Media stream flows directly between the endpoints
• Enable when Same NAT = Direct Media is enabled; Media stream flows directly between the
endpoints if they are located behind the same NAT
203
No Media Anchoring – IP Profile Level
• Direct media occurs between all UAs whose IP Profiles have the same tag value
(non-empty value)
204
Media Anchor without Transcoding (Transparent)
• Default media operation mode

• RTP traverses SBC with minimal RTP packet changes (without DSP resources)
• Solves SIP compatibility, NAT, Firewall and Security issues
• All ‘audio’ coders in received offer are included in the outgoing offer
IP-PBX ITSP
SIP Signaling
Media
205
Media Anchoring without Transcoding (Transparent)
• To direct RTP to flow through SBC, all IP address fields in the SDP are modified:
• IP-Address, Session and Version ID
• Session connection attribute
• Media connection attribute
• Media port number
206
Transparent – SDP Offer/Answer
SBC IP addresses: Incoming SDP Offer Outgoing SDP Offer
LAN: 10.15.11.1
WAN: 200.100.10.20
v=0 v=0
o=PBX 257389510 1288747123 IN IP4 10.15.7.18 o=AC 2140747574 1560030007 IN IP4 200.100.10.20
t=0 0 t=0 0
m=audio 6090 RTP/AVP 8 18 96 m=audio 7030 RTP/AVP 8 18 96
c=IN IP4 10.15.7.18 c=IN IP4 200.100.10.20
IP-PBX a=rtpmap:8 PCMA/8000 a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000 a=rtpmap:18 G729/8000 ITSP
RTP a=fmtp:18 annexb=no a=fmtp:18 annexb=no RTP
8050 a=rtpmap:96 telephone-event/8000 a=rtpmap:96 telephone-event/8000 6040
a=fmtp:96 0-15,16 a=fmtp:96 0-15
6090 7030

10.15.7.18 182.30.15.20
v=0 v=0
o=AC 2083229444 479911099 IN IP4 10.15.11.1 o=ITSP 977558519 1694195807 IN IP4 182.30.15.20
t=0 0 t=0 0
m=audio 8050 RTP/AVP 8 96 m=audio 6040 RTP/AVP 8 96
c=IN IP4 10.15.11.1 c=IN IP4 182.30.15.20
a=rtpmap:8 PCMA/8000 a=rtpmap:8 PCMA/8000
a=fmtp:96 0-15 a=fmtp:96 0-15
207
Media Anchoring with Transcoding
• SBC performs transcoding when there are no common coders between 2 UAs involved in a
specific session
• RTP traverses the SBC, and each leg uses a different coder or coder parameters
• Transcoding is performed when an SDP answer from one UA does not include any coder
included in offer previously sent by the other UA
• For transcoding, SBC can be configured to add media capabilities to UAs of a specific IP
Group, then perform transcoding when selected coder in answer SDP doesn’t appear in
original offer
• DSP resources are required
IP-PBX ITSP
SIP Signaling
Media A
Media B 208
Transcoding – SDP Offer/Answer
SBC IP addresses: Incoming SDP Offer Outgoing SDP Offer
LAN: 10.15.11.1
WAN: 200.100.10.20 v=0
v=0 o=AC 1996517464 72690348 IN IP4 200.100.10.20
o=PBX 1741090166 564924681 IN IP4 10.15.7.18 s=SBC-Call
s=SBC-Call t=0 0
t=0 0 m=audio 7040 RTP/AVP 8 18 9 96 Extended Coder
m=audio 6120 RTP/AVP 8 0 96 c=IN IP4 200.100.10.20
c=IN IP4 10.15.7.18 a=sendrecv
a=sendrecv a=ptime:20
IP-PBX a=ptime:20 a=rtpmap:8 PCMA/8000
a=rtpmap:8 PCMA/8000 a=rtpmap:18 G729/8000 ITSP
a=rtpmap:0 PCMU/8000 a=fmtp:18 annexb=no
RTP RTP
a=rtpmap:96 telephone-event/8000 a=rtpmap:9 G722/8000
8020 a=fmtp:96 0-15,16 a=rtpmap:96 telephone-event/8000 6070
a=fmtp:96 0-15
6120 7040

10.15.7.18 v=0 182.30.15.20
v=0
o=ITSP 1152584458 712535162 IN IP4 182.30.15.20
o=AC 1338124955 1853106459 IN IP4 10.15.11.1
s=SBC-Call
s=SBC-Call
t=0 0
t=0 0
m=audio 6070 RTP/AVP 18 96
m=audio 8020 RTP/AVP 8 96
c=IN IP4 182.30.15.20
c=IN IP4 10.15.11.1
a=sendrecv
a=sendrecv
a=ptime:20
a=ptime:20
a=rtpmap:18 G729/8000
a=rtpmap:8 PCMA/8000
a=fmtp:18 annexb=no
a=rtpmap:96 telephone-event/8000
Transcoding a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-15
a=fmtp:96 0-15
209
SBC Virtual (VE), Cloud (CE) and Server (SE) Editions
• Optimized for SIP (Default)

• Optimization of CPU cores allocation to
improve SIP performance such as CPS
• Optimized for SRTP
improve maximum SRTP capacity
• Optimized for Transcoding
enable all DSP-required features, for
example, transcoding and voice in-band
detectors
210
Media Security
• Enables Secure Real-Time Transport Protocol (SRTP)
211
SRTP-RTP Transcoding
• SBC supports SRTP-RTP transcoding
• IP Profile parameter SBC Media Security Mode enforces
SBC legs to use SRTP/RTP
• Options:
• As is: SBC passes the media as is (default)
• Secure: SBC leg negotiate only SRTP media lines
• RTP media lines are removed from incoming SDP Offer/Answer
• Not Secure: SBC leg negotiate only RTP media lines
• SRTP media lines are removed from incoming Offer/Answer
• Both: Each Offer/Answer is extended (if it hasn’t been already)
to two media lines – one RTP and the other SRTP
• Offer Both - Answer Prefer Secured: The device prefers
secured media on the outgoing SDP answer
212
Extension Coders
• Extends the Media offering’s coders

• Extended coders are added only on the outgoing leg
1 Add G.729 2
G.711 + G.723 G.711 + G.723 + G.729
Group 2
Extended coder list contains:
G.711, G.729
213
Extension Coders
214
Extension Coders
• Assign Coder Group to IP Profile
215
Allowed Coders Group
• Determine coders to be used for a specific SBC leg

• Excluded coders are removed from the SDP offer
Remove G.723
1 G.723 + G.711 G.711 2
Group 2
Allowed Coders Group contains:
G.722
G.711
216
Allowed Coders – Incoming Offered
• At least one incoming coder must be in the Allowed Coders Group
Call Dropped
G.723 + G.711
Group 1 Group 2
Allowed Coders Group contains: Allowed Coders Group contains:
G.726 G.711
G.723
Remove G.723
G.723 + G.711 G.711
Group 1 Group 2
Allowed Coders Group contains: Allowed Coders Group contains:
G.711 G.711
G.726 G.723
217
Allowed Audio Coders Group
218
Assign Allowed Audio Coder Group to IP Profile
219
Allowed Coders Mode
• Restriction
• Checks for a match between Allowed Coders of the incoming group and the offered coders
• At least one must match
• SBC removes all coders arriving in incoming SDP except matched coders in outgoing
Allowed Coders Group
• only coders common to offered SDP and Allowed Coders Group are used
• Preference
• SBC reprioritizes coders based on Allowed Coders Group
• The coders received in the SDP offer are listed after the Allowed Coders
• Restriction and Preference
• Enables both, removes disallowed coders and reprioritizes coders
220
Allowed Coders Mode
• Determines mode of Allowed Coders feature
• Impacts Extension Coders priority
• Configured in IP Profile Settings (SBC Media Section)
221
Change Coder Priority
• Allowed Coders used to prioritize coder

• Coder with highest priority will be first listed
Group 2 - Allowed coder list:

G.729
G.711
G.723
Mode: Restriction and Preference
1 G.723 + G.711 + G.722 G.711 + G.723 + G.729 2

Answer Coder Answer Coder G.711
G.711 (200 OK) Group 2 - Extended Coder: (200 OK)
G.729
222
Extended Coders Behavior
• Orders the coders in the outgoing SIP message
• Applicable only if an Extension Coders Group is assigned to the IP Profile
• Doesn’t Include Extensions: Extension coders are added at the end of the coder list (default)
• Include Extensions: Extension coders arranged according to order in the Allowed Coders Group table
223
Change Coder Priority – Include Extensions
• Allowed Coders used to prioritize coder

• Based on the coder list the Outgoing Offering will send
• Coder with highest priority will be first listed
Group 2 - Allowed coder list:
G.729
G.711
G.723
Mode: Restriction and Preferences
Mode: Include Extensions
1 G.723 + G.711 + G.722 G.729 + G.711 + G.723 2

Answer Coder Answer Coder
G.723 (200 OK) Group 2 - Extended Coder: G.729 (200 OK)
G.729
224
Coder Transcoding Flow
Server 1 Server 2
SBC
Extension
Coders Allowed Extension Allowed
(not used) Coders Coders Coders
Call 1 IP Group 1 IP Group 2
IP Profile IP Profile
Call 2
Allowed Extension Allowed Extension
Coders Coders Coders Coders
(not used)
225
Media Handling Example 1
• IP-PBX supports G.711A-law and G.729

• ITSP supports only G.729
• No special media limit
IP-PBX: ITSP:
G.711A-law G.729
G.729
226
• Special coder configuration not necessary
IP-PBX SBC ITSP

G.711A + G.729
No Change
G.711A + G.729
G.729
No Change
G.729
227
• IP-PBX supports G.711A-law and G.729

• ITSP supports only G.729 and G-711A-Law
• Issue: ITSP would like to works only with G.729 (it required not to send G.711A-law)
IP-PBX: ITSP:
G.711A-law G.729
G.729 G711A-Law
228
• To avoid G.711A negotiation, remove it from the outgoing offer and allow just G.729
229
• In ITSP’s IP Profile, assign the Allowed Audio Coders Group, to offer only G.729
230
IP-PBX SBC ITSP

G.711A + G.729
Remove
G.711A
G.729
G.729
No Change
G.729
231
• IP-PBX supports only G.711A-law

• ITSP supports G.729
• Issue: There isn’t a common coder
IP-PBX: ITSP:
G.711A-law G.729
232
• Add G.729 and G.711A to the outgoing offering:

• Create a Coders Group and select G.729 and G.711A from the drop-down
233
• In ITSP’s and the IP-PBX’s IP Profiles, assign the Extension Coders Group to add
the miss coders to the offering
234
IP-PBX SBC ITSP ITSP SBC IP-PBX

G.711A G.729
Add Add
G.729 G.711A
G.711A + G.729 G.729 + G.711A
G.729 G.711A
Transcoding Transcoding
G.711A G.729
235
• IP-PBX supports G.711A-law, G.711U-law and G.723

• ITSP supports only G.729, G711A-law and G.726
• Issue:
• Add G.729 and G.726 to the outgoing offering
• Remove G.711U-law and G.723 from the outgoing offering
• Change the coders order
IP-PBX: ITSP:
G.711A-law G.729
G.711U-law G.711A-law
G.723 G.726
236
• Create an Allowed Audio Coders Group and select G.729, G.711A and G.726 coders
237
• Add G.729 and G.726 to the outgoing offering:
• Create Coders Group and select G.729 and G.726 coders
238
• ITSP IP Profile:
• Select Extension Coders Group to add G.729 and G.726 to the outgoing
• Select Allowed Audio Coders Group, to remove G.711U and G.723
• Select Allowed Coders Mode = Restriction and Preference, to perform both
• Media Settings:
• Extended Coders Behavior = Include Extensions
239
IP-PBX SBC ITSP

G.711A+G.711U+G.723
Add
G.729 + G.726
Remove
G.711U+G.723
G.729+G.711A+G.726
G.729
Transcoding
G.711A
240
Hands-on Lab 3
SBC Transcoding
Lesson 11
SBC Number & Message Manipulation

Lesson Objectives
• After completing this lesson, you’ll:

• Understand the reasons for Number & Message Manipulation
• Know how to perform Number & Message Manipulation
243
Reminder: CMR Process
Reject Dialog
No match No match No match
Leg1
Incoming Outgoing
SIP Interface Classification Routing
Message Message
Leg2
Pre-Parsing
Manipulation Inbound Outbound
(SIP Interface) Message Manipulation Set Message Manipulation Set
(Source IP Group) (Destination IP Group)
Pre-Classification
Manipulation
(SIP Interface)
Inbound (before routing) Outbound (after routing)
Source and/or Destination Source and/or Destination
Number Manipulation Number Manipulation
(Optional)
244
SBC Number Manipulation
• Done according to manipulation tables, similar to what’s done for routing
• Inbound manipulations are done before routing
• Inbound manipulation rule matching can be done by:
• Source IP Group
• Source and/or destination host and/or user prefixes
• Outbound manipulations are done after routing
• Outbound manipulation rule matching can be done by
• Destination IP Group
• Source IP Group
• Source and/or destination host and/or user prefixes
• Message Condition
• Tags
• Calling Name Pattern 245
Inbound and Outbound Number Manipulation
• IP-to-IP Inbound and Outbound manipulation lets you manipulate the user part of
the SIP URI in the SIP message for a specific entity
• Inbound manipulation is done on messages received from the SIP entity
• Outbound manipulation is done on messages sent to the SIP entity
User@Host
1000@10.15.11.1
246
SBC Inbound Number Manipulations
• Rules can be applied to user-defined SIP request type (INVITE,

SUBSCRIBE and/or REGISTER)
• Manipulation of Destination URI user part performed on these SIP
headers:
• Request URI
• To
• Remote-Party-ID (if it exists)
• Manipulation of Source URI user part is performed on these SIP
headers:
• From
• P-Asserted (if it exists)
• P-Preferred (if it exists)
247
SBC Inbound Number Manipulations
248
SBC Inbound Number Manipulations – Match Area
• Name
• Additional Manipulation: use same matching
condition as row listed above
• Manipulation Purpose: Defines the purpose
of the manipulation
• Request Type: SIP request type to which the

rule is applied
• Source IP Group: the IP Group from where the
incoming INVITE is received
• Source Username Pattern
• Source Host
• Destination Username Pattern
• Destination Host
249
SBC Inbound Number Manipulations – Action Area
• Manipulated Item: Determines whether the Source or Destination SIP URI user part is
manipulated
• Remove From Left
• Remove From Right
• Leave From Right: Defines the number of characters that you want retained from
the right of the user part
• Prefix to Add
• Suffix to Add
250
SBC Outbound Number Manipulations
• Configure rules to manipulate SIP URI user part (Source and Destination) of
outbound SIP dialog requests
• Rules can be applied to user-defined SIP request type (INVITE, SUBSCRIBE
and/or REGISTER)
• Manipulation of Destination URI user part performed on these SIP headers:
• Request URI
• To
• Manipulation of Source URI user part is performed on these SIP headers:
• From
• P-Asserted (if it exists)
• P-Preferred (if it exists)
251
SBC Outbound Number Manipulations
252
SBC Outbound Number Manipulations Match Area
• Same parameters as inbound, except for:

• Destination IP Group
• IP Group where the INVITE is being sent
• Calling Name Pattern
• Pattern of the calling name (Caller ID)
• Appears in the SIP From header
• Message Condition
• Assigns a Message Condition rule as a
matching characteristic
253
SBC Outbound Number Manipulations Action Area
• Same parameters as in Inbound except for:
• Manipulated Item
• Determines whether the Source, Destination SIP URI or Calling Name user part is manipulated
• Privacy Restriction Mode
• Determines user privacy handling by restricting source user identity in outgoing SIP dialogs
Transparent (default)
Don’t change privacy
Restrict
Remove Restriction
254
Message Manipulation
255
Why SIP Message Manipulation?
• Key SBC requirements:
• Each customer has distinct requirements for SBC fundamentals of Security, Interworking and Interoperability
• Multiple devices support SIP but do not interwork because of differences in how the protocol is implemented
or interpreted
• Manipulation customizes SIP messaging on either side to what devices in that network segment expect
• ITSPs or enterprises may have policies for which SIP messaging fields should be present before a SIP call
enters their network
• Resolves incompatibilities between SIP devices inside the enterprise network or between networks
• Self-service programmable tool that saves the time required to develop a software ‘patch’ for each customer
256
Message Manipulation
• A combination of rules, specified as a set or group of actions, to be attached to an IP Group

• Message Manipulation rules can be applied pre-classification or post-classification:
• Pre-classification Process:
• On incoming SIP dialog-initiating messages (e.g., INVITE) prior to the classification process
• The Manipulation Set ID is assigned to the SIP Interface on which the call is received
• Post-classification Process:
• On inbound and/or outbound SIP messages after the call has been successfully classified
• The Manipulation Set ID is assigned to the relevant IP Group in the IP Group table
257
Post-classification Manipulation
• IP Group pages display 2 fields:
• Inbound manipulation set: Set of rules to apply to incoming messages (from this IP Group)
• Outbound manipulation set: Set of rules to apply to outgoing messages (to this IP Group)
• Applied per message and not per call
• For example:
• IP Group 1 has 2 Message Manipulation Sets, one for Outbound and one for Inbound, for the same call:
• Incoming INVITE goes through Inbound MMS
• 100, 180 and 200 OK responses go through Outbound MMS
• IP Group 2 has 2 Message Manipulation Sets, one for Outbound and one for Inbound, for the same call:
• Outgoing INVITE goes through Outbound MMS
• 100, 180 and 200 OK responses go through Inbound MMS
Invite Invite
100 Try IP Group 1 – IP-PBX 100 Try

Inbound Message Manipulation Set = 1
180 Ringing Outbound Message Manipulation Set = 2 180 Ringing
200 OK 200 OK
IP-PBX IP Group 2 - ITSP ITSP
Inbound Message Manipulation Set = 3
Outbound Message Manipulation Set = 4 258
Message Manipulation Configuration
• Message Manipulation Table used to configure rules and relate them to a set of rules
• Rule configuration enables adding, modifying or removing most message content
• A rule can be conditionally applied
• Removing/Adding mandatory SIP Headers is not allowed, modifying Mandatory SIP Headers
is allowed, performed only on requests to initiate new dialogs:
• Mandatory Headers in INVITE message include:
• Request URI, To, From, Contact, Via, CSeq, Call-Id and Max-Forwards
• Mandatory SDP headers in INVITE message include:
• v, o, s, t ,c, m
259
Message Manipulation – Syntax
260
General – Manipulation Set ID
General Match Action

Manipulation Row Message Action Action Action
Name Condition
Set ID Role Type Subject Type Value
• Each Message Manipulation rule contains a Manipulation Set ID

• Same Manipulation Set ID can be configured for multiple rules
261
Assign Message Manipulations to SIP Interface
• Pre-Classification, message manipulation is done on inbound SIP messages before
the call classifies
• The Set ID is assigned to SIP Interface
262
Assign Message Manipulations to IP Group
• Post-Classification, message manipulation is done on inbound and/or outbound SIP
messages after the call has been successfully classified
• The MMS ID is assigned to IP Group for inbound and/or outbound messages
263
General – Row Role

Name Condition
• Determines which condition to use for this table row’s rule

• 2 options:
• Use Current Condition = use only the condition entered in this row
• Use Previous Condition = use the condition of the rule configured directly above this row
(to perform the defined action)
• When multiple manipulations rules apply to the same header, the next rule applies
to the result string of the previous rule
264
Match – Message Type
• The Message Type to manipulate General Match Action
• Rule applied only if this is the message type Name
Manipulation Row Message
Condition
Action Action Action
• Syntax: method.message-role.response-code
• Method
• Invite, Subscribe, Refer, etc.: Rule applies only to specific messages
• Unknown: Unknown methods also allowed
• Any (or empty): No limitation on method type
• Message-role
• Request: Rule applies only on requests
• Response: Rule applies only on Response message
Examples:
• Invite
• Response-code • Invite.Request
• 3xx: Any redirection response • Invite.Response.180
• Register
• 200: Only 200 OK response
• Any.Response.3xx
265
Match – Condition
• Rule-matching criteria (conditions) General Match Action
• If criterion (condition) exists, rule applies Name
Manipulation Row Message
Condition
Action Action Action
• Syntax: <option type> <match-type> match-condition

• Editor Options:
• Header, Body, Param, and others
• Match-type
• “==” , “!=” , “>” , “<” , “>=” , “<=” , “contains” , “!contains”, “exists”, “!exists”, “len>”, “len<“, “len==“,
sufix, prefix, insubnet, !insubnet, “regex”
• Logical-expression Examples:
• “AND” – Logical And • header.contact contains ‘audiocodes’
• Body.sdp !exists
• “OR” – Logical Or • header.from.url.user != ‘100’ OR header.from.url.user != ‘200’
• header.from.url.user == ‘500’ AND header.to.url.user == ‘600’
266
Action – Action Subject
• Header on which manipulation is performed
• Message element that changes
Name Condition
• Syntax: ("header"/"body").message-element-name [.header-index] [.(sub-element/sub-element-param)]

• Editor Options:
• Header, Body, Param, Message, and others
• Message-element-name – Name of message element
• From, To, Application/SDP
• Header-index – Header's index in the list of headers (if several same-type headers arrive)
• 0 or none = first header
• 1 = second header Examples:
• Header.History-Info.1
• 4 = fifth header
• header.from
• Sub-element – Header's element • header.contact.url.user
• header.referred-by.url.host
• url.user, host
267
Action – Action Type

Name Condition
• The action to be performed on the element

• Syntax:
• Add = adds a new header (or parameter or body)
• Remove = removes a header (or parameter or body)
• Modify = sets the element to the new value (replace the entire element)
• Normalize = removes unknown SIP message elements before forwarding the message
• Add Prefix = adds the value at the beginning of the element string
• Remove Prefix = removes the value from the beginning of the element string Recommended:
• Add Suffix = adds the value at the end of the element string Regular expression
• Remove Suffix = removes the value from the end of the element string
268
Action – Action Value
• Value to use in the manipulation General Match Action

Name Condition
• Syntax: (string/message-element/param)("+"(string/message-element/param))
• String
• ‘test.local’, ‘<sip:100@121.10.10.10:5067>’
• Message-element
• header.from.url.user, header.contact.url.user
• Param
• param.ipg.src.user, param.call.dst.host Examples:
• '3600‘
• Combination • ‘Bob’
• param.ipg.dst.host + ‘.com’ • header.to.url.host
• 'Mike@'+Header.To.URL.Host.Name
• Param.IPG.Dst.User+'com'
269
SIP Message Normalization
• Feature that can be enabled per manipulation rule when Action Type is set to "Normalize“
• Removes unknown or non-standard SIP message elements before forwarding the message
• These elements can include SIP headers, SIP header parameters, and SDP body fields
• The device normalizes the following SIP elements:
• Message:
• Removes unknown or non-standard SIP headers
• URLs:
• User part is normalized
• Headers:
• Unknown header parameters are removed
• URLs are normalized
• SDP Body:
• Removes unnecessary SDP fields
• Removes unknown media with all its attributes 270
SIP Message Normalization – Examples

Manipulation Message Action Action
Name Row Role Condition Action Type
Set ID Type Subject Value
Use Current
Example 1 1 invite header.to Normalize
Condition
Use Current
Example 2 4 invite message Normalize
Condition
• Example 1:
• To header before normalization:
• To: <sip:1-800-300-500;phone-context=1@10.33.2.17;user=phone;UnknownUrlParam>
• To header after normalization:
• To: <sip:1800300500@10.33.2.17;user=phone>
• Example 2:
• All the headers to be normalized
271
SIP Message Normalization – Body Example
Manipulation Set
Name Row Role Message Type Condition Action Element Action Type Action Value
ID
Use Current
Example 3 4 invite body.sdp Normalize
Condition
SDP before normalization SDP after normalization

v=0 v=0
o=SMG 791285 795617 IN IP4 10.33.2.17 o=SMG 791285 795617 IN IP4 10.33.2.17
s=Phone-Call s=Phone-Call
i=A Seminar on the session description protocol c=IN IP4 10.33.2.26
u=http://www.example.com/seminars/sdp.pdf t=0 0
e=j.doe@example.com (Jane Doe) m=audio 6000 RTP/AVP 8
c=IN IP4 10.33.2.26 a=rtpmap:8 pcma/8000
t=0 0 a=sendrecv
m=unknown 6000 RTP/AVP 8 a=ptime:20
a=unknown
a=sendrecv
a=ptime:20
m=audio 6000 RTP/AVP 8
a=rtpmap:8 pcma/8000
a=sendrecv
a=unknown
a=ptime:20
272
SIP Message Manipulation – Example Rules
273
SIP Message Manipulation – Example Rules
274
Example: Change Referred-By to Diversion
• ITSP expects Diversion and not Referred-By
275
SIP Interface Pre-Parsing Manipulation Sets
• Messages can be manipulated in their original format (plain text) as received from
the network
• Pre-Parsing Manipulation is done before Pre-Classification Manipulation and
Classification
• Pre-parsing rules assigned to the SIP Interface
• Regular expression (regex) is used to search for (match) in the incoming message as
well as to replace the matched pattern
• Parent – Child Table type
276
SIP Interface Pre-Parsing
• Messages can be manipulated in their original format (plain text) as received from the network
• Pre-Parsing Manipulation is done before Pre-Classification Manipulation and Classification
• Pre-parsing rules assigned to the SIP Interface
• Regular expression (regex) is used to search for (match) in the incoming message as well as to replace the matched
pattern
• Parent – Child Table type
277
Hands-on Lab 4
SBC Manipulation
Lesson 12
SBC Security
Lesson Objectives

• Be acquainted with enterprise security threats
• Know SBC security capabilities
280
Introduction
• VoIP networks must be secured against unauthorized access (similarly to IP networks)

• Threats endangering enterprise network security:
• Denial of Service (DoS) attacks
• Network abuse and fraud
• Viruses and malware
• Overload events
• Identity theft
• Eavesdropping
• Spam over Internet Telephony (SPIT)
• These threats can exist at the following IP network border points:
• Interconnect: SIP trunks to ITSPs
• Trusted access: Private, managed IP
• Un-trusted access: Unmanaged
281
Threats
• Denial of Service (DoS) attacks

• Malicious attacks designed to cripple your VoIP network by overloading it with calls or
service requests
• Overload events
• Non-malicious periods of intense activity can also cause an increase in call signaling rates
that exceed what your infrastructure can support
• Network abuse and fraud
• An unauthorized user gaining access to your VoIP network by mimicking an authorized
user or seizing control of a SIP proxy and initiating outbound calls for free
• Viruses and malware
• Computer viruses, worms, trojan horses, and other malware can degrade performance or
completely disrupt service
282
Threats (cont.)
• Identity theft
• Phishing and "man-in-the-middle" can be used to acquire caller identification information
to gain unauthorized access to services and information
• Eavesdropping
• The ability to listen to or record calls on VoIP networks - personal privacy violations
• Spam over Internet Telephony (SPIT)
• The delivery of unsolicited calls or voicemails can inundate networks, annoy subscribers,
and diminish the usefulness of VoIP networks
283
Security Solution
• AudioCodes SBC provides a comprehensive package of security features that

handles the following two main security areas:
• Securing the Service
• Secures the call services it provides by implementing separation and defense of different
network entities (e.g., SIP Trunk, softswitch, and users)
• Accomplished by the following:
• Physical separation of networks
• Defense against attacks on the SBC regarding SIP signaling and media
• IP Groups per entity
• Securing the SBC Itself
• Management
• Ensuring that only authorized users can access the management interface
284
SBC Security Features
• Network
• VLAN Separation
• Firewall
• Topology Hiding
• SBC
• Advanced SIP Firewall Filtering Rules (Classification rules)
• Advanced Call Admission Control (CAC) to enforce limits
• Intrusion Detection System (IDS)
• SIP Protection – Filter methods
• Signaling Security – TLS
• Media Security – SRTP
• Block Unregistered Users
• Management
• HTTPS
• SSH
• SNMP 285
Enhanced Multi-Tenant Security Support
• Non-bleeding partition per tenant running on a single shared physical entity

• Dedicated Vlan/SRD for each customer
• Dedicated Routing Policy per customer
• Call Admission Control (CAC) effectively allocated per customer
286
Topology Hiding
• Limits internal topology information displayed to external parties

• Enterprise equipment IP addresses (proxies, gateways and application servers) can be
hidden from outside parties
• Provided by implementing B2BUA leg routing
• Strips all incoming SIP Via Header and creates a new Via value for the outgoing message
• Each leg has its own Route/Record Route set
• Generates a new SIP Call-ID header value for each leg
• Changes the SIP Contact header to the SBC’s own address
• Modifies the source IP address of the SIP message
• Modifies the SIP Header (Request-URI, To, and From )
287
Topology Hiding – Example
• Host name in the From header of Invite messages received from the IP Group or the Request-
URI host name used in Invite and Register messages sent to the IP Group
288
Implement Layer 3/4 (Network) Firewall
• Create rules that allow only known sessions

• Define rules as specific as possible
• Add firewall rules per network interface
• Limit traffic (for specific protocols, and/or specific port)
• Limit ICMP packets (avoid ICMP floods)
• Define bandwidth limitation per rule
• Block all other traffic
• This rule must be the last rule listed in the table
• SBC default:
• If the end of the table is reached without a match, the packet is accepted
289
Layer 3/4 Traffic Firewall Rules – Example
290
Call Admission Control
• Prevents overload of VoIP (overload protection) traffic

• Regulates VoIP traffic volume
• Can be applied to:
• SRD
• SIP Interface
• IP Group
• Per user within these SIP configuration entities
291
Encryption
• Secure Signaling:
• TLS: TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3
• DTLS: DTLS 1.0 and DTLS 1.2
• Re. Handshake
• Mutual authentication
• Certificate Revocation Checking
• Verify Subject Alt Name against the provisioned proxy name
• Secure RTP (SRTP):
• RFC 4568 (voice, video)
• SRTP enforcement
292
Secure SIP using TLS
• TLS-over-TCP protocol to best secure the device's SIP signaling connections

• TLS provides encryption and authentication of SIP signaling for your VoIP traffic
• TLS Contexts Table
• The TLS Contexts Table lets you configure up to 100 (device dependent) TLS certificates
• The device is shipped with a default TLS Context (ID 0 and string name "default")
• Enables to use different TLS certificates for IP Groups
• Assigning a specific TLS Context to the Proxy Set and/or SIP Interface associated with the
IP Group
293
Secure Media (RTP) Traffic
• Use Secured RTP (SRTP) for encrypting the media

• SRTP is enforced on the SBC legs, using IP Profiles
294
Block Unused SIP Ports
• Each port is vulnerable to attack

• Select port 0 in SIP Interfaces Table when transport type unused
• Use uncommon ports (not 5060) if possible
295
Classification Table
• Define Strict Classification Rules

• Define a combination of rules to guarantee correct sender identity
• Use Condition rules to increase the strictness of the Classification process
• If the IP address of the IP Group is known, it is recommended to employ classification
based on a Classification rule, where the rule is configured with not only the IP address,
but also with SIP message characteristics to increase the strictness of the classification
process
• If the IP address is unknown, in other words, the Proxy Set associated with the IP Group
is configured with an FQDN, it is recommended to employ SIP dialog classification based
on Proxy Set
296
Condition Table
• Enables enhancing the process of classifying using SIP Message headers

• Rules later assigned to Classification Table rules
• SIP message conditions configured using the same syntax (match-condition) as in the
Message Manipulation Table
297
Block Unclassified Incoming Calls
• Block incoming calls that cannot be classified to an IP Group, or based on the rules in the Classification table
• If unclassified calls aren’t blocked, they’re sent to the default SRD/IP Group, so illegal calls can pass
• SBC rejects unclassified calls by default
298
Message Policy Table
• SIP message policy rules for blocking (blacklist) unwanted incoming SIP messages or allowing
(whitelist) receipt of desired messages
• Blacklist and whitelist for defined methods and for defined bodies
• Assigned to SIP Interfaces associated with the relevant IP Groups
299
Intrusion Detection System (IDS)
• The device's Intrusion Detection System (IDS) feature detects malicious attacks
on the device
• The IDS configuration is based on IDS Policies/set of rules
• Each rule defines a type of malicious attack to detect and the number of
attacks (alarm threshold)
• SNMP traps send to notify of malicious activity and/or whether an attacker has
been added to or removed from the blacklist
• IDS Tables:
• Global Parameters – enables IDS
• Policy Table – defines IDS Policies and Rules
• Match Table – assigns the IDS Policies to targets under attack (SIP Interface) and/or
source of attacks (Proxy Set and/or subnet address)
300
Registration Restriction Control
• Limiting Number of Registrations:

• Limits the number of users that can register with the device per
• IP Group
• SIP Interface
• SRD
• By default, no limitation exists (license dependent)
301
Limit SBC Registered Users per IP Group
302
Limit SBC Registered Users per SIP Interface
303
Limit SBC Registered Users per SRD
304
Registration Restriction Control
• Ensure that calls from unregistered users are blocked (rejected) and that calls from
only registered users are allowed
305
Block Unregistered Users
• Blocks unregistered users’ calls per SRD or SIP Interface

• 503 Server Internal Error response message sent
• By default, calls from unregistered users are not blocked (Accept All)
306
Block Unauthenticated Registration
• Blocks unauthenticated users from registering into the SBC’s database per SRD or SIP
Interface
• SBC then only registers users authenticated by a SIP proxy server
307
Define Strict IP to IP Routing Rules
• Define specific IP2IP routing rules accurately and correctly avoiding asterisks (*) if possible
• Route Source IP Group to Destination IP Group correctly to achieve the required call outcome
• Inaccurate or weak routing rules can easily result in Service Theft
308
Secure Management Connections
• Change management Username and Password
309
Secure Management Connections (cont.)
User levels: Defines a Secure Socket Shell (SSH) Defines the duration (in days) of
Monitor public key for RSA public-key the validity of the password. Allows the same user account to
Administrator authentication (PKI) of the remote 0 means that the password is log in to the device from different
Security Administrator user when logging into the device's always valid. sources (i.e., IP addresses).
Master CLI through SSH The default is 90
Defines the duration (in minutes) of

Web inactivity of a logged-in user,
after which the user is automatically
Defines the duration (in seconds) for logged off the Web interface.
which the user is blocked when the user
exceeds a user-defined number of failed
New = (Default) User is required to change its password on the next login. login attempts
Valid = User can log in to the Web interface as normal.
Failed Login = This state is automatically set for users that exceed a user-defined
number of failed login attempts
Inactivity = This state is automatically set for users that have not accessed the Web
interface for a user-defined number of days
310
• Define HTTPS Only

• Add Firewall rules that block Port 80
• Set a short Session Timeout
311
Authentication Server
Enable RADIUS login
Enable LDAP login
312
• Secure Telnet and SSH sessions
313
• Secure Telnet and SSH sessions
314
• Define Authorized WEB, Telnet and SSH Access List
315
• Secure SNMP interface access
316
Lesson 13
Digital Gateways Basic Configuration

Objectives

• Know how to configure the basic gateway parameters
318
Configuring TDM Bus
• TDM Bus Clock Source (Network/Internal)
• Clock source on which the gateway synchronizes
• TDM Bus Local Reference
• Determines the Trunk ID used to synchronize the
gateway’s clock when using external clock
• TDM Bus PSTN Auto Clock Reverting
• Enables the PSTN trunk Auto-Fallback Reverting feature
• TDM Bus PSTN Auto FallBack Clock
• Disable = Recovers the clock from the E1/T1 line defined
by parameter ‘TDM Bus Local Reference’
• Enable = Recovers the clock from any connected
synchronized slave E1/T1 line
• Apply only if the TDM Bus Clock Source parameter is set to Network and TDM
Bus PSTN Auto Clock Reverting is set to Enable
• PCM Law Select (A-law/µ-law)
• Usually A-Law for E1 and µ-Law for T1
319
Configuring Key Trunk Parameters
320
• Protocol Type
• Sets the PSTN protocol to be used for this trunk
• If ‘Protocol Type’ of all PRI trunks displays 'None', select the protocol type (E1/T1) for a single trunk and
Restart the gateway
• Only after the Restart you will be able to continue configuring the trunks
• Clock Master
• Determines Tx clock source of E1/T1 line
• Recovered (0) = Generate clock according to Rx of E1/T1 line
• Generated (1) = Generate clock according to internal TDM bus
• ISDN Termination Side
• User side = ISDN User Termination Side (TE)
• Network side = ISDN Network Termination Side (NT)
• Select 'User side' when the PSTN or PBX side is configured as 'Network side’ and vice-versa
321
322
Digital Trunk Points of Information
• All Trunk spans must be of the same Line Type (all E1 or all T1)
• Different flavors of same Line Type (E1/T1) can be configured on available Trunks
(e.g., E1 Euro ISDN and E1 QSIG)
• Trunks are referenced in ini file and Syslog messages as ‘0-3’ regardless of whether
physical Trunks are numbered ‘1-4’
E1 Euro ISDN E1 QSIG
323
Trunk Group Table – E1/T1 and/or FXS
• Used to assign Trunk Groups, Profiles and logical telephone numbers to the
gateway's channels
• Trunks or B-Channels that are not defined are disabled
324
Trunk Group Settings
• Determines the method by which new calls are assigned to channels within each Trunk
Group ID
• If such a rule doesn't exist (for a specific Trunk Group), the global rule defined by the
Gateway General Settings’ Channel Select Mode parameter applies
325
Coder Group Table
• Allows you to configure coders for the Gateway
• The first coder in the list has the highest priority
• A coder can appear only once in the table
• The Packetization Time determines how many coder payloads are combined into a single RTP packet
• The Gateway always uses the packetization time requested by the remote side for sending RTP packets
• Enable/Disable the Silence Suppression option per coder
326
Gateway Routing Tables
• Two routing tables for incoming and outgoing calls:

• Tel-to-IP Routing Table
• The gateway uses these rules to route calls from legacy telephony to IP
• IP-to-Tel Routing Table
• The gateway uses these rules to route calls from IP to legacy telephony
• Routing can be performed before or after manipulation rules are applied
327
Tel-to-IP Routing Table
• Used to route calls from Tel to IP
328
IP-to-Tel Routing Table
• Used to route calls from IP to Tel
329
Number Manipulation
• Manipulation can occur before or after a routing decision is made

• Number Manipulation tables for incoming and outgoing calls are
provided
• Used to modify Destination and Source telephone numbers so that
calls can be routed correctly
• Using Manipulation Tables, you can:
• Allow/Restrict Caller ID information
• Assign NPI/TON to IP-to-Tel calls
330
Routing Mode Parameters
• The Tel to IP Routing Mode and IP to Tel Routing Mode parameters determine the
order between routing calls to Trunk Groups and manipulation of the number
• Route calls before manipulation (default)
• Route calls after manipulation
331
Lesson 14
SBC Survivability
Lesson Objectives

• Understand the survivability concept
• Configure the SBC for survivability support
• Configure the SBC for PSTN Fallback
333
SBC Survivability
• Three survivability features:

1. Routing calls to alternative routes such as:
• ITSP
• IP-PBX
2. Routing calls between user agents in the local network using a dynamic DB
(built according to registrations of SIP user agents)
3. Fallback to the PSTN based on E1/T1 connection (Hybrid devices)
334
SBC Survivability
SIP Signaling + Media (RTP)
ITSP Health SIP Check
IP to PSTN Calls in WAN isolation

WAN ITSP2
Internal Calls in WAN isolation
2
ITSP1
3
E1/T1
PSTN
4
Enterprise
LAN
335
Survivability Methodology
• Based on the IP-to-IP Routing Table

• Alternative Route Options:
• Route Row (default):
• Main routing rule. SBC first attempts to route the call to it
• Alt Route Ignore Inputs:
• If the call cannot be routed to the Route Row, the call is routed to this alternative route
• This route will apply regardless of incoming SIP dialog's input characteristics
• Alt Route Consider Inputs:
• If the call cannot be routed to the Route Row, the call is routed to this alternative route
• Apply only if the incoming SIP dialog matches this routing rule's input characteristics
• Group Member Ignore Inputs:
• This routing rule is a member of the Forking routing rule
• The incoming call is also forked to the destination of this routing rule
• The matching input characteristics of the routing rule are ignored
• Group Member Consider Inputs:
• This routing rule is a member of the Forking routing rule
• The incoming call is also forked to the destination of this routing rule only if the incoming call matches this
rule's input characteristics 336
Survivability Methodology
The alternative routing entry must be defined in

the next consecutive table entry index
337
Define Alternative Reasons Set Table
• The Alternative Reasons Set table lets you configure groups of SIP response codes for SBC call release
(termination) reasons that trigger alternative routing
• This feature works together with the Proxy Hot Swap feature, which is configured in the Proxy Sets table
• If no response, or ICMP or SIP 408 response is received, the SBC attempts to use the alternative route
even if no entries are configured in the ‘Alternative Reasons Set table‘
338
Define Alternative Reasons Rules Table
339
Assign the Alternative Reasons Set to Destination IP Group
• To apply your configured alternative routing reason rules, you need to assign the
Alternative Reasons Set for which you configured the rules, to the relevant IP Group
in the IP Groups table, using the 'SBC Alternative Routing Reasons Set' parameter
340
SBC Survivability for IP-PBX Users
Normal Mode
Survivability Mode
Fallback to PSTN
341
Define Media Realms
342
Define SIP Interfaces
343
Define Proxy Set – IP-PBX
344
Define Proxy Set – ITSP1
345
Define Proxy Set – ITSP2
346
Define IP Groups
347
IP to IP Routing Table – Options Termination
348
IP to IP Routing Table – IP-PBX to ITSP1 (Primary Route)
349
IP to IP Routing Table – IP-PBX to ITSP2 (Alternative Route)
350
IP to IP Routing Table – Calls to IP-PBX
351
Define Alternative Routing Set
• If no response, or ICMP or SIP 408 response is received, the SBC attempts to use the
alternative route even if no entries are configured in the ‘Alternative Routing Set‘
352
Assign the Alternative Reasons Set to Destination IP Group
353
Configure the TDM Bus for the Gateway
354
Configure the Digital Trunk
355
Configure the Trunk Group – E1/T1
• Used to assign Trunk Groups, Profiles and logical telephone numbers to the
gateway's channels
356
Configure the Trunk Group Settings
• Determines the method by which new calls are assigned to channels
within each Trunk Group
357
IP to Tel Routing
• The gateway uses this rule to route calls from IP to legacy E1

• Route the call to Trunk Group ID
358
Tel to IP Routing
• The gateway uses this rule to route calls from legacy E1 to IP

• Route the calls to the IP-PBX IP Group
359
Define IP to IP Routing Table
• Add the Gateway entry to SBC IP-to-IP Routing Table:
360
SBC Survivability for LAN Users
Server IP-Group
Hosted IP-PBX
Server 1: 201.10.1.1
Server 2: 201.10.1.2
User IP-Group
Normal Mode
Survivability Mode
361
Define IP Group – LAN Users
362
User IP Group Classification
363
• Terminate Options
364
• Add the Registration support
365
• Route coming from Hosted IP-PBX to the LAN Users
366
• Route between LAN Users and the Hosted IP-PBX
367
• If connection to the Hosted

IP-PBX fails, LAN Users calls
will be alternative routed to
the LAN Users
368
• All the other alternative calls

will be routed to the PSTN
over the E1/T1 connection
369
Lesson 15
SBC High Availability

Lesson Objectives
• After completing this lesson you’ll be able to:

• Understand the High Availability (HA) concept
• Understand the HA architecture
• Understand how to configure HA
371
High Availability Overview
• The device's High Availability (HA) feature provides 1+1 system redundancy using
two Mediant devices
• If failure occurs in the active device, a switchover occurs to the redundant device
which takes over the call handling process ensuring the continuity of call services
• All active calls (signaling and media) are maintained upon switchover
• Only IP calls are maintained during a switchover
• For those devices supporting the Gateway function, PSTN calls are dropped by sending
a SIP BYE message to the IP side. This is because only the active device is physically
connected to the PSTN interfaces
372
High Availability Architecture
• Provides full redundancy between the two Mediant devices

• One of the devices is in Active state while the second is in Redundant state
• In the Redundant device, only the Maintenance interface is active
• Management of the HA pair is done only through the Active device
• Upon a major functional failure in the Active device, the Redundant device becomes active
• Supported in:
• Mediant 500
• Mediant 800
• Mediant 2600
• Mediant 4000
• Mediant 9000
• Software SBC
373
Two Box Redundancy flow
ITSP
Active Mediant
SYNC
IP-PBX
New Active
Standby Mediant
Mediant
Enterprise
LAN
374
Two Box Redundancy flow
ITSP
Active
New Mediant
Standby Mediant
IP-PBX
SYNC
New Active Mediant
Enterprise
LAN
375
HA License Key
376
High Availability Configuration
• Since both devices have the same IP address, in the initial configuration stage,
they cannot both be connected to the network
• To initially configure HA:
1. Configure HA on the first device
2. Save the configuration to flash and power down
3. Configure HA on the second device
4. Save the configuration to flash and Restart
5. Power up the first device
377
IP Interfaces
Maintenance Interface
378
Physical Network Connections
• A dedicated physical group for the Maintenance Interface

• Shared physical group – the physical port group used for the Maintenance Interface
is also used for other interfaces (i.e., OAMP, Media, and/or Control) in addition to
the Maintenance Interface
Maintenance
Network Port 2 Network Port 2
Network Port 1 Network Port 1 Network Port 1 Network Port 1
Network Network and

Maintenance
379
HA Setting
• The remote maintenance IP Interface
• Devices Names
• Network Monitor:
• The SBC can monitor a specified network entity, using pings
• If the device does not receive a ping response from the entity, a switchover to the redundant device occurs
• Defines the minimum number of monitored rows (configured in the HA Network Monitor
table) whose destinations are unreachable that are required to trigger an HA switchover
• The valid value is 1 to 10. The default is 1
380
HA Network Monitor
• Network Monitor:
• The SBC can monitor a specified network entity, using pings
• If the device does not receive a ping response from the entity, a switchover to the redundant device occurs
381
Preempt Mode
• On default configuration the system is HA symmetric – each unit that become

Active will stay Active
• The system can be configured in Preempt mode which allows specifying one of the
units as the favorite/prioritized unit between the two units
• When working in Preempt mode, each unit should be configured with priority and
whenever a unit with higher priority is recovering from a failure, it will become
active again (performs an Auto-Switchover after HA sync. has ended)
382
Preempt Mode
• Enable the HA Preempt feature

• Set the priority level of the device in the 'Preempt Priority' field
• Typically, you would configure the active device with a higher priority level (number) than the
redundant device (range 1-10)
383
HA Status in the Monitor Page
• Synchronizing - Redundant device is synchronizing with Active device

• Operational - The device is in HA mode
• Stand Alone - HA is configured, but the Redundant device is missing,
and HA is currently unavailable
384
Initialization Process
• When only one device is running, it is in stand-alone state

• When the second device is loaded, it recognizes the Active device (through
the Maintenance network) and acquires the HA Redundant state
• Synchronization between the Active and Redundant devices may take several
minutes in which the Active device provides the Redundant device with all its
current configuration settings (including loaded files and *.cmp)
• Once loaded to the Redundant device, the Redundant device reboots to
apply the new configuration
385
HA Software Upgrade
• Two types of software upgrade are available on HA system:

• Hitless – first the Redundant unit burn and reboot with new software version and a switch over
is done, then the other unit is doing the same and a switch back is issued to return to original
system setup, this method preserve service, but it is more complex and take more time
• System Restart – both Active and Redundant units burn and reboot with new software version,
this method is quick and simple, but it does not preserve service
386
High Availability Maintenance
• Manual Switch Over

• The redundant SBC take over and the active device will Restart
• Restart The Redundant Board
• The redundant SBC Restarts
387
Hands-on Lab 5
SBC Survivability
Thank You
Stay in the loop

AudioCodes SBC Essentials &amp; Configuration

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AudioCodes SBC Essentials &amp; Configuration

Uploaded by

Copyright:

Available Formats

AudioCodes SBC

Essentials & Configuration

• After completing this course, you will be able to:

• Market leader in VoIP networking products

Virtual & Cloud SBC

Network Voice Project Planning & Site Survey, AudioCodes

24x7 Technical Hardware Local Technician Software Remote

• ACA – AudioCodes Certified Associate

• ACP – AudioCodes Certified Professional

* Certificates are valid for two years

SBC - Advanced Routing & Multitenancy (4 days)

SBC - Advanced Interworking & Security (4 days)

SBC in a Microsoft Teams Environment – Troubleshooting (1 day)

SBC in Microsoft Teams Environment (1 day)

SBC Testing & Troubleshooting (3 days)

SBC - Essentials & Configuration (4 days)

AudioCodes Devices Management Interfaces

• After completing this lesson, you will:

Configuration file (ini file) REST-based programs (as OVOC)

• HTTP using Web browser

Mediant 500/L/Li MSBR LAN – 192.168.0.1/24 (DHCP Server enable)

• Disconnect the SBC from the network and connect it to a PC

• At the CLI prompt, type the following (case sensitive):

Mediant 800> enable

Mediant 800# configure network

Mediant 800(config-network)# interface network-if 0

Mediant 800(network-if-0)# ip-address 10.15.17.55

Mediant 800(network-if-0)# prefix-length 16

After ‘exit’ the address Mediant 800(network-if-0)# gateway 10.15.0.1

• Dynamic Host Control Protocol: Provides a mechanism for allocating IP addresses

Default Username: Admin

Company Logo Menu Bar Containing the Menus:

Work pane: Where configuration pages are displayed

• When changing parameter values, the changed

• To save configuration changes to volatile memory

• Modifications to parameters with on-the-fly

Parameters changed and not applied are highlighted

A dot appears next to parameters changed from their

Changes on parameters displaying a lightning-bolt icon,

Typically required parameters are displayed in bold font

An invalid value for a parameter reverts to its previous

To get help on a parameter, hover your mouse over the

Added table rows displaying

Detailed view of a selected row, displaying all parameters

Link to open the "child" table of the "parent" table

Take the rule up

‘551’ will never match because ’55’

A View button opens the row-

Page title of the table. The total number of invalid

'Index' column of the row to which the parameter belongs

Item in the Navigation tree that opens the table

• When a parameter assigned a value which is an invalid row referenced from

Page title of the table. The total number of invalid rows in

'Index' column of the row to which the parameter belongs

Item in the Navigation tree that opens the table 46

IP Interfaces can be added, VLANs can be

IP bottom view (i.e.

IP Groups can be added

Hover to see the

Direct links to the SBC’s

The links between SIP Interfaces, Media

Indications of valid or invalid configuration on tables or parameters

Displays and allows to configure

Displays and allows

AudioCodes SBC Essentials & Configuration

AudioCodes SBC Essentials & Configuration

4Analog, 4Analog, 12Analog, 8BRI, 24Analog, 20BRI,