This chapter describes the Internet Protocol (Version 4) configuration objects in the ME. IP objects are identified by a unique string name. By using names, you can change the underlying IP address and mask without disrupting the interface. This means that you do not need to first delete an interface if you need to edit the address/mask. Interfaces that boot using the Dynamic Host Configuration Protocol (DHCP) also use the string name, since there is no IP address or mask for the interface.
Opens the named IP configuration object for editing. Specify the name of the IP interface using up to 16 alphanumeric characters with no blank spaces. If you intend for the interface to be a headend interface to support load-balancing of SIP processing, see Configuring Head-End and Backing Interfaces for more information.
The ME uses classification tags to classify incoming traffic and routing tags to control the egress route for a specific service type. This may be useful, for example, in E911 applications. With inbound traffic to the ME on an interface, you may want to ensure that it always goes out on a specific interface. To do this, you would configure a classification-tag on the incoming interface that matches the routing-tag on the egress interface you desire.
When you configure an IP interface, the ME installs both a network route and a host route into the generic routing table. For example, suppose you create an IP interface named ABC with static IP address 1.1.1.1/32:
Generic route table for ABC ------------------- 1.1.1.1/32 1.1.1.0/24
If there are services configured under the interface (i.e., media, SIP, or STUN), the route is also installed in the specific service routing table. (See Services Routing Description for a general description of service route tables.) For example, if you configured SIP on interface ABC:
Generic route table for ABC ------------------- 1.1.1.1/32 1.1.1.0/24 SIP service route table for ABC ------------------- 1.1.1.1/32 1.1.1.0/24
However, if you create a routing-tag for an interface, the ME creates a separate service route table for that tag, populated with any static routes configured on that interface. When the first routing-tag is configured, the ME removes the routes associated with that interface from the default service route table. They are only available in the service route tables associated with the routing-tag(s).The ME does not install (or removes) interfaces that have a routing-tag applied from the default service routing table. For example, if you created routing-tag E911 on interface ABC:
Generic route table for ABC ------------------- 1.1.1.1/32 1.1.1.0/24 SIP service route table for ABC ------------------- SIP service route table for ABC.E911 ------------------- 1.1.1.1/32 1.1.1.0/24
To retain the route in both the default service route table and the tag-specific service route table, add a routing-tag named ”null.” This reserved routing-tag name indicates that the service routes should be installed in the default service route table as well.
Note that tag-based service route tables inherit the metrics assigned to that service type with the services-routing metrics. In addition, if a matching session configuration includes a routing-settings > ingress-classification-tag for incoming traffic, the session config setting takes precedence. See the routing-tag and classification-tag descriptions in this object for specific configuration requirements.
Note:
The preferred method for creating virtual firewalls is by using routing tags and VLANs. For sample configurations that illustrate VLANs, overlapping IP addresses, and virtual firewalls, see the Oracle Communications WebRTC Session Controller Administration Guide.config cluster box number interface ethX ip name config cluster box number interface ethX vlan integer ip name config cluster vrrp vinterface vxID ip name config cluster vrrp vinterface vxID vlan integer ip name config box interface ethX ip name config box interface ethX vlan number ip name
admin: Enables or disables IP services on this interface.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
ip-address: Sets Dynamic Host Configuration Protocol (DHCP) IP address assignment on this interface from a DHCP server, or sets a static IP address and network mask.
For static IP addresses, specify the IP address and network mask for this Ethernet interface.
Default: dhcp Values: DHCP | static ipaddress/mask
Example: set ip-address static 192.100.10.10/32
geolocation: Assigns a numeric to the IP interface that you can later use, for example, within a policy to identify traffic to or from that interface. To use the policy match feature, set the session configuration routing-settings object. You can also use this value as a filtering mechanism with the service-route-lookup action to return the best route to a destination.
Default: 0
Example: set geolocation 10
metric: Associates a cost with the interface routes (both host and network routes) that the system adds to its services route and route DB tables. The system chooses the more preferred route when there are multiple interfaces available on the same network. The lower the metric the more preferred the route. This value is carried over to the VSP services-routing metrics as the user-metric value.
Default: 1
Values: Min: 0 / Max: 4294967295
Example: set metric 10
classification-tag: Associates the classification-tag with the incoming service on this interface. The classification-tag applies to the ingress interface over which the system initially receives service traffic. Each IP interface can have at most one classification tag. This tag must match a configured routing-tag for tag-based route selection to be in effect.
You can also configure ingress or egress classification tags through the session-config routing-settings object. If this property is configured in both places, the routing-settings configuration takes precedence.
Note that this tag is case-sensitive.
Default: There is no default setting
Example: set classification-tag E911
routing-tag: Associates all the routes configured on an interface with this routing-tag and creates a service route table based on the routing-tag for each service enabled on this interface. The routing-tag applies to the egress interface over which the system forwards service traffic. In order to perform tag-based routing, a classification-tag must be configured on the ingress interface over which the system initially receives service traffic, and that classification tag must match the routing-tag. Each IP interface can have multiple routing tags. (Classification tags in the session-config routing-settings object also must match this routing tag set in the ip object.
Once a routing-tag is configured for an interface, the service routes associated with that interface are installed in the service route table associated with the routing-tag(s). In other words, the service routes are no longer installed in the default service route tables: they are only in the service route tables specified by the routing-tag(s). However, in order for tag routing to be in effect for media, the tag-routing property of the matching session config media object must be enabled (it is disabled by default).
If you create an additional routing-tag for the interface with the name ”null,” the system installs the route in both the default service route table and the tag-specific service route table. Note that this tag is case-sensitive.
Default: There is no default setting
Example: set routing-tag E911
security-domain: Sets the informational text string that indicates the trust level of this IP interface. For example, interfaces that point to the internal network are trusted; interfaces that point to the public DMZ-side of the network are untrusted. You can then use this setting to identify an interface within your policy configuration.
Default: There is no default setting
Values: trusted | untrusted
Example: set security-domain untrusted
trusted-peer: Configures one or more trusted peers for this IP interface. The system accepts and processes all TCP traffic received from a trusted peer. Use this property to designate servers as trusted peers in a VRRP topology that uses TCP as the transport between the system and the server. If a failover should occur, the backup system will accept server traffic and send a TCP reset to close the connection to the failed system and establish a new one for itself.
Default: There is no default setting
Example: set trusted-peer 10.10.10.1
address-scope: Sets the informational text string that indicates the private or public scope of this IP interface. For example, interfaces with private IP addresses on the internal network can be configured as private; interfaces with public IP addresses to the external network can be tagged as public. You can then use this setting to identify an interface within your policy configuration.
Default: There is no default setting
Values: public | private
Example: set address-scope private
filter-intf: Enables or disables secure traffic filtering on this IP interface. When enabled, inbound packets that match one of the configured IP addresses on this interface are allowed to pass. All other IP packets are blocked. This enforces the concept that packets destined for an interface must actually come in on that interface.
For example, consider a box with two Ethernet interfaces: 1.1.1.1 on interface A and 2.2.2.2 on interface B. When disabled, pinging either address from the B side of the network will succeed, even though 1.1.1.1 is an A-side IP address. However, when filter-intf is set to enable, pinging 1.1.1.1 from the B side fails.
Set this to enabled to add another level of security to the ME, however, make certain that you fully understand your network structure before setting up this traffic filtering.
Default: disabled
Values: enabled | disabled
Example: set filter-intf enabled
Configures the NetBIOS name service. This is a service, used by Windows systems, to locate each other when configured on the same network subnet.
admin: Enables or disables this NetBIOS server.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
port: Specifies the port on which the NetBIOS service listens.
Default: 137
Values: Min: 1 / Max: 65535
Example: set port 250
netbios-name: Specifies the name to which the NetBIOS server response.
Default: There is no default setting
Example: set netbios-name server1
Configures an internal media server's listener port when you are configuring the multimedia streaming server (MSS) process on the ME. For more information on MSS, see the Oracle Communications OS-E Session Services Guide.
rtmp: Configures a Real Time Protocol (RTMP) listener port. Enter a TCP port number to use for receiving requests.
Default: 1935
Values: Min: 0 / Max: 65535
Example: set rtmp 1940
rtmpt: Configures a Real Time Protocol Tunneled (RTMPT) listener port. Enter a TCP port number for receiving requests.
Default: 1935
Values: Min: 65535
Example: set rtmpt 1945
rtmps: Configures a Real Time Protocol Secure (RTMPS) listener port. Enter a TCP port number to use for receiving requests.
Default: 1935
Values: Min: 0 / Max: 65535
Example: set rtmps 1930
Configures a Real Time Protocol Secure (RTMPS) listener port.
app-name: Specify the server application name for this RTMPS port.
Default: live
Example: set app-name live
certificate: Specify the certificate to use for this connection. This references the vsp > tls > certificate object.
Default: There is no default setting
Example: set certificate vsp\tls\certificate cert1