Static Flow Configuration

This section describes how to configure the static-flow element using the ACLI.

The ingress IP address criteria is set first. These parameters are applicable to traffic entering the ingress side of the Oracle® Enterprise Session Border Controller .

  • in-realm-id—The access realm, where endpoints are located.
  • in-source—The source network in the access realm where the endpoints exist. This parameter is entered as an IP address and netmask in slash notation to indicate a range of possible IP addresses.
  • in-destination—The IP address and port pair where the endpoints send their traffic. This is usually the IP address and port on a Oracle® Enterprise Session Border Controller interface that faces the access realm.

The egress IP address criteria is entered next. These parameters determine how traffic is re-sourced as it leaves the Oracle® Enterprise Session Border Controller and enters the backbone network.

  • out-realm-id—The backbone realm, where servers are located.
  • out-source—The IP address on the interface of the Oracle® Enterprise Session Border Controller where traffic exits the Oracle® Enterprise Session Border Controller into the backbone realm. Do not enter a port for this parameter.
  • out-destination—The IP address and port pair destination of the traffic. This is usually a server in the backbone realm.
  • protocol—The protocol associated with the static flow. The protocol you choose must match the protocol in the IPv4 header. Valid entries are TCP, UDP, ICMP, ALL.

The type of NAT ALG, if any.

  • alg-type—The type of NAT ALG. Set this to NAPT, TFTP, or none.

The port range for port re-sourcing as traffic affected by the NAT ALG exits the egress side of the Oracle® Enterprise Session Border Controller is set next. (Not applicable if alg-type is set to none.)

  • start-port—The starting port the NAT ALG uses as it re-sources traffic on the egress side of the Oracle® Enterprise Session Border Controller .
  • end-port—The ending port the NAT ALG uses as it re-sources traffic on the egress side of the Oracle® Enterprise Session Border Controller .

The flow timers are set next. (Not applicable if alg-type is set to none.)

  • flow-time-limit—Total session time limit in seconds. The default is 0; no limit.

    Note:

    Note that the static flow-time-limit must have a value larger than initial-guard-timer and subsq-guard-timer for static flows.
  • initial-guard-timer—Initial flow guard timer for an ALG dynamic flow in seconds. The default is 0; no limit.
  • susbsq-guard-timer—Subsequent flow guard timer for an ALG dynamic flow in seconds. The default is 0; no limit.

Finally, you can set the optional bandwidth policing parameter for static flows (with or without NAT ALG applied).

  • average-rate-limit—Sustained rate limit in bytes per second for the static flow and any dynamic ALG flows. The default is 0; no limit.

    To configure static flow:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type media-manager and press Enter to access the media-manager path. 
    ORACLE(configure)# media-manager
  3. Type static-flow and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(media-manager)# static-flow

    From this point, you can configure media policing parameters.

  4. in-realm-id—Enter the ingress realm or interface source of packets to match for static flow translation. This in-realm-id field value must correspond to a valid identifier field entry in a realm-config. This is a required field. Entries in this field must follow the Name Format.
  5. in-source—Enter the incoming source IP address and port of packets to match for static flow translation. IP address of 0.0.0.0 matches any source address. Port 0 matches packets received on any port. The port value has no impact on system operation if either ICMP or ALL is the selected protocol. This parameter takes the format:

    in-source <ip-address>[:<port>]

    The default value is 0.0.0.0. The valid port range is:

    • Minimum—0

    • Maximum—65535

  6. in-destination—Enter the incoming destination IP address and port of packets to match for static-flow translation. An IP address of 0.0.0.0 matches any source address. Port 0 matches packets received on any port. The port value has no impact on system operation if either ICMP or ALL is the selected protocol. The in-source parameter takes the format:

    in-destination <ip-address>[:<port>]

    The default value is 0.0.0.0. The valid port range is:

    • Minimum—0

    • Maximum—65535

  7. out-realm-id—Enter the defined realm where traffic leaving this NAT ALG exits theOracle® Enterprise Session Border Controller .
  8. out-source—Enter the egress IPv4 address. This is the IPv4 address of the network interface where traffic subject to the NAT ALG you are defining leaves the Oracle® Enterprise Session Border Controller . Do not enter a port number for this parameter. The default value is 0.0.0.0.
  9. out-destination—Enter the IPv4 address and port number of the server or other destination to which traffic is directed. The default value is 0.0.0.0. The valid port range is:

    • Minimum—0

    • Maximum—65535

  10. protocol—Enter the protocol this NAPT ALG acts upon. The default value is UDP. The valid values are:

    • TCP | UDP | ICMP | ALL

  11. alg-type—Enter the type of NAT ALG to use. The default value is none. The valid values are:

    • none—No dynamic ALG functionality

    • NAPT—Configure as NAPT ALG

    • TFTP—Configure as TFTP ALG

  12. start-port—Enter the beginning port number of the port range that the Oracle® Enterprise Session Border Controller allocates on the egress side for flows that this NAPT ALG redirects. The default value is 0. The valid range is:

    • Minimum—0, 1025

    • Maximum—65535

  13. end-port—Enter the ending port number of the port range that the Oracle® Enterprise Session Border Controller allocates on the egress side for flows that this NAPT ALG redirects. The default value is 0. The valid range is:

    • Minimum—0, 1025

    • Maximum—65535

  14. flow-time-limit—Enter the total time limit for a flow in seconds. A value of 0 means there is no limit. The valid range is:

    • Minimum—0

    • Maximum—999999999

  15. initial-guard-timer—Enter the initial guard timer value in seconds. A value of 0 means there is no limit. The valid range is:

    • Minimum—0

    • Maximum—999999999

  16. subsq-guard-timer—Enter the subsequent guard timer value in seconds. A value of 0 means there is no limit. The valid range is:

    • Minimum—0

    • Maximum—999999999

  17. average-rate-limit—Enter a maximum sustained rate limit in bytes per second. The default value is 0; no limit. The valid range is:

    • Minimum—0

    • Maximum—125000000

      The following example shows a static-flow configuration element configured for a NAPT ALG. 

              in-realm-id                    access
        in-source                      172.16.0.0/16
        in-destination                 172.16.1.16:23
        out-realm-id                   backbone
        out-source                     192.168.24.16
        out-destination                192.168.24.95:23
        protocol                       TCP
        alg-type                       NAPT
        start-port                     11000
        end-port                       11999
        flow-time-limit                0
        initial-guard-timer            60
        subsq-guard-timer              60
        average-rate-limit             0
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents