COPS-based External Policy Servers

The Common Open Policy Service (COPS) [RFC 2748] is a protocol supported by the Oracle Communications Session Border Controller to perform and implement Call Admission Control (CAC) based on the policies hosted in an external policy server. While the Oracle Communications Session Border Controller already supports internal CAC policies, they are not as flexible as a Resource and Admission Control Function / Policy Decision Function (RACF/PDF), the generic resource and admission control functional architecture conceived by the ITU-T and the IETF.

The Oracle Communications Session Border Controller COPS model includes a Policy server, functionally called the policy decision point (PDP), and the edge router, functionally called the policy enforcement point (PEP), the Oracle Communications Session Border Controller itself. The PDP and the PEP communicate with each other via the COPS protocol.

COPS Connection

The COPS session is established over a persistent TCP connection between the PDP and PEP. A COPS Client-Open (OPN) message is sent from the Oracle Communications Session Border Controller to the RACF, which responds with a COPS Client-Accept (CAT) message. A COPS Client-Close (CC) message is sent to either side to gracefully close the persistent connection. This COPS connection is expected to never close, unless an error occurs.

COPS Failures

Connection failures are discovered through a keep alive mechanism. Keep alive (KA) messages are periodically sent by the Oracle Communications Session Border Controller to the RACF regardless if any other COPS messages have been exchanged. When a KA message is not received, a connection failure is flagged. If the COPS connection fails, the Oracle Communications Session Border Controller will continually try to re-establish the connection to the PDP. Previously established calls will continue unaffected, but the Oracle Communications Session Border Controller will deny new calls from being established until the COPS connection is restored.

Failure Detection

A COPS connection failure is triggered by one of the three following events:

  1. COPS KA timeout. The Oracle Communications Session Border Controller flags a COPS KA timeout when it does not receive a response for the KA it sent to the PDP. The PDP flags a COPS KA timeout when it does not receive the KA message within its requested timer time from the Oracle Communications Session Border Controller. At a minimum, when the COPS KA message times out, the TCP socket is closed.
  2. Explicit COPS CC. The Oracle Communications Session Border Controller closes a COPS connection if it receives a COPS CC message from the PDP. The PDP closes a COPS connection if it receives a CC message from the Oracle Communications Session Border Controller. After the COPS layer connection is closed, then the TCP socket is closed too.
  3. TCP socket termination. If either side receives a TCP FIN or RST, the TCP socket closes as expected. The COPS layer then detects that the socket has been closed before sending any further messages, and thus the COPS connection is closed.

Failure Recovery

The Oracle Communications Session Border Controller assumes that the PDP has a mechanism that re-uses the same logical IP Address, restarts itself in a timely manner, or fails over to another PDP. Therefore, no backup PDP IP address is configured on the Oracle Communications Session Border Controller.

The Oracle Communications Session Border Controller will try to re-open the COPS connection to recover from a connection failure. The PDP is never the device to initiate a connection. The Oracle Communications Session Border Controller increases its retry interval after successive reconnect failures. Once the retry interval has grown to every five minutes, the Oracle Communications Session Border Controller continues to retry to open the COPS connection at the five minute interval.

COPS PS Connection Down

You can configure whether or not you want the Oracle Communications Session Border Controller to reject or allow new calls to be established despite the failure of a policy server (PS) connection.

You enable this feature in the external policy server configuration using a new parameter. When you enable the feature, the Oracle Communications Session Border Controller allows new SIP calls to be established even though the connection to the PS has failed. In this case, the PS will not respond and will not be aware of the established sessions. When you disable this feature, the Oracle Communications Session Border Controller behaves as it did in prior releases by responding to a connection failure with a 503 Service Unavailable.

HA Support

The Oracle Communications Session Border Controller's high availability (HA) capabilities have been extended to support COPS. When one Oracle Communications Session Border Controller in an HA configuration goes down, the MAC addresses are reassigned to a healthy Oracle Communications Session Border Controller. IP addresses "follow" the MAC addresses to provide a seamless switchover between HA nodes.

After an HA failover, the COPS connection on the primary Oracle Communications Session Border Controller is either gracefully torn down, or times out depending on behavior of the PDP. The backup Oracle Communications Session Border Controller attempts to create a new COPS connection with the PDP. The OPN message uses the same PEPID and Client Type as in the previous pre-failover session.

Application Types

The Oracle Communications Session Border Controller supports the following COPS-based methods for interfacing with a RACF:

  • PKT-MM3 (PacketCable™ Specification Multimedia Specification PKT-SP-MM-I03-051221) (client type: 0x800A)
  • Acme Packet proprietary (client type: 0x7926)

The Oracle Communications Session Border Controller supports the following COPS-based methods for interfacing with a CLF:

  • Oracle proprietary (client type: 0x7929)
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents