National Security and Emergency Preparedness for SIP

The Oracle Communications Session Border Controller supports Emergency Telecommunications Service (ETS), which gives priority treatment of National Security and Emergency Preparedness (NSEP) communications for IP network infrastructures. ETS can increase the likelihood that calls, sessions, and other communications will be successfully completed when they are initiated by government-authorized users over the public network infrastructure. Legacy circuit-switched services such as Government Emergency Telecommunications Service (GETS) and Wireless Priority Service (WPS) also fall under the ETS rubric, and are now also supported on the Oracle Communications Session Border Controller.

To provide this support, you can enable the Oracle Communications Session Border Controller to act on SIP calls that contain an ETS dial number (DN) and/or the SIP Resource-Priority header that carries ETS resource values.

The Oracle Communications Session Border Controller identifies ETS calls by using the system’s pre-existing network management controls (NMC) functionality. With NMC and Resource-Priority header (RPH) support enabled on your system, the Oracle Communications Session Border Controller detects ETS calls and provides the appropriate treatment for them.

The Oracle Communications Session Border Controller supports this feature by treating ETS calls based on the r-value parameter in the Resource-Priority header. The r-value is a key piece of information because it defines the resource priority that the call originator requests. The r-value parameter provides namespaces and priorities that the Oracle Communications Session Border Controller can manipulate in outgoing traffic.

In addition to a new RPH profile configuration containing information about how to treat RPHs, new parameters in the global SIP configuration and NMC configuration have been added. The RPH profile is applied to an NMC rule, where they determine r-values, a media policy to use, and what type of call treatment to apply. Also applies to an NMC rule, the new RPH policy configuration provides information about which r-values to insert and which to override.

Matching by NMC and by RPH

When a Oracle Communications Session Border Controller has been enabled to act on RPH, it checks incoming requests for RPH, tries to parse that RPH, and then rejects requests in the circumstances listed below. For all of these rejections, the Oracle Communications Session Border Controller logs the error at the TRACE level.

  • Request with multiple instances of the same namespace in the RPH—The Oracle Communications Session Border Controller sends out a 400 Bad Request response with the Invalid RPH - Namespace repeated header showing that there are multiple instances of the same namespace in the RPH.
  • Request with invalid resource priority for a namespace—The Oracle Communications Session Border Controller sends out a 400 Bad Request response with the Invalid RPH - Invalid rvalue: x showing that there is an invalid resource value (where x is the invalid value).
  • Request with WPS namespace, but without ETS namespace—The Oracle Communications Session Border Controller sends out a 400 Bad Request response with the Invalid RPH - No ETS value header showing that there is no ETS namespace.

If the Oracle Communications Session Border Controller successfully parses the RPH, it identifies the ETS call by checking the Request-URI of the incoming request against destination identifiers that you configure in the NMC rules. If there is a match between the request’s ETS DN and the destination value identifier in the NMC rules, the Oracle Communications Session Border Controller tags the call; note that NMC rules need to be configured with the rph-feature parameter set to enabled to identify an ETS call properly. If there is no match to an NMC rule, then the Oracle Communications Session Border Controller performs matching based on RPH by comparing resource values (r-values) in the RPH with values you set in the RPH profile configuration.

For an ETS call that matches by ETS DN and NMC rule, the system checks the NMC rule to determine if it has an RPH profile (with r-values) assigned to it. If so, the Oracle Communications Session Border Controller continues by comparing the RPH profile’s r-values against those in the request’s RPH. In cases where the RPH does not contain a recognized value r-value, the Oracle Communications Session Border Controller:

  • Processes the call as it normally would (as a non-ETS call) without changing the RPH if the resource-priority option tag is not present in the Required header (for an INVITE only and not any other requests or response from which RPH would be deleted)
  • Rejects the Request when the Require header has the resource-priority header; or, inserts an Accept-Resource-Priority header (ARPH) in the response if the insert-arp-header parameter option is enabled

However, the call goes through the Oracle Communications Session Border Controller as an ETS call when it is matched by ETS DN and the applicable NMC does not have an RPH profile assigned. According to the settings in the NMC rule, the Oracle Communications Session Border Controller either diverts or rejects such a call. And when the call matches by RPH rather than ETS DN, the Oracle Communications Session Border Controller applies the configured RPH profile from the relevant NMC rule.

It can be the case that non-ETS calls have RPH in their requests. Here, the Oracle Communications Session Border Controller call treatment is performed according to the settings in the matching RPH profile when there is no matching NMC rule. When you configure treatment as “reject,” then the Oracle Communications Session Border Controller rejects the call with a 417 Unknown-Resource Priority status code. When you set the treatment to either “accept” or priority, the Oracle Communications Session Border Controller allows the call to proceed as a non-ETS call or as a priority call.

The ETS r-value can appear in ACK, BYE, INFO, PRACK, REFER and UPDATE requests. In cases when it does and the session with which the request is associated is a non-ETS call, the Oracle Communications Session Border Controller removes the RPH from the request before forwarding it and logs a TRACE-level error. The Oracle Communications Session Border Controller also removes RPH from responses before forwarding them and logs a TRACE-level error when responses contain RPH headers with ETS values for non-ETS sessions.

Call Treatment

This section describes how ETS calls are treated as they traverse the Oracle Communications Session Border Controller.

Call Treatment Description
Routing ETS calls are routed the same way as any other calls are, except when the applicable NMC rule’s treatment type is divert, and rule defines the next hop. This route takes precedence over other normal routes.
Local NMC ETS calls are exempt from the local NMC, including: session agent constraints, bandwidth constraints (e.g., per-realm bandwidth), per-user CAC, and CPU constraints. However, the call is subject to the ETS congestions control threshold. Licensing session constraints apply.
ETS Call Congestion Control ETS calls are subject to congestion control constraints that you configure specifically for this type of traffic. In the global SIP configuration, you set up one option that defines a load limit (greater than that set for normal calls).
ETS CAC Although the Oracle Communications Session Border Controller uses the call rate control value in the applicable NMC rule, you can also enforce call rate on a per-user basis for ETS calls.

When the Oracle Communications Session Border Controller receives a SIP INVITE with an RPH matching an NMC with an ETS DN, but whose r-values do not match the NMC’s rph-profile, the Oracle Communications Session Border Controller behaves as follows:

  • If the INVITE does not have the resource-priority option tag and:
    • If the matching NMS is set to PRIORITY, the call will be treated as an NSEP call. If there is an rph-profile matching the r-value (not necessarily the one in the NMC), the Oracle Communications Session Border Controller uses the media-policy from that rph-profile for the call. The rph-policy from the NMC (if present) also applies to the call.
    • If the matching NMC is not set to PRIORITY, the Oracle Communications Session Border Controller will treat the call as a normal one.

If the INVITE contains the resource-priority option tag, the Oracle Communications Session Border Controller will reject the call with the 417 Unknown Resource-Priority message.

Generating Egress RPH

For each ETS call, the Oracle Communications Session Border Controller generates RPH for the outgoing request. It forms this RPH according to the information in the NMC rule. The outgoing request types are INVITE, ACL, BYE, CANCEL, INFO, PRACK, REFER, and UPDATE.

Request RPH Status Generated Egress RPH
Incoming request without RPH (matched by ETS DN) Outgoing RPH value becomes the r-value set in the insert-r-value parameter in the RPH policy applied to the NMC rule.
Incoming request without RPH (matched by ETS DN) If the insert-r-value parameter is empty in the RPH policy applied to the NMC rule or there is no RPH policy applied to the NMC rule, then the egress RPH will also not have RPH.
Incoming request has RPH Egress RPH is the same as the ingress if the NMC rule has an RPH policy applied but the override-r-value for the policy is empty or if there is not RPH policy applied to the NMC rule.

If the override-r-value for the policy is set, then the egress RPH is set to that value.

For example, given an incoming request with the resource priority ets.0, dsn.flash and an RPH policy with an override value of wps.1,ets.1, the egress request would be sent with a resource-priority of wps.1,ets.1,dsn.flash.

The Oracle Communications Session Border Controller also includes RPH in the following series of responses, even when the downstream SIP entity does not respond with an RPH: 1xx, 2xx, 3xx, 4xx, 5xx, and 6xx. The 401 Unauthorized response is an exception.

Media Treatment

If the RPH profile set in an NMC names a media policy, then the Oracle Communications Session Border Controller implements it for the ETS call. This media policy overrides any media policy set in the realm configuration.

The possible Differentiated Services Code Point (DSCP) values for an ETS call are:

  • Audio—Applied to the respective media for an ETS call
  • Video—Applied to the respective media for an ETS call
  • SIP—Applied to the ETS calls’ SIP signaling messages, only for the egress call leg for the ETS session

RPH Configuration

This section shows you how to configure RPH profiles and policies that enable the Oracle Communications Session Border Controller to act on SIP calls that have an ETS DN and/or an RPH carrying ETS resources values. There are also settings for the global SIP configuration and for the NMC rule configuration that support this feature.

In addition, note that:

  • You must set a media policy for the RPH profile to use. Check your system configuration and note the name of the media policy that best suits your needs.
  • Valid values for the parameters that take r-values are wps.x and ets.x, where x is 0 through 4.

Remember to save and activate your configuration after you have completed the processes detailed in this section.

Setting Up and Applying RPH Policy

The RPH policy is a configuration on the Oracle Communications Session Border Controller that you apply to NMC rules. It designates the following for ETS/WPS namespaces:

  • An override resource value—Resource value used to override the incoming RPH’s resource value
  • An insert resource value—Resource value inserted when the Oracle Communications Session Border Controller does not recognize the RPH, the incoming request has no RPH, or the call is H.323 and matches an NMC rule based on the ETS DN

Note that RPH policies do not apply for DSN, DRSN, Q.735, or any other type of namespace; these remain untouched in outgoing requests.

To configure an RPH policy:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter to access the signaling-level configuration elements. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type rph-policy and press Enter. From here, you can configure the individual parameters for the RPH policy. 
    ORACLE(session-router)# rph-policy
ORACLE(rph-policy)#
  4. name—Enter the name that uniquely identifies this RPH policy. This is the value you use to apply the policy in the NMC rules configuration. There is no default for this parameter, and you are required to set it.
  5. override-r-value—Enter the value that the system uses to override r-values in the original RPH. 
    ORACLE(rph-policy)# override-r-value ets.1
  6. insert-r-value—Enter the value that the Oracle Communications Session Border Controller inserts into the RPH. 
    ORACLE(rph-policy)# insert-r-value wps.1
  7. rph-policy—Enter the name of the RPH policy that you want to apply for this NMC rule. This parameter is empty by default; if you do not set an RPH policy, none will be applied.

Setting Up and Applying RPH Profile

The RPH profile contains information about how the system should act on the namespace(s) present in a Resource-Priority header (if any). The list of resource values in this configuration calls out the resource values (or r-values) recognizable to the Oracle Communications Session Border Controller; the ETS and WPS namespaces are supported.

You also set a media policy for the RPH profile to use; it defines the Differentiated Services Code Point (DSCP) that the Oracle Communications Session Border Controller uses for media or signaling packets belonging to the egress call leg for the ETS session.

The call treatment parameter tells the Oracle Communications Session Border Controller what to do with a non-ETS call that has RPH in its request; the call can be allowed, rejected, or treated as a priority call.

To configure an RPH profile:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter to access the signaling-level configuration elements. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type rph-profile and press Enter. From here, you can configure the individual parameters for the RPH policy. 
    ORACLE(session-router)# rph-profile
ACMEORACLEPACKET(rph-profile)#
  4. name—Enter the name that uniquely identifies this RPH profile. This is the value you use to apply the profile in the NMC rules configuration. There is no default for this parameter, and you are required to set it.
  5. r-values—Enter one or more r-values that the Oracle Communications Session Border Controller is to recognize for matching purposes. When you enter more than one value in the list, you type the name of the parameter followed by a Space, open quotation mark, the values for the list separated by spaces, a closed quotation mark. Then press Enter.

    You must enter them in the order reflected below (a WPS and then an ETS value). A WPS call always has to have an ETS namespace. 

    ORACLE(rph-profile)# r-values "wps.0 ets.2"
  6. media-policy—Enter the name of a media policy configuration that you want applied for this RPH profile. The Oracle Communications Session Border Controller implements this media policy for the ETS call, and this media policy overrides any media policy set in the realm configuration.
  7. call-treatment—Enter the call treatment method for a non-ETS call that contains RPH matching it to this profile. The default is accept. The valid values are:

    • accept—The call proceeds as it normally would

    • reject—The Oracle Communications Session Border Controller rejects the call with the 417 Unknown-Resource Priority status code

    • priority—The Oracle Communications Session Border Controller treats the call as a priority call

Enabling NSEP for an NMC Rule

In addition to the RPH policy and RPH profile you can set for an NMC rule, you also need to set the state of this feature for the NMC rule.

To enable NSEP for an NMC rule:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type net-management-control and press Enter. 
    ORACLE(session-router)# net-management-control
ORACLE(net-management-control)#

    If you are adding support for this feature to a pre-existing configuration, then you must select (using the ACLI select command) the configuration that you want to edit.

  4. rph-feature—Enable this parameter if you want to turn the NSEP feature on for this NMC rule. The default is disabled. The valid values are:

    • enabled | disabled

Global SIP Configuration Settings Enabling NSEP

For the global SIP configuration, you can turn the NSEP feature on, and you can also set parameters that support call admission and congestion control.

In addition, you can enable the insertion of the ARPH header in a response when the resource-priority tag is present in the Require header and the Oracle Communications Session Border Controller rejects the request with a 417 Unknown Resource-Priority response. The ARPH value is the list of r-values you set in the RPH profile.

To enable NSEP for the global SIP configuration:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type sip-config and press Enter. 
    ORACLE(session-router)# sip-config
ORACLE(sip-config)#

    If you are adding support for this feature to a pre-existing configuration, then you must select (using the ACLI select command) the configuration that you want to edit.

  4. rph-feature—Enable this parameter if you want to turn the NSEP feature on for the global SIP configuration. The default is disabled. The valid values are:

    • enabled | disabled

Global SIP Configuration Settings Enabling CAC and Congestion Control

To set call admission and congestion control parameters for NSEP:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type sip-config and press Enter. 
    ORACLE(session-router)# sip-config
ORACLE(sip-config)#

    If you are adding support for this feature to a pre-existing configuration, then you must select (using the ACLI select command) the configuration that you want to edit.

  4. nsep-user-sessions-rate—Enter the maximum INVITEs per second to admit for ETS calls on a per-user basis. To enable NSEP call admission control (CAC), you must change the parameter value from 0; if you leave this parameter set to 0, then it is the same as disabling CAC for ETS calls. The default is 50. The valid range is:

    • Minimum—0

    • Maximum—999999999

  5. options—To enable congestion control for ETS calls, you configure an option that sets the CPU threshold. If this threshold is exceeded, the Oracle Communications Session Border Controllerrejects new ETS calls with the 503 Service Unavailable response. The value you set here should be larger than the load limit value for normal calls; ETS calls are allowed even when the load limit threshold for normal calls is exceeded.

    The threshold value can be between 0 and 100. Using a value of 0 or 100 for this parameter disables ETS call congestion control.

    Set the options parameter by typing options, a Space, the option name nsep-load-limit with a plus sign in front of it, then the equal sign and the ETS call threshold you want to set. Then press Enter. 

    ACMEPACKET(sip-config)# options +nsep-load-limit=50

    If you type the option without the plus sign, you will overwrite any previously configured options. In order to append the new options to this configuration’s options list, you must prepend the new option with a plus sign as shown in the previous example.

Global SIP Configuration Settings Enabling ARPH Insertion

To enable ARPH insertion in responses:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type sip-config and press Enter. 
    ORACLE(session-router)# sip-config
ORACLE(sip-config)#

    If you are adding support for this feature to a pre-existing configuration, then you must select (using the ACLI select command) the configuration that you want to edit.

  4. options—To enable ARPH insertion in responses type options, a Space, the option name insert-arp-header with a plus sign in front of it, and then press Enter. 
    ORACLE(sip-config)# options +insert-arp-header

    If you type the option without the plus sign, you will overwrite any previously configured options. In order to append the new options to this configuration’s options list, you must prepend the new option with a plus sign as shown in the previous example.

Setting Up NSEP for Session Agents

In earlier releases, the Oracle Communications Session Border Controller supports NSEP-related CAC for users and for NMC. You can now configure a sessions-per-second rate for session agents. Set in the global SIP configuration, this rate applies to all SIP session agents. When session exceed the limit, the Oracle Communications Session Border Controller rejects them with a 503 Service Unavailable message.

To configure NSEP limits for SIP session agents:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
ORACLE(configure)#
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
ORACLE(session-router)#
  3. Type sip-config and press Enter. 
    ORACLE(session-router)# sip-config
ORACLE(sip-config)#
  4. nsep-sa-sessions-rate—Enter maximum acceptable number of SIP INVITES (NSEP sessions) per second to allow for SIP session agents. This parameter defaults to 0, meaning there is no limit.
  5. Save and activate your configuration.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents