The restricted media latching feature lets the Oracle® Enterprise Session Border Controller latch only to media from a known source IP address, in order to learn and latch the dynamic UDP port number. The restricting IP address’s origin can be either the SDP information or the SIP message’s Layer 3 (L3) IP address, depending on the configuration.
Latching is when the Oracle® Enterprise Session Border Controller listens for the first RTP packet from any source address/port for the destination address/port of the Oracle® Enterprise Session Border Controller. The destination address/port is allocated dynamically and sent in the SDP. After it receives a RTP packet for that allocated destination address/port, the Oracle® Enterprise Session Border Controller only allows subsequent RTP packets from that same source address/port for that particular Oracle® Enterprise Session Border Controller destination address/port. Latching does not imply that the latched source address/port is used for the destination of the reverse direction RTP packet flow (it does not imply the Oracle® Enterprise Session Border Controller will perform symmetric RTP).
The Oracle® Enterprise Session Border Controller restricts latching of RTP/RTCP media for all calls within a realm. It latches to media based on one of the following:
- SDP: the IP address and address range based on the received SDP c= connect address line in the offer and answer.
- Layer 3: the IP address and address range based on the received L3 IP address of the offer or answer. This option is for access registered HNT endpoints. If the L3 IP address is locally known and cached by the Oracle® Enterprise Session Border Controller as the public SIP contact address, that information could be used instead of waiting for a response. The Oracle® Enterprise Session Border Controller might use the L3 IP address restriction method for all calls regardless of whether the endpoint is behind a NAT or not, for the same realms.
A mode where a device’s source address/ports for the RTP/RTCP it sends to the Oracle® Enterprise Session Border Controller (E-SBC) that are latched, are then used for the destination of RTP/RTCP sent to the device.
After allocating the media session in SIP, the E-SBC sets the restriction mode and the restriction mask for the calling side as well as for the called side. It sets the source address and address prefix bits in the flow. It also parses and loads the source flow address into the MIBOCO messages. After receiving the calling SDP, the E-SBC sets the source address (address and address prefix) in the appropriate flow (the flow going from calling side to the called side). After receiving the SDP from the called side, the E-SBC sets the source address in the flow going from the called side to the calling side.
The E-SBC uses either the address provided in the SDP or the layer 3 signaling address for latching. You also configure the E-SBC to enable latching so that when it receives the source flow address, it sets the address and prefix in the NAT flow. When the NAT entry is installed, all the values are set correctly. In addition, sipd sends the information for both the incoming and outgoing flows. After receiving SDP from the called side sipd, the E-SBC sends information for both flows to the MBCD so that the correct NAT entries are installed.
Enabling restricted latching may make the E-SBC wait for a SIP/SDP response before latching, if the answerer is in a restricted latching realm. This is necessary because the E-SBC does not usually know what to restrict latching to until the media endpoint is reached. The only exception could be when the endpoint’s contact/IP is cached.
Relationship to Symmetric Latching
The current forced HNT symmetric latching feature lets the Oracle® Enterprise Session Border Controller assume devices are behind NATs, regardless of their signaled IP/SIP/SDP layer addresses. The Oracle® Enterprise Session Border Controller latches on any received RTP destined for the specific IP address/port of the Oracle® Enterprise Session Border Controller for the call, and uses the latched source address/port for the reverse flow destination information.
If both restricted latching and symmetric latching are enabled, the Oracle® Enterprise Session Border Controller only latches if the source matches the restriction, and the reverse flow will only go to the address/port latched to, and thus the reverse flow will only go to an address of the same restriction.
- Symmetric latching is enabled.
If symmetric latching is enabled, the Oracle® Enterprise Session Border Controller sends the media in the opposite direction to the same IP and port, after it latches to the source address of the media packet.
- Symmetric latching is disabled.
If symmetric latching is disabled, the Oracle® Enterprise Session Border Controller only latches the incoming source. The destination of the media in the reverse direction is controlled by the SDP address.
A typical example is when the Oracle® Enterprise Session Border Controller performs HNT and non-HNT registration access for endpoints. Possibly the SDP might not be correct, specifically if the device is behind a NAT. Therefore the Oracle® Enterprise Session Border Controller needs to learn the address for which to restrict the media latching, based on the L3 IP address. If the endpoint is not behind a NAT, then the SDP could be used instead if preferred. However, one can make some assumptions that access-type cases will require registration caching, and the cached fixed contact (the public FW address) could be used instead of waiting for any SDP response.
Another example is when a VoIP service is provided using symmetric-latching. A B2BUA/proxy sits between HNT endpoints and the Oracle® Enterprise Session Border Controller, and calls do not appear to be behind NATs from the Oracle® Enterprise Session Border Controller’s perspective. The Oracle® Enterprise Session Border Controller’s primary role, other than securing softswitches and media gateways, is to provide symmetric latching so that HNT media will work from the endpoints.
To ensure the Oracle® Enterprise Session Border Controller’s latching mechanism is restricted to the media from the endpoints when the SIP Via and Contact headers are the B2BUA/proxy addresses and not the endpoints’, the endpoint’s real (public) IP address in the SDP of the offer/answer is used. The B2BUA/proxy corrects the c= line of SDP to that of the endpoints’ public FW address.
The Oracle® Enterprise Session Border Controller would then restrict the latching to the address in the SDP of the offer from the access realm (for inbound calls) or the SDP answer (for outbound calls).
Restricted Latching Configuration
To configure restricted latching:
In Superuser mode, type
configure terminal and press Enter.
ORACLE# configure terminal
media-manager and press Enter to access the media-level configuration elements.
ORACLE(configure)# media-manager ORACLE(media-manager)#
realm-config and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters.
ORACLE(media-manager)# realm-config ORACLE(realm-config)#
Select the realm where you want to apply this feature.
ORACLE(realm-config)# select identifier: 1: Acme_Realm <none> 0.0.0.0 2: H323REALM <none> 0.0.0.0 selection:1 ORACLE(realm-config)#
restricted-latching— Enter the restricted latching mode. The default is
none. The valid values are:
none—No restricted-latching used
sdp—Use the address provided in the SDP for latching
peer-ip—Use the layer 3 signaling address for latching
restriction-mask— Enter the number of address bits you want used for the source latched address. This field will be used only if the restricted-latching is used. The default is 32. When this value is used, the complete IP address is matched for IPv4 addresses. The valid range is: