SIP Registration Overload Protection

You can configure your Oracle® Enterprise Session Border Controller for SIP Registration overload protection, which augments the Oracle® Enterprise Session Border Controller’s protection methods. Working with the Oracle® Enterprise Session Border Controller’s access control and registration caching functions, this new feature guards against benign avalanche restarts. The avalanche is caused by events where many endpoints lose power or connectivity at once, are restored to service, and then flood the Oracle® Enterprise Session Border Controller as they attempt to register again.

Normally, the Oracle® Enterprise Session Border Controller handles SIP registration by creating a temporary registration cache for the endpoint’s address of record (AoR) and forwards the REGISTER request to the registrar. To challenge the endpoint’s registration, the registrar sends back either a 401 Unauthorized or 407 Proxy Authorization Required response. When it receives the 401 or 407, the Oracle® Enterprise Session Border Controller saves the challenge context in anticipation of receiving a second REGISTER with the endpoint’s authentication credentials. The Oracle® Enterprise Session Border Controller forwards the second REGISTER (with authentication credentials) to the registrar, and then the registrar confirms registration with a 200 OK. Both REGISTER requests are subject to the system’s access control rules, set either for the ingress realm or the ingress session agent. The Oracle® Enterprise Session Border Controller also honors the maximum registration sustain rate constraint for session agents; this applies when the incoming REGISTER is from a session agent and the outgoing REGISTER is sent to a session agent.

When you enable SIP Registration overload protection, the Oracle® Enterprise Session Border Controller temporarily promotes the endpoint to the trusted level when it receives the 401 or 407 response (to the first REGISTER) from the registrar. This ensures that the second REGISTER (containing authentication credentials) can reach the Oracle® Enterprise Session Border Controller. Temporary promotion lasts only for the amount of time remaining before the REGISTER server transaction expires plus the time allotted in the transaction expiration parameter in the SIP configuration. Before the temporary promotion expires, there is enough time for any necessary retransmissions of the first REGISTER and for the second REGISTER to take place. The following situations might also occur:

If the Oracle® Enterprise Session Border Controller receives a 401 or 407 to the second REGISTER request, it resets its access control level for the endpoint’s address to the default level; it then treats additional REGISTER requests from the same context at the default access control level.
If the Oracle® Enterprise Session Border Controller receives a 200 OK response to the REGISTER message, it extends the promotion time to the expiration period for the registration cache.

If the Oracle® Enterprise Session Border Controller is able to find the temporary registration cache and the saved challenge context when the second REGISTER arrives, it forwards the REGISTER without checking the maximum registration sustain rate constraint for ingress and egress session agents—thereby ensuring that the REGISTER with authentication credentials is sent to the registrar. So when you use this feature, you should set the maximum registration sustain rate constraint of the session agent (representing the registrar) at half the registrar’s maximum registration sustain rate. Additional REGISTER requests with the same challenge context are subject to the maximum registration sustain rate constraint.

SIP Registration Overload Protection Configuration

When you configure this feature, be sure to set the reg-overload-protect option in your global SIP configuration:

To enable SIP Registration overload protection on your Oracle® Enterprise Session Border Controller:

In Superuser mode, type configure terminal and press Enter.
```
ORACLE# configure terminal
```
Type session-router and press Enter to access the signaling-level configuration elements.
```
ORACLE(configure)# session-router
ORACLE(session-router)#
```
Type sip-config and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters.
```
ORACLE(session-router)# sip-config
ORACLE(sip-config)#
```
options—Set the options parameter by typing options, a Space, the option name preceded by a plus sign (+) (reg-overload-protect), and then press Enter.
```
ORACLE(sip-config)# options +reg-overload-protect
```
If you type either of these options without the plus (+) sign, you will remove any previously configured options. In order to append the new option to the options list, you must prepend the new option with a plus sign as shown in the example above.

Note:
Note that the sip-config option "cache-challenges" (enabled by default) must not have been disabled for SIP Registration Overload Protection to work properly. If you have disabled cache-challenges, re-evaluate the reason you disabled it. If registration overload protection supersedes your reason for disabling cache-challenges, re-enable the option as shown below.
```
ACMEPACKET(sip-config)# options +cache-challenges=yes
```
Note that the configuration syntax above is equivalent to the following, which uses the "-" character to remove the option.
```
ACMEPACKET(sip-config)# options -cache-challenges
```
Save and activate your configuration.