Installation and Start-Up

After you have completed the hardware installation procedures outlined in the the relevant Hardware Installation Guide, you are ready to establish a connection to your Oracle® Enterprise Session Border Controller. Then you can load the software image you want to use and establish basic operating parameters.

Hardware Installation Process

Installing the Oracle® Enterprise Session Border Controller hardware in a rack requires the following process.

1. Unpack the Oracle® Enterprise Session Border Controller hardware.
2. Install the Oracle® Enterprise Session Border Controller hardware into the rack.
3. Install the power supplies.
4. Install the fan modules.
5. Install the physical interface cards.
6. Cable the Oracle® Enterprise Session Border Controller hardware.

   Note:

   Complete installation procedures fully and note the safety warnings to prevent physical harm to yourself and damage to the Oracle® Enterprise Session Border Controller hardware.

   For more information, see the hardware documentation.

Connecting to Your Oracle® Enterprise Session Border Controller

You can connect to your Oracle® Enterprise Session Border Controller either through a direct console connection, or by creating a remote SSH session. Both of these access methods provide you with the full range of configuration, monitoring, and management options.

Note:

By default, SSH and SFTP connections to your Oracle® Enterprise Session Border Controller are enabled.

Create a Console Connection

Using a serial connection, you can connect your laptop or PC directly to the Acme Packet hardware. If you use a laptop, you must take appropriate steps to ensure grounding.

One end of the cable plugs into your terminal, and the other end plugs into the RJ-45 Console port on the NIU (or management ports area on the Acme Packet 6300).

To make a console connection to your hardware:

1. Set the connection parameters for your terminal to the default boot settings:
   • Baud rate: 115,200 bits/second
   • Data bits: 8
   • Parity: No
   • Stop bit: 1
   • Flow control: None
2. Connect a serial cable to between your PC and the hardware's console port.
3. Apply power to the hardware.
4. Enter the appropriate password information when prompted to log into User mode of the ACLI.

   You can set the amount of time it takes for your console connection to time out by setting the console-timeout parameter in the system configuration. If your connection times out, the login sequence appears again and prompts you for your passwords. The default for this field is 0, which means that no time-out is being enforced.

SSH Remote Connections

For increased security, you can connect to the Oracle® Enterprise Session Border Controller using SSH.

The Oracle® Enterprise Session Border Controller supports five concurrent SSH and SFTP sessions. Only one SSH session may be in configuration mode at a time.

To SSH to your Oracle® Enterprise Session Border Controller, you need to know the IP address of its administrative interface (wancom0/eth0). The wancom0/eth0 IP address of your Oracle® Enterprise Session Border Controller is found by checking the inet on ethernet value in the boot parameters or visible from the front panel display.

You can manage incoming SSH connections from the ACLI:

• SSH service is enabled by default.
• To set a time-out due to inactivity, use the telnet-timeout parameter in the system configuration. You can set the number of seconds that elapse before the SSH connection is terminated. The default for this field is 0, which means that no time-out is being enforced.
• To view the users who are currently logged into the system, use the ACLI show users command. You can see the ID, timestamp, connection source, and privilege level for active connections.
• From Superuser mode in the ACLI, you can terminate the connections of other users in order to free up connections. Use the kill user command with the corresponding connection ID.
• If you reboot your Oracle® Enterprise Session Border Controller from a SSH session, you lose IP access and therefore your connection.

There are two ways to use SSH to connect to the Oracle® Enterprise Session Border Controller. Either connect via SSH without specifying users and SSH user passwords, or initiate the SSH connection using custom SSH credentials.

Accessing the System Via User and Admin Accounts

You may access the Oracle® Enterprise Session Border Controller via SSH connection without specifying users and SSH user passwords.

1. Open your SSH client (with an open source client, etc.).
2. At the prompt in the SSH client, type the ssh command, a Space, the IPv4 address of your Oracle® Enterprise Session Border Controller, and then press Enter.

   The SSH client prompts you for a password before connecting to the Oracle® Enterprise Session Border Controller. Enter the Oracle® Enterprise Session Border Controller’s User mode password. After it is authenticated, an SSH session is initiated and you can continue with tasks in User mode or enable Superuser mode.

Accessing the System Using Custom SSH Credentials

You may initiated an SSH connection using custom SSH credentials.

1. In the ACLI at the Superuser prompt, type the ssh-password and press Enter.
2. Enter the name of the user you are creating.
3. Enter a password for the user when prompted.

   Note:

   Passwords do not appear on your screen.

   ORACLE# ssh-password
   SSH username [saved]: MJones
   Enter new password: 95X-SD
   Enter new password again: 95X-SD

   Once you have configured ssh-password, the SSH login accepts the configured username and password, as well as the default SSH/SFTP usernames, user and admin.

4. Configure your SSH client to connect to your Oracle® Enterprise Session Border Controller’s management IPv4 address using the username you just created. For example:

   ssh -l MJones 10.0.1.57

5. Enter the SSH password you configured in the ACLI.

   MJones@10.0.2.54 password: 95X-SD

6. Enter your User password to work in User mode on the Oracle® Enterprise Session Border Controller. Enable Superuser mode and enter your password to work in Superuser mode.

Import Private SSH Key to Derive New SSH Host Keys

The Oracle® Enterprise Session Border Controller supports importing externally generated SSH keys to replace the internally generated SSH host keys. Because the E-SBC derives the public key from the private key, only the externally generated private key needs to be imported. The E-SBC uses these keys when it functions as an SSH server. The E-SBC supports RSA or DSA key lengths of 1024, 2048, 3072, or 4096 bits.

1. Connect to the E-SBC as the admin user.

   ssh admin@10.0.0.1

2. Run the ssh-priv-key import host-key command.
3. Paste the private key into the console in RFC 4716 format, followed immediately with a semicolon.

   ORACLE# ssh-priv-key import host-key
   Import externally generated SSH host key pair
   
   IMPORTANT:
           Please paste SSH private key in the format defined in RFC 4716.
           Terminate the key with ";" to exit.
   -----BEGIN RSA PRIVATE KEY-----
   MIIEpAIBAAKCAQEAxd3bGH0tlLlaLmA35uveUhgRuoxgt1KSSn4ZrBXKuRam4ILO
   ++16Qn0kYVmCfxKpYhaQ3LcTOeR+/WRV4uVp5RNPw4QRTSUdMjhODt8yxy22rHrW
   .
   .
   .
   tbNEZ7oOKBhLmdO9WvU1OqBumZmV+TtI8jdEzn1T0ZJZ45mTEtJjMwv00VHh94t4
   Lye/a8t/dV4+HvBMfCY2SKnDivLJAWWFlPz6NhSk6qUaNwReytL9CQ==
   -----END RSA PRIVATE KEY-----;
   
   SSH host key imported successfully.
   ORACLE#

   Note:

   Do not insert a new line character before the terminating semicolon.

   The E-SBC only supports one set of SSH host keys. Importing a second host key overwrites the previous pair. Use the ssh-priv-key delete host-key <key-type> command to overwrite the current host-key with an internally generated host-key.

Import a Private SSH Key for the E-SBC as an SFTP Client

As an alternative to relying on the SSH keys generated by the Oracle® Enterprise Session Border Controller, customers may import externally generated SSH keys for any configured public-key element. Because the E-SBC derives the public key from the private key, only the private key needs to be imported, and any previously generated keys for this public-key element will be overwritten. The E-SBC uses these keys when it functions as an SFTP client.

1. Access the public-key configuration element.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# public-key
   ORACLE(public-key)# 
   

2. Set the parameters for this configuration element.
   • name—A record name for this public key.
   • type—The key type. Supported values are rsa and dsa.
   • size—The size of the public key in number of bits. Supported values are 512, 1024, 2048 and 3072.

   ORACLE(public-key)# name acme
   ORACLE(public-key)# type rsa
   ORACLE(public-key)# size 1024

3. Type done when finished and return to the top-level element.

   ORACLE(public-key)# done
   public-key
           name                                    acme
           type                                    rsa
           size                                    1024
           last-modified-by                        admin@10.0.0.1
           last-modified-date                      2017-11-07 14:04:49
   
   ORACLE(public-key)# exit
   ORACLE(security)# exit
   ORACLE(configure)# exit
   ORACLE# 

4. Save and activate your configuration

   Note:

   The verify-config command reports an error about a missing public key. You may ignore this error.
5. Run ssh-priv-key import <record-name> and paste the private key into the console in RFC 4716 format, followed immediately with a semicolon.
   Use the value of the name parameter for the value of <record-name>.

   ORACLE# ssh-priv-key import acme
   
   IMPORTANT:
           Please paste SSH private key in the format defined in RFC 4716.
           Terminate the key with ";" to exit.
   
   -----BEGIN RSA PRIVATE KEY-----
   MIIEowIBAAKCAQEAx7DC2/A8zrhhHxcLw6CBLGKaVSWc2jJBnBZNayCd+L5gvJl/
   eAYXqMwwByoL1CxIcNIYvRd76DNtnpvaGjcHoXjT0OJD12ps6yZz02NJz2IznQtP
   .
   .
   .
   m8D2P8lc22Tw2GBfmRsJdktvA2GM4e4RhWQcyOtcee4Sw2E8HzxCvSM0hv4SArEo
   jWzbxmOdHaGIs22F25kp/0N2D12rg1DZn5QaMoNPY+A0nODw0+I+
   -----END RSA PRIVATE KEY-----;
   
   
   SSH private key imported successfully....
   WARNING: Configuration changed, run "save-config" command to save it
   and run "activate-config" to activate the changes
   ORACLE#

   Note:

   Do not insert a new line character before the terminating semicolon.
6. Save and activate the configuration.

Delete an SSH Key

You can delete private keys from the system individually.

1. Use the ssh-priv-key delete <record-name> command to delete a previously created or imported SSH key pair. In the example below, the key's record name is 'acme'.

   ORACLE# ssh-priv-key delete acme
   SSH public key deleted successfully....
   WARNING: Configuration changed, run "save-config" command to save it
   and run "activate-config" to activate the changes
   ORACLE#

2. Save and activate your configuration.

   Note:

   If you delete this imported key, the E-SBC will generate its own.

Configure SSH Ciphers

The ssh-config configuration element controls which ciphers the Oracle® Enterprise Session Border Controller offers during SSH session negotiation.

Each command takes an argument which is either a single word or a comma-separated list within double quotes. Type ? to see the available algorithms for this release.

1. Access the ssh-config configuration element.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# ssh-config

2. encr-algorithms—Select the ciphers for SSH encryption.
3. hmac-algorithms—Select the HMAC algorithm.
4. keyex-algorithms—Select the Diffie-Hellman key exchange algorithm.
5. hostkey-algorithms—Select the algorithm for generating host keys.
6. Type done.
7. Save and activate the configuration.

Verify SSH Ciphers

After configuring which ciphers the Oracle® Enterprise Session Border Controller offers during SSH negotiations, verify the settings from an SSH client by starting a new SSH session with verbosity level 2.

1. SSH to the E-SBC with verbosity level 2.

   ssh -vv user@10.0.0.1

2. Confirm the E-SBC offers the selected ciphers.

   debug2: kex_parse_kexinit:
   debug2: kex_parse_kexinit:
   debug2: kex_parse_kexinit: first_kex_follows 0
   debug2: kex_parse_kexinit: reserved 0
   debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256
   debug2: kex_parse_kexinit: ssh-rsa
   debug2: kex_parse_kexinit: AEAD_AES_256_GCM,aes256-ctr
   debug2: kex_parse_kexinit: AEAD_AES_256_GCM,aes256-ctr
   debug2: kex_parse_kexinit: hmac-sha2-256
   debug2: kex_parse_kexinit: hmac-sha2-256
   debug2: kex_parse_kexinit: none
   debug2: kex_parse_kexinit: none
   debug2: kex_parse_kexinit:
   debug2: kex_parse_kexinit:

System Boot

When your Oracle® Enterprise Session Border Controller boots, the following information about the tasks and settings for the system appear in your terminal window.

• System boot parameters
• From what location the software image is being loaded: an external device or internal flash memory
• Requisite tasks that the system is starting
• Log information: established levels and where logs are being sent
• Any errors that might occur during the loading process

After the loading process is complete, the ACLI login prompt appears.