New Features in OCSBC Release S-CZ8.1.0

Software Transcoding

The system supports the following new codecs for software transcoding, when deployed as a Virtual Network Function VNF:

AMR
AMR-WB

Non-recursive DNS Query Support

By default, the Oracle® Enterprise Session Border Controller (E-SBC) requests DNS query with recursive searches. The Telecommunication Technology Committee's Standard JJ-90.31 specifies that ENUM DNS queries be performed iteratively. The E-SBC complies with this requirement when remote (server) recursive searches are disabled. You can disable recursive searches on a per enum-config basis.

See "Routing" in the ACLI Configuration Guide.

DTMF IWF for VNF

The E-SBC supports DTMF interworking when deployed as a VNF. The functionality works the same as on other platforms. See "Graceful DTMF Conversion Call Processing" in the ACLI Configuration Guide.

Restricting Logons to TACACS

For deployments that include TACACS authentication, the Oracle® Enterprise Session Border Controller (E-SBC) allows the user to configure a restriction that prevents users from logging into the system using mechanisms other than TACACS. The function that manages this restriction evaluates the availability of TACACS infrastructure and allows alternate login mechanisms if TACACS servers are unavailable due to either network or server issues.

See "Getting Started" in the ACLI Configuration Guide.

FAX Support for UEs that Do Not Support Multiple M Lines

The Oracle® Enterprise Session Border Controller (E-SBC) sometimes supports FAX transcoding scenarios using a Re-INVITE that includes two m-lines in the SDP. Some end stations, however, do not support multiple m-lines, causing the FAX setup to fail. You can configure the E-SBC to resolve this problem on a per realm basis via transcoding policy.

See "Transcoding" in the ACLI Configuration Guide.

Call Duration Counters

The Oracle® Enterprise Session Border Controller maintains aggregate call duration in seconds for the current period, lifetime total and the lifetime-period-maximum. These counters are maintained for each session agent, realm, SIP Interface, and globally across the system. The call duration counter can count up to a 32 bit value, after which time it rolls over.

See the Maintenance and Troubleshooting Guide.

Local and Remote Call Termination Counters

The E-SBC maintains counters of gracefully terminated calls for cases where the BYE is generated both locally within the system and call is terminated externally, as expected. Each case is maintained in a unique counter. These counters are maintained for each session agent, realm, SIP Interface, and globally.

See "Local and Remote Call Termination Counters" in the Maintenance and Troubleshooting Guide.

Common Codec Support for Transcoded SIPREC Calls

The E-SBC supports SIPREC on all transcoded call flows by capturing the same codec type from the "called" party side of the session on both legs of the call.

SIPREC Support for SRTP

With the exception noted in the following table, the E-SBC supports SIPREC on all media flows with any combination of SRTP-RTP call legs on ingress and egress for all Acme Packet platforms. The E-SBC also supports SRTP on the interface between the E-SBC and the SIPREC server.

Caller A	Caller B	SRS	Supported or Not Supported
RTP	RTP	RTP	Supported
RTP	SRTP	RTP	Supported
SRTP	RTP	RTP	Supported
SRTP	SRTP	RTP	Supported
RTP	RTP	SRTP	Supported*
RTP	SRTP	SRTP	Supported
SRTP	RTP	SRTP	Supported
SRTP	SRTP	SRTP	Supported

* Not supported in the S-CZ8.1.0 GA release. Support begins with the S-CZ8.1.0p1 release.

The supported combinations apply to transcoded and non-transcoded calls.
The supported combinations apply to recording and requires either the disabled mode or the enabled mode.
The SDES profile that you use for in the media-security-policy configuration must include both the AES_CM_128_HMAC_SHA1_80 and AES_CM_128_HMAC_SHA1_32 ciphers in the crypto-list. Apply this media security policy to each realm where you want SRTP traffic.

See the Call Traffic Monitoring Guide and the ACLI Configuration Guide for complete information about SIPREC support.

Provisioning FIPS and JITC

In previous releases, you needed a license key to enable the FIPS and JITC feature sets. As of E-CZ8.1.0, you enable both FIPS and JITC feature sets by way of self-provisioned entitlements using setup entitlements.

Provisioning Transcode Codecs

You no longer need to use a license key to provision transcode codecs. Use the setup entitlements command. Provisioning means enabling one or more codec types for transcoding by setting the number of sessions allowed for each codec type that you use. A value higher than zero enables the codec for transcoding. A value of zero (0) disables the codec for transcoding. Note that the system allows you to enable only the codecs supported for the platform that you are configuring.

You can provision transcoding for the following codecs with the setup entitlements command:

AMR
AMR-WB
EVRC
EVRCB
EVS
Opus
SILK

When you enable or disable transcoding for a codec or change the session capacity through setup entitlements, the system immediately recognizes and reports the action in "show sipd transcode" and "show xcode load."

Other applicable commands work as follows:

show entitlements—displays all provisioned codecs and session capacities
show features—displays all enabled features and total session capacity

For upgrades, the system honors the license keys for transcode codecs from previous releases.

Increased Media Playback Sessions

Beginning with the E-CZ8.1.0 release, the Acme Packet 6300 supports to up to 1,550 concurrent media playback sessions.

Note that all other platforms remain as before, supporting up to 100 concurrent media playback sessions.

SNMPv3 Support

The Oracle® Enterprise Session Border Controller supports SNMPv3 by default. To secure your SNMPv3 system, you must configure SNMP users and groups, SNMP managers, and view access to MIB trees. SNMPv3 provides the SNMP agent and SNMP Network Management System (NMS) with protocol security enhancements used to protect your system against a variety of attacks, such as increased authentication, privacy, MIB object access control and trap filtering capabilities.

See "SNMPv3" in the MIB Reference Guide.

SFTP Access Restrictions

In the default restricted mode, the normal user and admin user are restricted from adding, deleting, renaming, or modifying specific system files when accessing the file system with SFTP.

Import SSH Keys as Host Keys

The Oracle® Enterprise Session Border Controller supports importing externally generated SSH keys to replace the internally generated SSH host keys. Because the E-SBC derives the public key from the private key, only the externally generated private key needs to be imported. The E-SBC uses these keys when it functions as an SSH server. The E-SBC supports RSA or DSA key lengths of 1024, 2048, 3072, or 4096 bits. See "Import Private SSH Key to Derive New SSH Host Keys" in the ACLI Configuration Guide.

Import a Private SSH Key

As an alternative to relying on the SSH keys generated by the Oracle® Enterprise Session Border Controller, customers may import externally generated SSH keys for any configured public-key element. Because the E-SBC derives the public key from the private key, only the private key needs to be imported, and any previously generated keys for this public-key element will be overwritten. The E-SBC uses these keys when it functions as an SFTP client. See " Import a Private SSH Key for the E-SBC as an SFTP Client" in the ACLI Configuration Guide.

Delete an SSH Key

You can delete private keys from the system individually. See "Delete an SSH Key" in the ACLI Configuration Guide.

Daylong Transcoding Session Cleanup

The Oracle® Enterprise Session Border Controller can perform hourly checks for long xcode/DSP sessions. The amount of time that defines these long sessions defaults to 86400 seconds (24 hours), and may be configured to a different number. After finding these long sessions, they will be cleared from the system when the hourly process runs. Freeing up these potentially orphaned sessions ensures that maximum transcoding resources are available for incoming calls.

This feature is available in release E-Cz810m1p16 and later.