Settings Button

Use the Settings button to access the following configuration elements.

SBC Host Name	Name the session border controller host.
Description	Describe the session border controller host.
Location	Specify the location of the session border controller host.
Default Gateway IP Address	Specify the gateway IP address for the host.
NTP IP Address	Specify the IP address of the Network Time Protocol server.
Enable restart on critical failure	Enable automatic system restart after a critical failure.
Logging Settings	Specify the Syslog server and the process log level.
SNMP Settings	Enable SNMP traps and specify the MIB system.
SIP Settings	Configure SIP and add SIP options.
Denial of Service Settings	Specify packet rate settings for Denial of Service protection.
Communications Monitoring Probe Settings	Enable the Communications Monitoring Probe and specify the collector.
High Availability Settings	Enable High Availability and specify the peers.
Packet Capture Settings	Enable packet capture and specify the receiver.
Survivability	Enable remote site survivability and specify the triggering device.

Configure Logging Settings

The Oracle® Enterprise Session Border Controller (E-SBC) generates SysLogs and process logs. You must configure the IP address for the SysLog server and the process log level for the process logs.

• Note the IP address of the Syslog server.
• Confirm that the system displays the Basic mode.

The Web GUI displays the logging configuration parameters on the Settings page. Use the following procedure to specify the Syslog server and to select a process log level.

1. From the Web GUI, click Settings.
2. In the Settings dialog, click Logging settings, and do the following:

   SysLog server IP address	Enter the IPv4 address of the SysLog server.
   Process log level	Select the starting log level of all processes running on the E-SBC.

3. Click OK.
4. Save and activate the configuration.

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) supports the monitoring of devices attached to the network for conditions that might need administrative attention.

On the Oracle® Enterprise Session Border Controller (E-SBC), SNMP configuration is comprised of the following groups of system-wide settings.

• SNMP settings. Specifies the MIB contact information and enables event SNMP traps. See "Configure SNMP Settings."
• SNMP community. Specifies how certain E-SBC events are reported. See "Configure SNMP Community."
• Trap receiver. Specifies the trap receiver settings, including filters. See "Configure an SNMP Trap Receiver."

The system does not require you to configure these groups of settings for baseline E-SBC service. If you want to use network management systems to provide important monitoring and system health information, configure the settings.

Logging Settings

You can configure the Oracle® Enterprise Session Border Controller (E-SBC) to generate Syslogs for system management and Process logs for debugging.

The E-SBC generates the following types of logs.

• Syslogs conform to the standard used for logging servers and processes as defined in RFC 3164. In configuration, you specify the Syslog server.
• Process logs are proprietary Oracle logs that the system generates on a per-task basis and are used mainly for debugging purposes. Because process logs are more data inclusive than Syslogs, their contents usually include Syslog log data. In configuration, you specify the log level.

Syslog and process log servers are both identified by an IPv4 address and port pair.

Configure SNMP Settings

Simple Network Management Protocol (SNMP) is used to support the monitoring of devices attached to the network, such as the Oracle® Enterprise Session Border Controller (E-SBC), for conditions that warrant administrative attention.

• Confirm that the system displays the Basic mode.

The Web GUI displays the SNMP settings configuration parameters on the Settings page. Use the following procedure to configure MIB settings and to enable SNMP for the E-SBC.

1. From the Web GUI, click Settings.
2. In the Settings dialog, click SNMP settings, Show advanced and do the following:

   MIB system contact	Enter the contact information to use in the E-SBC MIB transactions.
   MIB system name	Enter the identification of this E-SBC presented in MIB transactions.
   MIB system location	Enter the physical location of this E-SBC that is reported within MIB transactions.
   Enable event SNMP traps	Select to enable the E-SBC to report event SNMP traps.

3. Click OK.
4. Save the configuration.

SIP Settings

Session Initiation Protocol (SIP) is an IETF-defined signaling protocol widely used for controlling communication sessions such as voice and video calls over Internet Protocol (IP). The protocol can be used for creating, modifying and terminating two-party (unicast) or multiparty (multicast) sessions. Sessions may consist of one or several media streams.

Dialog Transparency

Dialog transparency prevents the Oracle® Enterprise Session Border Controller (E-SBC) from generating a unique Call-ID and modifying dialog tags. With dialog transparency enabled, the E-SBC is prevented from generating a unique Call-ID and from modifying the dialog tags. The Oracle® Enterprise Session Border Controller passes what it receives. When a call made on one E-SBC is transferred to another UA and crosses a second E-SBC, the second E-SBC does not note the context of the original dialog, and the original call identifiers are preserved end to end. The signalling presented to each endpoint remains in the appropriate context regardless of how many times a call crosses through a E-SBC or how many E-SBCs a call crosses.

Without dialog transparency enabled, the E-SBC SIP B2BUA rewrites the Call-ID header and inserted dialog cookies into the From and To tags of all messages it processes. These dialog cookies are in the following format: SDxxxxxNN-. Using these cookies, the E-SBC can recognize the direction of a dialog. However, this behavior makes call transfers problematic because the Call-ID of one E-SBC might not be properly decoded by another E-SBC. The result is asymmetric header manipulation and unsuccdessful call transfers.

IPv6 Reassembly and Fragmentation Support

As it does for IPv4, the E-SBC supports reassembly and fragmentation for large signaling packets when you enable IPV6 on the system.

The E-SBC takes incoming fragments and stores them until it receives the first fragment containing a Layer 4 header. With that header information, the E-SBC performs a look-up so it can forward the packets to its application layer. Then the packets are re-assembled at the applications layer. Media fragments, however, are not reassembled and are instead forwarded to the egress interface.

On the egress side, the E-SBC takes large signaling messages and encodes it into fragment datagrams before it transmits them.

Note that large SIP INVITE messages should be sent over TCP. If you want to modify that behavior, you can use the SIP interface’s option parameter max-udplength=xx for each SIP interface where you expect to receive large INVITE packets.

Other than enabling IPv6 on your E-SBC, there is no configuration for IPv6 reassembly and fragmentation support. It is enabled automatically.

Configure SIP Settings

Use the Settings button to access the SIP settings configuration section of the Settings page.

• Confirm that the system displays the Basic mode.

Use the following procedure to configure global SIP settings and options.

1. From the Web GUI, click Settings.
2. On the Settings page, click SIP settings, Show advanced, and do the following.

   Enable dialog transparency	Select to enable.
   Maximum SIP message length	Enter the maximum SIP message length. Default: 4096. Range: 0-65535.
   Allow SIP UDP fragmentation	Select to enable.
   Set INVITE expires at 100 responses	Select to enable.
   Options	Click Add, enter a SIP option, and do one of the following: Click OK. Click Apply/Add another, add another media attribute, and click OK. Repeat, as needed.

3. Click OK.
4. Save the configuration.

• Configure SIP Features.

Denial of Service Protection

The Oracle® Enterprise Session Border Controller (E-SBC) Denial of Service (DoS) protection functionality protects soft switches and gateways with overload protection, dynamic and static access control, and trusted device classification and separation in layers 3-5.

DoS protection prevents the E-SBC host processor from being overwhelmed by a targeted DoS attack from the following:

• IP packets from an untrusted source, as defined by provisioned and dynamic ACLs
• IP packets for unsupported and disabled protocols
• Nonconforming and malformed packets to signaling ports
• Volume-based attack of valid and invalid call requests, signaling messages, and so on.

The Server Edition and VM Edition support of DoS protection differs from the Oracle Hardware Platforms Edition due to the absence of Oracle network interface hardware. Consequently, DoS protection is implemented in software and consumes CPU cycles when responding to attacks.

The Server Edition and VM Edition handle media packet fragments differently, processing them in the data path rather than in the host application code. Protection against fragment attacks occurs because the system never keeps fragments for more than 5 milliseconds.

Configure Denial of Service Settings

Configure Denial of Service (DoS) settings to protect the Oracle® Enterprise Session Border Controller (E-SBC) from signal and media overload, while allowing legitimate, trusted devices to continue receiving service during an attack.

• Plan the maximum number of packets per second that you want for trusted packets, un-trusted packets, and ARP packets.
• Confirm that the system displays the Basic mode.

The Web GUI displays the denial of service configuration parameters on the Settings page. Use the following procedure to specify the settings that the system uses to calculate the trusted, untrusted, and ARP packets per second. Note that the configured rate is specified in packets per second, but the system measures the rate in packets per millisecond. For example, when the configured rate is 3200 packets per second, the actual measured rate is 3 packets per millisecond.

1. From the Web GUI, click Configuration, Settings.
2. On the settings page, click Denial of Service settings, Show advanced, and do the following.

   Maximum trusted packet rate	Maximum bandwidth for trusted hosts. Packets per second. Default 50000. Range: 20-200000.
   Maximum untrusted packet rate	Maximum bandwidth for un-trusted hosts. Packets per second. Default 50000. Range: 20-200000.
   Maximum ARP packet rate	Maximum bandwidth for ARP. Packets per second. Default 1000. Range: 20-10000.

3. Click OK.
4. Save the configuration.

Communication Monitoring Probe Settings

Palladion is the Oracle Communication Experience Manager.

The manager is powered by the Palladion Mediation Engine, a platform that collects SIP, DNS, ENUM, and protocol message traffic received from Palladion Probes. The mediation engine stores the traffic in an internal database, and analyzes aggregated data to provide comprehensive multi-level monitoring, troubleshooting, and interoperability information.

Palladion simplifies the operation of software-based Palladion probes by enabling the transmission of Internet Protocol Flow Information Export (IPFIX) data to one or more Palladion Mediation Engines, possibly on different sub-nets.

Note:

The Palladion Communications Monitor Probe communicates over the media interface for signaling and Quality of Service (QoS) statistics using IPFIX. QoS reporting is done by way of Call Detail Records (CDR) accounting.

Configure Communication Monitoring Probe Settings

Use the following procedure to establish a connection between the Oracle® Enterprise Session Border Controller (E-SBC) and the Palladion Mediation Engine. The E-SBC is the exporter of protocol message traffic and data and the Palladion Mediation Engine is the information collector.

• Confirm that the network interface that you want to monitor is configured.
• Confirm that the system displays the Basic mode.

The Web GUI displays the communication monitoring probe settings configuration parameters on the Settings page. Use the following procedure to enable ths function, and to specify the connection parameters.

1. From the Web GUI, click Configuration, Settings.
2. On the Settings page, click Communications Monitoring Probe Settings, Show advanced, and do the following:

   Enable monitoring	Select to enable.
   SBC group ID	Enter a number to assign to the E-SBC in its role as an information exporter. Range: 0-999999999.
   Network interface	Select a network interface from the drop down list that supports the TCP connection between the E-SBC and the Operations Monitor Mediation Engine.
   Collector IP address	Enter the IP address of the Operations Monitor Mediation Engine collector. Default: 0.0.0.0.
   Collector port	Enter the number of the Operations Monitor Mediation Engine collector port from 1025-65535. Default: 4739. Range: 1025-65535.

3. Click OK.
4. Save the configuration.

High Availability Settings

You can deploy the Oracle® Enterprise Session Border Controller (E-SBC) in pairs to deliver High Availability (HA). Two E-SBCs operating in this way are called an HA node. Over the HA node, call state is shared, keeping sessions and calls from dropping in the event of a service disruption.

TwoE-SBCs work together in an HA node, one in active mode and one in standby mode.

• The active E-SBC checks itself for internal process and IP connectivity issues. If it detects that it is experiencing certain faults, it hands over its role as the active system to the standby E-SBC in the node.
• The standby E-SBC is the backup system, fully synchronized with the active E-SBCsession status. The standby E-SBC monitors the status of the active system so that, if needed, it can assume the active role without the active system having to instruct it to do so. If the standby system takes over the active role, it notifies network management using an SNMP trap.

To produce seamless switch overs from one E-SBC to the other, the HA node uses shared virtual MAC and virtual IP addresses for the media interfaces in a way that is similar to Virtual Router Redundancy Protocol (VRRP). Sharing addresses eliminates the possibility that the MAC and IPv4 address set on one E-SBC in an HA node will be a single point of failure. The standbyE-SBC sends ARP requests using a utility IPv4 address and its hard-coded MAC addresses to obtain Layer 2 bindings.

When there is a switch over, the standby E-SBC issues gratuitous ARP messages using the virtual MAC address, establishing that MAC on another physical port within the Ethernet switch. To the upstream router, the MAC and IP are still alive, meaning that existing sessions continue uninterrupted.

Within the HA node, the E-SBCs advertise their current state and health to one another in checkpointing messages; each system is apprised of the other’s status. Using Oracle’s HA protocol, the E-SBCs communicate with UDP messages sent out and received on the interfaces carrying "heartbeat" traffic between the active and standby devices.

The standby E-SBCassumes the active role when:

• It has not received a checkpoint message from the active E-SBC for a certain period of time.
• It determines that the active E-SBC’s health score has decreased to an unacceptable level.
• The active E-SBC relinquishes the active role.

High Availability on the Acme Packet 1100

The Acme Packet 1100 supports High Availability (HA), but the configuration differs from other Oracle® Enterprise Session Border Controllers (E-SBC) because there is only one management interface on this device.

Unlike other E-SBCs, which provide two management interfaces and two media interfaces, the Acme Packet 1100 provides 1 management interface and 2 media interfaces. For HA, you must create a second management interface object on the Acme Packet 1100 with wancom0 for the name and VLAN for the sub-port-id. You can configure only one management interface in an HA pair with these settings and the system does not support more than one HA interface with a VLAN tag.

Note:

The Acme Packet 1100 E-SBC does not support High Availability (HA) for any call using the Time Division Multiplexing (TDM) interface.

Configure High Availability

To create a High Availability (HA) pair of Oracle® Enterprise Session Border Controllers (E-SBC), you must configure one E-SBC as the primary and the other E-SBC as the secondary.

• Confirm that the system displays the Basic mode.

The Web GUI displays the HA configuration parameters on the Settings page. Use the following procedure to create an HA pair and to establish communication between the devices.

1. From the Web GUI, click Configuration, Settings.
2. On the Settings page, click High availability settings, and do the following:

   Enable high availability	Select to enable HA.
   Name of primary peer	Enter the name of the primary E-SBC peer.
   Name of secondary peer	Enter the name of the secondary E-SBC that you want to use for HA purposes to peer with the primary.
   ENT phy interface virtual MAC	Enter the MAC address of the Enterprise physical interface on the E-SBC.
   SP phy interface virtual MAC	Enter the MAC address of the Service Provider physical interface on the E-SBC.

3. Click OK.
4. Save the configuration.

Configure the Acme Packet 1100 Primary for HA

You can configure the Acme Packet 1100 primary for High Availability (HA) operations from the Web GUI by using the configuration tools in Basic mode.

• Confirm that the Oracle® Enterprise Session Border Controller software is installed on two separate systems.

You must perform the following procedure on the primary system before configuring the secondary system for HA operations.

1. On the Web GUI, click Configuration, Wizards, Set initial configuration, Run Setup.
   The system displays the Set initial configuration dialog.
2. In the Set initial configuration dialog, do the following:

   Enable Web GUI	Select Yes to enable the Web GUI.
   Choose Web GUI mode	Select Basic Web GUI mode.
   SBC mode	Select high availability SBC mode. Select primary.
   IP address on management interface	Enter the IP address of the management interface on the primary.
   Unique target name	Enter a unique target name for the primary.
   Subnet mask	Enter the subnet mask.
   Management interface VLAN	Enter the number of the management interface VLAN. Range: 0-4095.
   Gateway IP address	Enter the gateway IP address.
   Peer target name	Enter the name of the secondary.

3. Click Complete.
   The system reboots.

Configure the secondary for High Availability. See "Configure the Acme Packet 1100 Secondary for High Availability (HA) - GUI Basic."

Configure the Acme Packet 1100 Secondary for HA

You can configure the Acme Packet 1100 secondary for High Availability (HA) operations from the Web GUI by using the configuration tools in Basic mode.

• Confirm that the Oracle® Enterprise Session Border Controller primary is configured for HA operations.

When configuring the secondary system, enter the same management interface VLAN that you entered for the primary system.

1. On the Web GUI, click Configuration, Wizards, Set initial configuration, Run Setup.
   The system displays the Set initial configuration dialog.
2. In the Set initial configuration dialog, do the following:

   Enable Web GUI	Select Yes to enable the Web GUI.
   Choose Web GUI mode	Select Basic Web GUI mode.
   SBC mode	Select high availability SBC mode. Select primary.
   IP address on management interface	Enter the IP address of the management interface on the primary.
   Unique target name	Enter a unique target name for the primary.
   Subnet mask	Enter the subnet mask.
   Management interface VLAN	Enter the number of the management interface VLAN. Range: 0-4095.
   Gateway IP address	Enter the gateway IP address.
   Acquire configuration from primary	Select Yes.

3. Click Complete
   The system reboots.

Packet Capture Settings

You can configure the packet capture function on the Oracle® Enterprise Session Border Controller (E-SBC) to view packet traffic on your network. For example, you might want to confirm the network configuration or to perform troubleshooting.

During a packet capture session, the system creates a set of .pcap files in the /opt/traces directory. If the /opt/traces directory contains files when you run the packet-trace command, the system prompts you to either remove or keep the existing files before running the command. The following table describes the system behavior for both options.

Yes—Removes all existing files.	The system captures up to 25 new .pcap files. During the session, the system rotates the files in the /opt/traces directory by size. For example, the system keeps the last 25 files and rotates them when they reach 100 MB
No—Keeps all existing files.	If the /opt/traces directory contains 25 .pcap files, the system cannot add more files to the directory or overwrite the existing files. If the /opt/traces directory contains fewer than 25 .pcap files, the system can add new files to the directory up to the 25 file limit. For example, if the /opt/traces directory contains 10 existing files, the system can add up to 15 new files.

Configure Packet Capture Settings

You can configure the Oracle® Enterprise Session Border Controller (E-SBC) to send packet captures to a designated receiver.

• Note the IP address and network interface of the device to which the E-SBC will send captured packets.
• Confirm that the system displays the Basic mode.

Use the following procedure to enable the packet capture function and to specify where the E-SBC sends the captured packets.

1. From the Web GUI, click Configuration, Settings, Show advanced, Packet capture settings.
2. Under Packet capture settings, do the following:

   Enable packet capture	Select to enable.
   Capture receiver network interface	Select the network interface that you want for the packet capture receiver from the drop-down list.
   Capture receiver IP address	Enter the IP address of the packet capture receiver.

3. Click OK.
4. Save the configuration.

Remote Site Survivability

The remote site survivability feature enables an Oracle® Enterprise Session Border Controller (E-SBC) that is deployed in a Remote Office/Branch Office (ROBO) site to detect the loss of communication over SIP-based telephony to the Enterprise’s core call processing Data Center.

When loss of communication is detected over the SIP service, the ROBO E-SBC dynamically switches into Survivable Mode, handling call processing locally and providing limited additional server functionality.

Note:

Remote Site Survivability supports SIP only. It does not support H.323 call signalling.

Remote Site Survivability:

• Works with or without High Availability (HA).
• Is configurable in real-time, with no reboot required to enable this feature.
• Allows configuration by way of the E-SBC Web GUI.
• Maintains Historical Recording (HDR) statistics about being in survivability mode, such as:
  • Whether or not the E-SBC is in survivable mode using the ACLI command, show health.
  • Length of time the E-SBC was in survivable mode (records the number of times and the amount of time in survivability mode).
  • Number of SIP messages handled in survivable mode.
  • Number of SIP users registered locally in survivable mode (both existing based on cache, and separately - new registrations).

Configure Remote Site Survivability

You must enable remote site survivability on the Oracle® Enterprise Session Border Controller (E-SBC) and set the parameters before the system can enter and exit survival mode.

• Confirm that at least one session is configured.

The Web GUI displays the Survivability configuration parameters on the Settings page, after you click Show advanced. Use the following procedure to enable ths function, specify a triggering device, and optionally change the default settings.

1. From the Web GUI, click Configuration, Settings, Show advanced, Survivability.
2. Under Survivability, do the following:

   State	Select to enable.
   Registration expire time	Enter the time, in seconds, that the E-SBC waits before entering survival mode. Default: 30. Range: 086400.
   Extension length	Enter the maximum length allowed for a phone extension. Default: 4. Range :0-10
   Trigger on	Select a PBX, Trunk, device, or group from the drop-down list that triggers survivability mode when it goes out of service.