1. ACLI Configuration Guide
  2. Admission Control and QoS
  3. Admission Control for Session Agents

Admission Control for Session Agents

This section explains how to configure session agents for admission control.

Session Agents Admission Control Configuration

To use admission control based on session rate, you need to configure session agent session rate constraints.

To configure session rates:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
  3. Type session-agent and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(session-router)# session-agent
ORACLE(session-agent)#
  4. Enable session agent constraints and then configure the parameters related to session capacity or session rate to set admission control.

    constraints—Enable this parameter. From here you can either configure admission control based on session capacity, session rates, or both. The default value is enabled. The valid values are:

    • enabled | disabled

  5. max-sessions—Set the maximum number of sessions (inbound and outbound) allowed by the session agent. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—4294967295

  6. max-inbound-sessions—Enter the maximum number of inbound sessions allowed from this session agent. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—999999999

  7. max-outbound-sessions—Enter the maximum number of concurrent outbound sessions (outbound from the Oracle® Enterprise Session Border Controller ) that are allowed from this session agent. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—4294967295

      Note:

      The number you enter here cannot be larger than the number you entered for max-sessions.
  8. max-burst-rate—Enter a number to set how many SIP session invitations or H.323 SETUPs this session agent can send or receive (per second) within the configured burst rate window value. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—4294967295

      For example, with a max-burst-rate of 20 and a burst-rate-window of 10, the Oracle® Enterprise Session Border Controller permits 200 sessions within the first 10 seconds and then reject all new sessions until it exits constraint mode.

  9. max-inbound-burst-rate—Enter the maximum burst rate (number of session invitations per second) for inbound sessions from this session agent. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—999999999

  10. max-outbound-burst-rate—Enter the maximum burst rate (number of session invitations per second) for outbound sessions to this session agent.The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—999999999

  11. max-sustain-rate—Enter a number to set the maximum rate of session invitations (per second) this session agent can send or receive within the current window. The default value is zero (0). The valid range is:

    • Minimum—zero (0)

    • Maximum—4294967295

      The number you enter here must be larger than the number you enter for max-burst-rate.

      For the sustained rate, the Oracle® Enterprise Session Border Controller maintains a current and previous window size. The period of time over which the rate is calculated is always between one and two window sizes.

      For example, if you enter a value of 50 here and a value of 36 (seconds) for the sustain rate window constraint, no more than 1800 session invitations can arrive at or leave from the session agent in any given 36 second time frame (window). Within that 36 second window, sessions over the 1800 limit are rejected.

  12. max-inbound-sustain-rate—Enter the maximum sustain rate (of session invitations allowed within the current window) of inbound sessions from this session agent. This value should be larger than the max-inbound-burst-rate value. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—999999999

  13. max-outbound-sustain-rate—Enter the maximum sustain rate (of session invitations allowed within the current window) of outbound sessions to this session agent. This value should be larger than the max-outbound-burst-rate value. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—999999999

  14. burst-rate-window—Enter a number to set the burst window period (in seconds) that is used to measure the burst rate. The term window refers to the period of time over which the burst rate is computed. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—4294967295

  15. sustain-rate-window—Enter a number to set the sustained window period (in seconds) that is used to measure the sustained rate. The default value is zero (0), which disables the functionality. The valid range is:

    • Minimum—10

    • Maximum—4294967295

    The value you set here must be higher than or equal to the value you set for the burst rate window.

    Note:

    If you are going to use this parameter, you must set it to a minimum value of 10.

The following example shows session agent constraints that are enabled and the session capacity parameters have been configured. Other session agent parameters have been omitted for brevity. 

session-agent
constraints                    enabled
max-sessions                   355
max-inbound-sessions          355
max-outbound-sessions          355

The following example shows session agent constraints are enabled and the session rate parameters have been configured. Other session agent parameters have been omitted for brevity. 

session-agent
max-burst-rate                 0
max-inbound-burst-rate         10
max-outbound-burst-rate        1
max-sustain-rate               3000
max-inbound-sustain-rate       0
max-outbound-sustain-rate      0
burst-rate-window              0
sustain-rate-window            0

Realm Bandwidth Configuration

To configure admission control based on bandwidth, you set the max and min bandwidth parameters in the realm configuration.

To configure realm bandwidth:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type media-manager and press Enter. 
    ORACLE(configure)# media-manager
  3. Type realm-config and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(media-manager)# realm-config
ORACLE(realm-config)#
  4. Configure the maximum bandwidth.

    max-bandwidth—Enter a number that sets the maximum bandwidth for dynamic flows to/from the realm in kilobits (Kbps) per second. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—4294967295

      The following example shows the maximum bandwidth for the realm has been configured. All other realm parameters have been omitted for brevity. 

      realm-config
max-bandwidth                  64000

SIP Admission Control Configuration

You can configure the registered endpoint to accept and process requests from SIP realms. If a request does not meet the criteria of the option you choose here, it is rejected with a 403 (Forbidden) response.

To configure admission control:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
  3. Type sip-interface and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(session-router)# sip-interface
ORACLE(sip-interface)#
  4. Type sip-ports and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(sip-interface)# sip-port
ORACLE(sip-port)#
  5. Set the criteria for admission control.

    allow-anonymous—Enter the anonymous connection mode you want applied when SIP requests are processed. The default value is all.

    The following are valid values:

    • all—No ACL is applied and all anonymous connections are allowed.

    • agents-only—Only requests from configured session agents are processed. The Oracle® Enterprise Session Border Controller responds to all other requests with a forbidden response.

    • realm-prefix—Only requests from session agents and addresses matching the realm’s address prefix are processed. All other requests are rejected with a 403 (Forbidden) response.

    • registered—Only requests from session agents and registered endpoints are processed. REGISTER allowed from any endpoint.

    • registered-prefix—Only requests from session agent and registered endpoint addresses that match the realm’s realm prefix are processed.

      The following example shows the allow-anonymous parameter that has been configured to allow only requests from session agents and registered endpoints. All other session agent parameters following the allow-anonymous parameters are omitted for brevity. 

      sip-port
                address
                port                           5060
                transport-protocol             UDP
                allow-anonymous                registered

H.323 Admission Control Configuration

You can configure the endpoint to allow accept and process requests from a H.323 realm. If a request does not meet the criteria you set here, it is rejected.

To configure admission control:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter. 
    ORACLE(configure)# session-router
  3. Type h323 and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(session-router)# h323
ORACLE(h323)#
  4. Type h323-stacks and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(h323)# h323-stacks
ORACLE(h323-stack)#
  5. Set the criteria upon which you want to base admission control.

    allow-anonymous—Enter the anonymous connection option (mode) you want applied to the processing of H.323 requests. The default value is all.

    The following are valid values:

    • all—No ACL is applied and all anonymous connections are allowed.

    • agents-only—Only requests from configured session agents are processed.

    • realm-prefix—Only requests from session agents and addresses matching the realm’s address prefix are processed. All other requests are rejected.

      The following example shows the allow-anonymous parameter has been configured to allow only requests from configured session agents. All other h.323-stack parameters are omitted for brevity. 

      h323-stack
allow-anonymous                agents-only