1. ACLI Configuration Guide
  2. RCS Services
  3. MSRP B2BUA Support for NG911
  4. MSRP and Middlebox Traversal Using the CEMA Extension and Session-ID

MSRP and Middlebox Traversal Using the CEMA Extension and Session-ID

The Oracle® Enterprise Session Border Controller (E-SBC) requires the Connection Establishment for Media Anchoring (CEMA) extension (RFC6714) and the session-id matching mechanism to allow the E-SBC to exchange Message Session Relay Protocol (MSRP) messages through middleboxes that do not act as MSRP Back to Back User Agents (B2BUA). When such a middlebox passes the MSRP messages through without updating the SDP a=path attribute, the E-SBC cannot establish a TCP connection through the middlebox. The CEMA mechanism makes the connection possible. In a scenario where the middlebox does update the SDP a=path attribute, the MSRP messages will not pass validation and will be dropped. The Session-id matching mechanism prevents that situation. The E-SBC supports this functionality only on Virtual Machines.

With the CEMA extension enabled, the E-SBC detects the presence of a middlebox that anchors the media and does not update the SDP a=path attribute by comparing the SDP c and m lines to the SDP a=path attribute. When the CEMA-enabled E-SBC plays the active role in establishing the TCP connection it establishes the connection to the endpoint identified by the c and m lines instead of the a=path.

Figure 22-2 Signaling Flow with a Middlebox and CEMA Enabled

This ladder diagram shows the flow of MSRP from the sender to the SBC across a middlebox to the receiver and back to the sender when CEMA is enabled.

Figure 22-3 MSRP Flow with a Middlebox and CEMA Enabled

This ladder diagram shows the signalling flow with a middlebox and CEMA enabled.
The tcp-media-profile configuration object includes the msrp-cema-support attribute, which you enable to allow the E-SBC to negotiate CEMA support with parties in a given realm.
  • Disabled (default)-When playing the active role, the E-SBC establishes the TCP connection to the IP address and port number specified in the SDP a=path attribute of the peer. If the SDP a=path attribute contains a DNS name, the ESBC attempts to use the c line. If the c line also contains a DNS name, the E-SBC rejects the session.
  • Enabled-When the E-SBC detects the presence of a middlebox, it tries to negotiate the CEMA support by including the a=msrp-cema-support media attribute. When playing the active role, the E-SBC establishes a TCP connection to the IP address and port number indicated in the peer's SDP c and m lines rather than the a=path media attribute. If you enable msrp-cema-support, you must disable msrp-sessmatch.

Note:

The E-SBC does not perform DNS name resolution for either the SDP a=path or the c and m lines.

To-path Authority Validation

The presence of middleboxes that anchor the media and update the SDP a=path attribute to match the updated SDP c and m lines cannot be detected in the signaling plane. An MSRP B2BUA that is not enabled for CEMA correctly sets up TCP connections to the middlebox because the SDP a=path attribute points to the middlebox. Because the middleboxes do not accordingly update the MSRP message To-Path headers, MSRP messages passing through such a middlebox cannot validate because the authority part of the To-Path header does not match the authority part of the SDP a=path attribute. In such scenarios the validation of the MSRP URI is based only on the session-id part of the MSRP URI, the MSRP scheme, and transport (Session-Id matching).

To solve the problem, the tcp-media-profile configuration object includes the msrp-sessmatch attribute that controls whether or not the URI comparison of the To-Path header in the MSRP messages received from the respective realm includes the authority part.
  • Disabled (default)-The MSRP URI comparison between the SDP a=path attribute and the To-Path header in the MSRP messages received from a realm includes the MSRP URI scheme, authority IP address, port number, session-id, and transport. If the comparison is unsuccessful and the sender requires a report, the E-SBC returns an MSRP 481 error response to the sender.
  • Enabled-The MSRP URI comparison between the SDP a=path attribute and the To-Path header in the MSRP messages received from a realm includes only the MSRP URI scheme, session-id, and transport. If the comparison is unsuccessful and the sender requires a response, the E-SBC sends an MSRP 481 error response to the sender. If you enable msrp-sessmatch, you must disable msrp-cema-support.

Figure 22-4 Signaling Flow with Session Matching Enabled

This ladder diagram shows singaling flwo with session matching enabled.

Figure 22-5 MSRP Flow with Session Matching Enabled

This ladder diagram shows MSRP flow with session matching enabled.