1. ACLI Configuration Guide
  2. RCS Services
  3. MSRP Configuration

MSRP Configuration

MSRP configuration consists of the following steps.

  1. Configure the msrp-config configuration object that governs MSRP global behavior.
  2. Configure one or more tcp-media-profile configuration objects that define MSRP operations within a realm.
  3. Assign a tcp-media-profile to a target realm.
  4. If MSRP sessions are secured with TLS, create and assign tls-profile configuration objects to the tcp-media-profile of the target realm.
  5. Create and assign steering-pools configuration objects to target realms.

msrp-config Configuration

Use the following procedure to perform MSRP global configuration.

  1. From superuser mode, use the following command sequence to access 
msrp-config configuration mode. While in msrp-config mode, you configure global MSRP behavior. 
    ORACLE# configure terminal
ORACLE(configure)# media-manager
ORACLE(media-manager)# msrp-config
ORACLE(msrp-config)# ?
state                     state
uri-translation           perform translation of MSRP URI
session-inactivity-timer  timer value (seconds) for session inactivity
                          monitoring period
select                    select msrp config to edit
no                        delete msrp config
show                      show msrp config
done                      write msrp config information
exit                      return to previous menu
ORACLE(msrp-config)#
  2. Use the state parameter to enable MSRP operations.

    Retain the default value, enabled, to enable MSRP operations.

    If necessary, you can use disabled to temporarily suspend all MSRP operations. 

    ORACLE(msrp-config)# state enabled
ORACLE(msrp-config)#
  3. Use the uri-translation parameter to enable or disable NAT of URIs found in the From-Path and To-Path headers of MSRP requests and responses, and in a=path attributes found in SDP offers.

    NAT is enabled by default.

    Retain the default value (enabled) to enable NAT; use disabled to disable NAT. 

    ORACLE(msrp-config)# uri-translation enabled
ORACLE(msrp-config)#
  4. Use the session-inactivity-timer parameter in connection with the 
msrp-delayed-bye-timer parameter to implement the delayed transmission of SIP BYE requests, thus establishing a configurable transition interval allowing for the completion of active MSRP sessions.

    The session-inactivity-timer parameter specifies the maximum inactivity interval (defined as the absence of transmitted data) tolerated before the MSRP connection is terminated.

    Retain the default value (5), or specify another inactivity interval within the range 5 to 10 seconds. 

    ORACLE(msrp-config)# session-inactivity-timer 7
ORACLE(msrp-config)#
  5. Use done, exit, and verify-config to complete MSRP global configuration.
  6. If you wish to implement the delayed transmission of SIP BYE requests, use the following command sequence to access sip-config configuration model 
    ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# sip-config
ORACLE(sip-config)#
  7. Use the msrp-delayed-bye-timer parameter to enable the delayed transmission of SIP BYE requests, thus establishing a configurable transition interval allowing for the completion of active MSRP sessions.

    The msrp-delayed-bye-timer parameter specifies the maximum delay period allowed before transmitting the delayed BYE request.

    Retain the default value (15), or specify another delay period within the range 1 to 60 seconds.

    Delayed transmission of BYE requests is enabled by default. Use the special value of 0 to disable delay, and transmit BYE requests immediately upon receipt. 

    ORACLE(sip-config)# msrp-delayed-bye-timer 20
ORACLE(sip-config)#

Configure tcp-media-profile

The tcp-media-profile defines Message Session Relay Protocol (MSRP) operations within a realm. You specify settings that are common to every tcp media profile, as well as optional settings that you use to customize a particular tcp media profile.

  • If you want to set a white list for allowed MSRP types, create the list before you perform this configuration.

Use the following procedure to build a TCP media profile that defines MSRP operations within a realm.

  1. Access the tcp-media-profile configuration element. 
    ORACLE# configure terminal
ORACLE(configure)# media-manager
ORACLE(session-router)# tcp-media-profile
ORACLE(tcp-media-profile)#
  2. Use the name parameter to provide a unique identifier for this TCP Media Profile instance. 
    ORACLE(tcp-media-profile)# name tlsMSRP
ORACLE(tcp-media-profile)#
  3. Use the media-type parameter in conjunction with the transport-protocol parameter to identify the media-types and transport protocols (found in the SDP media description, m=, field as described in RFC 4566, SDP: Session Description Protocol) subject to this TCP Media Profile.

    media-type identifies the media subject to this TCP Media Profile. Retain the default value, message, for MSRP operations.

    transport-protocol identifies the transport layer protocols subject to this TCP Media Profile. Use either TCP/MSRP to specify unsecured TCP traffic or TCP/TLS/MSRP to specify secured, encrypted TLS traffic. 

    ORACLE(tcp-media-profile-entry)# transport-protocol TCP/TLS/MSRP
ORACLE(tcp-media-profile-entry)#
  4. When the transport-protocol is TCP/TLS/MSRP, use the tls-profile parameter to identify the TLS profile that specifies the cryptographic resources available to support TLS operations.

    This parameter can be safely ignored if transport-protocol is TCP/MSRP. 

    ORACLE(tcp-media-profile-entry)# tls-profile msrp1
ORACLE(tcp-media-profile-entry)#
  5. When the transport-protocol is TCP/TLS/MSRP, use the require-fingerprint parameter to enable or disable endpoint authentication using the certificate fingerprint methodology defined in RFC 4572, Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP).

    By default, mutual authentication is disabled.

    This parameter can be safely ignored if transport-protocol is TCP/MSRP. 

    ORACLE(tcp-media-profile-entry)# require-fingerprint enabled
ORACLE(tcp-media-profile-entry)#
  6. Use the listen-port parameter to identify the TCP port monitored by the B2BUA for incoming MSRP connections. The 0 default value indicates that the B2BUA will choose the listening port from the steering pool of the realm (which the tcp-media-profile belongs to). Valid values: 0-65535. Default: 0. 
    ORACLE(tcp-media-profile-entry)# listen-port 43000
ORACLE(tcp-media-profile-entry)#
  7. Use the preferred-setup-role parameter to specify the value the B2BUA uses for the a=setup attribute when negotiating the setup up role, regardless of the role (offerer or answerer) assumed by the B2BUA in the SDP offer- answer exchange. 
    ORACLE(tcp-media-profile-entry)# preferred-setup-role passive
ORACLE(tcp-media-profile-entry)#
    The value of preferred-setup-role is used for the value of the a=setup attribute when the B2BUA makes an offer SDP and when the B2BUA replies to an offer SDP that has a=setup:actpass. It is not used when the B2BUA is forced into a role by the offerer, that is, if the offerer sends a=setup:active, the B2BUA must answer with a=setup:passive (and vice versa). Valid values: passive | active. Default: passive.
    • Passive—Recommended. Indicates that the B2BUA accepts an incoming connection.
    • Active—Indicates that the B2BUA creates an outgoing connection.
  8. Use the msrp-cema-support parameter to specify whether or not the SBC negotiates support for the CEMA extension (RFC6714) for TCP or TLS connections to and from the realm associated with the current TCP media profile. Enable the CEMA extension to enable the SBC to exchange MSRP traffic through middleboxes that anchor the media, but do not touch the SDP a:path attribute. Valid values: enabled | disabled. Default: disabled. 
    ORACLE(tcp-media-profile-entry)# msrp-cema-support enabled
ORACLE(tcp-media-profile-entry)#
  9. Use the msrp-sessmatch parameter to specify whether or not the SBC validates the MSRP To-Path header based only on the session-id field and MSRP transport type of the MSRP URI (and not also on the IP address and port number in the authority part of the MSRP URI). Sessmatch enables the SBC to exchange MSRP traffic through Middleboxes that anchor the media and also adjust the SDP a=path attribute. Valid values: enabled | disabled. Default: disabled. 
    ORACLE(tcp-media-profile-entry)# msrp-sessmatch enabled
ORACLE(tcp-media-profile-entry)#
  10. Use the msrp-message-size-enforce parameter to specify one element in a whitelist of allowed MSRP media types. Media types not included on the whitelist will be removed from the SDP a=accept-types attribute of the SDP offers. A "*" indicates that all MSRP media types are allowed. When left empty, it indicates that no media types filtering is performed. Valid value: MsrpMediaTypeList. 
    ORACLE(tcp-media-profile-entry)# msrp-message-size-enforce enabled
ORACLE(tcp-media-profile-entry)#
  11. Use the msrp-message-size parameter to specify the maximum size (in bytes) that MSRP is allowed to negotiate for the messages. It represents the maximum limit for the SDP a=max-size attribute, for the "size" token of the SDP a=file-selector attribute and MSRP Byte-range header. A value of 0 indicates that no maximum limit is enforced. Valid values: 0-4,000. Default: 0. 
    ORACLE(tcp-media-profile-entry)# msrp-message-size 2000
ORACLE(tcp-media-profile-entry)#
  12. Use the msrp-message-size-file parameter to specify whether MSRP messages exceeding the negotiated size are rejected, respectively whether MRSP file transfers will be aborted when the negotiated size is exceeded. A value of 0 indicates that no maximum limit is enforced. Valid values: 0-4G. Default: 0. 
    ORACLE(tcp-media-profile-entry)# msrp-message-size-file 4
ORACLE(tcp-media-profile-entry)#
  13. Use the msrp-types-whitelist parameter to specify a list of registered MSRP media types (RFC4975) supported for the ingress realm. 
    ORACLE(tcp-media-profile-entry)# msrp-types-whitelist <listname>
ORACLE(tcp-media-profile-entry)#
  14. Use done, exit, and verify-config to complete tcp-media-profile configuration.
  • Repeat the procedure to configure each additional tcp-media-profile that you need.
  • Apply the profile to a realm.

Assign a tcp-media-profile to a Realm

Use the following procedure to assign a single, specific tcp-media-profile to a target realm.

  1. From superuser mode, use the following command sequence to access 
realm-config configuration mode. While in realm-config mode, you assign a 
tcp-media-profile to a realm. 
    ORACLE# configure terminal
ORACLE(configure)# media-manager
ORACLE(media-manager)# realm-config
ORACLE(realm-config)#
  2. Use the select command to identify the target realm.
  3. Use the tcp-media-profile parameter to assign a specific, named 
tcp-media-profile to the target realm. 
    ORACLE(realm-config)# tcp-media-profile tlsMutualAuth
ORACLE(realm-config)#
  4. Use done, exit, and verify-config to complete tcp-media-profile assignment.

tls-profile Configuration

Use the following procedure to create a tls-profile configuration object, which specifies cryptographic resources available in support of TLS operations.

Note:

The option allow-self-signed-cert is only available for MSRP connections.
  1. Access the tls-profile configuration element. 
    ORACLE# configure terminal
ORACLE(configure)# security
ORACLE(security)# tls-profile
ORACLE(tls-profile)#
  2. Use the name parameter to provide a unique identifier for this TLS Profile instance. 
    ORACLE(tls-profile)# name tlsMutualAuth
ORACLE(tls-profile)#
  3. If the require-fingerprint attribute of the tcp-media-profile is set to enabled, use the mutual-authenticate parameter to enable mutual authentication. 
    ORACLE(tls-profile)# mutual-authenticate enabled
ORACLE(tls-profile)#
  4. Retain default values for other parameters.
  5. Type done to save your configuration.
  6. Repeat Steps 1 through 5 to configure additional tls-profiles as required.