Home Realm

This section explains how to configure a home realm. The home realm applies only to a SIP configuration. It represents the internal default realm or network for the Oracle® Enterprise Session Border Controller and is where the Oracle® Enterprise Session Border Controller’s SIP proxy is located.

Overview

You primarily use a home realm when using the SIP NAT function to connect multiple realms/networks to the Oracle® Enterprise Session Border Controller. You define the home realm defined as either public or private for the purposes of using the SIP NAT function. If the home realm is public, all external realms are considered private. If the home realm is private, all external networks are considered public. Usually the home realm is public.

Messages are encoded (for example, the topology is hidden) when they pass from a private to a public realm. Messages are decoded when the pass from a public realm to a private realm.

These external realms/networks might have overlapping address spaces. Because SIP messages contain IP addresses, but no layer 2 identification (such as a VLAN tag), the SIP proxy must use a single global address space to prevent confusing duplicate IP addresses in SIP URIs from different realms.

SIP NAT Function

The SIP NAT function converts external addresses in SIP URIs to an internal home realm address. Usually the external address is encoded into a cookie that is added to the userinfo portion of the URI and the external address is replaced with a home realm address unique to the SIP NAT (the SIP NAT home address).

URIs are encoded when they pass from a private realm to a public realm. When an encoded URI passes back to the realm where it originated, it is decoded (the original userinfo and host address are restored). The encoding/decoding process prevents the confusion of duplicate addresses from overlapping private addresses. It can also be used to hide the private address when a SIP message is traversing a public network. Hiding the address occurs when it is a private address; or when the owner of the private network does not want the IP addresses of their equipment exposed on a public network or on other private networks to which the Oracle® Enterprise Session Border Controller connects.

Home Realm’s Purpose

A home realm is required because the home address for SIP NATs is used to create a unique encoding of SIP NAT cookies. You can define the home realm as a network internal to the Oracle® Enterprise Session Border Controller, which eliminates the need for an actual home network connected to the Oracle® Enterprise Session Border Controller. You can define this virtual home network if the supply of IP addresses is limited (because each SIP NAT requires a unique home address), or if all networks to which the Oracle® Enterprise Session Border Controller is connected must be private to hide addresses.

For example, you can define a public home realm using the loopback network (127.0.0.0) and using the home realm address prefix (for example, 127.0.0.0/8) for encoding addresses that do not match (all addresses outside 127.0.0.0/8) in SIP NAT cookies. The SIP NAT address prefix field can be used to accomplish this while keeping the ability to define an address prefix for the ream for ingress realm determination and admission control. By defining the SIP NAT address prefix as 0.0.0.0, the home realm address prefix is used to encode addresses that do not match.

Home Realm Configuration

To configure the home realm:

1. In Superuser mode, type configure terminal and press Enter.

   ORACLE# configure terminal

2. Type session-router and press Enter to access the system-level configuration elements.

   ORACLE(configure)# session-router

3. Type sip-config and press Enter. The system prompt changes.

   ORACLE(session-router)# sip-config
   ORACLE(sip-config)#

   From this point, you can configure SIP configuration parameters. To view all sip-config parameters, enter a ? at the system prompt.

4. home-realm-id—Enter the name of the realm you want to use for the realm ID. For example, acme.

   The name of the realm must correspond to the identifier value you entered when you configured the realm.

5. egress-realm-id—Optional. Enter the egress realm ID to define the default route for SIP requests addressed to destinations outside the home realm’s address prefix.

   If you enter a value for this optional field, it must correspond to the identifier value you entered when you configured the realm.

   Note:

   You should leave this parameter blank for access/backbone applications. When left blank, the realm specified in the home-realm-id parameter is used by default.
6. nat-mode—Indicate the SIP NAT mode. The default is none. The valid values are:

   • public—Indicates the subnet defined in the addr-prefix-id field of the home realm is public and the subnet defined in the addr-prefix-id field of all external realms identified in the SIP NAT are private networks. IPv4 addresses are encoded in SIP messages received from the external realm defined by the SIP NAT. The IPv4 addresses are decoded in messages that are sent to the realm.

   • private—Indicates the subnet defined in the addr-prefix-id field of the home realm is private and the subnet defined in the addr-prefix-id field of all external realms identified in the SIP NAT are public networks. IPv4 addresses are encoded in SIP messages sent to the external realm defined by the SIP NAT and decoded in messages received from the realm.

   • none—No SIP NAT function is necessary.

     The following example shows the SIP home realm configured for a peering network.

     sip-config
             state                          enabled
             operation-mode                 dialog
     dialog-transparency		disabled
             home-realm-id                  acme
             egress-realm-id
             nat-mode                       Public
             registrar-domain
             registrar-host
             registrar-port                 0
             init-timer                     500
             max-timer                      4000
             trans-expire                   32
             invite-expire                  180
             inactive-dynamic-conn          32
             red-sip-port                   1988
             red-max-trans                  10000
             red-sync-start-time            5000
             red-sync-comp-time             1000
             last-modified-date             2005-03-19 12:41:28