New Features

Mid-Call Location Change Support for MS-Teams

The ESBC supports mid-call end station changes between internal and external locations, and any associated ESBC interface change. With this feature, the ESBC provides support for the X-MS-UserLocation, and X-MS-UserSite headers, which supports traffic flow based on tenant administrator configuration.

Note:

The availability of this Mid-Call Location Change Support for MS-Teams feature begins with the S-cZ840p7 release.

The Configuration Assistant

When you first log on to the ESBC, the system requires you to set the configuration parameters necessary for basic operation. To help you set the initial configuration with minimal effort, the ESBC provides the Configuration Assistant. The Configuration Assistant, which you can run from the Web GUI or the Acme Command Line Interface (ACLI), asks you questions and uses your answers to set parameters for managing and securing call traffic. You can use the Configuration Assistant for the initial set up as well as for subsequent changes that you want to make to the basic configuration. See "Configuration Assistant Operations" in the Web GUI User Guide and in the ACLI Configuration Guide.

Note:

Configuration Assistant availability begins with the S-cZ840p5 release.

The Configuration Assistant

The S-cZ840p7 release adds more Configuration Templates to the template download package and enhances the work flow. See "Configuration Templates" at https://www.oracle.com/technical-resources/documentation/acme-packet.html. See "Configuration Assistant Operations" in the Web GUI User's Guide and the ACLI Configuration Guide.

Early Media Support

The ESBC supports early media features, including SIP early media suppression, the Private Early Media (PEM) header, and multiple dialog management. This support complies with 3GPP TS 24.628, TS 24.182 and RFC 5009 behavior for sessions supporting early media.

Early media can be unidirectional or bidirectional, and can be generated by the caller, the callee, both, or by interim AS components. Important early media concepts for which the ESBC provides feature support includes:

Early Media Suppression
Early Media Support for Multiple Early Dialog Scenarios
Private Early Media (PEM) Header Support
Selecting SDP within Multi-Dialog Call Scenarios

See Early Media in the ACLI Configuration Guide.

Diversion Info and History-Info Header Mapping Enhancement

This version of the ESBC provides updates to Diversion and History-Info header interworking include support for later RFCs 7044 and 7544. This new support also generates several operational enhancements, including:

Hist-to-Div enhancements
Div-to-Hist enhancements
380 Cause conversion
Tel-URI support enhancements
Cause parameter support
Header anonymization

The ESBC also supports configuration to revert to former operational support.

See Diversion Info and History-Info Header Mapping in the ACLI Configuration Guide.

Enhancement to SIP Refer with Replaces

This version of the ESBC provides an option configuration that allows you to enhance existing Reger with Replaces functionality. Generically, these enhancements include:

Supports call resume between the Transferer and Transferee if the call transfer fails.
Sets the SDP o-line in compliance with RFC 4566 and 5234.
Accommodates the new SDP provided by a Transferee in SDP negotiations during an attended transfer.

See SIP REFER with Replaces in the ACLI Configuration Guide.

Secure DTMF Enhancements

This version of the ESBC enhances the existing DTMF suppression feature by providing cancellation of inband DTMF, specifically when there is a corresponding RFC2833 event. This cancellation is at the onset of inband DTMF tones, when tones partially canceled by the endpoint still allow some DTMF signal to be present in the media flow.

See Secure DTMF Cancellation in the ACLI Configuration Guide.

Universal Call Identifier SPL for Genesys Environments

This version of the ESBC provides an SPL that generates or preserves the Genesys UUID, adding it to all egress SIP messages in applicable call flows. This support supports and performs the associated procedures of the replace-ucid and convert-to parameters.

See Universal Call Identifier SPL in the Enterprise Session Border Controller Configuration Guide.

Vendor-Specific Trunk SPL - KDDI

The Oracle® Enterprise Session Border Controller (ESBC) includes SPLs to support trunking requirements for specific service providers. This support includes identifying requests within applicable sessions and manipulating values before forwarding subsequent requests.

See SIP Trunking SPLs for Specific Service Providers in the Enterprise Session Border Controller Configuration Guide.

EVS Codec Enhancements

This version of the ESBC supports two new scenarios when receiving EVS SWB codecs without requiring header manipulation rules, including:

Pass EVS SWB media within end-to-end scenarios
Transcode in the event of a SRVCC handover

See EVS Codec Transcoding Support in the ACLI Configuration Guide.

IKEv2 Implementation for Signaling and Media

This version of the ESBC provides IKE version 2 for signaling and media traffic. Key elements of this IKEv2 support include:

Peering/SIP Trunking solutions and access-side use cases
Mutual authentication between the ESBC and its peers, including:
- IKE rekey
- Dead Peer Detection (DPD)
- Initiator mode
- Responder mode
Per-interface IKEv2 configuration
Simultaneous support of IKEv1 and IKEv2 protocols
Either tunnel or transport mode supported per IKE interface
Transcoding
Separate interfaces and IP addressing for SIP and IKE for related traffic
Certificate-based authentication during IKEv2 tunnel establishment
Multiple endpoints beyond tunnel remote address

See IKEv2 Protocol in the ACLI Configuration Guide.

SMS and VoLTE CDR Support

This version of the ESBC adds SMS and VoLTE Session Attributes. Session attribute information presents data about the protocol type, ingress and egress realms used. With this version, the ESBC adds SIP reporting on specific information for Short Message Service (SMS) traffic, defined within the ESBC as message events reported using CDR STOP records. New SIP reporting also includes detail on VoLTE sessions to support management within IMS constructs.

See VoLTE and SMS VSAs as well as VoLTE Call and SMS AVPs for Diameter in the Accounting Guide.

Heat Template Updates

Two additional parameters have been added to the properties file of the Heat template:

enableRestInterface—When set to true, the ESBC generates a self-signed certificate and enables the HTTPS port during instantiation. This allows users to finish configuring the ESBC from the REST interface.

Note:
The self-signed certificate should be replaced with a CA-signed certificate before being deployed in a production environment.
licenseKeys—You can pass license keys to the Heat template so that OpenStack instantiates the ESBC with the license installed.

MSRP Enhancements

Re-creation of an MSRP Session After a TCP Disconnect—The Oracle Session Border Controller (SBC) supports the re-creation of a Message Session Relay Protocol (MSRP) session after a connection interruption, as specified in section 5.4 of RFC 4975. A User Agent engaged in an MSRP session with the SBC can send a reINVITE to the SBC to set up a new MSRP session to replace the existing MSRP session when the TCP connection is interrupted, disconnected, or otherwise unresponsive.

HA for MSRP After a TCP Disconnect—Upon a switchover, the first MSRP packet arriving at the newly active SBC triggers a TCP RST to be sent back immediately because the newly active does not have the TCP connection to receive the packet. This timely response allows the UA that sends the packet to quickly detect the connection interruption and send a reINVITE to set up a replacement session.

Platform Support for MSRP—The Acme Packet 3900 supports MSRP.

Increased Capacities for MSRP on a Virtual Oracle Session Border Controller—The improvements apply to total Transport Layer Security (TLS) subscribers and total concurrent Message Session Relay Protocol (MSRP) sessions. Contact Oracle for more information.

Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security when authenticating to the ESBC by requiring a key, such as an SSH public key or X.509 certificate, as well as a username and password. 2FA can be enabled on either the web interface, the SSH interface, or both.

2FA requires the Admin Security entitlement. See the Admin Security Guide for details.

Logging HTTP Headers

The audit-logging element has a new audit-http attribute that enables logging HTTP requests. See the Admin Security Guide for details.

SIPREC Enhancements

The configuration parameter for session recording servers in the Session Agent, SIP Interface, and Realm objects has been enhanced to accept an input of up to four SRGs, or SRS', or a combination of both.

Global Match Intercept

When using lawful intercept, the global match intercept feature has been enhanced to no longer report duplicate sessions. To enable this feature, set sip-sess-intercept-mode to report-sessions-swap-match. Using global-match-intercept is now deprecated.

Media Path Optimization for Microsoft Teams

Media Path Optimization is a Microsoft TEAMS feature that supports optimized media paths from a TEAMS client to the PSTN. The ESBC receives media path information in Microsoft proprietary headers. A proxy ESBC and a location specific ESBC perform pass-through media or media anchoring depending on this information.

TEAMS clients could be in different locations, but they can all follow the same SIP signaling path from the DR to an SBC-proxy to a downstream ESBC using an optimized media path from which the DR is excluded. Depending on the routing decision made at the DR, media flows directly from TEAMS to the downstream ESBC or from TEAMS to an SBC-proxy to the downstream ESBC. This feature keeps the media path as local and/or as short as possible.

You use the following parameters to control this function:

realm-config, user-site
realm-config, media-realm-list
realm-config, teams-fqdn-in-uri
realm-config, sdp-inactive-only
ice-profile, mode
session-agent, ping-response

See Oracle SBC with Local Media OptimizationFor Microsoft Teams Direct Routing for more information.

Accounting Enhancement

This version of the ESBC enhances the accounting functionality that allows you to force accounting processes on the egress realm in addition to the ingress realm.

This support is available in software versions S-Cz8.4.0p2 and above. See the Per Realm Accounting Control section in the Accounting Guide.

Ring Back Tone Enhancement

This version of the ESBC enhances the RBT functionality to include delaying RBT media until after a successful SDP response when the ESBC a session update with a new SDP offer.

This support is available in software versions S-Cz8.4.0p2 and above. See the Ring Back Tone chapter in the ACLI Configuration Guide.

STIR/SHAKEN Framework Support

This version of the ESBC adds a STIR/SHAKEN client. STIR/SHAKEN is a framework of interconnected standards the ESBC can use for authenticating calling parties in VoIP calls. To support STIR/SHAKEN, the ESBC implements a STIR/SHAKEN REST Client, which, upon receiving an initial out-of-dialog SIP INVITE, sends a REST request to a STIR server for attestation or verification of the calling party identification. You configure the ESBC to perform the associated functions. You can make these configurations when you enable the STIR/SHAKEN Client entitlement.

This support is available in software versions S-Cz8.4.0p2 and above. See the new STIR/SHAKEN chapter in the ACLI Configuration Guide.

Stir/Shaken Enhancement

This version of the ESBC adds the following functionality to its Stir/Shaken feature:

Handling of the verstat parameter when no Identity Header is received
STI-VS reasoncode support in SIP responses
Support for multiple STI Application and Verification Servers including load balancing controls
Addition of ACP and REST configurable objects for SDM, third party and direct OSDMC support
Alarms for STI server connection failure and failed REST responses
Statistics to provide visibility to counts of REST queries and responses to and from the STI AS and VS
CDR enhancements to capture calling party authentication

This support is available in software versions S-Cz8.4.0p5 and above. See the STIR/SHAKEN Client chapter in the ACLI Configuration Guide.

Personal Profile Manager Enhancements

This version of the ESBC enhances the PPM implementation with additional support for clients that reside behind a NAT.

This support is available in software versions S-Cz8.4.0p2 and above. See Personal Profile Manager in the Enterprise Session Border Controller Configuration Guide.

REST TLS Certificates

With 8.4.0p3 and later, you can use a REST client to create a certificate-record configuration element, generate a Certificate Signing Request, and upload a CA-signed certificate to the ESBC.

Support for the Oracle Subscriber Aware Load Balancer

Starting with the Oracle Communications Subscriber-Aware Load Balancer S-Cz8.4.0 release, the SLB now supports S-Cz8.4.0 ESBC cluster members with the same functionality, operation, and configuration supported on OCSBC cluster members.

BFD Platform Support

Starting with the Oracle Communications Session Border Controller S-Cz8.4.0 release, you can use BFD functionality on the ESBC when it is running on virtual platforms as well as the Acme Packet 3900.

You enable BFD on the E-SBC by enabling the Enterprise Advanced License in the system's entitlement configuration. See System Configuration in the Enterprise Session Border Controller Configuration Guide.

New Ciphers for SDES Profile

The Acme Packet 1100, Acme Packet 3900, and virtual platforms running 8.4.0p3 or later support two new ciphers in the sdes-profile configuration element:

AES_256_CM_HMAC_SHA1_80
AEAD_AES_256_GCM

Local Accounts

The ESBC now supports creating local accounts in either the admin class or the user class. After you create a second admin-class local account, you may disable the default factory accounts.

Analyze IPv6 Traffic with OCOM

The ESBC can encapsulate and send IPv6 traffic to OCOM for analysis.

This support is available in software versions S-Cz8.4.0p4 and above. See the Call Monitoring Guide.

Support for Azure Accelerated Networking

The ESBC supports accelerated networking when deployed on Azure.

This support is available in software versions S-Cz8.4.0p4 and above. See the Installation Guide, the "Public Cloud Platform" chapter.

AWS Image Optimization

The Installation Guide includes a new scalable process for deploying the ESBC on AWS with Terraform when using software versions S-Cz8.4.0p4 and above.

Enhancement for Boot Loader Upgrade

For streamlining boot loader upgrades, the set-boot-loader, backup-boot-loader, and delete-boot-file commands are available. These commands are available in software versions S-Cz8.4.0p4 and above. See the following documents:

ACLI Reference Guide, Commands chapter
Installation and Platform Preparation Guide, the "Update the Stage3 Boot Loader" section

SIP Method Event Rate Statistics

When you enable the extra-method-stats parameter, the ESBC can display success, timeout and failure rates for both client and server statistics on recent and cumulative (lifetime) requests and responses for the SUBSCRIBE, NOTIFY and MESSAGE methods in addition to the other statistics enabled by this parameter.

This support is available in software versions S-Cz8.4.0p8 and above. See the Troubleshooting and Maintenance Guide.

Negotiating Message Connection Roles using actpass

When you configure the preferred-setup-role parameter to passive, the ESBC negotiates with the end station using the a=setup:actpass parameter. This allows the ESBC to comply with RFC 4145 and RFC 4975, and to assume the correct roles when connecting to remote peers.

This support is available in software versions S-Cz8.4.0p8 and above. See the ACLI Configuration Guide.

Matching Source Addressing for Authentication by a Surrogate Agent

Adds the source-ip-prefix parameter within the surrogate-agent element to specify the source addressing of endpoints for which the system can authenticate calls using this surrogate-agent. This configuration provides a means of matching mulitple source addresses, which defines a list of addresses for which the system can perform surrogate agent authentication.

This support is available in software versions S-Cz8.4.0p12 and above. See the ACLI Configuration Guide.