1. Release Notes
  2. New Features

2 New Features

The S-Cz9.2.0 release of the Oracle® Enterprise Session Border Controller (ESBC) software includes the following new features.

Note:

System session capacity and performance are subject to variations between various use cases and major software releases.

Session Translation Enhancements

In the Configuration Guide, the Number Translation chapter is renamed Session Translation. The number-translation element has been redesigned to support regular expressions that match predefined input headers and populate predefined output headers. The session-translation element is enhanced to more easily group and rearrange number translations. And finally, the realm-config and session-agent elements are enhanced to support grouping and rearranging session translations.

Update an Existing Certificate Record with a New Certificate

When you need to renew a certificate on the Session Border Controller, you no longer need to create a new certificate record. You can go to the existing record and import the renewed certificate. The imported certificate overwrites the existing one. See "Update a Certificate" in the Web GUI Guide and the Configuration Guide.

Set DEBUG from the Web GUI

The Acme Command Line (ACLI) is no longer the only place where you can set the log level to DEBUG. As of S-Cz9.2.0, you can set DEBUG from the Web GUI.

  • You can set the log level for specific processes from System tab, System Operations, Set Log Level, including DEBUG. When you set log levels through Set Log Level, the settings take effect right away. You do not need to Save and Activate, but the settings do not persist through a reboot.

    Note:

    You cannot set the log level for the following processes listed in the Process Name drop-down list from Set Log Level on the System tab.
    • authqueue
    • fragHandler
    • heap
    • healthCheckd
    • SSHD
    • tLFMiBd
    To set the log level for the preceding tasks, you must go to system-config. When you set system-log-level or process-log-level in system-config, the system includes all of the preceding tasks.
  • You can set system and process log levels, including DEBUG, from Configuration tab, System, system-config, Show Advanced. When you set log levels through system-config, the settings take effect only after you Save and Activate and the settings will persist through a reboot.

The system displays the DEBUG badge on the Web GUI banner when you enable DEBUG and removes it when you set a log level other than DEBUG.

S-Cz9.2.0 also adds the new Log Level Widget to track individual process level logs. You can add the Log Level Widget to the Dashboard the same way you add any other Widget.

See "Set Log Level" in the "System Configuration Operations" chapter in the Web GUI Guide.

Web GUI Enhancements

  • Monitor and Trace—When you click the Search icon, the Web GUI displays a dialog box for all objects.
  • Widget Descriptions—The description text displays on the Widget, rather than in response to the former Information button (which no longer displays).
  • Log On Banner—The log on banner display sizes according to the amount of text.
  • Table Behavior—In multi-configuration tables, the Web GUI hides actions that the particular table does not support. For example, the icons above the table or the action menu when you right-click a row display only the allowed actions for the type of information in the table.
  • Copy the Widgets Display to Another ESBC—When you want the Dashboard Widgets display to be the same on multiple ESBCs, you can download an XML file of the Widgets from one ESBC and upload it to another one by way of the Widgets button on the Dashboard.

    See "Copy the Dashboard Widgets Display from One ESBC to Another" in the Web GUI Guide.

  • Reorder the Local Policy Table—When you right-click a row in the Local Policy table, the action menu displays Move Up and Move Down. Use the actions to reorder the table.

    See "Controls for Ordering Table Rows in a Multi-Instance Configuration" in the Web GUI Guide.

  • Paste a Configuration—Use to paste a configuration that you want to duplicate into a dialog where you can make edits, if you want, and save the configuration.

    See "Duplicate a Configuration" in the Web GUI Guide.

Alarm Enhancement

This release adds three alarms to help monitor system status, especially suited for notifying you of issues before they become operational problems. The new alarms include The Session Agent Out of Service Alarm, The Steering Pool Threshold Alarm, and The Internal 503 Threshold Alarm.

See the sections using the same titles as the alarms in the Fault Management chapter of the Maintenance and Troubleshooting Guide for detailed information.

DTLS-SRTP Server Mode

The ESBC supports Datagram Transport Layer Security (DTLS) to establish SRTP media traffic over UDP in server mode. The ESBC uses DTLS within the context of SRTP (DTLS-SRTP) per RFC 5764. This DTLS-SRTP feature provides for secure media, supports the same transfer scenarios supported for SDES-SRTP, and supports unattended transfer, and music on hold scenarios.

This feature is not supported on the SLB.

See the DTLS-SRTP section in the Security chapter of the ACLI Configuration Guide for detailed information.

Please review the Caveats and Limitations Chapter of the S-Cz9.2.0 Known Issues and Caveats Guide for functional and platform limitations of this feature that apply to this software release.

NTP Servers Configured with an FQDN

You can configure the ESBC with an FQDN for establishing communications with NTP time servers. This feature supports FQDN resolution through a DNS query over wancom or media interfaces. Having received DNS resolution for the query, the ESBC uses its standard selection process for DNS results to request time synchronization from one of multiple, redundant NTP servers.

See the FQDNs for Time Servers on the ESBC section in the Diameter Accounting Chapter of the Accounting Guide for detailed information.

Using FQDNs to Access CCFs over Diameter

You can configure the ESBC with a primary and, if wanted, a secondary FQDN to access CCF servers over Diameter. You do this by configuring the diameter account-server with an FQDN. The ESBC uses DNS to resolve the FQDN into an IP list and, if provided, route the traffic based on DNS-provided priority and weight. The ESBC supports resolution of CCF FQDNs from SRV, and A records.

See the Using FQDNs to Access CCFs over Diameter section in the Diameter Accounting Chapter of the Accounting Guide for detailed information.

Enhanced Reporting on NSEP Traffic Statistics

The ESBC provides you with NSEP traffic statistics from the ACLI and SNMP. You can access system wide NSEP traffic reports when you configure the system for applicable network management controls (NMC). In addition, you can now configure the system to provide realm-specific reporting on a per-realm basis by configuring the nsep-stats-profile on the session-router and enabling nsep-stats on the applicable realms.

See the Reporting on NSEP Traffic Statistics section in the SIP Signaling Services Chapter of the ACLI Configuration Guide for detailed information.

Parallel Call Forking

You can configure the ESBC to direct calls to multiple targets simultaneously using parallel forking. You establish parallel forking behavior by enabling the parallel-forking parameter on one or more local-policy elements and configuring the cost within each applicable policy-attribute.

See the Parallel Call Forking section in the Routing Chapter of the ACLI Configuration Guide for detailed information.

Please review the Caveats and Limitations Chapter of the S-Cz9.2.0 Known Issues and Caveats Guide for functional limitations of this feature that apply to this software release.

Enhancements to Preconditions Processing

You can configure the ESBC to extend its support of preconditions with dynamic preconditions, which allows the ESBC to determine whether and where to support preconditions for a given call. When you configure the system for the above, you also:

  • Configure the ESBC to manipulate the PEM header within both static asymmetric and dynamic preconditions call flows to change the direction attributes.
  • Establish system behavior changes for certain preconditions call flows wherein the ESBC changes the direction value of the SDP media attribute to prevent issues.
  • Establish support for all of the strength tag values within all preconditions attributes. In addition, the ESBC inserts strength tags under certain conditions.

See the Enhanced Preconditions section in the SIP Signaling Chapter of the ACLI Configuration Guide for detailed information.

Allocation Strategies for Steering Pools

You can configure the ESBC with three types of steering pools to allocate network ports for specific types of network traffic. These pool types include audio/video, MSRP and mixed media types. Establishing these pool types provides more efficient use of media ports.

See the Allocation Strategies for Steering Pool section in the Realms and Nested Realms Chapter of the ACLI Configuration Guide for detailed information.

SDP Compliance Enforcement

You can configure the ESBC to enforce SDP compliance on incoming messages and reject non-compliant messages and change the non-compliant SDP in ensuing messages. By default, the ESBC forwards response message even if the Content-Length is greater than the SDP size and the SDP does not have mandatory parameters. You enable the sip-strict-compliance option when the ESBC is operating in environments where it is expected to monitor and validate these aspects of SDP.

See the SDP Compliance Enforcement section in the SIP chapter of the ACLI Configuration Guide for detailed information.

Managing HTTP Connections

By default, the ESBC limits system impact caused by HTTP client behavior using the httpclient-max-total-conn and httpclient-max-cpu-load parameters in the system-config. These parameters, respectively, allow you to change the number of TCP connections and the amount of CPU resources consumed by traffic between the ESBC and all types of HTTP servers.

See the Managing HTTP Connections section in the System Configuration chapter of the ACLI Configuration Guide for detailed information.

TLS 1.3 Support

This release supports TLS 1.3 by default. See the tls-profile topic in the ACLI Configuration Guide and the "Configure a TLS Profile" section in the Security chapter of the Configuration Guide.

New Memory Support for TCM-3

This version of the ESBC supports TCM-3 cards with new memory. This software is also backwards compatible with cards that include the old memory. Note that older software does not support this new memory.

See the Acme Packet 3950/4900 Minimum Versions section in the Transcoding chapter of the ACLI Configuration Guide for detailed information about verifying software/hardware compatibility. See the Troubleshooting section of these Release Notes for specific software/hardware compatibility for this version of the ESBC software.

Note:

This new feature support begins with S-Cz9.2.0p1.

DTLS/SRTP Support on the Acme Packet 6350

This version of the ESBC adds DTLS/SRTP support on the Acme Packet 6350.

Note:

This new feature support begins with S-Cz9.2.0p1.

TDM Card Requirements

A replacement Sangoma TDM card begins to ship in the summer of 2023. If your current Digium TDM card needs to be replaced, Oracle will ship a new Digium card while supplies last. After that, to convert from using a Digium TDM card to a Sangoma TDM card, you will need to return your device to Oracle.

The new TDM cards are supported on the following releases:
  • 9.2p1
  • 9.1p7

Enhanced Restricted Latching

You can now configure the ESBC to latch all media flows within a realm to both the externally provided address and port when you set the restricted-latching mode to sdp-ip-port. When configured to this setting, the system latches to media based on the IP Address received in the SDP c= connect address line, and the port in the mline in the offer and answer. This differs from standard latching in that the port is left unassigned by the SBC. This feature allows the SBC to better support multiple RTP streams from different ports using the same IP address, such as within forking scenarios.

See the Restricted Latching section in the Realms chapter of the ACLI Configuration Guide for detailed information.

Note:

This new feature support begins with S-Cz9.2.0p2.

DPDK Uplift

This version of the ESBC uplifts the DPDK version to 22.11.

Note:

This new feature support begins with S-Cz9.2.0p2.

DPDK Uplift

This version of the ESBC allows you to configure the ESBC to use a static TCP port when connecting to a session-agent instead of an ephemeral port.

See the About Session Agents section in the Session Routing and Load Balancing chapter of the ACLI Configuration Guide for detailed information.

Note:

This new feature support begins with S-Cz9.2.0p3.

PSAP Callback Enhancement

You can configure the ESBC to support Public Safety Answering Point (PSAP) callback handling to numbers that are not in the PSAP callback list, which includes 911, 112 and any number you have added. You can also configure the ESBC to replace the request-URI in a PSAP callback to resolve routing issues.

See the PSAP Callback Option section in the Session Processing Language (SPL) chapter of the ACLI Configuration Guide for detailed information.

Note:

This new feature support begins with S-Cz9.2.0p4.

HTTP Client Cache Size Configuration

This version of the ESBC allows you to configure the httpclient-cache-size-multiplier parameter in the system-config to adjust the size of the HTTP connection cache.

See the HTTP Connection Management section in the System Configuration chapter of the ACLI Configuration Guide for detailed information about this parameter.

Note:

This new feature support begins with S-Cz9.2.0p4.

Session-Level DoS Protection

You can configure the ESBC to implement DoS protection when any individual session appears to be conducting an attack. You can configure this protection on a realm-config or a session-agent, with the session-agent configuration taking precedence when applicable.

See the DoS Protection section in the Security chapter of the ACLI Configuration Guide for detailed information about this feature.

Note:

This new feature support begins with S-Cz9.2.0p5.

Create a Dictionary File for Decoding AVPs

You can generate an AVP dictionary from the ESBC to install and use for decoding Oracle-specific Rf AVPs in messages using Wireshark. After generating this dictionary, you include it within your Wireshark deployment and configure a Wireshark resource file. This allows Wireshark to decode standalone and grouped AVPs identified with the ACME_DIAM_VENDOR_ID label.

See the Create a Dictionary File for Decoding AVPs task in the Diameter Accounting chapter of the Accounting Guide for detailed information about this feature.

Note:

This new feature support begins with S-Cz9.2.0p5.

Support for the Mellanox C5 Interface

The ESBC supports the Mellanox C5 interface for use as a media interface. For this release, Oracle is supporting this interface on the vSBC over KVM in SRIOV mode.

Note:

This new feature support begins with S-Cz9.2.0p6.

SPL for Skipping the INVITE Validation for KDDI

You can configure an SPL option on the ESBC to disable incoming INVITE validation. This feature makes use of the Control-Surr-Reg SPL, requiring the applicable configuration. When you configure this feature, the ESBC does not attempt to match the incoming R-URI against the random user part received while performing the Surrogate Registration SPL feature processing for KDDI deployments.

Note:

This new feature support begins with S-Cz9.2.0p6.

REFER Handling Enhancement

The ESBC may stop sending its configured ring back tone (RBT) to the caller when operating within some transfer scenarios. Applicable scenarios include the presence of network infrastructure that issues a BYE from the callee to the ESBC while the transfer is underway. You can configure the ESBC to persist with RBT for the duration of the transfer process so the caller does not unexpectedly lose RBT.

Note:

This new feature support begins with S-Cz9.2.0p6.

Multiple PSKs per IKE Interface

You can configure the ESBC to support multiple pre-shared keys (PSKs) on a single IKE interface. By allowing these multiple PSK authentications, you can support multiple IKE sessions on that interface using unique PSKs. Both symmetric and asymmetric PSK deployments benefit from this capability. You accomplish this by attaching authorization configuration directly to SAs instead of the IKE interface.

See the Multiple PSKs per IKE Interface in the Security chapter of the ACLI Configuration Guide for detailed information about this feature.

Note:

This new feature support begins with S-Cz9.2.0p7.