1. Known Issues and Caveats
  2. Known Issues and Caveats
  3. Caveats

Caveats

The following information lists and describes the caveats for this release. Oracle updates this Release Notes document to distribute issue status changes. Check the latest revisions of this document to stay informed about these issues.

Overlap of Data Between Widgets During Periods of Inactivity

When the dashboard is left open for 20 minutes or more without performing any action other than keeping the session alive on the WebGUI, the data between different widgets may overlap occasionally.

Workaround: Refresh the page to resolve this issue.

IKE/IPSEC Key Length over Wancom0

Connection setup to wancom0 interfaces using IKEv2/IPSEC using certificate authentication fail when using a key length of 1024. Workaround: Configure any IKEv2/IPSEC connections to wancom0 interfaces using certificate key lengths of 2048 or larger.

New Keys Required for High Availability

If you replace a peer in HA from a system running software prior to S-Cz9.1.0p9 running this version or higher, the old keys become irrelevant resulting in SFTP failures using the old keys on the new peer. High Availability collect operations fail unless the old keys are manually deleted on the active peer. This situation is rare. This issue also occurs if you copy an old configuration into any new peer.

This issue does not occur unless you change a system in an HA pair running software prior to S-Cz9.1.0p9 to a different ESBC running this version or higher. To replace keys:

  1. Check to see if this issue applies to your deployment. Applicable system have keys using key-name parameters named backup-sbc1 and backup-sbc2.
  2. Prior to replacing your previous system with a new system, delete the authorized public-keys for the HA systems.
  3. Replace your previous system with the new system.
  4. Reboot both systems.

    At this point, the ESBC generates the new keys automatically, allowing the HA pairs to communicate over the wancom interface(s).

Incorrect STI Server Statistics Updated

The Oracle® Enterprise Session Border Controller (ESBC) is displaying incorrect STI statistics when multiple servers are added.

Workaround: When using multiple servers, create a group to add them to and then assign them to the realm, interface, or session agent.

If you must use multiple servers, ensure the first server name is not configured as the sti-as or sti-vs on any realm, interface, or session agent.

Elin Table Entries Not Replicated on Standby ESBC After Reboot

In an HA setup, when the standby ESBC is rebooted, it loses the existing Elin table entries. However, any newly created entries post reboot are in sync between the Active and Standby ESBCs.

DTLS and SDES SRTP Transport

If a network deployment involves realms where endpoint (UAC) initiates a call that requires secure DTLS-SRTP transport to ESBC and the call is being forwarded to a realm where the callee (UAS) requires SDES-SRTP, then the ingress realm must have media-sec-policy configured with SDES in addition to dtls-srtp-profile.

Uneven Load Distribution on Forwarding Core on GCP

There is an imbalance when there are an odd number of queues for packets.

Workaround: Configure an even number of forwarding cores.

Load Variation With the Same Number of Sessions in GCP

When a vSBC is rebooted from the console, the load on the F core is significantly different for the same number of calls previous to the reboot.

Unsupported GCP Migration

Do not migrate an existing vSBC from a small GCP machine type to a larger GCP machine type. This is not supported on GCP.

VM Migration Not Supported

The queue allocation cannot be changed once a VM is created.

Web GUI Shows No Configuration Data After Clicking "View Configuration"

When you set the process level or system log level to DEBUG, the Web GUI may not display any configuration information for large configurations when you click "View Configuration".

Acquire Config and acp-tls-profile

The acquire-config process fails if your configuration includes an acp-tls-profile. The system does successfully synch this profile after HA is established.

Workaround: Disable your acp-tls-profile on the active system before performing an acquire-config procedure. Re-enable this profile after aquire-config completes successfully.

VNF in HA Mode

When the SBC VNF is running in HA mode, any existing IPSec tunnels do not fail over the standby SBC.

Toggling SIP Interfaces Running TCP

You must reboot the system any time you disable and then enable an active SIP interface that is using TCP.

Provisioning Transcode Codec Session Capacities

When a transcode codec was originally provisioned in an earlier software version with a license key, a capacity change using the setup entitlements command requires a reboot to take effect.

Virtual Network Function (VNF) Caveats

The following functional caveats apply to VNF deployments of this release:

  • The OVM server 3.4.2 does not support the virtual back-end required for para-virtualized (PV) networking. VIF emulated interfaces are supported but have lower performance. Consider using SR-IOV or PCI-passthru as an alternative if higher performance is required.
  • To support HA failover, MAC anti-spoofing must be disabled for media interfaces on the host hypervisor/vSwitch/SR-IOV_PF.
  • You may need to enable trust mode on the host PF, when using Intel X/XL7xx [i40e] NICs with SR-IOV, before you can use VLANs or HA virtual MAC on the guest VF. Refer to the Intel X710 firmware release notes for further information.
  • MSRP support for VNF requires a minimum of 16GB of RAM.
  • The system supports only KVM and VMWare for virtual MSRP.
  • CPU load on 2-core systems may be inaccurately reported.
  • IXGBE drivers that are a part of default host OS packages do no support VLANs over SR-IOV interfaces.
  • Software-based transcoding on vSBCs is not supported on servers with AMD CPUs.

Transcoding - general

Only SIP signaling is supported with transcoding.

Codec policies can be used only with realms associated with SIP signaling.

T.38 Fax Transcoding

T.38 Fax transcoding is available for G711 only at 10ms, 20ms, 30ms ptimes.

Pooled Transcoding for Fax is unsupported.

Pooled Transcoding

The following media-related features are not supported in pooled transcoding scenarios:
  • Lawful intercept
  • 2833 IWF
  • Fax scenarios
  • RTCP generation for transcoded calls
  • OPUS codec
  • SRTP and Transcoding on the same call
  • Asymmetric DPT in SRVCC call flows
  • Media hairpinning
  • QoS reporting for transcoded calls
  • Multiple SDP answers to a single offer
  • PRACK Interworking
  • Asymmetric Preconditions

DTMF Interworking

RFC 2833 interworking with H.323 is unsupported.

SIP-KPML to RFC2833 conversion is not supported for transcoded calls.

H.323 Signaling Support

If you run H.323 and SIP traffic in system, configure each protocol (SIP, H.323) in a separate realm.

Media Hairpinning

Media hairpining is not supported for hair-pin and spiral call flows involving both H.323 and SIP protocols.

Fragmented Ping Support

The Oracle® Enterprise Session Border Controller does not respond to inbound fragmented ping packets.

Physical Interface RTC Support

After changing any Physical Interface configuration, you must reboot the system.

SRTP Caveats

The ARIA cipher is not supported by virtual machine deployments.

Trace Tools

See the Monitoring Warning in the Call Monitoring Guide before running any monitoring service like SIPREC, Communications Operation Monitor, Packet Trace, call-trace, or SIP Monitoring and Trace (on the ESBC).

RTCP Generation

Video flows are not supported in realms where RTCP generation is enabled.

SCTP

SCTP Multihoming does not support dynamic and static ACLs configured in a realm.

SCTP must be configured to use different ports than configured TCP ports for a given interface.

MSRP Support

The Acme Packet 1100 platform does not support the MSRP feature set:

When running media over TCP (e.g., MSRP, RTP) on the same interface as SIP signaling, TCP port allocation between media and signaling may be incompatible.
  • Workaround: Set the sip-port, address parameter to a different address than where media traffic is sent/received, the steering-pool, ip-address value.

Real Time Configuration Issues

In this version of the ESBC, the realm-config element's access-control-trust-level parameter is not real-time configurable.

Workaround: Make changes to this parameter within a maintenance window.

High Availability

High Availability (HA) redundancy is unsuccessful when you create the first SIP interface, or the first time you configure the Session Recording Server on theOracle® Enterprise Session Border Controller (ESBC). Oracle recommends that you perform the following work around during a maintenance window.
  1. Create the SIP interface or Session Recording Server on the primary ESBC, and save and activate the configuration.
  2. Reboot both the Primary and the Secondary.

Offer-Less-Invite Call Flow

Call flows that have "Offer-less-invite using PRACK interworking, Transcoding, and dynamic payload" are not supported in this release.

HA Deployment on Azure

HA deployments on Azure are not supported.

Graphical User Interface

When maximizing and minimizing the browser, the WEB GUI is not currently compensating correctly for display changes in tables that require scrolling. This can corrupt the display of tables in ESBC GUI management dialogs.

Simultaneous Use of Trace Tools

See "Trace Tools" caveat.

IKE

ECDSA certificates are not supported with IKEv2 configurations.

Acme Packet 3950/4900 Power Button

When running release 9.0.0 on the Acme Packet 3950 and the Acme Packet 4900, the power button may not function correctly. Upgrade to 9.0p1 or later to correct this.

Acme Packet 3950/4900 Excluded Features

The following features are not supported on the Acme Packet 3950 or Acme Packet 4900:
  • VoLTE
  • LI-PCOM
  • IMS-AKA
  • Diameter RX

Acme Packet 3950/4900 Transcoding Module Compatibility

The transcoding modules in the Acme Packet 3950 and Acme Packet 4900 are not compatible with other physical platforms.

IWF

IWF (SIP-H323) appears at the setup entitlements prompt on virtual platforms when H.323 is not supported.

SIPREC Post REFER Processing

For SIPREC calls that use the Universal Call ID SPL and also exercise SIPREC on main call flow, the ESBC does not include UUID in ACK or BYE messages post REFER processing.

Acme Packet 1100 Debug log Level

Do not set log level to DEBUG on the Acme Packet 1100.

Acme Packet Platform Monitoring Caveats

The SFP INSERTED and SFP REMOVED Alarms and corresponding traps are not supported on the following platforms:

  • Acme Packet 3900
  • Acme Packet 3950
  • Acme Packet 4600
  • Acme Packet 4900
  • Acme Packet 6100
  • Acme Packet 6300
  • Acme Packet 6350

IPSec Trunking Tunnel Caveat

The setup entitlements command allows to set a maximum of 2500 IPSec trunking tunnels. Each IPSec trunking tunnel secures signaling and media traffic for more than one SIP session. You can either set a maximum of 2500 trunking tunnels or less, while configuring the session capacity. Setting a maximum value for trunking tunnel does not limit the configured session capacity.

TLS Secure Negotiation

The ESBC requires the use of TLS Secure Renegotiation as described in RFC 5746 in order to counter the prefix attack described in CVE-2009-3555. If the devices attempting a TLS connection to the ESBC don’t support TLS Secure Renegotiation, the TLS handshake fails. Oracle recommends updating such devices to support TLS Secure Renegotiation.