National Security and Emergency Preparedness for SIP
The Oracle Communications Session Border Controller supports Emergency Telecommunications Service (ETS), which gives priority treatment of National Security and Emergency Preparedness (NSEP) communications for IP network infrastructures. ETS can increase the likelihood that calls, sessions, and other communications will be successfully completed when they are initiated by government-authorized users over the public network infrastructure. Legacy circuit-switched services such as Government Emergency Telecommunications Service (GETS) and Wireless Priority Service (WPS) also fall under the ETS rubric, and are now also supported on the Oracle Communications Session Border Controller.
To provide this support, you can enable the Oracle Communications Session Border Controller to act on SIP calls that contain an ETS dial number (DN) and/or the SIP Resource-Priority header that carries ETS resource values.
The Oracle Communications Session Border Controller identifies ETS calls by using the system’s pre-existing network management controls (NMC) functionality. With NMC and Resource-Priority header (RPH) support enabled on your system, the Oracle Communications Session Border Controller detects ETS calls and provides the appropriate treatment for them.
The Oracle Communications Session Border Controller supports this feature by treating ETS calls based on the r-value parameter in the Resource-Priority header. The r-value is a key piece of information because it defines the resource priority that the call originator requests. The r-value parameter provides namespaces and priorities that the Oracle Communications Session Border Controller can manipulate in outgoing traffic.
In addition to a new RPH profile configuration containing information about how to treat RPHs, new parameters in the global SIP configuration and NMC configuration have been added. The RPH profile is applied to an NMC rule, where they determine r-values, a media policy to use, and what type of call treatment to apply. Also applies to an NMC rule, the new RPH policy configuration provides information about which r-values to insert and which to override.
Matching by NMC and by RPH
When a Oracle Communications Session Border Controller has been enabled to act on RPH, it checks incoming requests for RPH, tries to parse that RPH, and then rejects requests in the circumstances listed below. For all of these rejections, the Oracle Communications Session Border Controller logs the error at the TRACE level.
- Request with multiple instances of the same namespace in the RPH—The Oracle Communications Session Border Controller sends out a 400 Bad Request response with the Invalid RPH - Namespace repeated header showing that there are multiple instances of the same namespace in the RPH.
- Request with invalid resource priority for a namespace—The Oracle Communications Session Border Controller sends out a 400 Bad Request response with the Invalid RPH - Invalid rvalue: x showing that there is an invalid resource value (where x is the invalid value).
- Request with WPS namespace, but without ETS namespace—The Oracle Communications Session Border Controller sends out a 400 Bad Request response with the Invalid RPH - No ETS value header showing that there is no ETS namespace.
If the Oracle Communications Session Border Controller successfully parses the RPH, it identifies the ETS call by checking the Request-URI of the incoming request against destination identifiers that you configure in the NMC rules. If there is a match between the request’s ETS DN and the destination value identifier in the NMC rules, the Oracle Communications Session Border Controller tags the call; note that NMC rules need to be configured with the rph-feature parameter set to enabled to identify an ETS call properly. If there is no match to an NMC rule, then the Oracle Communications Session Border Controller performs matching based on RPH by comparing resource values (r-values) in the RPH with values you set in the RPH profile configuration.
For an ETS call that matches by ETS DN and NMC rule, the system checks the NMC rule to determine if it has an RPH profile (with r-values) assigned to it. If so, the Oracle Communications Session Border Controller continues by comparing the RPH profile’s r-values against those in the request’s RPH. In cases where the RPH does not contain a recognized value r-value, the Oracle Communications Session Border Controller:
- Processes the call as it normally would (as a non-ETS call) without changing the RPH if the resource-priority option tag is not present in the Required header (for an INVITE only and not any other requests or response from which RPH would be deleted)
- Rejects the Request when the Require header has the resource-priority header; or, inserts an Accept-Resource-Priority header (ARPH) in the response if the insert-arp-header parameter option is enabled
However, the call goes through the Oracle Communications Session Border Controller as an ETS call when it is matched by ETS DN and the applicable NMC does not have an RPH profile assigned. According to the settings in the NMC rule, the Oracle Communications Session Border Controller either diverts or rejects such a call. And when the call matches by RPH rather than ETS DN, the Oracle Communications Session Border Controller applies the configured RPH profile from the relevant NMC rule.
It can be the case that non-ETS calls have RPH in their requests. Here, the Oracle Communications Session Border Controller call treatment is performed according to the settings in the matching RPH profile when there is no matching NMC rule. When you configure treatment as “reject,” then the Oracle Communications Session Border Controller rejects the call with a 417 Unknown-Resource Priority status code. When you set the treatment to either “accept” or priority, the Oracle Communications Session Border Controller allows the call to proceed as a non-ETS call or as a priority call.
The ETS r-value can appear in ACK, BYE, INFO, PRACK, REFER and UPDATE requests. In cases when it does and the session with which the request is associated is a non-ETS call, the Oracle Communications Session Border Controller removes the RPH from the request before forwarding it and logs a TRACE-level error. The Oracle Communications Session Border Controller also removes RPH from responses before forwarding them and logs a TRACE-level error when responses contain RPH headers with ETS values for non-ETS sessions.
Call Treatment
This section describes how ETS calls are treated as they traverse the Oracle Communications Session Border Controller.
Call Treatment | Description |
---|---|
Routing | ETS calls are routed the same way as any other calls are, except when the applicable NMC rule’s treatment type is divert, and rule defines the next hop. This route takes precedence over other normal routes. |
Local NMC | ETS calls are exempt from the local NMC, including: session agent constraints, bandwidth constraints (e.g., per-realm bandwidth), per-user CAC, and CPU constraints. However, the call is subject to the ETS congestions control threshold. Licensing session constraints apply. |
ETS Call Congestion Control | ETS calls are subject to congestion control constraints that you configure specifically for this type of traffic. In the global SIP configuration, you set up one option that defines a load limit (greater than that set for normal calls). |
ETS CAC | Although the Oracle Communications Session Border Controller uses the call rate control value in the applicable NMC rule, you can also enforce call rate on a per-user basis for ETS calls. |
When the Oracle Communications Session Border Controller receives a SIP INVITE with an RPH matching an NMC with an ETS DN, but whose r-values do not match the NMC’s rph-profile, the Oracle Communications Session Border Controller behaves as follows:
- If the INVITE does not have
the resource-priority option tag and:
- If the matching NMS is set to PRIORITY, the call will be treated as an NSEP call. If there is an rph-profile matching the r-value (not necessarily the one in the NMC), the Oracle Communications Session Border Controller uses the media-policy from that rph-profile for the call. The rph-policy from the NMC (if present) also applies to the call.
- If the matching NMC is not set to PRIORITY, the Oracle Communications Session Border Controller will treat the call as a normal one.
If the INVITE contains the resource-priority option tag, the Oracle Communications Session Border Controller will reject the call with the 417 Unknown Resource-Priority message.
Generating Egress RPH
For each ETS call, the Oracle Communications Session Border Controller generates RPH for the outgoing request. It forms this RPH according to the information in the NMC rule. The outgoing request types are INVITE, ACL, BYE, CANCEL, INFO, PRACK, REFER, and UPDATE.
Request RPH Status | Generated Egress RPH |
---|---|
Incoming request without RPH (matched by ETS DN) | Outgoing RPH value becomes the r-value set in the insert-r-value parameter in the RPH policy applied to the NMC rule. |
Incoming request without RPH (matched by ETS DN) | If the insert-r-value parameter is empty in the RPH policy applied to the NMC rule or there is no RPH policy applied to the NMC rule, then the egress RPH will also not have RPH. |
Incoming request has RPH | Egress RPH is the same as the ingress if the
NMC rule has an RPH policy applied but the override-r-value for the policy is
empty or if there is not RPH policy applied to the NMC rule.
If the override-r-value for the policy is set, then the egress RPH is set to that value. |
For example, given an incoming request with the resource priority ets.0, dsn.flash and an RPH policy with an override value of wps.1,ets.1, the egress request would be sent with a resource-priority of wps.1,ets.1,dsn.flash.
The Oracle Communications Session Border Controller also includes RPH in the following series of responses, even when the downstream SIP entity does not respond with an RPH: 1xx, 2xx, 3xx, 4xx, 5xx, and 6xx. The 401 Unauthorized response is an exception.
Media Treatment
If the RPH profile set in an NMC names a media policy, then the Oracle Communications Session Border Controller implements it for the ETS call. This media policy overrides any media policy set in the realm configuration.
The possible Differentiated Services Code Point (DSCP) values for an ETS call are:
- Audio—Applied to the respective media for an ETS call
- Video—Applied to the respective media for an ETS call
- SIP—Applied to the ETS calls’ SIP signaling messages, only for the egress call leg for the ETS session
RPH Configuration
This section shows you how to configure RPH profiles and policies that enable the Oracle Communications Session Border Controller to act on SIP calls that have an ETS DN and/or an RPH carrying ETS resources values. There are also settings for the global SIP configuration and for the NMC rule configuration that support this feature.
In addition, note that:
- You must set a media policy for the RPH profile to use. Check your system configuration and note the name of the media policy that best suits your needs.
- Valid values for the parameters that take r-values are wps.x and ets.x, where x is 0 through 4.
Remember to save and activate your configuration after you have completed the processes detailed in this section.
Setting Up and Applying RPH Policy
The RPH policy is a configuration on the Oracle Communications Session Border Controller that you apply to NMC rules. It designates the following for ETS/WPS namespaces:
- An override resource value—Resource value used to override the incoming RPH’s resource value
- An insert resource value—Resource value inserted when the Oracle Communications Session Border Controller does not recognize the RPH, the incoming request has no RPH, or the call is H.323 and matches an NMC rule based on the ETS DN
Note that RPH policies do not apply for DSN, DRSN, Q.735, or any other type of namespace; these remain untouched in outgoing requests.
To configure an RPH policy:
Setting Up and Applying RPH Profile
The RPH profile contains information about how the system should act on the namespace(s) present in a Resource-Priority header (if any). The list of resource values in this configuration calls out the resource values (or r-values) recognizable to the Oracle Communications Session Border Controller; the ETS and WPS namespaces are supported.
You also set a media policy for the RPH profile to use; it defines the Differentiated Services Code Point (DSCP) that the Oracle Communications Session Border Controller uses for media or signaling packets belonging to the egress call leg for the ETS session.
The call treatment parameter tells the Oracle Communications Session Border Controller what to do with a non-ETS call that has RPH in its request; the call can be allowed, rejected, or treated as a priority call.
To configure an RPH profile:
Enabling NSEP for an NMC Rule
In addition to the RPH policy and RPH profile you can set for an NMC rule, you also need to set the state of this feature for the NMC rule.
To enable NSEP for an NMC rule:
Global SIP Configuration Settings Enabling NSEP
For the global SIP configuration, you can turn the NSEP feature on, and you can also set parameters that support call admission and congestion control.
In addition, you can enable the insertion of the ARPH header in a response when the resource-priority tag is present in the Require header and the Oracle Communications Session Border Controller rejects the request with a 417 Unknown Resource-Priority response. The ARPH value is the list of r-values you set in the RPH profile.
To enable NSEP for the global SIP configuration:
Global SIP Configuration Settings Enabling CAC and Congestion Control
To set call admission and congestion control parameters for NSEP:
Setting Up NSEP for Session Agents
In earlier releases, the Oracle Communications Session Border Controller supports NSEP-related CAC for users and for NMC. You can now configure a sessions-per-second rate for session agents. Set in the global SIP configuration, this rate applies to all SIP session agents. When session exceed the limit, the Oracle Communications Session Border Controller rejects them with a 503 Service Unavailable message.
To configure NSEP limits for SIP session agents: