1. Configuration Guide
  2. External Policy Servers
  3. Configuring Diameter-based RACF

Configuring Diameter-based RACF

In the following configuration examples, we assume that your baseline configuration passes SIP traffic, with the Oracle Communications Session Border Controller (SBC) in the role of an Access SBC. In this example, you perform realm configuration and external bandwidth manager configuration. You also configure media profiles with the bandwidth parameters you reserve at the RACF.

Diameter Support Realm Configuration

To configure the realm configuration for Diameter support in a CAC scenario:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type media-manager and press Enter to access the media-related configurations. 
    ORACLE(configure)# media-manager
  3. Type realm-config and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(media-manager)# realm-config
ORACLE(realm-config)#
  4. Type select and the number of the pre-configured sip interface you want to configure. 
    ORACLE(realm-config)# select 1
ORACLE(realm-config)#
  5. mm-in-realm—Set this parameter to enabled so that calls from devices in the same realm have their media flow through the Oracle Communications Session Border Controller to be subject to CAC. The default value is disabled. The valid values are:

    • enabled | disabled

  6. mm-in-network—Set this parameter to enabled so that the Oracle Communications Session Border Controller will steer all media traveling between two endpoints located in different realms, but within the same network. If this field is set to disabled, then each endpoint will send its media directly to the other endpoint located in a different realm, but within the same network. The default value is enabled. The valid values are:

    • enabled | disabled

  7. ext-bw-manager—Enter the name of the external bandwidth manager configuration instance to be used for external CAC for this Realm.
  8. Save your work using the ACLI done command.

External Bandwidth Manager Configuration

To configure the external bandwidth manager:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type media-manager and press Enter to access the media-related configurations. 
    ORACLE(configure)# media-manager
  3. Type ext-policy-server and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(media-manager)# ext-policy-server
ORACLE(ext-policy-server)#
  4. name—Enter the name for this external bandwidth manager instance. This parameter is used to identify the PDP that will be used in each Realm configuration.
  5. state—Set the state of this ext-policy-server configuration to enabled to run this CAC. The default value is enabled. The valid values are:

    • enabled | disabled

  6. operation-type—Enter bandwidth-mgmt for this external policy server configuration element to perform RACF/External Policy Server functions. The default value is disabled. The valid values are:
  7. protocol—Enter Diameter to support Diameter-based CAC. The default value is C-SOAP.
  8. address—Enter the IP address or FQDN of an external policy server, or enter the name of a policy-group preceded by the PAG: prefix. IP addresses can by IPv4 or IPv6.
  9. port—Enter the port number the diameter connection connects to on the RACF. The system ignores this parameter if the address parameter is set to a policy-group or an FQDN. The valid range is:

    • Minimum—0

    • Maximum—65535

  10. realm—Enter the name of the Realm in which this Oracle Communications Session Border Controller defines the RACF to exist. This is NOT necessarily the Realm where the Oracle Communications Session Border Controller performs admission control. The system ignores this parameter if the address parameter is set to a policy-group, with the exception that it is used to populate all Origin-Realm and Origin-Host AVPs in diameter messages generated by traffic from the policy-group's policy-agents.
  11. transport-protocol—Enter the transport protocol used to connect to this external policy server.
    • TCP (Default)
    • SCTP
  12. local-multi-home-addrs—Applies to SCTP. Enter an IP address that is local to the SBC and can be used by this external policy server as an alternate connection point. This address must be the same type as the address parameter, either IPv4 or IPv6
  13. remote-multi-home-addrs—Applies to SCTP. Enter an IP address that can be used by this SBC as an alternate connection point. This address must be the same type as the address parameter, either IPv4 or IPv6.
  14. sctp-send-mode—Applies to SCTP. Specifies the SCTP delivery mode..
    • ordered (Default)
    • unordered
  15. permit-conn-down—Enter enabled if this external policy server configuration can permit new calls into the network when the policy server connection is down. The default value is disabled. The valid values are:
  16. product-name—Enter text string that describes the vendor-assigned name for the RACF. This parameter is required.
  17. application-mode—Enter the type of interface you want to use. Your choices are: Rq, Rx, Gq, e2, and none.
  18. application-id—Enter a numeric application ID that describes the interface used to communicate with the RACF. The default value is zero (0). The valid range is:

    • Minimum—0

    • Maximum—999999999

  19. framed-ip-addr-encoding—Enter the format of the Frame-IP-Address (AVP 8) value in Diameter messages. The default value is octet-string. The valid values are:

    • ascii-string—Example: 192.168.10.1

    • octet-string—Example: 0xC0A80A01

  20. dest-realm-format—Enter the format you want to use for the Destination-Realm AVP. The default value is user_with_realm. The valid values are:

    • user_with_realm | user_only | realm_only

  21. domain-name-suffix—Enter the suffix you want to use for Origin-Realm and Origin-Host AVPs that have a payload string constructed as a domain name Your value can be any string, to which the system will prepend with a dot if you do not include one. The default value is .com.
  22. allow-srv-proxy—Set to enabled in order to include the proxy bit in the header. The presence of the proxy bit allows the Oracle Communications Session Border Controller to tell the external policy server whether it wants the main server to handle the Diameter message, or if it is okay to proxy it to another server on the network (disabled). The default is enabled. The valid values are:

    • enabled | disabled

  23. wildcard-trans-protocol—Set this parameter from enabled if you want to use transport protocol wildcarding for Rx/Rq Flow-Description AVP (507) generation. Enabled sends a flow description of ip. Set this parameter to disabled if you want to use the specific media stream transport protocol.
  24. reserve-incomplete—Set this parameter to enabled when communicating with a PDP via Diameter. The parameter allows the Oracle Communications Session Border Controller to make admission requests before learning all the details of the flows and devices (e.g., not knowing the final UDP port numbers for the RTP media streams until after the RTP has begun). The default value is enabled. The valid values are:

    • enabled (default)—This mode supports the usual behavior when the AAR is sent upon SDP offer as well as SDP answer. This mode ensures backwards compatibility.

    • orig-realm-only—This mode allows calls originating from a realm with a policy server associated with it to send the AAR upon SDP offer. However, calls terminating at a realm with a policy server associated with it send the AAR post SDP exchange.

    • disabled—This mode allows no bandwidth reservation for incomplete flows.

  25. include-rtcp-in-request—Change this parameter from disabled (default), to enabled so the Oracle Communications Session Border Controller will include RTCP information in AARs. RTCP information is the number of the RTP port plus one (RTP port + 1 = RTCP ports) for all sessions.
  26. trans-expires—Set the amount of time, in seconds, that the Oracle Communications Session Border Controller waits before performing an expiration if a Diameter base protocol transaction does not occur. The default value is 15 seconds. Valid values range between 1 and 15.
  27. Save your work using the ACLI done command.

Media Profile Configuration

Values for the following parameters can be found in the PacketCable™ Audio/Video Codecs Specification PKT-SP-CODEC-I06-050812 document.

To configure the media profile configuration for Diameter support in a CAC scenario:

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter to access the session router path. 
    ORACLE(configure)# session-router
  3. Type media-profile and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(session-router)# media-profile
ORACLE(media-profile)#
  4. Type select and the number of the pre-configured media profile you want to configure. 
    ORACLE(media-profile)# select 1
ORACLE(media-profile)#
  5. req-bandwidth—Enter the required bandwidth in Kbps for the selected media profile. This is the bandwidth that the Oracle Communications Session Border Controller will request from the policy server. The default value is zero (0). The valid values are:

    • Minimum—0

    • Maximum—4294967295

  6. standard-pkt-rate—Enter the value to use for the standard packet rate for this codec when sending a request to the RACF for a bandwidth request.
  7. Save your work using the ACLI done command.

Additional Diameter Compliance for the Rx Interface

When handling some Register and Message flows, the SBC default behavior does not include strict compliance with Diameter session teardown rules. Typically, the environment can proceed without issue, but the SBC provides an ext-policy-server option, called diam-rx-strict-compliance, that provides better compliance with Diameter session teardown rules.

Set the diam-rx-strict-compliance option on the applicable ext-policy-server to establish the following Diameter session behavior:

  • For Register flows that do not establish a Diameter session with the PCRF due to a 3xxx, 4xxx or 5xxx error from the PCRF, the SBC does not send an STR to tear down the session when it receives a De-Register.
  • For Message flows, when the SBC receives an ASR from PCRF, it stops the hold timer if it is running, then forwards the MESSAGE to the core, and sends an ASA with success.
  • For unsuccessful Register flows that include an established Diameter session with the PCRF, the SBC sends an STR to tear down the session after the Register has failed due to, for example, responses from the core.
  • If the SBC receives an S8HR Emergency Registration, with or without Authorization header, and either the Rx interface is not available or there is an error in AAA response sent by PCRF, the SBC replies with a 5xx response. (ACMECSBC-37498)
  • If the SBC receives an S8HR Emergency Registration without an Authorization header and the EPC identities validation fails, the SBC sends a 403 error with the SIP reason header. If the SBC receives a REGISTER request with the authorization header, it sends a MIME XML body with a reason tag. (ACMECSBC-37497)
  • For S8HR registrations and calls, the SBC adds the P-Visited-Network-ID header using the format "plmnIdPrefix.mncxxx.mccxxx.3gppnetwork.org". (ACMECSBC-37431)
  • During an S8HR registration scenario, if the SBC receives a REGISTER request with the Authorization header and the next-hop is not configured, the SBC sends a 403 response if the EPC identities validation fails. (ACMECSBC-37459 )
  • Within a register call flow wherein the SBC receives an AAA with a 3002 error code from the PCRF after the diameter transaction has timed out, the SBC does not send an STR to the PCRF.
  • Within emergency REGISTER call flows when S8HR is enabled and there are no EPC level identities cached, the SBC does not issue an STR simultaneously with a 403 error code if it receives a 3002 error code from the PCRF.

Syntax for this option may or may not include the plus (+) sign, but note that setting the option with the + sign retains all other options set on the element. Omitting the + sign replaces any existing options with the one you set.

ACMEPACKET(ext-policy-server)# options +diam-rx-strict-compliance

Configuring the Rx Interface for SCTP

You configure the Rx interface for SCTP transport from the ext-policy-server element. See the SCTP Overview and configuration sections in this document's System Configuration chapter for information about SCTP operation and the global settings within the network-parameters element that apply to all SCTP operation.

  1. From superuser mode, use the following command sequence to access sip-port configuration mode. 
    ORACLE# configure terminal
ORACLE(configure)# media-manager
ORACLE(media-manager)# ext-policy-server
ORACLE(ext-policy-server)#
  2. Set the operation-type to bandwidth-mgmt for this external policy server configuration element to perform RACF/External Policy Server functions. 
    ORACLE(ext-policy-server)#  operation-type  bandwidth-mgmt
  3. Set the application-id to 16777236 for the Rx interface. (See the guidelines in Application ID and Modes.) 
    ORACLE(ext-policy-server)#  application-id 16777236
  4. Set the application-mode to Rx. (See the guidelines in Application ID and Modes.) 
    ORACLE(ext-policy-server)#  application-mode Rx
  5. Use the address parameter to set the IPv4, IPv6 or FQDN address of the policy server. 
    ORACLE(ext-policy-server)# address 172.16.10.76
  6. Retain the default value, 5060 (the well-known SIP port) for the port parameter. 
    ORACLE(ext-policy-server)# port 5060
  7. Use the transport-protocol parameter to set the layer 4 protocol to SCTP. 
    ORACLE(ext-policy-server)# transport-protocol sctp
  8. Use the remote-multi-homed-addrs parameter to specify a remote secondary address of the SCTP endpoint.

    This address must be of the same type (IPv4 or IPv6) as that specified by the address parameter, unless the address is an FQDN. 

    ORACLE(ext-policy-server)#remote-multi-homed-addrs 182.16.10.76
  9. Use the local-multi-homed-addrs parameter to specify a local secondary address of the SCTP endpoint.

    This address must be of the same type (IPv4 or IPv6) as that specified by the address parameter, unless the address is an FQDN. Like the address parameter, this address identifies an OCSBC network interfaces. 

    
ORACLE(ext-policy-server)# local-multi-homed-addrs 162.16.10.76
  10. Use done, exit, and verify-config to complete configuration of this SCTP-based SIP port. 
    ORACLE(ext-policy-server)# done
ORACLE(media-manager)# exit
ORACLE(configure)# exit
ORACLE# verify-config
---------------------------------------------------------------------
Verification successful! No errors nor warnings in the configuration
ORACLE#

CAC Debugging

A new argument has been added to the show command for viewing CAC statistics. From the user prompt, type show ext-band-mgr. 

ORACLE# show ext-band-mgr
10:11:38-194
EBM Status                 -- Period -- -------- Lifetime --------
                 Active    High   Total      Total  PerMax    High
Client Trans          0       0       0          0       0       0
Server Trans          0       0       0          0       0       0
Sockets               1       1       1          1       1       1
Connections           0       0       0          0       0       0
                           ---- Lifetime ----
                    Recent      Total  PerMax
Reserve                  0          0       0
Modify                   0          0       0
Commit                   0          0       0
Remove                   0          0       0
EBM Requests             0          0       0
EBM Installs             0          0       0
EBM Errors               0          0       0
EBM Rejects              0          0       0
EBM Expires              0          0       0
EBMD Errors              0          0       0

Retrieve the CAC statistics in the log.embd file.