Configuration Overview
The Oracle Communications Session Border Controller uses three configuration spaces: the current configuration, last-saved configuration, and the running configuration. The current configuration is a temporary workspace where changes to the configuration are initially stored before they go “live.” Once you are satisfied with your edits, they are saved to the last-saved configuration space, as a backup configuration that is persistent across reboot. Finally, when you execute the activate-config command the system goes live using this configuration and makes a copy of the configuration. The copy is also stored on the file system and is called the running configuration, reflecting the running state of the Oracle Communications Session Border Controller.
The following table lists the three configuration spaces along with the creation command and location of configuration.
| Configuration Name | ACLI Command to create | Location of Configuration | 
|---|---|---|
| Current Configuration | done | /opt/data | 
| Last-saved Configuration | save-config | /code/config | 
| Running Configuration | activate-config | /opt/running | 
Configuration Process
To make configuration changes, set a current configuration, create a last-saved configuration, and finally enact your changes by making a running configuration:
Verifying & Regenerating Configurations
The verify-config command checks the consistency of configuration elements that make up the current configuration and should be carried out prior to activating a configuration on the Oracle Communications Session Border Controller.
When the verify-config command is run, anything configured that is inconsistent produces either an error or a warning message. An error message lets the user know that there is something wrong in the configuration that will affect the way Oracle Communications Session Border Controller runs. A warning message lets the user know that there is something wrong in the configuration, but it will not affect the way the Oracle Communications Session Border Controller runs. The following is an example of the verify-config output:
ORACLE# verify-config
--------------------------------------------------------------------------------
ERROR: realm-config [r172] is missing entry for network-interface
ERROR: sip-nat [nat172] is missing ext-address entry
ERROR: sip-nat [nat172] is missing ext-proxy-address entry
ERROR: sip-nat [nat172] is missing domain-suffix entry
WARNING: sip-nat [nat172] has ext-address [5.6.7.8] which is different from sip-interface [sip172] sip-port address [1.2.3.4]
--------------------------------------------------------------------------------
Total:
4 errors
1 warningEvery time a user executes the save-config command, verify-config is automatically run. If any configuration problems are found, you receive a message pointing to the number of errors found during the saving, along with a recommendation to run the verify-config command to view the errors fully. The following is an example of the save-config verification output:
ORACLE# save-config
-------------------------------------------------------------------
Results of config verification:
   4 configuration errors
   2 configuration warnings
Run verify-config for more details
-------------------------------------------------------------------
Save-Config received, processing.
waiting 1200 for request to finish
Request to 'SAVE-CONFIG' has Finished,
Save complete
Currently active and saved configurations do not match!
To sync & activate, run 'activate-config' or 'reboot activate'.Verifying Address Duplication
The verify-config command, entered either directly or via the save-config command, checks for address duplication for a given network-interface within a configuration. Addresses are checked for duplication based on the following criteria:
- Every address entered is checked against the Primary and Secondary Utility addresses
- All UDP, TCP, and TFTP addresses are checked against other UDP, TCP, and TFTP addresses respectively within the same port range
The following tables display the entire list of addresses which are checked for duplication, the network-interface or realm which they are checked against, and the port range:
Network-Interface
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| pri-utility-addr | Primary | itself | 0 | 0 | 
| sec-utility-addr | Secondary | itself | 0 | 0 | 
| ip-address | Unknown | itself | 0 | 0 | 
| ftp-address | Unknown | itself | 0 | 0 | 
| snmp-address | Unknown | itself | 0 | 0 | 
| telnet-address | Unknown | itself | 0 | 0 | 
| dns-ip-primary | Unknown | itself | 0 | 0 | 
| dns-ip-backup1 | Unknown | itself | 0 | 0 | 
| dns-ip-backup2 | Unknown | itself | 0 | 0 | 
| hip-ip-address | Unknown | itself | 0 | 0 | 
| icmp-address | Unknown | itself | 0 | 0 | 
Steering-Pool
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| ip-address | UDP | network-interface or realm-id | start-port | end-port | 
SIP-Interface
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| sip-port address | transport-protocol (UDP or TCP) | realm-id | sip-port port | 0 | 
| sip-port address | UDP if transport-protocol is UDP | realm-id | port-map-start | port-map-end | 
SIP-NAT
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| ext-proxy-address | Unknown | realm-id | 0 | 0 | 
| home-proxy-address | Unknown | realm-id | 0 | 0 | 
| home-address | Unknown | realm-id | 0 | 0 | 
| ext-address | Unknown | realm-id | 0 | 0 | 
* The home-address value must be unique across all network interfaces configured on the Oracle Communications Session Border Controller.
H323-Stack
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| local-ip | TCP | realm-id | q031-port | 0 | 
| local-ip | TCP | realm-id | q931-start-port | q931-start-port + q931-number-ports - 1 | 
| local-ip | TCP | realm-id | dynamic-start-port | dynamic-start-port + dynamic-number-port - 1 | 
| local-ip | UDP | realm-id | ras-port | 0 | 
| gatekeeper | Unknown | realm-id | 0 | 0 | 
| alternate-protocol | UDP | realm-id | it’s port | 0 | 
* If an h323-stack’s q931-port (TCP) parameter is configured with a value of 1720, there is an address duplication exception. This configured port can exist within two port map ranges; the value of q931-start-port and its entire port range, and the value of dynamic-start-port and its entire port range.
Local-Policy Local-Policy-Attributes
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| next-hop | Unknown | realm | 0 | 0 | 
Session-Agent
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| ip-address | UDP or TCP | realm-id | port | 0 | 
| host-name (If different from ip-address) | UDP or TCP | realm-id | port | 0 | 
| ip-address | UDP or TCP | egress-realm-id if no realm-id or different from it | port | 0 | 
| host-name (If different from ip-address) | UDP or TCP | egress-realm-id if no realm-id or different from it | port | 0 | 
Static-Flow
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| in-source/32 | Unknown | in-realm-id | 0 | 0 | 
| in-destination/32 | UDP or TCP if ALG is TFTP or otherwise unknown | in-realm-id | start-port | end-port | 
| out-source/32 | UDP or TCP if ALG is TFTP or NAPT otherwise unknown | out-realm-id | start-port | end-port | 
| out-destination/32 | Unknown | out-realm-id | 0 | 0 | 
Capture-Receiver
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| address | Unknown | network-interface | 0 | 0 | 
Realm-Config
| Parameter Name | Address Type | Network Interface or Realm | Port Start | Port End | 
|---|---|---|---|---|
| stun-server-ip | UDP | network-interfaces | stun-server-port | 0 | 
| stun-server-ip | UDP | network-interfaces | stun-changed-port | 0 | 
| stun-changed-ip | UDP | network-interfaces | stun-server-port | 0 | 
| stun-changed-ip | UDP | network-interfaces | stun-changed-port | 0 | 
Verify-Config Errors and Warnings
The following tables list every error and warning the verify-config command produces for each configuration element:
Access-Control
| Error Text | Reason for Error | 
|---|---|
| WARNING: access-control [id] has unsupported application-protocol [x] | Unsupported protocols [x] | 
| WARNING: access-control [x] has trust-level set to [y], while none of the attributes `invalid-signal-threshold[0], maximum-signal-threshold[0], nat-trust-threshold[0], max-endpoints-per-nat[0], nat-invalid-message-threshold[0], cac-failure-threshold[0]` are set | When DDoS is configured in media-manager, the access-control element [x] needs to have additional attributes set. | 
| ERROR: access-control [id] has reference to realm-id [xyz] which does not exist | Realm was not found in realm table | 
Account-Config
| Error Text | Reason for Error | 
|---|---|
| ERROR: account-config is enabled, but there are no account servers configured | State is enabled, file-output is disabled and there are not servers | 
| WARNING: account-config is enabled, there are no account-servers configured, but ftp-push is disabled | State and file-output are enabled, there are not account servers and ftp-push is disabled | 
| WARNING: account-config is enabled, account-servers are configured, file-output is disabled, but ftp-push is enabled | State and ftp-push are enabled, account servers are configured, file-output is disabled | 
| ERROR : account-config is enabled, ftp-push is enabled, but there is no ftp-address entered or push-receiver configured | State and ftp-push are enabled, but there is no ftp-address or push-receiver configured | 
| ERROR: account-config has reference to push-receiver [xyz] which can not get password | Password failed decryption | 
| ERROR: account-config has reference to push-receiver [xyz] which does not have remote-path set | Push-receiver has no remote-path set | 
| ERROR: account-config has reference to push-receiver [xyz] which does not have username set | Push-receiver has no username set | 
| ERROR: account-config has reference to push-receiver [xyz] which does not have password set for protocol FTP | Push-receiver has no password set for FTP | 
| WARNING: account-config has reference to push-receiver [xyz] with a public key set, but protocol is set to FTP | Push-receiver has set public key, but protocol is FTP | 
| ERROR: account-config has push-receiver [xyz] with reference to public-key [zyx] which does not exist | Public key was not found in public key table | 
| ERROR: account-config has account-server [IP:Port] with empty secret | Account-server [IP:Port] has empty secret field | 
Authentication
| Error Text | Reason for Error | 
|---|---|
| ERROR: authentication has specified unsupported protocol [x] for type [y] | Unsupported protocols for given type | 
| ERROR: authentication has no configured active radius servers for authentication type [x] | No configured active radius for given type | 
Call-Recording-Server
| Error Text | Reason for Error | 
|---|---|
| ERROR: call-recording-server must have a name | Name is missing | 
| ERROR: call-recording-server [id] must have a primary-signaling-addr or primary-media-addr | There has to be either primary signaling or media address | 
| ERROR: call-recording-server [id] is missing primary-realm | Realm name is missing | 
| ERROR: call-recording-server [id] has reference to the primary-realm [xyz] which does not exist | Primary-realm [xyz] was not found in realm-config table | 
| ERROR: call-recording-server [id] has reference to the secondary-realm [xyz] which does not exist | Secondary-realm [xyz] was not found in realm-config table | 
Capture-Receiver
| Error Text | Reason for Error | 
|---|---|
| ERROR: capture-receiver [id] has reference to network-interface [xyz] which does not exist | Network-interface was not found in network-interface table | 
Certificate-Record
| Error Text | Reason for Error | 
|---|---|
| ERROR: certificate-record [id] is not trusted and will not be loaded | Certificate record is not trusted | 
| ERROR: certificate-record [id] cannot extract private key | Certificate record failed to extract the private key | 
| ERROR: certificate-record [id] cannot convert PKCS7 string to structure | Failure to convert PKCS7 record to the structure | 
Class-Policy
| Error Text | Reason for Error | 
|---|---|
| ERROR: class-policy [id] ] has reference to the media-policy [xyz] which does not exist | Media-policy [xyz] was not found in the media-policy table | 
DNS-Config
| Error Text | Reason for Error | 
|---|---|
| ERROR: dns-config [id] is missing client-realm entry | Missing client realm | 
| ERROR: dns-config [id] has reference to client-realm [xyz] which does not exist | Realm was not found in the realm-config table | 
| ERROR: dns-config [id] does not have any server-dns-attributes | Server-dns-attributes are missing | 
| ERROR: dns-config [id] is missing server-realm entry | Realm entry is missing (source address is empty) | 
| ERROR: dns-config [id] is missing server-realm entry for source-address [x] | Realm entry is missing (source address is not empty) | 
| ERROR: dns-config [id] has reference to server-realm [xyz] which does not exist | Realm was not found in the realm-config table | 
ENUM-Config
| Error Text | Reason for Error | 
|---|---|
| ERROR: enum-config [id] is missing realm-id entry | Missing realm | 
| ERROR: enum-config [id] has reference to the realm-id [xyz] which does not exist | Realm [xyz] was not found in realm-config table | 
| ERROR: enum-config [id] has no enum-servers | List of ENUM servers is empty | 
Ext-Policy-Server
| Error Text | Reason for Error | 
|---|---|
| ERROR: ext-policy-server [id] is missing realm entry | Missing realm | 
| ERROR: ext-policy-server [id] address is not valid | Invalid address entry | 
| ERROR: ext-policy-server [id] has reference to protocol [xyz] which is not valid | Invalid protocol entry | 
| ERROR: ext-policy-server [id] has reference to realm [xyz] which does not exist | Realm was not found in the realm-config table | 
H323-Stack
| Error Text | Reason for Error | 
|---|---|
| ERROR: h323-stack [id] has no realm-id | Missing realm entry | 
| ERROR: h323-stack [id] has reference to the realm-id [xyz] which does not exist | Realm was not found in the realm-config table | 
| WARNING: h323-stack [id] is missing local-ip address entry | Missing address entry | 
| WARNING : h323-stack [id] has reference to media-profile [xyz] which does not exist | Media profile was not found in media profile table | 
| ERROR: h323-stack [id] has reference to the assoc-stack [xyz] which does not exist | Stack name was not found in the h323-stack table | 
Host-Route
| Error Text | Reason for Error | 
|---|---|
| WARNING: host-route [id] has reference to gateway [xyz] which does not exist in any network-interface | gateway entry was not found in any network-interface object | 
IWF-Config
| Error Text | Reason for Error | 
|---|---|
| WARNING: iwf-config has reference to media-profile [xyz] which does not exist | media profile was not found in media profile table | 
Local-Policy
| Error Text | Reason for Error | 
|---|---|
| ERROR: local-policy [id] has reference to source-realm [xyz] which does not exist | Source-realm [xyz] was not found in realm-config table | 
| WARNING: local-policy [id] has no policy-attributes set | No policy-attributes set | 
| ERROR: local-policy-attribute [id1] from local-policy [id2] has reference to realm [xyz] which does not exist | Realm [xyz] was not found in realm-config table | 
| ERROR: local-policy-attribute [id1] from local-policy [id2] is missing next-hop entry | Next-hop is missing for given attribute | 
| ERROR: local-policy-attribute [id1] from local-policy [id2] has reference to next-hop [xyz] which is invalid | Invalid value for the next-hop | 
| ERROR: local-policy-attribute [id1] from local-policy [id2] has reference to next-hop [xyz] which does not exist | Value for the next-hop was not found (either from enum-config, or lrt-config, or session-group) | 
| WARNING: local-policy-attribute [id] from local-policy [di] has reference to media-policy [xyz] which does not exist | Media-policy [xyz] was not found in media-policy table | 
| WARNING: local-policy [id] local-policy-attribute [id1] has duplicate address with sip-port [xyz] sip-interface has duplicate address with sip-port | Policy attribute next-hop is the same as the sip-port | 
Local-Routing-Config
| Error Text | Reason for Error | 
|---|---|
| ERROR: local-routing-config [id] has reference to the file-name [xyz] which does not exist | specified file is missing from /boot/code/lrt folder | 
Network-Interface
| Error Text | Reason for Error | 
|---|---|
| ERROR: network-interface [id] has reference to phy-interface [xyz] which does not exist | Phy-interface [xyz] was not found in phy-interface table | 
| ERROR: network-interface [id] is missing pri-utility-addr entry | If redundancy is enabled pri-utility-addr entry has to be entered | 
| ERROR: network-interface [id] is missing sec-utility-addr entry | If redundancy is enabled sec-utility-addr entry has to be entered | 
| ERROR: network-interface [id] has reference to DNS address, but dns-domain is empty | Dns-domain is empty. Word “address” will be plural addresses if there are more DNS addresses entered | 
| ERROR: network-interface [id] has reference to DNS address, but ip-address is empty | Ip-address is empty. Word “address” will be plural addresses if there are more DNS addresses entered | 
Phy-Interface
| Error Text | Reason for Error | 
|---|---|
| ERROR: phy-interface [id] has invalid operation-type value [x] | Operation-type value is invalid | 
| ERROR: phy-interface [id] of type [x] with port [y] and slot [z] has invalid name | If type is MAINTENANCE or CONTROL name has to start with either “eth” or wancom | 
| ERROR: phy-interface [id] of type [x] has duplicated port [y] and slot [z] values with phy-interface [di] | Port and slot values are duplicated with another phy-interface | 
Public-Key
| Error Text | Reason for Error | 
|---|---|
| ERROR: public-key [id] has no public/private key pair generated for public-key [x] | No public/private key generated | 
| ERROR: public-key [id] cannot extract private key | Cannot extract private key | 
Realm-Config
| Error Text | Reason for Error | 
|---|---|
| ERROR: realm-config [id] has reference to ext-policy-svr [xyz] which doe not exist | Missing external BW manager | 
| ERROR: realm-config [id] is missing entry for network-interface | Missing Network Interface | 
| ERROR: realm-config [id] has reference to network-interface [xyz] which does not exist | Network interface was not found in network-interface table | 
| ERROR: realm-config [id] has reference to media-policy [xyz] which does not exist | Media-policy was not found in media-policy table | 
| ERROR: realm-config [id] has reference to class-profile [xyz] which does not exist | Class-profile was not found in class-profile table | 
| ERROR: realm-config [id] has reference to in-translationid [xyz] which does not exist | In-translationid was not found in session translation table | 
| ERROR: realm-config [id] has reference to out-translationid [xyz] which does not exist | Out-translationid was not found in session translation table | 
| ERROR: realm-config [id] has reference to in-manipulationid [xyz] which does not exist | In-manipulationid was not found in manipulation table | 
| ERROR: realm-config [id] has reference to out-manipulationid [xyz] which does not exist | Out-manipulationid was not found in manipulation table | 
| ERROR: realm-config [id] has reference to enforcement-profile [xyz] which does not exist | Enforcement-profile was not found in enforcement-profile table | 
| ERROR: realm-config [id] has reference to call-recording-server-id [xyz] which does not exist | Call-recording-server-id was not found in call-recording-server-table | 
| ERROR: realm-config [id] has reference to codec-policy [xyz] which does not exist | Codec-policy was not found in codec-policy table | 
| ERROR: realm-config [id] has reference to constraint-name [xyz] which does not exist | Constraint-name was not found in session constraint table | 
| ERROR: realm-config [id] has reference to qos-constraint [xyz] which does not exist | Qos-constraint was not found in qos constraint table | 
| ERROR: realm-config [id] with parent-realm [xyz] are part of circular nested realms | Realm and its parent realm are part of the closed loop where they referring back to themselves | 
| ERROR: realm-config [id] has reference to dns-realm [xyz] which does not exist | Dns-realm doesn’t exist in the realm table | 
| WARNING: realm-config [id] has reference to itself as a parent (parent-realm value ignored) | Realm name and parent name are the same | 
| ERROR: realm-config [id] has reference to parent-realm [xyz] which does not exist | Parent realm doesn’t exist in the realm table | 
| ERROR: realm-config [id] has identical stun-server-port and stun-changed port [x] | Stun-server-ip is identical to stun-changed-ip, when stun is enabled | 
| ERROR: realm-config [id] has identical stun-server-ip and stun-changed-ip [x] | Stun-server-port is identical to stun-changed-port, when stun is enabled | 
Realm-Group
| Error Text | Reason for Error | 
|---|---|
| ERROR: realm-group [id] has reference to source-realm [xyz] which does not exist | Realm was not found in realm-config table | 
| ERROR: realm-group [id] has reference to destination-realm [xyz] which does not exist | Realm was not found in realm-config table | 
Redundancy
| Error Text | Reason for Error | 
|---|---|
| ERROR: redundancy-config peer [id] has Address [x] which does not match pri-utility-addr from network-interface [y] | If redundancy is enabled, peer IP addresses have to match Primary Utility addresses from specified network-interface (pri-utility-addr is missing here) | 
| ERROR: redundancy-config peer [id] has Address [x] which does not match pri-utility-addr [z] from network-interface [y] | If redundancy is enabled, peer IP addresses have to match Primary Utility addresses from specified network-interface | 
| ERROR: redundancy-config peer [id] has Address [x] which does not match sec-utility-addr from network-interface [y] | If redundancy is enabled, peer IP addresses have to match Secondary Utility addresses from specified network-interface (sec-utility-addr is missing here) | 
| ERROR: redundancy-config peer [id] has IP Address [x] which does not match sec-utility-addr [z] from network-interface [y] | If redundancy is enabled, peer IP addresses have to match Secondary Utility addresses from specified network-interface | 
| ERROR: redundancy-config peer [id] has reference to network-interface [xyz] which does not exist | Network-interface [xyz] was not found in network-interface table | 
| ERROR: redundancy-config peer [id] is missing destination object | Destination object is missing | 
| ERROR: redundancy-config is missing Primary peer object | Primary peer object is missing | 
| ERROR: redundancy-config is missing Secondary peer object | Secondary peer object is missing | 
| ERROR: redundancy-config is missing both Primary and Secondary peer objects | Primary and Secondary peer objects are missing | 
Security-Association
| Error Text | Reason for Error | 
|---|---|
| ERROR: security-association [id] is missing network-interface entry | Missing network-interface entry | 
| ERROR: security-association [id] has reference to network-interface [xyz] which does not exist | Network-interface was not found in network-interface table | 
| ERROR: security-association [id] has invalid local-ip-addr | Invalid local-ip-addr entry | 
| ERROR: security-association [id] has invalid remote-ip-addr | Invalid remote-ip-addr entry | 
| ERROR: security-association [id] has reference to network-interface [xyz] which is not valid IPSEC enabled media interface | Network-interface is not valid IPSEC media interface | 
| ERROR: security-association [id] Unable to decrypt auth-key from configuration. This configuration may not have been saved using this systems configuration password | Failed to decrypt auth-key | 
| ERROR: security-association [id] has auth-algo [hmac-md5] with an auth-key of invalid length, must be 32 hex characters long | Invalid length of the auth-key for auth-algo [hmac-md5] | 
| ERROR: security-association [id] has auth-algo [hmac-sha1] with an auth-key of invalid length, must be 40 hex characters long | Invalid length of the auth-key for auth-algo [hmac-sha1] | 
| ERROR: security-association [id] Unable to decrypt encr-key from configuration. This configuration may not have been saved using this systems configuration password | Failed to decrypt encr-key | 
| ERROR: security-association [id] has encr-algo [xyz] with and encr-key of invalid length, must be 64 bits (odd parity in hex) | Invalid encr-key length for given algorithm | 
| ERROR: security-association [id] has encr-algo [xyz] with and encr-key of invalid length, must be 192 bits (odd parity in hex) | Invalid encr-key length for given algorithm | 
| ERROR: security-association [id] has encr-algo [xyz] with and encr-key of invalid length, must be 128 bits (odd parity in hex) | Invalid encr-key length for given algorithm | 
| ERROR: security-association [id] has encr-algo [xyz] with and encr-key of invalid length, must be 256 bits (odd parity in hex) | Invalid encr-key length for given algorithm | 
| ERROR: security-association [id] has invalid aes-ctr-nonce (must be non-zero value) for encr-algo [xyz] | Has invalid aes-ctr-nonce for given algorithm | 
| ERROR: security-association [id] has invalid tunnel-mode local-ip-addr (will be set to inner local-ip-address) | Invalid tunnel-mode local-ip-addr | 
| ERROR: security-association [id] has invalid tunnel-mode remote-ip-addr (will be set to inner remote-ip-address) | Invalid tunnel-mode remote-ip-addr | 
| ERROR: security-association [id] has invalid espudp local-ip-addr (must be non-zero) | Invalid espudp local-ip-addr | 
| ERROR: security-association [id] has invalid espudp remote-ip-addr (must be non-zero) | Invalid espudp remote-ip-addr | 
| ERROR: security-association [id] has invalid espudp local-port (must be non-zero) | Invalid espudp local-port | 
| ERROR: security-association [id] has invalid espudp remote-port (must be non-zero) | Invalid espudp remote-port | 
Security-Policy
| Error Text | Reason for Error | 
|---|---|
| ERROR: security-policy [id] has invalid local-ip-addr-match | Empty local-ip-addr-match | 
| ERROR: security-policy [id] has invalid local-ip-addr-match [x] | Invalid local-ip-addr-match | 
| ERROR: security-policy [id] has invalid remote-ip-addr-match | Empty remote-ip-addr-match | 
| ERROR: security-policy [id] has invalid remote-ip-addr-match [x] | Invalid remote-ip-addr-match | 
| ERROR: security-policy [id] is missing network-interface entry | Missing network-interface entry | 
| ERROR: security-policy [id] priority [x] is identical to security-policy [id2] | Duplication of the priorities | 
| ERROR: security-policy [id] has reference to network-interface [xyz] which does not exist | Network-interface was not found in network-interface table | 
| ERROR: security-policy [id] has reference to network-interface [xyz] which is not valid IPSEC enabled media interface | Network-interface is not valid IPSEC media interface | 
Session-Agent
| Error Text | Reason for Error | 
|---|---|
| ERROR: session-agent [id] has reference to realm-id [xyz] which does not exist | Realm was not found in realm table | 
| ERROR: session-agent [id] has reference to egress-realm-id [xyz] which does not exist | Realm was not found in realm table | 
| ERROR: session-agent [id] has reference to in-translationid [xyz] which does not exist | Translation id was not found in translation table | 
| ERROR: session-agent [id] has reference to out-translationid [xyz] which does not exist | Translation id was not found in translation table | 
| ERROR: session-agent [id] has reference to in-manipulationid [xyz] which does not exist | Manipulation id was not found in manipulation table | 
| ERROR: session-agent [id] has reference to out-manipulationid [xyz] which does not exist | Manipulation id was not found in manipulation table | 
| ERROR: session-agent [id] has reference to enforcement-profile [xyz] which does not exist | Enforcement-profile was not found in enforcement-profile table | 
| ERROR: session-agent [id] has reference to code-policy [xyz] which does not exist | Codec-policy was not found in codec-policy table | 
| ERROR: session-agent [id] has reference to response-map [xyz] which does not exist | Response-map was not found in response map table | 
| ERROR: session-agent [id] has reference to local-response-map [xyz] which does not exist | Response-map was not found in response map table | 
Session-Group
| Error Text | Reason for Error | 
|---|---|
| ERROR: session-group [id] has reference to session-agent [xyz] which does not exist | Session agent was not found in the session agent table | 
Session-Translation
| Error Text | Reason for Error | 
|---|---|
| ERROR: session-translation [id] has reference to rules [xyz] which does not exist | Translation rule was not found in the translation rule table | 
SIP-Config
| Error Text | Reason for Error | 
|---|---|
| ERROR: sip-config has reference to home-realm-id [xyz] which does not exist | Realm was not found in the realm-config table | 
| ERROR: sip-config has reference to egress-realm-id [xyz] which does not exist | Realm was not found in the realm-config table | 
| ERROR: sip-config has reference to enforcement-profile [xyz] which does not exist | Enforcement profile was not found in enforcement profile table | 
| WARNING: sip-config is missing home-realm-id for SIP-NAT, defaults to [sip-internal-realm] | Missing home-realm-id, defaulted to sip-internal-realm | 
| WARNING: sip-config home-realm-id [xyz] does not have a sip-interface | Sip-interface missing for the home realm | 
| WARNING: sip-config has nat-mode set to [None], but there are configured sip-nat objects | Nat-mode needs to be set to either Public or Private if there are sip-nat objects in the configuration | 
| ERROR: sip-config object is disabled | Sip-config is disabled, but there are configured sip-interface objects | 
SIP-Interface
| Error Text | Reason for Error | 
|---|---|
| ERROR: sip-interface [id] is missing realm-id entry | missing realm | 
| ERROR: sip-interface [id] has reference to realm-id [xyz] which does not exist | realm was not found in realm-config table | 
| ERROR: sip-interface [id] has reference to in-manipulationid [xyz] which does not exist | in-manipulationid was not found in manipulation table | 
| ERROR: sip-interface [id] has reference to out-manipulationid [xyz] which does not exist | out-manipulationid was not found in manipulation table | 
| ERROR: sip-interface [id] has reference to enforcement-profile [xyz] which does not exist | enforcement profile was not found in enforcement profile table | 
| ERROR: sip-interface [id] has reference to response-map [xyz] which does not exist | response-map was not found in response-map table | 
| ERROR: sip-interface [id] has reference to local-response-map [xyz] which does not exist | local-response-map was not found in response-map table | 
| ERROR: sip-interface [id] has reference to constraint-name [xyz] which does not exist | constraint-name was not found in session constraint table | 
| ERROR: sip-interface [id] has no sip-ports | sip-ports are missing | 
| ERROR: sip-interface [id] with sip-port [id2] has reference to tls-profile [xyz] which does not exist | tls-profile was not found in TLS profile table (only valid for protocols TLS or DTLS) | 
| ERROR: sip-interface [id] with sip-port [id2] has reference to ims-aka-profile [xyz] which does not exist | ims-aka-profile was not found in Ims-Aka-Profile table (valid for protocols other than TLS or DTLS) | 
| WARNING: sip-interface [id] has no sip-ports, using SIP-NAT external-address | no sip-ports so SIP-NAT external-address is used | 
| WARNING: sip-interface [id] has no valid sip-ports, using SIP-NAT external-address | no valid sip-ports so SIP-NAT external-address is used | 
SIP-Manipulation
| Error Text | Reason for Error | 
|---|---|
| ERROR: sip-manipulation [id] has no header-rules defined | Missing header rules | 
| ERROR: sip-manipulation [id] with header-rule [xyz] is missing new-value entry | Missing new-value entry (checked only for action type sip-manip) | 
| ERROR: sip-manipulation [id] with header-rule [xyz] has reference to new-value [zxy] which does not exist | New-value entry missing from the sip-manipulation table | 
| ERROR: sip-manipulation [id] with header-rule [xyz] has new-value that refers to itself from sip-manipulation [di] | Looping reference between two objects | 
SIP-NAT
| Error Text | Reason for Error | 
|---|---|
| ERROR: sip-nat [id] is missing home-address entry | Missing home-address | 
| ERROR: sip-nat [id] has invalid home-address [x] entry | Invalid home-address entry | 
| ERROR: sip-nat [id] is missing ext-address entry | Missing ext-address | 
| ERROR: sip-nat [id] has invalid ext-address [x] entry | Invalid ext-address entry | 
| ERROR: sip-nat [id] is missing ext-proxy-address entry | Missing ext-proxy-address | 
| ERROR: sip-nat [id] has invalid ext-proxy-address [x] entry | Invalid ext-proxy-address entry | 
| ERROR: sip-nat [id] is missing user-nat-tag entry | Missing user-nat-tag | 
| ERROR: sip-nat [id] is missing host-nat-tag entry | Missing host-nat-tag | 
| ERROR: sip-nat [id] is missing domain-suffix entry | Missing domain-suffix | 
| ERROR: sip-nat [id] is missing realm-id entry | Missing realm entry | 
| ERROR: sip-nat [id] does not match sip-interface realm [xyz] | Sip-interface name was not found in realm table | 
| ERROR: sip-nat [id] does not have a sip-interface | Sip-interface is missing | 
| WARNING: sip-nat [id] has same user-nat-tag as sip-nat [di] | Duplicated user-nat-tag | 
| WARNING: sip-nat [id] has same host-nat-tag as sip-nat [di] | Duplicated host-nat-tag | 
| WARNING: sip-nat [id] has ext-address [x] which is different from sip-interface [di] sip-port address [y] | Sip-nat ext-address needs to be the same as sip-port address | 
| ERROR: sip-nat [id] has same home-address [x] as sip-nat [di] | Duplicated home-address | 
Static-Flow
| Error Text | Reason for Error | 
|---|---|
| ERROR: static-flow [id] is missing in-realm-id entry | Missing in-realm-id | 
| ERROR: static-flow [id] has reference to in-realm-id [xyz] which does not exist | Realm was not found in the realm-config table | 
| ERROR: static-flow [id] is missing out-realm-id entry | Missing out-realm-id | 
| ERROR: static-flow [id] has reference to out-realm-id [xyz] which does not exist | Realm was not found in the realm-config table | 
| ERROR: ext-policy-server [id] has illegal protocol value [xyz] | Invalid protocol entry | 
Steering-Pool
| Error Text | Reason for Error | 
|---|---|
| ERROR: steering-pool [id] has invalid start-port [x] | Invalid start-port value (smaller than 1025) | 
| ERROR: steering-pool [id] has start-port [x] greater than end-port [y] | Start-port value is greater than end-port value | 
| ERROR: steering-pool [id] is missing realm entry | Missing realm entry | 
| ERROR: steering-pool [id] has reference to realm [xyz] which does not exist | Realm [xyz] was not found in realm-config table | 
| ERROR: steering-pool [id] has reference to network-interface [xyz] which does not exist | Network-interface [xyz] was not found in network-interface table | 
Surrogate-Agent
| Error Text | Reason for Error | 
|---|---|
| ERROR: surrogate-agent [id] is missing realm entry | Missing realm entry | 
| ERROR: surrogate-agent [id] has reference to realm [xyz] which does not exist | Realm was not found in the realm-config table | 
| ERROR: surrogate-agent [id] is missing customer-next-hop entry | Missing customer-next-hop entry | 
| ERROR: surrogate-agent [id] is missing register-contact-user entry | Missing register-contact-user entry | 
| ERROR: surrogate-agent [id] is missing register-contact-host entry | Missing register-contact-host entry | 
System-Config
| Error Text | Reason for Error | 
|---|---|
| ERROR: system-config has reference to default-gateway [xyz] which does not exist | gateway was not found in the network-interface table or boot parameters | 
| ERROR: system-config collect has sample-interval [x] greater than push-interval | sample-interval greater than push-interval | 
| ERROR: system-config collect has start-time [x] greater than end-time [y] | Start-time greater than end-time | 
| ERROR: system-config collect has group [xyz] with sample-interval [x] greater than collection push-interval [y] | Group [xyz] has incorrect sample interval | 
| ERROR: system-config collect has group [xyz] with start-time [x] greater than end-time [y] | Group [xyz] has incorrect sample interval | 
| ERROR: system-config collect has no push-receivers defined | No push-receivers defined | 
| ERROR: system-config collect has reference to push-receiver [xyz] which does not have user-name set | No user-name set | 
| ERROR: system-config collect has reference to push-receiver [xyz] which does not have password set | No password set | 
| ERROR: system-config collect has reference to push-receiver [xyz] which does not have address set | No address set | 
| ERROR: system-config collect has reference to push-receiver [xyz] which does not have data-store set | No data-store set | 
TLS-Profile
| Error Text | Reason for Error | 
|---|---|
| ERROR: tls-profile [id] has reference to end-entity-certificate [xyz] which does not have any certificates | End-entity-certificate entry missing certificate or certificate-record is part of config, but record was not imported to the SD | 
| ERROR: tls-profile [id] has end-entity-certificate [xyz] which has an end entry certificate, but the private key is invalid. | Bad private key for the cert-record | 
| ERROR: tls-profile [id] has reference to end-entity-certificate [xyz] which does not exist | Certificate record was not found in cert-record table | 
| ERROR: tls-profile [id] has an end-entity-certificate records without any end entity certificate | End certificate missing from all end-entity-certificate records or none of them where imported to the SD | 
| ERROR: tls-profile [id] found an entry in the trusted-ca-certificates with zero length | Found an empty trusted-ca-record in the list | 
| ERROR: tls-profile [id] has reference to trusted-ca-certificates [xyz] which does not have any certificates | Trusted-ca-records entry missing certificate | 
| ERROR: tls-profile [id] has reference to trusted-ca-certificates [xyz] with PKCS7 structure which does not have any certificates | Trusted-ca-records entry with PKCS7 structure missing certificate | 
| ERROR: tls-profile [id] has reference to trusted-ca-certificates [xyz] which does not exist | Certificate record was not found in cert-record table | 
| ERROR: tls-profile [id] has no trusted-ca- certificates, but mutual-authentication is enabled | No trusted certificates, but enabled mutual-authentication | 
Other Verify Config Errors and Warnings
| Error Text | Reason for Error | 
|---|---|
| WARNING: [x] and [y] should not be run simultaneously as they may interfere with each other and lead to undefined behavior. | Two or more of these conflicting items have been activated: comm-monitor, packet-trace, call-trace and SIP Monitoring & Trace. Only one may be enabled at a time. | 
Viewing Configurations
While configuration archives describe a full Oracle Communications Session Border Controller configuration, you can not display them on the screen for quick reference. To view configurations through a local connection, there are two options.
Checking Configuration Versions
The Oracle Communications Session Border Controller maintains a running count of the version of both the running configuration and current configuration. It can be helpful to know when the running and current configurations are out of sync.
While they can differ, the current configuration and the running configuration should generally be the same. After a configuration is modified, saved and activated, the current and running configuration versions should be the same.
To check the version of each configuration:
Deleting Configurations
You can completely delete the data in the last-saved configuration with one command. This can be useful if you want to reconfigure your Oracle Communications Session Border Controller starting with a blank configuration. You must reboot your Oracle Communications Session Border Controller after issuing the delete-config command to complete this task.
To delete the running and current configuration:
Configuration Checkpointing
In an HA configuration, configuration checkpointing copies all configuration activity and changes on one Oracle Communications Session Border Controllerto the other Oracle Communications Session Border Controller. Checkpointed transactions copy added, deleted, or modified configurations from the active system to the standby system. You only need to perform configuration tasks on the active Oracle Communications Session Border Controller because the standby SD will go through the checkpointing process and synchronize its configuration to the active Oracle Communications Session Border Controller to reflect activity and changes.
The acquire-config command is used to manually invoke configuration checkpointing between two Oracle Communications Session Border Controllers in an HA node.
To synchronize the systems in an HA node: