3 Interface Changes
The following topics summarize ACLI, SNMP, HDR, Alarms, Accounting, and Web GUI changes for S-Cz8.4.0. The additions, removals, and changes noted in these topics occured since the previous major release of the Oracle Communications Session Border Controller.
ACLI Configuration Element Changes
The following tables describe the ACLI configuration element changes for the Oracle Communications Session Border Controller (SBC) S-Cz8.4.0 release and subsequent patch releases.
Configuration Assistant
| New Elements | Description |
|---|---|
| run configuration-assistant | Use to launch the Configuration Assistant from the Acme Command Line Interface (ACLI). Available as of the S-Cz-8.4.0p5 release,. |
telnet-timeout
Note:
The following configuration parameter has been deprecated. Although it is still present in the ACLI, it is not functional. Any value set here is ignored.| Removed Elements | Description |
|---|---|
| system-config, telnet-timeout | Deprecated. Although the parameter is present, it is not functional. Any value set here is ignored. |
Public Key
Note:
The following configuration element has been removed.| Removed Elements | Description |
|---|---|
| security, public-key | Removed. Use the ssh-key command instead. |
SSH Configuration
Note:
The following attributes have been removed from the ssh-config element.| Element with Removed Attributes | Description |
|---|---|
| security, ssh-config |
|
The following configuration attributes have been added.
| New Elements | Description |
|---|---|
| security, ssh-config |
|
Certificate Records
Note:
The following attributes have been removed from the certificate-record element.| Element with Removed Attributes | Description |
|---|---|
| security, certificate-record | The key-size attribute no longer accepts 512 as a value. |
SIP to SIP-I Interworking
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| session-router,sip-isup-profile, iwf-for-183 | Adds the pem-controlled value to the iwf-for-183 parameter |
| session-router,sip-isup-profile, extract-isup-params | Specifies the ISUP parameters to interwork to SIP |
| session-router,sip-isup-profile, remove-isup-params | Removes the specified ISUP parameter from the list of parameters previously added using the extract-isup-param configuration parameter. Allowed values include generic-number | location-number | user-to-user | calling-party-number | inband-announcement |
Early Media Support
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| session-router,sip-interface | Adds the support value to the p-early-media-header parameter |
| media-manager,realm-config | Adds the merge-early-dialogs parameter |
Use of the AF-Requested-Data AVP to Obtain EPC Identity for Emergency Calls
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| session-router, ext-policy-server | Adds the use-epc-level-msisdn parameter |
NPLI Support
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| session-router,npli-profile | Adds this new parameter to allow you to define, then apply augmented NPLI management behavior |
| session-router,sip-interface | Adds the npli-profile parameter |
Diversion and History-Info Interworking
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| session-router, sip-interface | Adds the anonymize-history-for-untrusted parameter |
| session-router, sip-interface | Adds the hist-to-div-for-cause-380 parameter |
SMS and VoLTE CDR Support
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| system, account-config, generate-event | Add the message value |
| system, account-config, options | Adds the realm-as-ioi value |
| session-router,sip-config | Adds the sms-report-timeout parameter |
| media-manager, ext-policy-server, specific-action-subscription | Adds the ip-can-change value |
IKEv2 Support
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| security, ike, ike-interface |
|
| security, ike, ike-config |
|
SIP REFER with Replaces
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| session-router, sip-config | Adds the refer-reinvite-no-sdp parameter |
Transcoding Free Operation
This table lists and describes new configuration elements that display in the S-Cz8.4.0 release.
| New Elements | Description |
|---|---|
| realm-config | Adds the srvcc-trfo parameter. |
HTTP Server
| New Elements | Description |
|---|---|
| system, http-server | Replaces web-server-config. |
Two-Factor Authentication
| New Elements | Description |
|---|---|
| security, authentication, two-factor-authentication | Allows users to configure 2FA. |
Audit HTTP Headers
| New Elements | Description |
|---|---|
| security, admin-security, audit-logging | A new attribute called audit-http was added which logs HTTP headers |
Unsupported Configuration
| New Elements | Description |
|---|---|
| system, system-config | Adds the
enable-snmp-tls-srtp-traps
parameter.
Note: Unsupported. Do not enable this parameter. |
SIPREC Enhancements
| Modified Elements | Description |
|---|---|
| SRG: <srg name>, or<srsname> | Modifies configuration parameter to accept to take as input a list of up to four SRGs or SRS' or a combination of both. |
Teams Integrations
| New Elements | Description |
|---|---|
| realm-config, user-site | Lists the user-site names corresponding to the user-site configuration set at the DR. The SBC uses this name to select the realm for allocating media IP. The match for user-site is case insensitive. |
| realm-config, media-realm-list | Lists media realm names the SBC searches to match a user-site and select a media realm for allocating media IP. The first realm in the media-realm-list is the default realm for fall back functionality. |
| ice-profile, mode | Specifies the SBC functionality as Downstream or Proxy for media path optimization. The default, None, avoids this specification. |
SSH Client Timeout
The inactivity timeout for SSH clients is set in the client-idle-timeout attribute in the ssh-config element. In S-Cz8.4.0p3 and later, the maximum timeout value changed from 1440 to 59.
MSRP Connection Delay Timer
In S-Cz8.4.0p3 and later, you can alleviate the risk of failed sessions by configuring the conn-setup-delay-timer parameter under the msrp-config element to wait the configured number of milleseconds before initiating an outbound connection.
ACLI Command Changes
The following table summarizes the ACLI command changes that first appear in the Oracle Communications Session Border Controller S-Cz8.4.0 release.
This table lists and describes changes to ACLI commands that are available in the S-Cz8.4.0 release.
| New Commands | Description |
|---|---|
| ssh-key | Replaces both ssh-pub-key and ssh-priv-key commands. |
| show processes <process> |
The following <process> arguments have been
removed:
|
| local-accounts | Manage local accounts.
In 840p3 and later, the local-accounts command replaces the ssh-password command. |
| set-boot-loader | Set the bootloader. Available in 8.4.0p4 and later. |
| delete-boot-file | Delete an unused boot file. Availabe in 8.4.0p4 and later. |
| backup-boot-loader | Copy the bootloader to
/code/images. Availabe in 8.4.0p4 and
later.
|
| ssh-password | Deprecated in 840p3 and replaced by local-accounts command. |
| show-stir stats | Display STIR/SHAKEN statistics in 840p5 and later. |
| reset tacacs-stats | Reset the TACACS+ statistics |
Accounting Changes
This section summarizes the accounting changes that appear in the Oracle Communications Session Border Controller version S-Cz8.4.0.
SMS and VoLTE CDR Support
With this version, the SBC adds SIP reporting on specific information for Short Message Service (SMS) traffic, defined within the SBC as message events reported using STOP records. New SIP reporting also includes detail on VoLTE sessions to support management within IMS constructs. This development has generated multiple new VSAs and AVPs provided in reports that are specific to these flows.
| Attribute Name | Attribute Description | Attribute Value | Attribute Value Type | Messages |
|---|---|---|---|---|
| Acme-Access-Network-Information | Extracted from
Access-Network-Information field from P-Access-Network-Info headers.
For MO calls it should be the PANI headers of the outgoing INVITE (after the NPLI procedure). For MT calls it should be the PANI headers of the outgoing 18x response (after the NPLI procedure). |
248 | SMS and VoLTE | Start
Interim-Update Stop |
| Acme-P-GW IP Address | Obtained from PCRF RAR/AAA in Access-Network-Charging-Address (501) AVP. | 249, ext 1 | VoLTE call | Start
Interim-Update Stop |
| Acme-S-GW IP Address | Obtained from PCRF AAA/RAR in AN-GW-Address (1050) AVP | 249, ext 2 | VoLTE call | Start
Interim-Update Stop |
| Acme-Originating-IOI | Extracted from the Originating-IOI
field in the P-Charging-Vector header.
For MT, MO (MESSAGE/INVITE) calls, the field is extracted from SIP reply(20X). |
249, ext 3 | SMS and VoLTE call | Start
Interim-Update Stop |
| Acme-Terminating-IOI | Extracted from the Terminating-IOI
field in the P-Charging-Vector header.
For MT, MO (MESSAGE/INVITE) calls, the field is extracted from SIP reply(20X). |
249, ext 4 | SMS and VoLTE call | Start
Interim-Update Stop |
| Acme-IMEI | Extracted from the registration cache or
Initial request.
(The Initial request takes priority.) |
249, ext 5 | SMS and VoLTE call | Start
Interim-Update Stop |
| Acme-Node-Functionality | Configured with a single, global Node
Functionality value. This is done in the SIP config's node
functionality parameter.
However, if the node functionality parameter is also configured in a realm config, the ingress realm's node functionality value supersedes the global value. |
249, ext 6 | SMS and VoLTE call | Start
Interim-Update Stop |
| Acme-SMS Message Type | Extracted from initial SIP MESSAGE. | 249, ext 7 | SMS |
Stop |
| Acme-SMS Calling party number | Extracted from initial SIP MESSAGE.
For MO, from the P-Asserted-Identity header For MT, from the TP-Originating-Address |
249, ext 8 | SMS |
Stop |
| Acme-SMS Called party number | Extracted from initial SIP MESSAGE.
For MO, from the TP-Destination-Address For MT, from the To header of the SIP MESSAGE |
249, ext 9 | SMS |
Stop |
| Acme-Message Length | Extracted from SIP MESSAGE field TP-User-Data-Length | 249, ext 10 | SMS |
Stop |
| Acme-History-Info | Extracted from History-Info sip
headers, ingress interface and it taken from initial message.
In case of multiple History-Info headers, concatenated into a single header values in CDR. |
250 | VoLTE call | Start
Interim-Update Stop |
| Acme-Visited-Network-Identifier | Extracted from
Visited-Network-Identifier field from P-Visited-Network-Id headers.
For MO calls, the field is extracted from initial request, or from the ingress sip-interface if the PVNI is not received in the initial request. For MT calls, the field is extracted from the initial request. |
251 | SMS and VoLTE call | Start
Interim-Update Stop |
| Acme-IMSI | Extracted from the registration cache
or Initial request.
(The Initial request takes priority.) |
252 | SMS and VoLTE call | Start
Interim-Update Stop |
See VoLTE and SMS VSAs as well as VoLTE Call and SMS AVPs for Diameter in the Accounting Guide.
Diameter AVPs for VoLTE Calls
The SBC sends an ACR to the PCRF for call accounting with the following VoLTE-specific AVPs. The table shows all mandatory and optional AVP's. If there is data, the SBC includes Optional AVPs. If not the SBC does not include them.
| AVP Name | AVP Code | Is grouped ? Group hierarchy | Type |
|---|---|---|---|
| Access-Network-Information | 1263 | Yes
[ACR] | [Service-Information] | [IMS Information] | [Access-Network-Information ] |
String |
| IMS-Visited-Network-Identifier | 2713 | Yes
[ACR] | [Service-Information] | [IMS Information] | [IMS-Visited-Network-Identifier] |
String |
| Originating-IOI | 839 | Yes
[ACR] | [Service-Information] | [IMS Information] | [Inter-Operator-Identifier] | [Originating-IOI] |
String |
| Terminating-IOI | 840 | Yes
[ACR] | [Service-Information] | [IMS Information] | [Inter-Operator-Identifier] | [Terminating-IOI] |
String |
In addition, the SBC sends the following fields as custom AVP's in the ACR.
| AVP | ACME Diameter Attribute | AVP Type |
|---|---|---|
| IMSI | 98 | UTF8String |
| IMEI | 97 | UTF8String |
| History-Info | 99 | UTF8String |
| PGW-IP Address | 95 | UTF8String |
| SGW-IP Address | 96 | UTF8String |
The table below identifies AVPs specific to VoLTE and SMS traffic.
| AVP | ACME Diameter Attribute | Start | Interim | Stop | Event = MESSAGE | AVP Type |
|---|---|---|---|---|---|---|
| Pgw-IP | 95 | Y | Y | Y | N | UTF8String |
| Sgw-IP | 96 | Y | Y | Y | N | UTF8String |
| IMEI | 97 | Y | Y | Y | Y | UTF8String |
| IMSI | 98 | Y | Y | Y | Y | UTF8String |
| History-Info | 99 | Y | Y | Y | N | UTF8String |
| Sms-Msg-Type | 100 | N | N | N | Y | UTF8String |
| Sms-called party-Number | 101 | N | N | N | Y | UTF8String |
| Sms-calling party-Number | 102 | N | N | N | Y | UTF8String |
| Sms-Msg-Length | 103 | N | N | N | Y | Unsigned32 |
SNMP/MIB Changes
This section summarizes the SNMP/MIB changes that appear in the Oracle Communications Session Border Controller version S-Cz8.4.0.
MIB Changes for TLS and SRTP Failures
When the SRTP and TLS Encryption/Decryption Failure Alarms feature is enabled and
a failure occurs during TLS/SRTP encryption and decryption, the following traps in
ap.security.mib are sent:
| Trap Name | Description |
|---|---|
| apSecurityTlsEncryptionFailureNotification
1.3.6.1.4.1.9148.3.9.3.10.0.1 |
These notifications are sent when there is a failure during TLS packet encryption. |
| apSecurityTlsDecryptionFailureNotification
1.3.6.1.4.1.9148.3.9.3.10.0.2 |
These notifications are sent when there is a failure during TLS packet decryption. |
| apSecuritySrtpEncryptionFailureNotification
1.3.6.1.4.1.9148.3.9.3.11.0.1 |
These notifications are sent when there is a failure during SRTP packet encryption. |
| apSecuritySrtpDecryptionFailureNotification
1.3.6.1.4.1.9148.3.9.3.11.0.2 |
These notifications are sent when there is a failure during SRTP packet decryption. |
The following objects get sent with the traps, depending on the failure condition:
| Object Name | MIB File |
|---|---|
|
apSecuritySrcAddressFamily 1.3.6.1.4.1.9148.3.9.2.23 |
ap-security.mib |
|
apSecuritySrcAddress 1.3.6.1.4.1.9148.3.9.2.24 |
ap-security.mib |
| apSecuritySrcPort
1.3.6.1.4.1.9148.3.9.2.32 |
ap-security.mib |
|
apSecurityDstAddressFamily 1.3.6.1.4.1.9148.3.9.2.25 |
ap-security.mib |
|
apSecurityDstAddress 1.3.6.1.4.1.9148.3.9.2.26 |
ap-security.mib |
|
apSecurityDstPort 1.3.6.1.4.1.9148.3.9.2.33 |
ap-security.mib |
|
apSecurityTlsEncryptionFailureCause 1.3.6.1.4.1.9148.3.9.2.38 |
ap-security.mib |
|
apSecurityTlsCipherSuite 1.3.6.1.4.1.9148.3.9.2.36 |
ap-security.mib |
|
apSecurityTlsSessionId 1.3.6.1.4.1.9148.3.9.2.34 |
ap-security.mib |
|
apSecurityTlsPacketFailureCount 1.3.6.1.4.1.9148.3.9.2.35 |
ap-security.mib |
|
apSecurityTlsDecryptionFailureCause 1.3.6.1.4.1.9148.3.9.2.37 |
ap-security.mib |
|
apSecuritySrtpEncrAlgorithm 1.3.6.1.4.1.9148.3.9.2.41 |
ap-security.mib |
|
apSecuritySrtpAuthAlgorithm 1.3.6.1.4.1.9148.3.9.2.42 |
ap-security.mib |
MIB Changes for STIR/SHAKEN
The S-Cz8.4.0p5 release includes new MIB objects within ap-apps.mib for the STIR/SHAKEN application.
| MIB Object | Object ID 1.3.6.1.4.1.9148.3.16.1.4.2.1.4.x + | Description |
|---|---|---|
| apStirServerName | .1. | Server name as configured on the SBC |
| apStirServerStats.recent.asQueries | .1.1 | Recent queries made to the named AS server |
| apStirServerStats.recent.asSuccessResponses | .1.2 | Recent successful responses received from the named AS server |
| apStirServerStats.recent.asFailResponses | .1.3 | Recent failed responses received from the named AS server |
| apStirServerStats.recent.asFailServiceException | .1.4 | Recent failed responses received from the named AS server caused by a service exception |
| apStirServerStats.recent.asFailPolicyException | .1.5 | Recent failed responses received from the named AS server caused by a policy exception |
| apStirServerStats.recent.vsQueries | .1.6 | Recent queries made to the named VS server |
| apStirServerStats.recent.vsSuccessResponses | .1.7 | Recent successful responses received from the named VS server |
| apStirServerStats.recent.vsFailResponses | .1.8 | Recent failed responses received from the named VS server |
| apStirServerStats.recent.vsFailVerification | .1.9 | Recent failed responses received from the named VS server indicating verification failure |
| apStirServerStats.recent.vsFailServiceException | .1.10 | Recent failed responses received from the named VS server caused by a service exception |
| apStirServerStats.recent.vsFailPolicyException | .1.11 | Recent failed responses received from the named VS server caused by a policy exception |
| apStirServerStats.recent.ServerUnreachable | .1.12 | |
| apStirServerStats.total.asQueries | .2.1 | Recent queries made to the named AS server |
| apStirServerStats.total.asSuccessResponses | .2.2 | Total successful responses received from the named AS server |
| apStirServerStats.total.asFailResponses | .2.3 | Total failed responses received from the named AS server |
| apStirServerStats.total.asFailServiceException | .2.4 | Total failed responses received from the named AS server caused by a service exception |
| apStirServerStats.total.asFailPolicyException | .2.5 | Total failed responses received from the named AS server caused by a policy exception |
| apStirServerStats.total.vsQueries | .2.6 | Total queries made to the named VS server |
| apStirServerStats.total.vsSuccessResponses | .2.7 | Total successful responses received from the named VS server |
| apStirServerStats.total.vsFailResponses | .2.8 | Total failed responses received from the named VS server |
| apStirServerStats.total.vsFailVerification | .2.9 | Total failed responses received from the named VS server indicating verification failure |
| apStirServerStats.total.vsFailServiceException | .2.10 | Total failed responses received from the named VS server caused by a service exception |
| apStirServerStats.total.vsFailPolicyException | .2.11 | Total failed responses received from the named VS server caused by a policy exception |
| apStirServerStats.total.ServerUnreachable | .2.12 | |
| apStirServerStats.permax.asQueries | .3.1 | Permax queries made to the named AS server |
| apStirServerStats.permax.asSuccessResponses | .3.2 | Permax successful responses received from the named AS server |
| apStirServerStats.permax.asFailResponses | .3.3 | Permax failed responses received from the named AS server |
| apStirServerStats.permax.asFailServiceException | .3.4 | Permax failed responses received from the named AS server caused by a service exception |
| apStirServerStats.permax.asFailPolicyException | .3.5 | Permax failed responses received from the named AS server caused by a policy exception |
| apStirServerStats.permax.vsQueries | .3.6 | Permax queries made to the named VS server |
| apStirServerStats.permax.vsSuccessResponses | .3.7 | Permax successful responses received from the named VS server |
| apStirServerStats.permax.vsFailResponses | .3.8 | Permax failed responses received from the named VS server |
| apStirServerStats.permax.vsFailVerification | .3.9 | Permax failed responses received from the named VS server indicating verification failure |
| apStirServerStats.permax.vsFailServiceException | .3.10 | Permax failed responses received from the named VS server caused by a service exception |
| apStirServerStats.permax.vsFailPolicyException | .3.11 | Recent failed responses received from the named VS server caused by a policy exception |
| apStirServerStats.permax.ServerUnreachable | .3.12 |
Alarms
This topic summarizes the Alarm changes that appear in this release.
Core Configuration Change in HA Environments
- 1 CPU core configuration changed - Reboot is required
SRTP and TLS Encryption/Decryption Failure Alarms
- SRTP Encryption Failed
- TLS Decryption Failed
STIR/SHAKEN Alarms
The SBC generates an alarm for STI server connection failure and failed REST responses. The SBC raises the trap when the circuit-breaker trips and clears it when the circuit-breaker closes again. Examples of events that would trigger the alarm include:
- Invalid credentials with STI-AS or STI-VS
- Cannot resolve host
- REST API response time out
- Internal REST API query time-out
HDR
This section presents changes to the HDR implementation.
STIR/SHAKEN Statistics
The 840p5 release includes new HDR data for collecting STIR/SHAKEN information. This stir-server-stats group includes the fields in the following table.
| Position | Statistic | Description |
|---|---|---|
| 1 | TimeStamp | N/A |
| 2 | STI-Server | Server name as configured on the SBC |
| 3 | AS Queries | Recent queries made to the named AS server |
| 4 | AS Success Responses | Recent successful responses received from the named AS server |
| 5 | AS Fail Responses | Recent failed responses received from the named AS server |
| 6 | AS Fail Service Exception | Recent failed responses received from the named AS server caused by a service exception |
| 7 | AS Fail Policy Exception | Recent failed responses received from the named AS server caused by a policy exception |
| 8 | VS Queries | Recent queries made to the named VS server |
| 9 | VS Success Responses | Recent successful responses received from the named VS server |
| 10 | VS Fail Responses | Recent failed responses received from the named VS server |
| 11 | VS Fail Verification | Recent failed responses received from the named VS server indicating verification failure |
| 12 | VS Fail Service Exception | Recent failed responses received from the named VS server caused by a service exception |
| 13 | VS Fail Policy Exception | Recent failed responses received from the named VS server caused by a policy exception |
| 14 | STI Server Unreachable | The number of times the server has tripped the STI server's 'circuit breaker' |
Errors and Warnings
The following errors or warnings have been added in this release.
verify-config Errors and Warnings
| Error or Warning | Description |
|---|---|
| WARNING: [x] and [y] should not be run simultaneously as they may interfere with each other and lead to undefined behavior. | Two or more of these conflicting items have been activated: comm-monitor, packet-trace, call-trace and SIP Monitoring & Trace. At least one needs to be disabled. |
| WARNING: access-control [x] has trust-level set to [y], while none of the attributes `invalid-signal-threshold[0], maximum-signal-threshold[0], nat-trust-threshold[0], max-endpoints-per-nat[0], nat-invalid-message-threshold[0], cac-failure-threshold[0]` are set | When DDoS is configured in media-manager, the access-control element [x] needs to have additional attributes set. |
ORACLE# packet-trace local start wancom0 "host 192.168.1.1"
WARNING: packet-trace and comm-monitor should not be run simultaneously as they may interfere with each other and lead to undefined behavior.
Do you want to continue : [y/n]?:ORACLE# capture start global *
WARNING: SIP Monitoring & Trace, call-trace and comm-monitor should not be run simultaneously as they may interfere with each other and lead to undefined behavior.
Do you want to continue : [y/n]?: