Allowlist Learning
You can build a SIP header and URI parameter allowlist configuration by way of the learning capabilities of the Oracle Communications Session Border Controller (SBC). When you enable learning mode on the SBC, it acquires knowledge of the allowable headers and parameters currently coming into your network. The SBC collects the information about the headers received and the parameters that exist within each header. The system gathers the information until you disable the learning mode.
After you disable the learning mode, the SBC prompts you to enter a name for the allowed-elements-profile. If the profile name you entered does not exist, the SBC writes the captured information to the new allowed-elements-profile configuration. The administrator can then make changes to the configuration as applicable, save the configuration, and apply it to a logical remote entity.
The allowed-elements-profile does not contain any wild card rules because the SBC cannot generate wild card headers and parameters during the learning mode. The Methods object is populated from the list of methods seen by the SBC while learning.
Note:
Oracle recommends running the learning mode during off-peak and light traffic periods. Learning mode can operate in conjunction with the execution of an allowed-elements-profile. The learning occurs just before any configured allowed-elements-profile configuration.Allowlist Learning Configuration
The ACLI interface provides two commands that allow a Superuser to start and stop allowlist learning on the Oracle Communications Session Border Controller (SBC):
| Command | Description |
|---|---|
| start <argument> <options> | Starts allowlist learning on the SBC.
You must specify the argument learn-allowed-elements with this command to start the learning operation. Optionally, you can use method, msg-type, and params after the argument. |
| stop <argument> <identifier> | Stops the allowlist learning on the SBC and writes the learned
configuration to the editing configuration on the SBC where it is saved and
activated.
You must specify the argument learn-allowed-elements with this command to stop the learning operation. You must specify a unique identifier that identifies the allowed-elements-profile name.If you specify an identifier name that already exists as a profile, the ACLI returns an error message and prompts you to enter a different name. |
You can use these commands at the top level ACLI prompt as required on the SBC.
You use these commands with the argument, learn-allowed-elements to start and stop allowlist learning. By default, the learning mode creates a single rule-set under which all of the headers and their respective parameters are stored.
For example:
ORACLE# start learn-allowed-elements
Learning mode for allowed-elements-profile started.In the preceding example, start is the top level ACLI command and learn-allowed-elements is the operation being performed.
Optionally, you can specify [method], [msg-type], and [params] in any order, for the Oracle Communications Session Border Controller to learn specific rule-set elements from incoming messages and save them to the allowlist configuration.
For example:
ORACLE# start learn-allowed-elements method msg-type paramsThe method option creates a new rule-set per unique method. The msg-type option creates a new rule-set per unique message-type seen. The params option performs URI and header parsing to examine parameters within the message. By default, parameter parsing is disabled.