1. Configuration Guide
  2. STIR/SHAKEN Client
  3. Configuring the STIR/SHAKEN Client
  4. Configure the STI Config

Configure the STI Config

To configure global STIR/SHAKEN configuration parameters on the SBC, use the sti-config object under session-router.

  1. In Superuser mode, type configure terminal and press Enter. 
    ACMEPACKET# configure terminal
ACMEPACKET(configure)#
  2. Type session-router and press Enter. 
    ACMEPACKET(configure)# session-router
ACMEPACKET(session-router)#
  3. Type sti-configand press Enter. 
    ACMEPACKET(session-router)# sti-config
ACMEPACKET(sti-config)#
  4. circuit-breaker-window-duration—Specify the time in seconds the system uses to establish the window it uses to establish the circuit breakers timing. The default is 10 seconds. The range is from 10 to 30.
  5. circuit-breaker-error-threshold —Specify the number of errors the system counts before it marks the server as out of service. The default is 5 seconds. The range is from 3 to 10.

    Note:

    The number of unsuccessful statistics, displayed as STI-VS Unsuccessful Responses, can be greater than this configured error threshold. These unsuccessful stats are a cumulative count, not a count of the errors received in this window duration.
  6. circuit-breaker-retry-time—Specify the time in seconds the system uses to retry connecting to the server. The default is 15 seconds. The range is from 5 to 900.
  7. circuit-breaker-half-open-frequency—Specify the number of times the system skips this server while it is marked half open. The default is 6, which causes the system to re-use the server once every 6th retry. The range is from 5 to 100.
  8. sti-signaling-attest-info-mandatory—Enables the system to require that the received INVITE contain the P-Attestation-Info and/or Attestation-Info header, and the P-Origination-Id and/or Origination-Id header, for the system to send a signing request to STI-AS. When disabled, the system sends a signing request to the STI-AS using either your configured attestation and orig-id values or, if sti-signalling-attest is enabled, using the information from the relevant SIP headers.
    • Disabled (Default)
    • Enabled
  9. anonymous-uri-add-verstat-to-hostpart—Enables the system to place the verstat parameter after the hostpart when the received INVITE does not contain a P-Asserted-Identity header, but does contain a Privacy header and an anonymous URI in the FROM. When enabled, the system adds the verstat parameter after the hostpart of the anonymous From URI. When disabled, the system adds the verstat parameter after the user-part of the anonymous From URI.
    • Disabled (Default)
    • Enabled
  10. use-identity-header—Enable, in conjunction with STI verification, to add a Reason header to 18x, 19x responses and 3xx, 4xx, 5xx, 6xx final responses to a callee with a cause value of “428” and the text “Use Identity Header” for all received INVITEs that did not contain an identity header.
  11. check-duplicate-passports—Enable the system to check for duplicate SHAKEN or DIV passports in a received INVITE. If it finds duplicates, the system deletes one of the duplicates from the INVITE.
  12. TN-retargeting—Enables to perform DIV authentication request, based on the received INVITE.
  13. verstat-comparison—Specify how the system compares the verstat value present in FROM and PAI headers with the values present in this parameter. If a value matches, then the system accepts the validation and performs only DIV authentication processes. If the value is empty, the system does not perform the comparison.
    • Default: Empty
    • TN-Validation-Passed
    • No-TN-Validation
    • TN-Validation-Passed
    • TN-Validation-Failed
  14. dest-comparison—Specify whether and on which header the system compares its stored TN with either the Request-URI or the To header in received INVITEs. If the value is empty, the system does not perform the comparison
    • Default: Empty
    • Request-URI
    • To
  15. sti-as-correlation-id —Enables the system to add the SipCallId parameter to REST authentication requests to the STI-AS. This parameter contains the information from the corrID parameter in the P-NokiaSiemens.Session-Info SIP header.
  16. sti-header-mapping-ruleset-name—Specifies the name of this STI Header Mapping Ruleset you want to use as default across all sti-servers. A ruleset name configured against a sti-server takes precedence for that server over this ruleset.
  17. reason-json-sip-translation —Enables the system to create a Reason header from the parameters reasoncode and reasontext, if received from the STI-VS. The system also adds this Reason header to the egress INVITE.
  18. flip-tn-lookup-order—Specifies whether the system applies precedence to PAI or FROM headers within incoming out-of-dialog requests when determining how to populate the orig shaken passport claim and to populate the verstat parameter received from STI-VS in outgoing requests.
    • Disabled (Default)—Apply precedence to PAI headers
    • Enabled—Apply precedence to FROM headers
  19. Type done.
  20. Save and activate your configuration.