AudioCodes SBC

Essentials & Configuration

(7.2.200)
Juan Felipe Serna

AudioCodes Academy
https://www.audiocodes.com/services-support/audiocodes-academy
Course Objectives

• After completing this course, you will be able to:

• Identify the AudioCodes products supporting the Session Border Controller (SBC)
functionality
• Identify the functions of the SBC
• Understand how the SBC handles SIP messages
• Understand the reasons for Number and Message Manipulation
• Understand the Survivability concept
• Be familiar with the SBC Security features
• Configure the parameters required by the SBC
• Configure SBC Manipulation rules
• Configure the SBC for SIP Trunking
• Configure the SBC PSTN interface

2
Lessons & Course Time Table
Day 1 Day 3
AudioCodes Introduction Hands-on Lab 3 – SBC Transcoding
AudioCodes Management Interface Introduction SBC Number & Message Manipulation
AudioCodes Documentation Hands-on Lab 4 – Header Manipulation
Hands-on Lab 1 – Management Interface Usage SBC Security
SBC Product Line
SBC Application Description

Day 2 Day 4
SBC Basic Terminology Gateways Introduction
SBC Configuration SBC Survivability
SBC Wizard Hands-on Lab 5 – SBC Survivability
Basic Debugging Tools SBC High Availability
Hands-on Lab 2 – SBC Routing
SBC Media Handling Certification Exam
3
Lesson 1

AudioCodes Introduction
AudioCodes in a glance

• Market leader in VoIP networking products

• Deployed in over than 100 countries in service provider and enterprise networks
• Recognized brand for quality & performance
• Global partnerships with leading telecom players
• Large Fortune 100 install base
• Over 600 employees, ~40% R&D
• More than 25 years of VoIP expertise
• Public since 1999 (NASDAQ:AUDC)

5
Global Presence and Support

• Worldwide presence:
• Headquarters: Israel
• North America: USA and Canada
• APAC: Japan, Singapore, Korea, China, India, Australia, Hong Kong
• EMEA: UK, France, Netherland, Germany, Russia, Italy, South Africa, Poland, Sweden
• CALA: Miami, Brazil, Mexico, Argentina, Colombia
• Global Distribution Network covering more than 100 countries
• Support Centers covering all time zones
• 3 Logistics Centers in North America, EMEA and APAC

6
Our Customers

• 49 of Fortune 100 enterprises are using AudioCodes technology

• Hundreds of multinational enterprises
• Energy, Finance and Insurance, Industrial engineering, Food, Commerce,
Government and Defense, Pharmaceuticals, High Tech, Automotive
• Thousands of mid-market customers
via Service Providers and resellers

7
Broadest Portfolio of Products

Management/Apps
Routing Manager OVOC CloudBond 365/CCE Apps

IP Phones
UC-HRS Speakers
405 420 430 440 445 450

Pure SBC
Mediant 2600 Mediant 4000/B Mediant 90xx Mediant SE Software Edition

Virtual & Cloud SBC

Mediant VE (Virtual Edition) Mediant CE (Cloud Edition)

Hybrid SBC/Gateway
Mediant 500/L Mediant 800/B/C Mediant 1000B Mediant 3000*

Gateways/Adaptors
MP-2xx MP-1xx MP-124 MP1288
8
AudioCodes All-in-One Voice Solution

Covering all aspects of VoIP solutions

9
The Voice Experts @ Your Service

Network Voice Project Planning & Site Survey, AudioCodes

Readiness Management Design Installation & Academy
Assessments Design
Implementation
Implement

Test

5 10 20 25 30 35

24x7 Technical Hardware Local Technician Software Remote

Support Replacement Dispatch Upgrades Monitoring
12

9 3

12
End to End 9 3
Managed Services 6

10
AudioCodes Complete Network Life-cycle Model

• Full product life cycle

• Plan
• Determine the right solution and best practices for any project’s needs

• Implement
• Achieve smooth voice implementations with global physical installation
and configuration

• Operate
• Prompt technical support, efficient hardware replacement and ongoing
software and hardware upgrades
11
AudioCodes Global Services – Making the Difference

Expert
We know our products best - Faster service, better and faster
solutions with leading team of specialists

Complementary
A broad portfolio of services designed to complement partners’
own offerings, facilitating a complete solution to the customer

Global
AudioCodes and AudioCodes-branded service partners are
present in over 190 countries, allowing partners to go to market
worldwide
12
Operational Services – ACTS & CHAMPS

• ACTS: Direct Support – Tier 2 – 4 (9 x 5 or 24 x 7)

• CHAMPS: Back-to-Back Support – Tier 3 – 4 (9 x 5 or 24 x 7)
• Not including installation, configuration, and provisioning (which can be
purchased separately)
• Support available after AudioCodes products are implemented and in service
• Support is provided based on serial number entitlement check Extended
Hardware Warranty (RMA) included
• Software Maintenance and all S/W upgrades, patches, maintenance releases
and major version releases
• Certificate of Eligibility issued with each purchase

13
AudioCodes Academy

• AudioCodes Academy offers a comprehensive set of technical training courses for

AudioCodes’ partners and customers
• Designed to enable Partners and Customers to successfully install, integrate, configure,
and support AudioCodes solutions
• Instructor-Led
• Combination of lecture and deep hands-on training with AudioCodes equipment
• Certification testing at conclusion of each course
• Certifications are valid for two years

14
Technical Training – Career Certifications
• Two types of Certification Levels:

• ACA – AudioCodes Certified Associate

• Basic level certification
• Required for the installation and maintenance of AudioCodes devices

• ACP – AudioCodes Certified Professional

• Advanced level certification
• Required for the installation, maintenance and advanced troubleshooting
of all AudioCodes networking products in advanced customer scenarios
• Prerequisite: ACA certification and 6 months of field experience as ACA

* Certificates are valid for two years

15
Technical Training – Career Certifications
• Record of Participation courses:
• AudioCodes SBC: Fundamentals
• AudioCodes CCE: Installation & Configuration
• AudioCodes Routing Manager (ARM) Participation
• AudioCodes OVOC
• VoIP and SIP Fundamentals
• ACA courses:
• AudioCodes SBC: Essentials & Configuration
• AudioCodes SBC in Cloud Environments: Essentials & Configuration
• AudioCodes SBC in Microsoft Skype for Business Environment: Essentials & Configuration
• AudioCodes SBC in Microsoft Teams Environment: Essentials & Configuration
• AudioCodes SBC in Microsoft O365 Environment: Essentials & Configuration
• AudioCodes Enterprise GW: Essentials & Configuration
• AudioCodes MSBR: Essentials & Configuration
• AudioCodes Mediant 3000
• ACP courses:
• AudioCodes SBC: Advanced Interworking & Security
• AudioCodes SBC: Advanced Routing & Multitenancy

16
AudioCodes Website - www.audiocodes.com

17
Lesson 2

AudioCodes Devices Management Interface

Introduction
Objectives

• After completing this lesson you will:

• Be familiar with the AudioCodes GUI
• Know how to assign IP Networking parameters
• Be acquainted with the Maintenance Interface
• Understand ini file structure
• Know how to upgrade/downgrade firmware
• Know how to update the License Key

19
Management and Maintenance Options

Embedded Web Server Command Line Interface (CLI)

Configuration file
REST-based programs
referred to as the ini file
(such as AudioCodes’ OVOC)

20
Assigning Networking Parameters

• HTTP using Web browser

• BootP
• DHCP
• Console/CLI

21
Default Factory IP Address

Product Default
MP-11x FXS and FXS/FXO devices – 10.1.10.10
MP-124 FXO devices – 10.1.10.11
MP-1288
Mediant 500 E-SBC
Mediant 800 E-SBC
Mediant 1000 E-SBC 192.168.0.2/24
Mediant 2600/4000 SBC
Mediant 9000 SBC
Software SBC (Mediant SE/VE)
Mediant 500L MSBR LAN Data – 192.168.0.1/24 (DHCP Server enable)
Mediant 500 MSBR LAN Voice – 192.168.0.2/24
Mediant 800 MSBR WAN Data – DHCP Client
22
Assigning IP Address – HTTP

• Disconnect the SBC from the network and connect it to a PC

• Change the PC’s IP address and subnet mask to correspond with the SBC's factory
default networking parameters
• Open a Web browser and access the Web interface
• Change the networking parameters via ‘IP Interfaces’
• Reconnect the SBC and your PC to the network
• Restore your PC’s IP address and subnet mask to their original settings

23
Assigning IP Address – HTTP

24
Assigning IP Address – BootP

• Bootstrap Protocol allows a host to configure itself dynamically

• Provides two main services:
• Assigns IP address and networking parameters
• Provides the name of the software (cmp) file and configuration (ini) file to be loaded by
the device (via TFTP)
• Provides the IP address of the TFTP server
• MediaPack
• Hardware reset triggers a BootP request
• Mediant
• BootP request on startup is not supported on Mediant SBCs
• To force a BootP request, press the Reset button for 30 seconds (Rescue Mode)

25
Assigning IP Address – DHCP
• Dynamic Host Control Protocol – provides a mechanism for allocating IP addresses
dynamically so that addresses can be reused
• After the Device is powered up if DHCP is enabled (DHCPEnable = 1), the Device attempts to
obtain its IP address and other network parameters from the DHCP server

26
Assigning IP Address – Console/CLI

• Establish a Console (VGA or COM) or CLI (Telnet/SSH) session with the device
• Use these communications port settings:
• Baud Rate: 115,200 bps
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow control: None
• At the CLI prompt, type the following (case sensitive):
• Default Username: Admin
• Default Password: Admin

27
Assigning IP Address – RS-232

Username: Admin
Password: *****

Mediant 800> enable

Password: *****

Mediant 800# configure network

Mediant 800(config-network)# interface network-if 0

Mediant 800(network-if-0)# ip-address 10.15.17.55

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit’ command

Mediant 800(network-if-0)# prefix-length 16

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit' command

Mediant 800(network-if-0)# gateway 10.15.0.1

Note: Changes to this parameter will take effect when applying the 'activate' or 'exit' command

Mediant 800(network-if-0)# exit

Mediant 800(network-if-0)# write

Mediant 800(config-network)# exit

Mediant 800#

After ‘exit’ the address changed. Logon again using the new IP address 28
Configuration File (ini file)

Serial Number = Decimal representation of the last

6 digits of the MAC address (i.e., 00:90:8F:3B:F4:CE)

7.20 – Major software version

A – Indicates that this is a SIP version (e.g., not Megaco)
200.016 – Minor software version

29
Configuration File (ini file)

30
ini File Parameters
• The ini file can be loaded via BootP/TFTP, Web interface, or using the automatic update mechanism
• Case insensitive
• Lines beginning with semi-colon (;) as first character are ignored
• Carriage Return must be each line’s final character
• Number of spaces before and after equal ( = ) is irrelevant
• Values of string parameters must be placed between two single quotes ( ‘ ’ )
• Syntax errors in value can cause unexpected errors (may be set to wrong values)
• Syntax error in the parameter name is ignored (error message is generated)
• When a parameter is missing from the ini file, its default is assigned
• Subsection names are optional
[Sub Section Name]
Parameter_Name = Parameter_Value
Parameter_Name = Parameter_Value

; REMARK
31
ini File Table Parameters

• Tables are used in ini files to represent parameters that have several instances
(e.g., Coders, Proxy servers, Routing tables, etc.)
• Examples:

32
AudioCodes INI Viewer & Editor
• A simple viewer and editor for configuration (INI) files used by AudioCodes Media Gateway
and Session Border Controller (SBC) products
• Two Modes:
• View Mode: View Mode
• Standalone and Table Edit Mode
parameters can be viewed in
a very friendly way
• Edit Mode:
• Standalone and Table
parameters can be edited
(modified, added, removed,
etc.) for a very easy way of
changing their contents
• Once this is done, the new
INI file can be saved and
uploaded to the device in
order to apply the new
configuration

33
AudioCodes INI Viewer & Editor

• Table Parameters in View Mode

34
AudioCodes INI Viewer & Editor

• Table Parameters in Edit Mode

35
Accessing the Web Interface

Default Username: Admin

Default Password: Admin
36
GUI Areas

Toolbar providing
Company Logo Menu Bar Containing the Menus frequently required
• Setup command buttons
• Monitor
• Troubleshoot

Alarm bell icon: Displays the

number of active alarms
generated by the device

Button displaying
the username of
the currently
logged in user

37
GUI Areas

Search box for

Tab bar containing tabs pertaining to the selected menu: searching parameter
names and values
• Setup menu:
• IP Network
• Signaling & Media
• Administration
• Monitor menu:
• Monitor
• Troubleshoot menu:
• Troubleshoot

38
GUI Areas
Back and Forward buttons that enable quick-
and-easy navigation through previously
opened pages

SRD filter
When your configuration includes multiple SRDs, you
can filter tables in the Web interface by a specific SRD

39
GUI Areas

Work pane:
Where configuration pages are displayed

40
Tool Bar

Button Description
Save Saves parameter settings to flash memory
Reset Resets the device
Opens a drop-down menu list with frequently needed commands:
Configuration Files to load or save an ini file
Auxiliary File to load auxiliary files such as: Dial Plans, Call Progress Tones, others
Actions
License Key to determine features, capabilities and available resources
Software Upgrade to upgrade the device's software
Configuration wizard

Displays the number of active alarms generated by the device

Opens a drop-down menu and:

Logon Name Shows the logged in user’s access level and session time
(i.e. Admin) Allow password change
Allows to Logout
41
Modifying/Saving Parameters

• When changing parameter values, the changed parameter has a yellow background
• To save configuration changes to volatile memory (RAM), click the Apply button

• Modifications to parameters with on-the-fly capabilities are immediately applied to

the device and immediately take effect
• Parameters displayed with a lightning symbol are not changeable on-the-fly and
require a device reset

42
Modifying/Saving Parameters

• If you click the Apply button after modifying parameters a red rectangle appears
surrounding the Save button
• This is a reminder to save your settings to flash memory

• If you click the Apply button after modifying parameters that take effect only after a
device reset, a red rectangle appears surrounding the both, the Save and Reset
buttons
• This is a reminder to later save your settings to flash memory and reset the device

43
Stand-alone Parameters
• Parameters that are not contained in a table are referred to as stand-alone parameters

Stand-alone parameters

44
Stand-alone Parameters Configuration
• Parameters not requiring a device reset

3. Click Save
(Changes are saved to the
non-volatile memory (flash))

1. Modify the parameter's

value as desired

4. Click Yes

2. Click Apply
(Changes are saved to the volatile memory (RAM))

45
Stand-alone Parameters Configuration
• Parameters requiring a device reset

3. Click Save
(Changes are saved to the
non-volatile memory (flash))
4. Click Reset
(the Maintenance
Actions page opens)

1. Modify the parameter's

value as desired

2. Click Apply
(Changes are saved to the volatile
memory (RAM))

46
Stand-alone Parameters Configuration
• Resetting the device

2. Click OK

Please note
1. Click Reset
(the device saves the changes to flash memory and then resets)
47
Stand-alone Parameters Configuration

• Restarting the devices

48
Stand-alone Parameters Indications Meaning

Parameters changed and not applied are highlighted

A dot appears next to parameters changed from their

default values and when the Apply button was clicked

Changes on parameters displaying a lightning-bolt icon,

require to be saved to flash memory followed by a device
reset for your changes to take effect

Typically required parameters are displayed in bold font

An invalid value for a parameter reverts to its previous

value and is surrounded by a colored border

To get help on a parameter, hover your mouse over the

parameter's field
A pop-up help appears, displaying a brief description of
the parameter

49
Table Parameters – General Description

Page title (name of table) Navigation bar for scrolling Search tool for searching
Also displays the number of through the table's pages parameters and values
configured rows as well as the Sort can be done
number of invalid rows by any column

Added table rows displaying

Adds a new row to the table only some of the table
Modifies the selected row parameters
Deletes the selected row

Detailed view of a selected row, displaying all parameters

Link to open the "child" table of the "parent" table.

Only appears if the table has a "child" table
50
Table Syntax
• The table is divided into two main areas: Matching characteristics and Action to take
• If the incoming call matches the characteristics of a rule, then the call is sent to the destination
configured for that rule
• Non-configured parameter fields
may appear with different values,
for example, “-1”, “0” or empty

51
Fields to Match

• Device attempts to match patterns at the top of the table first (first match)
• More specific rules should be at the top and more generic ones at the bottom

Take the rule up

‘551’ will never match because ’55’ matches

every prefix that starts with ’55’

52
Numbers Notation for Routing and Manipulation
• Flexible numbers notations for describing the prefix and/or suffix source and/or destination
phone numbers and SIP URI user names:

▪ Prefix [n-m] or Suffix (n-m)

▪ Represents a range of numbers

▪ Prefix [n,m,...] or Suffix (n,m,...) Destination Phone Prefix Source Phone Prefix
▪ Represents multiple numbers 1 9x*
▪ Multiple ranges such as [n-m,s-t] are also supported 2[2,6,7,9] 1xxx
▪ Up to three digits can be used to denote each number 2[1-4,7,9] 1xxx#
[100-150,222,244,300-499] 1*
▪ x (letter ‘x’) 6[100-300] (99)
▪ Represents any single digit 976(99) 2[1-4]
6[100-300]# *
▪ # (Pound symbol)
▪ Represents the end of a number
* *

▪ * (asterisk symbol)
▪ Represents any number

53
Numbers Notation
• Examples:
• [5200-5300]#
• represents all numbers from 5200 to 5300
• [2,3,4]xxx#
• represents four-digit numbers that start with 2, 3 or 4 (2000-4999)
• 54324
• represents any number that starts with 54324
• 54324xx#
• represents seven-digit numbers that start with 54324
• 123[100-200]#
• represents six-digit numbers that start with 123 (123100 to 123200)
• (100)
• represents any number that finishes with 100
• (266[1-9])
• represents any number that finishes with 2661 to 2669

54
Assigning Rows from other Tables

• Tables may contain parameters assigned a value which is a row referenced from
another table

A View button opens the

row-referenced table

55
Assigning Rows from other Tables

• For example, after pressing the View button pointing to the Network Interface,
the referenced table web page is opened

A View button opens the

row-referenced table

56
Table Parameters Invalid Values Indications
• When adding a row:
• If a mandatory parameter’s value, which is a row referenced from another table is not assigned,
after clicking Apply, an error message is displayed at the bottom of the dialog box
• Clicking Cancel closes the dialog box and the row is not added to the table
• To add the row, you must configure the parameter

57
Table Parameters Invalid Values Indications
• When editing a row:
• If a parameter’s configuration is changed so that it's no longer assigned with a referenced
row from another table, when the dialog box is closed, the Invalid Line icon appears for
the table in which the parameter is configured, in the shown locations:

3. Item in the Navigation tree 1. Page title of the table. The total number of invalid rows in the
that opens the table table is also displayed with the icon

2. 'Index' column of the row to which the parameter belongs

58
Table Parameters Invalid Values Indications

• When a parameter assigned a value which is an invalid row referenced from

another
• The Invalid Reference Line Icon is displayed for the table in which the parameter is
configured, in the shown locations

1. Page title of the table. The total number of invalid rows in the
table is also displayed with the icon

2. 'Index' column of the row to which the parameter belongs

3. Item in the Navigation tree that opens the table

59
Searching for Configuration Parameters

• Parameter names (standalone or table) and values can be searched in the Web
interface
• The search key can include the full parameter name (Web or ini file name) or a substring
of it
• For a substring, all parameters containing the substring in their names are listed in the
search result
• The search key for a parameter value can include alphanumeric and certain characters
• The key can be a complete value or a partial value
• When the device completes the search, it displays a list of found results based on
the search key
• Each possible result, when clicked, opens the page on which the parameter or value is
located

60
Searching for Configuration Parameters

Search can
be by name
or by value

61
Setup Menu

• 3 Options:

• IP Network

• Signaling & Media

• Administration

62
Setup Menu: IP Network Option
• Home Page: NETWORK VIEW
• Shows a graphical display of the core networking entities
• IP interfaces
• VLANs (Ethernet Devices)
• Ethernet Groups
• Physical Ethernet ports
• Enables the administrator to easily build and view the main network topology
• Other Pages
• Networking Core Entities
• Security
• Quality
• DNS
• WEB Services
• HTTP Proxy
• Radius & LDAP
• Advanced
63
Setup Menu: IP Network Option
• Home Page: NETWORK VIEW

IP Interfaces can be added, VLANs can be

edited, viewed or deleted added, edited,
viewed or deleted

Ethernet Groups
can be, edited
or viewed

Physical Ports
can be, edited
or viewed

64
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW
• Shows a graphical display of the core SIP configuration entities
• IP Groups
• SIP Interfaces
• Media Realms
• Enables the administrator to easily build and view the SIP topology
• Other Pages
• Signaling and Media Core Entities
• Gateway
• Media
• Coders and Profiles
• SBC
• SIP Definition
• Message Manipulation
• Intrusion Detection
• SIP Recording

65
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW

IP Groups can
be added

Trunk Groups
Tel view (i.e. related can be added IP top view (i.e.
to the PSTN) related to the WAN)

SIP Interfaces can be SIP Interfaces can be Media Realms can be

added and shown at added and shown at added and shown at
the top or bottom the top or bottom the top or bottom
(GW application) (SBC application)

The links between SIP

Interfaces, Media Realms
and IP Groups are shown IP bottom view (i.e.
related to the LAN)

IP Groups can
be added
66
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW

Hover to see the

basic configuration

Click to edit, show,

or delete
parameters or tables

Hover to see
the basic
configuration

Hover to see the

basic configuration

Click to edit, show,

or delete
parameters or tables Click to edit, show,
or delete
parameters or tables

67
Setup Menu: Signaling & Media Option
• Home Page: TOPOLOGY VIEW

Direct links to the

Direct links to SBC’s main
the Gateway’s parameters and
main parameters tables
and tables

Indications of valid or invalid configuration on tables or parameters

68
Setup Menu: Administration Option

• Home Page: TIME & DATE

• Shows and allows to configure parameters related to:
• Local Time
• NTP Information
• Time Zone
• Other Pages
• WEB & CLI pages
• SNMP Pages
• Maintenance

69
Setup Menu: Administration Option
• Home Page: TIME & DATE

Displays and allows Displays and allows

to configure the local to configure the
time and date UTC, offset and DST

Displays and allows

to configure the
NTP server
information

70
Web Local Users Table

Username & Password

User levels:
• End User
• Monitor
• Administrator
• Security Administrator
• Master
71
Maintenance Actions
• Reset Device: After a Web reset, the device starts from Flash
• Lock: The device doesn't accept any new incoming calls
• Save to Flash: Save the running configuration to the memory
• Graceful Option: Shutdown will perform only after X configured sec. or no more active traffic
exists

72
Maintenance: Configuration File

To restore the defaults, use an empty ini file (except

for the incremental option via the Auxiliary Files page –
later more on this) or ‘Restore Defaults’ with checked
‘Preserve Network and users Configuration’ (option
supported only on Mediant Family Devices)

Configuration, Auxiliary and Certificate files can be

loaded to and saved from the device as a single,
packaged file. The feature is typically used for backup
and loading the backup to other devices.
73
Configuration Package Files

• INI.ini
• LOGO.dat
• FAVICON.dat
• CPT.dat
• PRT.dat
• AMD.dat
• SBC_Wizard.dat
• CAS.dat
• DPLN.dat (Dial Plan)
• Certificate files
• DialPlanRule.csv (import only - can load any CSV file. For example, User-Info Table)
74
Maintenance: Auxiliary Files

Various auxiliary files can

be loaded to the device

75
Maintenance: Upgrading & Downgrading Software

• The device can be updated with software (cmp file), configuration (ini file), auxiliary
files and license key using:
• Web interface
• BootP/TFTP utility
• Automatic Update Mechanism

76
Maintenance: License Key

• Supplied with digital gateways (not relevant for MP-1xx)

• Determines features, capabilities and available resources
• Provided in string format or in a txt file to be loaded to the device
• Stored in the device's non-volatile flash memory
• After loading the new key, the device must be reset

77
Maintenance: License Key

78
Maintenance: HA

79
Maintenance: Configuration Wizard
• The SBC configuration wizard provides fast SBC configuration
• Based on a large set of tested interoperability configurations
• User selects a PBX type and service provider SIP trunk type from a list of over 30 PBX
models and 100 SIP trunks
• Data base updates automatically with new PBX models and SIP trunks from the cloud
• Available in both standalone windows app and embedded on the SBC web GUI

80
Monitor Menu

• One Option: Monitor

• Home Page: MONITOR
• Shows a graphical display of the Device
• Device Information
• Alarms Status
• Activity Log
• Enables the administrator to easily view the device’s main information and statuses
• Other Pages
• Performance Monitoring
• VoIP Status
• PSTN Status
• Network Status

81
Monitor Menu
• Home Page: MONITOR

Shows the IP Address, Firmware, Type of Devices and Serial Number

Displays status and

information on the hardware

Displays SBC’s statistics and

information on calls,
transactions and registration

82
Device Information

83
Troubleshoot Menu

• One Option: TROUBLESHOOT

• Home Page: Message Log
• If logging is active, it shows the device’s activity
• Other Pages
• Logging configuration
• Call Detail Record
• Test Calls
• Debug

84
Troubleshoot Menu

• Home Page: MESSAGE LOG

85
AdminPage

• Used to configure parameters that don’t appear in the Web interface

86
Check your Learning

❑Which of the following is false?

A. License key doesn't apply to the MP-11x
B. License key can limit the number of trunks that can be used on the Mediant 1000
C. License key can be defined for the SBC application on a Mediant 1000
D. To enable the coder G.711 the required License key should be loaded

❑How can I assign networking parameters to a Mediant SBC?

A. Only via DHCP
B. Only using the CLI interface
C. Only via HTTP using web browser
D. Via DHCP, CLI or HTTP using web browser

87
Check your Learning

❑Configuring the Mediant IP address is done in the:

A. IP Interfaces table
B. VLAN table
C. SIP Definitions General Settings
D. None of the above

❑The Call Progress Tone file can be uploaded as:

A. A Configuration file
B. An Auxiliary file
C. SIP Definitions General Settings
D. None of the above

88
Check your Learning

❑Which of the following is true in the structure of the ini file?

A. The subsection names have to be written specifically in uppercase
B. Parameters must be placed in the relevant section in the ini file
C. When a parameter is missing the assumed value will be 0 (zero)
D. None of the above

❑When dot appears in the Web Interface next to parameters it means that:
A. That is a significate parameter
B. The value was changed from it’s default value
C. Need to perform a device reset for parameter value change to take effect
D. It doesn’t mean a thing

89
Lesson 3

AudioCodes Documentation
Lesson Objectives

• After completing this lesson, you will:

• Understand how to obtain technical documentation from AudioCodes’ Web site

• Be familiar with the different documents that AudioCodes publishes regularly for its'
products
• Understand how to use the documents for configuration and maintenances purposes

91
Obtaining AudioCodes Documentation

• You can access all AudioCodes' documentation from AudioCodes Web site
• This includes:
• Technical documentation (user manuals, hardware installation manuals, configuration
and release notes)
• Homologation material (regulatory information)
• Partner/channel material (interoperability guides etc.)
• Marketing material (white papers, application notes, product notices, etc.)

92
Obtaining Document

93
Obtaining Document (Cont.)

• Use the following filters to search for you document:

• Product Family: Choose the family to which the product belongs
• Product: Choose the required product
• Software Version: Choose an option that is displayed in the format Version <version>
(e.g. Version 7.2)
• Documentation Type: Choose the type of document (e.g. User Manuals)

94
Specific Documentation

• Analog Gateways (MediaPack family):

• MP-11x & MP-124, MP-1288
• Digital Gateways and/or SBCs (Mediant family):
• Mediant 500L/500, 800, 1000B, 2600, 3000, 4000, 9000, SW Virtual/Server/Cloud Edition
• For each product, the following documents are published per release:
• User’s Manual
• Hardware Installation Manual

95
Enterprise Gateways and SBCs User’s Manual

• Main document for configuration and maintenance

• Divided into parts, such as:
• Overview of the product
• Getting started
• Management tools
• General System Settings
• General Configuration
• Specific applications’ description and configuration
• Maintenance
• Status, Performance Monitoring and Reporting
• Diagnostics
• Appendixes

• Identified by software release version

96
Hardware Installation Manual

• Hardware description and step-by-step procedures

for installing and cabling the device
• Divided into chapters, such as:
• Overview of the product
• Unpacking the device
• Physical description
• Mounting the device
• Cabling the device
• Hardware maintenance

97
Additional Documentation

• Besides the previous manuals there are other

useful documents
• Release Notes
• One per software release
• Includes:
• New features
• Updates
• Bugs fixing
• Workarounds on existing constraints
• Others

98
Additional Documentation

• Complementary Guides
• Includes
• Reference Guides
• Design Guides
• Security Guidelines
• Utilities Guides
• Others
• Identified by software release version

99
Additional Documentation

• Configuration Notes
• Document providing a detailed description on how
to configure a specific feature/function/application
for a product
• Normally referenced by the User’s Manual

100
Hands-on Lab 1

Management Interface Usage

Lesson 4

SBC Product Line

Lesson Objectives

• After completing this lesson you’ll be able to:

• Identify AudioCodes products that support SBC
• Know entities physical description

103
SBC Portfolio

Pure SBC
Mediant 2600 Mediant 4000/B Mediant 90xx Mediant SE Software Edition

Hybrid SBC/Gateway
Mediant 500/L Mediant 800/B/C Mediant 1000B Mediant 3000*

Virtual & Cloud SBC

Mediant VE (Virtual Edition) Mediant CE (Cloud Edition)

Note: The latest maintenance firmware version for Mediant 3000 is 7.0 104
Pure SBC Portfolio

Mediant 2600 SBC Mediant 4000/B SBC Mediant 9030/9080 SBC Mediant SE

Large Enterprise, Service Large Enterprise, Service

Enterprise and Contact
End customer Providers, Providers, Service Providers, OEM
Center
Contact Centers Contact Centers
SIP trunking, Service SIP trunking, SIP trunking,
Application SIP trunking
Provider Access SBC SP Access SBC SP Access SBC

Sessions Up to 600 Up to 5,000 30,000/70,000 Up to 55,000

SRTP-RTP 600 3,000/5,000 30,000/Up to 40,000 Up to 40,000

9080 only - up to 30,000
Up to 2,400 (with MPM8)
Transcoding Up to 600 (with MPM4) w/Media Component Up to 25,000 w/MTC
/ 5,000 (with MPM12B)
(MC)

Registers Up to 8,000 Up to 20,000 200,000/Up to 500,000 Up to 300,000

105
Hybrid SBC portfolio

Mediant 500L E-SBC Mediant 500 E-SBC Mediant 800B/C E-SBC Mediant 1000B E-SBC Mediant 3000 SBC (7.0)

Small enterprise, Enterprise, Service

End customer SMB SMB, branch SMB, SME, branch
branch Providers
Demarcation device, SIP trunk, survivability, SIP trunk, survivability,
Application SIP and TDM trunking SIP and TDM trunking
SIP trunking TDM trunking TDM trunking
Sessions 60 Up to 250 Up to 400 150 1,008

SRTP-RTP 60 Up to 200 Up to 250 120 1,008

Transcoding N/A N/A Up to 114 96 1,008

Registers 200 Up to 1,500 Up to 2,000 600 3,000

√ √ √ √ √
MSBR/MGW
Analog, Up to 4 BRI Analog, 1 E1/T1 Analog, BRI, 2/4 E1/T1 6E1/8T1 OC3/STM1/DS3

106
Virtual & Cloud SBC Portfolio

Mediant VE Mediant CE

Enterprise, ISVs & OEMs, Service

End customer Enterprise, Service Providers
Providers
SIP trunking, SIP trunking,
Application
SP Access SBC SP Access SBC
Sessions Up to 24,000 Up to 40,000
SRTP to RTP Up to 10,000 Up to 40,000
Up to 30,000 w/Media
Transcoding Up to 12,000 w/MTC
Component (MC)

Registers Up to 75,000 Up to 130,000

107
Mediant 500L Physical Interfaces

• LAN Ethernet ports:

• Four Gigabit Ethernet (10/100/1000Base-T) LAN ports

• Optional PSTN interfaces:

• Up to 4 BRI
• Up to 4 FXS/FXO

• High-Availability 1+1

• OAM&P
• Embedded HTTP/S-based Web Server
• Command Line Interface (CLI) USB port
• Configuration ini file
• SNMP Four Gigabit
RS-232 serial Ethernet ports
• REST API communication
108
Mediant 500 Physical Interfaces

• LAN Ethernet ports :

• Four Gigabit Ethernet (10/100/1000Base-T) LAN ports
• PSTN connectivity
• Up to 1 E1/T1/J1 trunk
• High-Availability 1+1
• OAM&P
• Embedded HTTP/S-based Web Server
• Command Line Interface (CLI)
• Configuration ini file Two USB ports RS-232 serial four Gigabit
communication Ethernet ports
• SNMP
• REST API

109
Mediant 800B Physical Interfaces
• LAN Ethernet ports:
• Up to 4 Gigabit Ethernet Power / Status LEDs Reset pinhole
button
• Up to 8 Fast Ethernet
• Integrated PSTN connectivity FXS/FXO/BRI/E1/T1
• Up to 2 E1/T1/J1 trunks
• 8 BRI ports (16 calls)
• Up to 12 analog FXS/FXO ports
• High-Availability 1+1
• OAM&P:
• Embedded HTTP/S-based Web Server Four Gigabit Eight Fast Ethernet
Ethernet LAN ports LAN ports
• Command Line Interface (CLI)
• Configuration ini file
• SNMP
• REST API
• Integrated Open Solutions Network (OSN) server platform
110
New Mediant 800C

• Up to 4 x E1/T1

• Dual flash memory, allowing the user to revert to the previous software version
after a software upgrade failure

• Dual power supply – in addition the AC power supply supplied by default,

the chassis can be ordered with an option DC power supply inlet

• Increased Gateway and SBC session capacity due to powerful CPU

111
Standalone OSN Server Hosted on Mediant 800B

Parameter OSN6 OSN7

Intel® Core™ i7-5850EQ Processor Intel® Pentium® Processor D Series
CPU 4 Cores, 6M Cache, 2.7 GHz 2 Cores, 3M Cache, 2.60 GHz
Memory 32 GB 16 GB

Hard Drives 128 GB SSD (or higher, for special request)

• 2 Gigabit Ethernet external (rear panel)

• 1 Gigabit Ethernet internal bus, connected to the Mediant
Interfaces
• 3 USB 2.0
• VGA

112
Mediant 1000B
• LAN Ethernet ports
• Up to 3 Pairs of 1+1 LAN interfaces
• Modular – can host a variety of interfaces MSBR: CRMX
• 1 to 6 E1/8T1/ trunks (up to 192 channels) SBC: CMX
• 4 to 20 BRI ports (40 calls) Field-Replaceable
• 4 to 24 analog (FXS/FXO) ports FXO/FXS/Trunks/BRI/MPM Fan Tray Module
• Up to 4 MPMs for media processing Modules
• Enterprise Class Session Border Controller (E-SBC)
• Single or Dual Power Supply
• 2 OSN servers (Optional)
• OAM&P:
• Embedded HTTP/S-based Web Server
• Command Line Interface (CLI) 2 Power Supply
Serial Port Modules
• Configuration ini file
• SNMP
• REST API

113
Mediant 1000B – Rear Panel

Item # Label Description

1 Protective earthing screw.
2 ESD Electrostatic Discharge (ESD) socket.
3 100-240V~1A Dual AC Power Supply Entries.
4 OSN3C or OSN4B OSN3C or OSN4B AMC module.
5 HDMX Main hard-disk drive (HDD) AMC module for OSN server platform.
6 HDMX Slot for second (optional) HDD for OSN server platform.
7 - Unused and covered AMC module slots.
114
Standalone OSN Server Hosted on Mediant 1000B

Parameter OSN3C OSN4B

Intel® Pentium® Processor D1508 Intel® Xeon® Processor D-1527
CPU 2 Cores, 3M Cache, 2.20 GHz 4 Cores , 6M Cache, 2.20 GHz
RAM Memory 8 GB 16 GB

Hard Drives Up to 2 hard drives (HDMX modules) 500 GB HDD or 120GB SSD (2 HDD can work in Raid1)

• 2 Gigabit Ethernet external (rear panel)

• 1 Gigabit Ethernet internal bus, connected to the Mediant
Interfaces • USB 2.0
• RS-232
• Graphics
115
Mediant 500L / 500 / 800B / 800C / 1000B* MSBR

• Dual Processors (CMX & RMX)

• WAN port – WAN Gigabit Ethernet, T1 WAN, SHDSL, ADSL/VDSL
• Strong CLI management
• Data Routing capabilities by providing static routing and dynamic routing protocols
such as RIP/OSPF and BGP
• Supports a selection of WAN interfaces providing flexibility connecting to Service
Providers
• Firewall
• QoS
• Mediant 500L/500 and 800 only: 3G connection (using USB 3G stick) used as
primary WAN interface or as optional/backup when primary WAN fails
Note: The latest maintenance firmware version for Mediant 1000B MSBR is 7.0
116
MP-1288 Overview
• 19” x 3U Chassis
• Single CPU module
• 4 Analog blades, each supporting 72 ports
• 1+1 AC Power Supplies
• Front to Rear Cooling Item # Label Description
1 - Fan Tray cover
• Extractable fan tray 2 SYS / TEL / PWR / FAN Front-panel LEDs
• 1+1 Gig ETH connection
• DSPs on each Blade
• Hot-swappable
• Supports short and long haul up to 7.5 Km
• SBC functionality
Item # Label Description
1 CPU CPU module providing the central processing unit and various network port interfaces
2 PS1 / PS2 Power Supply modules
Blades:
S1 / S2 / S3 / S4
3 FXS blades providing FXS port interfaces
FXS Ports:
FXS 1-24 / FXS 25-48 / FXS 49-72
Protective grounding for connecting a grounding lug for chassis ground connection for ESD-preventive
4
equipment or a grounding wire
117
Mediant 3000

• Operation modes:
• Simplex operation
• High-Availability 2 x cPCI

• LAN ports:
• Dual redundant 10/100/1000 Base-T (6310)
• 2nd dual redundant 10/100/1000 Base-T (8410)

• Integrated PSTN connectivity

• 63 – E1, 84 – T1, 3 X DS-3 (T3), 1 X STM-1 or 1 X OC3

118
Mediant 2600/4000

Mediant Mediant
2600 4000

• Scalable from 100 up to 600 Sessions • Scalable from 50 up to 5,000 Sessions

• High-Availability 1+1

• Max. 600 simultaneous calls • Max. 5,000 simultaneous calls

119
Mediant 2600/4000 – HW Configurations

Field-Replaceable Media Processing

Fan Tray Module Module (MPM)

1 3 5 7
2 4 6 8

Not in use
2 Power Supply
Modules SBC CPU
AMC module Default Network
120
Mediant 4000B

Mediant
4000B

• Scalable from 50 up to 5,000 Sessions

• High-Availability 1+1

• Max. 5,000 simultaneous calls

121
Mediant 4000B – Optional HW Configurations

Optional Hardware Configurations

Notes:
▪ OSN = OSN4B
▪ Same types as in Mediant 1000B
▪ Mediant 2600B offer OSN4B for SBA solution only

122
Media Processing Module (MPM)

• Optional, customer-ordered AMC-based module

• Provides additional Digital Signaling Resources (DSP) required for transcoding call
sessions
• Up to three MPM modules can be installed
• Two different MPM module types are available:
• MPM8B module, providing 8 DSPs (up to 2400 sessions)
• MPM12B module, providing 12 DSPs (up to 3250 sessions)
• Both module types can be installed in the same chassis

123
Mediant 9030/9080

Specification (Based on HP Server Hardware)

Resource Mediant 9030 Mediant 9080 (Mediant 9000 Rev. B)
CPU 2 x 8 cores, 2.1 GHz, 11MB Cache 2 x 12 cores, 2.6 GHz, 19.25MB Cache

Memory 32 GB, DDR4-2666/PC4-21300 96 GB, DDR4-2666/PC4-21300

• 12x 1-GbE ports
Network Cards or
• 8 x 1-GbE ports and 4 x 10-GbE (SFP+) ports

Disk Mechanical hard drive, 1 TB SATA Mechanical hard drive, SAS 600 GB
CD/DVD SATA CD/DVD R/W
Installation Interface VGA Monitor and Keyboard
High-Availability 1+1
Max. 70,000 simultaneous calls
124
Mediant 9030/9080 – Rear Panel
1 2 4

9 8 7 6 3 5
Item # Mediant 9030 Mediant 9080 / Mediant 9000 Rev. B
1 Slot 1: Quad 1-GbE copper ports or Quad 10-GbE SFP+ ports Slot 1: Quad 1-GbE copper ports
2 Slot 2: Not used Slot 2: Quad 1-GbE copper ports or Quad 10-GbE SFP+ ports
Embedded Quad 1-GbE copper ports (These ports must not
3 Unsupported NIC ports (dust covered)
be used for media (RTP/SRTP) traffic)
4 Power Supply (active and redundant)
5 Video port
6 iLO (Integrated Lights Out) Management Port
7 Serial port
8 USB 3.0 ports
9 Quad 1-GbE copper ports
125
Media Transcoding Cluster (MC)

• External DSP resources for media-related features requiring DSPs

• 2 types of deployment:
• Hardware based on the Mediant 4000 chassis and MPM8 or/and MPM12 modules
• Virtual based on Mediant VE platform and virtual DSPs
• Supported only by Mediant 9080 and SW-SBC VE
• Each MC device support up to 5000 media session
• As transcoding needs increase, multiple MC devices can be configured as farm
(cluster)
• Up to 8 MTs for hardware based appliance
• Up to 5 MTs for virtual based appliance
• Provides load-sharing and cluster redundancy
• MC cannot be shared by multiple SBC devices
126
Media Transcoding Cluster (MC)
• The Media Transcoding Clusters are "hidden" from the endpoints being serviced by the SBC
• Requires a suitable License Key

127
AudioCodes Software SBCs
• Same robust SBC software stack of the Mediant SBC family
• Runs on thousands of deployed SBCs worldwide
• Same GUI for short learning curve
• SBC software image includes a complete server installation
• Includes SBC application, operating system and drivers
• Assures SBC robustness
• Operating System
• CentOS (Community Enterprise OS) 6.0
• Binary Compatible with
Red Hat Enterprise Linux (RHEL)
• Built from the same sources
but without RedHat trademarks
• Available on two formats:
• Dedicated Server (SE)
• Virtualized Machine (VE)
128
Mediant Server Edition SBC (Mediant SE)
• Targets SBC applications that require high performance and heavy load of SIP
registrations/subscribes/notifies
• Runs on common of-the-shelf Intel based servers
• Server image includes a complete server installation including OS and drivers
• Two pairs of GE interfaces for WAN and LAN separation
• 1+1 High Availability configuration
• Two HP ProLiant certified servers models:

129
Mediant Virtual Edition SBC (Mediant VE)

• Target applications:
• Enterprises and Service Providers who prefer to virtualize their entire Data Center
• Software vendors looking to integrate their application with an SBC on a single physical
server
• Available for VMware, OpenStack KVM and Hyper-V hypervisors
• Designed for consistent performance (without overbooking) with additional VMs
running on same machine
AudioCodes Partner’s
Software SBCs Software
Virtualized Virtualized

Core Core Core Core HW platform

1 2 3 4

RAM

130
SBCs journey to the cloud
30000 1.2
Fixed
allocation
• SBC traffic demands are dynamic
25000 1
• Sizing an SBC for worst-case scenario
is cost prohibitive
20000 0.8
Active Calls
• SBC elasticity is key for resource

Active calls
optimization – you can start small Dynamic
15000 allocation 0.6
and grow as needed

10000 0.4

5000 0.2

0 0
calls Resources

131
Mediant Cloud Edition SBC (Mediant CE)
• Separated signaling and media processing (built out of dedicated functional blocks)
• Elastic Media Cluster (traffic based scalability)
• Full SBC functionality
• Single management point
• Multi Cloud (Amazon AWS and Microsoft Azure)
• Built-in HA

Signaling and management

CLI
SC SC REST
Stack API

Manager
MC MC MC MC MC … Automation
- New SBC Stack Manager
- REST API for all actions
media media media - CLI for scripting languages
Virtual infrastructure - NFV and DevOps API
(compute, storage, networking)
132
Check your Learning

❑Which of the following is false?

A. Mediant 2600 is an hybrid SBC
B. Six E1’s is the max. capacity of Mediant 1000B
C. Mediant 800B can be ordered with an integrated OSN
D. High Availability configuration is supported on Mediant 4000

❑Media Transcoding Cluster is:

A. Internal source of DSP resources
B. External source of DSP resources
C. Group of SBC’s
D. None of the above

133
Check your Learning

❑The Media Transcoding Cluster Provides:

A. SBC functionality only
B. SBC and DSP functionality
C. DSP functionality Only
D. None of the above

❑In Mediant 4000B chassis you can install:

A. Only MPM8B
B. Only MPM12B
C. Both MPM types
D. None of the above

134
Lesson 5

SBC Application Description

Lesson Objectives

• After completing this lesson you’ll know:

• Where and How to have the SBC located

• SBC functions

136
SBC Definition

• A device/application which:
• Manages a VoIP session by performing:
• Session setup
• Call conducting
• Session tear down
• Enforces Security, QoS and Call Admission Control (CAC)

• Often installed at a demarcation point between one network segment (Un-Trusted)

and another (Trusted)

137
What are Session Border Controllers For?

• Connectivity

• Security

• Quality Assurance

• Regulatory Compliance (Emergency calls, lawful interception)

• Media Services

• Statistics and Billing information

138
Where are SBCs located?

Access SBC Peering SBC Provider X

• Carrier Security • Routing
• Normalization • Transcoding
• Load balancing • Interoperability
• Throttling Provider Y

SMB / Enterprise
Provider Z
Service Provider

E-SBC
• Interoperability
• Enterprise Security
• Service Resiliency
• Quality of Service
• Legacy connectivity
• Routing
Branch
139
SBC Main Benefits

Security Connectivity Quality of Service

• DDoS • Connect between any and SLA
• Call theft PBX to any SIP Trunk • Monitor call quality
• Eavesdropping • Connect between PBXs • Report on quality issues
• Connect remote • Quality enhancements
workers to the • Call recording
enterprise

140
SBC Applications / Topologies Deployment

• Three options:

• Local IP-PBX with SIP Trunk by ITSP

• Hosted IP-PBX

• Two Local IP-PBXs

141
Applications / Topologies

• Local IP-PBX with SIP Trunk by ITSP

Enterprise
Network
IP-Phones users
FEU

LAN SBC SIP Trunk WAN

IP-PBX ITSP

142
Applications / Topologies

• Hosted IP-PBX

Enterprise
Network
IP-Phone users

LAN SBC
WAN

Hosted
IP-PBX

143
Applications / Topologies

• Two Local IP-PBXs (SIP Normalization)

IP-Phones Enterprise
Network

LAN 1

SBC

IP-Phones

LAN 2

IP-PBX

144
SBC Logical Deployment

• Three options:
• SBC connected with one leg to LAN
• SBC connected with one leg to DMZ
• SBC connected with one leg to DMZ and another leg to LAN

• Physical SBC Connections with the Enterprise

• # of ports used for each logical connection, with or without 1+1 port redundancy

145
Logical SBC Connections – Locating the SBC

FEU
IP-Phone

NAT
Firewall

LAN WAN

IP-PBX

DMZ
ITSP

146
Logical SBC Connections – One Leg LAN

FEU
IP-Phone

NAT
Firewall

LAN WAN

IP-PBX

DMZ
ITSP

147
Logical SBC Connections – One Leg DMZ

FEU
IP-Phone

NAT
Firewall

LAN WAN

IP-PBX

DMZ
ITSP

148
Logical SBC Connections – One-Leg DMZ and One-Leg LAN

FEU
IP-Phone

NAT
Firewall

LAN WAN

IP-PBX

DMZ
ITSP

149
Physical SBC Connections
• One-Leg (DMZ or LAN)
• Only 1 port required (1 cable) LAN

• Optional: 2 ports, 1+1 redundancy (2 cables)

DMZ

• VLAN-Aware Switch
• Only 1 port required (1 cable)
• Optional: 2 ports, 1+1 redundancy (2 cables) LAN

DMZ
• Two-Legs (LAN and DMZ)
• 2 ports used (2 cables)
• 4 ports used, 1+1 redundancy (4 cables) LAN

• LAN Expansion Module required on M1000

DMZ

150
SBC VoIP Features

• NAT Traversal
• Transcoding
• Topology Hiding
• VoIP Firewall
• SIP Routing
• SIP Normalization
• Survivability

151
NAT Traversal

• Enables communication with ITSP/SIP Trunk using globally unique IP addresses

IP-PBX

Enterprise WAN
LAN

ITSP
Soft Switch

LAN IP-Address
Global IP-Address

152
NAT Traversal (cont’d.)

• SBC supported Far End Users (FEU)

• Maintaining remote NAT binding state by frequent FEU registration time
• First incoming RTP Packet for NAT Traversal using symmetric RTP
• Protocols that can traverse SBC:
• Audio FEU

• Video
• Application
• Text

Enterprise
LAN FEU registers in device DB
Offloading FEU refresh Registrations
Maintaining remote NAT binding
IP PBX

153
SBC Transcoding

• Coder Transcoding
• RTP <-> SRTP
• Fax/Modem translations
• Transrating
• Voice gain adjustments
• RFC 2833 <-> Transparent DTMF <-> SIP INFO

SRTP RTP
G.711 G.729
IP/PBX ptime:20 T.38 ITSP
SfB RFC 2833 ptime:30 Soft Switch
SIP INFO
154
Topology Hiding

• Hides the Internal Network

• SBC implements back-to-back user agent (B2BUA):
• VIA stripping
• Independent Route/Record Route per leg
• Use SBC Contact info
• Change Call-ID per leg
• Restrict Caller-ID
• Host Name modification

155
Comprehensive Security
Security dashboard
IDS
Abnormal behavior detection
Layer 3-4 Access List
Wire Speed
Rate limiting

Enterprise
Core
CAC
Classification #calls,
Message /Routing call rate,
TLS and Policy SIP layer bit rate,…
Internet/Peers SRTP Malformed access list
SIP SIP
Context
Identification
156
VoIP Firewall

• SIP Signaling
SIP Invite
• Deep Stateful Packet Inspection (SPI) of all SIP signaling packets
• SIP classification
• Packets not belonging to a valid SIP dialog are discarded

Layer 3-4
• RTP Firewall

Discard Message
• Opening pin holes according to Offer/Answer negotiation
• DPI of all RTP packets Authenticate

Layer 5-7
SBC
Firewall

Message admitted

157
SBC Routing

158
SIP Normalization

• Solves interoperability issues between SIP user agents

• Manipulation of SIP URI user and host
• SIP Header Manipulations
• P-Asserted-ID conversions
• Session timer conversions
• Early media conversions
• Register to ITSP on behalf of the IP-PBX
• Flexible REFER and Forward handling
• And more

159
SIP Normalization – Example

LAN WWW

INVITE sip:5550000@ITSP.com;user=phone SIP/2.0

INVITE sip:5550000@10.15.5.1;user=phone SIP/2.0
Via: SIP/2.0/UDP 200.100.10.2;branch=z9hG4ac463637
Via: SIP/2.0/TCP 10.15.5.5:5050;branch=z9hG4ac8071985;alias
Max-Forwards: 10
Max-Forwards: 70
From: <sip:9764000@audiocodes.com>;tag=1c456353708
From: <sip:4000@10.15.5.5>;tag=1c1218068773
To: <sip:5550000@ITSP.com;user=phone>
To: <sip:5550000@10.15.5.1;user=phone>
Call-ID: 4563049822722010203627@200.100.10.2
Call-ID: 121806822010120101484@10.15.5.5
CSeq: 1 INVITE
CSeq: 1 INVITE
Contact: <sip:4000@200.100.10.2:5060>
Contact: <sip:4000@10.15.5.5:5050;transport=tcp>
Privacy: session
Privacy: none
P-Asserted-Identity: <sip:9764000@audiocodes.com>
P-Asserted-Identity: <sip:4000@10.15.5.5>
Priority: emergency

160
SBC Survivability

• 3 survivability features:
• Routing calls to alternative routes such as:
• ITSP
• IP-PBX
• Routing calls between user agents in the local network using a dynamic DB
(built according to registrations of SIP user agents)
• Fallback to the PSTN based on E1/T1 connection (Hybrid devices)

161
SBC Survivability
• Continuous VoIP service for enterprise users on WAN isolation

ITSP-2
Soft Switch
2
PSTN WAN ITSP-1
Soft Switch
1
4

Enterprise 3
LAN SIP Signaling + Media (RTP)

ITSP Health SIP Check

Internal Calls in WAN isolation

IP to PSTN Calls in WAN isolation

162
Check your Learning

❑The SBC can be connected in the following way:

A. 1 leg to the LAN only
B. 1 leg to the DMZ only
C. 2 legs to the LAN and DMZ
D. Any one of the above

❑The SBC:
A. Tracks the state of network connections traveling across it
B. Determines legitimate packets for different connection types
C. Only allows packets matching a known active connection and rejects others
D. All of the above

163
Check your Learning

❑SBC call can be handed over to the Gateway from the:

A. IP to Tel Routing table
B. IP to IP Routing table
C. Tel to IP Routing table
D. None of the above

❑Which of the following is not correct?

A. The SBC can terminate SIP Messages
B. The SBC can manipulate SIP URI user and host
C. The SBC can’t perform routing based on external server response
D. Survivability feature is supported by the SBC

164
Check your Learning

❑IDS is:
A. A Routing mechanism
B. A VoIP quality mechanism
C. A security mechanism
D. None of the above

165
Lesson 6

SBC Basic Terminology

Objectives

• After completing this lesson you will:

• Be familiar with the SBC terminology

• Know what is an SRD/Tenant, SIP Interface and Media Realm

• How this is associated to IP Groups and Proxy Sets

167
SBC Operation Modes
1. B2BUA
• Maintains independent sessions toward the endpoints
• Processing an incoming request as a User Agent Server (UAS) on the inbound leg
• Processing the outgoing request as a User Agent Client (UAC) on the outbound leg
• SIP messages are modified regarding headers between the legs
• The device's interworking features may be applied
UAC UAS UAC UAS
Request Request
Response Response

UAC UAS UAC

2. Stateful Proxy Server UAS

• SIP messages traverse the device transparently (with minimal interference) between
the inbound and outbound legs
• No topology hiding
3. Microsoft Server
• Operating mode for the One-Voice Resiliency (OVR) feature
168
Signaling Routing Domain (SRD) – Description

• Logical representation of the entire SIP-based VoIP network (Layer 5) containing

groups of SIP users and servers
• Not bounded to any layer 3 network
• Typically, only a single SRD is required and this is the recommended configuration
topology
• Multiple SRDs are required only for multi-tenant deployments, where it "splits" the
device into multiple logical devices
• SRD contains:
• Single/Multiple SIP Interface/s
• Single/Multiple Media Realms

169
Multi Tenancy/SRD Environment

• SBC device serves a large number of enterprises/branches

• Support and secure the IP communications requirements of multiple enterprises
simultaneously
• Full logical separation, on the SIP application layer, between tenants is achieved by
SRD
• Provides per tenant configuration:
• SIP Interfaces
• IP Groups
• Proxy Sets
• Classification rules
• IP-to-IP Routing rules
• Least Cost Routing (LCR)
• LDAP
170
Multi-Tenant Architecture – Example

171
Media Realms

• Range of UDP ports associated with an IP network interface

• Used by SBC to perform media (Audio, Video, Fax) anchoring functionality
• Defines maximum number of sessions (based on the ports range)
• Can be assigned to the SIP Interface and/or the IP Group

172
SIP Interface

• The SIP Interface represents a Layer-3 network (Bounded)

• It defines a local listening port for SIP signaling traffic on a local, logical IP Network
Interface
• SIP Interface is associated with one and only one SRD
• Defines the application, SBC or GW (relevant just for Hybrid devices)
• The SIP Interface is used to receive and send SIP messages with a specific SIP entity
(IP Group)
• Multiple SIP Interfaces may represents multiple SIP entities in the VoIP network:
• SIP Trunk
• LAN IP-PBX
• Remote WAN users

173
IP Group
• An entity with a set of definitions and behaviors which represents a SIP Group in the IP
Network
• Used to classify incoming SIP dialog-initiating requests to a source IP Group, based on Proxy
Set ID
• Used in IP-to-IP routing rules to denote the source and destination of the call
• 3 Types of IP Group:
• Server: Used when the destination address is known
• User: Represents a group of users where their location is dynamically obtained by the device when
REGISTER
• Gateway: Applicable where the SBC receives requests to and from a gateway representing multiple
users
• It is highly recommended that you do not configure IP Group ID 0
• The only time that you should configure this specific IP Group is when it is used for the Gateway
Interface (e.g., PSTN fallback)

174
Proxy Set

• A Proxy Set is a group of Proxy servers defined by IP address or Fully Qualified

Domain Name (FQDN)
• Represents the destination (address) of the Server-type IP Group
• Each Proxy server address can define:
• Destination SIP port
• Transport type
• Load balancing
• Redundancy mechanisms
• Can be used for message classification
• Keep alive mechanism can be implemented

175
IP Profile

• An optional configuration entity that defines a wide range of call settings for a
specific SIP entity (IP Group)
• Includes signaling and media related settings
• The IP Profile is the interoperability “machine” of the device, enabling
communication between SIP endpoints that “speak” different call “languages”
• The IP Profile is associated with the SIP entity by assigning the IP Profile to the IP
Group of the SIP entity

176
Classification

• A process that identifies the incoming call (SIP dialog request) as belonging to a
specific SIP entity (IP Group)
• There are four chronological classification stages:
(each stage is done only if the previous stage fails)
• Classify the incoming SIP message by checking if it belongs to a user that is already
registered in the device's registration database
• Classify the incoming SIP message by Proxy Set Table
• Classify the incoming SIP message using the Classification Table
• Classify the incoming SIP message using the Reject or Allow ‘Unclassified Calls’ parameter
• If the SBC doesn't find a matching rule (i.e., classification fails), the dialog is rejected

177
IP-to-IP Routing

• IP-to-IP routing rules define the routes for routing calls between SIP entities
• The routing rules typically employ IP Groups to denote the source and destination
of the call
• Various other source and destination methods can be used
• For example, the source can be a source host name while the destination can be an IP
address or based on an LDAP query

178
SBC IP-to-IP Routing

• The IP-to-IP Routing Table also provides:

• Alternative routing
• Re-routing of SIP requests
• Least Cost Routing (LCR)
• Call Forking

179
Inbound and Outbound Number Manipulation

• IP-to-IP Inbound and Outbound manipulation lets you manipulate the user part of
the SIP URI in the SIP message for a specific entity
• Inbound manipulation is done on messages received from the SIP entity
• Outbound manipulation is done on messages sent to the SIP entity

180
Message Manipulation Set (MMS)

• A combination of rules, specified as a set or group of actions, to be attached to IP

Group
• IP Group page display 2 fields:
• Inbound Message Manipulation Set
• Set of rules applied on incoming messages (received from the SIP entity)
• Outbound Message Manipulation Set
• Set of rules applied on outgoing messages (sent to the SIP entity)

181
SBC Routing Policy

• SBC Routing Policy logically groups routing and manipulation (inbound and
outbound) rules to a specific SRD
• For most deployments only a single Routing Policy is required
• A default Routing Policy is provided which is automatically associated with all
relevant configuration entities
• Enables Least Cost Routing (LCR) for routing rules and associates an LDAP server for
LDAP-based routing

182
Call Admission Control

• Call Admission Control (CAC) limits the maximum number of permitted concurrent
calls (SIP dialogs) per:
• SRD
• SIP Interface
• IP Group
• User

183
CMR Process (CMR = Classify, Manipulate, Route)

Incoming Outgoing
Classification Routing
Message Message
Pre - Parsing
Manipulation
(Optional)
(SIP Interface) Inbound MMS Outbound MMS

Pre-Classification Manipulation
(SIP Interface)

Inbound Source and/or Destination Outbound Source and/or Destination

Number Manipulation Number Manipulation

Optional
184
SIP Trunk Example

Lync SBC ITSP

DefaultSRD

Media Port Pool SBC Tables: Media Port Pool

(Ports 7000-7500) Classification (Ports 6000-6500)
SBC Routing Tables SBC
SIP Interface Manipulation SIP Interface
(TLS Port 5067 (UDP Port 5060)
and WAN
Enterprise
UDP Port 5085) Gateway Tables:
LAN IP-to-Tel
Tel-to-IP
FAX GW (Optional) Routing Tables GW (optional)
server SIP Interface Manipulation SIP Interface
(UDP Port 5050) (TCP Port 5070)
FXS E1

Lync clients Analog Lines

PSTN
PSTN

185
SIP Trunk Example

• SRD represents the entire SIP-based VoIP network (Layer 5)

• Multiple SIP Interfaces represent Multiple Layer 3 Networks

SIP Interface 1
LAN
IP Interface 1
Physical Network 1
Media Realm 1

SIP Interface 2

Media Realm 2
DefaultSRD_0
SIP Interface 3

SIP Interface 4
WAN/DMZ
IP Interface 3
Physical Network 2
Media Realm 4

SIP Interface 5
IP Interface 4
Media Realm 5
186
SIP Dialog Initiation Process
• SIP dialog requests such as:
• INVITE, SUBSCRIBE, OPTIONS, REFER, INFO, NOTIFY, REGISTER

• Determining Source and Destination URL

• Determining SIP Interface
• Applying SIP Message Manipulation (Optional)
• Classifying to an IP Group
• Applying IP-to-IP Inbound Manipulation (Optional)
• SBC IP-to-IP Routing
• Applying Inbound SIP Message Manipulation (Optional – For each message)
• Applying IP-to-IP Outbound Manipulation (Optional)
• Applying Outbound SIP Message Manipulation (Optional – For each message)
187
Classification Process
• Occurs after Source and Destination URL are
extracted
• Identifies Source IP Group stages by:
• Device‘s registration database
• Proxy Set
• Classification Table
• Reject or Allow unclassified calls

188
Classification Process – Best practice recommendation

• If the IP address of the IP Group entity is known, it is recommended to employ the

classification based on Classification Table, where the rule is configured with not
only the IP address, but also with SIP message characteristics to increase the
strictness of the classification process
• If the IP address is unknown, meaning the Proxy Set associated with the IP Group is
configured with an FQDN, it is recommended to employ the classification based on
Proxy Set
• This allows the SBC to classify the incoming message based on the DNS-resolved IP
address
• The reason for classifying by Proxy Set is that IP address forgery (commonly known as IP
spoofing) is more difficult than malicious SIP message tampering and therefore, using a
classification rule without an IP address offers a weaker form of security

189
Check your Learning

❑An IP Profile is associated to:

A. An IP Group from Gateway type
B. An IP Group from Server type
C. An IP Group from User type
D. An IP Group from any type

❑Proxy Sets can be associated to:

A. An IP Group from Server type only
B. An IP Group from User type only
C. An IP Group from Gateway type only
D. An IP Group from any type

190
Check your Learning

❑Classify by Proxy Set means:

A. Identify the source by it’s Address of Record in the Data Base
B. Identify the source by it’s IP destination address
C. Identify the source by it’s IP address
D. Identify the source by it’s URI

191
Lesson 7

SBC Configuration
Lesson Objectives

• After completing this lesson you’ll know how to:

• Configure the parameters required by the SBC

• Configure SBC IP to IP Routing

193
Initial Topology View

• SBC application is enabled by default

Default values for SRDs, IP Groups,

SIP Interfaces, Media Realms
194
SRD Table
• Default SRD is already pre-configured

Defines the sharing policy of the SRD, which

determines whether the SRD shares its SIP Defines the device's operational mode for the SRD
resources (SIP Interfaces, Proxy Sets, and IP
Groups) with all other SRDs (Shared or Isolated)

Assigns an SBC Routing Policy to the SRD. If only

one SBC Routing Policy configured, the device
assigns it to the SRD by default

195
Media Realm Table
• The default Media Realm is used for SIP Interfaces and IP Groups for which you have not
assigned a Media Realm
• Ports are allocated in chunks of 4, 5 or 10 (device dependent) called media session legs

196
Media Realm Extensions

• Media Realm Extensions let you configure a Media Realm with different port ranges
or/and different interfaces
• This means that the Media Realm is distributed across multiple interfaces
• The number of Media Realm Extensions that can be configured depend from the
platform

197
SIP Interface Table

• Default SIP Interface is already pre-configured and assigned to the default SRD
• Bounded to Layer-3 network
• Defines a local listening port for SIP signaling traffic on a local logical IP network

198
SIP Interface Table Record

By default, if you do not

configure a name, the
device automatically
assigns the name

Select Network interface

Select SBC or GW application

Select UDP, TCP and/or TLS

port/s

Enables the SIP Interface to

be used by a third-party
routing server for call
routing decisions

Defines the SIP response code that the device sends if a received SIP request (OPTIONS,
REGISTER, or INVITE) fails the SBC Classification process.
The valid value can be a SIP response code from 400 through 699, or it can be set to 0
to not send any response at all (recommended for security reasons).
The default response code is 500 (Server Internal Error)

199
Proxy Sets Table

200
Proxy Sets Table

• Define the Proxy Set Name

• Select Redundancy mechanisms

Defines an arbitrary name to Parking or Homing

easily identify the Proxy Set
Select SIP Interface Set Hot Swap

Enable Load Balancing

Enable Keep-Alive

Defines how the device classifies IP calls to the Proxy Set

This parameter is applicable only if the IP Group table's
parameter, 'Classify by Proxy Set' is set to Enable

201
Proxy Address Child Table

• Enter Proxy IP address or FQDN

• Enter Destination SIP port & Transport type

202
IP Group Table

203
IP Group Table – General Parameters

IP Group Name

Defines the display location of the IP Group in the

Topology view

3 types: Server, User, Gateway

Proxy Set Name associated with the Server IP Group

IP Profile, assigned to the IP Group. The default is ‘None’

Media Realm, assigned to the IP Group. Choose the name

defined in the Media Realm Table from the drop-down list

Defines the user part of the From, To, and Contact headers of
SIP REGISTER messages, and the user part of the Contact
header of INVITE messages received from this IP Group and
forwarded by the device to another IP Group

The Request-URI host name used in INVITE and REGISTER

Read-only field. Displays the connectivity status with Server-type IP Groups. As the Proxy messages sent to this IP Group, or the host name in the From
Set defines the address of the IP Group, the connectivity check (keep-alive) by the device header of INVITE messages received from this IP Group
is done to this address.
Values: NA, Not Connected, Connected
This is also displayed in the Topology View page 204
IP Group Table – SBC General Parameters

Enables classification of incoming SIP dialogs (INVITEs) to the IP Group, based on the
Proxy Set assigned to the IP Group (Applicable only to Server-type IP Groups)

Defines the device's operational mode for the IP Group

Options:
• Not Configured = (Default)
• B2BUA
• Call Stateful Proxy
• Microsoft Server (for One-Voice Resiliency feature)

Defines call forking of INVITE messages to up to five separate SIP outgoing legs for
User-type IP Groups
This occurs if multiple contacts are registered under the same AOR in the device's
registration database
Options:
• Sequential = (Default)
• Parallel
• Sequential Available Only

Call Admission Profile, assigned to the IP Group. The default is ‘None’

205
IP Group Table – SBC Other Tabs

QoE & Bandwidth profiles to be attached to an IP Group

Inbound/Outbound Message Manipulation Set: Assigns a Message

Manipulation Set (rule) to the IP Group

206
IP Group Table – SBC Registration Tab

This feature provides support for configuring the device to always route SIP requests
of a user (belonging to a User-type IP Group) to the same registrar server in a Proxy
Set (associated with a Server-type IP Group) to where the last successful REGISTER
request was routed

Defines the authentication mode.

User Authenticates = (Default) The device does not handle the authentication
SBC as Client = The device authenticates as a client
SBC as Server = The device acts as an Authentication server

Defines the shared username and password for authenticating the IP Group, when
the device acts as an Authentication server

207
IP Profile

• A set of configuration parameters

• Provides high-level adaptation when connected to a variety of equipment, each of
which requires different system behavior
• Assigned to IP Groups

208
IP Profile
• The configurable parameters for the IP Profile are divided into sections:
• General parameters
• Media Security parameters Related to SRTP
• SBC Signaling parameters
• SBC Early Media parameters
• SBC Registration parameters
• SBC Forward and Transfer parameters Related to SIP Signaling on the SBC
• SBC Hold parameters
• SBC Media parameters
• SBC Fax parameters
• Media parameters Related to Media on the SBC
• Quality of Service parameters
• Jitter Buffer parameters
• Gateway General parameters
• Gateway DTMF parameters
• Gateway Fax and Modem parameters
• Answer Machine Detection parameters
• Local Tones parameters

209
IP to IP Routing Table

210
IP to IP Routing Table – General and Match Sections

Route Row / Alternative Route / Forking Group

Defines the SIP dialog request type:

• All (default)
• INVITE
• REGISTER
• SUBSCRIBE
• INVITE and REGISTER
• INVITE and SUBSCRIBE
• OPTIONS

From Message Condition Table

Defines the reason for re-routing the SIP request : Any/3xx/Refer

Defines the IP Group that initiated (sent) the SIP redirect response 3xx or REFER
211
IP to IP Routing Table – Action Section

Determines the destination type to which the outgoing SIP dialog is sent. This
can be: IP Group, Destination Address, ENUM, LDAP, Request URI, Gateway, etc.

Assigns a Call Setup Rule ID to the routing rule. The device performs the Call Setup
rules of this Set if the incoming call matches the characteristics of this routing rule

Defines whether the routing rule includes call forking

Defines the destination Dial Plan tag, which is

used to determine the destination IP Group.

Defines a SIP response code (e.g., 200 OK) or a redirection response.

The parameter is applicable only when the 'Destination Type'
parameter in this table is configured to Internal
212
Topology Configuration Example – One Leg LAN

ITSP
SBC
Server 1: 200.100.10.5
IP-PBX Server 2: 200.100.10.1
IP: 10.15.11.2 /16 Transport Type: UDP
Transport Type: TCP SBC IP: 10.15.11.11 /16
Listening Port: 5060
Listening Port: 5050 Coder: G.711Alaw
Coder: G.711Alaw

Firewall
LAN IP: 10.15.0.1
WAN: 200.100.10.2

213
SBC Parameters and Tables

• General Parameters Settings

• LAN IP Setting
• SIP Media Realm Table
• SIP Interface Table
• Proxy Sets Table
• IP Group Table
• Classification Table
• IP to IP Routing Table

214
Configure IP Addresses

• IP Interface Table

215
IP Address – Physical to Interface

216
Configure Multiple SIP Interfaces and Media Realms

• SIP Interface IP-PBX:

• SIP signaling interface port 5050, protocol TCP
• RTP port range start 7000
• Number of media legs 50

• SIP Interface ITSP:

• SIP signaling interface port 5060, protocol UDP
• RTP port range start 8000
• Number of media legs 50

217
Configuring Media Realms

218
Configure SIP Interface Table

219
Define Proxy Set IP-PBX

220
Define Proxy Set ITSP

221
Define IP Group 1 (IP-PBX)

222
Define IP Group 2 (ITSP)

223
Define NAT Translation

• NAT rules for translating source IP addresses per VoIP interface:

• SIP Control
• Media Traffic

224
First Incoming Packet Mechanism

• The device identifies whether the UA is located behind NAT by comparing the
source IP address of the first received media packet with the IP address and UDP
port of the first received SIP message (INVITE) when the SIP session was started
• To enable the option
via Web GUI:

225
Configuring IP-to-IP Call Routing Rules

226
Define Classification Rules (Optional)

227
Message Conditions (Optional)

228
Check your Learning

❑What of the following statements is false:

A. The SBC can be operational as Stateful Proxy Server
B. The SBC can be operational as B2BUA
C. The SBC can be operational as Stateful Proxy Server and B2BUA at the same time
D. None of the above

❑What of the following statements is false:

A. Destination IP address can be configured in the IP2IP routing table
B. Destination IP address can be configured in the proxy set child table
C. Destination port is configured by default
D. The default destination IP address can’t be override

229
Check your Learning

❑What of the following statements is false:

A. Media Realm Extensions let you configure a Media Realm with different port ranges
B. Media Realm Extensions let you configure a Media Realm with different interfaces
C. Up to 4 Media Realm Extensions can be configured
D. Media Realm is distributed across multiple interfaces

❑Media Realm is:

A. Bulk of TCP ports for the signaling
B. Bulk of TCP ports for the Media
C. Bulk of UDP ports for the Media
D. Bulk of UDP ports for the signaling

230
Lesson 8

SBC Wizard
SBC Wizard – Overview

• User-friendly online tool designed to get AudioCodes Mediant SBC up and running
quickly and easily
• Step-by-step setup process, presenting the configuration options in a clear way
• Eliminates configuration errors and troubleshooting
• Easy to install Windows-based application
• Includes predefined configurations for a wide range SBC deployments (SIP trunk,
hosting etc.) with a variety of service providers and IP-PBXs
• Automatic software updates
• Built-in online help
• Available as web built-in and stand-alone application

232
Configuration Wizard

233
Welcome Page

234
SIP Trunk Configuration

235
System Parameters

236
Interfaces

237
IP-PBX Parameters

238
ITSP Parameters

239
Number Manipulation

240
Summary

241
Finish

242
Lesson 9

Basic Debugging Tools

Troubleshooting Guidelines

• Understanding the problem

• What are the expected results?

• What are the actual results?

• Collecting data
• Use the relevant data collection tools for problem investigation

244
Collecting Data

• When reporting a problem, provide AudioCodes Support with:

• Accurate, clear and detailed problem description
• Test setup (network diagram, call direction, etc.)
• Uploaded ini file
• Syslog trace (without missing messages)
• Unfiltered Wireshark
• Advanced (per request):
• PSTN traces for PSTN problems
• DSP traces for problems related to voice quality, Modem/Fax, DTMF detection, etc.

245
What is Syslog?

• Standard for forwarding log messages in an IP network

• A Syslog server is used to remotely record logging information
• Syslog information sent by the gateway is a collection of error, warning and system
messages that record every internal operation of the gateway
• Syslog messages are marked with a sequential number
• A Syslog server usually adds the time the message was received and the source IP
address

246
Syslog Message Format - Example
08:59:10.239 10.15.11.1 local0.notice [S=1974] [SID=a929c9:21:24] ( lgr_sbc)( 1773) Classification Succeeded - Source IP Group #2 (ITSP), - Dest Routing Policy #0
08:59:10.239 10.15.11.1 local0.notice [S=1975] [SID=a929c9:21:24] ( lgr_flow)( 1774) (#3091)SBCRoutesIterator::Change State From: InitialCSRRouting To : InitialRouting
08:59:10.240 10.15.11.1 local0.notice [S=1976] [SID=a929c9:21:24] ( lgr_flow)( 1775) (#3091)SBCRoutesIterator::Change State From: InitialRouting To : AlternativeRouting
08:59:10.241 10.15.11.1 syslog.error 4 packets missing
08:59:10.241 10.15.11.1 local0.notice [S=1981] [SID=a929c9:21:24] ( media_service)( 1780) ServicesMngr: Allocate SBC leg. current active: 1 and max is: 120
08:59:10.242 10.15.11.1 local0.notice [S=1982] [SID=a929c9:21:24] ( lgr_flow)( 1781) (#3091)SBCRoutesIterator::Next route found: Rule #1, Route by: IPGroup , IP Group ID: 1 (SfB), Live:True
08:59:10.242 10.15.11.1 local0.notice [S=1983] [SID=a929c9:21:24] ( lgr_sbc)( 1782) Routing Succeeded -IP2IPRouting Rule #1

Timestamp and Message Sequence Number

IP Address In this example 4 messages
were lost

Type of Message Unique SIP call session and device identifier, SID =
<last 6 characters of device's MAC address>
<number of times device has reset>
<unique SID counter indicating the call session (increments consecutively for each new session; resets to 1 after a device reset)
SID=47ecef:94:69

247
Syslog Types of Messages

• Syslog generates the following types of messages:

• error: Indicates that a problem has been identified that requires immediate handling

• warning: Indicates an error that might occur if measures are not taken to prevent it

• notice: Indicates that an unusual event has occurred

• info: Indicates an operational message

• debug: Messages used for debugging

248
Enabling Syslog
• Enable Syslog
• Set Syslog Server IP address and port
• Select the Syslog level (recommended ‘Detailed’)

249
Message Log
• View the Syslog messages sent by the device

250
AudioCodes Syslog Viewer
• A newer Syslog application provided with the student utilities kit

251
AudioCodes Syslog Viewer

Flow
Diagram
Stop/Start
Writing Log

Clear On-Line Zoom Disable

Options Search
Syslog In/Out Auto scroll
Text

Open Search
Open Freeze Options
External Search
Saved File Display
Viewer
Number of
Pause/Resume Total Number Warning
Logging UDP/TCP of lines in the Messages in
Connection Log File the Log File

252
AudioCodes Syslog Viewer
• Syslog can be enabled simultaneously in several devices, reporting to the same
Syslog Server

Syslog form different IP Addresses can be viewed

253
AudioCodes Syslog Viewer
• SIP/SDP messages are properly arranged to be easily identified for analysis

254
AudioCodes Syslog Viewer
• The SIP/SDP flow diagram can be viewed and exported

SIP Flow
Diagram

255
AudioCodes Syslog Viewer
• The SIP/SDP <-> ISDN flow diagram can be viewed

256
AudioCodes Syslog Viewer
• Each arrow on the SIP/SDP flow diagram points to the right place in the trace

Highlighted

SIP Flow
Diagram

Points to

257
AudioCodes Syslog Viewer
• CDR info

258
AudioCodes Syslog Viewer
• Extracting Single Call

259
AudioCodes Syslog Viewer

Options

260
Wireshark

261
Wireshark

• Freeware packet sniffer application enabling you to view traffic passed over the
network
• Advantages:
• Used for live/offline network troubleshooting and analysis
• Strong filtering
• SIP Call flow and Play sound
• And more
• AudioCodes add advance filtering for DTM/DSP debug

262
Capture Interfaces

• Capture > Options…

• Select the network interface currently used by the computer

263
Capture Output & Options

264
Wireshark Main Window

Filter Bar

Packet list
pane

Packet details pane

Packet bytes
pane

265
Coloring Rules

• Assign a color to each protocol to facilitate quick analysis

• Define general rules e.g., TCP, UDP at the bottom of the coloring list because
processing is from top to bottom until a match is found

266
Generating Call Flow

• Visually represents entire call flow

• Telephony > VoIP Calls

267
Playing G.711 RTP Stream

268
Analyzing RTP Data Stream

• Extracts audio from data packets (G.711 only )

269
Debug Recording

270
What is Debug Recording (DR)?

• A feature used to capture and record traffic sent and/or received by the device
• It is used for advanced debugging when you need to analyze internal messages and
signals
• The device can send debug recording packets to a debug capturing server
• Can record different types of traffic such as
• Media streams (RTP, T.38 and PCM)
• PSTN signaling (ISDN, CAS, SS7)
• Control messages (SIP, MGCP, MEGACO)
• Networking streams (such as HTTP and SCTP)
• Other internal information (such as DSP Events)

271
Debug Recording Advantages

• Can record all IP traffic sent by/received from the device

• Can record actual voice signal arriving from the TDM (before it enters the DSP)
• Useful for recording network traffic in environments where hub or port mirroring is
unavailable
• Useful for recording internal traffic between two endpoints on the same device
• Can include Syslog messages
• Debug Recording packets are captured using WireShark or a similar tool (requires
AudioCodes proprietary Plug-in)

272
Installing AudioCodes’ Proprietary Plug-in
• Install Wireshark on your computer
• The Wireshark program can be downloaded from http://www.wireshark.org
• Download the proprietary plug-in files from www.audiocodes.com/downloads.
• Copy the plug-in files to the directory in which you installed Wireshark, as follows:
Copy this file To this folder on your PC
...\dtds\cdr.dtd Wireshark\dtds\
...\plugins\<Wireshark ver.>\*.dll Wireshark\plugins\<Wireshark ver.>

• Start Wireshark
• In the Filter field, type "acdr" to view the debug recording messages
• Note that the source IP address of the messages is always the OAMP IP address of the device
• The device adds the header "AUDIOCODES DEBUG RECORDING" to each debug recording
message
273
Viewing DR Messages in Wireshark

ACDR Filter

Proprietary Header

274
Activating the DR through the WEB Interface

• To set the address/port of the debug recording server:

Defines the IP address of the server Defines the port of the server for capturing
for capturing debug recording debug recording. The default is 925

Defines the threshold (in percentage) for automatically switching to a different debug level, depending on CPU usage
The parameter is applicable only if the 'Syslog CPU Protection' parameter is enabled
275
Logging Filters

• The Logging Filters table lets you configure rules for filtering debug recording
packets, Syslog messages, and Call Detail Records (CDR)
• Example:
• A rule to generate Syslog messages only for calls belonging to IP Groups 2 and 4, or for calls
belonging to all IP Groups except IP Group 3
• Debug recording log filters can include:
• Signaling information (such as SIP messages)
• Syslog messages
• PSTN traces (ISDN and CAS)
• CDRs
• Media (RTP, RTCP, and T.38)
• Pulse-code modulation (PCM) of voice signals from and to the TDM
• Log Filters can be enabled or disabled
276
Configuring filtering rules

• To configure logging filtering rules:

277
Configuring filtering rules

Defines the value for the selected Filtering Type

Defines where the device sends the log file

0. Syslog Server
1. Debug Recording Server (Default)
2. Local Storage
3. Call Flow Server (i.e., OVOC)

Defines the filter criteria:

Defines the type of messages to include in the log file
1. Any (default)
0. (Default) Not configured
2. Trunk ID = Filters log by Trunk ID (only Gateway application)
1. Signaling (only Debug Recording)
3. Trunk Group ID = Filters log by Trunk Group ID (only Gateway application)
2. Signaling & Media (only Debug Recording)
4. Trunk & B-channel = (only Gateway application)
3. Signaling & Media & PCM (only Debug Recording)
5. FXS or FXO = (only Gateway application)
4. PSTN Trace (only Debug Recording)
6. Tel-to-IP = Filters log by Tel-to-IP routing rule (only Gateway application)
5. CDR Only (applicable only if the 'Log Destination' parameter is
7. IP-to-Tel = Filters log by IP-to-Tel routing rule (only Gateway application)
configured to Syslog Server or Local Storage)
8. IP Group = Filters log by IP Group
6. Call Flow (the device sends SIP messages in XML format to OVOC)
9. SRD = Filters log by SRD
10. Classification = Filters log by Classification rule (only SBC application)
11. IP-to-IP Routing = Filters log by IP-to-IP routing rule (only SBC application)
12. User = Filters log by user
13. IP Trace = Filters log by an IP network trace, Wireshark-like expression
14. SIP Interface = Filters log by SIP Interface Enables (default) or disables the rule

278
Hands-on Lab 2

SBC Routing
Lesson 10

SBC Media Handling

Lesson Objectives

• After completing this lesson you’ll:

• Understand the way SBC handles media

• Know SBC media handling security features

• Be able to configure basic and advanced coder transcoding

281
SBC Media Handling
• Media Behavior – establishing, managing and terminating media sessions within SIP protocol
• Media sessions are created using SIP Offer/Answer mechanism and, if successful, the result is
a bidirectional media flow (Audio, Fax, Modem, DTMF)
• Each Offer/Answer may be negotiated on more than one media session of different types
(e.g., Audio and Fax, Audio and Video)
• In SIP dialog, multiple Offer/Answer transactions may occur
• Each transaction may change media session characteristics (IP address, port, coders, media
types and RTP mode)

282
Media Capabilities

• Media capabilities exchanged in Offer/Answer transactions:

• Media Types (Audio, Secure Audio, Video, Fax, Text)
• IP addresses and ports of media flow
• Media flow mode (send-receive, receive-only, send-only, inactive)
• Media Coders (coders and their characteristics used in each media flow)
• Other (standard or proprietary) media and session characteristics
v=0
o=AudiocodesGW 1912273727 1912258927 IN IP4 10.15.15.1
s=Phone-Call
c=IN IP4 10.15.15.1
t=0 0
m=audio 6020 RTP/AVP 8 0 18 101
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
a=sendrecv
283
SBC Media Security

• NAT Traversal
• SBC changes SDP address to its own
• Firewall and Security
• RTP Pin-Holes – only RTP packets related to a successful Offer/Answer negotiation
traverse the SBC
• Late Rogue Detection – once a dialog is disconnected, related Pin-Holes also disconnect
• Deep Packet Inspection (DPI) of the RTP that flows through the opened Pin-Holes

284
Media Handling Modes

• No Media Anchoring
• Media Anchoring without Transcoding (Transparent)
• Media Anchoring with Transcoding

IP-PBX ITSP

285
No Media Anchoring

• Enables SBC signaling capabilities without handling RTP/SRTP (media) flow between
remote SIP UAs
• RTP packet flow does not traverse the SBC; instead, 2 SIP UAs establish a direct RTP/SRTP
flow between one another
• Signaling continues to traverse SBC with minimal intermediation and involvement to
enable SBC capabilities such as routing

SfB IP-PBX

SIP Signaling
Media 286
No Media Anchoring

• Unlike regular SBC implementation:

• Does not perform manipulation on SDP data (Offer/Answer transaction) such as ports,
IP address, coders
• Opening voice channels, and allocating IP Media ports are not required
• Benefits:
• Saves network bandwidth
• Reduces CPU usage (no RTP/SRTP handling)
• Avoids interference in SDP negotiation and header manipulation on RTP/SRTP

287
No Media Anchoring – SDP Offer/Answer
Incoming SDP Offer SBC Outgoing SDP Offer
10.15.11.1
v=0 v=0
o=- 3 1 IN IP4 10.15.10.2 o=- 3 1 IN IP4 10.15.10.2
s=session s=session
c=IN IP4 10.15.10.2 c=IN IP4 10.15.10.2
b=CT:1000 b=CT:1000
t=0 0 t=0 0
m=audio 54434 RTP/AVP 97 101 13 0 8 m=audio 54434 RTP/AVP 97 101 13 0 8
c=IN IP4 10.15.10.2 c=IN IP4 10.15.10.2
a=rtcp:54435 a=rtcp:54435
a=label:Audio a=label:Audio
a=sendrecv a=sendrecv
SfB a=rtpmap:97 RED/8000 a=rtpmap:97 RED/8000
a=rtpmap:101 telephone-event/8000 a=rtpmap:101 telephone-event/8000 IP-PBX
a=fmtp:101 0-16 a=fmtp:101 0-16
a=rtpmap:13 CN/8000 a=rtpmap:13 CN/8000
a=rtpmap:0 PCMU/8000 a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000 a=rtpmap:8 PCMA/8000
a=ptime:20 a=ptime:20

Outgoing Answer Incoming Answer

10.15.10.2 10.15.10.5
v=0 v=0
o=AudiocodesGW 1628231370 1628231340 IN IP4 o=AudiocodesGW 1628231370 1628231340 IN IP4
10.15.10.5 10.15.10.5
s=Phone-Call s=Phone-Call
c=IN IP4 10.15.10.5 c=IN IP4 10.15.10.5
t=0 0 t=0 0
m=audio 6010 RTP/AVP 0 101 13 m=audio 6010 RTP/AVP 0 101 13
c=IN IP4 10.15.10.5 c=IN IP4 10.15.10.5
a=sendrecv a=sendrecv
a=ptime:20 a=ptime:20
a=rtpmap:0 PCMU/8000 a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000 a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15 a=fmtp:101 0-15

288
No Media Anchoring – Global Parameter
• Direct Media Global Parameter

Enables the ‘No Media Anchoring’ feature.

The RTP packets do not traverse the device

289
No Media Anchoring – SIP Interface Level

290
No Media Anchoring – IP Profile Level

291
Media Anchor without Transcoding (Transparent)

• Default media operation mode

• RTP traverses SBC with minimal RTP packet changes (without DSP resources)
• Solves SIP compatibility, NAT, Firewall and Security issues
• All ‘audio’ coders in received offer are included in the outgoing offer

IP-PBX ITSP

SIP Signaling
Media

292
Transparent – SDP Offer/Answer
Incoming SDP Offer SBC Outgoing SDP Offer
10.15.11.1
v=0
v=0
o=- 3 1 IN IP4 10.15.10.2
o=- 75634723 75634691 IN IP4 10.15.11.1
s=session
s=session
c=IN IP4 10.15.10.2
c=IN IP4 10.15.11.1
b=CT:1000
b=CT:1000
t=0 0
t=0 0
m=audio 54434 RTP/AVP 97 101 13 0 8
m=audio 6010 RTP/AVP 97 0 8 101 13
c=IN IP4 10.15.10.2
c=IN IP4 10.15.11.1
a=rtcp:54435
a=label:Audio
a=label:Audio
a=sendrecv
a=sendrecv
IP-PBX a=rtpmap:97 RED/8000
a=rtpmap:97 RED/8000
a=rtpmap:101 telephone-event/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
ITSP
a=fmtp:101 0-16
a=rtpmap:13 CN/8000
a=rtpmap:13 CN/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:8 PCMA/8000
a=ptime:20
a=ptime:20

Outgoing Answer Incoming Answer

10.15.10.2 10.15.10.5
v=0 v=0
o=AudiocodesGW 70175937 70175905 IN IP4 o=AudiocodesGW 1628231370 1628231340 IN IP4
10.15.11.1 10.15.10.5
s=Phone-Call s=Phone-Call
c=IN IP4 10.15.11.1 c=IN IP4 10.15.10.5
t=0 0 t=0 0
m=audio 6510 RTP/AVP 0 101 13 m=audio 6010 RTP/AVP 0 101 13
c=IN IP4 10.15.11.1 c=IN IP4 10.15.10.5
a=sendrecv a=sendrecv
a=ptime:20 a=ptime:20
a=rtpmap:0 PCMU/8000 a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000 a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15 a=fmtp:101 0-15

293
Media Anchoring without Transcoding (Transparent)

• To direct RTP to flow through SBC, all IP address fields in the SDP are modified:
• IP-Address, Session and Version ID
• Session connection attribute
• Media connection attribute
• Media port number

294
Media Anchoring with Transcoding
• SBC performs transcoding when there are no common coders between 2 UAs involved in a
specific session
• RTP traverses the SBC and each leg uses a different coder or coder parameters
• Transcoding is performed when an SDP answer from one UA does not include any coder
included in offer previously sent by the other UA
• For transcoding, SBC can be configured to add media capabilities to UAs of a specific IP
Group, then perform transcoding when selected coder in answer SDP doesn’t appear in
original offer
• DSP resources are required

IP-PBX ITSP

SIP Signaling
Media A
Media B 295
Transcoding using Extended Coders
SBC
Incoming SDP Offer Outgoing SDP Offer
10.15.11.1
v=0 v=0
o=- 2 1 IN IP4 10.15.10.2 o=- 1316661404 1316661372 IN IP4 10.15.11.1
s=session s=session
c=IN IP4 10.15.10.2 c=IN IP4 10.15.11.1
b=CT:1000 b=CT:1000
t=0 0 t=0 0
m=audio 52910 RTP/AVP 97 101 13 0 8 m=audio 6000 RTP/AVP 97 0 8 18 101 13
c=IN IP4 10.15.10.2 c=IN IP4 10.15.11.1
a=label:Audio
a=rtcp:52911
a=sendrecv
a=label:Audio a=rtpmap:97 RED/8000
a=sendrecv
IP-PBX a=rtpmap:97 RED/8000
a=rtpmap:101 telephone-event/8000

a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=rtpmap:13 CN/8000
ITSP
a=fmtp:101 0-16 a=rtpmap:0 PCMU/8000
a=rtpmap:13 CN/8000 a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000 a=ptime:20
a=rtpmap:8 PCMA/8000 a=rtpmap:18 G729/8000 Extended Coder
a=fmtp:18 annexb=no
a=ptime:20

Outgoing Answer Incoming Answer

10.15.10.2 v=0 10.15.10.5
v=0
o=AudiocodesGW 714959952 714959922 IN IP4
o=AudiocodesGW 1311275284 1311275250 IN IP4
10.15.10.5
10.15.11.1
s=Phone-Call
s=Phone-Call
c=IN IP4 10.15.10.5
c=IN IP4 10.15.11.1
t=0 0
t=0 0
m=audio 6000 RTP/AVP 18 101
m=audio 6500 RTP/AVP 0 101 13
c=IN IP4 10.15.10.5
c=IN IP4 10.15.11.1
a=sendrecv
a=sendrecv
a=ptime:20
a=ptime:20
a=rtpmap:18 G729/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
Transcoding a=rtpmap:101 telephone-event/8000
a=rtpmap:0 PCMU/8000
a=fmtp:101 0-15
296
Transcoding Modes
• SBC typically passes RTP packets transparently (RTP-to-RTP) between 2 UAs
• Forced transcoding of voice in the SBC enables capabilities not negotiated between SBC legs
• e.g., when one leg supports Silence Suppression and other doesn’t
• Number of Media Channels parameter by default configured as ‘-1’ meaning maximum,
as defined by the License Key – ‘DSP Channels’, available for transcoding

297
SRTP-RTP Transcoding

• SBC supports SRTP-RTP transcoding

• IP Profile parameter SBCMediaSecurityBehaviour enforces SBC legs to use SRTP/RTP
• Options:
• As is: SBC passes the media as is (default)
• SRTP: SBC leg negotiate only SRTP media lines
• RTP media lines are removed from incoming SDP Offer/Answer
• RTP: SBC leg negotiate only RTP media lines
• SRTP media lines are removed from incoming Offer/Answer
• Both: Each Offer/Answer is extended (if it hasn’t been already) to two media lines – one
RTP and the other SRTP

298
SRTP-RTP Transcoding Mode

299
Media Security
• Enable Media Security

300
Extension Coders

• Extends the Media offering’s coders

• Extended coders are added only on the outgoing leg

Add G.729
G.711 + G.723 G.711 + G.723 + G.729

Group 2
Extended coder list contains:
G.711, G.729

301
Extension Coders
• Select from ‘Coder Name’ drop-down
• Select coder parameter values: ‘Packetization Time’, ‘Rate’, etc…

302
Extension Coders
• Assign Coder Group to IP Profile

303
Allowed Coders Group

• Determine coders to be used for a specific SBC leg

• Excluded coders are removed from the SDP offer

Remove G.723
G.711 + G.723 G.711

Group 2
Allowed Coders Group contains:
G.711

304
Allowed Coders – Incoming Offered

• At least one incoming coder must be in the Allowed Coders Group

Call Dropped

G.711 + G.723

Group 1 Group 2
Allowed Coders Group contains: Allowed Coders Group contains:
G.726 G.711
G.729

Remove G.723
G.711 + G.723 G.711

Group 1 Group 2
Allowed Coders Group contains: Allowed Coders Group contains:
G.711 G.711
G.726 G.723
305
Allowed Audio Coders Group

306
Assign Allowed Audio Coder Group to IP Profile

307
Change Coder Priority

• Allowed Coders used to prioritize coder

• Coder with highest priority will be first listed

Group 1 Group 2
Allowed coder list: Allowed coder list:
G.711 G.729
G.723 G.711
G.723
G.723 + G.711 G.711 + G.723 + G.729

Answer Coder Answer Coder

G.711 (200 OK) Group 2 G.711 (200 OK)
Extended Coder:
G.729

308
Allowed Coders Mode

• Determines mode of Allowed Coders feature

• Impacts Coders priority

309
Allowed Coders Mode

• Restriction
• Checks for a match between Allowed Coders of the incoming group and the offered
coders
• At least one must match
• SBC removes all coders arriving in incoming SDP except matched coders in outgoing
Allowed Coders Group (only coders common to offered SDP and Allowed Coders Group
are used)
• Preference
• SBC reprioritizes coders based on Allowed Coders Group
• The coders received in the SDP offer are listed after the Allowed Coders
• Restriction and Preference
• Enables both, removes disallowed coders and reprioritizes coders

310
SBC Preferences Mode
• Orders the coders in the outgoing SIP message
• Applicable only if an Extension Coders Group is assigned to the IP Profile
• Doesn’t Include Extensions = Extension coders are added at the end of the coder list (default)
• Include Extensions = Extension coders arranged according to order in the Allowed Coders Group
table

311
Change Coder Priority – Include Extensions

• Allowed Coders used to prioritize coder

• Based on the coder list the Outgoing Offering will send
• Coder with highest priority will be first listed

Group 1 Group 2
Allowed coder list: Allowed coder list:
G.711 G.729
G.723 G.711
G.723
G.723 + G.711 G.729 + G.711 + G.723

Answer Coder Answer Coder

G.711 (200 OK) Group 2 G.729 (200 OK)
Extended Coder:
G.729

312
Coder Transcoding Flow
SBC Leg 1 SBC Leg 2
SBC

Allowed Extension Allowed

Coders Coders Coders
IP Group 1 IP Group 2
IP Profile IP Profile

Allowed Extension Allowed

Coders Coders Coders

313
Media Handling Example 1

• IP-PBX supports G.711A-law and G.729

• ITSP supports only G.729
• No special media limit

IP-PBX: ITSP:
G.711A-law G.729
G.729

314
Media Handling Example 1

• Special coder configuration not necessary

IP-PBX SBC ITSP

G.711A + G.729
No Change
G.711A + G.729

G.729
No Change
G.729

315
Media Handling Example 2

• IP-PBX supports G.711A-law and G.729

• ITSP supports only G.729 and G-711A-Law
• Issue: ITSP would like to works only with G.729 (it required not to send G.711A-law)

IP-PBX: ITSP:
G.711A-law G.729
G.729 G711A-Law

316
Media Handling Example 2

• To avoid G.711A negotiation, remove it from the outgoing offer

• Create Allowed Audio Coders Group and select only G.729 coder

317
Media Handling Example 2

• In ITSP’s IP Profile, assign the Allowed Audio Coders Group, to offer only G.729

318
Media Handling Example 2

IP-PBX SBC ITSP

G.711A + G.729
Remove
G.711A
G.729

G.729
No Change
G.729

319
Media Handling Example 3

• IP-PBX supports only G.711A-law

• ITSP supports G.729
• Issue: There isn’t a common coder

IP-PBX: ITSP:
G.711A-law G.729

320
Media Handling Example 3

• Add G.729 to the outgoing offering:

• Create a Coders Group (AudioCodersGroup_2) and select G.729 from the drop-down

321
Media Handling Example 3

• To avoid G.711A negotiation, remove it from the outgoing offer

• Create Allowed Audio Coders Group and select only G.729 coder

322
Media Handling Example 3
• In ITSP’s IP Profile, assign the Extension Coders Group (AudioCodersGroup_2), to add G.729
to the offering
• In ITSP’s IP Profile, assign the Allowed Audio Coders Group, to send only G.729 to ITSP

323
Media Handling Example 3

IP-PBX SBC ITSP

G.711A Add
G.729

Remove
G.711A
G.729

G.729

Transcoding
G.711A

324
Media Handling Example 4

• IP-PBX supports G.711A-law, G.711U-law and G.723

• ITSP supports only G.729, G711A-law and G.726
• Issue:
• Add G.729 and G.726 to the outgoing offering
• Remove G.711U-law and G.723 from the outgoing offering
• Change the coders order

IP-PBX: ITSP:
G.711A-law G.729
G.711U-law G.711A-law
G.723 G.726

325
Media Handling Example 4

• Create an Allowed Audio Coders Group and select G.729, G.711A and G.726 coders

326
Media Handling Example 4

• Add G.729 and G.726 to the outgoing offering:

• Create Coders Group (AudioCodersGroup_2) and select G.729 and G.726 coders

327
Media Handling Example 4
• In ITSP IP Profile:
• Extension Coders Group (AudioCodersGroup_2), to add G.729 and G.726 to the outgoing
• ITSP Allowed Audio Coders Group, to remove G.711U and G.723
• Allowed Coders Mode = Restriction and Preference, to perform both
• In Media Settings (SBC Settings):
• Preferences Mode = Include Extensions,
to reorganize the coders

328
Media Handling Example 4

IP-PBX SBC ITSP

G.711A+G.711U+G.723
Add
G.729 + G.726

Remove
G.711U+G.723
G.729+G.711A+G.726

G.729

Transcoding
G.711A

329
Check your Learning

❑The default Media handling mode is:

A. Media Anchoring without transcoding
B. Media Anchoring with transcoding
C. No Media Anchoring
D. None of the above

❑The media handling mode that saves bandwidth is:

A. Media Anchoring without transcoding
B. Media Anchoring with transcoding
C. No Media Anchoring
D. None of the above

330
Check your Learning

❑The extension coder group should be assigned to:

A. IP Group
B. IP Profile
C. Media Profile
D. Bandwidth Profile

❑The extended coders are added by default:

A. At the end of the coder list
B. First listed
C. At the middle of the list
D. In a random way

331
Check your Learning

❑Manipulation on the offered coder list is required:

A. When there is only one common coder between 2 UAs involved
B. When no common coder between 2 UAs involved
C. Always
D. Depends on the destination IP group type

332
Hands-on Lab 3

SBC Transcoding
Lesson 11

SBC Number & Message Manipulation

Lesson Objectives

• After completing this lesson, you’ll:

• Understand the reasons for Number & Message Manipulation

• Know how to perform Number & Message Manipulation

335
SBC Manipulations

• Manipulations include:

• Number Manipulations (Inbound & Outbound)

• Message Manipulations (Inbound & Outbound)

336
Reminder – CMR Process (CMR = Classify, Manipulate, Route)

Incoming Outgoing
Classification Routing
Message Message
Pre - Parsing
Manipulation
(Optional)
(SIP Interface) Inbound MMS Outbound MMS

Pre-Classification Manipulation
(SIP Interface)

Inbound Source and/or Destination Outbound Source and/or Destination

Number Manipulation Number Manipulation

Optional
337
SBC Number Manipulation

• Done according to manipulation tables, similar to what’s done for routing

• Select manipulation rule in a table according to:
• Source IP Group
• Source and/or destination host and/or user prefixes
• Outbound manipulations are done after routing
• Outbound manipulation rule matching can be done by destination IP Group

338
SBC Inbound Number Manipulations

• Configure rules to manipulate SIP URI user part (source and destination) of inbound
SIP dialog requests
• Apply these to different SIP dialog message types (INVITE or REGISTER)
• Manipulation of Destination URI user part performed on these SIP headers:
• Request URI
• To
• Remote-Party-ID (if it exists)
• Manipulation of Source URI user part is performed on these SIP headers:
• From
• P-Asserted (if it exists)
• P-Preferred (if it exists)
• Remote-Party-ID (if it exists)
339
SBC Inbound Number Manipulations

Action to take area

Matching area

340
SBC Inbound Number Manipulations – Match Area
• Name
• Additional Manipulation: use same matching
condition as row listed above
• Manipulation Purpose: Defines the purpose
of the manipulation
• Request Type: SIP request type to which the
rule is applied
• Source IP Group: the IP Group from where the
incoming INVITE is received
• Source Username Pattern
• Source Host
• Destination Username Pattern
• Destination Host

341
SBC Inbound Number Manipulations – Action Area
• Manipulated Item: Determines whether the Source or Destination SIP URI user part is
manipulated
• Remove From Left
• Remove From Right
• Leave From Right: Defines the number of characters that you want retained from
the right of the user part
• Prefix to Add
• Suffix to Add

342
SBC Outbound Number Manipulations
• Configure rules to manipulate SIP URI user part (Source and Destination) of outbound
SIP dialog requests
• Rules correspond to Source IP Group and Source and Destination host and user prefixes
• Rules can be applied to user-defined SIP request type (INVITE, OPTIONS, SUBSCRIBE
and/or REGISTER)
• Manipulation of Destination URI user part performed on these SIP headers:
• Request URI
• To
• Remote-Party-ID (if it exists)
• Manipulation of Source URI user part is performed on these SIP headers:
• From
• P-Asserted (if it exists)
• P-Preferred (if it exists)
• Remote-Party-ID (if it exists)

343
SBC Outbound Number Manipulations

Action to take area

Matching area

344
SBC Outbound Number Manipulations Match Area
• Same parameters as inbound, except for:
• Call Trigger
• Reason for the re-routing of the SIP request:
Any, 3xx, REFER, 3xx or REFER, Initial only
• Destination IP Group
• IP Group where the INVITE is being sent
• Calling Name Pattern
• Pattern of the calling name (Caller ID)
Appears in the SIP From header
• Message Condition
• Assigns a Message Condition rule as a matching
characteristic
• Destination Tags
• Assigns a prefix tag to denote destination URI
user names corresponding to the tag configured
in the associated Dial Plan
• Reroute IP Group
• Defines the IP Group that initiated (sent) the SIP
redirect response. The parameter functions
together with the 'Call Trigger' parameter
345
SBC Outbound Number Manipulations Action Area

• Same parameters as in Inbound except for:

• Privacy Restriction Mode
• Determines user privacy handling by restricting source user identity in outgoing SIP dialogs

346
Message Manipulation

347
Why SIP Message Manipulation?
• Key SBC requirements:
• Each customer has distinct requirements for SBC fundamentals of Security, Interworking and
Interoperability
• Multiple devices support SIP but do not interwork because of differences in how the protocol
is implemented or interpreted
• Manipulation customizes SIP messaging on either side to what devices in that network
segment expect
• ITSPs or enterprises may have policies for which SIP messaging fields should be present before
a SIP call enters their network
• Resolves incompatibilities between SIP devices inside the enterprise network or between
networks
• Self-service programmable tool that saves the time required to develop a software ‘patch’ for
each customer

348
Message Manipulation
• A combination of rules, specified as a set or group of actions, to be attached to an IP Group
• On the SBC application Message Manipulation rules can be applied pre- or post-classification
• Pre-classification Process:
• On incoming SIP dialog-initiating messages (e.g., INVITE) prior to the classification process
• The Manipulation Set ID is assigned to the SIP Interface on which the call is received
• Post-classification Process:
• On inbound and/or outbound SIP messages after the call has been successfully classified
• The Manipulation Set ID is assigned to the relevant IP Group in the IP Group table

349
Message Manipulation Set (MMS)

• IP Group pages display 2 fields:

• Inbound manipulation set

• Set of rules to apply to incoming messages (from this IP Group)

• Outbound manipulation set

• Set of rules to apply to outgoing messages (to this IP Group)

350
Message Manipulation

INVITE sip:5550000@10.15.5.1;user=phone
LAN From: <sip:4000@10.15.5.5>;tag=1c1218068773
To: <sip:5550000@10.15.5.1;user=phone>
P-Asserted-Identity: <sip:4000@10.15.5.5>
Session-Expires: 300

MMS 1
Incoming IP Group 1
Remove: P-Asserted-Identity
INVITE sip:5550000@10.15.5.1;user=phone
From: <sip:4000@10.15.5.5>;tag=1c1218068773
To: <sip:5550000@10.15.5.1;user=phone>
Session-Expires: 300
MMS 2
Outgoing IP Group 2
Change Session-Expires
Add Priority: normal
INVITE sip:5550000@ITSP.com;user=phone SIP/2.0
From: <sip:9764000@audiocodes.com>;tag=1c456353708
To: <sip:5550000@ITSP.com;user=phone>
WWW Session-Expires: 100
Priority: normal

351
Message Manipulation

INVITE sip:4000@10.15.5.5;user=phone SIP/2.0

LAN From: <sip:5550000@10.15.5.1>;tag=1c1759077219
To: <sip:4000@10.15.5.5;user=phone>
Referred-By: <tel:5550001>;reason=unconditional;counter=1
Session-Expires: 300

MMS 3
Outgoing IP Group 1
Add: Session-Expires
INVITE sip:9764000@audiocodes.com;user=phone SIP/2.0
From: <sip:5550000@ITSP.com>;tag=1c431593140
To: <sip:9764000@audiocodes.com;user=phone>
Referred-By: <tel:5550001>;reason=unconditional;counter=1
MMS 4
Incoming IP Group 2
Replace: Diversion to Referred-By

INVITE sip:9764000@audiocodes.com;user=phone SIP/2.0

From: <sip:5550000@10.15.7.10>;tag=1c431593140
To: <sip:9764000@audiocodes.com;user=phone>
WWW Diversion: <tel:5550001>;reason=unconditional;counter=1

352
Inbound/Outbound Manipulation
• Applied per message and not per call
• For example:
• IP Group 1 has 2 Message Manipulation Sets, one for Outbound and one for Inbound, for the same call:
• Incoming INVITE goes through Inbound MMS
• 180 and 200 OK responses go through Outbound MMS
• IP Group 2 has 2 Message Manipulation Sets, one for Outbound and one for Inbound, for the same call:
• Outgoing INVITE goes through Outbound MMS
• 180 and 200 OK responses go through Inbound MMS

Invite Invite

180 IP Group 1 180

Inbound Message Manipulation Set = 1
200 OK 200 OK
Outbound Message Manipulation Set = 2

IP-PBX IP Group 2 ITSP

Inbound Message Manipulation Set = 3
Outbound Message Manipulation Set = 4

353
Message Manipulation Configuration

• Message Manipulation Table used to configure rules and relate them to a set of rules
• Rule configuration enables adding, modifying or removing most message content
• A rule can be conditionally applied
• Removing/Adding mandatory SIP Headers is not allowed
• Modifying Mandatory SIP Headers is allowed, performed only on requests to initiate new
dialogs
• Mandatory Headers include:
• Request URI, To, From, Contact, Via, CSeq, Call-Id and Max-Forwards
• Mandatory SDP headers include:
• v, o, s, t ,c, m
• When multiple rules apply to the same header, the second rule applies to the first rule’s
result string
• Manipulating a value in the Message body automatically changes the content-length header
354
Mandatory Headers Handling

• Request URI
• User and Host parts are subject to manipulations
• To
• User and Host parts are subject to manipulations
• TAG generated by SBC for incoming and outgoing legs; it’s different in each leg
• From
• User and Host parts are subject to manipulations
• TAG generated by remote UA for incoming leg, generated by SBC for outgoing leg
• Contact
• Local contact is set to be SBC address (IP, Port and Transport Type) according to SIP
Interface used in each leg

355
Mandatory Headers Handling (cont’d.)

• Call-ID
• Each leg has its own Call-ID without regard to peer leg
• For incoming SIP legs, it’s determined by remote UA, outgoing legs’ Call-IDs are generated
by SBC
• CSeq
• Each leg has its own call sequence (CSEQ) numbering
• Via
• Each leg has its own VIA policy without regard to peer leg
• Outgoing transactions generate their own VIA according to the SIP Interface they use

356
SIP Interface Pre-Parsing Manipulation Sets

• Messages can be manipulated in their original format (plain text) as received from
the network
• Pre-Parsing Manipulation is done before Pre-Classification Manipulation and
Classification
• Pre-parsing rules assigned to the SIP Interface
• Regular expression (regex) is used to search for (match) in the incoming message as
well as to replace the matched pattern
• Parent – Child Table type

357
Pre-Parsing Manipulation Sets

Defines a pattern, based on regex, to search for

(match) in the incoming message

Options: Defines a pattern, based on regex, to replace the matched pattern

• Any or empty
• <SIP Method>
• <SIP Method>.request
• <SIP Method>.response.<response code>
358
SIP Interface Pre-Parsing
• Assigned pre-parsing rules set to the SIP Interface

359
SIP Interface Pre-Classification
• Assigned a Message Manipulation Set ID to
the SIP Interface
• Applied SIP Message Manipulation rules on
incoming SIP initiating-dialog request
messages received on this SIP Interface, prior
to the Classification process
• By default, no Message Manipulation Set ID
is defined

360
Message Manipulation Table

• Post-Classification Process: message manipulation is done on inbound and/or

outbound SIP messages after the call has been successfully classified

361
Message Manipulation – Manipulation Set ID
• Each Manipulation Set rule contains a Manipulation Set ID
• Same Manipulation Set ID can be configured for multiple rules
• Up to 20 Manipulation sets and up to 102 rules per manipulation set (Total 1500 rules)
• Assigned to IP Group for inbound and/or outbound messages

362
Message Manipulation – Syntax

General Match Action

Manipulation Message Action
Name Row Role Condition Action Type Action Value
Set ID Type Element

363
Auto Completion Editor

• Auto-completion for parameters whose values are configured using special syntax
• An Editor button is displayed alongside their fields, which when clicked opens a
syntax editor
• As text is typed in the field the user is prompted with optional syntax

364
Auto Completion Editor

• Auto Completion is supported in the following fields:

• Message Type
• Condition
• Action Subject
• Action Value

365
Message Manipulation – Row Role
General Match Action
Manipulati Message Action Action Action
Name Row Role Condition
on Set ID Type Subject Type Value

• Determines which condition to use for this table row’s rule

• 2 options:
• Use Current Condition = use only the condition entered in this row
• Use Previous Condition = use the condition of the rule configured directly above this row
(to perform the defined action)
• When multiple manipulations rules apply to the same header, the next rule applies to the
result string of the previous rule

366
Message Manipulation – Message Type
• The Message Type to manipulate General Match Action
• Rule applied only if this is the message type Name
Manipulati
Row Role
Message
Condition
Action Action Action
on Set ID Type Subject Type Value
• Syntax: method.message-role.response-code
• Method
• Invite, Subscribe, Refer – rule applies only to specific messages
• Unknown – Unknown methods also allowed
• Any (or empty) – No limitation on method type
• Message-role
• Request – Rule applies only on requests Examples:
• Response – Rule applies only on Response message • Invite
• Response-code • Invite.Request
• 3xx – Any redirection response • Invite.Response.180
• 200 – Only 200 OK response • Register
• Any
367
Message Manipulation – Condition
• Rule-matching criteria (conditions) General Match Action
Manipulati Message Action Action Action
• If criterion (condition) exists, rule applies Name
on Set ID
Row Role
Type
Condition
Subject Type Value

• Editor Options:
• Header, Body, Param, Var, SrcTags, DstTags, Message
• Syntax: <option type> <match-type> match-condition
• Match-type
• “==” , “!=” , “>” , “<” , “>=” , “<=” , “contains” , “!contains”, “exists”, “!exists”, “len>”, “len<“, “len==“, “regex”
• Logical-expression
• “AND” – Logical And
• “OR” – Logical Or

Examples:
• header.contact contains ‘audiocodes.com’
• header.from.url.user == ‘100’ OR header.from.url.user == ‘200’ OR header.from.url.user == ‘300’
• header.from.url.user == ‘100’ AND header.to.url.user == ‘200’
368
Message Manipulation – Action Element
• SIP Header on which manipulation is performed General Match Action
Manipulati Message Action Action Action
• Message element that changes Name
on Set ID
Row Role
Type
Condition
Subject Type Value

• Syntax: ("header"/"body").message-element-name [.header-index] [.(sub-element/sub-element-param)]

• Editor Options:
• Header, Body, Param, Var, Message
• Message-element-name – Name of message element
• From, To, Application/SDP
• Header-index – Header's index in the list of headers (if several same-type headers arrive)
• 0 or none = first header
• 1 = second header Examples:
• 4 = fifth header • header.via.2
• Sub-element – Header's element • header.from
• User, Host • header.contact.url.user
• header.referred-by.url.host

369
Message Manipulation – Action Type
General Match Action
Manipulati Message Action Action Action
• The action to be performed on the element Name
on Set ID
Row Role
Type
Condition
Subject Type Value

• Syntax:
• Add = adds a new header (or parameter or body) - default
• Remove = removes a header (or parameter or body)
• Modify = sets the element to the new value (replace the entire element)
• Add Prefix = adds the value at the beginning of the element string
• Remove Prefix = removes the value from the beginning of the element string
• Add Suffix = adds the value at the end of the element string
• Remove Suffix = removes the value from the end of the element string
• Normalize = removes unknown SIP message elements before forwarding the message

370
Message Manipulation – Action Value
General Match Action
Manipulati Message Action Action Action
• Value to use in the manipulation Name
on Set ID
Row Role
Type
Condition
Subject Type Value

• Syntax: (string/message-element/param)("+"(string/message-element/param))
• String
• ‘test.local’, ‘<sip:100@1.2.10.10:5067>’
• Message-element Examples:
• header.from.user, header.contact.url.user • '3600‘
• Param • ‘Bob’
• param.ipg.src.user, param.call.dst.host • header.to.url.host
• Combination • 'Mike@'+Header.To.URL.Host.Name
• param.ipg.dst.host + ‘.com’ • Param.IPG.Dst.User+'com'

371
SIP Message Manipulation – Example Rules

372
SIP Message Manipulation – Example Rules

373
Example: Change Referred-By to Diversion
• ITSP expects Diversion and not Referred-By

374
Examples based on the Message Body (1)

• If the address in the SDP is 10.15.11.1, the SBC adds a new SIP header, "IPSource"
whose value is set to the type of the source IP Group

375
Examples based on the Message Body (2)

• If 200 OK response on ReInvite received with 0.0.0.0 in SDP address and it should be
changed to SBC address from the origin ('o=') SDP

376
Examples based on the Message Body (3)

• If the RTP mode is inactive, add a new parameter, "origin" to the From header.
The value of the parameter is set to the 'o=' address in the SDP

377
SIP Message Normalization
• Feature that can be enabled per manipulation rule when Action Type is set to "Normalize“
• Removes unknown or non-standard SIP message elements before forwarding the message
• These elements can include SIP headers, SIP header parameters, and SDP body fields
• The device normalizes the following SIP elements:
• URLs:
• User part is normalized
• Headers:
• Unknown header parameters are removed
• URLs are normalized
• SDP Body:
• Removes unnecessary SDP fields (except m=, v=, o=, s=, c=, t=, and r=)
• Removes unknown media with all its attributes

378
SIP Message Normalization – Examples

General Match Action

Manipulation Message Action Action
Name Row Role Condition Action Type
Set ID Type Subject Value
Use Current
Example 1 1 invite header.to Normalize
Condition
Use Current
Example 2 4 invite message Normalize
Condition

• Example 1:
• To header before normalization:
• To: <sip:1-800-300-500;phone-context=1@10.33.2.17;user=phone;UnknownUrlParam>
• To header after normalization:
• To: <sip:1800300500@10.33.2.17;user=phone>
• Example 2:
• All the headers to be normalized
379
SIP Message Normalization – Body Example
General Match Action
Manipulation Set
Name Row Role Message Type Condition Action Element Action Type Action Value
ID
Use Current
Example 3 4 invite body.sdp Normalize
Condition

SDP before normalization SDP after normalization

v=0 v=0
o=SMG 791285 795617 IN IP4 10.33.2.17 o=SMG 791285 795617 IN IP4 10.33.2.17
s=Phone-Call s=Phone-Call
i=A Seminar on the session description protocol c=IN IP4 10.33.2.26
u=http://www.example.com/seminars/sdp.pdf t=0 0
e=j.doe@example.com (Jane Doe) m=audio 6000 RTP/AVP 8
c=IN IP4 10.33.2.26 a=rtpmap:8 pcma/8000
t=0 0 a=sendrecv
m=unknown 6000 RTP/AVP 8 a=ptime:20
a=unknown
a=sendrecv
a=ptime:20
m=audio 6000 RTP/AVP 8
a=rtpmap:8 pcma/8000
a=sendrecv
a=unknown
a=ptime:20
380
Message and Number Manipulation – Example

LAN WWW

INVITE sip:5550000@ITSP.com;user=phone SIP/2.0

INVITE sip:5550000@10.15.5.1;user=phone SIP/2.0
Via: SIP/2.0/UDP 200.100.10.2;branch=z9hG4ac463637
Via: SIP/2.0/TCP 10.15.5.5:5050;branch=z9hG4ac8071985;alias
Max-Forwards: 10
Max-Forwards: 70
From: <sip:9764000@audiocodes.com>;tag=1c456353708
From: <sip:4000@10.15.5.5>;tag=1c1218068773
To: <sip:5550000@ITSP.com;user=phone>
To: <sip:5550000@10.15.5.1;user=phone>
Call-ID: 4563049822722010203627@200.100.10.2
Call-ID: 121806822010120101484@10.15.5.5
CSeq: 1 INVITE
CSeq: 1 INVITE
Contact: <sip:4000@200.100.10.2:5060>
Contact: <sip:4000@10.15.5.5:5050;transport=tcp>
Privacy: session
Privacy: none
P-Asserted-Identity: <sip:9764000@audiocodes.com>
P-Asserted-Identity: <sip:4000@10.15.5.5>
Priority: emergency

381
Check your Learning

❑Number Manipulation can be done in the:

A. Inbound leg before Routing only
B. Outbound leg after Routing only
C. Inbound and outbound legs
D. None of the above

❑Which one is false:

A. Outbound number manipulation rule matching can be done by destination IP Group
B. Inbound number manipulation rule matching can be done by destination IP Group
C. Outbound number manipulation rule matching can be done by source IP Group
D. Inbound number manipulation rule matching can be done by destination host

382
Check your Learning

❑By using Message Manipulation we can:

A. Use it as a trigger for an alternative routing
B. Overcome Interworking and Interoperability issues
C. Increase the bandwidth used by the UA’s
D. All of the above

❑By using the IP-to-IP manipulation tables we can manipulate the:

A. Source Number
B. Destination number
C. SIP message
D. Source number and Destination number

383
Hands-on Lab 4

SIP Header Manipulation

Lesson 12

SBC Security
Lesson Objectives

• After completing this lesson you’ll:

• Be acquainted with enterprise security threats
• Know SBC security capabilities

386
Introduction
• VoIP networks must be secured against unauthorized access (similarly to IP networks)
• Threats endangering enterprise network security:
• Denial of Service (DoS) attacks
• Network abuse and fraud
• Viruses and malware
• Overload events
• Identity theft
• Eavesdropping
• Spam over Internet Telephony (SPIT)
• These threats can exist at the following IP network border points:
• Interconnect: SIP trunks to ITSPs
• Trusted access: Private, managed IP
• Un-trusted access: Unmanaged

387
Threats

• Denial of Service (DoS) attacks

• Malicious attacks designed to cripple your VoIP network by overloading it with calls or
service requests
• Overload events
• Non-malicious periods of intense activity can also cause an increase in call signaling rates
that exceed what your infrastructure can support
• Network abuse and fraud
• An unauthorized user gaining access to your VoIP network by mimicking an authorized
user or seizing control of a SIP proxy and initiating outbound calls for free
• Viruses and malware
• Computer viruses, worms, trojan horses, and other malware can degrade performance or
completely disrupt service

388
Threats (cont.)

• Identity theft
• Phishing and "man-in-the-middle" can be used to acquire caller identification information
to gain unauthorized access to services and information
• Eavesdropping
• The ability to listen to or record calls on VoIP networks - personal privacy violations
• Spam over Internet Telephony (SPIT)
• The delivery of unsolicited calls or voicemails can inundate networks, annoy subscribers,
and diminish the usefulness of VoIP networks

389
Security Solution

• AudioCodes SBC provides a comprehensive package of security features that

handles the following two main security areas:

• Securing the Service

• Secures the call services it provides by implementing separation and defense of different
network entities (e.g., SIP Trunk, softswitch and users)
• Accomplished by the following:
• Physical separation of networks
• In a multitenant environment, an SRD per customer
• IP Groups per SIP entity

• Securing the SBC Itself

• Management
• Ensuring that only authorized users can access the management interface
• Defense against attacks on the SBC regarding SIP signaling and media (RTP)
390
Security Features
• Network
• VLAN Separation
• Firewall
• Topology Hiding
• SBC
• Advanced SIP Firewall Filtering Rules (Classification rules)
• Advanced Call Admission Control (CAC) to enforce limits
• Intrusion Detection System (IDS)
• SIP Protection – Filter methods
• Signaling Security – TLS
• Media Security – SRTP
• Block Unregistered Users
• Management
• HTTPS
• SSH/Telnet
• SNMP
391
Enhanced Multi-Tenant Security Support

• Non-bleeding partition per tenant running on a single shared physical entity

• Isolated SRDs/Tenants
• Dedicated Routing Policy per SRD/Tenant
• Call Admission Control (CAC) effectively allocated per tenant
• An isolated management and monitoring environment per Tenant

392
Topology Hiding
• Limits internal topology info displayed to external parties
• Enterprise equipment IP addresses (proxies, gateways and application servers) can be hidden
from outside parties
• Provided by implementing B2BUA leg routing
• Strips all incoming SIP Via header fields and creates a new Via value for the outgoing
message
• Each leg has its own Route/Record Route set
• Modifies SIP Header (To, From and Request-URI)
• Generates a new SIP Call-ID header value for each leg
• Changes the SIP Contact header to the SBC’s own address
• Modifies the source IP address of the SIP message

393
Topology Hiding – Example

• Host name in the From header of Invite messages received from the IP Group or the
Request-URI host name used in Invite and Register messages sent to the IP Group

394
Firewall Rules

• Allow only known sessions

• Define rules as specific as possible
• Add firewall rules per network interface
• Define bandwidth limitation per rule
• Limit traffic (for specific protocols, and/or specific port)
• Limit ICMP packets (avoid ICMP floods)
• Block all other traffic
• This rule must be the last rule listed in the table
• If the end of the table is reached without a match, the packet is accepted

395
VoIP Traffic Firewall Rules – Example

Defines the firewall action to be performed

upon rule match
"Allow" = (Default) Permits these packets
"Block" = Rejects these packets

396
Call Admission Control

• Prevents overload of VoIP (overload protection) traffic

• Regulates VoIP traffic volume
• SIP-dialog rate control using the “token bucket” mechanism
• Can be applied to:
• SRD
• SIP Interface
• IP Group
• Per user within these SIP configuration entities

397
Call Admission Control Profile – Parent Table

398
Call Admission Control Rule – Child Table
Defines the maximum allowed number of
concurrent SIP dialogs
0 = Block
-1 = Unlimited

0 = Unlimited
If you configure this parameter, you must
also configure the 'Maximum Burst'
parameter to a non-zero value

Defines the maximum number of tokens

(SIP dialogs) that the bucket can hold
0 = Unlimited

Defines the maximum allowed number of

All = (Default) concurrent SIP dialogs per user that can be
INVITE handled per second
SUBSCRIBE
Other = All SIP request types except INVITEs and
SUBSCRIBEs (e.g., REGISTER) Defines the guaranteed (minimum) call capacity
0 = No reserved capacity
Reserved call capacity is applicable only to IP Groups and SRDs
Both = (Default) Rule applies to inbound and outbound SIP dialogs Reserved call capacity is applicable only to INVITE and SUBSCRIBE messages
Inbound = Rule applies only to inbound SIP dialogs The total reserved call capacity configured for all CAC rules must be within
Outbound = Rule applies only to outbound SIP dialogs the device's total call capacity support

399
Encryption

• TLS:
• SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
• Re. Handshake
• Mutual authentication
• Certificate Revocation Checking
• Verify Subject Alt Name against the provisioned proxy name

• Secure RTP (SRTP):

• RFC 4568 (voice, video)
• SRTP enforcement

400
Secure SIP using TLS

• TLS-over-TCP protocol to best secure the device's SIP signaling connections

• TLS provides encryption and authentication of SIP signaling for your VoIP traffic
• AudioCodes recommends implementing only TLS to avoid flaws in SSL
• TLS Contexts Table
• The TLS Contexts Table lets you configure up to 15 TLS certificates
• The device is shipped with a default TLS Context (ID 0 and string name "default")
• Enables to use different TLS certificates for IP Groups
• Assigning a specific TLS Context to the Proxy Set and/or SIP Interface associated with the
IP Group

401
Generating a Certificate Signing Request (CSR)

402
Signed CSR to be loaded

403
Trusted root certificate

404
Secure Media (RTP) Traffic

• Use Secured RTP (SRTP) for encrypting the media

• SRTP is enforced on the SBC legs, using IP Profiles

405
Block Unused SIP Ports

• Each port is vulnerable to attack

• Select port 0 in SIP Interfaces Table when transport type unused
• Use uncommon ports (not 5060) if possible

406
Classification Table
• Define Strict Classification Rules
• Define a combination of rules to guarantee correct sender identity
• Use Condition rules to increase the strictness of the Classification process
• If the IP address of the IP Group is known, it is recommended to employ classification based on a
Classification rule, where the rule is configured with not only the IP address, but also with SIP message
characteristics to increase the strictness of the classification process
• If the IP address is unknown, in other words, the Proxy Set associated with the IP Group is configured
with an FQDN, it is recommended to employ SIP dialog classification based on Proxy Set

407
Condition Table

• Enables enhancing the process of classifying using SIP Message headers

• Rules later assigned to Classification Table rules
• SIP message conditions configured using the same syntax (match-condition) as in
the Message Manipulation Table

408
Message Policy Table
• SIP message policy rules for blocking (blacklist) unwanted incoming SIP messages or
allowing (whitelist) receipt of desired messages
• Blacklist and whitelist for defined methods and for defined bodies
• Assigned to SIP Interfaces associated with the relevant IP Groups

409
Intrusion Detection System (IDS)

• The device's Intrusion Detection System (IDS) feature detects malicious attacks on
the device
• The IDS configuration is based on IDS Policies/set of rules
• Each rule defines a type of malicious attack to detect and the number of attacks
(alarm threshold)
• SNMP traps send to notify of malicious activity and/or whether an attacker has
been added to or removed from the blacklist

410
IDS Tables

• Global Parameters – enables IDS

• Policy Table – defines IDS Policies and Rules
• Match Table – assigns the IDS Policies to targets under attack (SIP Interface) and/or
source of attacks (Proxy Set and/or subnet address)

411
IDS Policy Table

• The device provides pre-configured IDS Policies

• DEFAULT_FEU: IDS Policy for far-end users in the WAN
• DEFAULT_PROXY: IDS Policy for proxy server
• DEFAULT_GLOBAL: IDS Policy with global thresholds
• These default IDS Policies are read-only and can’t be modified

412
Configuring IDS Rule Table

• Configure for each IDS Policy set of IDS rules that block dynamically based on
reasons:

413
IDS Match Table

• Assigning IDS Policies to any, or a combination of the following configuration entities:

• SIP Interface
• Proxy Set
• Subnet addresses

414
Block Unclassified Incoming Calls
• Block incoming calls that cannot be classified to an IP Group, or based on the rules in the Classification table
• If unclassified calls aren’t blocked they’re sent to the default SRD/IP Group, so illegal calls can pass
• SBC rejects unclassified calls by default

415
Registration Restriction Control

• Limiting Number of Registrations:

• Limits the number of users that can register with the device per
• IP Group
• SIP Interface
• SRD

• By default, no limitation exists

416
Limit SBC Registered Users per IP Group

• Limit number of registered users per IP Group

417
Limit SBC Registered Users per SIP Interface

• Limit number of registered users per SIP Interface

• Ensures that illegitimate users are blocked from registering with this SIP Interface

418
Limit SBC Registered Users per SRD

• Limit number of registered users per SRD

419
Registration Restriction Control

• Block Incoming Calls from Unregistered Users

420
Block Unregistered Users
• Blocks unregistered users’ calls per SRD or SIP Interface
• 503 Server Internal Error response message sent
• By default calls from unregistered users are not blocked (Accept All)

421
Block Unauthenticated Registration
• Blocks unauthenticated users from registering into the SBC’s database per SRD or SIP Interface
• SBC then only registers users authenticated by a SIP proxy server

422
Define Strict IP to IP Routing Rules
• Define specific IP2IP routing rules accurately and correctly avoiding asterisks (*) if possible
• Route Source IP Group to Destination IP Group correctly to achieve the required call outcome
• Inaccurate or weak routing rules can easily result in Service Theft

423
Secure Management Connections

• Change management User Name and Password

User levels:
Monitor
Administrator
Security Administrator
Master

424
Secure Management Connections (cont.)
Allows the same user account to log in to the device
from different sources (i.e., IP addresses). Default is 2

Defines a Secure Socket Shell (SSH) Defines the duration (in days) of
public key for RSA public-key the validity of the password. 0
authentication (PKI) of the remote means that the password is always
user when logging into the device's valid. The default is 90
CLI through SSH

Defines the duration (in minutes) of

Web inactivity of a logged-in user,
after which the user is automatically
logged off the Web interface.
New = (Default) User is required to change its password
on the next login.
Valid = User can log in to the Web interface as normal.
Defines the duration (in seconds) for which the user is
Failed Login = This state is automatically set for users that
blocked when the user exceeds a user-defined number
exceed a user-defined number of failed login attempts
of failed login attempts
Inactivity = This state is automatically set for users that
have not accessed the Web interface for a user-defined
number of days

425
Authentication Server

Enable RADIUS login

Enable LDAP login

426
Secure Management Connections (cont.)

• Define HTTPS Only (Secured Web Connection)

427
Secure Management Connections (cont.)

• Secure Telnet and SSH sessions

428
Secure Management Connections (cont.)

• Define Authorized WEB, Telnet and SSH Access List

429
Secure Management Connections (cont.)

• Secure SNMP interface access

430
Check your Learning

❑CAC profile can be attached in the following tables:

A. IP Group , Proxy Set, SIP Interface
B. IP Group , Proxy Set, SRD
C. IP Group , SIP Interface, SRD
D. IP Group , SIP Interface, Classification

❑Condition rule can be applied in:

A. SRD table
B. SIP Interface table
C. IP Group table
D. Classification table

431
Check your Learning

❑Message Policy rules are assigned in:

A. SRD table
B. SIP Interface table
C. IP Group table
D. IP Interface table

❑IDS is:
A. Parameter in IP group table
B. Mechanism related to call admission control
C. Parameter in IP profile table
D. Mechanism that detects malicious attacks on the device

432
Lesson 13

Gateways Introduction
Objectives

• After completing this lesson you will:

• Be familiar with AudioCodes Gateways
• Know how to configure the PSTN interface
• Understand the call routing mechanism
• Understand the number manipulation mechanism

434
Analog Gateways Overview
• Analog FXS and FXO VoIP gateways
• Available configurations:
• MP-112 featuring 2 FXS ports
• MP-114 featuring 4 FXS / FXO / Mixed FXS + FXO ports
• MP-118 featuring 8 FXS / FXO / Mixed FXS + FXO ports
• MP-124 featuring 24 FXS ports
• MP-1288 featuring up to 288 FXS ports
• Firmware file:
• MP-11x gateways (FXS and FXO) use the same firmware (.cmp) file *
• MP-124 gateway requires it own firmware file *
• MP-1288 gateway requires it own firmware file

Note: The latest maintenance firmware version for MP-11x and MP-124 is 6.6

435
Analog Gateways Portfolio

MP-112 MP-114 MP-118 MP-124 MP-1288

Number of
analog ports
2 4 8 24 288

FXS / FXO FXS FXS / FXO FXS / FXO FXS FXS

Power Supply AC AC AC AC / DC AC / DC

436
MP-11x Front Panel

437
MP-11x Rear Panel

438
MP-124 Front Panel

439
MP-124 Rear Panel

Item Label Component Description

1 Protective earthing screw
AC power supply socket.
100-240 V~ / 50 - 60Hz 0.8A
Note: Applicable only to the AC-powered model.
2
DC inlet for a DC terminal block.
48V 1.3A
Note: Applicable only to the DC-powered model.
3 ANALOG FXS LINES 1–24 50-pin Telco connector, providing up to 24 analog lines.
4 RS-232 DB-9-pin male port for serial (RS-232) communication.
5 ETHERNET RJ-45 port for 10/100Base-TX Ethernet interface.
440
Analog Lifeline Support
• Provides a wired analog POTS connection to any PSTN or PBX FXS port when power fails or
when the network connection fails
• Available configurations:
• FXS only: A single Lifeline connected to Port #1 using a splitter
• Mixed FXS and FXO: Splitter not required - all FXS ports automatically connected to FXO ports
(e.g., FXS Port 1 to FXO Port 5)
• FXO only: Lifeline not available
• Activated by parameter LifeLineType
Telephone PBX/PSTN

Telephone
PBX/PSTN
441
Digital Gateways Overview

• Digital PRI and BRI VoIP gateways

• SBC capability (some of them)
• Up to 16,000 simultaneous calls (M8000)
• Gateway types:
• Small: Mediant 500L, Mediant 500, Mediant 800B
• Medium: Mediant 1000B
• Large: Mediant 3000, Mediant 5000, Mediant 8000
• Note:
• The latest maintenance firmware version for Mediant 5000 and 8000 is 6.6
• The latest maintenance firmware version for Mediant 3000 is 7.0

Mediant 500L Mediant 500 Mediant 800B Mediant 1000B

Mediant 3000
442
Digital Lifeline
• PSTN Fallback (Digital):
• If power fails or there is a loss of IP network connectivity, a relay connects trunks 1 to 2
and/or 3 to 4 in the same module
• To provide the link, a metallic switch inside the module closes so that the trunk from the
PBX is routed from the module to the PSTN

Trunk

FXS

• Lifeline (Analog):
• Lifeline is provided only by Port 1 on an FXS module
443
Configuring AudioCodes’
Gateways

444
Configuring TDM Bus
• TDM Bus Clock Source (Network/Internal)
• Clock source on which the gateway synchronizes
• TDM Bus PSTN Auto FallBack Clock
(relevant if TDMBusClockSource = Network)
• Disable = Recovers the clock from the E1/T1 line
defined by parameter ‘TDM Bus Local Reference’
• Enable = Recovers the clock from any connected
synchronized slave E1/T1 line
• TDM Bus Local Reference
• Determines the Trunk ID used to synchronize the
gateway’s clock when using external clock
• PCM Law Select (A-law/µ-law)
• Usually A-Law for E1 and µ-Law for T1

445
Configuring Key Trunk Parameters

• Protocol Type
• Sets the PSTN protocol to be used for this trunk
• If ‘Protocol Type’ of all PRI trunks displays 'None', select the protocol type (E1/T1) for a single
trunk and reset the gateway
• Only after the reset you will be able to continue configuring the trunks
• Clock Master
• Determines Tx clock source of E1/T1 line
• Recovered (0) = Generate clock according to Rx of E1/T1 line
• Generated (1) = Generate clock according to internal TDM bus
• ISDN Termination Side
• User side = ISDN User Termination Side (TE)
• Network side = ISDN Network Termination Side (NT)
• Select 'User side' when the PSTN or PBX side is configured as 'Network side’ and
vice-versa
446
Configuring Key Trunk Parameters

447
Digital Trunk Points of Information

• All Trunk spans must be of the same Line Type (all E1 or all T1)
• Different flavors of same Line Type (E1/T1) can be configured on available Trunks
(e.g., E1 Euro ISDN and E1 QSIG)
• Trunks are referenced in ini file and Syslog messages as ‘0-7’ regardless of whether
physical Trunks are numbered ‘1-8’

E1 Euro ISDN E1 QSIG

448
Examples of Basic Trunk Issues

• Why do I receive this message when I try to stop a trunk?

• The trunk can’t be stopped because it provides the gateway’s clock (assuming the
gateway is synchronized with the E1/T1 clock)
• Assign a different E1/T1 trunk to provide the gateway’s clock or enable ‘TDM Bus PSTN
Auto Clock’ in the 'TDM Bus Settings' screen

449
Examples of Basic Trunk Issues

• Why do I have poor voice quality on all calls?

• Probably because the value you configured for the PCM Law Select parameter for the
Mediant is incorrect
• It must be identical to the value configured for the PCM Law Select parameter for the
PBX/PSTN
• A-law is usually used for E1 spans and µ-law for T1 spans

450
Trunk Group Table – E1/T1 and/or FXS

• Used to assign Trunk Groups, Profiles and logical telephone numbers to the
gateway's channels
• Trunks or B-Channels that are not defined are disabled

451
Trunk Group Settings

• Determines the method by which new calls are assigned to channels within each Trunk
Group ID
• If such a rule doesn't exist (for a specific Trunk Group), the global rule defined by the
Gateway General Settings’ Channel Select Mode parameter applies

452
Endpoint Phone Number Table (MP Analog Gateways)

• For analog MP gateways running firmware version 6.6

• Allows activation of the Analog Gateway ports (Channels)
• The number of endpoints depends on the MP model
• Allows entry of the channels in groups (n-m) or a separate channel number for each line
• The Phone Number value can include up to 50 characters

453
Hunt Group Setting (MP Analog Gateways)

• Allows to configure settings of up to 24 Hunt Groups

• Allows you to select the method for which IP-to-Tel calls are assigned to channels
within each Hunt Group
• If no method is selected for a specific Hunt Group, the setting of the global
parameter, Channel Select Mode (SIP General Parameters screen) takes effect

454
General Parameters (MP Analog Gateways)
• SIP Transport Type: The default transport layer for SIP calls (UDP, TCP or TLS)
• SIP Local Port: The local listening port for SIP messages (listen port)
• SIP Destination Port: SIP port for outgoing initial SIP requests (sending port)

455
Coder Group Table

• Allows you to configure coders for the Gateway

• The first coder in the list has the highest priority
• A coder can appear only once in the table
• The Packetization Time determines how many coder payloads are combined into a
single RTP packet
• The Gateway always uses the packetization time requested by the remote side for
sending RTP packets
• Enable/Disable the Silence
Suppression option per
coder

456
Routing Tables

• 2 routing tables for incoming and outgoing calls:

• Outbound IP Routing Table
• Tel-to-IP/outbound IP call routing rules
• The gateway uses these rules to route calls from Tel to IP
• Inbound IP Routing Table
• IP-to-Tel/inbound call routing rules
• The gateway uses these rules to route calls from IP to Tel
• Routing can be performed before or after manipulation rules are applied

457
Outbound IP Routing Table (Tel2IP)
• Used to route outgoing calls from Tel to IP

458
IP to Trunk Group Routing (IP2Tel)
• Used to route incoming IP calls to trunk groups
• Route the call to Trunk Group ID

459
Number Manipulation
• Number Manipulation tables for incoming and outgoing calls are provided
• Used to modify Destination and Source telephone numbers so that calls can
be routed correctly
• Manipulation can occur before or after a routing decision is made
• Using Manipulation Tables you can:
• Allow/Restrict Caller ID information (Source Number for Tel-to-IP Calls)
• Assign NPI/TON to IP-to-Tel calls
• Optionally run a second (additional) ‘round’ of number manipulations for
IP-to-Tel calls on an already manipulated number

460
Routing Mode Parameters

• The Tel to IP Routing Mode and IP to Tel Routing Mode parameters determine the
order between routing calls to Trunk Groups and manipulation of the number
• Route calls before manipulation (default)
• Route calls after manipulation

461
Check your Learning

❑A digital gateway converts in real time:

A. Loop start signaling to RTP and variable electric currents to PCM
B. ISDN to SIP and PCM to RTP
C. Loop start signaling to SIP and variable electric currents to RTP
D. All of the above

❑When I try to stop a trunk I receive an error message - what can I do:
A. Only resetting the gateway can solve this problem
B. Assign a different trunk to provide the gateway's clock
C. Wait for all calls on the trunk to be finished
D. Stop the trunk via the AdminPage

462
Check your Learning

❑Which of the following is correct for a Digital Gateway?

A. All trunk spans must be of the same Line Type (all E1 or all T1)
B. All trunk spans must be configured with the same protocol
C. ISDN Network termination should be the same in both sides
D. All answers are correct

❑Tel to IP calls are OK but IP to Tel calls fail - a possible reason for that can be:
A. Miss-configuration of the Proxy server
B. Coder mismatch
C. Glare symptoms
D. Trunk groups are defined but no IP to Tel rules are defined

463
Lesson 14

SBC Survivability
Lesson Objectives

• After completing this lesson you’ll:

• Understand the survivability concept
• Configure the SBC for survivability support
• Configure the SBC for PSTN Fallback

465
SBC Survivability

• 3 survivability features:
• Routing calls to alternative routes such as:
• ITSP
• IP-PBX
• Routing calls between user agents in the local network using a dynamic DB
(built according to registrations of SIP user agents)
• Fallback to the PSTN based on E1/T1 connection (Hybrid devices)

466
SBC Survivability

Continuous VoIP service for enterprise users on WAN isolation

ITSP-2
Soft Switch
2
PSTN WAN ITSP-1
Soft Switch
1
4

Enterprise 3
LAN SIP Signaling + Media (RTP)

ITSP Health SIP Check

Internal Calls in WAN isolation

IP to PSTN Calls in WAN isolation

467
Survivability Methodology
• Based on the IP-to-IP Routing Table
• Alternative Route Options:
• Route Row (default):
• The first route – main routing rule. SBC first attempts to route the call to it
• Alt Route Ignore Inputs:
• If the call cannot be routed to the Route Row, the call is routed to this alternative route
• This route will apply regardless of incoming SIP dialog's input characteristics
• Alt Route Consider Inputs:
• If the call cannot be routed to the Route Row, the call is routed to this alternative route
• Apply only if the incoming SIP dialog matches this routing rule's input characteristics
• Group Member Ignore Inputs:
• This routing rule is a member of the Forking routing rule
• The incoming call is also forked to the destination of this routing rule
• The matching input characteristics of the routing rule are ignored
• Group Member Consider Inputs:
• This routing rule is a member of the Forking routing rule
• The incoming call is also forked to the destination of this routing rule only if the incoming call matches
this rule's input characteristics

468
Survivability Methodology

The alternative routing entry must be defined in the next consecutive table entry index
469
SBC Survivability for IP-PBX Users

Normal Mode
Survivability Mode
Fallback to PSTN
470
Define Media Realms

471
Define SIP Interfaces
• SIP Interface IP-PBX: SIP port (5050) for IP-PBX, SBC application, assigned to MR-PBX
• SIP Interface ITSPs: SIP port (5060) for ITSPs, SBC application, assigned to MR-ITSP

472
Define Proxy Set – IP-PBX

473
Define Proxy Set – ITSP 1

474
Define Proxy Set – ITSP 2

475
Define IP Group – IP-PBX

476
Define IP Group – ITSP 1

477
Define IP Group – ITSP 2

478
IP to IP Routing Table – IP-PBX to ITSP 1 (Primary Route)

479
IP to IP Routing Table – IP-PBX to ITSP 2 (Alternative Route)

480
IP to IP Routing Table – ITSP 1 to IP-PBX

481
IP to IP Routing Table – ITSP 2 to IP-PBX

482
Define Alternative Routing Reasons
• Enables defining up to 20 different call release reasons for call releases
• If no response, or ICMP or SIP 408 response is received, the SBC attempts to use the
alternative route even if no entries are configured in the ‘Alternative Routing Reasons‘

483
Configure the Gateway for PSTN Fallback

• As was seen before, for the Gateway configure the following:

• On the TDM tab
• The TDM Bus Clock Source (Network/Internal)
• The TDM Bus PSTN Auto FallBack Clock (relevant if TDMBusClockSource = Network)
• The TDM Bus Local Reference
• The PCM Law Select (A-law/µ-law)
• On the PSTN tab
• The Protocol Type (E1 Euro ISDN, others)
• The Clock Master of E1/T1 line (Recovered/Generated)
• The ISDN Termination Side (User/Network side)

484
Configure the TDM Bus for the Gateway

485
Configure the Digital Trunk

486
Configure the Trunk Group – E1/T1

• Used to assign Trunk Groups, Profiles and logical telephone numbers to the
gateway's channels

487
Configure the Trunk Group Settings
• Determines the method by which new calls are assigned to channels within each Trunk Group

488
IP to Trunk Group Routing (IP2Tel)

• Used to route incoming IP calls to trunk groups

• Route the call to Trunk Group ID

489
Tel to IP Routing (Tel2IP)

• Used to route outgoing IP calls

• Route the calls to the IP-PBX IP Group

490
Define IP to IP Routing Table
• Add the Gateway entry to SBC IP-to-IP Routing Table:

491
SBC Survivability for LAN Users

Normal Mode
Survivability Mode

492
Define Proxy Set – Hosted IP-PBX

493
Define Proxy Set – Alternative Hosted IP-PBX

494
Define IP Group – Hosted IP-PBX

495
Define IP Group – Alternative Hosted IP-PBX

496
Define IP Group – LAN Users

497
Define IP to IP Routing Table

• Route between LAN Users IP Group and Hosted IP-PBX IP Group

498
Define IP to IP Routing Table

• If connection to Hosted IP-PBX fails, all calls will be routed to the Alt Hosted IP-PBX
IP Group

499
Define IP to IP Routing Table

• If connection to Alternative Hosted IP-PBX fails too, all calls will be routed back to
the LAN Users IP Group

500
Define IP to IP Routing Table

• Route between Hosted IP-PBX IP Group and LAN Users IP Group

501
Define IP to IP Routing Table

• Route between Alternative Hosted IP-PBX IP Group and LAN Users IP Group

502
Define Alternative Routing Reasons
• Enables defining up to 20 different call release reasons for call releases
• If no response, or ICMP or SIP 408 response is received, the SBC attempts to use the
alternative route even if no entries are configured in the ‘Alternative Routing Reasons‘

503
Check your Learning

❑An alternative destination can be:

A. Only an IP destination
B. Only an PSTN destination
C. IP destination or PSTN destination
D. None of the above

❑If the alternative reasons table is kept empty then:

A. Alternative routing will never occur
B. Alternative routing will occur only if 503 SIP message is received
C. Alternative routing will occur If no response, or ICMP or SIP 408 response is received
D. Alternative routing will occur in any case as long the entry is configured in IP to IP
routing table

504
Check your Learning

❑In Hosted IP PBX Survivability Mode:

A. There will be no intra LAN calls
B. There will be intra LAN calls only between AudioCodes IP Phones
C. There will be intra LAN calls only between registered IP Phones
D. None of the above

❑When a 4xx SIP message is received it means that:

A. The call can’t be establish because of a network issue
B. The call can’t be establish because of a server issue
C. The call can’t be establish because of a user issue
D. None of the above

505
Hands-on Lab 5

SBC Survivability
Lesson 15

SBC High Availability

Lesson Objectives

• After completing this lesson you’ll be able to:

• Understand the High Availability (HA) concept
• Understand the HA architecture
• Understand how to configure HA

508
High Availability Overview

• The device's High Availability (HA) feature provides 1+1 system redundancy using
two Mediant devices
• If failure occurs in the active device, a switchover occurs to the redundant device
which takes over the call handling process ensuring the continuity of call services
• All active calls (signaling and media) are maintained upon switchover
• Only IP calls are maintained during a switchover
• For those devices supporting the Gateway function, PSTN calls are dropped by sending
a SIP BYE message to the IP side. This is because only the active device is physically
connected to the PSTN interfaces

509
High Availability Architecture
• Provides full redundancy between the two Mediant devices
• One of the devices is in Active state while the second is in Redundant state
• In the Redundant device, only the Maintenance interface is active
• Management of the HA pair is done only through the Active device
• Upon a major functional failure in the Active device, the Redundant device
becomes active
• Supported in:
• Mediant 500
• Mediant 800
• Mediant 2600
• Mediant 4000
• Mediant 9000
• Software SBC

510
Two Box Redundancy – Network topology

Remote
Workers

NAT

SIP Application
Server

same subnet

Active Mediant

Local
User
Global IP Maintenance Global IP

SYNC
Network Agents
Management Management
Control Standby Mediant Control
Media Media

Enterprise
LAN

511
Two Box Redundancy flow

Remote
Workers

SIP Application
Server
Active Mediant

SYNC
Local
User
New Active
Standby Mediant
Mediant Agents

Enterprise
LAN

512
Two Box Redundancy flow

Remote
Workers

SIP Application
Server
Active
New Mediant
Standby Mediant

Local
User

SYNC
New Active Mediant Agents

Enterprise
LAN

513
HA License Key

514
High Availability Configuration

• Since both devices have the same IP address, in the initial configuration stage,
they cannot both be connected to the network
• To initially configure HA:
1. Configure HA on the first device
2. Burn the configuration to flash and power down
3. Configure HA on the second device
4. Burn the configuration to flash and reset
5. Power up the first device

515
IP Interfaces

Maintenance
Interface

516
VLAN’s

• If VLAN tags are not required for the maintenance interface, define the group as
‘Untagged’
• This will set the Native VLAN of the group to the same VLAN

517
HA Setting

• Enable the HA Preempt feature

• Set the priority level of the device in the 'Preempt Priority' field
• Typically, you would configure the active device with a higher priority level (number) than
the redundant device (range 1-10)

• The SBC can monitor a specified network entity, using pings

• If the device does not receive a ping response from the
The remote maintenance IP entity, a switchover to the redundant device occurs
interface

518
Preempt Mode

• On default configuration the system is HA symmetric – each unit that become

Active will stay Active
• The system can be configured in Preempt mode which allows specifying one of the
units as the favorite/prioritized unit between the two units
• When working in Preempt mode, each unit should be configured with priority and
whenever a unit with higher priority is recovering from a failure, it will become
active again (performs an Auto-Switchover after HA sync. has ended)

519
HA Status in the Monitor Page

• Synchronizing - Redundant device is synchronizing

with Active device
• Operational - The device is in HA mode
• Stand Alone - HA is configured, but the Redundant
device is missing and HA is currently unavailable

520
Initialization Process

• When only one device is running, it is in stand-alone state

• When the second device is loaded, it recognizes the Active device (through the
Maintenance network) and acquires the HA Redundant state
• Synchronization between the Active and Redundant devices may take several
minutes in which the Active device provides the Redundant device with all its
current configuration settings (including loaded files and *.cmp)
• Once loaded to the Redundant device, the Redundant device reboots to apply the
new configuration

521
Physical Connections

• A dedicated physical group for the Maintenance Interface

• Shared physical group – the physical port group used for the Maintenance Interface
is also used for other interfaces (i.e., OAMP, Media, and/or Control) in addition to
the Maintenance Interface

522
Direct Connection

• Direct connection (i.e., both devices are connected directly to each other without
intermediation of switches), configure the mode to 2RX/1TX:

523
Indirect Connection

• Two devices are connected through two (or more) isolated LAN switches
• Configure the mode to 2RX/2TX

• Two devices are connected to each other through a single LAN switch
• Configure the mode to 2RX/1TX

524
Tx/Rx for Ethernet Port-Pair Groups

• 1RX/1TX
• Only a single port in the group can transmit and receive packets
• 2RX/1TX
• Both ports in the group can receive packets
• Only one port can transmit
• 2RX/2TX
• Both ports in the group can receive and transmit packets

525
HA Software Upgrade

• Two types of software upgrade are available on HA system:

• System Reset – both Active and Redundant units burn and reboot with new software
version, this method is quick and simple but it does not preserve service
• Hitless – first the Redundant unit burn and reboot with new software version and a
switch over is done, then the other unit is doing the same and a switch back is issued to
return to original system setup, this method preserve service but it is more complex and
take more time

526
Device Failure Detection

• Constant keep-alive messages are sent between both devices

• Failure in Active device:
• The Redundant device issues a switch-over operation
• The failed device resets and the previously Redundant device becomes Active in stand-
alone mode
• If the failure in the Active device is repaired after reset, it is initialized as the Redundant
device and the system returns to HA
• Failure in Redundant device
• The Active device moves itself into stand-alone mode
• If the failure in the Redundant device is repaired after reset, it's initialized as the
Redundant device once again and the system returns to HA

527
High Availability Maintenance

• Manual Switch Over

• The redundant SBC take over and the active device will reset
• Reset The Redundant Board
• The redundant SBC resets

528
 Thank You

Stay in the loop