Cisco Systems ASR 1000 manual IPv6 Single Napt for Signaling, Send Recv

Page 93

Chapter 9 Topology Hiding

IPv6 Support

Figure 9-1illustrates a No NAPT media flow through the DBE between user side A and user side B.

Figure 9-1 No NAPT Media Flow

send

 

1

recv

send

2

recv

 

 

 

 

 

 

 

 

 

 

 

 

2001:10::10/1700210.10.231.8:

822001:11::11/28988.19. 2.134:28988

10.10.231.8:2001:10::10/17002 822001:11::11/28988.19. 2.134:28988

 

 

 

 

 

 

 

 

 

 

recv

4

send

recv

3

send

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

User Side A

 

 

DBE

 

 

 

User Side B

230526

1.User side A sends a packet from IP address and port 2001:10::10/17002 to destination address and port 2001:11::11/28988 on side B. The DBE intercepts this packet and matches it to the side A flow.

2.The DBE applies QoS policing and forwards the packet to endpoint B without changing the destination address to a DBE local media address (as is done in Single NAPT). Under No NAPT processing, the DBE does not rewrite either source or destination IP addresses and ports.

3.Side B sends a packet from IP address and port 2001:11::11/28988 to originating source address and port 2001:10::10/17002. The DBE intercepts this packet and matches it to the side B flow.

4.The DBE applies QoS policing and forwards the packet to user side A without rewriting either source or destination IP addresses and ports.

IPv6 Single NAPT for Signaling

Support of IPv6 signaling flows requires Single NAPT.

The DBE is able to translate IP addresses and port numbers in both directions of a flow. However, Single NAPT means only one IP address and port is translated. In Single NAPT processing, the flow on one side of the pinhole is programmed with a local address and port that do not belong to the SBC. Instead, that local address and port of the flow are specified by the MGC to match the remote address and port on the other side of the pinhole. Thus, incoming traffic (downstream traffic of SIP server to access side) is addressed directly to the remote endpoint and the SIP server details are hidden from subscribers. Network topology must be used to route the downstream traffic through the DBE. In one sense, Single NAPT provides one-way topology hiding.

SBC rewrites destination IP address and port for packets received from the user. SBC does not rewrite source IP address and port of packets received from the user (they are unchanged from the IP address and port of the source endpoint). Correspondingly, SBC rewrites the source IP address and port of packets received from the MGC, but not the destination IP address or port.

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

 

OL-15421-01

9-7

 

 

 

Page 92 Page 94
Image 93
Page 92 Page 94
Contents Americas Headquarters Page Iii N T E N T SQoS Bandwidth Allocation Traffic Management Package Support Local Source Properties Address and Port Vii IPv6 SupportEvents Storage Until Event Acknowledgment Document Revision History PrefaceObjectives OL-15421-01 May 5 This document was first publishedOrganization Intended AudienceDocument Conventions Related DocumentationCisco ASR 1000 Series Router Documentation Cisco IOS Release 12.2SR Software PublicationsXii Xiii Obtaining Documentation and Submitting a Service RequestXiv Contents Cisco ASR 1000 Series Routers OverviewGeneral Overview Example of SBC High Level Architecture Distributed and Unified ModelsOn page 1-3illustrates the unified model Release Feature Name Related SBC Commands Documented Supported Integrated Session Border Controller FeaturesPackage segment Cisco IOS Cisco IOS Logging Level in ConfiguringNone XE ReleaseMedia-address ipv4 Deployment of the Integrated Session Border Controller Transaction-pending commandIntegrated SBC Used for VoIP Interworking Integrated Session Border Controller DBE Deployment Scenario Configuring Integrated Session Border Controller Prerequisites for Integrated Session Border ControllerRestrictions for Integrated Session Border Controller Summary Steps PrerequisitesEnter your password if prompted Enables privileged Exec modeEnters global configuration mode Enters into interface configuration modeOwn address when connecting to the SBE Configures the DBE to use a specific IPv4 H.248 controlConfigures the H.248 controller for the DBE and enters into Controller H.248 configuration modeTroubleshooting Tips What To Do NextExamples Configuring H.248 Logging Level SBC-DBE configuration mode Creates the DBE service on the SBC and enters intoSets a specified logging level to generate detailed logs Messages sent and received. Turns on consoleEnabling H.248 Logging Requests and Responses Configuration Examples This section provides the following configuration examplesExample H.248 Log Output SBC DBE Configuration Steps Example Making Global Changes to Controllers Example == Make change to local port Following example shows the initial SBC configurationControl-address h248 ipv4 172.25.2.26 controller h248 Making Changes to Individual Controller Settings ExampleIeps Indicator Yes Topology Priority Indicator Yes Emergency IndicatorCisco H.248 Profile Overview of ProfilePackage ID Version Profile PackagesPackage ID Version Support Dependent On Information About Dtmf Interworking Dtmf InterworkingConfiguring Default Duration of a Dtmf Event RTP to SIP InterworkingSIP to RTP Interworking Configuration mode. Use the sbc-name argument to specify Enters the mode of a DBE service and enters into SBC-DBEName of the DBE service Configures the default duration of a Dtmf eventPage Restrictions for Configuring Media Address Pools Media Address PoolsPrerequisites for Implementing Media Address Pools Information About Media Address Pools Configuring Media Address PoolsEnters into SBC-DBE configuration mode Is configuredConfiguration mode Creates a port range for the configured mediaConfiguring Media Address Pools Example Traffic Management Package Support Quality of Service and Bandwidth ManagementPage Dscp Marking and IP Precedence Marking Dscp Re-MarkingsParameters on AC and per SDP on Rtcp Policing Not Using Tman Package Rtcp Policing Using Tman PackageQoS Bandwidth Allocation Rtcp PolicingTwo-Rate Three-Color Policing and Marking Enabling Two-Rate Three-Color Policing and MarkingImplementing Two-Rate Three-Color Policing and Marking DBE Restrictions Related Commands Page Enabling Optional H.248 Packages Packages-Signaling and ControlSegmentation Package Support Address Reporting PackageSession Failure Reaction Package Termination State Control Package Tsc-quiesce FeatureTsc-suspend Feature Vlan Package Syntax-Level Support 248.1v3 SupportMGC-Controlled Gateway-Wide Properties Page Services-Signaling and Control DBE Signaling Pinhole Support Extension to H.248 Termination Wildcarding Support Extension to H.248 Audit SupportFlexible Address Prefix Provisioning Locally Hairpinned Sessions Local Source Properties Address and PortTwice Napt Pinhole Hairpinning No Napt Pinhole HairpinningMGC-Specified Local Addresses or Ports Multi-Stream Terminations Nine-Tier Termination Name HierarchyRestrictions for Nine-Tier Termination Name Hierarchy Displaying the Nine-Tier Termination Name Hierarchy Information About Nine-Tier Termination Name HierarchyAbc/voice/gn/0/1/0/1/ac/3 Displaying the Nine-Tier Termination Name Hierarchy ExampleOptional Local and Remote Descriptors ServiceChange Notification for Interface Status Change Remote Source Address Mask FilteringRTP Specific Behavior Support Sbc interface-id value End Configuration Example Output Tsc-Delay Timer MAX TimerTmax-timercommand configures the value of the T-MAX timer Video on Demand VOD SupportServices-Signaling and Control Video on Demand VOD Support Services-Signaling and Control Video on Demand VOD Support Integrated Session Border Controller Security Firewall Media Pinhole Control Latch and Relatch Support Interim Authentication Header SupportLocal Source Properties Address and Port Etsi TS 102 333 version 1.1.2 Gate Management Package Napt and NAT TraversalTraffic Management Policing Topology HidingTopology Hiding IPv6 Inter-Subscriber Blocking IPv4 Twice NaptRouter# show run interface gigabitEthernet 0/1.1101 QoS Policy-Map-Based Inter-Subscriber Blocking MethodRouter# show class-map IPv6intersubscriber ACL-Based Inter-Subscriber Blocking Method IPv6 SupportIPv6 No Napt Support for Media Flows IPv6 PinholesSend Recv IPv6 Single Napt for SignalingSingle Napt Signaling Flow No Napt Pinholes Topology Hiding No Napt Pinholes High Availability Support Integrated Session Border Controller High Availability10-1 Software Redundancy Hardware RedundancyRoute Processor Redundancy RPR 10-2SSO Support Issu Support10-3 High Availability Support Issu Support 10-411-1 Quality Monitoring and Statistics GatheringBilling and Call Detail Records Congestion-threshold CommandDBE Status Notification Enhanced Event Notification and Auditing11-3 Retention and Returning of H.248 Event InformationResetting the Media Timeout Timers Association ResetSilent Gate Deletion 11-4Middlebox Pinhole Timer Expired Event Network Package Quality Alert Event11-5 Provisioned Inactivity Timer Related Command11-6 IN-1 IN-2 IN-3 Policing Asymmetric policing Ipv6 packets Pinhole Pinhole timeoutRTP specific behavior support SBE IN-4IN-5 IN-6
Top Page Image Contents