Cisco Systems ASR 1000 manual Single Napt Signaling Flow

Page 94

Chapter 9 Topology Hiding

IPv6 Support

Figure 9-2illustrates a Single NAPT signaling flow through the DBE between user side A and user side B.

Figure 9-2 Single NAPT Signaling Flow

send

1

recv

send

2

recv

 

 

 

 

 

 

 

 

 

 

 

102001:10::10/5060.10.231.15:5060 102001:88::8/2028.10.231.15:5060

10

2001:10::10/5060.10.231.15:5060 822001:11::11/5060.19. .134:5060

 

 

 

 

 

 

 

 

 

 

 

recv

4

send

recv

3

send

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

User Side A

 

 

DBE

 

 

 

User Side B

230525

1.User side A sends a packet from IP address and port 2001:10::10/5060 to the DBE’s local media address and port 2001:88::8/2028 for this pinhole. User side A only knows the DBE’s local address and port 2001:88::8/2028. The source IP address is within the specified gm/rsam, so the DBE matches this packet to the flow.

2.The DBE applies QoS policing and forwards the packet to the MGC (user side B) without rewriting the source IP address and port. Under Single NAPT processing, the DBE changes the destination address and port to 2001:11::11/5060 on the MGC (side B) by replacing 2001:88::8/2028 with side B’s address and port from the remote descriptor on side B. The MGC (side B) does not know about the 2001:88::8/2028 address and port on the DBE. After the DBE performs latching, the source address and port from side A becomes, in effect, the destination address and port in step 3 and step 4 for side B.

3.The MGC (side B) sends a packet to user side A with the destination address and port 2001:10::10/5060 copied from the source IP address and port of the packet it just received—that is, the address and port of side A. The DBE has intercepted the packet and matched it to the side B flow.

4.The DBE applies QoS policing and forwards the packet to side A without rewriting the destination IP address and port 2001:10::10/5060. However, under Single NAPT processing, the DBE rewrites the source IP address and port 2001:11::11/5060 to be 2001:88::8/2028, which is the local address and port of the side A flow.

DBE Restrictions

The following are restrictions of DBE support for IPv6 pinholes:

DBE does not support IPv6 for control communications with the SBE. H.248 communication with the controlling SBE is over IPv4 only.

DBE does not support IPv6 addresses that are not global unicast addresses.

DBE does not support IPv6 addresses that do not use the default zone.

DBE does not use the IPv6 Flow Label to classify packets. It continues to use the transport protocol type (UDP/TCP) and local and remote ports, as with IPv4. Outgoing packets originating from the DBE, such as DTMF packets, have a Flow Label of 0.

DBE does not support forwarding between IPv4 and IPv6 endpoints. In particular, 6 to 4 addresses (prefixed with 2002::/16) are treated as global unicast native IPv6 addresses.

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) link-local addresses are not supported.

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

9-8

OL-15421-01

 

 

Page 93 Page 95
Image 94
Page 93 Page 95
Contents Americas Headquarters Page N T E N T S IiiQoS Bandwidth Allocation Traffic Management Package Support Local Source Properties Address and Port IPv6 Support ViiEvents Storage Until Event Acknowledgment Objectives PrefaceDocument Revision History OL-15421-01 May 5 This document was first publishedIntended Audience OrganizationCisco ASR 1000 Series Router Documentation Related DocumentationDocument Conventions Cisco IOS Release 12.2SR Software PublicationsXii Obtaining Documentation and Submitting a Service Request XiiiXiv Cisco ASR 1000 Series Routers Overview ContentsGeneral Overview Distributed and Unified Models Example of SBC High Level ArchitectureOn page 1-3illustrates the unified model Supported Integrated Session Border Controller Features Release Feature Name Related SBC Commands DocumentedPackage segment None Cisco IOS Logging Level in ConfiguringCisco IOS XE ReleaseMedia-address ipv4 Transaction-pending command Deployment of the Integrated Session Border ControllerIntegrated SBC Used for VoIP Interworking Integrated Session Border Controller DBE Deployment Scenario Prerequisites for Integrated Session Border Controller Configuring Integrated Session Border ControllerRestrictions for Integrated Session Border Controller Prerequisites Summary StepsEnters global configuration mode Enables privileged Exec modeEnter your password if prompted Enters into interface configuration modeConfigures the H.248 controller for the DBE and enters into Configures the DBE to use a specific IPv4 H.248 controlOwn address when connecting to the SBE Controller H.248 configuration modeWhat To Do Next Troubleshooting TipsExamples Configuring H.248 Logging Level Sets a specified logging level to generate detailed logs Creates the DBE service on the SBC and enters intoSBC-DBE configuration mode Messages sent and received. Turns on consoleEnabling H.248 Logging Requests and Responses This section provides the following configuration examples Configuration ExamplesExample H.248 Log Output SBC DBE Configuration Steps Example Making Global Changes to Controllers Example Following example shows the initial SBC configuration == Make change to local portMaking Changes to Individual Controller Settings Example Control-address h248 ipv4 172.25.2.26 controller h248Cisco H.248 Profile Topology Priority Indicator Yes Emergency IndicatorIeps Indicator Yes Overview of ProfileProfile Packages Package ID VersionPackage ID Version Support Dependent On Dtmf Interworking Information About Dtmf InterworkingRTP to SIP Interworking Configuring Default Duration of a Dtmf EventSIP to RTP Interworking Name of the DBE service Enters the mode of a DBE service and enters into SBC-DBEConfiguration mode. Use the sbc-name argument to specify Configures the default duration of a Dtmf eventPage Media Address Pools Restrictions for Configuring Media Address PoolsPrerequisites for Implementing Media Address Pools Configuring Media Address Pools Information About Media Address PoolsConfiguration mode Is configuredEnters into SBC-DBE configuration mode Creates a port range for the configured mediaConfiguring Media Address Pools Example Quality of Service and Bandwidth Management Traffic Management Package SupportPage Dscp Re-Markings Dscp Marking and IP Precedence MarkingParameters on AC and per SDP on QoS Bandwidth Allocation Rtcp Policing Using Tman PackageRtcp Policing Not Using Tman Package Rtcp PolicingEnabling Two-Rate Three-Color Policing and Marking Two-Rate Three-Color Policing and MarkingImplementing Two-Rate Three-Color Policing and Marking DBE Restrictions Related Commands Page Packages-Signaling and Control Enabling Optional H.248 PackagesAddress Reporting Package Segmentation Package SupportSession Failure Reaction Package Tsc-quiesce Feature Termination State Control PackageTsc-suspend Feature 248.1v3 Support Vlan Package Syntax-Level SupportMGC-Controlled Gateway-Wide Properties Page Services-Signaling and Control DBE Signaling Pinhole Support Extension to H.248 Audit Support Extension to H.248 Termination Wildcarding SupportFlexible Address Prefix Provisioning Twice Napt Pinhole Hairpinning Local Source Properties Address and PortLocally Hairpinned Sessions No Napt Pinhole HairpinningMGC-Specified Local Addresses or Ports Nine-Tier Termination Name Hierarchy Multi-Stream TerminationsRestrictions for Nine-Tier Termination Name Hierarchy Information About Nine-Tier Termination Name Hierarchy Displaying the Nine-Tier Termination Name HierarchyDisplaying the Nine-Tier Termination Name Hierarchy Example Abc/voice/gn/0/1/0/1/ac/3Optional Local and Remote Descriptors Remote Source Address Mask Filtering ServiceChange Notification for Interface Status ChangeRTP Specific Behavior Support Sbc interface-id value End Configuration Example Output Tmax-timercommand configures the value of the T-MAX timer MAX TimerTsc-Delay Timer Video on Demand VOD SupportServices-Signaling and Control Video on Demand VOD Support Services-Signaling and Control Video on Demand VOD Support Integrated Session Border Controller Security Firewall Media Pinhole Control Interim Authentication Header Support Latch and Relatch SupportLocal Source Properties Address and Port Napt and NAT Traversal Etsi TS 102 333 version 1.1.2 Gate Management PackageTopology Hiding Traffic Management PolicingTopology Hiding IPv4 Twice Napt IPv6 Inter-Subscriber BlockingQoS Policy-Map-Based Inter-Subscriber Blocking Method Router# show run interface gigabitEthernet 0/1.1101Router# show class-map IPv6intersubscriber IPv6 Support ACL-Based Inter-Subscriber Blocking MethodIPv6 Pinholes IPv6 No Napt Support for Media FlowsIPv6 Single Napt for Signaling Send RecvSingle Napt Signaling Flow No Napt Pinholes Topology Hiding No Napt Pinholes Integrated Session Border Controller High Availability High Availability Support10-1 Route Processor Redundancy RPR Hardware RedundancySoftware Redundancy 10-2Issu Support SSO Support10-3 10-4 High Availability Support Issu SupportQuality Monitoring and Statistics Gathering 11-1DBE Status Notification Congestion-threshold CommandBilling and Call Detail Records Enhanced Event Notification and AuditingRetention and Returning of H.248 Event Information 11-3Silent Gate Deletion Association ResetResetting the Media Timeout Timers 11-4Network Package Quality Alert Event Middlebox Pinhole Timer Expired Event11-5 Related Command Provisioned Inactivity Timer11-6 IN-1 IN-2 IN-3 RTP specific behavior support SBE Pinhole Pinhole timeoutPolicing Asymmetric policing Ipv6 packets IN-4IN-5 IN-6
Top Page Image Contents