Cisco Systems OL-12397-13 Enhanced SIP Registration

2-3

Cisco BTS 10200 Softswitch SIP Feature and Provisioning Guide, Release 5.0

OL-12397-13

Chapter2 SIP Subscribers

SIP Registration and Security

When a SIP user attempts to register or set up a call, the BTS 10200 challenges the SIP subscriber based

on provisioning in the Serving Domain Name table. If the Serving Domain Name table indicates that

authentication is required, the BTS 10200 challenges the SIP request (Register/INVITE) according to

the authentication procedures specified in the SIP Protocol RFC 3261. If the BTS 10200 receives valid

credentials, the authenticated AOR from the User Authorization table identifies the subscriber based on

the Address of Record to Subscriber table. (For specific provisioning parameters, see the applicable

tables in the Cisco BTS 10200 Softswitch CLI Database.)

Registration creates bindings in the BTS 10200 that associate an AOR with one or more contact

addresses.

The registration data is replicated on the standby BTS10200. The BTS 10200 imposes a minimum

registration interval as a provisionable value. If the expiration duration of the incoming registration

request is lower than the provisioned minimum, a 423 (Interval Too Brief) response is sent to the

registering SIP endpoint.

The BTS 10200 generates a warning event when a request from a client fails authentication. This can

indicate a provisioning error or an attempt by an unauthorized client to communicate with the

BTS 10200.

The contacts registered for an AOR can be looked up using the status command, as demonstrated by the

following example.

CLI>status sip-reg-contact AOR_ID=4695551884@sia-SYS44CA146.ipclab.cisco.com

AOR ID -> 4695551884@sia-SYS44CA146.ipclab.cisco.com

USER -> 4695551884

HOST -> 10.88.11.237

PORT -> 5060

USER TYPE -> USER_PHONE_TYPE

EXPIRES -> 3600

EXPIRETIME -> Thu Jan 22 14:33:36 2004

STATUS -> REGISTERED CONTACT

Reply :Success:

Enhanced SIP Registration

SIP Registration ensures that a SIP REGISTER message to the BTS 10200 is from a provisioned

endpoint, that is, an endpoint with a provisioned secure Fully-Qualified Domain Name (FQDN) or IP

address. The feature also ensures that the source IP address and contact parameter for all originating calls

are from the provisioned SIP endpoint, and that no calls can originate from an unregistered endpoint.

Prior to Release 4.5.1, SIP endpoint registration was based on AOR, UserID, and password; there was

no verification of the origination of the REGISTER message. Certain service providers may prefer that

the source IP address of SIP requests be verified against a provisioned FQDN of the endpoint to address

the possibility of theft of VoIP service.

The BTS 10200 can indicate SECURE_FQDN provisioning for specified SIP term-type subscribers.

This indication consists of specifying an FQDN with the subscriber AOR. The FQDN is the

address/location of the SIP endpoint and is added to the AOR table. The FQDN does not have a service

port.