SIP Interfaces

This section explains how to configure a SIP interface. The SIP interface defines the transport addresses (IP address and port) upon which theOracle® Enterprise Session Border Controller receives and sends SIP messages.

Overview

The SIP interface defines the signaling interface. You can define a SIP interface for each network or realm to which the Oracle® Enterprise Session Border Controller is connected. SIP interfaces support both UDP and TCP transport, as well as multiple SIP ports (transport addresses). The SIP interface also lets Hosted NAT Traversal (HNT) be used in any realm.

The SIP interface configuration process involves configuring the following features:

address and transport protocols (SIP ports)
redirect action
proxy mode
trust mode

About SIP Ports

A SIP port defines the transport address and protocol the Oracle® Enterprise Session Border Controller will use for a SIP interface for the realm. A SIP interface will have one or more SIP ports to define the IP address and port upon which the Oracle® Enterprise Session Border Controller will send and receive messages. For TCP, it defines the address and port upon which the Oracle® Enterprise Session Border Controller will listen for inbound TCP connections for a specific realm.

You need to define at least one SIP port, on which the SIP proxy will listen for connections. If using both UDP and TCP, you must configure more than one port. For example, if a call is sent to the Oracle® Enterprise Session Border Controller using TCP, which it needs to send out as UDP, two SIP ports are needed.

Preferred SIP Port

When a SIP interface contains multiple SIP ports of the same transport protocol, a preferred SIP port for each transport protocol is selected for outgoing requests when the specific SIP port cannot be determined. When forwarding a request that matched a cached registration entry (HNT or normal registration caching), the SIP port upon which the original REGISTER message arrived is used. Otherwise, the preferred SIP port for the selected transport protocol is used. When selecting the preferred SIP port, the default SIP port of 5060 will be selected over other non-default ports.

For SIP interfaces using the SIP NAT function, the preferred SIP port address and port will take precedence over the external address of the SIP NAT when they do not match. If both TCP and UDP SIP ports are defined, the address and port of the preferred UDP port is used.

Proxy Mode

The Oracle® Enterprise Session Border Controller’s proxy mode determines whether it forwards requests received on the SIP interface to target(s) selected from local policy; or sends a send a redirect response to the previous hop. Sending the redirect response causes the previous hop to contact the targets directly.

If the source of the request matches a session agent with a proxy mode already defined, that mode overrides the proxy mode defined in the SIP interface.

You can configure the proxy mode to use the Record-Route option. Requests for stateless and transaction operation modes are forwarded with a Record-Route header that has the Oracle® Enterprise Session Border Controller’s addresses added. As a result, all subsequent requests are routed through the Oracle® Enterprise Session Border Controller.

Redirect Action

The redirect action is the action the SIP proxy takes when it receives a SIP Redirect (3xx) response on the SIP interface. If the target of the request is a session agent with redirect action defined, its redirect action overrides the SIP interface’s.

You can set the Oracle® Enterprise Session Border Controllerto perform a global redirect action in response to Redirect messages. Or you can retain the default behavior where the Oracle® Enterprise Session Border Controller sends SIP Redirect responses back to the previous hop (proxy back to the UAC) when the UAS is not a session agent.

The default behavior of the Oracle® Enterprise Session Border Controller is to recurse on SIP Redirect responses received from the user agent server (UAS) and send a new request to the Contact headers contained in the SIP Redirect response.

Instead of this default behavior, the Oracle® Enterprise Session Border Controller can proxy the SIP Redirect response back to the user agent client (UAC) using the value in the session agent’s redirect action field (when the UAS is a session agent). If there are too many UASes to define as individual session agents or if the UASs are HNT endpoints, and SIP Redirect responses need to be proxied for UASs that are not session agents; you can set the default behavior at the SIP Interface level.

SIP maddr Resolution

Release S-C6.2.0 provides enhanced resolution of addresses found in SIP contact headers, or in the maddr (multicast address) parameter of SIP 3xx REDIRECT messages. Previous releases resolved these addresses as either a host address or as a session agent name. With Release 6.2.0 these addresses can also be resolved as session agent group (SAG) names.

Support for SAG-based resolution is provide by a new sip-config parameter, sag-lookup-on-redirect. By default, SAG lookup is disabled, providing compatibility with prior releases.

The following sample SIP REDIRECT and ACLI configuration fragment illustrate enhanced processing.

Status-Line: SIP/2.0 302 Moved
Message Header
Via: SIP/2.0/UDP
192.168.200.224:5060;branch=z9hG4bKa0fs40009o90sc8oo780.1
From: <sip:1111@192.168.1.222:6000>;tag=1
To: sut <sip:2223@192.168.1.224:5060>;tag=11
Call-ID: 1-28515@192.168.1.222
CSeq: 1 INVITE
Contact: <sip:1111@192.168.1.223;maddr=test.acmepacket.com>
Privacy: user;id;critical;session
P-Preferred-Identity: sipp <sip:sipp@192.168.200.222:5060>
P-Asserted-Identity: abc.com
Subject: abc
Proxy-Require: privacy,prack,abc
Content-Length: 0

session-group
        group-name                     test.acmepacket.com
        description
        state                          enabled
        app-protocol                   SIP
        strategy                       Hunt
        dest
                                       192.168.200.222
                                       192.168.200.223
...
...

In this case, when the Oracle® Enterprise Session Border Controller receives the 302, it resolves the information from maddr to a SAG name. In the above example, it will resolve to the configured SAG – test.acmepacket.com. The destinations configured in SAG test.acmepacket.com will be used to route the call.

SAG-based address resolution is based on the following set of processing rules.

When the Contact URI does not have an maddr parameter, and the hostname is not an IP Address, the Oracle® Enterprise Session Border Controller will look for a SAG matching the hostname.
When the Contact URI has an maddr parameter that contains an IP address, the Oracle® Enterprise Session Border Controller will not look for a SAG; it will use the IP Address as the target/next-hop.
When the Contact URI has an maddr parameter that contains a non-IP-address value, the Oracle® Enterprise Session Border Controller will look for a SAG matching the maddr parameter value.

The above logic can be turned on by enabling sag-lookup-on-redirect in the sip-config object as shown below.

SIP maddr Resolution Configuration

To configure the Oracle® Enterprise Session Border Controller to perform SAG-based maddr resolution:

From superuser mode, use the following command sequence to access sip-config configuration mode. While in this mode, you configure SAG-based address resolution.
```
ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# sip-config
ORACLE(sip-config)#
```
Use the sag-lookup-on-redirect parameter to enable SAG-based maddr resolution.
Use done, exit, and verify-config to complete SAG-based address resolution.

Trust Mode

The Oracle® Enterprise Session Border Controller supports the Calling Identity privacy requirements based on RFC 3323 and RFC 3325. The trust mode in the SIP interface determines whether the source and destination of a request is a trusted entity. With the implementation of this feature, the Oracle® Enterprise Session Border Controller can understand and support the privacy headers and provide the capability for anonymous packets

The Oracle® Enterprise Session Border Controller, which acts as a boundary device between the trusted platform and the untrusted Internet, understands the following headers:

Privacy Header
P-Asserted-Identity Header
P-Preferred-Identity Header

Depending on the value of these headers and the mode in which the Oracle® Enterprise Session Border Controller is being operated (B2BUA or the proxy), the appropriate actions are performed.

About the Process

On receiving a message, the Oracle® Enterprise Session Border Controller checks whether the message source is trusted or not. It checks the SIP interface’s trust mode value and, if the source is a session agent, the session agent’s trust me value. Depending on these values, the Oracle® Enterprise Session Border Controller decides whether the request’s or response’s source is trusted. If it receives message from a trusted source and the message contains the P-Asserted-Identity header field, the Oracle® Enterprise Session Border Controller passes this message to the outgoing side. The outgoing side then decides what needs to be done with this request or response.

If the request or the response is received from an untrusted source, the Privacy header value is id (privacy is requested), and the P-Asserted-Identity header field is included, the Oracle® Enterprise Session Border Controller strips the Privacy and the P-Asserted-Identity headers and passes the request or the response to the outgoing side.

If the request or the response contains the P-Preferred-Identity header and the message source is untrusted, the Oracle® Enterprise Session Border Controller strips the P-Preferred-Identity header from the request or the response and passes the message to the outgoing side.

If the source is trusted or privacy is not requested (the value of the Privacy Header is not id) and the request or the response contains the P-Preferred-Identity header, the Oracle® Enterprise Session Border Controller performs the following actions:

inserts the P-Asserted-Identity header field with the value taken from the P-Preferred-Identity header field
deletes the P-Preferred-Identity header value
passes this request or the response to the Outgoing side for the appropriate action, depending on the whether the destination is trusted or not

After the Oracle® Enterprise Session Border Controller passes the request or the response to the outgoing side, it checks whether the destination is trusted by checking the SIP interface’s trust mode value and the session agent’s trust me value (if the destination is configured as session agent).

The destination is trusted
The Oracle® Enterprise Session Border Controller does nothing with the request or the response and passes it to the destination. If the P_Asserted_Identity headers are present, they are passed to the session agent (if the destination is configured as session agent).
The destination is untrusted
The Oracle® Enterprise Session Border Controller looks at the value of the Privacy header. If set to id, the Oracle® Enterprise Session Border Controller removes all the P-Asserted-Identity headers (if present). It strips the Proxy-Require header if it is set to privacy. The Oracle® Enterprise Session Border Controller also sets the From field of SIP header to Anonymous and strips the Privacy header.

If the Privacy header is set to none, the Oracle® Enterprise Session Border Controller does not remove the P-Asserted-Identity header fields.

If there is no Privacy header field, the SD will not remove the P-Asserted-Identity headers.

To implement this feature, you need to configure the session agent’s trust me parameter to enabled (if the message source is a session agent) and the SIP interface’s trust mode to the appropriate value.

Call Duration Counters

The Oracle® Enterprise Session Border Controller maintains aggregate call duration in seconds for the current period, lifetime total and the lifetime-period-maximum. These counters are maintained for each session agent, realm, SIP Interface, and globally across the system. The call duration counter can count up to a 32 bit value, after which time it rolls over.

The call duration counters are displayed in the following show commands:

show sipd agents
show sipd realms
show sipd interface
show sipd status

Call Duration Calculation

Call duration is calculated as the time between (t1) when the ESBC receives the 200OK for the INVITE from terminating endpoint, and (t2) the time when ESBC receives the final 200OK for the BYE message from terminating endpoint, regardless of whether media is released. If the set-disconnect-time-on-bye parameter is enabled in the sip-config, then the call termination time (t2') is when the ESBC receives the BYE message originally from the endpoint ending the call.

Figure 4-1 Call Duration Calculation Example - Ladder Diagram

Example ladder diagram showing times used for calculating call durations. Refer to previous paragraph for description of call flow, refer to next table for calculating call durations from various system perscpectives on the SBC.

Table 4-1 Call Duration Calculation Example - Results

Element	Inbound Duration (sec)	Outbound Duration (sec)
Session Agent: SA-1	t2 - t1	0
Session Agent: SA-2	0	t2 - t1
Realm: InRealm	t2 - t1	0
Ream: OutRealm	0	t2 - t1
Interface: 1.1.1.1	t2 - t1	0
Interface: 2.2.2.2	0	t2 - t1

The global system call duration for the previous example is t2' - t1 seconds if the set-disconnect-time-on-bye parameter is enabled.

Configurable Timers and Counters

SIP timers and counters can be set in the global SIP configuration, and two can be specific for individual SIP interfaces.

You can set the expiration times for SIP messages, and you can set a counter that restricts the number of contacts that the Oracle® Enterprise Session Border Controller tries when it receives a REDIRECT. These are similar to two parameters in the global SIP configuration, trans-expire and invite-expire. You can also set a parameter that defines how many contacts/routes the Oracle® Enterprise Session Border Controller will attempt on redirect.

Timer to Tear Down Long Duration Calls

The Oracle® Enterprise Session Border Controller currently provides the “flow-time-limit” timer to terminate long duration calls. However, this timer is reset whenever the Oracle® Enterprise Session Border Controller receives a Re-INVITE or UPDATE message, even when it is provided for the session timer. This feature adds a non-resettable timer that, when enabled and upon expiration, tears down long duration calls.

When the “flow-time-limit” timer for terminating long media flow expires, the Oracle® Enterprise Session Border Controller sends a SIP BYE or H323 Release Complete message to tear down the long call. However, this timer is reset whenever the SBC receives a Re-INVITE or UPDATE message. In most call scenarios, long duration calls are terminated with the expiration of this timer, but there are some cases where a call can stay connected for a longer duration. For example, if a user connects to an IVR service and does not hang up the phone receiver properly, there is no way for the network provider to free up the IVR resources if the user devices send session updating requests. To prevent this situation, this feature adds a new timer session-max-life-limit, which starts when the call or session is established and does not reset for any session update, keep-alive or SBC switchover. On expiry, the call is torn down if it’s in established state.

The new timer session-max-life-limit can be provisioned in the following configuration elements, in order of precedence from highest to lowest: session-agent, realm-config, sip-interface, and sip-config. Its range of values is {0-2073600} seconds with an additional special case value of “Unlimited”, which is treated as the highest possible value. The default value is 0 (no timer).

Difference between 0 and Unlimited

No timer is created when session-max-life-limit is configured to either the value 0 or “Unlimited”, so no timeout can occur. The difference between the two values is how they are handled when determining which value of session-max-life-limit to use when there are several specified within the various configuration elements. When a session is created the timer examines both the ingress side and the egress side and, in cases where both sides have a configured value for session-max-life-limit, uses the side with the lower (stricter) value. On each side, the SBC reviews the configuration elements relevant to the session and uses the value of session-max-life-limit from the configuration element with the highest precedence (session-agent, then realm-config, then sip-interface, and lastlysip-config). When the value is set to 0, the configuration element is ignored and the next configuration element in the precedence chain is looked at. A value between 1 and 2073600 (24 days) or the value “Unlimited” is treated as a valid configured value. In this case the SBC will not move onto the next element in the precedence chain and the value is used in the final comparison between the egress and ingress values. The value “Unlimited” is viewed as the highest possible value, and therefore is considered greater than any other value it is compared against. The value 0 is skipped over and completely ignored.

For example, on the ingress side the value of session-max-life-limit in realm-config is set to 86400 and the value of session-max-life-limit in session-agent is set to "Unlimited". The session-agent value has a higher precedence than the realm-config value so, therefore, the value “Unlimited” is used for the ingress side. On the egress side the value of session-max-life-limit in realm-config is set to 43200 and the value of session-max-life-limit in session-agent is set to 0 (no timer), so the value of session-max-life-limit in realm-config is used. When compared against the ingress side the value 43200 is less than “Unlimited”; therefore, the value set for the timer is 43200.

Timer to Tear Down Long Duration Calls Configuration

Use the following procedure to configure, in the session-agent, realm-config, sip-interface, and sip-config configuration elements, a non-resettable timer that, when enabled and upon expiration, tears down long duration calls.

Although the timer occurs in four separate configuration elements, for brevity only the procedure for configuring realm-config is shown as the general procedure does not vary for the other configuration elements.

For the realm-config configuration element:

Access the realm-config configuration element.

ORACLE# configure terminal
ORACLE(configure)# media-manager
ORACLE(media-manager)# realm-config
ORACLE(realm-config)#

Select the realm-config object to edit.

ORACLE(realm-config)# select
identifier:
1: realm01 left-left:0 0.0.0.0

selection: 1
ORACLE(realm-config)#

session-max-life-limit — Enter the maximum interval in seconds before the SBC must terminate long duration calls. The value supercedes the value of session-max-life-limit in the sip-interface and sip-config configuration elements and is itself superceded by the value of session-max-life-limit in the session-agent configuration element. The default value is 0 (off/ignored).
Type done to save your configuration.

SIP Interface Configuration

To configure a SIP interface:

In Superuser mode, type configure terminal and press Enter.
```
ORACLE# configure terminal
```
Type session-router and press Enter to access the system-level configuration elements.
```
ORACLE(configure)# session-router
```
Type sip-interface and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters.
```
ORACLE(session-router)# sip-interface
ORACLE(sip-interface)#
```
From this point, you can configure SIP interface parameters. To view all sip-interface parameters, enter a ? at the system prompt.
state—Enable or disable the SIP interface. The default is enabled. The valid values are:
- enabled | disabled
realm-id—Enter the name of the realm to which the SIP interface is connected.
sip-ports—Access the sip-ports subelement.
carriers—Enter the list of carriers related to the SIP interface.

Entries in this field can be from 1 to 24 characters in length and can consist of any alphabetical character (Aa-Zz), numerical character (0-9), or punctuation mark (! ”$ % ^ & * ( ) + - = < > ? ‘ | { } [ ] @ / \ ‘ ~ , . _ : ; ) or any combination of alphabetical characters, numerical characters, or punctuation marks. For example, both 1-0288 and acme_carrier are valid carrier field formats
proxy-mode—Enter an option for the proxy mode parameter. Valid values are:
- proxy—Forward all SIP requests to selected targets.
- redirect—Send a SIP 3xx redirect response with the selected target(s) in the Contact header.
- record-route—Forward requests to selected target(s) and insert a Record-Route header with the Oracle® Enterprise Session Border Controller’s address. For stateless and transaction mode only.
redirect-action—Enter the value for the redirect action. Valid values are:
- proxy—Send the SIP request back to the previous hop.
- recurse—Recurses on the Contacts in the response.
  
  The designated proxy action will apply to SIP 3xx responses received from non-session agents and to 3xx responses received from session agents without configured SIP Redirect message actions (for example, session agents without values for the redirect action field).
contact-mode—Set the Contact header routing mode, which determines how the contact address from a private network is formatted.

For example, whether a maddr parameter equal to the Oracle® Enterprise Session Border Controller’s SIP proxy needs to be added to a URI present in a Contact header.

The default is none. The valid values are:
- none—The address portion of the header becomes the public address of that private realm.
- maddr—The address portion of the header will be set to the IP address of the Oracle® Enterprise Session Border Controller’s B2BUA.
- strict—The contents of the Request-URI is destroyed when a Record-Route header is present.
- loose—The Record-Route header is included in a Request, which means the destination of the request is separated from the set of proxies that need to be visited along the way.
nat-traversal—Define the type of HNT enabled for SIP. The default is none. Valid values are:
- none—HNT function is disabled for SIP.
- rport—SIP HNT function only applies to endpoints that include the rport parameter in the Via header. HNT applies when the sent-by of the topmost VIA matches the Contact-URI host address, both of which must be different from the received Layer 3 address.
- always—SIP HNT applies to requests when the sent-by of the topmost VIA matches the Contact-URI host address, both of which must be different from the received Layer 3 address. (Even when the rport parameter is not present.)
nat-interval—Set the expiration time in seconds for the Oracle® Enterprise Session Border Controller’s cached registration entry for an HNT endpoint. The default is 30. The valid range is:
- Minimum—0
- Maximum—999999999
  
  Oracle recommends setting the NAT interval to one-third of the NAT binding lifetime. A NAT binding lifetime is the network connection inactivity timeout. The value is configured (or hardwired) in the NAT device (firewall). This timer is used to cause the UA to send REGISTER messages frequently enough to retain the port binding in the NAT. Retaining the binding lets inbound requests to be sent through the NAT.
tcp-nat-interval—Set the registration cache expiration time in seconds to use for endpoints behind a NAT device that register using TCP. On upgrade, the Oracle® Enterprise Session Border Controller assigns this parameter the same value as the existing NAT interval. The default is 90. The valid range is:
- Minimum—0
- Maximum—999999999
  
  The Oracle® Enterprise Session Border Controller uses the value you set for the TCP NAT interval as the expiration value passed back in SIP REGISTER (200 OK) responses to endpoints behind a NAT that register over TCP. The NAT interval value with which you are familiar from previous releases is used for endpoints behind a NAT that register over UDP. Requiring endpoints that register over TCP to send refresh requests as frequently as those registering over UDP puts unnecessary load on the Oracle® Enterprise Session Border Controller. By adding a separate configuration for the TCP NAT interval, the load is reduced.
  
  For upgrade and backward compatibility with Oracle® Enterprise Session Border Controller releases prior to Release 4.1, when the tcpNatInterval is not present in the XML for a SIP interface configuration, the value of the NAT interval (natInterval) is used for the TCP NAT interval as well.
registration-caching—Enable for use with all UAs, not just those that are behind NATs. The default is disabled. The valid values are:
- enabled | disabled
  
  If enabled, the Oracle® Enterprise Session Border Controller caches the Contact header in the UA’s REGISTER request when it is addressed to one of the following:
- Oracle® Enterprise Session Border Controller
- registrar domain value
- registrar host value
  
  The Oracle® Enterprise Session Border Controller then generates a Contact header with the Oracle® Enterprise Session Border Controller’s address as the host part of the URI and sends the REGISTER to the destination defined by the registrar host value.
  
  Whether or not SIP HNT functionality is enabled affects the value of the user part of the URI sent in the Contact header:
- HNT enabled: the Oracle® Enterprise Session Border Controller takes the user part of the URI in the From header of the request and appends a cookie to make the user unique. A cookie is information that the server stores on the client side of a client-server communication so that the information can be used in the future.
- HNT disabled: the user part of the Contact header is taken from the URI in the From header and no cookie is appended. This is the default behavior of the Oracle® Enterprise Session Border Controller.
  
  When the registrar receives a request that matches the address-of-record (the To header in the REGISTER message), it sends the matching request to the Oracle® Enterprise Session Border Controller, which is the Contact address. Then, the Oracle® Enterprise Session Border Controller forwards the request to the Contact-URI it cached from the original REGISTER message.
min-reg-expire—Set the time in seconds for the SIP interface. The value you enter here sets the minimum registration expiration time in seconds for HNT registration caching. The default is 300. The valid range is:
- Minimum—0
- Maximum—999999999
  
  This value defines the minimum expiration value the Oracle® Enterprise Session Border Controller places in each REGISTER message it sends to the real registrar. In HNT, the Oracle® Enterprise Session Border Controller caches the registration after receiving a response from the real registrar and sets the expiration time to the NAT interval value.
  
  Some UAs might change the registration expiration value they use in subsequent requests to the value specified in this field. This change causes the Oracle® Enterprise Session Border Controller to send frequent registrations on to the real registrar.
registration-interval—Set the Oracle® Enterprise Session Border Controller’s cached registration entry interval for a non-HNT endpoint. Enter the expiration time in seconds that you want the Oracle® Enterprise Session Border Controller to use in the REGISTER response message sent back to the UA. The UA then refreshes its registration by sending another REGISTER message before that time expires. The default is 3600. The valid range is:
- Minimum—0
  
  A registration interval of zero causes the Oracle® Enterprise Session Border Controller to pass back the expiration time set by and returned in the registration response from the registrar.
- Maximum—999999999
  
  If the expiration time you set is less than the expiration time set by and returned from the real registrar, the Oracle® Enterprise Session Border Controller responds to the refresh request directly rather than forwarding it to the registrar.
  
  Although the registration interval applies to non-HNT registration cache entries, and the loosely related NAT interval applies to HNT registration cache entries, you can use the two in combination. Using a combination of the two means you can implement HNT and non-HNT architectures on the same Oracle® Enterprise Session Border Controller. You can then define a longer interval time in the registration interval field to reduce the network traffic and load caused by excess REGISTER messages because there is no NAT binding to maintain.
route-to-registrar—Enable routing to the registrar to send all requests that match a cached registration to the destination defined for the registrar host; used when the Request-URI matches the registrar host value or the registrar domain value, not the Oracle® Enterprise Session Border Controller’s address. Because the registrar host is the real registrar, it should send the requests back to the Oracle® Enterprise Session Border Controller with the Oracle® Enterprise Session Border Controller’s address in the Request-URI. The default is disabled. The valid values are:
- enabled | disabled
  
  For example, you should enable routing to the registrar if your network uses a N Oracle® Enterprise Session Border Controller and needs requests to go through its service proxy, which is defined in the registrar host field.
teluri-scheme—Enable to convert SIP URIs to tel (resources identified by telephone numbers) URIs.

If enabled, the requests generated on this SIP interface by the Oracle® Enterprise Session Border Controller will have a tel URI scheme instead of the SIP URI scheme. Only the Request, From, and To URIs are changed to the tel scheme. After the dialog is established, the URIs are not changed. The default is disabled. The valid values are:
- enabled | disabled
uri-fqdn-domain—Change the host part of the URIs to the FQDN value set here. If set to enabled, and used with an FQDN domain/host, the requests generated by the Oracle® Enterprise Session Border Controller on this SIP interface will have the host part of the URI set to this FQDN value. Only the Request, To, and From URIs are changed. After the dialog is established, the URIs are not changed.
trust-mode—Set the trust mode for the SIP interface, which is checked by the Oracle® Enterprise Session Border Controller when it receives a message to determine whether the message source is trusted. The default is all. Available options are:
- all—Trust all SIP elements (sources and destinations) in the realm(s), except untrusted session agents. Untrusted session agents are those that have the trust-me parameter set to disabled.
- agents-only—Trust only trusted session agents. Trusted session agents are those that have the trust-me parameter set to enabled.
- realm-prefix—Trust only trusted session agents, and source and destination IP addresses that match the IP interface’s realm (or subrealm) address prefix. Only realms with non-zero address prefixes are considered.
- registered—Trust only trusted session agents and registered endpoints. Registered endpoints are those with an entry in the Oracle® Enterprise Session Border Controller’s registration cache.
- none—Trust nothing.
  
  Session agents must have one or more of the following:
- global realm
- same realm as the SIP interface
- realm that is a subrealm of the SIP interface’s realm
trans-expire—Set the TTL expiration timer in seconds for SIP transactions. This timer controls the following timers specified in RFC 3261:
- Timer B—SIP INVITE transaction timeout
- Timer F—non-INVITE transaction timeout
- Timer H—Wait time for ACK receipt
- Timer TEE—Used to transmit final responses before receiving an ACK
  
  The default is 0. If you leave this parameter set to the default, then the Oracle® Enterprise Session Border Controller uses the timer value from the global SIP configuration. The valid range is:
- Minimum—0
- Maximum—999999999
invite-expire—Set the TTL expiration timer in seconds for a SIP client/server transaction after receiving a provisional response.

You set this timer for the client and the sever by configuring it on the SIP interface corresponding to the core or access side.

The default is 0. If you leave this parameter set to the default, then the Oracle® Enterprise Session Border Controller uses the timer value from the global SIP configuration. The valid range is:
- Minimum—0
- Maximum—999999999
max-redirect-contacts—Set the maximum number of contacts or routes for the Oracle® Enterprise Session Border Controller to attempt in when it receives a SIP Redirect (3xx Response). The default is 0. If you leave this parameter set to the default, then the Oracle® Enterprise Session Border Controllerwill exercise no restrictions on the number of contacts or routes. The valid range is:
- Minimum—0
- Maximum—10
response-map—Enter the name of the SIP response map configuration that you want to apply to this SIP interfaces for outgoing responses. This parameter is blank by default.
local-response-map—Enter the name of the SIP response map configuration that you want to apply to this SIP interfaces for locally-generated SIP responses. This parameter is blank by default.
options—Optional.

Configuring SIP Ports

To configure SIP ports:

From sip-interface, type sip-ports and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters.
```
ORACLE(sip-interface)# sip-ports
ORACLE(sip-port)#
```
address—Enter the IP address of the host associated with the sip-port entry on which to listen. For example:
```
192.168.11.101
```
port—Enter the port number you want to use for this sip-port. The default is 5060. The valid range is:
- Minimum—1025
- Maximum—65535
transport-protocol—Indicate the transport protocol you want to associate with the SIP port. The default is UDP. The valid values are:
- TCP—Provides a reliable stream delivery and virtual connection service to applications through the use of sequenced acknowledgment with the retransmission of packets when necessary.
- UDP—Provides a simple message service for transaction-oriented services. Each UDP header carries both a source port identifier and destination port identifier, allowing high-level protocols to target specific applications and services among hosts.
- TLS—See the Security chapter for more information about configuring TLS.
allow-anonymous—Define the allow anonymous criteria for accepting and processing a SIP request from another SIP element.

The anonymous connection mode criteria includes admission control based on whether an endpoint has successfully registered. Requests from an existing SIP dialog are always accepted and processed. The default is all.

The following table lists the available options.
- all—All requests from any SIP element are allowed.
- agents-only—Only requests from configured session agents are allowed. The session agent must fit one of the following criteria:
  - Have a global realm.
  - Have the same realm as the SIP interface
  - Be a sub-realm of the SIP interface’s realm.
    When an agent that is not configured on the system sends an INVITE to a SIP interface, the Oracle® Enterprise Session Border Controller:
  - Refuses the connection in the case of TCP.
  - Responds with a 403 Forbidden in the case of UDP.
- realm-prefix—The source IP address of the request must fall within the realm’s address prefix or a SIP interface sub-realm. A sub-realm is a realm that falls within a realm-group tree. The sub-realm is a child (or grandchild, and so on) of the SIP interface realm.
  
  Only realms with non-zero address prefixes are considered. Requests from session agents (as described in the agents-only option) are also allowed.
- registered—Only requests from user agents that have an entry in the registration cache (regular or HNT) are allowed; with the exception of a REGISTER request. A REGISTER request is allowed from any user agent.
  
  The registration cache entry is only added if the REGISTER is successful. Requests from configured session agents (as described in the agents-only option) are also allowed.
- register-prefix—Only requests from user agents that have an entry in the Registration Cache (regular or HNT) are allowed; with the exception of a REGISTER request. A REGISTER request is allowed only when the source IP address of the request falls within the realm address-prefix or a SIP interface sub-realm. Only realms with non-zero address prefixes are considered.
  
  The Registration Cache entry is only added if the REGISTER is successful. Requests from configured session agents (as described in the agents-only option) are also allowed.