3 Interface Changes
The following topics summarize ACLI, SNMP, HDR, Alarms, Accounting, and Web GUI changes for S-Cz9.0.0. The additions, removals, and changes noted in these topics occured since the previous major release of the Oracle Communications Session Border Controller.
ACLI Configuration Element Changes
The following tables summarize the ACLI configuration element changes that first appear in the Oracle Communications Session Border Controller (SBC) S-Cz9.0.0 release.
DoS Counters
Modified Elements | Description |
---|---|
media-manager, media-manager, untrusted-minor-threshold | Specifies the traffic level at which the system triggers minor notifications about DoS traffic in the untrusted queue. |
media-manager, media-manager, untrusted-major-threshold | Specifies the traffic level at which the system triggers major notifications about DoS traffic in the untrusted queue. |
media-manager, media-manager, untrusted-critical-threshold | Specifies the traffic level at which the system triggers critical notifications about DoS traffic in the untrusted queue. |
media-manager, media-manager, trusted-minor-threshold | Specifies the traffic level at which the system triggers minor notifications about DoS traffic in the trusted queue. |
media-manager, media-manager, trusted-major-threshold | Specifies the traffic level at which the system triggers major notifications about DoS traffic in the trusted queue. |
media-manager, media-manager, trusted-critical-threshold | Specifies the traffic level at which the system triggers critical notifications about DoS traffic in the trusted queue. |
media-manager, media-manager, arp-minor-threshold | Specifies the traffic level at which the system triggers minor notifications about DoS traffic in the arp queue. |
media-manager, media-manager, arp-major-threshold | Specifies the traffic level at which the system triggers major notifications about DoS traffic in the arp queue. |
media-manager, media-manager, arp-critical-threshold | Specifies the traffic level at which the system triggers critical notifications about DoS traffic in the arp queue. |
Hyperthreading Support
Modified Elements | Description |
---|---|
system-config, use-sibling-core-datapath | Allows the system to support hyperthreading of cores performing datapath functions. |
Surrogate Registration for Diverse Realms
Modified Elements | Description |
---|---|
media-manager, realm-config, auth-attributes | Allows the application of authentication configuration on a realm to support cross-realm surrogate authentication. |
media-manager, realm-config, auth-attributes, username | Performs the same authentication function as a session agent's auth-attribute from within a realm. |
media-manager, realm-config, auth-attributes, auth-user-lookup | Performs the same authentication function as a session agent's auth-attribute from within a realm. |
media-manager, realm-config, auth-attributes, password | Performs the same authentication function as a session agent's auth-attribute from within a realm. |
media-manager, realm-config, auth-attributes, in-dialog-methods | Performs the same authentication function as a session agent's auth-attribute from within a realm. |
Support for RFC 5939
Modified Elements | Description |
---|---|
sdes-profile, egress-offer-format, rfc5939-compliant | Allows you to specify RFC 5939 operation for this sdes-profile. |
Session Translation for SIP-SIPI Interworking
Modified Elements | Description |
---|---|
session-router, session-translation, rules-redirect | Allows you to define session translation rules for managing redirect information during SIP-SIPI interworking. |
session-router, session-translation, rules-history-info | Allows you to define session translation rules for managing history-info information during SIP-SIPI interworking. |
IKEv2 Support for Wancom0
New Elements | Description |
---|---|
security, ikev2-ipsec-wancom0-params | Allows you to define the IP addresses, ports, protocol, and other attrbutes of the IKEv2/IPsec connection. |
Regex Support for Advanced Logging
New Elements | Description |
---|---|
session-router, sip-advanced-logging, conditions, match-procedure | Allows you to select whether to perform an exact match or a regex match. |
OCSP Verification of Client X.509 Certificates
New Elements | Description |
---|---|
security, authentication, online-certificate-status-protocol | Allows you to select which interfaces require OCSP verification, the OCSP FQDN, and the IP address and port of the DNS resolver for the OCSP FQDN. |
ACLI Command Changes
The following table summarizes the ACLI command changes that first appear in the Oracle Communications Session Border Controller S-Cz9.0.0 release.
This table lists and describes changes to ACLI commands that are available in the S-Cz9.0.0 release.
New Commands | Description |
---|---|
show sipd rbt-trfo | |
show lrt route-table <lrt-config-name> | Output enhanced to include information on priority and weight. |
show lrt route-entry <lrt-config-name> <user> | Output enhanced to include information on priority and weight. |
show dos threshold counters | Displays current statistics on traffic and triggers collected to monitor DoS traffic status. |
show security ipsec wancom0 <sad | spd | tunnels> | Displays the IPsec databases and counters for the wancom0 interface |
show security ike wancom0 <error-stats | sad> | Displays the IKEv2 error stats or SAD information for the wancom0 interface. |
show sipd srs | Lists the current status for all the SRS'
configured in the system. The status being:
|
show sipd srg | Displays the current status for all the SRGs configured in the system. |
show sipd siprec <message> | Lists information about a specific type of SIP message related to all SIPREC sessions towards SRS. |
show sipd siprec errors | Shows errors related to SIP media event. |
show rec srs <srs_name> | Shows the statistics for a specific SRS. |
show rec srg <srg_name> | Shows the statistics for a specific SRG. |
reset tacacs-stats | Reset the TACACS+ statistics |
ssh-key x509 import <certificate-name> <ocsp-server> <class> | Import a client X.509 certificate that a client can use for authentication, specifying the OCSP server to use for verification. |
ssh-key x509 delete <login-name> | Delete an imported X.509 certificate. |
Accounting Changes
This section summarizes the accounting changes that appear in the Oracle Communications Session Border Controller version S-Cz9.0.0.
There are no accounting data additions documented for this release.
SNMP/MIB Changes
This section summarizes the SNMP/MIB changes that appear in the SBC version S-Cz9.0.0.
MIB Changes for STIR/SHAKEN Statistics
When the STIR/SHAKEN feature is enabled, the SBC uses the apStirServerStats table, within
the ap.apps.mib
, to monitor feature statistics.
This table contains the new apStirServerStats objects by which the user can monitor STIR/SHAKEN statistics using SNMP.
MIB Object | Object ID 1.3.6.1.4.1.9148.3.16.1.4.2.1.4.x + | Description |
---|---|---|
apStirServerName | .1. | Server name as configured on the SBC |
apStirServerStats.recent.asQueries | .1.1 | Recent queries made to the named AS server |
apStirServerStats.recent.asSuccessResponses | .1.2 | Recent successful responses received from the named AS server |
apStirServerStats.recent.asFailResponses | .1.3 | Recent failed responses received from the named AS server |
apStirServerStats.recent.asFailServiceException | .1.4 | Recent failed responses received from the named AS server caused by a service exception |
apStirServerStats.recent.asFailPolicyException | .1.5 | Recent failed responses received from the named AS server caused by a policy exception |
apStirServerStats.recent.vsQueries | .1.6 | Recent queries made to the named VS server |
apStirServerStats.recent.vsSuccessResponses | .1.7 | Recent successful responses received from the named VS server |
apStirServerStats.recent.vsFailResponses | .1.8 | Recent failed responses received from the named VS server |
apStirServerStats.recent.vsFailVerification | .1.9 | Recent failed responses received from the named VS server indicating verification failure |
apStirServerStats.recent.vsFailServiceException | .1.10 | Recent failed responses received from the named VS server caused by a service exception |
apStirServerStats.recent.vsFailPolicyException | .1.11 | Recent failed responses received from the named VS server caused by a policy exception |
apStirServerStats.recent.ServerUnreachable | .1.12 | N/A |
apStirServerStats.total.asQueries | .2.1 | Recent queries made to the named AS server |
apStirServerStats.total.asSuccessResponses | .2.2 | Total successful responses received from the named AS server |
apStirServerStats.total.asFailResponses | .2.3 | Total failed responses received from the named AS server |
apStirServerStats.total.asFailServiceException | .2.4 | Total failed responses received from the named AS server caused by a service exception |
apStirServerStats.total.asFailPolicyException | .2.5 | Total failed responses received from the named AS server caused by a policy exception |
apStirServerStats.total.vsQueries | .2.6 | Total queries made to the named VS server |
apStirServerStats.total.vsSuccessResponses | .2.7 | Total successful responses received from the named VS server |
apStirServerStats.total.vsFailResponses | .2.8 | Total failed responses received from the named VS server |
apStirServerStats.total.vsFailVerification | .2.9 | Total failed responses received from the named VS server indicating verification failure |
apStirServerStats.total.vsFailServiceException | .2.10 | Total failed responses received from the named VS server caused by a service exception |
apStirServerStats.total.vsFailPolicyException | .2.11 | Total failed responses received from the named VS server caused by a policy exception |
apStirServerStats.total.ServerUnreachable | .2.12 | N/A |
apStirServerStats.permax.asQueries | .3.1 | Permax queries made to the named AS server |
apStirServerStats.permax.asSuccessResponses | .3.2 | Permax successful responses received from the named AS server |
apStirServerStats.permax.asFailResponses | .3.3 | Permax failed responses received from the named AS server |
apStirServerStats.permax.asFailServiceException | .3.4 | Permax failed responses received from the named AS server caused by a service exception |
apStirServerStats.permax.asFailPolicyException | .3.5 | Permax failed responses received from the named AS server caused by a policy exception |
apStirServerStats.permax.vsQueries | .3.6 | Permax queries made to the named VS server |
apStirServerStats.permax.vsSuccessResponses | .3.7 | Permax successful responses received from the named VS server |
apStirServerStats.permax.vsFailResponses | .3.8 | Permax failed responses received from the named VS server |
apStirServerStats.permax.vsFailVerification | .3.9 | Permax failed responses received from the named VS server indicating verification failure |
apStirServerStats.permax.vsFailServiceException | .3.10 | Permax failed responses received from the named VS server caused by a service exception |
apStirServerStats.permax.vsFailPolicyException | .3.11 | Recent failed responses received from the named VS server caused by a policy exception |
apStirServerStats.permax.ServerUnreachable | .3.12 | N/A |
The SBC sends two SNMP traps that alert you when traffic crosses each threshold, and clear when the traffic falls back below the threshold:
- apDosThresholdCrossTrap
- apDosThresholdClearTrap
See the Security chapter in the ACLI Configuration Guide for further information on how to read these traps.
DoS Counter Statistics
The SBC uses the
apStirServerStats table, within the ap.apps.mib
, to monitor
feature statistics.
This table contains the new apDosThresholdCountersGroup objects by which the user can monitor DoS statistics on a per-queue basis using SNMP.
MIB Object | Object ID 1.3.6.1.4.1.9148.3.16.5 + | Description |
---|---|---|
apDosTrustedMinorCounter | .1 | Counter incremented, when trusted bandwidth crossed the minor threshold percentage |
apDosTrustedMajorCounter | .2 | Counter incremented, when trusted bandwidth crossed the major threshold percentage |
apDosTrustedCriticalCounter | .3 | Counter incremented, when trusted bandwidth crossed the critical threshold percentage |
apDosUntrustedMinorCounter | .4 | Counter incremented, when untrusted bandwidth crossed the minor threshold percentage |
apDosUntrustedMajorCounter | .5 | Counter incremented, when untrusted bandwidth crossed the major threshold percentage |
apDosUntrustedCriticalCounter | .6 | Counter incremented, when untrusted bandwidth crossed the critical threshold percentage |
apDosArpMinorCounter | .7 | Counter incremented, when ARP bandwidth crossed the minor threshold percentage |
apDosArpMajorCounter | .8 | Counter incremented, when ARP bandwidth crossed the major threshold percentage |
apDosArpCriticalCounter | .9 | Counter incremented, when ARP bandwidth crossed the critical threshold percentage |
OCSP Verification of Client X.509 Certificates
The following MIB is generated whenever any second-factor authentication fails, including when OCSP verification rejects an X.509 certificate because it is revoked.
MIB Object | Object ID | Description |
---|---|---|
apSysMgmtAuthenticationFailedTrap | 1.3.6.1.4.1.9148.3.2.6.0.16 | Generated if an authentication attept fails. |
Alarms
This topic summarizes Alarm additions that appear in this release.
DoS Traffic Alarms
- DOS THRESHOLD TRUSTED CROSS MEDIA ALARM
- DOS THRESHOLD UNTRUSTED CROSS MEDIA ALARM
- DOS THRESHOLD ARP CROSS MEDIA ALARM
Unlike SNMP, these present type and 'threshold crossed' in a single alarm object.
HDR
This topic summarizes the HDR changes that appear in this release.
STIR/SHAKEN HDR Group
This release includes the stir-stats HDR group. The table below lists and describes stir servers statistics and includes HDR position, statistic, type, timer value, range, and description.
Position | Statistic | Type | Timer Value | Range | Description |
---|---|---|---|---|---|
1 | TimeStamp | N/A | N/A | N/A | N/A |
2 | STI-Server | text | N/A | N/A | Server name as configured on the SBC |
3 | AS Queries | counter | N/A | N/A | Recent queries made to the named AS server |
4 | AS Success Responses | counter | N/A | N/A | Recent successful responses received from the named AS server |
5 | AS Fail Responses | counter | N/A | N/A | Recent failed responses received from the named AS server |
6 | AS Fail Service Exception | counter | N/A | N/A | Recent failed responses received from the named AS server caused by a service exception |
7 | AS Fail Policy Exception | counter | N/A | N/A | Recent failed responses received from the named AS server caused by a policy exception |
8 | VS Queries | counter | N/A | N/A | Recent queries made to the named VS server |
9 | VS Success Responses | counter | N/A | N/A | Recent successful responses received from the named VS server |
10 | VS Fail Responses | counter | N/A | N/A | Recent failed responses received from the named VS server |
11 | VS Fail Verification | counter | N/A | N/A | Recent failed responses received from the named VS server indicating verification failure |
12 | VS Fail Service Exception | counter | N/A | N/A | Recent failed responses received from the named VS server caused by a service exception |
13 | VS Fail Policy Exception | counter | N/A | N/A | Recent failed responses received from the named VS server caused by a policy exception |
14 | STI Server Unreachable | counter | N/A | N/A | The number of times the server has tripped the STI server's 'circuit breaker' |
DoS Traffic Group
This release includes the dos-threshold-counters HDR group. The table below lists and describes counter statistics and includes HDR position, statistic, type, timer value, range, and description.
CSV Position | HDR Column Name | Data Type | Range | Description |
---|---|---|---|---|
1 | Trusted Minor Counter | Counter | (0-2^64-1) | Counter incremented, when trusted bandwidth crossed the minor threshold percentage |
2 | Trusted Major Counter | Counter | (0-2^64-1) | Counter incremented, when trusted bandwidth crossed the major threshold percentage |
3 | Trusted Critical Counter | Counter | (0-2^64-1) | Counter incremented, when trusted bandwidth crossed the critical threshold percentage |
4 | Untrusted Minor Counter | Counter | (0-2^64-1) | Counter incremented, when untrusted bandwidth crossed the minor threshold percentage |
5 | Untrusted Major Counter | Counter | (0-2^64-1) | Counter incremented, when untrusted bandwidth crossed the major threshold percentage |
6 | Untrusted Critical Counter | Counter | (0-2^64-1) | Counter incremented, when untrusted bandwidth crossed the critical threshold percentage |
7 | ARP Minor Counter | Counter | (0-2^64-1) | Counter incremented, when ARP bandwidth crossed the minor threshold percentage |
8 | ARP Major Counter | Counter | (0-2^64-1) | Counter incremented, when ARP bandwidth crossed the major threshold percentage |
9 | ARP Critical Counter | Counter | (0-2^64-1) | Counter incremented, when ARP bandwidth crossed the critical threshold percentage |
Errors and Warnings
The following errors or warnings have been added in this release.
verify-config Errors and Warnings
Error or Warning | Description |
---|---|
WARNING: [x] and [y] should not be run simultaneously as they may interfere with each other and lead to undefined behavior. | Two or more of these conflicting items have been activated: comm-monitor, packet-trace, call-trace and SIP Monitoring & Trace. At least one needs to be disabled. |
ORACLE# packet-trace local start wancom0 "host 192.168.1.1"
WARNING: packet-trace and comm-monitor should not be run simultaneously as they may interfere with each other and lead to undefined behavior.
Do you want to continue : [y/n]?:
ORACLE# capture start global *
WARNING: SIP Monitoring & Trace, call-trace and comm-monitor should not be run simultaneously as they may interfere with each other and lead to undefined behavior.
Do you want to continue : [y/n]?: