DoS Counters

The SBC provides ACL and DDOS statistics that track events for ARP, trusted, and untrusted traffic. These statistics include notifications about ARP watermarks and trusted and untrusted queue metrics to provide visibility into traffic management rates, based on traffic patterns in normal and peak times. You configure these thresholds as a percentage of the configured traffic rates within the media-manager configuration element. This provides you with early notification of traffic congestion so you can better tune the global media settings for DDOS. The SBC does not drop the packets affected through threshold events. Instead, it forwards them to a traffic manager for making permit/drop decisions prior to sending it to the host. In addition to host bound events, the SBC generates SMNP traps and alarms for TCAs that monitor ARP, trusted, untrusted and max-signaling rates. You can collect statistics on related traffic using the ACLI, SNMP walks, HDR and REST.

See the Security chapter in the ACLI Configuration Guide.

Hyperthreading Support

You can configure the SBC to utilize hyperthreading (SMT) support for datapath cores, including forwarding, DoS and transcoding cores. This configuration allows datapath CPUs to utilize two virtual CPUs (vCPUs) as "siblings" on the same physical CPU when the platform host supports hyperthreading. Refer to your software version's Release Notes to determine platforms that support this feature.

See the System Configuration chapter in the ACLI Configuration Guide.

Surrogate Registration for Diverse Realms

The SBC uses an authentication attribute element in realms to support surrogate agent authentication requests initiated from other realms. This is a multi-instance element that supports the authentication of non-REGISTER traffic to surrogate agents with different authentication detail. The key for these lookups is the combination of the authentication realm and the authentication user lookup configurations. If you do not configure authentication attribute element in the realm, the SBC handles surrogate agent authentication using the authentication table setup on the (softswitch) session agent, which supports this traffic in a single realm only.

See the SIP Signaling Services chapter in the ACLI Configuration Guide.

Multi-Tiered Local Route Tables

When routing though an LRT, the SBC normally attempts to reach next-hops using LRT entries in the order that they appear in the XML file. If a next-hop is unsuccessful, the SBC tries the next-hop on the list. You can, however, configure entries in LRTs that cause the SBC to gradually increase traffic for specific routes and control the distribution, while also monitoring usage. You can specify priorities and weights to favor route entries and use a preferred route instead of following the list order.

See the Session Routing and Load Balancing chapter in the ACLI Configuration Guide.

Support for RFC 5939

You can configure the SBC to support RFC 5939-based SDP capability negotiation. This support overrides the supported RFC 3264-based mechanism for generating mixed RTP/SRTP offers to better support secure and non-secure flows in the same realm. Within the RFC 3264 model, both the offer and answer contain actual configurations, but separate capabilities and potential configurations are not supported. The RFC 5939 implementation on the SBC is backward compatible and uses the RFC 3264-based model by default.

See the SIP Signaling Services chapter in the ACLI Configuration Guide.

Session Translation Enhancement

This version of the SBC adds an option to allow CDR generation to reflect values that have been modified by translations rules, and the ability to enable history-info header manipulation to its support for using session translation rules to manage SIP-SIPI interworking.

See the SIP Signaling Services chapter in the ACLI Configuration Guide.

Transcoding Free Operation and Ring Back Tone

You can configure the SBC to avoid using transcoding resources within certain local media playback scenarios. After establishing a RBT call that includes transcoding, the SBC can trigger this Transcoding Free Operation (TrFO) feature if the P-Acme-TrFO header is present. Having determined that the call can proceed without transcoding, the SBC originates a reINVITE towards the calling party containing the called side codec. Once the reINVITE is completed, the call can continue without transcoding. In addition, the negotiated codec on the called party side must have been included in the calling party's original offer (after ingress codec-policy execution).

See the Transcoding chapter in the ACLI Configuration Guide.

Support for AWS C5 Machines

You can deploy the SBC on AWS using their C5 family of virtual system shapes.

Unlike C4 and M4 instances, which use Xen as the underlying hypervisor, C5 instances use the KVM hypervisor. Use the following image:

• nnSCZ900-img-vm_kvm.tgz—Compressed image file including SBC VNF for KVM virtual machines from which you create AWS AMIs

See the Introduction chapter in the Release Notes.

Increased LRT Entry Capacity on the Acme Packet 6350

The Acme Packet 6350 now supports 20 million LRT entries.

See the Session Routing and Load Balancing chapter in the ACLI Configuration Guide for further information about LRTs.

TACACS+ IKEv2/IPsec over wancom0

You can configure the SBC to connect to a TACACS+ server over an IKEv2/IPsec secured connection. This communication must occur over the management interface wancom0. The ikev2-ipsec-wancom0-params element enables this configuration.

See the TACACS+ section in the Getting Started chapter of the Configuration Guide.

AWS Image Optimization

The Installation Guide includes a new scalable process for deploying the SBC on AWS with Terraform when using software versions S-Cz8.4.0p4 and above.

SPL Plugins

Regex Support for Conditional Logging

Conditional logging has been enhanced to support regex matching. See the Advanced Logging section in the Maintenance and Troubleshooting Guide.

SIPREC Enhancements

New ACLI commands have been added to display statistics for session recording servers (SRSs) and session recording groups (SRGs). The new CLI commands:

• Support new show commands to display statistics related to SRS' and SRGs.
• Display message-level statistics to give more clarity about recording sessions.

For more information on the new commands, see ACLI Command Changes .

OCI Resource Manager

OCI Resource Manager automates the process of provisioning your Oracle Cloud Infrastructure resources. The Resource Manager provides stacks to set up OCI resources that runs the virtual SBC using Terraform scripts. However, Terraform scripts cannot be used for complete SBC configuration. Hence, Resource Manager uses two pre-build stacks for deploying environments. The two stacks are - VCN and SBC stack. The VCN stack creates the required network infrastructure to deploy the virtual SBC instance on OCI. The SBC stack instantiates a standalone or HA pair on OCI with all Day-0 configuration. You can run these templates or scripts from CLI, similar to running the Terraform templates from OCI Resource Manager.

See Create and Deploy on OCI using Resource Manager section in Public Cloud Platforms chapter in Platform Preparation and Installation Guide .

Mid-Call Location Change Support for MS-Teams

The SBC supports mid-call end station changes between internal and external locations, and any associated SBC interface change. With this feature, the SBC provides support for the X-MS-UserLocation, and X-MS-UserSite headers, which supports traffic flow based on tenant administrator configuration.

FAX Detection and Re-Direct

You can configure the SBC to detect fax signaling within a SIP call and redirect those calls directly to a group of one or more fax servers. By default, the SBC sends a reINVITE either to a caller or calling party, based on your setting for the reverse-fax-tone-detection-reinvite parameter, when it detects a fax tone from the media stream. There are some call flows, however, that need redirection to the FAX endpoint without using this reINVITE. You can configure this support by setting the fax-servers parameter with the name of an applicable session-agent-group on the applicable session-agent. When enabled, the Fax Redirect feature takes precedence over the above mentioned legacy fax functionality.

Supporting Different Codec and Telephone-Event Rates in the SDP

RFC 4733 recommends that telephone events within an audio stream that use the same synchronization source (SSRC) should use the same timestamp clock rate as the audio channel. As an example, if SILK/16000 is being used as the audio stream then the flow should use telephone-event TE/16000. By default, the SBC complies with this behavior. You can configure the SBC, however, to support flows when using different clock rates for audio and telephone events. This allows the SBC to adapt to environments that do not follow the recommendation.

Deprecation of TSM (TSCF) Feature

The TSM feature is removed from this S-Cz9.0.0 release of the SBC.

OCSP Verification of Client X.509 Certificates

When a browser sends an X.509 certificate during authentication, the SBC can verify the X.509 certificate using OCSP. In addition, the ssh-keys command has been expanded to import or delete X.509 certificates and their certificate chains. These certificates can be verified using OCSP during the authentication of SSH clients. Customers can configure both the FQDN of the OCSP server as well as the IP address and port of the DNS server which resolves that FQDN.

New Memory Support for TCM-3

This version of the SBC supports TCM-3 cards with new memory. This software is also backwards compatible with cards that include the old memory. Note that older software does not support this new memory.

See the Acme Packet 3950/4900 Minimum Versions section in the Transcoding chapter of the ACLI Configuration Guide for detailed information about verifying software/hardware compatibility. See the Platform support information in these Release Notes for specific software/hardware compatibility for this version of the SBC software.