ACLI Configuration Element Changes

The following tables summarize the ACLI configuration element changes in the Oracle Communications Session Border Controller S-Cz9.2.0 release.

SIP Config

New Attributes Description
session-router, sip-config, precondition-enhancement Enables preconditions behaviors, including Dynamic Preconditions, PEM Gating, Changing the Media Direction Attribute, and the Optional Strength Tag Support

Realm Config

Modified Elements Description
media-manager, realm-config, in-translationid This attribute has been removed.
media-manager, realm-config, out-translationid This attribute has been removed.
media-manager, realm-config, in-session-translations This element has been added. Use this element to configure ingress session translations.
media-manager, realm-config, in-session-translations, in-session-translation-id Identify the session translation id to apply to ingress headers.
media-manager, realm-config, in-session-translations, state Enable or disable this session translation.
media-manager, realm-config, in-session-translations, move Change the order of execution of the session translation rules.
media-manager, realm-config, out-session-translations This configuration element has been added. Use this element to configure egress translations.
media-manager, realm-config, out-session-translations, out-session-translation-id Identify the session translation id to apply to egress headers.
media-manager, realm-config, out-session-translations, state Enable or disable this session translation.
media-manager, realm-config, out-session-translations, move Change the order of execution of the session translation rules.
media-manager, realm-config, fqdn-hostname The FQDN hostname to be used in messages.
media-manager, realm-config, fqdn-hostname-in-header The headers where the FQDN hostname can be applied.
media-manager, realm-config, P-Asserted-Identity The string you want to use to set the identity within PAI headers for this realm's egress traffic
media-manager, realm-config, P-Asserted-Identity-For The method header to match for inserting PAI headers.

Session Agent

Modified Elements Description
session-router, session-agent, in-translationid This attribute has been removed.
session-router, session-agent, out-translationid This attribute has been removed.
session-router, session-agent, in-session-translations This element has been added. Use this element to configure ingress session translations.
session-router, session-agent, in-session-translations, in-session-translation-id Identify the session translation id to apply to ingress headers.
session-router, session-agent, in-session-translations, state Enable or disable this session translation.
session-router, session-agent, in-session-translations, move Change the order of execution of the session translation rules.
session-router, session-agent, out-session-translations This configuration element has been added. Use this element to configure egress translations.
session-router, session-agent, out-session-translations, out-session-translation-id Identify the session translation id to apply to egress headers.
session-router, session-agent, out-session-translations, state Enable or disable this session translation.
session-router, session-agent, out-session-translations, move Change the order of execution of the session translation rules.
session-router, session-agent, fax-servers Add a fax server group.

System Config

Modified Elements Description
system, system-config, collect This element is no longer visible when the product is SLB.
system, system-config, link-redundancy-state Attribute is not present in 9.2.
system, system-config, log-tls-key Enable logging TLS keys
system, system-config, httpclient-max-total-conn The total number of TCP connections allowed by HTTP clients.
system, system-config, httpclient-max-cpu-load The maximum CPU percentage for HTTP clients.

TLS 1.3

Modified Elements Description
security, tls-profile, tls-version The tls-version attribute has a new default value: tlsv13.

Translation Rules

Modified Elements Description
session-router, translation-rules, type This attribute has been removed.
session-router, translation-rules, add-string This attribute has been removed.
session-router, translation-rules, add-index This attribute has been removed.
session-router, translation-rules, delete-string This attribute has been removed.
session-router, translation-rules, delete-index This attribute has been removed.
session-router, translation-rules, description This attribute has been added. Provide a description of this translation rule.
session-router, translation-rules, input-header-type This attribute has been added. Select the ingress header on which to perform a translation rule.
session-router, translation-rules, input-header-value This attribute has been added. Enter a regex pattern to identify which part of the ingress header will be manipulated.
session-router, translation-rules, output-header-type This attribute has been added. Select the egress header that will contain the previously captured information.
session-router, translation-rules, output-header-value This attribute has been added. Enter the regex pattern that will create the value of the egress header.

Session Translation

Modified Elements Description
session-router, session-translation, rules-calling This attribute has been removed.
session-router, session-translation, rules-called This attribute has been removed.
session-router, session-translation, rules-asserted-id This attribute has been removed.
session-router, session-translation, rules-redirect This attribute has been removed.
session-router, session-translation, rules-history-info This attribute has been removed.
session-router, session-translation, rules-isup-cdpn This attribute has been removed.
session-router, session-translation, rules-isup-cgpn This attribute has been removed.
session-router, session-translation, rules-isup-gn This attribute has been removed.
session-router, session-translation, rules-isup-rdn This attribute has been removed.
session-router, session-translation, rules-isup-ocn This attribute has been removed.
session-router, session-translation, id This attribute has been added. Provide a name for this set of translation rules.
session-router, session-translation, session-trans-rule This configuration element has been added.
session-router, session-translation, session-trans-rule, rule-id Identify the id of the translation rule that you want to apply.
session-router, session-translation, session-trans-rule, mandatory Determine whether this translation-rule is required or not.
session-router, session-translation, session-trans-rule, state Enable or disable this translation-rule.
session-router, session-translation, session-trans-rule, move This command has been added. Change the order in which the translation rules are run.

Media Security

New Attributes Description
security, media-security, media-sec-policy Configure a media security policy to apply to inbound or outbound traffic.
security, media-security, sdes-profile Configure an SDES profile.
security, media-security, sipura-profile Configure a Sipura/Linksys profile.

Home Subscriber Server

New Attributes Description
session-router, home-subscriber-server, options A new options attribute exists in this release.

Local Policy

New Attributes Description
session-router, local-policy, policy-attributes, move Move the position of a policy attribute.
session-router, local-policy, parallel-forking, Used for forking a call in parallel to policy-attributes

MSRP Config

New Attribute Description
media-manager, msrp-config, msrp-kpi Enable or disable MSRP KPI statistics.

SIP Interface

New Attributes Description
session-router, sip-interface, allow-diff2833-clock-rate-mode Specifies whether and how the SBC can present an SDP answer towards ingress that contains a telephone-event clock rate that is not the same as the audio codec clock rate.

Steering Pool

New Attributes Description
media-manager, steering-pool, port-allocation-strategy Select the appropriate strategy for this steering pool based on media type support in this realm.

STI Header Mapping Rules

New Attributes Description
session-router, sti-header-mapping-ruleset Multi-instance element allowing you to create header manipulations that target Stir/Shaken traffic.
session-router, sti-header-mapping-ruleset, name Specifies a unique identifier for this sti-header-mapping-ruleset. You use this name when you apply the ruleset to either a sti-server or the sti-config.
session-router, sti-header-mapping-ruleset, mapping-rules Multi-instance element from which you create rules for manipulating headers within Stir/Shaken traffic.
session-router, sti-header-mapping-ruleset, mapping-rules, id Specifies a unique identifier for this mapping-rule.
session-router, sti-header-mapping-ruleset, mapping-rules, source-header Specifies the header within an HTTP request or a SIP INVITE from which you create changes to the target-header. You can use Regex syntax to refine the selection of the header components that you apply to the target-header.
session-router, sti-header-mapping-ruleset, mapping-rules, target-header Specifies the header you modify, based on this rule's source-header parameter, within an HTTP request or a SIP INVITE. You can use Regex syntax to refine the insertion of the header components that you apply to this header.
session-router, sti-header-mapping-ruleset, mapping-rules, direction Specifies the direction that this rule affects. Outbound causes the system to modify headers traffic to the applicable sti-server. Inbound affects headers from the sti-server.
session-router, sti-header-mapping-ruleset, mapping-rules, role Specifies the role, Stir/Shaken authentication or verification, within which this rule applies.

STI Config and STI Server

New Attributes Description
session-router, sti-config, use-identity-header Causes the SBC to add a Reason header to 18x, 19x responses and 3xx, 4xx, 5xx, 6xx final responses that it sends to a callee with a cause value of “428” and the text “Use Identity Header” for all received INVITEs that did not contain an identity header.
session-router, sti-config, check-duplicate-passports Enables the system to check for duplicate SHAKEN or DIV passports in a received INVITE.
session-router, sti-config, tn-retargeting Enables the system to perform DIV authentication request, based on the received INVITE.
session-router, sti-config, verstat-comparison Determines whether and how the system compares the verstat value present in FROM and PAI headers.
session-router, sti-config, dest-comparison Specifies whether and on which header the system compares its stored TN.
session-router, sti-config, sti-as-correlation-id Adds the SipCallId parameter to REST authentication requests to the STI-AS.
session-router, sti-config, reason-json-sip-translation Creates a Reason header from the parameters reasoncode and reasontext, if received from the STI-VS.
session-router, sti-config, sti-header-mapping-ruleset-name Name of this STI Header Mapping Ruleset you want to use as default across all sti-servers.
session-router, sti-config, flip-tn-lookup-order Prioritize the FROM header over the PAI header as the source from which it retrieves a TN for use during authentication and verification procedures.
session-router, sti-server, role The role of the STIR/SHAKEN server.
session-router, sti-server, http-rest-type The type of the STIR/SHAKEN implementation.
session-router, sti-server, div-as-server-root The STI-AS Server root URL for div authentication requests.
session-router, sti-server, div-vs-server-root The STI-VS Server root URL for div verification requests.
session-router, sti-server, options A new options parameter.
session-router, sti-server, sti-header-mapping-ruleset-name The name of the instance of sti-header-mapping-ruleset to apply.

DTLS-SRTP

New Attributes Description
security, media-security , dtls-srtp-profile, name Unique identifier for this DTLS SRTP profile. Use this name when you apply the profile to realms.
security, media-security , dtls-srtp-profile, tls-profile The name of the tls-profile you want to apply to traffic under this dtls-srtp-profile.
security, media-security , dtls-srtp-profile, dtls-completion-timeou Specify the number of seconds the system waits for a DLTS handshake to finish before terminating the session.
security, media-security , dtls-srtp-profile, preferred-setup-role Specify the role the system takes within the client-server context of the DTLS handshake.
security, media-security , dtls-srtp-profile, crypto-suite Specifies the cryptography suite the system proposes during the DTLS handshake for encrypting media and authentication.
realm-config, dtls-srtp-profile The name of the dtls-srtp-profile you want to apply to DTLS traffic on this realm

NSEP Statistics

New Attributes Description
session-router, nsep-stats-profile, state Enables or disables this nsep-stats-profile, which is a multiple element
session-router, nsep-stats-profile, rvalues Lists the rvalues to be considered for per realm statistics.
session-router, nsep-stats-profile, feature-code The country code STD to be used to with the dialed numbers on which you want to collect realm-based statistics. This is to be pre-pended to all configured dialed numbers. This value must be configured if any dialed number is configured. You can configure only one feature code.
session-router, nsep-stats-profile, dialed-numbers Specifies the dialed numbers to be considered for per realm statistics. Use of this parameter also requires that the feature-code parameter be configured.
media-manager, realm-config, nsep-stats Enable NSEP statistics on a realm.

CCF via FQDN

Modified Elements Description
session-router, account-config, dns-realm The realm where the DNS server from which the system can obtain resolutions to an FQDN hostname for a Diameter server.
session-router, account-config, acr-buffer-upper-threshold New attribute. The upper threshold for the ACR buffer after which the SBC will select an alternate server.
session-router, account-config, acr-buffer-lower-threshold New attribute. The lower threshold for the ACR buffer which, when reached, the SBC will select the primary server again.
session-router, account-config, maintain-ccf-affinity New attribute. Enable an affinity between ACRs and CCFs so that all ACRs within a single session are sent to the same CCF (unless it goes down).
session-router, account-config, send-disconnect-peer-msg New attribute. Enable or disable sending the disconnect message to a peer.
session-router, account-config, next-priority-selection-interval New attribute. The time interval in minutes between routing the new call session to the next lower priority CCF after the first switch.
session-router, account-group, account-servers, fqdn-pool-type New attribute. Identify whether the configured hostname FQDN belongs to the primary pool or the secondary pool.

NTP Sync

New Attribute Description
ntp-sync, dns-realm The realm on which your NTP server resides.

New Alarms

New Attributes Description
session-router, sip-config, internal-503-threshold The percentage of 503 Service Unavailable responses over the total SBC-generated messages which, once crossed, generates an alarm.
session-router, sip-config, internal-503-lower-threshold The percentage of 503 Service Unavailable responses which, once crossed, informs the system that the previously generated alarm is considered resolved.
session-router, sip-config, 503-alarm-monitoring-time The number of minutes before which the SBC rechecks whether the internal 503 alarm is cleared.
media-manager, realm-config, steering-pool-threshold The utilization percentage for steering pools which, once crossed, generates an alarm.
media-manager, realm-config, steering-pool-lower-threshold The utilization percentage for steering pools which, once crossed, the previously generated alarm is considered resolved.
media-manager, realm-config, steering-pool-alarm-monitoring-time The number of minutes that a steering-pool alarm should be monitored before re-triggering.
session-router, session-agent, trigger-oos-alarm Enable or disable the sending of an alarm when a Session Agent is out of service

Surrogate Agent

New Attributes Description
session-router, surrogate-agent, auth-user-lookup Enter the name of an auth-user-lookup in a realm's auth-attributes list so that the SBC uses those credentials to authenticate challenged register requests
session-router, surrogate-agent, proxy-name Enter the name of the session agent you have configured as the Registrar that validates this surrogate agent's register requests for the purpose of routing to that session agent.
session-router, surrogate-agent, un-register Set the de-registration state
session-router, surrogate-agent, source-ip-prefix Enter the list of IP address (with optional prefix) to validate the source IP.

TCP Port for Session Agents

The following change was introduced in S-CZ9.2.0p3.

New Attributes Description
session-router, session-agent, static-tcp-source-port Set the source TCP port for the session agent.

Updates to the STI Server Group

Modified Element Description
session-router, sti-server-group, strategy The following strategy parameter values are not supported:
  • least-busy
  • prop-dist