Session Translation Enhancements

In the Configuration Guide, the Number Translation chapter is renamed Session Translation. The number-translation element has been redesigned to support regular expressions that match predefined input headers and populate predefined output headers. The session-translation element is enhanced to more easily group and rearrange number translations. And finally, the realm-config and session-agent elements are enhanced to support grouping and rearranging session translations.

Update an Existing Certificate Record with a New Certificate

When you need to renew a certificate on the Session Border Controller, you no longer need to create a new certificate record. You can go to the existing record and import the renewed certificate. The imported certificate overwrites the existing one. See "Update a Certificate" in the Web GUI Guide and the Configuration Guide.

Alarm Enhancement

This release adds three alarms to help monitor system status, especially suited for notifying you of issues before they become operational problems. The new alarms include The Session Agent Out of Service Alarm, The Steering Pool Threshold Alarm, and The Internal 503 Threshold Alarm.

See the sections using the same titles as the alarms in the Fault Management chapter of the Maintenance and Troubleshooting Guide for detailed information.

Creating a Reason Header During Verification

You can configure the SBC to create and insert SIP reason headers into applicable SIP INVITEs based on information received from an STI-VS during verification attempts. These headers provide insight into the reason the STI-VS could not or did not verify the request. You can use this feature to provide visibility into the reasoncode, reasontext and the verstat parameters downstream within the SIP INVITE and in CDRs. This feature applies to both ATIS and 3GPP modes.

See the Creating a Reason Header During Verification section in the STIR/SHAKEN chapter of theACLI Configuration Guide for detailed information.

HTTP Header Customization for STIR/SHAKEN

You can configure the SBC with static mapping to and from SIP INVITEs and HTTP requests or responses within the context of STIR/SHAKEN authentication or verification procedures. This mapping provides a means of conveying SIP header information within HTTP headers and conversely. This feature adds headers and their new parameters in the rules targets or modifies existing headers with the new parameters presented by the rule. This feature applies to both ATIS and 3GPP modes.

See the HTTP Header Manipulation section in the STIR/SHAKEN chapter of the ACLI Configuration Guide for detailed information.

Please review the Caveats and Limitations Chapter of the S-Cz9.2.0 Known Issues and Caveats Guide for functional limitations of this feature that apply to this software release.

CALEA in Authentication Requests

You can configure the OCSBC to include Communications Assistance for Law Enforcement Act (CALEA) information in SHAKEN and DIV PASSporT authentication requests. This feature applies to both ATIS and 3GPP operation modes.

See the Including CALEA in Authentication Requests section in the STIR/SHAKEN chapter of theACLI Configuration Guide for detailed information.

DTLS-SRTP Server Mode

The SBC supports Datagram Transport Layer Security (DTLS) to establish SRTP media traffic over UDP in server mode. The SBC uses DTLS within the context of SRTP (DTLS-SRTP) per RFC 5764. This DTLS-SRTP feature provides for secure media, supports the same transfer scenarios supported for SDES-SRTP, and supports unattended transfer, and music on hold scenarios.

This feature is not supported on the SLB.

See the DTLS-SRTP section in the Security chapter of the ACLI Configuration Guide for detailed information.

Please review the Caveats and Limitations Chapter of the S-Cz9.2.0 Known Issues and Caveats Guide for functional and platform limitations of this feature that apply to this software release.

Flowtype AVPs

This release of the SBC adds 5 AVPs that the system includes in CDRs to better identify and track media flows. These AVPs include, Acme-FlowIDFS1-R, Acme-FlowIDFS2-F, Acme-FlowIDFS2-R, Acme-FlowType-FS2-F, and Acme-FlowType-FS2-R.

See the sections using the same titles as the AVPs in Appendix C of the Accounting Guide for detailed information.

NTP Servers Configured with an FQDN

You can configure the SBC with an FQDN for establishing communications with NTP time servers. This feature supports FQDN resolution through a DNS query over wancom or media interfaces. Having received DNS resolution for the query, the SBC uses its standard selection process for DNS results to request time synchronization from one of multiple, redundant NTP servers.

See the FQDNs for Time Servers on the SBC section in the Diameter Accounting Chapter of the Accounting Guide for detailed information.

Using FQDNs to Access CCFs over Diameter

See the Using FQDNs to Access CCFs over Diameter section in the Diameter Accounting Chapter of the Accounting Guide for detailed information.

STI Server Status Timer Changes

This release changes the values you can configure to the STI server circuit breaker window timers to enhance the ability of the SBC to manage STI server status.

See the STIR/SHAKEN chapter of the ACLI Configuration Guide and the circuit-breaker-retry-time and circuit-breaker-half-open-frequency parameters in the ACLI Reference Guide for the new values.

Enhanced Reporting on NSEP Traffic Statistics

The SBC provides you with NSEP traffic statistics from the ACLI and SNMP. You can access system wide NSEP traffic reports when you configure the system for applicable network management controls (NMC). In addition, you can now configure the system to provide realm-specific reporting on a per-realm basis by configuring the nsep-stats-profile on the session-router and enabling nsep-stats on the applicable realms.

See the Reporting on NSEP Traffic Statistics section in the SIP Signaling Services Chapter of the ACLI Configuration Guide for detailed information.

Parallel Call Forking

You can configure the SBC to direct calls to multiple targets simultaneously using parallel forking. You establish parallel forking behavior by enabling the parallel-forking parameter on one or more local-policy elements and configuring the cost within each applicable policy-attribute.

See the Parallel Call Forking section in the Routing Chapter of the ACLI Configuration Guide for detailed information.

Please review the Caveats and Limitations Chapter of the S-Cz9.2.0 Known Issues and Caveats Guide for functional limitations of this feature that apply to this software release.

Enhancements to Preconditions Processing

You can configure the SBC to extend its support of preconditions with dynamic preconditions, which allows the SBC to determine whether and where to support preconditions for a given call. When you configure the system for the above, you also:

• Configure the SBC to manipulate the PEM header within both static asymmetric and dynamic preconditions call flows to change the direction attributes.
• Establish system behavior changes for certain preconditions call flows wherein the SBC changes the direction value of the SDP media attribute to prevent issues.
• Establish support for all of the strength tag values within all preconditions attributes. In addition, the SBC inserts strength tags under certain conditions.

See the Enhanced Preconditions section in the SIP Signaling Chapter of the ACLI Configuration Guide for detailed information.

Allocation Strategies for Steering Pools

You can configure the SBC with three types of steering pools to allocate network ports for specific types of network traffic. These pool types include audio/video, MSRP and mixed media types. Establishing these pool types provides more efficient use of media ports.

See the Allocation Strategies for Steering Pool section in the Realms and Nested Realms Chapter of the ACLI Configuration Guide for detailed information.

3GPP Mode for STIR Shaken Deployments

This version of the SBC adds support for the 3GPP mode of STIR/SHAKEN operation. 3GPP supports verifying DIV passports in addition to SHAKEN passports. The DIV category refers to passports generated for diverted calls.

See the STIR/SHAKEN chapter of the ACLI Configuration Guide for detailed information. This feature creates changes in multiple sections of that chapter.

STIR SHAKEN FQDN TTL Expiry

You can configure the SBC to use FQDNs for STI-AS and STI-VS server to establish STIR/SHAKEN server pools using DNS. This new feature includes TTL expiry as a trigger to DNS queries.

See the Server Names as FQDNs section in the STIR/SHAKEN chapter of the ACLI Configuration Guide for detailed information.

SDP Compliance Enforcement

You can configure the SBC to enforce SDP compliance on incoming messages and reject non-compliant messages and change the non-compliant SDP in ensuing messages. By default, the SBC forwards response message even if the Content-Length is greater than the SDP size and the SDP does not have mandatory parameters. You enable the sip-strict-compliance option when the SBC is operating in environments where it is expected to monitor and validate these aspects of SDP.

See the SDP Compliance Enforcement section in the SIP chapter of the ACLI Configuration Guide for detailed information.

Managing HTTP Connections

By default, the SBC limits system impact caused by HTTP client behavior using the httpclient-max-total-conn and httpclient-max-cpu-load parameters in the system-config. These parameters, respectively, allow you to change the number of TCP connections and the amount of CPU resources consumed by traffic between the SBC and all types of HTTP servers.

See the Managing HTTP Connections section in the System Configuration chapter of the ACLI Configuration Guide for detailed information.

TLS 1.3 Support

This release supports TLS 1.3 by default. See the tls-profile topic in the ACLI Configuration Guide and the "Configure a TLS Profile" section in the Security chapter of the Configuration Guide.

New Memory Support for TCM-3

This version of the SBC supports TCM-3 cards with new memory. This software is also backwards compatible with cards that include the old memory. Note that older software does not support this new memory.

See the Acme Packet 3950/4900 Minimum Versions section in the Transcoding chapter of the ACLI Configuration Guide for detailed information about verifying software/hardware compatibility. See the Troubleshooting section of these Release Notes for specific software/hardware compatibility for this version of the SBC software.

STIR/SHAKE Support on the Session Router

This version of the SBC updates the Session Router support for STIR/SHAKEN functionality to be the same as the SBC.

DTLS/SRTP Support on the Acme Packet 6350

This version of the SBC adds DTLS/SRTP support on the Acme Packet 6350.

Enhanced Restricted Latching

You can now configure the SBC to latch all media flows within a realm to both the externally provided address and port when you set the restricted-latching mode to sdp-ip-port. When configured to this setting, the system latches to media based on the IP Address received in the SDP c= connect address line, and the port in the mline in the offer and answer. This differs from standard latching in that the port is left unassigned by the SBC. This feature allows the SBC to better support multiple RTP streams from different ports using the same IP address, such as within forking scenarios.

See the Restricted Latching section in the Realms chapter of the ACLI Configuration Guide for detailed information.

DPDK Uplift

This version of the SBC uplifts the DPDK version to 22.11.

DPDK Uplift

This version of the SBC allows you to configure the SBC to use a static TCP port when connecting to a session-agent instead of an ephemeral port.

See the About Session Agents section in the Session Routing and Load Balancing chapter of the ACLI Configuration Guide for detailed information.

PSAP Callback Enhancement

You can configure the SBC to support Public Safety Answering Point (PSAP) callback handling to numbers that are not in the PSAP callback list, which includes 911, 112 and any number you have added. You can also configure the SBC to replace the request-URI in a PSAP callback to resolve routing issues.

See the PSAP Callback Option section in the SBC Processing Language (SPL) chapter of the ACLI Configuration Guide for detailed information.

Verstat Delimiter

This version of the SBC allows you to configure the verstat-delimiter option in the applicable sti-server. You use this delimiter to refine the specific text of the verstat during verstat retrieval processes.

See the STIR/SHAKEN chapter of the ACLI Configuration Guide for detailed information about this parameter.

HTTP Client Cache Size Configuration

This version of the SBC allows you to configure the httpclient-cache-size-multiplier parameter in the system-config to adjust the size of the HTTP connection cache.

See the HTTP Connection Management section in the System Configuration chapter of the ACLI Configuration Guide for detailed information about this parameter.

Session-Level DoS Protection

You can configure the SBC to implement DoS protection when any individual session appears to be conducting an attack. You can configure this protection on a realm-config or a session-agent, with the session-agent configuration taking precedence when applicable.

See the DoS Protection section in the Security chapter of the ACLI Configuration Guide for detailed information about this feature.

Subscription-Id-Data AVP

When applicable, the SBC can send a Subscription-Id-Data AVP (444) to an external policy server. This AVP is contained within the grouped Subscription-Id AVP (443) and carries the user's identifier. You can configure the SBC to refine this data so it gets this information from the SBC and uses your configured value for the subscription-id-type parameter to determine which user identifier it sends.

See the Subscriber Information AVP section in the External Policy Server chapter of the ACLI Configuration Guide for detailed information about this feature.

RFC 6733 Compliance for the Vendor-Specific-Application-Id

You can configure the SBC to perform CER and LIR transactions over the Cx interface in compliance with RFC 6733 with respect to the contents of the Vendor-Specific-Application-Id AVP (260). You do this by setting the rfc6733compliant option under the applicable home-subscriber-server. RFC 6733 compliance consists of several behaviors, including limiting the number of Vendor-Ids present in the CER and LIR diameter messages to one. By default, the system aligns with RFC 3588 and sends out both Vendor-IDs in the diameter messages.

See the Compliance for the Vendor-Specific-Application-Id section in the IMS chapter of the ACLI Configuration Guide for detailed information about this feature.

Supporting HA with STIR SHAKEN over TCP

You can configure the SBC with the exclusive-http-client-port-range option within the system-config to support an HA Pair running STIR SHAKEN to use the different set of ports between Primary and Secondary machine for establishing TCP connection with HTTP server.

See the Supporting HA with STIR SHAKEN over TCP section in the STIR SHAKEN chapter of the ACLI Configuration Guide for detailed information about this feature.

Create a Dictionary File for Decoding AVPs

You can generate an AVP dictionary from the SBC to install and use for decoding Oracle-specific Rf AVPs in messages using Wireshark. After generating this dictionary, you include it within your Wireshark deployment and configure a Wireshark resource file. This allows Wireshark to decode standalone and grouped AVPs identified with the ACME_DIAM_VENDOR_ID label.

See the Create a Dictionary File for Decoding AVPs task in the Diameter Accounting chapter of the Accounting Guide for detailed information about this feature.

Support for the Mellanox C5 Interface

The SBC supports the Mellanox C5 interface for use as a media interface. For this release, Oracle is supporting this interface on the vSBC over KVM in SRIOV mode.

SPL for Skipping the INVITE Validation for KDDI

You can configure an SPL option on the SBC to disable incoming INVITE validation. This feature makes use of the Control-Surr-Reg SPL, requiring the applicable configuration. When you configure this feature, the SBC does not attempt to match the incoming R-URI against the random user part received while performing the Surrogate Registration SPL feature processing for KDDI deployments.

REFER Handling Enhancement

The SBC may stop sending its configured ring back tone (RBT) to the caller when operating within some transfer scenarios. Applicable scenarios include the presence of network infrastructure that issues a BYE from the callee to the SBC while the transfer is underway. You can configure the SBC to persist with RBT for the duration of the transfer process so the caller does not unexpectedly lose RBT.

Creating the PAI from Rx IMSI information for Emergency Calls

You can configure the SBC to build the host part of a P-Asserted-Identity header based solely on the EPC level IMSI information provided by the PCRF within Rx information, if required. This configuration applies to S8HR deployments when the system handles a local or roaming emergency call. The system performs this function regardless of whether the emergency call comes from an unregistered, emergency registered or a non-emergency registered endpoint. This feature establishes compliance with the applicable requirement within 3GPP 24.229.

See the Creating the PAI from Rx IMSI information for Emergency Calls in the IMS chapter of the ACLI Configuration Guide for detailed information about this feature.

Multiple PSKs per IKE Interface

You can configure the SBC to support multiple pre-shared keys (PSKs) on a single IKE interface. By allowing these multiple PSK authentications, you can support multiple IKE sessions on that interface using unique PSKs. Both symmetric and asymmetric PSK deployments benefit from this capability. You accomplish this by attaching authorization configuration directly to SAs instead of the IKE interface.

See the Multiple PSKs per IKE Interface in the Security chapter of the ACLI Configuration Guide for detailed information about this feature.

New PLMN-ID Insertion Cases

In addition to REGISTRATION scenarios, the SBC can use the latest PVNI header with the latest PLMN information in the INVITE/REINVITE/MESSAGE sip request’s 200 OK response towards the core. This occurs after S8HR inter-PLMN handover. These scenarios include those that generate a 200 OK toward the core during SIP MO INVITE signaling.

See the VPLMN-ID Management Support topic in the IMS Support chapter of the ACLI Configuration Guide for detailed information about this feature.