ACLI Configuration Element Changes
The following tables summarize the ACLI configuration element changes in the Oracle Communications Session Border Controller S-Cz9.3.0 release.
Online Certificate Status Protocol
| New Elements | Description |
|---|---|
| security, authentication, online-certificate-status-protocol | Allows you to select which interfaces require OCSP verification, the OCSP FQDN, and the IP address and port of the DNS resolver for the OCSP FQDN. |
STUN Support
| New Attribute | Description |
|---|---|
| media-manager, ice-profile, rtcp-stun | Enable STUN support on RTCP port |
IKE/IPsec Encryption
| Modified Attribute | Description |
|---|---|
| security, ike, ike-config, phase1-dh-mode | The value dh-group2 is removed. The
values dh-group17 and dh-group18
are added.
|
| security, ike, ike-config, phase2-exchange-mode | The value dh-group2 is removed. The
values dh-group17 and dh-group18
are added.
|
| security, ike, ike-sainfo, security-protocol | The value esp-null is
removed.
|
| security, ike, ike-sainfo, auth-algo | The values of md5 and
sha1 are removed.
|
| security, ike, ike-sainfo, encryption-algo | The values null and
3des are removed.
|
| security, ipsec, security-association, manual, auth-algo | The values of md5 and
sha1 are removed.
|
| security, ipsec, security-association, manual, encr-algo | The value of 3des is
removed.
|
| security, ikev2-ipsec-wancom0-params, ipsec-algorithms | The value of null is removed from
allowed ciphers and the value of sha1 is removed
from the allowed hashes.
|
MSRP Ports
| New Attribute | Description |
|---|---|
| media-manager, msrp-config, double-port-allocation | Enable or disable using 2 steering pool ports for MSRP calls. |
Realm Configuration
| New Elements and Attributes | Description |
|---|---|
| media-manager, realm-config, suppress-hold-resume-reinvite | A new attribute to enable to suppress reinvites. |
| media-manager, realm-config, snmp-sipmethod-stats | A new attribute to enable SNMP retrieval of realm based SIP method statistics for SUBSCRIBE, NOTIFY and MESSAGE methods. |
| media-manager, realm-config, max-inbound-per-session-burst-rate | A new attribute to set the maximum inbound burst rate per session. |
| media-manager, realm-config, burst-rate-window-per-session | A new attribute to set the burst rate window per session. |
| media-manager, realm-config, dos-action-at-session | A new attribute to set the action to take on the session conducting a DoS attack. |
| media-manager, realm-config, restricted-latching | A new value of sdp-ip-port has been
added to use the IP address and port specified in the SDP for
latching.
|
Session Agent Configuration
| New Attributes | Description |
|---|---|
| session-router, session-agent, max-inbound-per-session-burst-rate | A new attribute to set the maximum inbound burst rate per session. |
| session-router, session-agent, burst-rate-window-per-session | A new attribute to set the burst rate window per session. |
| session-router, session-agent, dos-action-at-session | A new attribute to set the action to take on the session conducting a DoS attack. |
| session-router, session-agent, emergency-dscp-profile | The name of the emergency DSCP profile to apply to this session agent. |
SIP Configuration
| New Attributes | Description |
|---|---|
| session-router, sip-config, emergency-dscp-profile | The name of the emergency DSCP profile to apply to this session agent. |
| session-router, sip-config, precondition-med-enhancement | Enables support for multiple early dialogs with preconditions and TrFO. |
| session-router, sip-config, transcoding-agents | This element no longer accepts port numbers in its list of agents. |
SIP Interface
| New Attributes | Description |
|---|---|
| session-router, sip-interface, tcp-max-nat-interval | The amount of time in seconds that testing over TCP connections should not exceed for adaptive HNT. |
| session-router, sip-interface, tcp-nat-int-increment | The amount of time in seconds to use as the increment in value in the SIP expires header for adaptive HNT testing for TCP connections. |
| session-router, sip-interface, tcp-nat-test-increment | The amount of time in seconds that will be added to the test timer for adaptive HNT testing for TCP connections. |
| session-router, sip-interface, tcp-sip-dynamic-hnt | Enables dynamic hosted NAT traversal feature for connections using TCP as the transport protocol. |
| session-router, sip-interface, emergency-dscp-profile | Specifies the name of the emergency DSCP profile you want to apply to this sip-interface. |
Schedule Backups
| New Elements and Attributes | Description |
|---|---|
| system, system-config, schedule-backup | A new element to configure automatic backups. |
| system, system-config, schedule-backup, admin-state | A new attribute to enable or disable all automatic backups. |
| system, system-config, schedule-backup, config-backup | A new element to configure the attributes for an automatic backup. |
| system, system-config, schedule-backup, config-backup, admin-state | A new attribute to enable or disable this specific backup. |
| system, system-config, schedule-backup, config-backup, interval | Set how often the SBC backs up the configuration. |
| system, system-config, schedule-backup, config-backup, retry-interval | The length in minutes after which the SBC will retry backing up the configuration if the previous attempt failed. |
| system, system-config, schedule-backup, config-backup, retry-count | The number of times which the SBC will try to backup the configuration when repeated attempts fail. |
| system, system-config, schedule-backup, config-backup, push-failure-alarm | Enable or disable generating an alarm and trap when the backup attempt failed. |
| system, system-config, schedule-backup, config-backup, push-receiver | The configuration element where you set the connection details of the push receiver. This is a multi-instance configuration element. |
| system, system-config, schedule-backup, config-backup, push-receiver, address | The IPv4 address of the SFTP server to which the SBC will push the backups. |
| system, system-config, schedule-backup, config-backup, push-receiver, user-name | The user name that the SBC will use to log in to the SFTP server. |
| system, system-config, schedule-backup, config-backup, push-receiver, password | The password that the SBC will use to authenticate to the SFTP server. |
| system, system-config, schedule-backup, config-backup, push-receiver, data-store | The directory on the SFTP server where the SBC will copy the backup configuration files. |
| system, system-config, schedule-backup, config-backup, push-receiver, protocol | The protocol that the SBC will use when connecting to the SFTP server. |
SSH Configuration
| Modified Attributes | Description |
|---|---|
| security, ssh-config, hostkey-algorithms | The values of ssh-rsa and
ssh-dss have been replaced with the values of
rsa-sha2-256 and
rsa-sha2-512.
|
| security, ssh-config, encr-algorithms | The following values are removed:
aes256-cbc, aes192-cbc,
aes128-cbc, rijndael256-cbc,
rijndael192-cbc,
rijndael128-cbc, and
3des-cbc |
STI Configuration
| New or Modified Attributes | Description |
|---|---|
| session-router, sti-config, sti-response-treatment-config-name | The name of the sti-response-treatment-config to apply to this sti-config. |
| session-router, sti-config, max-retry-attempts | The number of attempts the system tries sending a request to a new sti-server within the sti-server-group unless a server responds or sip transaction times out. |
| session-router, sti-header-mapping-ruleset, mapping-rules, source-param | The SIP or HTTP header parameter based on the source header. |
| session-router, sti-header-mapping-ruleset, mapping-rules, target-param | The SIP or HTTP header parameter based on the target header. |
| session-router, sti-heartbeat-config | A new element to define operational parameters for the heartbeat that monitors the availability of the STIR/SHAKEN servers. |
| session-router, sti-response-treatment-config | A new element to create containers for response-treatment-entry sub-elements. |
| session-router, sti-response-treatment-config, sti-response-treatment-entry | A new element to define global or specific STI server rules. |
| session-router, sti-server-group, strategy | The values LeastBusy and
PropDist are deprecated.
|
| session-router, sti-server, sti-response-treatment-config-name | A new attribute for the name of the STI response treatment. |
System Configuration
| Modified Attributes | Description |
|---|---|
| system, system-config, disable-garp-out-of-subnet | A new attribute to prevents the system from sending out any GARP or ND query for sip-interfaces that are not in the same subnet of each network-interface. |
| system, system-config, httpclient-cache-size-multiplier | A new attribute to store the connection cache multiplier value. |
| system, system-config, http-clearDead-conn-timer | The time interval in seconds for clearing dead connections. |
| system, system-config, resource-monitoring | A new element for configuring resource monitoring. |
S-Cz9.3.0p2 Changes
These changes are present in S-Cz9.3.0p2 and later.
| Modified Attributes | Description |
|---|---|
| security, authentication, tacacs-authorization-arg-mode | A new value enabled-include-show is added to include show commands in the arg-mode of TACACS authorization requests. |
| security, ike, ike-key-id | Adds a new attribute id-type. |
| security, ike, ike-sainfo | Adds a new attribute remote-id-profile. |
| session-router, sti-config | Adds new attribute sti-reason-header-config-name to identify the name of the STI Reason Header config configured under sti-reason-header-config. |
| session-router, sti-server | Adds new attribute sti-reason-header-config-name to identify the name of the STI Reason Header config configured under sti-reason-header-config. |
S-Cz9.3.0p3 Changes
These changes are present in S-Cz9.3.0p3 and later.
| Modified Attributes | Description |
|---|---|
| security, certificate-record, key-algor | Adds the value rsapss. |
| system, system-config, collect, group-settings, group-name | Adds the value latest-peak-license-usage. |
| security, ike, ike-config, eap-protocol | Removes the value eap-md5. |
| security, ike, ike-interface, eap-protocol | Removes the value eap-md5. |
| security, ike, ike-sainfo, auth-algo | Removes the value aes-xcbc. |
| security, ims-aka-profile, auth-alg-list | Removes the value hmac-md5-96. |
| security, ims-aka-profile, encr-alg-list | Removes the value des-ede3-cbc. |
| security, ipsec, security-association, manual, auth-algo | Removes the value aes-xcbc-mac. |
| system, system-config | Adds a new attribute peak-concurrent-license. |