Professional Documents
Culture Documents
Oracle SBC Release S Cz9.1.0 Knowledge Transfer For Partners PDF
Oracle SBC Release S Cz9.1.0 Knowledge Transfer For Partners PDF
0 Knowledge Transfer
(For Partners)
Oracle Communications Session Border Controller
Oracle Enterprise Session Border Controller
Oracle Communications Session Router
Oracle Communications Subscriber-Aware Load Balancer
PLM
Abhishek Nath | Mayank Gupta
Apr, 2022
S-Cz9.1.0 Knowledge Transfer Agenda
Improves service provider and enterprise SBC, SR and SLB competitiveness in these key areas:
• Increases feature richness for VoLTE & VoWiFi based deployments
• Enable customers to successfully launch new RCS and VoIP services
• Peering and Interconnect scenarios with TrFo support
• Enhanced security standard compliance with STIR/SHAKEN improvements
• Improved customer experience for deployment on public clouds
• Enhanced WebGUI
• Addresses several enhancements targeted to improve key customers’ satisfaction and retention
• Serviceability improvements to simplify operations
Acme Packet 3900 Yes No No Yes VMware Yes Yes Yes Yes
Acme Packet 3950 Yes No No Yes KVM Yes Yes Yes Yes
Acme Packet 4600 Yes Yes No Yes Hyper-V Yes Yes No Yes
Oracle Cloud Infrastructure
Acme Packet 4900 Yes No No Yes
VM.Standard1 No No No No
Acme Packet 6100 Yes Yes No No
VM.Standard2 Yes Yes Yes Yes
Acme Packet 6300 Yes Yes No Yes
Amazon Web Services (EC2)
Acme Packet 6350 Yes No No Yes
C4 / Xen No No No No
COTS Servers
C5 / Nitro Yes Yes Yes Yes
Netra Server X5-2 No No No No
C5n/Nitro Yes Yes Yes Yes
Oracle Server X7-2 No Yes No No
Microsoft Azure
Oracle Server X8-2 No Yes No No
Standard_F(x)s Yes Yes No Yes
Standard_F(x)s_v2 Yes Yes No Yes
VoLTE/Vo5G Security
• WPS Session Capacity Reservation • Expanded statistics for STIR/SHAKEN
• Rf Reason-Header AVP • Increase DHE key length to 2,048 bits
• DSCP marking for WPS Usability
• NR location support for Vo5G • WebGUI enhancements for ESBC
Peering/Interconnect • Upgrade bootloader file from GUI
• NPLI for Unreg Emergency Calls Miscellaneous
• TrFo for Asymmetric preconditions • SIP transaction KPI enhancements
Virtualization/Cloud • Admin’s ability to change or reset anyone's
• Increasing number of static trusted and password
untrusted ACLs entries for vSBC • Show sipd interface display disabled sip-
• Orchestration support for OCI using interfaces
Terraform scripts
• SLB support on AWS
VoLTE/Vo5G Features
WPS Session Capacity Reservation
• Reserved session pool which shall be reserved only for NSEP Unreserved
pool
calls. These reserved sessions shall be used only when all
sessions from general session capacity pool has exhausted Any call
VoLTE/Vo5G Features
Rf Reason-Header AVP
• 3GPP standards compliance for accounting has been increased to include the Reason-Header AVP.
• This feature will enable SBC to enhance Diameter Accounting Request (ACR) for Accounting-Record-
Type [STOP/EVENT] by adding this additional AVP.
• The functionality is as per spec 3GPP TS 32.299 V13.5.0, section 7.2.164A Reason-Header AVP.
VoLTE/Vo5G Features
DSCP marking for WPS
• DSCP marking for National Security and Emergency Preparedness (NSEP) calls has been enhanced
to enable egress marking on a per realm basis.
• The media policy associated with realm-config which is responsible for doing DSCP marking of
packets was not used for NSEP calls.
• So, for NSEP calls, for any realm from which the packets will egress out, the DSCP marking would be
decided by the media-policy of the matching Resource Priority header profile.
• This feature provides the flexibility at OCSBC for marking NSEP calls going to different realms with
different DSCP values.
• A new configuration attribute “nsep-media-policy” has been added in “realm-config” configuration
element parallel to media-policy attribute to allow SBC to do DSCP marking of NSEP calls per realm
basis
VoLTE/Vo5G Features
NR location support
• The SBC now supports 5G NR Geographical Location Type(s), RAT Type and IP-CAN Type on the
Diameter Rx interface with the PCF/PCRF.
• With enables the SBC to parse and process 5G specific location parameters on the Diameter interface
for the purpose of populating 5G Network Provided Location Information (NPLI).
• The SBC behavior for retrieving location information and adding the PANI header remains the same
as in previous releases.
• PCF/PCRF shall communicate the 5G supported values of location information in Diameter RAR
based on which OCSBC constructs the 5G NPLI.
• This feature adds network provided PANI header for unregistered subscribers in the event of an
emergency call.
• This enhances the NPLI functionality delivered in release SCz8.4 to extend to emergency callers
without a current registration.
• The NPLI functionality in SCz8.4 increased compliance to the 3GPP 29.214 standard for Policy and
charging control over Rx reference point by:
• Sending AVPs for requesting NPLI in the first AAR Rx request only
• Modifying behavior to expect location information AVP only in RAR and not AAA
• Adjusting the triggering of the hold timer on receipt of AAA and not on receipt of INVITE
• Limitation - This feature only works when the ext-policy-server is configured on the access realm
(or the realm where UAC is present for unregistered emergency call)
Peering/Interconnect Features
TrFO for Asymmetric preconditions
• In this release the number of static trusted and untrusted ACLs can increased based on available
memory
• Static trusted ACLs scale at the rate of 1,000 entries per every GB of VM memory with a max limit
of 64K entries.
• Static untrusted ACLs scale at the rate of 500 entries per every GB of VM memory with a max
limit of 32K entries.
• Caveat: The maximum flow-ids for static ACLs is limited to 65535 in the SBC. Therefore, the
combined count of static ACLs, both trusted and untrusted, that can be installed on the system is
limited to 65535 entries.
• The SBC software is published in the Oracle Cloud Infrastructure (OCI) Marketplace which allows
customers and partners to deploy SBCs without manually uploading the software.
• Although this is a good start to ease the deployments of SBC on OCI, it does not solve the
problem of customers manually having to create the OCI infrastructure elements such as virtual
networks, security groups, subnets, deploying VMs, configuring ‘Day-0’ configurations, etc.
• To address this Oracle is providing pre-built “Stacks” to help deploy environments without having
to learn Terraform.
• Two Terraform scripts for stacks have been created:
• Virtual Cloud Network (VCN) stack helps the user to create all the network infrastructure required
to deploy the SBC VM on OCI.
• SBC stack helps users to instantiate a standalone or HA pair on OCI with all Day-0 configuration,
for example: loading product type & entitlements, configuring cores, setting up HA configuration,
SNMP etc.
• Look for the Terraform Template Files in the Customer Documentation under Management Files
Virtualization/Cloud Features
SLB support on AWS
• Along with existing OCI support, SLB is now supported on AWS cloud platform too.
• SLB shall be able to deploy in Standalone mode or High Availability mode on C5 / C5n instances.
• Parity as SBC
• SLB support the deployment on AWS C5 flavors with the same parity as SBC and SR.
Instances verified :
• C5.xl
• C5n.2xl
• C5n.4xl
• SLB is not supported on the legacy AWS C4 flavors.
Security Features
Expanded statistics for STIR/SHAKEN
• This feature will provide expanded STIR/SHAKEN statistics via ACLI, SNMP, and Historical Data
Records (HDR) at the realm, Session-Agent, sip-interface, and system levels.
• The new counters on attestation and verification criteria and responses will be significantly useful to
support large scale STIR/SHAKEN deployments.
• It will help CSPs to expand deployment of REST based STIR/ SHAKEN solutions utilizing the Oracle
SBC to mitigate call spoofing,
session-agents sip-interfaces
18 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public
OCSBC
OESBC
OCSR
Security Features OCLSB
Increase DHE key length to 2,048 bits
• This feature provides the end-user with the option of choosing the Diffie-Hellman key size
during a TLS negotiation for better security with increased key sizes.
• The increased key size helps to prevent man-in-the-middle attacks.
• In FIPS mode, dh key size is always 2048-bit regardless of the version or configuration.
• The values are 1024-bit (default) and 2048-bit
• SBC# show running-config tls-global
• tls-global
• session-caching disabled
• session-cache-timeout 12
• diffie-hellman-key-size DH_KeySize_1024
• last-modified-by admin@10.196.0.116
• last-modified-date 2022-01-20 18:34:53
Usability Features
WebGUI Enhancements
Parameters
• Fraud Protection Table – Manage file
functionality displayed in a Dialog 1
Usability Features
Upgrade bootloader file from GUI
Two new features added to Local Accounts for enhanced user management.
• Local account password update
• Any authenticated “admin” user-class account can “change” any existing local-account password
• This would enable the administrator to change a password, even if that user is not currently logged in.
• Local account password reset
• Any authenticated “admin” user-class account can “reset” any existing local-account password
• This would enable the administrator to help a user recover after a compromised or forgotten password.
• This feature will enable the functionality to support displaying disabled sip interfaces in “show sipd
interface” acli command output.
Private Cloud(Hypervisors)
SRTP Call Legs SIPREC
Platforms Max CPS Max Sessions
(SRTP-RTP) (no encryption)
KVM (X8-2) 700 (4 cores) 12,500(4 cores) 4,500 (4 cores) 4,000 (4 cores)
VMware (X7-2) 700 (4 cores) 11,000 (4 cores) 3,700 (4 cores) 4,000 (4 cores)
Public Cloud
Transcoding
Platforms Max CPS Max Sessions
(G711 <> G729)
SLB VNF
• 5M subs (max 5000 RPS) supported using TCP/UDP.
• 8 Core (5 Signalling, 2 forwarding and 1 Dos core), 32GB memory on a VMWare hypervisor in a PV
mode used for testing
SLB on OCI
• 5M subs (max 5000 RPS) supported using TCP/UDP.
• VM.Standard2.8 (8 core, 120 GB memory) on a KVM hypervisor in Native mode used for testing
SLB on AWS
• 2.5M subs (max 5000 RPS) supported using TCP/UDP.
• C5n.2xl (8 vCPU, 21GB memory) on a KVM hypervisor in SR-IOV mode used for testing