Oracle Release S-Cz9.1.

0 Knowledge Transfer
(For Partners)
Oracle Communications Session Border Controller
Oracle Enterprise Session Border Controller
Oracle Communications Session Router
Oracle Communications Subscriber-Aware Load Balancer

PLM
Abhishek Nath | Mayank Gupta
Apr, 2022
S-Cz9.1.0 Knowledge Transfer Agenda

1. General Release Information

2. S-Cz9.1.0 Feature Content

3. Capacity & Performance

2 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

General Release Information
Release S-Cz9.1.0

3 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

S-Cz9.1.0 Release
Overview

Improves service provider and enterprise SBC, SR and SLB competitiveness in these key areas:
• Increases feature richness for VoLTE & VoWiFi based deployments
• Enable customers to successfully launch new RCS and VoIP services
• Peering and Interconnect scenarios with TrFo support
• Enhanced security standard compliance with STIR/SHAKEN improvements
• Improved customer experience for deployment on public clouds
• Enhanced WebGUI
• Addresses several enhancements targeted to improve key customers’ satisfaction and retention
• Serviceability improvements to simplify operations

There are no new SKUs in this release

4 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

S-Cz9.1.0 Release
Supported Platforms
Platform SBC SR SLB ESBC Platform SBC SR SLB ESBC
Acme Packet Appliances VNF / Hypervisor
Acme Packet 1100 No No No Yes Xen No No No No

Acme Packet 3900 Yes No No Yes VMware Yes Yes Yes Yes

Acme Packet 3950 Yes No No Yes KVM Yes Yes Yes Yes

Acme Packet 4600 Yes Yes No Yes Hyper-V Yes Yes No Yes
Oracle Cloud Infrastructure
Acme Packet 4900 Yes No No Yes
VM.Standard1 No No No No
Acme Packet 6100 Yes Yes No No
VM.Standard2 Yes Yes Yes Yes
Acme Packet 6300 Yes Yes No Yes
Amazon Web Services (EC2)
Acme Packet 6350 Yes No No Yes
C4 / Xen No No No No
COTS Servers
C5 / Nitro Yes Yes Yes Yes
Netra Server X5-2 No No No No
C5n/Nitro Yes Yes Yes Yes
Oracle Server X7-2 No Yes No No
Microsoft Azure
Oracle Server X8-2 No Yes No No
Standard_F(x)s Yes Yes No Yes
Standard_F(x)s_v2 Yes Yes No Yes

5 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

S-Cz9.1.0 Release
Overview of Features

VoLTE/Vo5G Security
• WPS Session Capacity Reservation • Expanded statistics for STIR/SHAKEN
• Rf Reason-Header AVP • Increase DHE key length to 2,048 bits
• DSCP marking for WPS Usability
• NR location support for Vo5G • WebGUI enhancements for ESBC
Peering/Interconnect • Upgrade bootloader file from GUI
• NPLI for Unreg Emergency Calls Miscellaneous
• TrFo for Asymmetric preconditions • SIP transaction KPI enhancements
Virtualization/Cloud • Admin’s ability to change or reset anyone's
• Increasing number of static trusted and password
untrusted ACLs entries for vSBC • Show sipd interface display disabled sip-
• Orchestration support for OCI using interfaces
Terraform scripts
• SLB support on AWS

6 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

S-Cz9.1.0 Release
Deprecated Features

• Features no longer supported as of the S-Cz9.1.0 release:

• Platforms
• Netra Server X5-2
• Xen Hypervisor
• OCI VM.Standard1
• EC2 C4 (AWS)

7 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

Feature Content
Release S-Cz9.1.0

8 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OCSR

VoLTE/Vo5G Features
WPS Session Capacity Reservation

• This feature enhances Wireless Priority Service to enable

customers to reserve a portion of licensed session capacity for Upon call removal from
unreserved pool, NSEP call
NSEP traffic. moves to unreserved pool
leaving spot for NSEP call.
• This gives customers additional control over WPS resource This will prioritize NSEP calls
over normal calls.
assignment
• With this feature there will be two session pools.
Reserved
• General session pool (total session capacity-reserved session pool for

capacity) which shall be shared among all types of calls.

NSEP

• Reserved session pool which shall be reserved only for NSEP Unreserved
pool
calls. These reserved sessions shall be used only when all
sessions from general session capacity pool has exhausted Any call

• After exhaustion of general session pool, normal calls will be

removal

rejected with a “503 Licensed Session Capacity Reached” error.

General call
NSEP call

9 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC

VoLTE/Vo5G Features
Rf Reason-Header AVP

• 3GPP standards compliance for accounting has been increased to include the Reason-Header AVP.

• This feature will enable SBC to enhance Diameter Accounting Request (ACR) for Accounting-Record-
Type [STOP/EVENT] by adding this additional AVP.

• The functionality is as per spec 3GPP TS 32.299 V13.5.0, section 7.2.164A Reason-Header AVP.

• With the new feature enhancement, the signalling flows support

• Receiving/passing SIP messages with Reason header,
• Sending SIP requests (BYE/CANCEL) and responses (4xx/5xx/6xx) with Reason header for
sessions terminated/rejected by the element.

10 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OCSR

VoLTE/Vo5G Features
DSCP marking for WPS

• DSCP marking for National Security and Emergency Preparedness (NSEP) calls has been enhanced
to enable egress marking on a per realm basis.
• The media policy associated with realm-config which is responsible for doing DSCP marking of
packets was not used for NSEP calls.
• So, for NSEP calls, for any realm from which the packets will egress out, the DSCP marking would be
decided by the media-policy of the matching Resource Priority header profile.
• This feature provides the flexibility at OCSBC for marking NSEP calls going to different realms with
different DSCP values.
• A new configuration attribute “nsep-media-policy” has been added in “realm-config” configuration
element parallel to media-policy attribute to allow SBC to do DSCP marking of NSEP calls per realm
basis

11 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OCSR

VoLTE/Vo5G Features
NR location support

• The SBC now supports 5G NR Geographical Location Type(s), RAT Type and IP-CAN Type on the
Diameter Rx interface with the PCF/PCRF.

• With enables the SBC to parse and process 5G specific location parameters on the Diameter interface
for the purpose of populating 5G Network Provided Location Information (NPLI).

• The SBC behavior for retrieving location information and adding the PANI header remains the same
as in previous releases.

• PCF/PCRF shall communicate the 5G supported values of location information in Diameter RAR
based on which OCSBC constructs the 5G NPLI.

12 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OESBC
OCSR
Peering/Interconnect Features
NPLI for Unregistered Emergency Calls

• This feature adds network provided PANI header for unregistered subscribers in the event of an
emergency call.
• This enhances the NPLI functionality delivered in release SCz8.4 to extend to emergency callers
without a current registration.
• The NPLI functionality in SCz8.4 increased compliance to the 3GPP 29.214 standard for Policy and
charging control over Rx reference point by:
• Sending AVPs for requesting NPLI in the first AAR Rx request only
• Modifying behavior to expect location information AVP only in RAR and not AAA
• Adjusting the triggering of the hold timer on receipt of AAA and not on receipt of INVITE

• Limitation - This feature only works when the ext-policy-server is configured on the access realm
(or the realm where UAC is present for unregistered emergency call)

13 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OESBC

Peering/Interconnect Features
TrFO for Asymmetric preconditions

• This feature is a continuation of enhancements to both asymmetric preconditions and TrFO.

• Asymmetric preconditions negotiation may cause unnecessary transcoding due to different codecs
negotiated on either side of the call.
• This enhancement renegotiates the calling side codec via a reINVITE once the call is established and
the called side codec is known.
• The reINVITE is triggered by the following conditions:
• feature-trfo should be configured with asymmetric_preconditions in realm-config
• Asymmetric preconditions should be configured only on caller side
• Called side negotiated codec should be within in the allowed codecs of the calling party i.e, initial
offer
• New Configuration
• realm-config/feature-trfo asymmetric_preconditions – enable TrFO for Asymmetric
preconditions

14 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OESBC
OCSR
Virtualization/Cloud Features
Increasing number of static trusted and untrusted ACLs entries for vSBC

• In this release the number of static trusted and untrusted ACLs can increased based on available
memory
• Static trusted ACLs scale at the rate of 1,000 entries per every GB of VM memory with a max limit
of 64K entries.
• Static untrusted ACLs scale at the rate of 500 entries per every GB of VM memory with a max
limit of 32K entries.

• Caveat: The maximum flow-ids for static ACLs is limited to 65535 in the SBC. Therefore, the
combined count of static ACLs, both trusted and untrusted, that can be installed on the system is
limited to 65535 entries.

15 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OESBC
OCSR
Virtualization/Cloud Features OCSLB
Orchestration support for OCI using Terraform scripts

• The SBC software is published in the Oracle Cloud Infrastructure (OCI) Marketplace which allows
customers and partners to deploy SBCs without manually uploading the software.
• Although this is a good start to ease the deployments of SBC on OCI, it does not solve the
problem of customers manually having to create the OCI infrastructure elements such as virtual
networks, security groups, subnets, deploying VMs, configuring ‘Day-0’ configurations, etc.
• To address this Oracle is providing pre-built “Stacks” to help deploy environments without having
to learn Terraform.
• Two Terraform scripts for stacks have been created:
• Virtual Cloud Network (VCN) stack helps the user to create all the network infrastructure required
to deploy the SBC VM on OCI.
• SBC stack helps users to instantiate a standalone or HA pair on OCI with all Day-0 configuration,
for example: loading product type & entitlements, configuring cores, setting up HA configuration,
SNMP etc.
• Look for the Terraform Template Files in the Customer Documentation under Management Files

16 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSLB

Virtualization/Cloud Features
SLB support on AWS

• Along with existing OCI support, SLB is now supported on AWS cloud platform too.
• SLB shall be able to deploy in Standalone mode or High Availability mode on C5 / C5n instances.
• Parity as SBC
• SLB support the deployment on AWS C5 flavors with the same parity as SBC and SR.
Instances verified :
• C5.xl
• C5n.2xl
• C5n.4xl
• SLB is not supported on the legacy AWS C4 flavors.

17 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC

Security Features
Expanded statistics for STIR/SHAKEN

• This feature will provide expanded STIR/SHAKEN statistics via ACLI, SNMP, and Historical Data
Records (HDR) at the realm, Session-Agent, sip-interface, and system levels.
• The new counters on attestation and verification criteria and responses will be significantly useful to
support large scale STIR/SHAKEN deployments.
• It will help CSPs to expand deployment of REST based STIR/ SHAKEN solutions utilizing the Oracle
SBC to mitigate call spoofing,

session-agents sip-interfaces
18 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public
 OCSBC
OESBC
OCSR
Security Features OCLSB
Increase DHE key length to 2,048 bits

• This feature provides the end-user with the option of choosing the Diffie-Hellman key size
during a TLS negotiation for better security with increased key sizes.
• The increased key size helps to prevent man-in-the-middle attacks.
• In FIPS mode, dh key size is always 2048-bit regardless of the version or configuration.
• The values are 1024-bit (default) and 2048-bit
• SBC# show running-config tls-global
• tls-global
• session-caching disabled
• session-cache-timeout 12
• diffie-hellman-key-size DH_KeySize_1024
• last-modified-by admin@10.196.0.116
• last-modified-date 2022-01-20 18:34:53

19 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OESBC

Usability Features
WebGUI Enhancements

The following aspects of the WebGUI has been

enhanced for improved experience for the user
• Show configuration functionality for all
Configuration elements
• Page header changes – Target name, Mgmt IP etc
• Show or Hide Advanced Configuration 2

Parameters
• Fraud Protection Table – Manage file
functionality displayed in a Dialog 1

• Customer Error Page for error scenario while

downloading/viewing a file by directly providing
URL
• Show stats commands addition
• Flexible storage of records per call
• Preserving scroll position
• Changed look and feel of fields and icons to
Redwood theme

20 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OESBC

Usability Features
Upgrade bootloader file from GUI

• WebGUI now supports uploading bootloader file along with Software.

21 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OESBC
OCSR
Miscellaneous Features
SIP transaction KPI enhancements

• This enhancement provides additional parameters Additional KPIs for SUBSCRIBE

within existing sip method statistics for monitoring run
• Sample outcome of “show sipd
time system behavior.
subscribe” command
• The additional KPIs are the following:
• success-rate, timeout-rate, and failure-rate
• These new KPIs are applicable for three SIP messages
SUBSCRIBE, NOTIFY and MESSAGE only.
• Below configuration is required to use this feature for
statistics per realms, agents, or interfaces.
• Object: sip-config
• Parameter Name: extra-method-stats
• Configuration: Enabled

22 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OESBC
OCSR
Miscellaneous Features OCSLB
Admin’s ability to change or reset anyone's password

Two new features added to Local Accounts for enhanced user management.
• Local account password update
• Any authenticated “admin” user-class account can “change” any existing local-account password
• This would enable the administrator to change a password, even if that user is not currently logged in.
• Local account password reset
• Any authenticated “admin” user-class account can “reset” any existing local-account password
• This would enable the administrator to help a user recover after a compromised or forgotten password.

23 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

 OCSBC
OESBC
OCSR
Miscellaneous Features OCSLB
show sipd interface display disabled sip-interfaces

• This feature will enable the functionality to support displaying disabled sip interfaces in “show sipd
interface” acli command output.

24 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

Capacity & Performance
Release S-Cz9.1.0

25 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

Performance and Capacity
HW Platforms

SRTP Call Legs SIPREC

Platforms Max CPS Max Sessions
(SRTP-RTP) (no encryption)
AP1100 30 360 360 180
AP3900 80 8,000 4,000 6,000
AP3950 100 10,000 10,000 7,500
AP4600 550 32,000 8,000 12,000
AP4900 600 40,000 16,000 12,000
AP6300 1,200 80,000 40,000 20,000
AP6350 (Quad NIU) 1,700 160,000 120,000 40,000

26 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

Performance and Capacity*
Private and Public Clouds

Private Cloud(Hypervisors)
SRTP Call Legs SIPREC
Platforms Max CPS Max Sessions
(SRTP-RTP) (no encryption)
KVM (X8-2) 700 (4 cores) 12,500(4 cores) 4,500 (4 cores) 4,000 (4 cores)
VMware (X7-2) 700 (4 cores) 11,000 (4 cores) 3,700 (4 cores) 4,000 (4 cores)

Public Cloud
Transcoding
Platforms Max CPS Max Sessions
(G711 <> G729)

Azure (F4s) 440 5,100 290

AWS (c5n.xl) 320 3,800 210

OCI (2.4) 480 1,600** 475

“*” = Results based on Standalone configurations

“**” = Max sessions derived after applying OCI packet limiting policy
27 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public
Subscriber-Aware Load Balancer
Capacity and Performance

SLB VNF
• 5M subs (max 5000 RPS) supported using TCP/UDP.
• 8 Core (5 Signalling, 2 forwarding and 1 Dos core), 32GB memory on a VMWare hypervisor in a PV
mode used for testing

SLB on OCI
• 5M subs (max 5000 RPS) supported using TCP/UDP.
• VM.Standard2.8 (8 core, 120 GB memory) on a KVM hypervisor in Native mode used for testing

SLB on AWS
• 2.5M subs (max 5000 RPS) supported using TCP/UDP.
• C5n.2xl (8 vCPU, 21GB memory) on a KVM hypervisor in SR-IOV mode used for testing

28 Copyright © 2022, Oracle and/or its affiliates | Confidential: Public

Product Documentation
Resources

Service Provider SBC Enterprise SBC Session Router Subscriber-Aware Load

Balancer
• http://docs.oracle.c • https://docs.oracle. • https://docs.oracle.c
om/en/industries/c com/en/industries/ om/en/industries/c • https://docs.oracle.c
ommunications/ses communications/en ommunications/sess om/en/industries/c
sion-border- terprise-session- ion- ommunications/sub
controller/index.ht border- router/index.html scriber-aware-load-
ml controller/index.ht balancer/index.html
ml
Product Management
Product Management • Mayank Gupta Product Management
• Mayank Gupta Product Management • Mayank Gupta
• Bob Bradley • Abhishek Nath
• Liz Osborn • Mayank Gupta

29 Copyright © 2021, Oracle and/or its affiliates | Confidential: Public

For any queries related to
S-Cz9.1.0 release please
write to :
communications-enablement_ww@oracle.com

30 Copyright © 2021, Oracle and/or its affiliates | Confidential: Public