Oracle Release S-Cz9.2.

0 Partner
Enablement
SBC / SR / SLB / ESBC

PLM
April, 2023
S-Cz9.2.0 Partner Enablement Agenda

1. General Release Information

2. S-Cz9.2.0 Feature Content

2 Copyright © 2023, Oracle and/or its affiliates | Public

General Release Information

3 Copyright © 2023, Oracle and/or its affiliates | Public

Overview

Improves Service Provider and Enterprise SBC, SR and SLB competitiveness in these key areas:

• Enhanced security standard compliance with STIR/SHAKEN improvements

• Increases feature richness for VoLTE based deployments
• Feature enhancements for UCaaS
• Support of new public cloud
• Enhanced WebGUI
• Addresses several enhancements targeted to improve key customers’ satisfaction and retention
• Serviceability improvements to simplify operations

There are no new SKUs in this release

4 Copyright © 2023, Oracle and/or its affiliates | Public

Patch Equivalency

S-Cz9.2.0 release includes defect fixes from neighboring patch releases:

• S-Cz8.4.0p14
• S-Cz9.0.0p6
• S-Cz9.1.0p4

5 Copyright © 2023, Oracle and/or its affiliates | Public

Supported Platforms

Platform SBC SR SLB ESBC Platform SBC SR SLB ESBC

Acme Packet Appliances VNF / Hypervisor
Acme Packet 1100 No No No Yes VMware Yes Yes Yes Yes
Acme Packet 3900 Yes No No Yes KVM Yes Yes Yes Yes
Acme Packet 3950 Yes No No Yes Hyper-V Yes Yes No Yes
Acme Packet 4600 Yes Yes No Yes Oracle Cloud Infrastructure
Acme Packet 4900 Yes No No Yes VM.Standard2.x Yes Yes Yes Yes
Acme Packet 6100* Yes Yes No No VM.Optimized3.Flex Yes Yes Yes Yes
Acme Packet 6300* Yes Yes No Yes Amazon Web Services (EC2)
Acme Packet 6350 C4 / Xen Yes Yes No Yes
Yes No No Yes
(Athena – 2 port)*
C5 / Nitro Yes Yes Yes Yes
Acme Packet 6350
Yes No No Yes C5n/Nitro Yes Yes Yes Yes
(Boomer – 4 port)
Microsoft Azure
COTS Servers
Standard_F(x)s Yes Yes No Yes
Oracle Server X7-2 No Yes No No
Standard_F(x)s_v2 Yes Yes No Yes
Oracle Server X8-2 No Yes No No
Google Cloud Platform (GCP)
Oracle Server X9-2 No Yes No No
GCP n2.standard Yes Yes Yes Yes
* Last supported release for AP6100, AP6300 and AP6350 (Athena)
6 Copyright © 2023, Oracle and/or its affiliates | Public
Feature Content

7 Copyright © 2023, Oracle and/or its affiliates | Public

Committed Features for S-Cz9.2.0

Regulatory / Security VoLTE Miscellaneous

• Support for div PASSporT • Asymmetric preconditions • Enhanced number matching
• Support FQDN on TTL expiry and translation rules for routing
Cloud • FQDN for time servers
• Map CALEA info to PASSporT
• Google Cloud Platform support • Rf support for connectivity to
authentication requests
Serviceability CCF via FQDN
• STIR/SHAKEN attestation level
propagation • Enhanced alarm mechanism • Missing Acme-FlowID/Type
Diameter AVPs
• SIP/HTTP header mapping for • WebGUI debug logging
STI-AS/VS requests • NSEP traffic KPIs
Usability
• STIR/SHAKEN handling of
failover scenarios • WebGUI enhancement
• Support for TLS 1.3 • Support for TLS certificate
renewal
UC / CC
• Parallel call forking
• Support for DTLS over SRTP
(server mode)

8 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Security Features

STIR/SHAKEN div passport

CSPs are expanding deployment of REST based STIR/ SHAKEN solutions utilizing the SBC to mitigate
call spoofing
This feature provides support for a new PASSporT type, 'div', used to authenticate and verify diverted or
forwarded calls.

STIR SHAKEN FQDN TTL Expiry

When the SBC uses FQDNs for STIR/SHAKEN for the AS (Authentication Service) and VS (Verification
Service) servers, the SBC would dip the DNS to resolve/update the FQDNs on the TTL (Time To Live)
expiry of existing DNS cache, and not wait for new calls to trigger the DNS resolution.
This would help to prevent the delay that could cause the new calls to go unsigned.

9 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Security Features

CALEA info from STIR/SHAKEN interface

This feature enables the Oracle SBC to populate a SHAKEN PASSporT with a “P-NokiaSiemens.Session-
Info” header as a proprietary parameter if it is received in an INVITE by the SBC to be used as part of the
STIR/ SHAKEN REST authentication request.
More specifically, when the Oracle SBC is performing STIR/SHAKEN authentication and receives an
ingress INVITE with the “P-NokiaSiemens.Session-Info” header, that header will be copied into the
appropriate PASSporT (‘shaken’ or ‘div’) prior to submission to the STI-AS.

10 Copyright © 2023, Oracle and/or its affiliates | Public

Security Features SBC

STIR/SHAKEN attest level propagation

• Provides a configurable option in the SBC that would allow the user to relay the information related
to failed validation (reasoncode and reasontext), received from the STI-VS to the next hop through
the Reason header in the egress INVITE message
• Provides visibility for the parameters, reasoncode and reasontext, in the CDRs
• Provides visibility for the parameter, verstat, in the CDRs
• Provides the above-mentioned functions for both ATIS and 3GPP implementations

11 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Security Features

STIR/SHAKEN: HTTP header customization

In certain cases, customers need to convey custom SIP data into the HTTP authentication request sent
to the STI-AS (in addition to the PASSporT claims defined by ATIS) or into HTTP verification request
sent to the STI-VS (in addition to the key names defined by ATIS). And vice-versa (i.e. HTTP to
SIP). Neither ATIS nor 3GGP have standardized a way to map SIP <=> HTTP for STIR/SHAKEN.

• Provide a configurable object in the SBC that would allow the user to map custom HTTP headers to
the custom SIP headers and vice-versa. This should support authentication as well as verification
scenarios.
• Provides the above-mentioned functions for both ATIS and 3GPP implementations

12 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Security Features

STIR/SHAKEN: Handling of failover scenarios

During testing of Oracle’s STIR/SHAKEN (S/S) offering for fraudulent calls, certain potential timing or
race conditions have been identified during STI-AS/VS failover situations that could result in an
inordinate number of unsigned calls being forwarded.

This enhancement improves on the selection criteria of the next available S/S server in a server pool.
This involves
• the duration of retry timers for failed servers
• the number of iterations an SBC shall skip over a specific STIR/SHAKEN server while it is marked
in the half open circuit-breaker state.

13 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Security Features ESBC
SR
SLB
TLS v1.3 support
TLS 1.3 is a newer version of TLS protocol which:
• Offers better performance and strong security.
• A faster TLS handshake
• Drops support for the vulnerable cryptographic algorithms.
• SBC supports TLS v1.3 in addition to current TLS v1.0, 1.1 and 1.2 support

• In TLS 1.3, there are only five recommended cipher suites:

1) TLS_AES_256_GCM_SHA384 2) TLS_CHACHA20_POLY1305_SHA256
3) TLS_AES_128_GCM_SHA256 4) TLS_AES_128_CCM_8_SHA256
5) TLS_AES_128_CCM_SHA256

All five cipher suites list above are supported using ALL cipher list. By default (DEFAULT cipher list),
following four are supported.
1) TLS_AES_256_GCM_SHA384 2) TLS_CHACHA20_POLY1305_SHA256
3) TLS_AES_128_GCM_SHA256 4) TLS_AES_128_CCM_SHA256

14 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
UCaaS Features ESBC
SR

Parallel Call Forking

Support for call forking of an incoming call to multiple destinations simultaneously, resulting in ringing
of all the target devices.
The first target to pick up the call receives the call, and all other target devices stop ringing.
Useful for customer who wants to receive call on multiple devices

Basic parallel call forking is supported by SBC. Advanced parallel forking feature support is available
through Enterprise Communications Broker (ECB).

15 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
UCaaS Features ESBC

DTLS-SRTP: Server mode

DTLS-SRTP uses DTLS to exchange keys for SRTP media transport.
This enhancement provides support of DTLS to establish keys for SRTP in server (passive) mode.
This feature will be supported on below platforms:
• AP1100
• AP3900
• AP3950
• AP4900
• VNF – KVM, VMWare
• Public Cloud – AWS, Azure, OCI, GCP

Caveats and limitation details available in SBC 9.2 customer documentation

16 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
VoLTE features

Asymmetric precondition enhancement

Current Asymmetric Preconditions functionality on the SR/SBC has a few gaps that require HMRs to
address. This enhancement fills such gaps and reduces the need of HMRs. Example:
• Set P-Early-Media to ‘inactive’ in 183 Session Progress instead of ‘sendrecv’. This allows to avoid
the calling party side and intermediary nodes to wrongly interpret this 183 (SDP) as indication of
early-media.

Dynamic preconditions
Support of the SIP preconditions by the interconnected network is not always known, so static
configuration and static implementation of asymmetric preconditions feature are not always possible.
This is addressed by Dynamic precondition support. The decision of the SBC UAC on whether a dialog
has preconditions is based on the first received 18x reply: if it has Supported/Require: preconditions,
then the associated dialog is considered as using preconditions

17 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Virtual SBC Features ESBC
SR
SLB
Google Cloud Platform support
• SBC, ESBC, SLB and SR support on Google Cloud Platform (GCP)
• Standalone and HA supported for all product types
• Verified machine types:
Network Egress Max Tx/Rx queues per
Machine Type vCPUs Memory (GB) vNICs Bandwidth (GB) VM
N2-Standard-4 4 16 4 10 4
N2-Standard-8 8 32 8 16 8
N2-Standard-16 16 64 8 32 16

18 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Serviceability Features ESBC
SR

Enhance alarm mechanism

Provides support of below additional alarms on SBC:
• Alarm when SA goes to OOS mode
• Alarm when steering ports are utilized more than configured threshold. Default 80%
• Alarm when there’s a sudden rise in 503 responses from SBC. Default: 50%

19 Copyright © 2023, Oracle and/or its affiliates | Public

 ESBC
Serviceability Features

WebGUI debug logging

The feature enhances the WebGUI to add the functionality to provide an option to set log levels of
individual processes.
With the new feature, a list of processes are displayed dynamically from SBC for the user to choose
from. Once enabled, WebGUI also displays a message chosen processes.
A widget can be added which displays the log levels for all processes both on Dashboard and Widgets
screen.

20 Copyright © 2023, Oracle and/or its affiliates | Public

 ESBC
Usability Features

WebGUI enhancement
Copy the Dashboard Widgets Display from one ESBC to Another
Paste Configuration - Duplicate a Configuration

Paste Configuration - Create a Configuration Manually

Reorder Policies in the Local Policy Table

Widget Descriptions Location and Behavior

Behavior of Controls in Tables

Search Operations in Monitor and Trace

21 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Usability Features ESBC
SR

TLS certificate renewal

In earlier releases of SBC, customers had to follow multiple steps to create a new record and modify the
the record name accordingly in all referenced configuration.As a lot of CA providers issue new
certificate using the same key so creating a new record following all the steps is redundant and not
user-friendly.
As part of this feature SBC allows the customers to re-import a new certificate via three interfaces i.e.,
WebGUI, ACLI and REST.

22 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Miscellaneous Features ESBC
SR

Enhanced Number Matching and Translation Rules for Routing

This feature enhances the local policy by adding immense flexibility for setting translation and routing
rules, thereby reducing dependency on HMRs for configuring complex rules.
Some of the functionality added by this feature are :
• Supporting regex values for configuring translation-rules. The existing options only provide fixed number
options.
• Ability to manipulate different headers such as FROM, TO, diversion, p-asserted-id and isup parameters
without having to configure HMRs.

• Ability to configure multiple session-translation rules in session-agent and realm-config level.

• Categorization of translation-rules as mandatory or optional indicating conditions for session-translation to

be successful.

• Ability to move-up/down set priority for the translation-rule and session-translation entry.
• Ability to disable the translation-rules and session-translation entries.

23 Copyright © 2023, Oracle and/or its affiliates | Public [Date]

 SBC
Miscellaneous Features ESBC
SR

Enhanced Number Matching and Translation Rules for Routing

1 2

1. Regex match for TR1 will be successful if the

incoming TO header’s user part is a 4-digit number in
the range [1-3].
2. Mandatory/Optional - If a mandatory translation-
rule match is unsuccessful, the entire session-
translation will not be applied.
3. Enable/disable session-translation 3
24 Copyright © 2023, Oracle and/or its affiliates | Public [Date]
 SBC
Miscellaneous Features ESBC
SR

FQDN for time servers

In the earlier releases, SBC allowed only IPs to be configured for NTP-Configurations of time servers.
This feature allows SBC to support configuration of SRV FQDN of time servers under NTP configuration.

FQDN shall further be resolved into IP addresses by SBC NTP monitor. With the help of realm, NTP
Monitor shall resolve the configured SRV FQDN through wancom0 or media-interface’s as per the
user's configuration and provide the resolved IP Addresses to the Chrony service which runs in SBC
wancom0. Chrony service which will further interact with time server IP for time sync.

User shall be able to configure either IP-Addresses or an FQDN for SBC to perform time-sync

25 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Miscellaneous Features

FQDN for CCFs for Rf interface

In addition to IP address, support connectivity/access to a Charging Collection Function (CCF) via FQDN
Support receiving multiple IP addresses of CCFs that are resolved by FQDN
Support multiple pools of CCFs in primary and secondary role
Use priority and weight in DNS SRV records to distribute Diameter Accounting Requests (ACR) across
the CCFs to load balance the CCFs.

26 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Miscellaneous Features

Missing Acme-FlowID/Type Diameter AVPs

Provides support of below additional AVPs in START, INTERIM and STOP ACRs of Diameter Rf Interface:
• Acme-FlowID-FS1-R
• Acme-FlowID-FS2-F
• Acme-FlowID-FS2-R
• Acme-FlowType-FS2-F
• Acme-FlowType-FS2-R

27 Copyright © 2023, Oracle and/or its affiliates | Public

 SBC
Miscellaneous Features ESBC
SR

NSEP KPI
Provides support of below additional KPIs for NSEP (National Security and Emergency Preparedness)
traffic:
• NSEP counter for all instances of incoming SIP INVITEs received containing SIP RPH set to either
ets.0 and/or wps.y (y between 0 and 4)
• NSEP counter for all instances of outgoing SIP INVITEs containing SIP RPH set to either, for
example, ets.0 and/or wps.y (y between 0 and 4)
• NSEP counter for all instances of incoming SIP INVITEs received containing DIALED NUMBER that
matches one of the configured GETS (Government Emergency Telecommunications Service) strings

28 Copyright © 2023, Oracle and/or its affiliates | Public

For more information
Service Provider SBC

Product Documentation
• http://docs.oracle.com/en/industries/comm
unications/session-border-
controller/index.html

On the web
• https://www.oracle.com/in/industries/comm
unications/signaling-security/session-
border-
controller/#:~:text=Deliver%20trusted%2C%
20carrier%2Dgrade%2C,toward%205G%20a
nd%20the%20cloud.

29 Copyright © 2023, Oracle and/or its affiliates | Public

For more information
Enterprise SBC

Product Documentation
• https://docs.oracle.com/en/industries/com
munications/enterprise-session-border-
controller/index.html

On the web
• https://www.oracle.com/a/ocom/docs/indus
tries/communications/enterprise-session-
border-controller-ds.pdf

30 Copyright © 2023, Oracle and/or its affiliates | Public

For more information
Session Router

Product Documentation
• https://docs.oracle.com/en/industries/com
munications/session-router/index.html

On the web
• https://www.oracle.com/industries/communi
cations/service-providers-
network/products/session-router/

31 Copyright © 2023, Oracle and/or its affiliates | Public

For more information
Subscriber-Aware Load Balancer

Product Documentation
• https://docs.oracle.com/en/industries/com
munications/subscriber-aware-load-
balancer/index.html

On the web
• https://www.oracle.com/us/industries/com
munications/session-aware-load-balancer-
ds-1985039.pdf

32 Copyright © 2023, Oracle and/or its affiliates | Public

Thank you

33 Copyright © 2023, Oracle and/or its affiliates | Public [Date]

Our mission is to help people see
data in new ways, discover insights,
unlock endless possibilities.