Support User Manuals

Cisco Systems ASR 1000 Network Router User Manual

Open as PDF

of 112

8-2

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

OL-15421-01

Chapter 8 Integrated Session Border Controller Security

Firewall (Media Pinhole Control)

Firewall (Media Pinhole Control)

The SBE Call Admission Control (CAC) function inspects the signaling message and instructs the

firewall in the DBE to open and close pinholes as needed for the media streams and signaling.

H.248 Address Reporting Package

The data border element (DBE) supports the H.248 Address Reporting (adr) package, defined in “Draft

New H.248.37 Amendment 1”,

ITU-T document TD-27. The adr package extends the existing IP NAPT

Traversal (ipnapt) package, and adds a new Remote Source Address Change (rsac) event with two

parameters: New Remote Source Address (nrsa), and New Remote Source Port (nrsp).

The rsac event is generated by the media gateway (MG) when the remote source address for the

termination changes (that is, when a stream latches), and is used to report the newly detected remote

source address and port to which the stream has been latched.

The event is generated in both the LATCH and RELATCH scenarios. The DBE reports the event

subscription with the audit response when the media gateway controller (MGC) audits the packages.

For further information on support for the H.248 IP NAPT Traversal package, see the “IP NAPT

Traversal Package and Latch and Relatch Support” section on page 8-3

DBE Restrictions

The following are restrictions for adr package support:

• The MGC must explicitly subscribe for the rsac event.

• The adr package can be used only in conjunction with the IP NAPT Traversal package.

H.248 Session Failure Reaction Package

The data border element (DBE) supports the H.248 Session Failure Reaction (SFR) package. From a

security point of view, the media gateway controller (MGC) can put a termination out of service when

the H.248 connection between the MGC and media gateway (MG) is lost.

For more information on the SFR package, see the “H.248 Session Failure Reaction Package” section on

page 6-3.

H.248 Termination State Control Package

The data border element (DBE) supports the Termination State Control (TSC) package to monitor

signaling pinholes.

The “tsc-quiesce” feature of the TSC package helps the media gateway controller (MGC) monitor a

signaling pinhole and put the pinhole in “not-in-service” mode when all terminations are subtracted.

For more information on the TSC package, see the “H.248 Termination State Control Package” section

on page 6-4.

previous next