Filter
Top Products
8-4
Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers
OL-15421-01
Chapter 8 Integrated Session Border Controller Security
Local Source Properties (Address and Port)
When latching, the DBE uses the remote address and port of a source endpoint as the destination
endpoint address and port if the source IP address is within a specified Gate Management/remote source
address mask (gm/rsam). This means that within a subnet any packet can be latched within a gm/rsam.
The Relatch event waits until a packet arrives that fails the latched admission criteria, but which meets
the relatch critera. The relatch may require stricter admission criteria than the original latching, such as
packets may have to come from a specific remote address rather than from within the subnet. Or the
relatch criteria might identify a different subnet. In relatching, one reason for the change in the source
IP address and port could be a subscriber requiring a different service.
When the ntr package is in use, the DBE continues to attempt to relearn remote addresses and ports
following any H.248 operation that modifies a termination whose endpoint is behind a NAT. Relearning
continues to be timed out if no packets from a new remote source address and port are received within a
suitable period.
When the ipnapt package is in use, the DBE does not attempt to relearn remote addresses and ports unless
a Relatch is explicitly signaled by the MGC. Relatching is not timed out.
DBE Restrictions
The following are restrictions of DBE support for the IP NAPT Traversal (ipnapt) package and Latch
and Relatch:
• The DBE only supports either the NTR package or the IP NAPT Traversal package for a termination.
You can configure either package with the h248-napt-package command.
• The DBE does not generate the notifyComplete signal when the Latch or Relatch signal completes.
• With the IP NAPT Traversal package, the DBE does not automatically relatch on receipt of an
H.248/Megaco request that modifies the gm/sam. If a Relatch is required, it must be explicitly
signaled by the MGC. In addition, you cannot update the remote source address mask so that it no
longer contains the previously latched remote address without signaling a Relatch.
Related Commands
The h248-napt-package command defines which H.248 package (either ipnapt or ntr) the DBE uses for
signaling NAT features.
Local Source Properties (Address and Port)
The data border element (DBE) is enhanced to support multiple terminations that share a single local
address and port. The Gate Management/remote source address mask (gm/rsam) defines a remote subnet.
The mask length is a property of the local address and port combination. Only multiple terminations that
share the same local address and port are required to have the same gm/rsam length. Terminations with
different local addresses or ports can have different gm/rsam lengths.
A gm/rsam having the same mask length allows multiple terminations to share a single local address and
port combination, with the requirement that the terminations are configured with gm/rsams that are
distinct. This enables the media gateway controller (MGC) to identify and match the terminations to the
correct flow. For more information about Local Source Address and Local Source Port properties, see
the ETSI TS 102 333 V1.1.2 Gate Mangement Package.