# 3. - SBC Realms

Session Border Controllers are network devices that secures voice over IP (VoIP) infrastructure while providing interworking between incompatible signaling messages and media flows from end device or application servers.

An important element in Oracle SBCs is realm which are defined as a logical way to identify domain, network, collection of networks.

Let’s forget the management interfaces running in the lab devices for now, the concept of realm would be applied as the following image associating the SBCs interfaces to the realms and any external device sending traffic to the IPs associated.

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2023-03/scaled-1680-/ztIg4tQXAUcr9pqd-jsUimage.png)](https://wiki.tinod.net/uploads/images/gallery/2023-03/ztIg4tQXAUcr9pqd-jsUimage.png)

Now let’s go back to the CLI and configure the realms as shown in the image above, it’s important to mention that identifier can have any name, in my case I used the same names used in physical interfaces and network interfaces, but the key is associate the correct network interface name created in the previous entry.

```shell
PCOSBC# config t
PCOSBC(configure)# media-manager 
PCOSBC(media-manager)# realm-config 
PCOSBC(realm-config)# identifier External 
PCOSBC(realm-config)# 
PCOSBC(realm-config)# network-interfaces External
PCOSBC(realm-config)# 
PCOSBC(realm-config)# done
realm-config

```

<details id="bkmrk-realm-config-extende"><summary>realm-config extended</summary>

realm-config  
 identifier External  
 description   
 addr-prefix 0.0.0.0  
 network-interfaces External:0  
 media-realm-list   
 mm-in-realm disabled  
 mm-in-network enabled  
 mm-same-ip enabled  
 mm-in-system enabled  
 bw-cac-non-mm disabled  
 msm-release disabled  
 qos-enable disabled  
 max-bandwidth 0  
 fallback-bandwidth 0  
 max-priority-bandwidth 0  
 max-latency 0  
 max-jitter 0  
 max-packet-loss 0  
 observ-window-size 0  
 parent-realm   
 dns-realm   
 media-policy   
 nsep-media-policy   
 rtcp-mux disabled  
 ice-profile   
 teams-fqdn   
 teams-fqdn-in-uri disabled  
 sdp-inactive-only disabled  
 dtls-srtp-profile   
 class-profile   
 in-translationid   
 out-translationid   
 in-manipulationid   
 out-manipulationid   
 average-rate-limit 0  
 access-control-trust-level none  
 invalid-signal-threshold 0  
 maximum-signal-threshold 0  
 untrusted-signal-threshold 0  
 nat-trust-threshold 0  
 max-endpoints-per-nat 0  
 nat-invalid-message-threshold 0  
 wait-time-for-invalid-register 0  
 deny-period 30  
 session-max-life-limit 0  
 cac-failure-threshold 0  
 untrust-cac-failure-threshold 0  
 ext-policy-svr   
 diam-e2-address-realm   
 subscription-id-type END\_USER\_NONE  
 symmetric-latching disabled  
 pai-strip disabled  
 trunk-context   
 device-id   
 early-media-allow   
 enforcement-profile   
 additional-prefixes   
 restricted-latching none  
 restriction-mask 32  
 user-cac-mode none  
 user-cac-bandwidth 0  
 user-cac-sessions 0  
 icmp-detect-multiplier 0  
 icmp-advertisement-interval 0  
 icmp-target-ip   
 monthly-minutes 0  
 options   
 spl-options   
 accounting-enable enabled  
 net-management-control disabled  
 delay-media-update disabled  
 refer-call-transfer disabled  
 hold-refer-reinvite disabled  
 refer-notify-provisional none  
 dyn-refer-term disabled  
 codec-policy   
 codec-manip-in-realm disabled  
 codec-manip-in-network enabled  
 rtcp-policy   
 constraint-name   
 session-recording-server   
 session-recording-required disabled  
 manipulation-string   
 manipulation-pattern   
 stun-enable disabled  
 stun-server-ip 0.0.0.0  
 stun-server-port 3478  
 stun-changed-ip 0.0.0.0  
 stun-changed-port 3479  
 sip-profile   
 flow-time-limit -1  
 initial-guard-timer -1  
 subsq-guard-timer -1  
 tcp-flow-time-limit -1  
 tcp-initial-guard-timer -1  
 tcp-subsq-guard-timer -1  
 sip-isup-profile   
 match-media-profiles   
 qos-constraint   
 block-rtcp disabled  
 hide-egress-media-update disabled  
 tcp-media-profile   
 monitoring-filters   
 node-functionality   
 default-location-string   
 alt-family-realm   
 pref-addr-type none  
 sm-icsi-match-for-invite   
 sm-icsi-match-for-message   
 merge-early-dialogs disabled  
 user-site   
 srvcc-trfo   
 feature-trfo

</details>```bash
PCOSBC(media-manager)# realm-config
PCOSBC(realm-config)# identifier Internal 
PCOSBC(realm-config)# network-interfaces Internal
PCOSBC(realm-config)# 
PCOSBC(realm-config)# done

```

<details id="bkmrk-real-config-extended"><summary>real-config extended</summary>

realm-config  
 identifier Internal  
 description   
 addr-prefix 0.0.0.0  
 network-interfaces Internal:0  
 media-realm-list   
 mm-in-realm disabled  
 mm-in-network enabled  
 mm-same-ip enabled  
 mm-in-system enabled  
 bw-cac-non-mm disabled  
 msm-release disabled  
 qos-enable disabled  
 max-bandwidth 0  
 fallback-bandwidth 0  
 max-priority-bandwidth 0  
 max-latency 0  
 max-jitter 0  
 max-packet-loss 0  
 observ-window-size 0  
 parent-realm   
 dns-realm   
 media-policy   
 nsep-media-policy   
 rtcp-mux disabled  
 ice-profile   
 teams-fqdn   
 teams-fqdn-in-uri disabled  
 sdp-inactive-only disabled  
 dtls-srtp-profile   
 class-profile   
 in-translationid   
 out-translationid   
 in-manipulationid   
 out-manipulationid   
 average-rate-limit 0  
 access-control-trust-level none  
 invalid-signal-threshold 0  
 maximum-signal-threshold 0  
 untrusted-signal-threshold 0  
 nat-trust-threshold 0  
 max-endpoints-per-nat 0  
 nat-invalid-message-threshold 0  
 wait-time-for-invalid-register 0  
 deny-period 30  
 session-max-life-limit 0  
 cac-failure-threshold 0  
 untrust-cac-failure-threshold 0  
 ext-policy-svr   
 diam-e2-address-realm   
 subscription-id-type END\_USER\_NONE  
 symmetric-latching disabled  
 pai-strip disabled  
 trunk-context   
 device-id   
 early-media-allow   
 enforcement-profile   
 additional-prefixes   
 restricted-latching none  
 restriction-mask 32  
 user-cac-mode none  
 user-cac-bandwidth 0  
 user-cac-sessions 0  
 icmp-detect-multiplier 0  
 icmp-advertisement-interval 0  
 icmp-target-ip   
 monthly-minutes 0  
 options   
 spl-options   
 accounting-enable enabled  
 net-management-control disabled  
 delay-media-update disabled  
 refer-call-transfer disabled  
 hold-refer-reinvite disabled  
 refer-notify-provisional none  
 dyn-refer-term disabled  
 codec-policy   
 codec-manip-in-realm disabled  
 codec-manip-in-network enabled  
 rtcp-policy   
 constraint-name   
 session-recording-server   
 session-recording-required disabled  
 manipulation-string   
 manipulation-pattern   
 stun-enable disabled  
 stun-server-ip 0.0.0.0  
 stun-server-port 3478  
 stun-changed-ip 0.0.0.0  
 stun-changed-port 3479  
 sip-profile   
 flow-time-limit -1  
 initial-guard-timer -1  
 subsq-guard-timer -1  
 tcp-flow-time-limit -1  
 tcp-initial-guard-timer -1  
 tcp-subsq-guard-timer -1  
 sip-isup-profile   
 match-media-profiles   
 qos-constraint   
 block-rtcp disabled  
 hide-egress-media-update disabled  
 tcp-media-profile   
 monitoring-filters   
 node-functionality   
 default-location-string   
 alt-family-realm   
 pref-addr-type none  
 sm-icsi-match-for-invite   
 sm-icsi-match-for-message   
 merge-early-dialogs disabled  
 user-site   
 srvcc-trfo   
 feature-trfo

</details>At this point any device communicating with IP 192.168.10.101 will be associated with the Internal realm and any traffic to/from 192.168.10.201 associated with the External realm.