3. - SBC Realms
Session Border Controllers are network devices that secures voice over IP (VoIP) infrastructure while providing interworking between incompatible signaling messages and media flows from end device or application servers.
An important element in Oracle SBCs is realm which are defined as a logical way to identify domain, network, collection of networks.
Let’s forget the management interfaces running in the lab devices for now, the concept of realm would be applied as the following image associating the SBCs interfaces to the realms and any external device sending traffic to the IPs associated.
Now let’s go back to the CLI and configure the realms as shown in the image above, it’s important to mention that identifier can have any name, in my case I used the same names used in physical interfaces and network interfaces, but the key is associate the correct network interface name created in the previous entry.
PCOSBC# config t
PCOSBC(configure)# media-manager
PCOSBC(media-manager)# realm-config
PCOSBC(realm-config)# identifier External
PCOSBC(realm-config)#
PCOSBC(realm-config)# network-interfaces External
PCOSBC(realm-config)#
PCOSBC(realm-config)# done
realm-config
realm-config extended
realm-config
identifier External
description
addr-prefix 0.0.0.0
network-interfaces External:0
media-realm-list
mm-in-realm disabled
mm-in-network enabled
mm-same-ip enabled
mm-in-system enabled
bw-cac-non-mm disabled
msm-release disabled
qos-enable disabled
max-bandwidth 0
fallback-bandwidth 0
max-priority-bandwidth 0
max-latency 0
max-jitter 0
max-packet-loss 0
observ-window-size 0
parent-realm
dns-realm
media-policy
nsep-media-policy
rtcp-mux disabled
ice-profile
teams-fqdn
teams-fqdn-in-uri disabled
sdp-inactive-only disabled
dtls-srtp-profile
class-profile
in-translationid
out-translationid
in-manipulationid
out-manipulationid
average-rate-limit 0
access-control-trust-level none
invalid-signal-threshold 0
maximum-signal-threshold 0
untrusted-signal-threshold 0
nat-trust-threshold 0
max-endpoints-per-nat 0
nat-invalid-message-threshold 0
wait-time-for-invalid-register 0
deny-period 30
session-max-life-limit 0
cac-failure-threshold 0
untrust-cac-failure-threshold 0
ext-policy-svr
diam-e2-address-realm
subscription-id-type END_USER_NONE
symmetric-latching disabled
pai-strip disabled
trunk-context
device-id
early-media-allow
enforcement-profile
additional-prefixes
restricted-latching none
restriction-mask 32
user-cac-mode none
user-cac-bandwidth 0
user-cac-sessions 0
icmp-detect-multiplier 0
icmp-advertisement-interval 0
icmp-target-ip
monthly-minutes 0
options
spl-options
accounting-enable enabled
net-management-control disabled
delay-media-update disabled
refer-call-transfer disabled
hold-refer-reinvite disabled
refer-notify-provisional none
dyn-refer-term disabled
codec-policy
codec-manip-in-realm disabled
codec-manip-in-network enabled
rtcp-policy
constraint-name
session-recording-server
session-recording-required disabled
manipulation-string
manipulation-pattern
stun-enable disabled
stun-server-ip 0.0.0.0
stun-server-port 3478
stun-changed-ip 0.0.0.0
stun-changed-port 3479
sip-profile
flow-time-limit -1
initial-guard-timer -1
subsq-guard-timer -1
tcp-flow-time-limit -1
tcp-initial-guard-timer -1
tcp-subsq-guard-timer -1
sip-isup-profile
match-media-profiles
qos-constraint
block-rtcp disabled
hide-egress-media-update disabled
tcp-media-profile
monitoring-filters
node-functionality
default-location-string
alt-family-realm
pref-addr-type none
sm-icsi-match-for-invite
sm-icsi-match-for-message
merge-early-dialogs disabled
user-site
srvcc-trfo
feature-trfo
PCOSBC(media-manager)# realm-config
PCOSBC(realm-config)# identifier Internal
PCOSBC(realm-config)# network-interfaces Internal
PCOSBC(realm-config)#
PCOSBC(realm-config)# done
real-config extended
realm-config
identifier Internal
description
addr-prefix 0.0.0.0
network-interfaces Internal:0
media-realm-list
mm-in-realm disabled
mm-in-network enabled
mm-same-ip enabled
mm-in-system enabled
bw-cac-non-mm disabled
msm-release disabled
qos-enable disabled
max-bandwidth 0
fallback-bandwidth 0
max-priority-bandwidth 0
max-latency 0
max-jitter 0
max-packet-loss 0
observ-window-size 0
parent-realm
dns-realm
media-policy
nsep-media-policy
rtcp-mux disabled
ice-profile
teams-fqdn
teams-fqdn-in-uri disabled
sdp-inactive-only disabled
dtls-srtp-profile
class-profile
in-translationid
out-translationid
in-manipulationid
out-manipulationid
average-rate-limit 0
access-control-trust-level none
invalid-signal-threshold 0
maximum-signal-threshold 0
untrusted-signal-threshold 0
nat-trust-threshold 0
max-endpoints-per-nat 0
nat-invalid-message-threshold 0
wait-time-for-invalid-register 0
deny-period 30
session-max-life-limit 0
cac-failure-threshold 0
untrust-cac-failure-threshold 0
ext-policy-svr
diam-e2-address-realm
subscription-id-type END_USER_NONE
symmetric-latching disabled
pai-strip disabled
trunk-context
device-id
early-media-allow
enforcement-profile
additional-prefixes
restricted-latching none
restriction-mask 32
user-cac-mode none
user-cac-bandwidth 0
user-cac-sessions 0
icmp-detect-multiplier 0
icmp-advertisement-interval 0
icmp-target-ip
monthly-minutes 0
options
spl-options
accounting-enable enabled
net-management-control disabled
delay-media-update disabled
refer-call-transfer disabled
hold-refer-reinvite disabled
refer-notify-provisional none
dyn-refer-term disabled
codec-policy
codec-manip-in-realm disabled
codec-manip-in-network enabled
rtcp-policy
constraint-name
session-recording-server
session-recording-required disabled
manipulation-string
manipulation-pattern
stun-enable disabled
stun-server-ip 0.0.0.0
stun-server-port 3478
stun-changed-ip 0.0.0.0
stun-changed-port 3479
sip-profile
flow-time-limit -1
initial-guard-timer -1
subsq-guard-timer -1
tcp-flow-time-limit -1
tcp-initial-guard-timer -1
tcp-subsq-guard-timer -1
sip-isup-profile
match-media-profiles
qos-constraint
block-rtcp disabled
hide-egress-media-update disabled
tcp-media-profile
monitoring-filters
node-functionality
default-location-string
alt-family-realm
pref-addr-type none
sm-icsi-match-for-invite
sm-icsi-match-for-message
merge-early-dialogs disabled
user-site
srvcc-trfo
feature-trfo
At this point any device communicating with IP 192.168.10.101 will be associated with the Internal realm and any traffic to/from 192.168.10.201 associated with the External realm.