Skip to end of metadata
Go to start of metadata

Overview

The SBC Core supports local authentication autonomously on a per-IP trunk group basis in situations where an IP-PBX does not perform a registration and the service provider does not require/want registrations. This functionality is accomplished using the authentication configurable to the ingress IP Peer and/or ingress IP Trunk Group (IPTG) as described below. 

Additionally, the IP Signaling Profile relay flag statusCode4xx6xx must be enabled on egress leg of the call to relay error status codes.

The CLI syntax for this configuration is shown below:

CLI Syntax
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> signaling authentication
    authPassword <authentication password for trunkgroup> 
    authUserPart <userPart used for authentication> 
    intChallengeResponse <enabled | disabled> 
    incInternalCredentials <enabled | disabled> 

% set profiles signaling ipSignalingProfile <profile_name> commonIpAttributes relayFlags statusCode4xx6xx <disable | enable>

Egress Trunk Group

  • Define authentication password (authPassword) used when replying to local authentication requests.
  • Define authentication user part (authUserPart) used when replying to local authentication requests.
  • Enable IP Signaling Profile relay flag statusCode4xx6xx to relay error status codes.

Ingress Trunk Group

  • Set authentication flag to choose whether to reply to authentication locally (intChallengeResponse) if credentials are configured on the egress IPTG.
  • Set authentication flag to choose whether to include credentials (incInternalCredentials) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.

IP Peer

  • Set flag to choose whether to reply to authentication locally (intChallengeResponse) if credentials are configured on the egress IPTG.
  • Set flag to choose whether to include credentials (incInternalCredentials) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.

The SBC supports local authentication for dialog initiating INVITE, dialog initiating SUBSCRIBE, mid-dialog INVITE, mid-dialog INFO, mid-dialog REFER, mid-dialog MESSAGE, initial REGISTER, refresh REGISTER, UPDATE, PUBLISH, out-of-dialog REFER, out-of-dialog MESSAGE, BYE and PRACK.

SIP Response Enhancement When IPTG is Out of Service (OOS)

The SBC supports all Trunk Group configuration when IPTG is out of service (OOS). The SBC considers all the  IPTG configuration as active while processing incoming INVITE. Incoming and outgoing SMM rules are applied even when IPTG is OOS. And by making SG available (even if IPTG is OOS) SMM rule is enabled on it. To support this behavior, a new flag processSGConfigWhenTGOOS is introduced to IPTG. When this flag is enabled, SBC makes service group configuration available when Trunk Group is OOS. 5XX Response is send for the INVITES even if the TG is OOS, which means Service group is intact with TG configuration and values even if TG is OOS. To achieve this, as per the flag value (enable/disabled), trmstatus TRM_FOUND_TG_OOS/NOTFOUND is set and is forwarded to SIPSG. SIPSG then takes decision to tear down the calls.

% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> state disabled mode outOfService processSGConfigWhenTGOOS enabled
% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> processSGConfigWhenTGOOS disabled