H.248 Border Access Controller Support

H.248 is a media gateway control protocol that enables Switched Circuit Network (SCN) to transmit voice traffic over IP. The H.248 protocol specifies master-slave architecture for decomposed gateways. In master-slave architecture, the Media Gateway Controller (MGC) is the master server and media gateways are the slave clients that behave as simple switches. One MGC can serve multiple media gateways. The H.248 protocol enables the creation, modification, and deletion of media streams across a media gateway, including the capability to negotiate the media formats to be used.

Feature History for H.248 Border Access Controller Support

 

Release
Modification

Cisco IOS XE Release 3.7

This feature was introduced on the Cisco ASR 1000 Series Routers.

Contents

This chapter contains the following sections:

Support for the H.248 Border Access Controller

The session border controller (SBC) supports the H.248 Border Access Controller (BAC) feature.

This feature protects the core network (with Integrated Access Devices [IADs]) from heartbeat flooding and register flooding. The BAC can terminate heartbeat from the H.248 IADs, initiate heartbeat towards IADs, and limit the register rate from IADs to the core network. The BAC hides the core MGC network topology from the IAD access adjacency, and supports media forwarding. The BAC is placed at the edge of the core network. Figure 59-1 illustrates the H.248 BAC network topology.

Figure 59-1 H.248 BAC Topology

 

The H.248 BAC supports the following functionalities:

  • Termination of heartbeats from an access adjacency

The BAC has two adjacencies: access adjacency and core adjacency. Only one-to-one mapping is allowed between an access adjacency and a core adjacency. The IADs and the H.248 terminal devices reside on the access adjacency. The Access Gateway Control Function (AGCF) and Media Gateway Control Function (MGCF) reside on the core adjacency. The H.248 terminal devices on the access adjacency periodically send heartbeats to the AGCF through the BAC. To decrease the impact of heartbeats on the performance of core adjacency devices such as AGCF or MGCF, the BAC sends its response to the heartbeats from the access adjacency and does not transit to the core adjacency. Therefore, the BAC can terminate heartbeats from the access adjacency.

  • Topology hiding

The BAC can modify the signaling address and the media address of the IADs and the AGCF. If it modifies these addresses, the peer will not know the original IP address of the corresponding IAD.

  • Attack detection and protection

The BAC can detect whether a signal message is from a valid or invalid H.248 terminal device. If the signal message is from an invalid H.248 terminal device, it is discarded.

  • Media anchoring and forwarding

The BAC can translate a media address according to the required configuration. When H.248 terminal devices reside in the same network, media will not flow through the core network. When media bypass is enabled, media does not anchor on the BAC.

  • Signaling trace and debug

The BAC can supply different debug levels for H.248 signaling.

Restrictions for H.248 BAC Support

Following are the restrictions pertaining to the H.248 BAC Support feature:

  • Multiple H.248 transactions in one H.248 packet are not supported.
  • H.248 signaling interworking with SIP calls or H.323 calls is not supported.
  • Multiple streams in local descriptors and remote descriptors are not supported.
  • Memory and CPU throttle are not supported.
  • Auto media bypass is not supported.
  • IPv6 is not supported.
  • The BAC cannot operate in the DBE mode.
  • The BAC supports only the H.248 text format (long and short) message type, and not the binary format.

Prerequisites for Configuring H.248 BAC Support

The SBC must be activated before configuring the H.248 BAC Support feature.

Perform the following procedure to activate the SBC:

SUMMARY STEPS

1. configure terminal

2. sbc sbc-name

3. sbe

4. activate

DETAILED STEPS

 

Command or Action
Purpose

Step 1

configure terminal

 

Router# configure terminal

Enters the global configuration mode.

Step 2

sbc sbc-name

 

Router(config)# sbc mySbc

Creates the SBC service on the Cisco Unified Border Element (SP Edition) and enters the SBC configuration mode.

Step 3

sbe

 

Router(config-sbc)# sbe

Enters the mode of the signaling border element (SBE) function of the SBC.

Step 4

activate

 

Router(config-sbc-sbe)# activate

Activates the SBC service.

Configuring H.248 BAC Support

Perform the following procedure to configure the H.248 BAC Support feature:

SUMMARY STEPS

1. configure terminal

2. sbc h248 bac

3. media-address ipv4 ipv4-address realm realm-number vrf vrf-name

4. port-range port-range

5. adjacency h248 {core core-adjacency name}

6. control-address ipv4 ipv4-address {port port number | port-range minimum-port number maximum-port number }

7. remote-address ipv4 ipv4-address port port number

8. realm realm-number

9. attach

10. exit

11. adjacency h248 {access access-adjacency name}

12. control-address ipv4 ipv4-address {port port number }

13. audit interval idle time

14. heart-beat terminate terminate-interval

15. domain-name domain-name

16. core-adj core adjacency-name

17. realm realm-number

18. attach

DETAILED STEPS

 

Command or Action
Purpose

Step 1

configure terminal

 

Router# configure terminal

Enters the global configuration mode.

Step 2

sbc h248 bac

 

Router(config-h248-bac)# sbc h248 bac

Configures the SBC H.248 BAC.

Step 3

media-address ipv4 ipv4-address realm realm-number vrf vrf-name

 

Router(config-h248-bac)# media-address ipv4 8.8.8.8 realm 1

Adds an IPv4 address to the set of addresses that the BAC can use as a local media address.

Step 4

port-range port range

 

Router(config-h248-bac-media-addr)# port-range 20000 30000

Configures the port range of the media address.

If you do not specify the port range, the default port range values of 40000 to 65535 is applied.

Step 5

adjacency h248 {core core-adjacency name }

 

Router(config-h248-bac)# adjacency h248 core core1

Configures the H.248 core adjacency and enters into the core adjacency submode.

Note Multiple core adjacencies and access adjacencies can be configured on the BAC. Always configure the core adjacency before configuring its corresponding access adjacency.

Step 6

c ontrol-address ipv4 ipv4-address {port port number} | {port-range minimum-port number maximum-port number }

 

Router(config-h248-bac-adj)# control-address ipv4 192.168.102.222 port-range 2944 4000

Configures a local IPv4 H.248 signaling address of the BAC.

Note The BAC handles two types of Message Identifiers (MIDs): domain name and IP address. If the MID of an IAD is IP address, only the port-range is configured and not the port.

Step 7

remote-address ipv4 ipv4-address port port number

 

Router(config-h248-bac-adj)# remote-address ipv4 192.168.102.14 port 2944

Configures a remote IPv4 H.248 signaling address of the MGCF and the AGCF.

Step 8

realm realm-number

 

Router(config-h248-bac-adj)# realm 1

Configures an adjacency with the IP realm that belongs to the BAC.

A realm group can contain multiple media addresses. When you configure a realm group under an adjacency, the IP address and port for the media stream of this adjacency is allocated from the media addresses in this realm group.

Step 9

attach

 

Router(config-h248-bac-adj)# attach

Sets the BAC adjacency state to Attached.

Step 10

Exit

Exits from the core adjacency submode.

Step 11

adjacency h248 {access access-adjacency name }

 

Router(config-h248-bac)# adjacency h248 access acc1

Configures the H.248 access adjacency and enters the access adjacency submode.

Note Always configure the access adjacency after configuring its corresponding core adjacency.

Step 12

control-address ipv4 ipv4-address {port port number }

 

Router(config-h248-bac-adj)# control-address ipv4 172.16.104.14 port 2940

Configures a local IPv4 H.248 signaling address of the BAC.

Step 13

audit {force | interval idle time }

 

Router(config-h248-bac-adj)# audit interval 300

Changes the audit interval in the BAC. The default value is 1 minute.

Step 14

heart-beat terminate terminate-interval

 

Router(config-h248-bac-adj)# heart-beat terminate 0

Configures the time interval during which only one heartbeat request from the H.248 terminal device can pass through the BAC and the other heartbeat requests sent during this interval are terminated.

Step 15

domain-name domain-name

 

Router(config-h248-bac-adj)# domain-name cisco

Specifies the domain name of the BAC adjacency that replaces the domain name of the AGCF and the MGCF.

Step 16

core-adj core adjacency-name

 

Router(config-h248-bac-adj)# core-adj core1

Binds the BAC core adjacency with its corresponding BAC access adjacency.

Step 17

realm realm-number

 

Router(config-h248-bac-adj)# realm 1

Configures an adjacency with the IP realm that belongs to the BAC.

A realm group can contain multiple media addresses. When you configure a realm group under an adjacency, the IP address and port for media stream of this adjacency is allocated from the media addresses in this realm group.

Step 18

attach

 

Router(config-h248-bac-adj)# attach

Sets the BAC adjacency state to Attached.

Configuration Example for H.248 BAC Support

The following example shows how to configure the H.248 BAC Support feature:

sbc h248 bac
media-address ipv4 8.8.8.8 realm 1
port-range 20000 30000
media-address ipv4 9.9.9.9 realm 2
port-range 40000 50000
adjacency h248 core core1
control-address ipv4 192.168.102.222 port-range 2944 4000
remote-address ipv4 192.168.102.14 port 2944
realm 1
attach
adjacency h248 access acc1
control-address ipv4 172.16.104.14 port 2940
audit-interval 300
heart-beat terminate 0
domain-name cisco
core-adj core1
realm 2
attach
sbc sbc
sbe
activate