Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco 7600 Series Routers

Release Note for the Cisco Session Border Controller on the Cisco 7600 Router

Downloads

Table Of Contents

Release Notes for the Cisco Session Border Controller on the Cisco 7600 Router

Contents

New Features in ACE Session Border Controller Release 3.0.1

New Features in ACE Session Border Controller Release 3.0.00

New Software Features in ACE Session Border Controller Release 2.0.00

Available SBC Licenses

Software Version Maintenance Release Caveats

Software Version ACE Session Border Controller Release 3.0.1 Resolved Caveats

Software Version ACE Session Border Controller Release 3.0.1 Open Caveats

Software Version ACE Session Border Controller Release 3.0.00 Caveats

Software Version ACE Session Border Controller Release 3.0.00 Resolved Caveats

Software Version ACE Session Border Controller Release 3.0.00 Open Caveats


Release Notes for the Cisco Session Border Controller on the Cisco 7600 Router

October 6, 2008

Note The most current Cisco documentation for released products is available on Cisco.com.

Contents

This release note applies to the following software versions for the Cisco Session Border Controller (SBC) on the Cisco 7600 router:

ACE-SBC-SW3000-K9—ACE Session Border Controller Release 3.0.1 (DC OS SW)

ACE-SBC-SW3000-K9—ACE Session Border Controller Release 3.0.00 (DC OS SW)

ACE-SBC-SW2000-K9—ACE Session Border Controller Release 2.0.00 (DC OS SW)

Both software versions run on Cisco 7600 Series ACE 20 HW for the Session Border Controller (ACE20-SBC-K9).

The ACE20-SBC-K9 requires Cisco IOS Release 12.2(33)SRB1 or later for the following models of Supervisor 720 engines: WS-SUP720, WS-SUP720-3B, and WS-SUP720-3BXL.

The ACE20-SBC-K9 requires Cisco IOS Release 12.2(33)SRC or later for the Route Switching Processor 720-1GE.

For information on the Application Control Engine (ACE) module features and configuration details, see the ACE module documentation located at:

http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html

This release note contains the following sections:

New Features in ACE Session Border Controller Release 3.0.1

New Software Features in ACE Session Border Controller Release 2.0.00

Available SBC Licenses

Software Version ACE Session Border Controller Release 3.0.00 Caveats

New Features in ACE Session Border Controller Release 3.0.1

The ACE Session Border Controller Release 3.0.1 provides the following features:

7600/ACE SBC MIB Implementation

New Features in ACE Session Border Controller Release 3.0.00

The ACE Session Border Controller Release 3.0.00 software release provides the following features:

SBC Adjacencies

SBC Billing

SBC Policies

SBC Transcoding

SBC Firewall Traversal and Network Address Translator

Session Initiation Protocol (SIP) Method Profiles

Header Profiles

Restricting Codecs

SIP Telephone (TEL) Uniform Resource Identifier (URI) Support

SIP Timer

H.323 Support

H.323-SIP Interworking

Tracking Policy Failure Statistics

SIP 3xx Redirect Responses

SIP Call Hold

SIP Call Transfer

SIP Outbound Authentication

SIP Inbound Authentication

SIP-Interworking (I) Transparency and Profile Support

SIP Configuration Flexibility

Implementing SBC Quality of Service (QoS) (Marking)

Denial of Service (DoS) Prevention and Dynamic Blacklisting

Early Media

Proxy-Call Session Control Function (P-CSCF) Support

Integration of Resource Management and SIP

Interconnection

Border Control Function (IBCF) Processing Support

For additional information on these features, see the Cisco 7600 Series Routers Session Border Controller Configuration Guide.

New Software Features in ACE Session Border Controller Release 2.0.00

The ACE Session Border Controller Release 2.0.00 software release provides the following features:

Network Address Translator (NAT)

SBC QoS—Marking

DoS Prevention

SBC Interworking Dual Tone Multifrequency

Unexpected Source Address Alerting

SBC Redundancy (High Availability)

Data border element (DBE) Overload Reporting

Media Address Pools

FAX Support

SBC Multi-VPN routing and forwarding (VRF)

For additional information on these features, see the Cisco 7600 Series Routers Session Border Controller Configuration Guide.

Available SBC Licenses

For ACE-SBC-SW3000-K9:

ACE-SBC-SIP

ACE-SBC-H323

For ACE-SBC-SW2000-K9:

ACE-SBC-RTU 7600 Session Border Control Application RTU

ACE-SBC-H248 7600 Session Border Control H.248 License

ACE-SBC-SIP 7600 Session Border Control SIP License

Note You can access the license and show license commands only in the Admin context. You must have the Admin role in the Admin context to perform the tasks of installing, removing, and updating the license.

Software Version Maintenance Release Caveats

The following sections contain the resolved and open caveats in software version ACE Session Border Control Release 3.0.1:

Software Version ACE Session Border Controller Release 3.0.1 Resolved Caveats

Software Version ACE Session Border Controller Release 3.0.1 Open Caveats

Software Version ACE Session Border Controller Release 3.0.1 Resolved Caveats

The following resolved caveats apply to software version ACE Session Border Control Release 3.0.1:

CSCsq92036—The ACE module reloads with a call from a delayed offer device when codec restriction list is applied.

CSCsr67524—Crash seen on the ACE module when configuring RADIUS server with debugs enabled.

CSCsq74827—With High Availability (HA) and RADIUS billing configured with 20 cps of SIP UDP calls, both ACE modules reload.

CSCso88697—The SBC crashes after a DBE no activate and re-activate while there is a dangling call.

CSCsq32222—The ACE module reloaded while bringing up of the pair of ACE modules at the same time.

CSCsq22492—H.323 fast start calls fail if h245-tunnel is disabled on the SBC.

CSCsr67892—SBC memory congestion and leak occurs with SIP User Datagram Protocol (UDP) to SIP (UDP) traffic with 200 seconds call hold time and 38 cps.

CSCso81839—After running 8K transmission control protocol (TCP) calls at 25 cps for extended period of time with complex configuration, the ACE module hangs.

CSCsq07528—The active ACE module hangs under heavy H.323 call load and the standby module takes over.

CSCsq65238—When the ping-fail-count is configured with the value 4294967294 (maximum value) the show services sbc test sbe mib vpssadjtable command displays a negative value.

CSCsq73655—Configuration of DVI4, EVRCO, and MP2S codecs causes N-base error.

CSCsr57919—Supported header is incorrectly stripped from the 200 REGISTER response even when option whitelisting is set to pass everything.

CSCsr57276—The SBC tears down the call when the SBC receives a modified Session Description Protocol (SDP) in the 200 OK SIP message.

CSCsr48072—After the SBC has received and forwarded the connect message, the SBC releases the call because of the "h.225 establishment timeout."

CSCsr80463—During the established call session, the SBC does not learn the changed Real-Time Protocol (RTP) remote port.

CSCsr61902—A record query fails because the signaling peer is cofigured for a domain name server (DNS) name that is greater than 24 characters.

CSCsu06779—The SBC crashes with the debug services sbc information command enabled.

CSCsr09181—For show services sbc sbe call-stats command, the number of successful call attempts appears unrealistic.

CSCsr09141—Entering the no reason routing-failure command when there is a blacklist address-default containing multiple reasons (including reason routing-failure) causes the blacklist configuration to disappear.

CSCsr09098—For the blacklist dump, the timing format is inconsistant.

CSCsl58752—After FT (Fault Tolerance) is configured on a new standby ACE module, the active ACE module sends all the non-SBC configuration information to the standby ACE module but does not send the SBC configuration. If the user switches over to the standby ACE module, the SBC configuration will be lost.

CSCsr93741—Setting the default value of the sbc sbe radius authentication retry-limit command yields 3 instead of the proper default value of 5.

CSCsr91326—After switchover, Simple Network Management Protocol (SNMP) Traps does not display csbSBCServiceName with the SBC name on the active ACE module.

CSCsr09127—When running a sequence of attacks, the show services sbc test sbe blacklist configured-limits command shows blacklisted IP addresses in an endless loop. This does not affect functionality.

CSCsr06813—N-base error occurs when executing the no form of the adjacency h323 signaling address, adjacency h323 remote address, adjacency h323 signaling peer, adjacency sip signaling address, adjacency sip remote address, adjacency sip signaling peer, and adjacency sip reg-min-expiry commands.

CSCsr00947—Cannot configure more than the specified buffer size for the sbc <bc-name sbe cac-policy-set cac-policy-num table table-name entry entry_id command.

CSCsr21178—When log level and debugs are on, and no other calls, the SBC hangs or reloads if a hairpin call is made at very high log level (level 5).

CSCsq86751—With call admission control policy failure where bandwidth limits are involved, after call admission control policy is pegged (specifically based on codec whitelisting in this particular scenario), the policy failure statistics show bandwidth limits counter pegged two times for a single failure.

CSCso07369—With some unused adjacencies in detached state (for example, when no IP addresses are configured), there is a 503 error when setting up calls between two attached adjacencies.

CSCsq85566—Setting the media-timeout value to 0 results in inconsistent call handling behavior (to include calls terminating early from the SBC and some no-media calls completing while others are prevented).

CSCsq36265—A large trigger period configured for blacklist does not display correctly with show services CLI.

CSCsq24086—The maximum outbound-flood-rate and ping-fail-count in adjacency data display incorrectly as -1 if the configured value is 4294967295.

CSCsm22787—The number of H.323 media-update failures is not reflected accurately in policy-failure statistics.

CSCso38593—Cannot edit or remove media gateway configuration when configuring the media gateway address followed by the exit command.

CSCsr48686—N-base error while deleting the first-cac-table.

CSCsk76641—Just before the blacklist timeout expiry, the show services sbc sbe blacklist current-blacklisting command shows the time remaining as 49 days instead of 1 or 2 seconds.

CSCso89807—When the SBC receives a 18x message with the 'requires: 100rel' header:param it includes a second duplicate header in the outgoing 18x which is combined into a 'Required: 100rel, 100rel' header later in the call flow.

CSCso13743—After configuring hunting triggers in SIP adjacencies, the show services sbc j sbe sip hunting-trigger command does not show hunting triggers.

CSCsu12327—Starting an H.323-H.323 call with an H.245 tunnel disabled causes an SBC coredump.

CSCsr99758—The SBC core dumps while running the Codenomicon H.248 test suite.

CSCsr99489—In an SBC redundant deployment, the standby ACE module may reload after a write memory command is issued on the active ACE module.

CSCsr21042—The SBC reloads after FT switchover which is expected, then reloads three more times which is not expected.

CSCsr43832—If the answer received by SBC has changed payload types for a codec, that codec is forwarded by SBC in the ongoing answer. If the answer is left with no valid media codecs, the signaling goes through, however, there may be media issues because of incompatible media-types.

CSCsu26306—When configuring congestion on the DBE, the ACE module crashes.This occurs whenconfiguring sbc test, rsrc-mon, and cpu congestion-threshold 1 clear-threshold 2 freq 1000 congestion-probe-period 200 normal-proble-period 200.

CSCsr65536—SBC may crash when using the show logging internal facility command.

CSCsr24168—When running the PROTOS test suite, certain test cases would cause an SBC core dump.

CSCsr65640—The SBC does not show active blacklist defaults even when blacklist is not configured.

CSCsw28053—For certain calls rejected by CAC policy, the SIP 503 response was sent when it should be 486.

Software Version ACE Session Border Controller Release 3.0.1 Open Caveats

The following open caveats apply to software version ACE Session Border Control Release 3.0.1:

CSCsu80002—The default DBE location-id for the SBE configuration does not match the the default DBE location-id for the DBE configuration. This causes a "503 Service Unavilable" message when attempting a call.

Workaround: Set DBE location-id=0 and SBE location-id=0.

CSCsr66234—When running traffic and performing multiple switchovers on the SBC, only one of the ACE modules recovered and the SBC signaling border element (SBE), configuration did not activate. As a result, all adjancencies became detached and no traffic passed.

Workaround: Disable one ACE module. Reload the other ACE module and when it becomes active, reload the other ACE module.

CSCso08776—When making a SIP call, the SBC fails to act on an invite containing four videos when the invite is returned from a SIP Proxy.

Workaround: None.

CSCso59933—Differentiated Services Code Point (DSCP) signaling QoS profiles value are shown when profiles are not set.

Workaround: None.

CSCsr85533—In the address-default submode of the blacklist command, entering the no reason authentication-failure command or the no reason bad-address command or the no reason corrupt-message command or the no reason endpoint-registration command or the no reason policy-rejection command or the no reason routing-failure command will set triggersize to 0, trigger-period to 0, and timeout to 0. The default value should be triggersize is 4, trigger-period is 100ms, timeout is 600s.

Workaround: None.

CSCsr70002—With a PGW acting as a signaling border element (SBE) and a Cisco 7600 DBE, the PGW sends out a bulk audit request message. The Cisco 7600 DBE should send out a fragmented UDP message without a UDP checksum error, however, When checking the DBE reply against this audit request message, there is a Cisco 7600 fragmented UDP message checksum error.

Workaround: None.

CSCso61641—The SBC does not release the H.248 socket even after multiple SBC creations and deletions.

Workaround: None.

CSCsj78705—The show services sbc test dbe controllers command shows incorrect counter values.

Workaround: None.

CSCsu82541—If the show running-config command for a release 3.0.1 image shows h248-profile gatecontrol, the downgrade procedures from release 3.0.1 to release 3.0.0 do not work.

Workaround: SBC release 3.0.0 only supports h.248-profile-version 3 for the gatecontrol profile (the default settings).

CSCsu87098—When upgading from SBC release 3.0.0 to 3.0.1, a concurent-requests XXX *** cmd parse error *** appears where XXX is a value other than 250 (the default).

Workaround: Two workarounds are available. For the first workaround, temporarily deactivate and remove the radius accounting client name command configuration during the downgrade procedure. For the second workaround, temporarily set concurrent-requeststo its default value (250) for the SBC release 3.0.1 configuration.

CSCsu92793—Console shows call failure; console also shows output of the Problem Determination (PD) log indicating a resource shortage even though there are no resource shortages.

Workaround: The SBC encountered a syntax error while parsing the Request Uniform Resource Identifier (URI). Check the syntax of the Request URI.

Software Version ACE Session Border Controller Release 3.0.00 Caveats

The following sections contain the resolved and open caveats in software version ACE Session Border Control Release 3.0.00:

Software Version ACE Session Border Controller Release 3.0.00 Resolved Caveats

Software Version ACE Session Border Controller Release 3.0.00 Open Caveats

Software Version ACE Session Border Controller Release 3.0.00 Resolved Caveats

The following resolved caveats apply to software version ACE Session Border Control Release 3.0.00:

CSCsq22492—H.323 fast start calls fail if h245-tunnel is disabled on SBC. In case of transcoding, the H.323 calls need to be slow started as that is a SBC limitation. If the originator is capable of generating a fast start call, SBC is supposed to force it to slow start , this is achieved by configuring on the adjacency "h245tunnel-disable." This was tested with Cisco's IOS callgen.

CSCso88697—SBC crash with SBC DBE no activate and re-activate. This is a negative scenario and is not recommended in a live enviroment.

CSCsq32222—When the pair of HA modules came up, one module reloaded while both ACE modules were coming up at the same time.

Software Version ACE Session Border Controller Release 3.0.00 Open Caveats

The following open caveats apply to software version ACE Session Border Control Release 3.0.00:

OPENCSCsq23314—After executing multiple switchovers with 8K SIP TCP calls at a high call rate with a limited size media-address pool, there are call failures and no CLI response.

Workaround: None.

CSCsq18958—A simple test with a TCP portscan from the Basic Vulnerability Assessment GUI (BVA) causes a reload/assert after only a few seconds of the test. The tester was aimed at the SBC alias address.

Workaround: None.

CSCsq07699—Intermittent call forwarding failures if you start with a configuration that points the call routing into the wrong adjacency or when there is a change to the call routing configuration to point to the correct adjacency.

Workaround: Reset any of the active or standby ACE modules.

CSCsk99196—CLI for clearing blacklisting does not work. After the clear services sbc uut105-1 sbe blacklist ipv4 200.200.200.121 command is executed, the blacklisted endpoint is not cleared from the list and continues to be blacklisted.

Workaround: None.

CSCso81445—The ACE module coredumps with switchover 10K reg and 5K calls on a node running the SBC application. This issue is seen intermittently after at least 3-4 switchovers.

Workaround: None.

CSCso72393—After a switchover both ACE modules becomes active. This condition is seen on a node running the SBC application. After switchover, the heartbeats are not exchanged between the ACE module and standby ACE module and after the standby comes up, it becomes active. Reset the standby module to clear the condition.

Workaround: None.

CSCso67902—After configuring SBC and immediately executing a write memory command, the active ACE FT status went to active and the standby ACE FT status went to unknown.

Workaround: Use copy running-config startup-config command instead of write memory command.

CSCso67839—With fully qualified domain names (FQDNs) requiring DNS resolution with SBC running as P-CSCF in IMS setup, there are aborting call error messages with 6k calls at 10cps plus 10K reg.

Workaround: None.

CSCso03125—On a node running the SBC application, the SBC configuration is lost after switchover.

Workaround: None.

CSCsq37874—The SBC is not blacklisting the bad address port responsible for a DOS attack.

Workaround: None.

CSCsq37007—While running the SBC application under a heavy load for an extended period of time, the ACE module hangs. Heavy load consisted of 6k to 8k SIP calls at a rate of 20 cps (on average) with features that include DTMF interworking, transcoding, call forwarding, and registrations.

Workaround: Reduce the CPS and avoid congestion.