C H A P T E R
10
Implementing SBC Multi-VRF
The Session Border Controller (SBC) provides support for multi-VRF (VPN routing and forwarding) on
customer edge (CE) devices. This feature provides the capability of suppressing provider edge (PE)
checks to prevent loops when the PE is performing a mutual redistribution of packets.
Note
VRF is only supported in DBE media address and SBE AAA/H248 control address; DBE H248 control
address does not support VRF.
Note
For ACE SBC Release 3.0.00 and later releases, this feature is supported in both the unified model and
the distributed model.
For a complete description of commands used in this chapter, refer to Chapter 39, “Cisco Session Border
Controller Commands.” To locate documentation for other commands that appear in this chapter, use the
command reference master index, or search online.
Feature History for Implementing SBC Multi-VRF
Release
Modification
ACE SBC Release 3.0.1
Added support for VRF-Aware DNS Query.
ACE SBC Release 3.0.00 Added support for SBC unified model.
The following sections were added:
•
Configuring Multi-VRF
•
Associating an H.323 Adjacency with a VRF
•
Associating a SIP Adjacency with a VRF
ACE SBC Release 2.0.00 This feature was introduced on the Cisco 7600 series router.
Contents
This module contains the following sections:
•
Prerequisites—Implementing Multi-VRF, page 10-2
•
Information About Implementing Multi-VRF, page 10-2
•
Implementing Multi-VRF, page 10-3
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-1
Chapter 10
Implementing SBC Multi-VRF
Prerequisites—Implementing Multi-VRF
•
Configuration Examples for Implementing Multi-VRF, page 10-16
Prerequisites—Implementing Multi-VRF
The following prerequisites are required to implement SBC multi-VRF:
•
On the Application Control Engine Module (ACE), you must be an Admin user to enter SBC
commands. For more information, see the Application Control Engine Module Administration Guide
at:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configurati
on/administration/guide/admgd.html
•
Before implementing multi-VRF, the SBC must already be created. See the procedures described in
Chapter 2, “ACE Configuration Prerequisites for the SBC.”
Information About Implementing Multi-VRF
The SBC support for multi-VRF on customer edge (CE) devices (that is, customer premises routers)
feature provides the capability of suppressing PE checks that are needed to prevent loops when the PE
is performing a mutual redistribution of packets. Multi-VRF allows for the use of only one router to
accomplish the tasks that multiple routers usually perform. It runs on a network without the requirement
of MPLS and BGP installed.
When VRF is used on a router that is not a PE, the checks can be turned off to allow for correct
population of the VRF routing table with routes to IP prefixes. Multi-VRF is also important because
virtual private network (VPN) functionality is not completely supported on low-end systems. Multi-VRF
provides logical separation of routing instances (and by the implication address space) within one router.
The following summarizes the features of multi-VRF:
•
Allows a single physical router to be split into multiple virtual routers, where each router contains
its own set of interfaces, routing table, and forwarding table. SBC supports multiple (overlapping and
independent) routing tables (addressing) per customer. Virtual routing contexts are used to separate
routing domains within a single router.
•
Multi-VRF can be used where multiple routers are required but only one is available.
•
One physical interface can belong to multiple virtual routers through the usage of subinterfaces
(Frame Relay, ATM, VLANs).
•
BGP and MPLS are not used.
•
No connectivity is provided between VRFs (would require using BGP for internal exporting and
importing between VRFs).
•
When a call is placed between two endpoints in the same VPN site, SBC can route the media directly
between them, to reduce network utilization.
•
Multi-VRF on SBC provides optimization where both endpoints are on the same VPN, by turning
media bypass on.
For ACE SBC Release 3.0.00, by default, all adjacencies on the same VPN have media bypass turned
on. Media bypass can be turned off by using the media-bypass-forbid command (this command is
implemented for CAC policies only).
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-2
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Note
The VRF name under the adjacency must match the context name.
VRF-Aware DNS Query
This feature allows the SBC to query DNS per VRF. Before ACE SBC Release 3.0.1, all DNS queries
were performed within the Admin context; this feature allows DNS queries to be performed on a
per-context basis.
Implementing Multi-VRF
Implementing SBC multi-VRF is described in the following sections:
•
Configuring Multi-VRF, page 10-3
•
Associating a SIP Adjacency with a VRF, page 10-12
•
Configuring DBE with VRF—Distributed Model Only, page 10-14
Configuring Multi-VRF
This task configures the router with the SBC running in multi-VRF mode in unified deployment mode.
Note the relationship between the interface and SBC’s service virtual interface (SVI), adjacency, and
data border element (DBE) media-address as required.
SUMMARY STEPS
1.
configure
2.
context vrf
3.
allocate-interface
4.
exit
5.
ft peer
6.
heartbeat interval
7.
heartbeat count
8.
ft-interface vlan
9.
exit
10. ft group
11. peer
12. priority
13. peer priority
14. associate-context
15. inservice
16. ft group
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-3
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
17. peer
18. priority
19. peer priority
20. associate-context
21. inservice
22. exit
23. exit
24. changeto
25. configure
26. interface vlan
27. ip address
28. alias
29. peer ip address
30. no shutdown
DETAILED STEPS
Step 1
Command or Action
Purpose
configure
Enter ACE module configuration mode.
Example:
host1/Admin# configure
host1/Admin(config)#
Step 2
context
Creates a context.
Note
The vrf name under the adjacency must match the
context name.
Example:
Step 3
host1/Admin(config)# context my_vrf1
The example creates a new context my_vrf1.
allocate-interface vlan
Allocates VLAN 100 to context my_vrf1 to allow the
context to receive the traffic classified for VLAN 100.
Example:
host1/Admin(config-context)# allocate-interface
vlan 100
Step 4
exit
Exit from config-context mode.
Example:
host1/Admin(config)# exit
Step 5
ft peer
Configures an FT peer and accesses FT peer configuration
mode.
Example:
host1/Admin(config)# ft peer 1
host1/Admin(config-ft-peer)#
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-4
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 6
Command or Action
Purpose
heartbeat interval frequency
Configures the heartbeat interval for verification timing
between active and standby FT peers.
Example:
host1/Admin(config-ft-peer)# heartbeat interval
100
Step 7
Configures the heartbeat count for verification timing
between active and standby FT peers.
heartbeat count number
Example:
host1/Admin(config-ft-peer)# heartbeat count 10
Step 8
Associates an existing FT VLAN with a peer.
ft-interfac vlan vlan_id
Example:
host1/Admin(config-ft-peer)# ft-interface vlan
99
Step 9
exit
Exit from config-ft-peer mode.
Example:
host1/Admin(config)# exit
Step 10
Configures ft group 1 with the default (Admin) context.
ft group
Example:
host1/Admin(config)# ft group 1
host1/Admin(config-ft-group)#
Step 11
Associates a peer ACE with an FT group.
peer
Example:
host1/Admin(config-ft-group)# peer 1
Step 12
Configures the priority of the active group member.
priority
Example:
host1/Admin(config-ft-group)# priority 150
Step 13
Configures the priority of an FT group on the remote
standby member.
peer priority
Example:
host1/Admin(config-ft-group)# peer priority 50
Step 14
associate-context
Associates a context with an FT group.
Example:
host1/Admin(config-ft-group)# associate-context
my_vrf1
Step 15
inservice
Places an FT group in service.
Example:
host1/Admin(config-ft-group)# inservice
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-5
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 16
Command or Action
Purpose
ft group
Configures another ft group with non-Admin context.
Example:
host1/Admin(config)# ft group 2
host1/Admin(config-ft-group)#
Step 17
peer
Associates a peer ACE with an FT group.
Example:
host1/Admin(config-ft-group)# peer 1
Step 18
priority
Configures the priority of the active group member.
Example:
host1/Admin(config-ft-group)# priority 150
Step 19
peer priority
Configures the priority of an FT group on the remote
standby member.
Example:
host1/Admin(config-ft-group)# peer priority 50
Step 20
associate-context
Associates a context with an FT group.
Example:
host1/Admin(config-ft-group)# associate-context
my_vrf1
Step 21
inservice
Places an FT group in service.
Example:
host1/Admin(config-ft-group)# inservice
Step 22
exit
Exit from config-ft-group mode.
Example:
host1/Admin(config-ft-group)# exit
Step 23
exit
Exit from config mode.
Example:
host1/Admin(config)# exit
Step 24
changeto
Moves from one context on the ACE to another context.
Example:
host1/Admin# changeto my_vrf1
Router/vrf1#
Step 25
configure
Enter configuration mode of context my_vrf1.
Example:
host1/my_vrf1# configure
host1/(config)#
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-6
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 26
Step 27
Command or Action
Purpose
interface vlan
Creates a VLAN interface.
Example:
host1/vrf1(config)# interface vlan 100
The example creates an SVI using VLAN 100.The VLAN
was assigned to this context from the Admin context in Step
3.
ip address
Assigns an IP address to a VLAN interface.
Example:
host1/vrf1(config-if)# ip address 77.101.1.2
255.255.255.0
Step 28
Configures an IP address that floats between active and
standby modules for a VLAN interface.
alias
Example:
host1/vrf1(config-if)# alias 77.101.1.100
255.255.255.0
Step 29
Configures the IP address of a standby module for the
VLAN interface.
peer ip address
Example:
host1/vrf1(config-if)# peer ip address
77.101.1.3 255.255.255.0
Step 30
Enables an interface for use.
no shutdown
Example:
host1/my_vrf1(config-if)# no shutdown
Configuring a VRF-Aware DNS Query
This task configures a DNS query for a VRF.
SUMMARY STEPS
1.
configure
2.
context vrf
3.
allocate-interface vlan
4.
exit
5.
sbc sbc-name
6.
sbe
7.
sip dns
8.
cache-lifetime 0-1879048
9.
cache-limit 0-4294967295
10. exit
11. adjacency sip adjacency-name
12. vrf vrf_name
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-7
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
13. exit
14. exit
15. exit
16. exit
17. changeto context_name
18. configure
19. ip domain-lookup
20. ip domain-name
21. ip name-server
DETAILED STEPS
Step 1
Command or Action
Purpose
configure
Enter ACE module configuration mode.
Example:
host1/Admin# configure
Step 2
context
Creates a context.
Note
The vrf name under the adjacency must match the
context name.
Example:
Step 3
host1/Admin(config)# context my_vrf1
The example creates a new context my_vrf1.
allocate-interface vlan
Allocates VLAN 100 to context my_vrf1 to allow the
context to receive the traffic classified for VLAN 100.
Example:
host1/Admin(config-context)# allocate-interface
vlan 100
Step 4
exit
Exits the current mode.
Example:
host1/Admin(config)# exit
Step 5
sbc sbc-name
Creates the SBC service on the SBC and enters into SBC
configuration mode.
Example:
host1/Admin(config)# sbc mySbc
Step 6
Creates the SBE service on an SBC and enters into the
SBC-SBE configuration mode.
sbe
Example:
host1/Admin(config-sbc)# sbe
Step 7
sip dns
Enters the SIP DNS configuration mode.
Example:
host1/Admin(config-sbc-sbe)# sip dns
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-8
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 8
Command or Action
Purpose
cache-lifetime 0-1879048
Configures the lifetime of any DNS entries in the DNS
cache.
Example:
host1/Admin(config-sbe-dns)# cache-lifetime 444
Step 9
Configures the maximum number of entries that are
permitted in the DNS cache.
cache-limit 0-4294967295
Example:
host1/Admin(config-sbe-dns)# cache-limit 14
Step 10
Exits the current mode.
exit
Example:
host1/Admin(config-sbe-dns)# exit
Step 11
Configures an adjacency for an SBC service.
adjacency sip adjacency-name
Example:
host1/Admin(config-sbc-sbe)# vrf vpn3
Step 12
Configures a SIP adjacency tied to a specific VPN.
vrf vrf_name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# vrf vpn3
Step 13
Exits the current mode.
exit
Example:
host1/Admin(config-sbc-sbe-adj-sip)# exit
Step 14
exit
Exits the current mode.
Example:
host1/Admin(config-sbc-sbe-adj)# exit
Step 15
exit
Exits the current mode.
Example:
host1/Admin(config-sbe)# exit
Step 16
exit
Exits the current mode.
Example:
host1/Admin(config)# exit
Step 17
changeto context_name
Moves from one context on the ACE to another context.
Example:
host1/Admin# changeto vrf120
Step 18
configure
Enters ACE module configuration mode.
Example:
host1/Admin# configure
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-9
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 19
Command or Action
Purpose
ip domain-lookup
Enables the ACE module to perform a domain lookup
(host-to-address translation) with a DNS server.
Example:
host1/Admin(config)# ip domain-lookup
Step 20
Configures a default domain name.
ip domain-name
Example:
host1/Admin(config)# ip domain-name cisco.com
Step 21
Configures a DNS name server on the ACE module. You
can configure a maximum of three DNS name servers.
ip name-server
Example:
host1/Admin(config)# ip name-server
192.168.12.15
Associating an H.323 Adjacency with a VRF
This task associates an H.323 adjacency with a VPN.
SUMMARY STEPS
1.
adjacency h323 adjacency-name
2.
vrf vrf_name
3.
signaling-address ipv4 local_signaling_IP_address
4.
signaling-port port_num
5.
remote-address ipv4 remote_IP_address/prefix
6.
signaling-peer [gk] peer_address
7.
signaling-peer-port port_num
8.
account account_name
9.
media-bypass (Optional command)
10. media-bypass-forbid
11. attach
DETAILED STEPS
Step 1
Command or Action
Purpose
adjacency h323 adjacency-name
Enters the mode of an SBE H.323 adjacency.
•
Example:
Use the adjacency-name argument to define the name
of the service.
host1/Admin(config-sbc-sbe)# adjacency h323
h323my_vrf1
host1/Admin(config-sbc-sbe-adj-h323)#
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-10
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 2
Command or Action
Purpose
vrf vrf_name
Ties an H.323 adjacency to a specific VPN.
Note
Example:
The vrf name under the adjacency must match the
context name.
host1/Admin(config-sbc-sbe-adj-h323)# vrf
my_vrf1
Step 3
Specifies the local IPv4 signaling address of the H.323
adjacency.
signaling-address ipv4
local_signaling_IP_address
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
signaling-address ipv4 88.88.101.11
Step 4
Specifies the local signaling port of the H.323 adjacency.
signaling-port port_num
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
signaling-port 1720
Step 5
remote-address ipv4 ipv4_IP_address/prefix
Restricts the set of remote signaling peers contacted over
the adjacency to those with the given IP address prefix.
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
remote-address ipv4 10.10.101.4 255.255.255.255
Step 6
Specifies the remote signaling peer for the H.323 adjacency
to use.
signaling-peer [gk] peer_address
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
signaling-peer gk 10.10.101.4
Step 7
Specifies the remote signaling-peer port for the H.323
adjacency to use.
signaling-peer-port port_num
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
signaling-peer-port 1720
Step 8
Defines the H.323 adjacency as belonging to an account on
an SBE.
account account_name
Example:
host1/Admin(config-sbc-sbe-adj-h323)# account
h323-vrf1
Step 9
media-bypass
(Optional) Configure the adjacency to allow media traffic to
bypass the DBE.
Example:
This command is optional and will only work on one
adjacency.
host1/Admin(config-sbc-sbe-adj-h323)#
media-bypass
Step 10
media-bypass-forbid
Configures the H.323 adjacency to forbid media traffic to
bypass the DBE.
Example:
If this is not configured, media traffic for calls originating
and terminating on this adjacency flows directly between
the endpoints and does not pass through the DBE, as long as
both adjacencies are on the same VPN.
host1/Admin(config-sbc-sbe-adj-h323)#
media-bypass-forbid
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-11
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 11
Command or Action
Purpose
attach
Attaches the adjacency.
Example:
host1/Admin(config-sbc-sbe-adj-h323)# attach
Associating a SIP Adjacency with a VRF
This task associates a SIP adjacency with a VPN.
SUMMARY STEPS
1.
adjacency sip adjacency-name
2.
vrf vrf_name
3.
signaling-address ipv4 local_signaling_IP_address
4.
signaling-port port_num
5.
remote-address ipv4 local_signaling_IP_address/prefix
6.
local-id host name
7.
signaling-peer [gk] peer_address
8.
signaling-peer-port port_num
9.
account account-name
10. media-bypass (optional)
11. media-bypass-forbid
12. attach
DETAILED STEPS
Step 1
Command or Action
Purpose
adjacency sip adjacency-name
Enters the mode of an SBE SIP adjacency.
•
Example:
Use the adjacency-name argument to define the name
of the service.
host1/Admin(config-sbc-sbe)# adjacency sip
sip_vrf1
host1/Admin(config-sbc-sbe-adj-sip)#
Step 2
vrf vrf_name
Ties an H.323 adjacency to a specific VPN.
Note
Example:
The vrf name under the adjacency must match the
context name.
host1/Admin(config-sbc-sbe-adj-sip)# vrf
my_vrf1
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-12
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 3
Command or Action
Purpose
signaling-address ipv4 ipv4_IP_address
Specifies the local IPv4 signaling address of the SIP
adjacency.
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
signaling-address ipv4 88.88.88.88.101.11
Step 4
Specifies the local signaling port of the SIP adjacency.
signaling-port port_num
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
signaling-port 5060
Step 5
remote-address ipv4 remote_IP_address/prefix
Restricts the set of remote signaling peers contacted over
the adjacency to those with the given IP address prefix.
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
remote-address ipv4 10.10.101.4 255.255.255.255
Step 6
Configures the local identity name on a SIP adjacency.
local-id host address
Example:
host1/Admin(config-sbc-sbe-adj-sip)# local-id
host 88.88.101.11
Step 7
Specifies the remote signaling peer for the SIP adjacency to
use.
signaling-peer [gk] peer_address
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
signaling-peer 10.10.101.4
Step 8
Specifies the remote signaling-peer port for the SIP
adjacency to use.
signaling-peer-port port_num
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
signaling-peer-port 5060
Step 9
Defines the SIP adjacency as belonging to an account on an
SBE.
account account_name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# account
sip-vrf1
Step 10
media-bypass
(Optional) Configures the adjacency to allow media traffic to
bypass the DBE.
Example:
This command is optional and only works on one adjacency.
host1/Admin(config-sbc-sbe-adj-sip)#
media-bypass
Step 11
media-bypass-forbid
Configures the SIP adjacency to forbid media traffic to
bypass the DBE.
Example:
If this is not configured, media traffic for calls originating
and terminating on this adjacency flows directly between
the endpoints and does not pass through the DBE, as long as
both adjacencies are on the same VPN.
host1/Admin(config-sbc-sbe-adj-sip)#
media-bypass-forbid
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-13
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
Step 12
Command or Action
Purpose
attach
Attaches the adjacency.
Example:
host1/Admin(config-sbc-sbe-adj-sip)# attach
Configuring DBE with VRF—Distributed Model Only
This task configures DBE with VRF in the distributed model.
SUMMARY STEPS
1.
configure
2.
sbc sbc-name
3.
dbe
4.
vdbe global
5.
unexpected-source-alerting
6.
local-port abcd
7.
control-address h248 ipv4 A.B.C.D
8.
controller h248 controller-index
9.
remote-address ipv4 remote-address
10. remote-port [port-num]
11. transport [udp | tcp]
12. attach-controllers
13. media-address pool ipv4 A.B.C.D E.F.G.H vrf vrfname
14. media-timeout timeout
15. overload-time-threshold time
16. deact-mode
17. activate
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-14
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Implementing Multi-VRF
DETAILED STEPS
Step 1
Command or Action
Purpose
configure
Accesses the configuration mode.
Example:
host1/Admin# configure
Step 2
Creates the SBC service on the SBC and enters into SBC
configuration mode.
sbc sbc-name
Example:
host1/Admin(config)# sbc mySbc
Step 3
Creates the DBE service on an SBC and enter into the
SBC-DBE configuration mode.
dbe
Example:
host1/Admin(config-sbc)# dbe
Step 4
Enters into vDBE configuration submode.
vdbe [global]
Note
Example:
host1/Admin(config-sbc-dbe)# vdbe
Step 5
In the initial release only one vDBE (the global
vDBE) is supported. The vdbe name is not required.
If specified, it must be global.
unexpected-source-alerting
Sets alerting for unexpected source addresses.
Example:
The no form of this command removes alerting for any
unexpected source addresses that are received.
host1/Admin(config-sbc-dbe-vdbe-global)#
unexpected-source-alerting
Step 6
Configures a DBE to use a specific local port.
local-port {abcd}
Example:
host1/Admin(config-sbc-dbe)# local-port 5090
Step 7
Configures a DBE to use a specific IPv4 H.248 control
address.
control-address h248 ipv4 A.B.C.D
Example:
host1/Admin(config-sbc-dbe)# control-address
h248 ipv4 10.0.0.1
Step 8
Identifies the H.248 controller for the DBE and enters into
Controller H.248 configuration mode.
controller h248 controller-index
Example:
host1/Admin(config-sbc-dbe)# controller h248 1
Step 9
remote-address ipv4 remote-address
Configures the IPv4 remote address of the H.248 controller.
Example:
host1/Admin(config-sbc-dbe-vdbe-h248)#
remote-address ipv4 1.1.1.1
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-15
Chapter 10
Implementing SBC Multi-VRF
Configuration Examples for Implementing Multi-VRF
Step 10
Command or Action
Purpose
remote-port [port-num]
Defines the port to connect to on the SBE for an H.248
controller.
Example:
host1/Admin(config-sbc-dbe-h248)# remote-port
2094
Step 11
Configures a DBE to use User Datagram Protocol (UDP) for
H.248 control signaling.
transport udp
Example:
host1/Admin(config-sbc-dbe-h248)# transport udp
Step 12
attach-controllers
Configure a DBE to attach to an H.248 controller.
Example:
host1/Admin(config-sbc-dbe)# attach-controllers
Step 13
media-address pool ipv4 A.B.C.D E.F.G.H vrf
vrfname
Create a pool of sequential IPv4 media addresses for an
IPv4 address associated with a specific VRF instance.
Note
Example:
The vrf name under the adjacency must match the
context name.
host1/Admin(config-sbc-dbe)# media-address pool
ipv4 10.10.10.1 10.10.10.20 vrf my_vrf1
Step 14
media-timeout timeout
Example:
Sets the maximum time a DBE waits after receiving the last
media packet on a call and before cleaning up the call
resources.
host1/Admin(config-sbc-dbe)# media-timeout 10
Step 15
overload-time-threshold time
Configures the threshold for media gateway (MG) overload
control detection.
Example:
host1/Admin(config-sbc-dbe)#
overload-time-threshold 400
Step 16
deact-mode normal
Example:
Specifies that the DBE of an SBC signals a service change
and terminates all calls upon deactivation of the DBE
service.
host1/Admin(config-sbc-dbe)# deactivation-mode
normal
Step 17
Initiates the SBC service.
activate
Example:
host1/Admin(config-sbc-dbe)# activate
Configuration Examples for Implementing Multi-VRF
This section provides the following configuration examples:
•
Configuring Multi-VRF: Example, page 10-17
•
Associating an H.323 Adjacency with a VRF: Example, page 10-18
•
Associating a SIP Adjacency with a VRF: Example, page 10-18
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-16
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Configuration Examples for Implementing Multi-VRF
•
Configuring DBE with VRF (Distributed Model Only): Example, page 10-21
Configuring Multi-VRF: Example
This sample configuration shows how the Service Virtual Interface (SVI) and adjacencies are added to
associate a VPN to them.
1.
Configure the line card interface associated with vrf my_vrf1 on Supervisor.
vrf definition my_vrf1
rd 55:1111
!
address-family ipv4
exit-address-family
!
2.
Configure the line card interface associated with vrf my_vrf1 on supervisor.
interface GigabitEthernet1/3
description ''Connected to CAT-3550-101 Fa 0/13 vlan919''
vrf forwarding my_vrf1
ip address 10.122.3.3 255.255.255.0
interface Vlan 99
vrf forwarding my_vrf1
ip address 99.101.1.1 255.255.255.0
!
3.
Configure the context on ACE card and assign the VLAN.
context my_vrf1
allocate-interface vlan 99
4.
Configure the FT group.
Note
You must configure the FT group 1 with the default (Admin) context (in this instance,
my_vrf1).
ft group 1
peer 1
priority 127
peer priority 126
associate-context my_vrf1
inservice
5.
Configure the interface on my_vrf1 context for which you need to use change to CLI for changing
the context.
ACE-101-UUT1-1/Admin# changeto my_vrf1
ACE-101-UUT1-1/my_vrf1#
interface vlan 99
ip address 99.101.1.2 255.255.255.0
alias 99.101.1.100 255.255.255.0
peer ip address 99.101.1.3 255.255.255.0
no shutdown
ip route 10.0.0.0 255.0.0.0 99.101.1.1
ip route 100.0.0.0 255.0.0.0 99.101.1.1
6.
Configure the DBE.
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-17
Chapter 10
Implementing SBC Multi-VRF
Configuration Examples for Implementing Multi-VRF
dbe
media-address pool ipv4 88.88.101.12
activate
88.88.101.15 vrf my_vrf1
DNS Query Configuration: Example
This sample configuration configures a DNS query.
context vrf110
allocate-interface vlan 110
context vrf120
allocate-interface vlan 120
sbc mysbc
sbe
sip dns
cache-lifetime 6000
cache-limit 100
...
adjacency sip sip1
vrf vrf110
...
adjacency sip sip2
vrf vrf120
...
host1/Admin# changeto vrf110
ip domain-lookup
ip domain-name test.com
ip name-server 192.168.110.2
host1/Admin# changeto vrf120
ip domain-lookup
ip domain-name test1.com
ip name-server 192.168.120.2
Associating an H.323 Adjacency with a VRF: Example
This sample configuration creates an H.323 adjacency associated with a VPN.
adjacency h323 h323my_vrf1
vrf my_vrf1
signaling-address ipv4 88.88.101.11
signaling-port 1720
remote-address ipv4 10.10.101.4 255.255.255.255
signaling-peer 10.10.101.4
signaling-peer-port 1720
account h323-my_vrf1
attach
Associating a SIP Adjacency with a VRF: Example
This example configuration creates a SIP adjacency associated with a VPN. Note that there is an ft group
configured for each context.
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-18
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Configuration Examples for Implementing Multi-VRF
ft interface vlan 99
ip address 10.10.10.15 255.255.255.0
peer ip address 10.10.10.16 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 100
heartbeat count 10
ft-interface vlan 99
ft group 1
peer 1
priority 127
peer priority 126
associate-context Admin
inservice
ip route 10.10.0.0 255.255.0.0 101.101.101.100 ip route 20.20.20.0 255.255.255.0
101.101.101.4
context vlan100
description vlan100
allocate-interface vlan 100
ft group 2
peer 1
priority 127
peer priority 126
associate-context vlan100
inservice
username admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/ role Admin domain
default-domain username www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/ role Admin
domain default-domain
sbc mysbc
sbe
adjacency sip 7200-1
vrf vlan100
inherit profile preset-core
preferred-transport udp
redirect-mode pass-through
authentication nonce timeout 300
signaling-address ipv4 101.101.101.3
signaling-port 5061
remote-address ipv4 0.0.0.0 0.0.0.0
signaling-peer 101.101.101.5
signaling-peer-port 5060
dbe-location-id 0
account sip-core
attach
adjacency sip 7200-2
vrf vlan100
inherit profile preset-access
preferred-transport udp
redirect-mode pass-through
authentication nonce timeout 300
signaling-address ipv4 101.101.101.3
signaling-port 5060
remote-address ipv4 0.0.0.0 0.0.0.0
signaling-peer 101.101.101.4
signaling-peer-port 5060
dbe-location-id 0
account sip-core
attach
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-19
Chapter 10
Implementing SBC Multi-VRF
Configuration Examples for Implementing Multi-VRF
adjacency sip 7200-3
vrf vlan100
nat force-on
inherit profile preset-core
preferred-transport udp
redirect-mode pass-through
authentication nonce timeout 300
signaling-address ipv4 101.101.101.3
signaling-port 5063
remote-address ipv4 0.0.0.0 0.0.0.0
signaling-peer 101.101.101.5
signaling-peer-port 5063
dbe-location-id 0
account sip-core
reg-min-expiry 3000
attach
sip inherit profile preset-standard-non-ims
retry-limit 3
call-policy-set 1
first-call-routing-table invite-table
first-reg-routing-table start-table
rtg-src-adjacency-table invite-table
entry 1
action complete
dst-adjacency 7200-2
match-adjacency 7200-3
entry 2
action complete
dst-adjacency 7200-3
match-adjacency 7200-2
rtg-src-adjacency-table start-table
entry 1
action complete
dst-adjacency 7200-1
match-adjacency 7200-2
entry 2
action complete
dst-adjacency 7200-2
match-adjacency 7200-1
complete
active-call-policy-set 1
network-id 2
sip max-connections 2
sip timer
tcp-idle-timeout 120000
tls-idle-timeout 3600000
udp-response-linger-period 32000
udp-first-retransmit-interval 500
udp-max-retransmit-interval 4000
invite-timeout 180
blacklist
global
redirect-limit 2
deact-mode normal
activate
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-20
OL-13499-04
Chapter 10
Implementing SBC Multi-VRF
Configuration Examples for Implementing Multi-VRF
dbe
media-address ipv4 101.101.101.160 vrf vlan100 port-range 11000 20000 any
location-id 0
media-timeout 30
deact-mode normal
activate
newace4/Admin# changeto vlan100
newace4/vlan100# sh run
Generating configuration....
interface vlan 100
ip address 101.101.101.1 255.255.255.0
alias 101.101.101.3 255.255.255.0
peer ip address 101.101.101.2 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 101.101.101.100
Configuring DBE with VRF (Distributed Model Only): Example
In this example, a context called my_vrf1 is created and a VLAN is allocated for my_vrf1.
context my_vrf1
allocate-interface vlan 97
A fault-tolerant group is created and associated with the context my_vrf1.
ft group 2
peer 1
priority 127
peer priority 126
associate-context my_vrf1
inservice
An SBC is configured with a media address associated to the my_vrf1 context.
sbc j
dbe
vdbe global
unexpected-source-alerting
local-port 2985
control-address h248 ipv4 87.87.29.100
controller h248 1
remote-address ipv4 200.200.200.123
remote-port 2985
transport udp
attach-controllers
media-address ipv4 97.97.29.100 vrf my_vrf1
media-address pool ipv4 87.87.29.100 87.87.29.101
media-timeout 3600
Cisco 7600 Series Routers Session Border Controller Configuration Guide
OL-13499-04
10-21
Chapter 10
Implementing SBC Multi-VRF
Configuration Examples for Implementing Multi-VRF
overload-time-threshold 100
deact-mode normal
activate
(in the newly created context my_vrf1)
An VLAN interface is created
interface vlan 97
ip address 97.97.29.2 255.255.255.0
alias 97.97.29.100 255.255.255.0
peer ip address 97.97.29.252 255.255.255.0
no shutdown
ip route 200.200.200.0 255.255.255.0 97.97.29.1
ip route 20.20.29.0 255.255.255.0 97.97.29.1
The VLAN interface is associated with my_vrf1 on the supervisor engine:
interface Vlan 97
vrf forwarding my_vrf1
ip address 97.97.29.1 255.255.255.0
Cisco 7600 Series Routers Session Border Controller Configuration Guide
10-22
OL-13499-04