Configure Header Manipulation Rules

Acme SBC Header Manipulation Rules Configuration Guide

TransNexus VoIP Interconnect Solutions

Document Purpose

This document has been created to assist an ACME operator with configuring the SBC to use Header Manipulation Rules (HMR). This document assumes that the “sip-interface” configuration and at least one realm already exist on the Acme SBC.

Preparations

Install OSPrey Package software package obtained from TransNexus, Inc. on a Linux server.

Acme Packet SBC Configuration

Rules for Adding P-Source Device

The sip-manipulation feature allows Acme SBC to add, modify, and delete SIP headers and SIP header elements. In the configuration, SIP header manipulation rules are used to insert the source device IP information into the INVITE messages to the SIP redirect server. It is important to note that the Acme SBC should not insert the source device IP information into the messages that are sent to the destinations.

The following HMR should be used by sip-interface->in-manipulation. It inserts a P-Source-Device header with the value of the top most Via of the inbound SIP INVITE message.

acmesystem# configuration terminal
acmesystem(configure)# session-router 
acmesystem(session-router)# sip-manipulation 
acmesystem(sip-manipulation)# name inHMR
acmesystem(sip-manipulation)# header-rules 
acmesystem(sip-header-rules)# name addSrcDev
acmesystem(sip-header-rules)# header-name P-Source-Device
acmesystem(sip-header-rules)# action add
acmesystem(sip-header-rules)# comparison-type case-sensitive
acmesystem(sip-header-rules)# msg-type request
acmesystem(sip-header-rules)# methods INVITE
acmesystem(sip-header-rules)# new-value $REMOTE_VIA_HOST
acmesystem(sip-header-rules)# done
header-rule
name addSrcDev
header-name P-Source-Device
action add
comparison-type case-sensitive
msg-type request
methods INVITE
match-value 
new-value $REMOTE_VIA_HOST
acmesystem(sip-header-rules)# exit
acmesystem(sip-manipulation)# done
sip-manipulation
name inHMR
description 
split-headers 
join-headers 
header-rule
name addSrcDev
header-name P-Source-Device
action add
comparison-type case-sensitive
msg-type request
methods INVITE
match-value 
new-value $REMOTE_VIA_HOST
last-modified-by admin@172.16.4.7
last-modified-date 2011-04-06 21:35:11
acmesystem(sip-manipulation)# exit
acmesystem(session-router)# exit
acmesystem(configure)# done
acmesystem# verify 
Verification successful! No errors nor warnings in the configuration
acmesystem# save-config 
checking configuration
Save-Config received, processing.
waiting for request to finish
Request to 'SAVE-CONFIG' has Finished, 
Save complete
Currently active and saved configurations do not match!
To sync & activate, run 'activate-config' or 'reboot activate'.
acmesystem# activate-config 
Activate-Config received, processing.
waiting for request to finish
Request to 'ACTIVATE-CONFIG' has Finished, 
Activate Complete
acmesystem#

Rules for Removing P-Source Device

The following HMR should be used by sip-interface->out-manipulation. It removes the P-Source-Device header that the HMR inserts from the INVITE messages to the hosts other than the redirect server. The purpose of this HMR is to prevent the Acme SBC from sending the source device IP address information to the destinations.

acmesystem# configuration terminal
acmesystem(configure)# session-router 
acmesystem(session-router)# sip-manipulation
acmesystem(sip-manipulation)# name outHMR
acmesystem(sip-manipulation)# header-rules 
acmesystem(sip-header-rules)# name isToProxy
acmesystem(sip-header-rules)# header-name request-uri
acmesystem(sip-header-rules)# action store
acmesystem(sip-header-rules)# msg-type request
acmesystem(sip-header-rules)# methods INVITE
acmesystem(sip-header-rules)# element-rules 
acmesystem(sip-element-rules)# name isProxy
acmesystem(sip-element-rules)# type uri-host
acmesystem(sip-element-rules)# action store
acmesystem(sip-element-rules)# match-value sipproxy
acmesystem(sip-element-rules)# done
element-rule
name isProxy
parameter-name 
type uri-host
action store
match-val-type any
comparison-type case-sensitive
match-value sipproxy
new-value
acmesystem(sip-element-rules)# exit
acmesystem(sip-header-rules)# done
header-rule
name isToProxy
header-name request-uri
action store
comparison-type case-sensitive
msg-type request
methods INVITE
match-value 
new-value 
element-rule
name isProxy
parameter-name 
type uri-host
action store
match-val-type any
comparison-type case-sensitive
match-value sipproxy
new-value
acmesystem(sip-header-rules)# name delSrcDev
acmesystem(sip-header-rules)# header-name P-Source-Device
acmesystem(sip-header-rules)# action delete
acmesystem(sip-header-rules)# comparison-type Boolean
acmesystem(sip-header-rules)# msg-type request
acmesystem(sip-header-rules)# methods INVITE
acmesystem(sip-header-rules)# match-value !$isToProxy.$isProxy
acmesystem(sip-header-rules)# done
header-rule
name delSrcDev
header-name P-Source-Device
action delete
comparison-type boolean
msg-type request
methods INVITE
match-value !$isToProxy.$isProxy
new-value
acmesystem(sip-header-rules)# exit
acmesystem(sip-manipulation)# done
sip-manipulation
name outHMR
description 
split-headers 
join-headers 
header-rule
name isToProxy
header-name request-uri
action store
comparison-type case-sensitive
msg-type request
methods INVITE
match-value 
new-value 
element-rule
name isProxy
parameter-name 
type uri-host
action store
match-val-type any
comparison-type case-sensitive
match-value sipproxy
new-value
header-rule
name delSrcDev
header-name P-Source-Device
action delete
comparison-type boolean
msg-type request
methods INVITE
match-value !$isToProxy.$isProxy
new-value
last-modified-by admin@172.16.4.7
last-modified-date 2011-04-11 15:16:13
acmesystem(sip-manipulation)# exit
acmesystem(session-router)# exit
acmesystem(configure)# done
acmesystem# verify 
Verification successful! No errors nor warnings in the configuration
acmesystem# save-config 
checking configuration
Save-Config received, processing.
waiting for request to finish
Request to 'SAVE-CONFIG' has Finished, 
Save complete
Currently active and saved configurations do not match!
To sync & activate, run 'activate-config' or 'reboot activate'.
acmesystem# activate-config 
Activate-Config received, processing.
waiting for request to finish
Request to 'ACTIVATE-CONFIG' has Finished, 
Activate Complete

Edit “sip-interface” to include new Header Manipulation Rules

acmesystem# conf t
acmesystem(configure)# session-router 
acmesystem(session-router)# sip-interface 
acmesystem(sip-interface)# select
<realm-id>: 
1: acmerealm 172.16.4.146:5060
selection: 1
acmesystem(sip-interface)# in-manipulationid inHMR
acmesystem(sip-interface)# out-manipulationid outHMR
acmesystem(sip-interface)# done
sip-interface
state enabled
realm-id acmerealm
description 
sip-port
address 172.16.4.146
port 5060
transport-protocol UDP
tls-profile 
allow-anonymous all
ims-aka-profile
carriers 
trans-expire 0
invite-expire 0
max-redirect-contacts 0
proxy-mode 
redirect-action Recurse
contact-mode none
nat-traversal none
nat-interval 30
tcp-nat-interval 90
registration-caching disabled
min-reg-expire 300
registration-interval 3600
route-to-registrar disabled
secured-network disabled
teluri-scheme disabled
uri-fqdn-domain 
trust-mode all
max-nat-interval 3600
nat-int-increment 10
nat-test-increment 30
sip-dynamic-hnt disabled
stop-recurse 401,407
port-map-start 0
port-map-end 0
in-manipulationid inHMR
out-manipulationid outHMR
manipulation-string 
manipulation-pattern 
sip-ims-feature disabled
operator-identifier 
anonymous-priority none
max-incoming-conns 0
per-src-ip-max-incoming-conns 0
inactive-conn-timeout 0
untrusted-conn-timeout 0
network-id 
ext-policy-server 
default-location-string 
charging-vector-mode pass
charging-function-address-mode pass
ccf-address 
ecf-address 
term-tgrp-mode none
implicit-service-route disabled
rfc2833-payload 101
rfc2833-mode transparent
constraint-name 
response-map 
local-response-map 
ims-aka-feature disabled
enforcement-profile 
route-unauthorized-calls 
tcp-keepalive none
add-sdp-invite disabled
add-sdp-profiles 
sip-profile 
sip-isup-profile 
last-modified-by admin@172.16.4.7
last-modified-date 2011-04-11 15:18:23
acmesystem(sip-interface)# exit
acmesystem(session-router)# exit
acmesystem(configure)# done
acmesystem# verify
Verification successful! No errors nor warnings in the configuration
acmesystem# save-config 
checking configuration
Save-Config received, processing.
waiting for request to finish
Request to 'SAVE-CONFIG' has Finished, 
Save complete
Currently active and saved configurations do not match!
To sync & activate, run 'activate-config' or 'reboot activate'.
acmesystem# activate-config 
Activate-Config received, processing.
waiting for request to finish
Request to 'ACTIVATE-CONFIG' has Finished, 
Activate Complete

Adding ‘session-agent’ element to define redirect proxy

The session-agent element defines a signaling endpoint that can be configured to apply traffic shaping attributes and information regarding next hops or previous hops. Only one session-agent for the SIP redirect server is configured.

  • hostname: device name. It is also be used by HMR.

  • ip-address: IP address

  • realm-id: The realm that this device belongs to.

acmesystem# configure terminal 
acmesystem(configure)# session-router 
acmesystem(session-router)# session-agent 
acmesystem(session-agent)# hostname sipproxy
acmesystem(session-agent)# ip-address 172.16.4.71
acmesystem(session-agent)# realm-id acmerealm
acmesystem(session-agent)# done
session-agent
hostname sipproxy
ip-address 172.16.4.71
port 5060
state enabled
app-protocol SIP
app-type 
transport-method UDP
realm-id acmerealm
egress-realm-id 
description 
carriers 
allow-next-hop-lp enabled
constraints disabled
max-sessions 0
max-inbound-sessions 0
max-outbound-sessions 0
max-burst-rate 0
max-inbound-burst-rate 0
max-outbound-burst-rate 0
max-sustain-rate 0
max-inbound-sustain-rate 0
max-outbound-sustain-rate 0
min-seizures 5
min-asr 0
time-to-resume 0
ttr-no-response 0
in-service-period 0
burst-rate-window 0
sustain-rate-window 0
req-uri-carrier-mode None
proxy-mode 
redirect-action 
loose-routing enabled
send-media-session enabled
response-map 
ping-method 
ping-interval 0
ping-send-mode keep-alive
ping-all-addresses disabled
ping-in-service-response-codes 
out-service-response-codes 
media-profiles 
in-translationid 
out-translationid 
trust-me disabled
request-uri-headers 
stop-recurse 
local-response-map 
ping-to-user-part 
ping-from-user-part 
li-trust-me disabled
in-manipulationid 
out-manipulationid 
manipulation-string 
manipulation-pattern 
p-asserted-id 
trunk-group 
max-register-sustain-rate 0
early-media-allow 
invalidate-registrations disabled
rfc2833-mode none
rfc2833-payload 0
codec-policy 
enforcement-profile 
refer-call-transfer disabled
reuse-connections NONE
tcp-keepalive none
tcp-reconn-interval 0
max-register-burst-rate 0
register-burst-window 0
sip-profile 
sip-isup-profile 
last-modified-by admin@172.16.4.7
last-modified-date 2011-04-12 14:17:50
acmesystem(session-agent)# exit
acmesystem(session-router)# exit
acmesystem(configure)# done
acmesystem# verify
Verification successful! No errors nor warnings in the configuration
acmesystem# save-config 
checking configuration
Save-Config received, processing.
waiting for request to finish
Request to 'SAVE-CONFIG' has Finished, 
Save complete
Currently active and saved configurations do not match!
To sync & activate, run 'activate-config' or 'reboot activate'.
acmesystem# activate-config 
Activate-Config received, processing.
waiting for request to finish
Request to 'ACTIVATE-CONFIG' has Finished, 
Activate Complete

Show final “sip-manipulation” configuration

acmesystem# show running-config sip-manipulation 
sip-manipulation
name inHMR
description 
split-headers 
join-headers 
header-rule
name addSrcDev
header-name P-Source-Device
action add
comparison-type case-sensitive
msg-type request
methods INVITE
match-value 
new-value $REMOTE_VIA_HOST
last-modified-by admin@172.16.4.7
last-modified-date 2011-04-06 21:35:11
sip-manipulation
name outHMR
description 
split-headers 
join-headers 
header-rule
name isToProxy
header-name request-uri
action store
comparison-type case-sensitive
msg-type request
methods INVITE
match-value 
new-value 
element-rule
name isProxy
parameter-name 
type uri-host
action store
match-val-type any
comparison-type case-sensitive
match-value sipproxy
new-value
header-rule
name delSrcDev
header-name P-Source-Device
action delete
comparison-type boolean
msg-type request
methods INVITE
match-value !$isToProxy.$isProxy
new-value
last-modified-by admin@172.16.4.7
last-modified-date 2011-04-11 15:16:13
task done

Show final “sip-interface” configuration

acmesystem# show running-config sip-interface 
sip-interface
state enabled
realm-id acmerealm
description 
sip-port
address 172.16.4.146
port 5060
transport-protocol UDP
tls-profile 
allow-anonymous all
ims-aka-profile
carriers 
trans-expire 0
invite-expire 0
max-redirect-contacts 0
proxy-mode 
redirect-action Recurse
contact-mode none
nat-traversal none
nat-interval 30
tcp-nat-interval 90
registration-caching disabled
min-reg-expire 300
registration-interval 3600
route-to-registrar disabled
secured-network disabled
teluri-scheme disabled
uri-fqdn-domain 
trust-mode all
max-nat-interval 3600
nat-int-increment 10
nat-test-increment 30
sip-dynamic-hnt disabled
stop-recurse 401,407
port-map-start 0
port-map-end 0
in-manipulationid inHMR
out-manipulationid outHMR
manipulation-string 
manipulation-pattern 
sip-ims-feature disabled
operator-identifier 
anonymous-priority none
max-incoming-conns 0
per-src-ip-max-incoming-conns 0
inactive-conn-timeout 0
untrusted-conn-timeout 0
network-id 
ext-policy-server 
default-location-string 
charging-vector-mode pass
charging-function-address-mode pass
ccf-address 
ecf-address 
term-tgrp-mode none
implicit-service-route disabled
rfc2833-payload 101
rfc2833-mode transparent
constraint-name 
response-map 
local-response-map 
ims-aka-feature disabled
enforcement-profile 
route-unauthorized-calls 
tcp-keepalive none
add-sdp-invite disabled
add-sdp-profiles 
sip-profile 
sip-isup-profile 
last-modified-by admin@172.16.4.7
last-modified-date 2011-04-11 15:18:23
task done...

Show final “session-agent” configuration

acmesystem# show configuration session-agent 
session-agent
hostname sipproxy
ip-address 172.16.4.71
port 5060
state enabled
app-protocol SIP
app-type 
transport-method UDP
realm-id acmerealm
egress-realm-id 
description 
carriers 
allow-next-hop-lp enabled
constraints disabled
max-sessions 0
max-inbound-sessions 0
max-outbound-sessions 0
max-burst-rate 0
max-inbound-burst-rate 0
max-outbound-burst-rate 0
max-sustain-rate 0
max-inbound-sustain-rate 0
max-outbound-sustain-rate 0
min-seizures 5
min-asr 0
time-to-resume 0
ttr-no-response 0
in-service-period 0
burst-rate-window 0
sustain-rate-window 0
req-uri-carrier-mode None
proxy-mode 
redirect-action 
loose-routing enabled
send-media-session enabled
response-map 
ping-method 
ping-interval 0
ping-send-mode keep-alive
ping-all-addresses disabled
ping-in-service-response-codes 
out-service-response-codes 
media-profiles 
in-translationid 
out-translationid 
trust-me disabled
request-uri-headers 
stop-recurse 
local-response-map 
ping-to-user-part 
ping-from-user-part 
li-trust-me disabled
in-manipulationid 
out-manipulationid 
manipulation-string 
manipulation-pattern 
p-asserted-id 
trunk-group 
max-register-sustain-rate 0
early-media-allow 
invalidate-registrations disabled
rfc2833-mode none
rfc2833-payload 0
codec-policy 
enforcement-profile 
refer-call-transfer disabled
reuse-connections NONE
tcp-keepalive none
tcp-reconn-interval 0
max-register-burst-rate 0
register-burst-window 0
sip-profile 
sip-isup-profile 
last-modified-by admin@172.16.4.7
last-modified-date 2011-04-12 14:17:50
task done

To configure SIP header manipulation rules:

  • name - Enter the unique identifier for this SIP HMR. There is no default for this value.

  • header-name - Enter the name of the header on which you want the Net-Net SBC to use this HMR. There is no default for this parameter. Set this parameter to @status-line, where the at-sign (@)-not allowed in SIP

  • header names - To prevent undesired matches with header having the name “status-code”.

  • msg-type - Specify the type of message to which this SIP HMR will be applied. There is no default for this parameter.

  • methods - Enter the method type to use when this SIP HMR is used, such as INVITE, ACK, or CANCEL. When you do not set the method, the Net-Net SBC applies the rule across all SIP methods.

  • comparison-type - Enter the way that you want SIP headers to be compared from one of the available. The default is case-sensitive. This choice dictates how the Net-Net SBC processes the match rules against the SIP header.

    • case-sensitive

    • case-insensitive

    • pattern-rule

  • action - Enter the action that you want this rule to perform on the SIP header:

    • add

    • delete

    • manipulate

    • store

    • none

Remember that you should enter rules with the action type store before you enter rules with other types of actions. When you set the action type to store, the Net-Net SBC always treats the match value you enter as a regular expression. As a default, the regular expression it uses for the match value is .+ (which indicates a match value of at least one character), unless you set a more specific regular expression match value.

  • match-value - Enter the value to match against the header value in SIP packets; the Net-Net SBC matches these against the entire SIP header value. This is where you can enter values to match using regular expression values. Your entries can contain Boolean operators.

  • new-value - When the action parameter is set to add or to manipulate, enter the new value that you want to substitute for the entire header value. This is where you can set stored regular expression values for the Net-Net SBC to use when it adds or manipulates SIP headers.