Configuring Avi Vantage for SIP Application

Overview

Starting with release 17.2.10, Avi Vantage supports SIP integration.

This document discusses the CLI configuration required on Avi Vantage for supporting SIP applications.

About SIP

Session Initiation Protocol (SIP) is a communication protocol used for signalling and controlling sessions for VoIP and instant messaging applications. SIP is used for establishing unicast or multicast sessions between the users and also for setting up and terminating voice or video calls. This protocol is independent of the underlying transport protocol and can be used with UDP, TCP, and SCTP. For secure transmissions, SIP is encrypted using TLS. Session Description Protocol (SDP) in SIP specifies the media format. The media streams use either Real-time Transport Protocol (RTP) or Secure RTP (SRTP).

User agent (UA) is a logical network endpoint used to create or receive SIP messages. In most implementation, the setup involves user agents and a proxy, such as session border controller (SBC).

A SIP client uses the following four-way mechanism to register with the server:

  1. The UA client (UAC) , which is the SIP client, initiates a request. The requests are always keywords, such as, REGISTER, INVITE, or BYE.
  2. The UA server (UAS) responds with a challenge.
  3. The client responds with a request and the token (depending on the public or private key encryption model).
  4. The server will then authenticate using the token and respond with an OK.

For complete information on SIP and associated call flow, refer to the SIP RFC.

Integrating Avi Vantage with SIP Applications

The following is a call workflow when an user agent (UA1) tries to establish a call with another user agent (UA2):

  1. UA1 ——> (INVITE) ——–> Proxy
  2. Proxy —-> (100 TRYING) —-> UA1
  3. Proxy —-> (INVITE) ——–> UA2
  4. UA2 ——> (180 RINGING) —> Proxy
  5. Proxy —-> (180 RINGING) —> UA1
  6. UA2 ——> (Off hook) ——> Proxy
  7. UA2 ——> (200 OK) ——–> Proxy
  8. Proxy —-> (200 OK) ——–> UA1

Avi Vantage is deployed between the proxy and the value added services (VAS), where the SIP request and the response are transmitted through a parser and the call ID is hashed. Avi Vantage also monitors the server health and so the invite need not be re-transmitted.

Supported Features

Currently, SIP implementation has been validated on OpenStack No-Access and VMware clouds, but it is not restricted to a specific cloud type. The following are the features supported for this integration:

  • Load balancing SIP over IPV4.
  • Interoperability over UDP which translates to interoperability with CSCF and the application servers.
  • UDP proxy network profile.
  • SIP virtual service application profile, which uses either UDP proxy network profile or TCP proxy network profile.
  • SIP virtual service over UDP proxy.
  • Consistent-hash load balancing based on unique call ID.
  • SIP health monitor to detect SIP server failures.

SIP-related configuration is currently supported only on the CLI.

Limitations

Currently the following features are not supported for SIP:

  • Preserve client IP for SIP virtual service and application profile
  • Inline health monitoring
  • SIP TLS and encryption
  • Record route option
  • TCP health monitor
  • IPv6

Configuring Avi Vantage for SIP

Follow the steps below to configure Avi Vantage for SIP applications:

  1. Cloud Configuration
  2. Application Profile Configuration
  3. UDP Network Profile Configuration
  4. Health Monitor Configuration
  5. Pool Configuration
  6. Virtual Service Configuration

Cloud Configuration

Configure a cloud particularly for SIP using the configure cloud command.


    [admin:10-X-X-X]: > configure cloud cloud_sip
    Updating an existing object. Currently, the object is:
    +------------------------------+--------------------------------------------+
    | Field                        | Value                                      |
    +------------------------------+--------------------------------------------+
    | uuid                         | cloud-20342e0f-a6a7-4dfe-b90d-1797d39bcc78 |
    | name                         | cloud_sip                                  |
    | vtype                        | CLOUD_NONE                                 |
    | apic_mode                    | False                                      |
    | dhcp_enabled                 | False                                      |
    | mtu                          | 1500 bytes                                 |
    | prefer_static_routes         | False                                      |
    | enable_vip_static_routes     | False                                      |
    | license_type                 | yLIC_CORES                                 |
    | state_based_dns_registration | True                                       |
    | tenant_ref                   | admin                                      |
    | license_tier                 | ENTERPRISE_18                              |
    +------------------------------+--------------------------------------------+
    

Configure the underlying cloud setup as per your requirements. Refer to the following links for the cloud specific configuration:

Note: For OpenStack No-Access clouds, security group rules should be configured to allow the required SIP ports (5060/5061 or any non-default ports).

The following instance displays a vCenter cloud configuration:


[admin:10-X-X-X]: > show cloud cloud_sip
+------------------------------+--------------------------------------------+
| Field                        | Value                                      |
+------------------------------+--------------------------------------------+
| uuid                         | cloud-20342e0f-a6a7-4dfe-b90d-1797d39bcc78 |
| name                         | cloud_sip                                  |
| vtype                        | CLOUD_VCENTER                              |
| vcenter_configuration        |                                            |
|   username                   | root                                       |
|   password                   | password                                   |
|   vcenter_url                | 10.1.1.1                                   |
|   privilege                  | WRITE_ACCESS                               |
|   datacenter                 | SantaClara                                 |
| apic_mode                    | False                                      |
| dhcp_enabled                 | False                                      |
| mtu                          | 1500 bytes                                 |
| prefer_static_routes         | False                                      |
| enable_vip_static_routes     | False                                      |
| license_type                 | LIC_CORES                                  |
| state_based_dns_registration | True                                       |
| tenant_ref                   | admin                                      |
| license_tier                 | ENTERPRISE_18                              |
+------------------------------+--------------------------------------------+

Application Profile Configuration

Configure the SIP application profile using the configure applicationprofile command with the following fields:

  • type – APPLICATION_PROFILE_TYPE_SIP
  • sip_service_profile
    • transaction_timeout

The following is an example of configuring a SIP specific application profile:


[admin:10-X-X-X]: > configure applicationprofile sip_app
[admin:10-X-X-X]: applicationprofile> type APPLICATION_PROFILE_TYPE_SIP
[admin:10-X-X-X]: applicationprofile> sip_service_profile
[admin:10-X-X-X]: applicationprofile:sip_service_profile> transaction_timeout 50
[admin:10-X-X-X]: applicationprofile:sip_service_profile> save
 

+-----------------------+---------------------------------------------------------+
| Field                 | Value                                                   |
+-----------------------+---------------------------------------------------------+
| uuid                  | applicationprofile-60836d31-4291-4882-a50b-0c60a63766fb |
| name                  | sip_app                                                 |
| type                  | APPLICATION_PROFILE_TYPE_SIP                            |
| preserve_client_ip    | False                                                   |
| preserve_client_port  | False                                                   |
| sip_service_profile   |                                                         |
|   transaction_timeout | 50 sec                                                  |
| tenant_ref            | admin                                                   |
+-----------------------+---------------------------------------------------------+

UDP Network Profile Configuration

Configure the System-UDP-Proxy network profile using the configure networkprofile command with the following fields:

  • profile
    • udp_proxy_profile
      • session_idle_timeout

The following is an example of configuring UDP network profile:


[admin:10-X-X-X]: > configure networkprofile System-UDP-Proxy
[admin:10-X-X-X]: networkprofile> profile
[admin:10-X-X-X]: networkprofile:profile> udp_proxy_profile
[admin:10-X-X-X]: networkprofile:profile:udp_proxy_profile> session_idle_timeout 60
[admin:10-X-X-X]: networkprofile:profile:udp_proxy_profile> save
[admin:10-X-X-X]: networkprofile> save

+--------------------------+-----------------------------------------------------+
| Field                    | Value                                               |
+--------------------------+-----------------------------------------------------+
| uuid                     | networkprofile-c2c639ef-b51f-4b17-afd7-584a3752343b |
| name                     | System-UDP-Proxy                                    |
| profile                  |                                                     |
| type                     | PROTOCOL_TYPE_UDP_PROXY                             |
| udp_proxy_profile        |                                                     |
| session_idle_timeout     | 60 sec                                              |
| tenant_ref               | admin                                               |
+--------------------------+-----------------------------------------------------+

Health Monitor Configuration

Configure the SIP specific health monitor using the configure healthmonitor command with the following fields:

  • type – health_monitor_sip
  • sip_monitor
    • sip_request_code
    • sip_response

The following is an example of configuring SIP specific health monitor with other additional options:


[admin:10-X-X-X]: > configure healthmonitor System-Sip-custom

[admin:10-X-X-X]: healthmonitor> type health_monitor_sip

Overwriting the previously entered value for type
[admin:10-X-X-X]: healthmonitor> send_interval 10
Overwriting the previously entered value for send_interval
[admin:10-X-X-X]: healthmonitor> receive_timeout 4
Overwriting the previously entered value for receive_timeout
[admin:10-X-X-X]: healthmonitor> successful_checks 2
Overwriting the previously entered value for successful_checks
[admin:10-X-X-X]: healthmonitor> failed_checks 2
Overwriting the previously entered value for failed_checks

[admin:10-X-X-X]: healthmonitor> sip_monitor
[admin:10-X-X-X]: healthmonitor:sip_monitor> sip_request_code sip_options
Overwriting the previously entered value for sip_request_code
[admin:10-X-X-X]: healthmonitor:sip_monitor> sip_response "SIP"
Overwriting the previously entered value for sip_response
[admin:10-X-X-X]: healthmonitor:sip_monitor> save
[admin:10-X-X-X]: healthmonitor> save

+--------------------+----------------------------------------------------+
| Field              | Value                                              |
+--------------------+----------------------------------------------------+
| uuid               | healthmonitor-25bb24ce-9f5e-4c44-9d4b-2848e774343e |
| name               | System-Sip-custom                                  |
| send_interval      | 10 sec                                             |
| receive_timeout    | 4 sec                                              |
| successful_checks  | 2                                                  |
| failed_checks      | 2                                                  |
| type               | HEALTH_MONITOR_SIP                                 |
| sip_monitor        |                                                    |
|   sip_request_code | SIP_OPTIONS                                        |
|   sip_response     | SIP                                                |
| is_federated       | False                                              |
| tenant_ref         | admin                                              |
+--------------------+----------------------------------------------------+

Pool Configuration

Configure the SIP pool using the configure pool command with the following fields:

  • default_server_pool – 5060
  • lb_algorithm_hash – LB_ALGORITHM_CONSISTENT_HASH_CALLID
  • health_monitor_ref – The health monitor configured in the previous section, System-Sip-Custom
  • servers
    • ip

The following is an example of configuring a SIP specific pool:


[admin:10-X-X-X]: > configure pool sip_pool
[admin:10-X-X-X]: pool> default_server_port 5060
[admin:10-X-X-X]: pool> servers
New object being created
[admin:10-X-X-X]: pool:servers> ip 10.2.2.2
[admin:10-X-X-X]: pool:servers> exit
[admin:10-X-X-X]: pool> lb_algorithm LB_ALGORITHM_CONSISTENT_HASH
[admin:10-X-X-X]: pool> lb_algorithm_hash LB_ALGORITHM_CONSISTENT_HASH_CALLID 
[admin:10-X-X-X]: pool> health_monitor_refs System-Sip-custom
[admin:10-X-X-X]: pool> save

+---------------------------------------+-------------------------------------------+
| Field                                 | Value                                     |
+---------------------------------------+-------------------------------------------+
| uuid                                  | pool-c9786d78-66a2-4d89-9218-7140c009c68d |
| name                                  | sip_pool                                  |
| default_server_port                   | 5060                                      |
| graceful_disable_timeout              | 1 min                                     |
| connection_ramp_duration              | 10 min                                    |
| max_concurrent_connections_per_server | 0                                         |
| health_monitor_refs[1]                | System-Sip_Custom                         |
| servers[1]                            |                                           |
|   ip                                  | 10.2.2.2                                  |
|   hostname                            | 10.2.2.2                                  |
|   enabled                             | True                                      |
|   ratio                               | 1                                         |
|   verify_network                      | False                                     |
|   discovered_networks[1]              |                                           |
|     network_ref                       | NA                                        |
|     subnet[1]                         | 10.140.12.1/32                            |
|   resolve_server_by_dns               | False                                     |
|   static                              | False                                     |
|   rewrite_host_header                 | False                                     |
| server_count                          | 1                                         |
| lb_algorithm                          | LB_ALGORITHM_CONSISTENT_HASH            |
| lb_algorithm_hash                     | LB_ALGORITHM_CONSISTENT_HASH_CALLID       |
| inline_health_monitor                 | True                                      |
| use_service_port                      | False                                     |
| capacity_estimation                   | False                                     |
| server_auto_scale                     | False                                     |
| vrf_ref                               | global                                    |
| fewest_tasks_feedback_delay           | 10 sec                                    |
| enabled                               | True                                      |
| request_queue_enabled                 | False                                     |
| request_queue_depth                   | 128                                       |
| host_check_enabled                    | False                                     |
| sni_enabled                           | True                                      |
| rewrite_host_header_to_sni            | False                                     |
| rewrite_host_header_to_server_name    | False                                     |
| lb_algorithm_core_nonaffinity         | 2                                         |
| lookup_server_by_name                 | False                                     |
| tenant_ref                            | admin                                     |
| cloud_ref                             | Default-Cloud                             |
+---------------------------------------+-------------------------------------------+

Virtual Service Configuration

Configure the SIP virtual service using the configure virtualservice command with the following fields:

  • services
    • port – 5060
    • port_range_end – 5060
  • vip
    • ip_address
  • application_profile_ref – application profile created in the earlier section sip_app
  • pool_ref – pool created in the earlier section sip_pool
  • network_profile_ref – network profile created in the earlier section System-UDP-Proxy

[admin:10-X-X-X]: > configure virtualservice sip_vs
[admin:10-X-X-X]: virtualservice> services
New object being created
[admin:10-X-X-X]: virtualservice:services> port 5060
[admin:10-X-X-X]: virtualservice:services> port_range_end 5060
[admin:10-X-X-X]: virtualservice:services> exit

[admin:10-X-X-X]: virtualservice> vip
New object being created
[admin:10-X-X-X]: virtualservice:vip> ip_address 10.10.10.10
[admin:10-X-X-X]: virtualservice:vip> exit


[admin:10-X-X-X]: virtualservice> application_profile_ref sip_app
[admin:10-X-X-X]: virtualservice> pool_ref sip_pool

[admin:10-X-X-X]: virtualservice> network_profile_ref System-UDP-Proxy
[admin:10-X-X-X]: virtualservice> save


+------------------------------------+-----------------------------------------------------+
| Field                              | Value                                               |
+------------------------------------+-----------------------------------------------------+
| uuid                               | virtualservice-8f25448f-4b89-46fb-a3e3-34719933160a |
| name                               | sip_vs                                              |
| enabled                            | True                                                |
| services[1]                        |                                                     |
|   port                             | 5060                                                |
|   enable_ssl                       | False                                               |
|   port_range_end                   | 5060                                                |
| application_profile_ref            | sip_app                                             |
| network_profile_ref                | System-UDP-Proxy                                    |
| pool_ref                           | sip_pool                                            |
| se_group_ref                       | Default-Group                                       |
| vrf_context_ref                    | global                                              |
| enable_autogw                      | True                                                |
| analytics_profile_ref              | System-Analytics-Profile                            |
| weight                             | 1                                                   |
| delay_fairness                     | False                                               |
| max_cps_per_client                 | 0                                                   |
| limit_doser                        | False                                               |
| type                               | VS_TYPE_NORMAL                                      |
| cloud_type                         | CLOUD_NONE                                          |
| use_bridge_ip_as_vip               | False                                               |
| flow_dist                          | LOAD_AWARE                                          |
| ign_pool_net_reach                 | False                                               |
| ssl_sess_cache_avg_size            | 1024                                                |
| remove_listening_port_on_vs_down   | False                                               |
| close_client_conn_on_config_update | False                                               |
| bulk_sync_kvcache                  | False                                               |
| tenant_ref                         | admin                                               |
| cloud_ref                          | Default-Cloud                                       |
| east_west_placement                | False                                               |
| scaleout_ecmp                      | False                                               |
| active_standby_se_tag              | ACTIVE_STANDBY_SE_1                                 |
| flow_label_type                    | NO_LABEL                                            |
| vip[1]                             |                                                     |
|   vip_id                           | 0                                                   |
|   ip_address                       | 10.10.10.10                                         |
|   enabled                          | True                                                |
|   auto_allocate_ip                 | False                                               |
|   auto_allocate_floating_ip        | False                                               |
|   avi_allocated_vip                | False                                               |
|   avi_allocated_fip                | False                                               |
| vsvip_ref                          | vsvip-845HoA                                        |
| use_vip_as_snat                    | False                                               |
| traffic_enabled                    | True                                                |
+------------------------------------+-----------------------------------------------------+