Multi-site PBX Connectivity in ACME SBC
Multi-site PBX Connectivity in ACME SBC : Consider the scenario where the Enterprise has multiple branch offices, each with one or more PBXs deployed. Should there be an ACME Net-Net SD on the network edge of each of the branch offices, then the Basic PBX Connectivity approach in the section above should be used at each office location.
However, should the ACME Net-Net SD be deployed in a data center as an aggregation point for many or all branch offices, then a multi-realm approach is recommended.
Typically, routing per branch office would be on a separate VLAN id. There is a one-to-one correlation of VLAN id and realm. Additionally, there is a one-to-one correlation of realm and sip-interface. Hence, the simplest model of multi-site PBX connectivity would require the Net-Net SD be configured with as many sip-interface IP addresses as there are branch offices.
While RTP media would still be released in a session between two extensions on the same PBX in this model, media must traverse the SD for calls between PBXs on different VLANs.
Example configuration :
access-control
realm-id SIPtrunk
description
source-address 172.16.122.101:5060
destination-address 0.0.0.0
application-protocol SIP
transport-protocol UDP
access permit
average-rate-limit 0
trust-level high
minimum-reserved-bandwidth 0
invalid-signal-threshold 0
maximum-signal-threshold 0
untrusted-signal-threshold 0
nat-trust-threshold 0
deny-period 30
access-control
realm-id SIPtrunk
description
source-address 172.16.122.201:5060
destination-address 0.0.0.0
application-protocol SIP
transport-protocol UDP
access permit
average-rate-limit 0
trust-level high
minimum-reserved-bandwidth 0
invalid-signal-threshold 0
maximum-signal-threshold 0
untrusted-signal-threshold 0
nat-trust-threshold 0
deny-period 30
local-policy
from-address *
to-address *
source-realm branch-1
description
activate-time N/A
deactivate-time N/A
state enabled
policy-priority none
policy-attribute
next-hop SAG:siptrunks
realm SIPtrunk
action none
terminate-recursion disabled
carrier
start-time 0000
end-time 2400
days-of-week U-S
cost 0
app-protocol
state enabled
methods
media-profiles
lookup single
next-key
eloc-str-lkup disabled
eloc-str-match
local-policy
from-address *
to-address 555
source-realm SIPtrunk
description
activate-time N/A
deactivate-time N/A
state enabled
policy-priority none
policy-attribute
next-hop 172.16.123.101
realm branch-1
action none
terminate-recursion disabled
carrier
start-time 0000
end-time 2400
days-of-week U-S
cost 0
app-protocol
state enabled
methods
media-profiles
lookup single
next-key
eloc-str-lkup disabled
eloc-str-match
local-policy
from-address *
to-address *
source-realm branch-2
description
activate-time N/A
deactivate-time N/A
state enabled
policy-priority none
policy-attribute
next-hop SAG:siptrunks
realm SIPtrunk
action none
terminate-recursion disabled
carrier
start-time 0000
end-time 2400
days-of-week U-S
cost 0
app-protocol
state enabled
methods
media-profiles
lookup single
next-key
eloc-str-lkup disabled
eloc-str-match
local-policy
from-address *
to-address 617
source-realm SIPtrunk
description
activate-time N/A
deactivate-time N/A
state enabled
policy-priority none
policy-attribute
next-hop 172.16.123.201
realm branch-2
action none
terminate-recursion disabled
carrier
start-time 0000
end-time 2400
days-of-week U-S
cost 0
app-protocol
state enabled
methods
media-profiles
lookup single
next-key
eloc-str-lkup disabled
eloc-str-match
media-manager
state enabled
latching enabled
flow-time-limit 86400
initial-guard-timer 300
subsq-guard-timer 300
tcp-flow-time-limit 86400
tcp-initial-guard-timer 300
tcp-subsq-guard-timer 300
tcp-number-of-ports-per-flow 2
hnt-rtcp disabled
algd-log-level NOTICE
mbcd-log-level NOTICE
red-flow-port 1985
red-mgcp-port 1986
red-max-trans 10000
red-sync-start-time 5000
red-sync-comp-time 1000
media-policing enabled
max-signaling-bandwidth 10000000
max-untrusted-signaling 100
min-untrusted-signaling 30
app-signaling-bandwidth 0
tolerance-window 30
rtcp-rate-limit 0
trap-on-demote-to-deny enabled
min-media-allocation 32000
min-trusted-allocation 1000
deny-allocation 1000
anonymous-sdp disabled
arp-msg-bandwidth 32000
fragment-msg-bandwidth 0
rfc2833-timestamp disabled
default-2833-duration 100
rfc2833-end-pkts-only-for-non-sig enabled
translate-non-rfc2833-event disabled
media-supervision-traps disabled
dnsalg-server-failover disabled
network-interface
name M00
sub-port-id 0
description
hostname
ip-address 192.168.50.100
pri-utility-addr
sec-utility-addr
netmask 255.255.255.0
gateway 192.168.50.1
sec-gateway
gw-heartbeat
state disabled
heartbeat 0
retry-count 0
retry-timeout 1
health-score 0
dns-ip-primary
dns-ip-backup1
dns-ip-backup2
dns-domain
dns-timeout 11
hip-ip-list
ftp-address
icmp-address
snmp-address
telnet-address
ssh-address
network-interface
name M10
sub-port-id 0
description
hostname
ip-address 172.16.50.100
pri-utility-addr
sec-utility-addr
netmask 255.255.255.0
gateway 172.16.50.1
sec-gateway
gw-heartbeat
state disabled
heartbeat 0
retry-count 0
retry-timeout 1
health-score 0
dns-ip-primary
dns-ip-backup1
dns-ip-backup2
dns-domain
dns-timeout 11
hip-ip-list
ftp-address
icmp-address
snmp-address
telnet-address
ssh-address
phy-interface
name M00
operation-type Media
port 0
slot 0
virtual-mac
admin-state enabled
auto-negotiation enabled
duplex-mode FULL
speed 100
overload-protection disabled
phy-interface
name M10
operation-type Media
port 0
slot 1
virtual-mac
admin-state enabled
auto-negotiation enabled
duplex-mode FULL
speed 100
overload-protection disabled
realm-config
identifier SIPtrunk
description
addr-prefix 0.0.0.0
network-interfaces M00:0
mm-in-realm disabled
mm-in-network enabled
mm-same-ip enabled
mm-in-system enabled
bw-cac-non-mm disabled
msm-release disabled
qos-enable disabled
generate-UDP-checksum disabled
max-bandwidth 0
fallback-bandwidth 0
max-priority-bandwidth 0
max-latency 0
max-jitter 0
max-packet-loss 0
observ-window-size 0
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
in-manipulationid
out-manipulationid ACME_NAT_TO_FROM_IP
manipulation-string
manipulation-pattern
class-profile
average-rate-limit 0
access-control-trust-level high
invalid-signal-threshold 0
maximum-signal-threshold 0
untrusted-signal-threshold 0
nat-trust-threshold 0
deny-period 30
ext-policy-svr
diam-e2-address-realm
symmetric-latching disabled
pai-strip disabled
trunk-context
early-media-allow
enforcement-profile
additional-prefixes
restricted-latching none
restriction-mask 32
accounting-enable enabled
user-cac-mode none
user-cac-bandwidth 0
user-cac-sessions 0
icmp-detect-multiplier 0
icmp-advertisement-interval 0
icmp-target-ip
monthly-minutes 0
net-management-control disabled
delay-media-update disabled
refer-call-transfer disabled
dyn-refer-term disabled
codec-policy
codec-manip-in-realm disabled
constraint-name
call-recording-server-id
stun-enable disabled
stun-server-ip 0.0.0.0
stun-server-port 3478
stun-changed-ip 0.0.0.0
stun-changed-port 3479
match-media-profiles
qos-constraint
sip-profile
sip-isup-profile
block-rtcp disabled
hide-egress-media-update disabled
realm-config
identifier branch-1
description
addr-prefix 0.0.0.0
network-interfaces M10:0
mm-in-realm disabled
mm-in-network enabled
mm-same-ip enabled
mm-in-system enabled
bw-cac-non-mm disabled
msm-release disabled
qos-enable disabled
generate-UDP-checksum disabled
max-bandwidth 0
fallback-bandwidth 0
max-priority-bandwidth 0
max-latency 0
max-jitter 0
max-packet-loss 0
observ-window-size 0
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
in-manipulationid
out-manipulationid ACME_NAT_TO_FROM_IP
manipulation-string
manipulation-pattern
class-profile
average-rate-limit 0
access-control-trust-level none
invalid-signal-threshold 0
maximum-signal-threshold 0
untrusted-signal-threshold 0
nat-trust-threshold 0
deny-period 30
ext-policy-svr
diam-e2-address-realm
symmetric-latching disabled
pai-strip disabled
trunk-context
early-media-allow
enforcement-profile
additional-prefixes
restricted-latching none
restriction-mask 32
accounting-enable enabled
user-cac-mode none
user-cac-bandwidth 0
user-cac-sessions 0
icmp-detect-multiplier 0
icmp-advertisement-interval 0
icmp-target-ip
monthly-minutes 0
net-management-control disabled
delay-media-update disabled
refer-call-transfer disabled
dyn-refer-term disabled
codec-policy
codec-manip-in-realm disabled
constraint-name
call-recording-server-id
stun-enable disabled
stun-server-ip 0.0.0.0
stun-server-port 3478
stun-changed-ip 0.0.0.0
stun-changed-port 3479
match-media-profiles
qos-constraint
sip-profile
sip-isup-profile
block-rtcp disabled
hide-egress-media-update disabled
realm-config
identifier branch-2
description
addr-prefix 0.0.0.0
network-interfaces M10:0
mm-in-realm disabled
mm-in-network enabled
mm-same-ip enabled
mm-in-system enabled
bw-cac-non-mm disabled
msm-release disabled
qos-enable disabled
generate-UDP-checksum disabled
max-bandwidth 0
fallback-bandwidth 0
max-priority-bandwidth 0
max-latency 0
max-jitter 0
max-packet-loss 0
observ-window-size 0
parent-realm
dns-realm
media-policy
in-translationid
out-translationid
in-manipulationid
out-manipulationid ACME_NAT_TO_FROM_IP
manipulation-string
manipulation-pattern
class-profile
average-rate-limit 0
access-control-trust-level none
invalid-signal-threshold 0
maximum-signal-threshold 0
untrusted-signal-threshold 0
nat-trust-threshold 0
deny-period 30
ext-policy-svr
diam-e2-address-realm
symmetric-latching disabled
pai-strip disabled
trunk-context
early-media-allow
enforcement-profile
additional-prefixes
restricted-latching none
restriction-mask 32
accounting-enable enabled
user-cac-mode none
user-cac-bandwidth 0
user-cac-sessions 0
icmp-detect-multiplier 0
icmp-advertisement-interval 0
icmp-target-ip
monthly-minutes 0
net-management-control disabled
delay-media-update disabled
refer-call-transfer disabled
dyn-refer-term disabled
codec-policy
codec-manip-in-realm disabled
constraint-name
call-recording-server-id
stun-enable disabled
stun-server-ip 0.0.0.0
stun-server-port 3478
stun-changed-ip 0.0.0.0
stun-changed-port 3479
match-media-profiles
qos-constraint
sip-profile
sip-isup-profile
block-rtcp disabled
hide-egress-media-update disabled
session-agent
hostname 172.16.122.101
ip-address
port 5060
state enabled
app-protocol SIP
app-type
transport-method UDP
realm-id SIPtrunk
egress-realm-id
description
carriers
allow-next-hop-lp enabled
constraints disabled
max-sessions 0
max-inbound-sessions 0
max-outbound-sessions 0
max-burst-rate 0
max-inbound-burst-rate 0
max-outbound-burst-rate 0
max-sustain-rate 0
max-inbound-sustain-rate 0
max-outbound-sustain-rate 0
min-seizures 5
min-asr 0
time-to-resume 0
ttr-no-response 0
in-service-period 0
burst-rate-window 0
sustain-rate-window 0
req-uri-carrier-mode None
proxy-mode
redirect-action
loose-routing enabled
send-media-session enabled
response-map
ping-method OPTIONS;hops=0
ping-interval 30
ping-send-mode keep-alive
ping-all-addresses disabled
ping-in-service-response-codes
out-service-response-codes
media-profiles
in-translationid
out-translationid
trust-me disabled
request-uri-headers
stop-recurse
local-response-map
ping-to-user-part
ping-from-user-part
li-trust-me disabled
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
p-asserted-id
trunk-group
max-register-sustain-rate 0
early-media-allow
invalidate-registrations disabled
rfc2833-mode none
rfc2833-payload 0
codec-policy
enforcement-profile
refer-call-transfer disabled
reuse-connections NONE
tcp-keepalive none
tcp-reconn-interval 0
max-register-burst-rate 0
register-burst-window 0
sip-profile
sip-isup-profile
session-agent
hostname 172.16.122.201
ip-address
port 5060
state enabled
app-protocol SIP
app-type
transport-method UDP
realm-id SIPtrunk
egress-realm-id
description
carriers
allow-next-hop-lp enabled
constraints disabled
max-sessions 0
max-inbound-sessions 0
max-outbound-sessions 0
max-burst-rate 0
max-inbound-burst-rate 0
max-outbound-burst-rate 0
max-sustain-rate 0
max-inbound-sustain-rate 0
max-outbound-sustain-rate 0
min-seizures 5
min-asr 0
time-to-resume 0
ttr-no-response 0
in-service-period 0
burst-rate-window 0
sustain-rate-window 0
req-uri-carrier-mode None
proxy-mode
redirect-action
loose-routing enabled
send-media-session enabled
response-map
ping-method OPTIONS;hops=0
ping-interval 30
ping-send-mode keep-alive
ping-all-addresses disabled
ping-in-service-response-codes
out-service-response-codes
media-profiles
in-translationid
out-translationid
trust-me disabled
request-uri-headers
stop-recurse
local-response-map
ping-to-user-part
ping-from-user-part
li-trust-me disabled
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
p-asserted-id
trunk-group
max-register-sustain-rate 0
early-media-allow
invalidate-registrations disabled
rfc2833-mode none
rfc2833-payload 0
codec-policy
enforcement-profile
refer-call-transfer disabled
reuse-connections NONE
tcp-keepalive none
tcp-reconn-interval 0
max-register-burst-rate 0
register-burst-window 0
sip-profile
sip-isup-profile
session-group
group-name siptrunks
description
state enabled
app-protocol SIP
strategy Hunt
dest
172.16.122.101
172.16.122.201
trunk-group
sag-recursion disabled
stop-sag-recurse 401,407
sip-config
state enabled
operation-mode dialog
dialog-transparency enabled
home-realm-id branch-1
egress-realm-id
nat-mode None
registrar-domain *
registrar-host *
registrar-port 5060
register-service-route always
init-timer 500
max-timer 4000
trans-expire 32
invite-expire 180
inactive-dynamic-conn 32
enforcement-profile
pac-method
pac-interval 10
pac-strategy PropDist
pac-load-weight 1
pac-session-weight 1
pac-route-weight 1
pac-callid-lifetime 600
pac-user-lifetime 3600
red-sip-port 1988
red-max-trans 10000
red-sync-start-time 5000
red-sync-comp-time 1000
add-reason-header disabled
sip-message-len 4096
enum-sag-match disabled
extra-method-stats disabled
registration-cache-limit 0
register-use-to-for-lp disabled
refer-src-routing disabled
add-ucid-header disabled
proxy-sub-events
pass-gruu-contact disabled
sag-lookup-on-redirect disabled
set-disconnect-time-on-bye disabled
sip-interface
state enabled
realm-id SIPtrunk
description
sip-port
address 192.168.50.100
port 5060
transport-protocol UDP
tls-profile
allow-anonymous agents-only
ims-aka-profile
carriers
trans-expire 0
invite-expire 0
max-redirect-contacts 0
proxy-mode
redirect-action
contact-mode none
nat-traversal none
nat-interval 30
tcp-nat-interval 90
registration-caching disabled
min-reg-expire 300
registration-interval 3600
route-to-registrar enabled
secured-network disabled
teluri-scheme disabled
uri-fqdn-domain
trust-mode all
max-nat-interval 3600
nat-int-increment 10
nat-test-increment 30
sip-dynamic-hnt disabled
stop-recurse 401,407
port-map-start 0
port-map-end 0
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
sip-ims-feature disabled
operator-identifier
anonymous-priority none
max-incoming-conns 0
per-src-ip-max-incoming-conns 0
inactive-conn-timeout 0
untrusted-conn-timeout 0
network-id
ext-policy-server
default-location-string
charging-vector-mode pass
charging-function-address-mode pass
ccf-address
ecf-address
term-tgrp-mode none
implicit-service-route disabled
rfc2833-payload 101
rfc2833-mode transparent
constraint-name
response-map
local-response-map
ims-aka-feature disabled
enforcement-profile
route-unauthorized-calls
tcp-keepalive none
add-sdp-invite disabled
add-sdp-profiles
sip-profile
sip-isup-profile
sip-interface
state enabled
realm-id branch-1
description
sip-port
address 172.16.50.100
port 5060
transport-protocol UDP
tls-profile
allow-anonymous all
ims-aka-profile
carriers
trans-expire 0
invite-expire 0
max-redirect-contacts 0
proxy-mode
redirect-action
contact-mode none
nat-traversal none
nat-interval 30
tcp-nat-interval 90
registration-caching disabled
min-reg-expire 300
registration-interval 3600
route-to-registrar disabled
secured-network disabled
teluri-scheme disabled
uri-fqdn-domain
trust-mode all
max-nat-interval 3600
nat-int-increment 10
nat-test-increment 30
sip-dynamic-hnt disabled
stop-recurse 401,407
port-map-start 0
port-map-end 0
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
sip-ims-feature disabled
operator-identifier
anonymous-priority none
max-incoming-conns 0
per-src-ip-max-incoming-conns 0
inactive-conn-timeout 0
untrusted-conn-timeout 0
network-id
ext-policy-server
default-location-string
charging-vector-mode pass
charging-function-address-mode pass
ccf-address
ecf-address
term-tgrp-mode none
implicit-service-route disabled
rfc2833-payload 101
rfc2833-mode transparent
constraint-name
response-map
local-response-map
ims-aka-feature disabled
enforcement-profile
route-unauthorized-calls
tcp-keepalive none
add-sdp-invite disabled
add-sdp-profiles
sip-profile
sip-isup-profile
sip-interface
state enabled
realm-id branch-2
description
sip-port
address 172.16.50.200
port 5060
transport-protocol UDP
tls-profile
allow-anonymous all
ims-aka-profile
carriers
trans-expire 0
invite-expire 0
max-redirect-contacts 0
proxy-mode
redirect-action
contact-mode none
nat-traversal none
nat-interval 30
tcp-nat-interval 90
registration-caching disabled
min-reg-expire 300
registration-interval 3600
route-to-registrar disabled
secured-network disabled
teluri-scheme disabled
uri-fqdn-domain
trust-mode all
max-nat-interval 3600
nat-int-increment 10
nat-test-increment 30
sip-dynamic-hnt disabled
stop-recurse 401,407
port-map-start 0
port-map-end 0
in-manipulationid
out-manipulationid
manipulation-string
manipulation-pattern
sip-ims-feature disabled
operator-identifier
anonymous-priority none
max-incoming-conns 0
per-src-ip-max-incoming-conns 0
inactive-conn-timeout 0
untrusted-conn-timeout 0
network-id
ext-policy-server
default-location-string
charging-vector-mode pass
charging-function-address-mode pass
ccf-address
ecf-address
term-tgrp-mode none
implicit-service-route disabled
rfc2833-payload 101
rfc2833-mode transparent
constraint-name
response-map
local-response-map
ims-aka-feature disabled
enforcement-profile
route-unauthorized-calls
tcp-keepalive none
add-sdp-invite disabled
add-sdp-profiles
sip-profile
sip-isup-profile
steering-pool
ip-address 192.168.50.100
start-port 49152
end-port 65535
realm-id SIPtrunk
network-interface
steering-pool
ip-address 172.16.50.100
start-port 49152
end-port 65535
realm-id branch-1
network-interface
steering-pool
ip-address 172.16.50.200
start-port 49152
end-port 65535
realm-id branch-2
network-interface
system-config
hostname
description
location
mib-system-contact
mib-system-name
mib-system-location
snmp-enabled enabled
enable-snmp-auth-traps disabled
enable-snmp-syslog-notify disabled
enable-snmp-monitor-traps disabled
enable-env-monitor-traps disabled
snmp-syslog-his-table-length 1
snmp-syslog-level WARNING
system-log-level WARNING
process-log-level NOTICE
process-log-ip-address 0.0.0.0
process-log-port 0
collect
sample-interval 5
push-interval 15
boot-state disabled
start-time now
end-time never
red-collect-state disabled
red-max-trans 1000
red-sync-start-time 5000
red-sync-comp-time 1000
push-success-trap-state disabled
call-trace disabled
internal-trace disabled
log-filter all
default-gateway 172.41.0.1
restart enabled
exceptions
telnet-timeout 0
console-timeout 0
remote-control enabled
cli-audit-trail enabled
link-redundancy-state disabled
source-routing disabled
cli-more disabled
terminal-height 24
debug-timeout 0
trap-event-lifetime 0
cleanup-time-of-day 00:00