Release 1.2 Release Bulletin BSGX4e Business Services Gateway NN47928-401 Software Release 2.1.
BSGX4e 1.2 Business Services Gateway Document Status: Standard Document Version: 01.01 Document Number: NN47928-401 Date: July 2008 Copyright © 2008 Nortel Networks, All Rights Reserved The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty.
CONTENTS How to get help Getting Getting Getting Getting help help help help 5 from the Nortel Web site . . . . . . . . . . . . . . . . . . . . . . over the phone from a Nortel Solutions Center . . . . . from a specialist by using an Express Routing Code . through a Nortel distributor or reseller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NN47928-401
How to get help This section explains how to get help for Nortel products and services. Getting help from the Nortel Web site The best way to get technical support for Nortel products is from the Nortel Technical Support Web site: http://www.nortel.com/support This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products.
Getting help through a Nortel distributor or reseller Getting help through a Nortel distributor or reseller If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller.
Introduction INTRODUCTION This document makes recommendations about the deployment of the Business Services Gateway X4e (BSGX4e), release 1.2, GA Candidate build 2.1.1-02.
Interoperability INTEROPERABILITY The BSGX4e is designed to interoperate with all standards-compliant SIP, MGCP, and VPN devices. SIP Softswitch z Nortel CS2000 (vSN09U) SIP Terminals z LG 6812 (v1.2.41sc) z LG 6804 (v1.2.41sc) z LG 6830 (v1.2.41sc) z Multi-media PC Client Softphone (v4.1.665 (20071028)) SIP Servers z Ericsson IMT (v3.0) z Sylantro SIP Application Server (v3.2.1) z Sylantro SIP Application Server (v4.
Interoperability MGCP Clients z Cisco 7940/7960 MGCP phones (P0M3-07-5-00 and P0M3-07-6-00) z Cisco ATA 186 (v3.1.1) z SwissVoice IP10S (v104b3) VPN Devices z Cisco 3845 IOS 12.4 z Cisco ASA5510 v7.
New Features and Functionality NEW FEATURES AND FUNCTIONALITY The following changes are included in software release R2.1.1-02.
New Features and Functionality Table 1 Type Bug fixes NN47928-401 Summary of changes Defect number Description N/A NAT: You can configure public IP addresses out of the IP subnets of the WAN interfaces of the BSGX4e. N/A DHCP server: DHCP option 66 now supports provisioning with FQDN addresses. DHCP options 150, 151, 160, and 161 now support provisioning with FQDN addresses and URLs. N/A QoS: You can protect SIP based multimedia traffic other than voice and video.
New Features and Functionality Table 1 Type 12 Summary of changes Defect number Description Q01595084 Cannot clear specified IKE SAs currently negotiated from CLI. Q01595089 Cannot clear specified IPSec SAs currently negotiated by CLI. Q01595880-01 SNMP traps "Linkup" and "LinkDown" are not sent by BSGX4e. Q01596505 BSGX4e: PPP and Eth0 with DHCP set to YES. Q01597647 Upgrade a wrong format FW load cannot be prevented in WebUI. Q01597676 Cannot create multiple PPP profiles by using WebUI.
New Features and Functionality Table 1 Type NN47928-401 Summary of changes Defect number Description Q01612478 Shouldn't allow select "any" for local and remote networks in Wizard VPN config. Q01612667 2nd phone registered with the same user kicks out the first phone. Note: this has been solved by introducing the new SIP forking support of the SIP SC. Q01614495 Active Sip Server is removed under SIP Control when unused SIP Server is deleted.
New Features and Functionality Table 1 Type 14 Summary of changes Defect number Description Q01668201 Simplify PPPoE configuration. Note: this problem has been solved by introducing the new Initial Configuration Wizard. It has to be used to simply configure PPPoE. Q01668204 Simplify LAN subnet change. Note: this problem has been solved by introducing the new Initial Configuration Wizard. It has to be used to simply change the LAN subnet.
New Features and Functionality Table 1 Type NN47928-401 Summary of changes Defect number Description Q01878295 BSGX4e-The call which is established bw WAN phone and FXS is 1 way after 4s. Q01879311 BSG4: PCC behind BSG not logged out when new PCC logs in using same ID. Q01891749 BSG4 crashes when DTMF tones played from LG or PCC to FXS SIP UA.
User notes USER NOTES Table 2 User notes Area Description Switching When the switch is configured with VLAN (config switch vlan), use Vifx interfaces instead of the eth1 interface. It is not possible to configure the Ethernet parameters (speed, mode, flow control) of the LAN interface eth1. It is forced to 100FULL/no flow control because it internally interfaces the 4 ports switch. The ports of the switch are configured by default to be in auto-negotiation mode.
User notes Table 2 Area User notes Description To change the LAN subnet using the GUI: • Under Data>Interfaces>IP, modify the LAN interface (eth1), and change IP address mask to a value that encompasses both current and new subnets, but doesn't overlap the WAN subnet. • For example, if you are changing from 192.168.1.x to 192.168.4.x, change the subnet mask to 255.255.0.0. • Under System>DHCP Server, modify the LAN interface, and change the DHCP server address range and subnet mask to the desired subnet.
User notes Table 2 User notes Area Description VPN When setting up a Branch Office Tunnel, the firewall must be set up to allow IKE negotiation, ESP packets, and tunnelling of traffic. This is done automatically if the Branch Office Tunnel is established using the Wizard. For manually configured tunnels, configure the following in the firewall: • Create a policy allowing all traffic from eth1 to vpn0.
User notes Table 2 Area User notes Description The CAC (Call Admission Control) algorithm of the SC is the following: • During the starting of a call, the maximum possible bandwidth is allocated, that is the one for G.711 10ms. • After negotiation of the CODEC type (SDP protocol), the allocation is adjusted to the maximum possible bandwidth for this CODEC. • When the RTP stream starts, the bandwidth allocation is adjusted based on the packet time observed.
User notes Table 2 User notes Area Description Legacy telephony & User Agent When a CODEC is configured as not used, it indicates the end of the preferred CODEC list. Subsequent CODEC(s) will be ignored. If CODEC1 is set to ‘Not Used’, no CODEC is included in SDP offers. To use the User Agent for Fax only, you should set the FAX parameter to “On”. SIP SIP signalling is supported over UDP only.
User notes Table 2 User notes Area Description QoS Layer 2 QoS is mainly intended to be used to manage the bandwidth of the LAN switch uplink port, which operates at 100 Mbps while the offered load can be 400 Mbps (4 x 100 Mbps) from the four FE LAN ports. Layer 3 QoS (GoS) is mainly intended to be used to manage the bandwidth of the physical WAN interface. To set up QoS for Voice using the GUI: • Determine your upstream bandwidth using a third-party web site. Examples are http://myvoipspeed.
User notes Table 2 Area User notes Description To assure low delay and packet loss for VoIP traffic: • Layer 2 QoS should be configured with a strict priority queuing mechanism (rather than a weighted round robin queuing mechanism). • Layer 3 QoS Quality Groups should be of type POLICED (rather than type CAR). Layer 3 QoS rates should account for the 14 bytes Ethernet overhead of the WAN interface. It doesn’t need to account for the Ethernet FCS (4 bytes), preamble (8 bytes) or inter frame (12 bytes).
User notes Table 2 User notes Area Description Services The DHCP server is mainly intended to be used to manage IP addresses on LAN. By default the DHCP server is enabled on eth1 for IP range 192.168.1.2-192.168.1.127. The DHCP client is mainly intended to be used to automatically configure the WAN interface(s) of the BSGX4e.
Recommendations for Deployment RECOMMENDATIONS FOR DEPLOYMENT Table 3 Recommendations for Deployment Area Description Switching You cannot configure the Ethernet parameters (speed, mode, and flow control) of the LAN interface eth1. It is forced to 100FULL/no flow control because it internally interfaces with the 4 ports switch. The default setting of the ports of the switch is auto-negotiation mode. All 10/100 Mbps, half/full duplex mode, and flow control on/off combinations are supported.
Recommendations for Deployment Table 3 Recommendations for Deployment (continued) Area Description Routing On the BSGX4e, eth0 and virtual interfaces (VLAN, VPN, PPP) defined over eth0 must be WAN interfaces. Eth1 and virtual interfaces (VLAN) defined on top of eth1 must be LAN interfaces. If devices on the LAN side of the BSGX4e and devices on the LAN side of the router (for which Proxy ARP is enabled) need to communicate, you must set up appropriate routes.
Recommendations for Deployment Table 3 Recommendations for Deployment (continued) Area Description VPN IKE negotiation is done on UDP port 500. Main mode and preshared keys should be deployed. By default, all IKE packets coming in the BSGX4e are discarded by the Firewall. You must configure the Firewall to accept IKE packets. IKE encryptions for phase 2 negotiation can be DES (56), 3DES (168), AES (128, 192, and 256), or BLOWFISH (128). They are all offered during the IKE negotiation.
Recommendations for Deployment Table 3 Recommendations for Deployment (continued) Area Description QoS Layer 2 QoS is used to manage the bandwidth of the LAN switch uplink port to CPU, which operates at 100 Mbps. Layer 2 QoS must be configured with a strict priority queuing mechanism (rather than a weighted round robin queuing mechanism) to protect VoIP traffic (to get the lowest delay and packet loss).
Recommendations for Deployment Table 3 Recommendations for Deployment (continued) Area Description Session Controller (SC) The Session Controllers are always enabled. They cannot be disabled. The Session Controllers should work with a single server (SIP proxy or MGCP call agent) at a time. They do not support redirection to other servers. The CAC (Call Admission Control) algorithm of the SC is the following: - During the start of a call, the maximum possible bandwidth for G.711 10ms is allocated.
Recommendations for Deployment Table 3 Recommendations for Deployment (continued) Area Description In main/branch office topologies where branch offices make VoIP calls through the main office (main office acting as VoIP server for remote offices), to avoid remote sites switching to survival mode when the SIP server goes down, the retries parameter in the SIP/MGCP server setting should be set to a higher value on the remote sites than on the main site.
Recommendations for Deployment Table 3 Recommendations for Deployment (continued) Area Description MGCP MGCP phones and gateways located in LAN (including the MGCP UA on BSGX4e) must be identified by MAC address. For example, the right side of the identifier must be the MAC address. Services You should use the DHCP server to manage IP addresses on LAN side. By default, the DHCP server is enabled on eth1 for IP range 192.168.1.2-192.168.1.127.
Notable Limitations NOTABLE LIMITATIONS Table 4 Notable Limitations Area Description Switching It is not possible to mirror only the ingress direction of a port. The maximum number of MAC addresses that can be learned by the LAN switch is 1024. It is not possible to individually remove static MAC entries from the forwarding table of the switch. The entire table can be flushed. The maximum number of VLANs supported is 64.
Notable Limitations Table 4 Notable Limitations (continued) Area Description Security Firewall policies can't be modified. They have to be removed and reconfigured. No statistics are available for individual Firewall policies. Statistics are available for the overall Firewall policies. The maximum number of Firewall policies is 128. Classification of traffic based on IP ToS field only works for QoS purposes.
Notable Limitations Table 4 Area Notable Limitations (continued) Description IKE encryptions and authentications for phase 2 negotiation cannot be configured. You cannot change the content of the offer, nor the order of the offer.
Notable Limitations Table 4 Area Notable Limitations (continued) Description The Session Controllers don’t maintain the ToS byte of signalling packets received to be relayed. They are relayed with a ToS of 0. Note for LAN to WAN traffic, QoS ToS re-writing can be used to maintain it. It cannot be maintained from WAN to LAN. Calls cannot be established through the Session Controllers in the case signaling and media IP addresses of LAN endpoints are different.
Notable Limitations Table 4 Notable Limitations (continued) Area Description SIP Interoperability has been checked with the following servers: • Ericsson IMT (v3.0) • Sylantro SIP Application Server (v3.2.1) • Sylantro SIP Application Server (v4.0) • Broadsoft (v13) • Broadsoft (v14) • CS2K SIP Application Server (SN09U) Interoperability has been checked with the following clients: • Cisco 7940/7960 SIP phones (P0S3-07-5-00 and P0S3-08-8-00) • Cisco ATA 186 (v3.02.01) • Polycom IP600 (v 2.1.2.
Notable Limitations Table 4 Notable Limitations (continued) Area Description Legacy Telephone and User Agent (UA) UA services (for example, call forwarding always and do not disturb) are de-activated after reboot. You must re-register these services each time the unit is restarted. GR-909 metallic loop tests can be launched while the FxS port is in use. As a consequence, they disrupt the voice quality while they run. The execution time, however, is usually short.
Notable Limitations Table 4 Notable Limitations (continued) Area Description MGCP Interoperability is checked with the following servers: -Sylantro MGCP Call Agent (v3.2.1) -Sylantro MGCP Call Agent (v4.0) Interoperability is checked with the following clients: -Cisco 7940/7960 MGCP phones (P0M3-07-5-00 and P0M3-07-600) -Cisco ATA 186 (v3.1.
Notable Limitations Table 4 Notable Limitations (continued) Area Description Monitoring PMON and Netflow only monitor incoming traffic. Outgoing traffic is not monitored. The maximum number of flows that Netflow can monitor is 4000. Tcpdump monitors traffic in non-promiscuous mode only. Tcpdump monitors traffic of a single interface at a time. Tcpdump does not capture IEEE 802.1Q headers for traffic coming from LAN.
Notable Limitations Table 4 Notable Limitations (continued) Area Description Management The BSGX4e supports a maximum of 20 users and 11 groups. The BSGX4e supports a maximum of 98 right records. TACACS+ and RADIUS client implementations on the BSGX4e includes authentication for ASCII log in requests only. TACACS+/RADIUS authorization and TACACS+/RADIUS accounting are not implemented. When TACACS+ or RADIUS server are not available, no backup method of authentication (SHA) is provided.
Known Problems KNOWN PROBLEMS Table 5 Known Problems Area Number Description Switching 5423 Connections to LAN equipment may fail in autonegotiation mode. For example, a cable is plugged in but there is no link. When LAN equipment fails, unplug the cable or disable auto-negotiation. Routing 1073 Under very high load with a mixture of large and small packets, up to 0.01 percent of packets can be dropped.
Known Problems Table 5 Known Problems Area Number Description Session Controller (SC) 6509 SC CAC (Call Admission Control) reservations are higher than what is required if a VPN tunnel is configured on the BSGX4e to convey data traffic. SC CAC abnormally adds the VPN overhead as if VoIP calls are conveyed through the tunnel, even if they are actually not tunneled. As a consequence, this reduces the maximum number of calls possible.
Known Problems Table 5 Known Problems Area Legacy Telephone and User Agent (UA) SIP 42 Number Description 5774 SC does not update the registrations of the LAN endpoints (including the one of the internal UA) if the IP configuration of the WAN interface changes (when you use DHCP or PPP). As a consequence, no VoIP calls can be placed through the SC until the endpoints are reregistered with the new IP address.
Known Problems Table 5 Known Problems Area Number Description MGCP 1033 The commands show call current and show call history may report incorrect call party numbers if all the digits are not notified to the MGCP Call Agent with a single NTFY message. Services 5792 DNS resolution takes a long time (about 45 seconds) to answer if the DNS server is unreachable. As a consequence, some applications that require DNS resolution (VPN, for example) are blocked for a short time.
Known Problems Table 5 Known Problems Area Number Description Monitoring 3984 PMON and Netflow do not report PPP overhead in byte statistics. 6884, 6888 PMON and Netflow do not always report correct statistics for routed traffic. 6835 PMON statistics cannot be cleared. 2810 PMON and Netflow filters based on ToS field only work for traffic routed through the CPU. For example, these filters do not work for fast routed traffic. You should not filter traffic based on ToS field.
Known Problems Table 5 Known Problems Area Number Description Management 5286 TACACS+ client needs more than one minute to detect the TACACS+ server is unreachable or is not functioning. As a consequence, when TACACS+ is used for log in authentication, the user waits for a long time before being rejected. 3053 When the BSGX4e is very busy, the CLI does not always echo previous commands (using the up arrow). 6633 Configuring a login name longer than 30 characters prevents logging into the unit.
Known interoperability issues KNOWN INTEROPERABILITY ISSUES The following are specific interoperability issues with Nortel equipment (Nortel CS2000SN09u, LG-Nortel LIP phones, and Nortel Multimedia PC Client). Table 6 46 Known interoperability issues Area Tracking Number Description Session Controller (SC)/SIP 7332 VIDEO BW should not be reserved for downstream flow only. 7212/ Q01840553 BSGX4e does not persist with subscriptions.
Known interoperability issues Table 6 Area NN47928-401 Known interoperability issues Tracking Number Description 7662 Media description stripped from SDP for low bandwidth. 7679 CAC VIDEO bw reservation on two PCC audio calls. 7694 Video CODECs not stripped. 7797 LPCC call to LLG forwarded to UA hang sometimes. 7869 SUA ignores a T.38 SDP offer instead of rejecting. 7870 BSG4 misroutes ACK to another configured sip server.
Resolved Issues RESOLVED ISSUES Table 7 48 Resolved Issues Number Description of Issue Prior to Resolution 7212/ Q01840553 NOTIFY relayed after reboot. 8215 Lawful Interception doesn't work when parties are on the LAN side of the BSG. 8118 If the softswitch type is Siemens, the SIP forking support is automatically disabled. The value of the parameter forkingenable does not necessarily reflect this setting. Parameter forkingenable may be on when the SIP forking support is disabled.
Software Upgrade Procedure SOFTWARE UPGRADE PROCEDURE BSGX4e Release 1.2 is made up of two files: • • jogware_T2_2.1.1-02.bin – This is the image of the 2.1.1-02 build. boot-1.1.0-03.bin – This is the image of the 1.1.0-03 bootloader associated with the 2.1.1-02 build. These two files should be applied to the BSGX4e using the standard upgrade method. The following recommendations apply for upgrades from R2.0.2 builds to R2.1.
Software Upgrade Procedure 6. If your bootloader version is less than 1.1-0-03, it should be upgraded as well. In the upper panel of the upgrade UI, select bootloader. 7. Use the Browse button to navigate to the bootloader file (boot-1.1.0-03.bin) stored on your PC. 8. Click the Upgrade button. The importing process will take a few minutes. You are notified when it is finished, and then you are prompted to reboot the system.
