Manualshelf

Network Router User Manual

ManualsBrandsCisco Systems ManualsNetwork RouterASR 1000
919293949596979899100
9-5
Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers
OL-15421-01
Chapter 9 Topology Hiding
IPv6 Support
ACL-Based Inter-Subscriber Blocking Method
In the following example of the ACL-based inter-subscriber blocking method, packets entering the DBE
from the access side are marked with DSCP=0 using the same INPUT_POLICY as the QoS method
above, but packets leaving the DBE use the ACL OutFilter_IPv6 as follows:
Router# show ipv6 access-list OutFilter_IPv6
IPv6 access list OutFilter_IPv6
permit icmp any any packet-too-big sequence 10
deny icmp any any sequence 20
deny ipv6 any any dscp default sequence 40
permit ipv6 any any sequence 50
DBE Restrictions
The following is a restriction of DBE support for IPv6 inter-subscriber blocking:
Because the configuration of inter-subscriber blocking in the IPv6 environment relies on Cisco IOS
QoS to mark the DSCP value in the ingress feature process, the original DSCP value of the packets
arriving at the DBE router will not be preserved.
IPv6 Support
IPv6 support includes the following functionality:
The DBE supports IPv6 pinholes for both media endpoints and signaling endpoints.
See the “IPv6 Pinholes” section on page 9-6.
Note Pinhole is an informal term for a pair of terminations in the same stream and same context.
Media flows do not support Network Address and Port Translation (NAPT); they must be No NAPT.
As a result, you cannot configure any media addresses under IPv6. Media flows may consist of voice
or video.
Signaling flows support Single NAPT.
You are able to configure signaling addresses under IPv6.
The DBE examines all IPv6 packets that arrive from the network and determines which ones belong to
authorized SBC media streams. The DBE normally uses the destination (and possibly the source) IP
address and port for packet classification. The DBE identifies packets belonging to an authorized media
stream as SBC packets and applies the appropriate traffic policing rules to the packets. The counter
showing number of packets received is modified.
After that, SBC performs packet processing and updating. The packet is forwarded out of the specified
interface. IPv6 packet forwarding works in the same way as IPv4 packet forwarding, except for a few
differences in the IP header processing.
Single NAPT for signaling means that packets arriving from an endpoint are addressed to an SBC media
address. When they are passed to the media gateway controller (MGC), also know as an SBE, the packets
need to keep the endpoint’s source IP address and port number. Therefore, only destination addresses
and ports are translated in Single NAPT. When the MGC/SBE sends a reply back to the endpoint, the