Understanding SIP PRACK for Avaya Aura

As many of my readers know, every few months I teach a two and a half day class on “all things SIP.” My students are exposed to everything from “why SIP” to the nitty-gritty of SIP requests, responses and call flows. I even speak about some of the more esoteric topics such as To and From tags, the Replaces header, nonce values and TR-87.

Included in the esoteric list is the PRACK (Provisional Response Acknowledgement) method. PRACK wasn’t in the original SIP specification and was introduced later in RFC 3262. It came about after it was realized that some user agent servers need to know that a provisional response was received by a user agent client. Before PRACK, 1xx responses sent using UDP might get lost, and the sender would never know. PRACK adds a layer of reliability to an otherwise unreliable call flow.

I previously addressed PRACK in my article “Ducks Go Quack. SIP Goes PRACK.” Although I addressed most of the pertinent material, I was short on examples and real-life call flows. As I walked my most recent students through live calls on my company’s Avaya system, I happened to notice a few PRACKs and decided it was time to update my old article.

The following screenshots were gathered using the Avaya traceSM utility. I simply started traceSM on a live Aura system, let it run for a few minutes, and then stopped it after I noticed a few PRACK messages fly by. This was simply because I was unsure as to when Avaya uses PRACKs and when it does not.  In other words, “When in doubt, trace it out.”

prack1

Let’s start at the beginning. PRACK messages aren’t just sent out-of-the blue. The sender of an INVITE message must indicate that it is capable of sending PRACKS. It does that by including the header in the INVITE message:

Supported: 100Rel

This tells the recipient that, if requested, it will send PRACK messages for 1xx Responses.

The following shows an INVITE with such a header.

prack2

Now that the user agent server knows that PRACK messages are possible, it will include headers similar to the following in all 1xx Responses it wants to be PRACKed:

Require: 100Rel

Rseq: 1

The Requires header with a value of 100Rel tells the user agent client (the sender of the INVITE) that a PRACK is expected for this response. It’s important to know that the user agent server (the sender of the Response messages) has to request the PRACK. It’s not an automatic process and must be initiated with an Rseq header.

The value in Rseq is used by the user agent client when it creates a PRACK message. The user agent server is responsible for setting and incrementing this number.

The following 180 Ringing indicates that it expects a PRACK.

prack3

Upon receipt of this 180 Ringing, the user agent client must respond with a PRACK message. Of interest to this article is the Rack header. This header must contain the Rseq value sent in the previous 180 Ringing. Additionally, it will indicate the original INVITE session’s CSeq number. Look back at the INVITE in this call flow, and you will see a CSeq value of 1 (one). Therefore, the Rack will look as follows:

Rack: 1 1 INVITE

prack4

Next, the user agent server will send a 200 Ok for the PRACK. This tells the user agent client that the PRACK was received and processed.

prack5

For grins, I will now show you the 200 Ok for the original INVITE. Note that it does not have a Rseq header and 100Rel is not in the Requires header. Why not? That’s because this is not a provisional response. PRACKs are only sent for 1xx responses.

prack6

Mischief Managed

Before I close things out, I want to address the question I hinted at near the top of this article.  When does Avaya use PRACK?

While I honestly don’t know all the permutations, it appears that an INVITE from an Avaya endpoint will always indicate that it supports PRACK (Supported: 100Rel).  However, as you just learned, it’s the recipient of the INVITE that indicates if PRACK messages are required.

In the example above, the Avaya Modular Message voice mail server requests PRACK messages.  Additionally, PRACK is used when direct media is enabled.

There is a good chance that PRACK is used in other situations, but I am going to have to start up a few more traceSM sessions to learn where they show up.

That’s about all I really need to say about PRACK. I invite you to take a look at the RFC if you want to learn about any PRACK subtleties I might have missed, but for all practical purposes, I’ve said all that needs to be said. I hope you had as much fun today as I did. As is often the case, I learned something in the process of writing this article, and that’s always a good thing.

Related Articles:

Survivability and Avaya Media Gateways

Writing these technical articles serves two purposes. First, I love having the opportunity to play unified communications professor. I’ve been in this industry for a long time, and I truly enjoy sharing what I’ve learned about telephony, SIP, WebRTC and VoIP in general. Second, I find that I don’t really understand something until I’m forced to explain it to someone else.

I can’t tell you how many times I’ve started writing an article, got stumped about how to say something, did some research, and found that what I thought I knew was either inaccurate or not complete. So, as much as I hope that I’m helping my readers, I’m helping myself just as much.

Today, I’d like to tackle one of those “do I really understand this well enough to explain it to someone” subjects – Avaya media gateway survivability.

Are you ready? Great! Let’s go.

Avaya Media Gateways

Avaya supports two styles of media gateways. The first, and oldest, is the G650. The G650 is an 8U high, 14 slot chassis that was developed to give new life to Avaya TN card types. These are the cards used in the much older MCC and SCC cabinets. Examples include the TN799 C-LAN, TN224 digital line card, TN2602 IP Media Processor (DSP resources) and the TN2312 IP Server Interface.

These gateways communicate with a Communication Manager (CM) server through the TN2312 IP Server Interface.  Affectionately known as an IPSI, this card provides the control link between the CM and the gateway. A single G650 can support multiple IPSIs for redundancy purposes.

Traditionally, IP stations and trunks connected to a C-LAN. Like the IPSI, there can be multiple C-LAN cards in a single G650. These cards are used for both redundancy and capacity. You can configure different sets of phones to connect to different C-LANs.

C-LANs can also be used to connect to what I really want to write about today – H.248 gateways.

The H.248 gateway family consists of the G700, G250, G350, G430 and G450. Of those, only the G430 and G450 are available for purchase today.  The rest have been end-of-sale for a number of years.

Like the G650, the H.248 gateways support a variety of line cards and DSPs. However, these are newer vintage cards such as the MM710 T1 interface and the MM711 analog card. H.248 gateways do not support the TN form factor cards.

Also, H.248 gateways do not use C-LANs or IPSIs. Instead, these gateways connect to a CM server via a C-LAN in a G650 or directly to the CM through something called Processor Ethernet (PE). Think of PE as the network interface and IP address of the CM.

Media Gateway Lists

Now that I have the basics out of the way, I want to spend some time explaining how an H.248 gateway determines which CM to connect to.

I’ve mentioned “the CM server” a few times, but that’s not quite accurate. There can be several CM servers, and the gateways need to know which one they should hitch their wagon to.

There will always be a prime CM server. This is the main brain that runs the entire system. Call processing, vectors, call center, routing and device management all live there

What happens if the main brain dies? No problem. Avaya allows gateways to failover to another brain called an Enterprise Survivable Server (ESS).   Under sunny day conditions, an ESS is running, but it will not perform call processing or other CM tasks until a gateway registers to it. At that point, it wakes up and functions as if it was the prime processor.

Although Avaya supports up to 63 ESS processors in a single system, most enterprises implement far less than that.

There is another form of brain called a Local Survivable Processor (LSP). An LSP was originally designated to be a server that provides survivability for a branch location, but over the years, Avaya has increased its capacity and scale to the point where it now looks like its ESS brother.

How does an H.248 gateway know who to talk to?

This is where the Media Gateway Controller (MGC) list comes in. The MGC list instructs the H.248 gateway which processors it can connect to, in which order and under what conditions.

For example, an MGC list might consist of the IP addresses of the main CM’s PE, a C-LAN associated with that CM, an ESS and the 8300D processor embedded within the gateway itself. These IP addresses are priority ordered and the gateway attempts to register to them in the order that they are listed … sort of.

If the main processor’s PE or C-LAN doesn’t immediately respond, you might want to hold off trying the ESS or LSP. It would be smarter to attempt registration to the main processor a few times before entering into disaster recovery mode.  You don’t want a brief network hiccup to be the cause of a major reconfiguration.

This is where the transition point (TP) comes into play. The TP separates the primary server(s) from the survivable servers.

An H.248 gateway will first attempt to connect to the processor(s) above the TP. If my example had a TP of 2, the PE and C-LAN of the main CM will be tried several times (with 10 seconds between each attempt) before the gateway decides that they are not going to answer.

Honestly, I would love it if there were two transition points. One would divide main from ESS and the other would separate ESS from LSP. This would allow me to create a policy for enterprise survivability and another policy for local survivability. What say you, Avaya?

So, how long does a gateway keep trying? Every gateway will attempt to register to an IP address above the TP until the primary-search time is reached. After that, it attempts to connect to the servers below the TP.

With a TP of 2 and a primary-search of 10, a gateway will cycle through the two IP addresses of the main CM (PE and C-LAN) for 10 minutes before deciding it’s time to move on. At that point, it will try any IP addresses below the line following the same rule of 10-seconds between each registration attempt.

There is another value we need to be concerned with. The total-search time is the maximum number of minutes a gateway will attempt to register itself before giving up and rebooting.  This time includes attempts above and below the TP.

Making it real

Unfortunately, there is no centralized way to configure this. You make the magic work by setting the configuration parameters on every gateway in your Aura system.

The commands to create an MGC list similar to my example will look something like this:

clear mgc list

set mgc list 10.100.4.63 10.100.4.12 10.100.4.103 10.100.4.203

set reset-times transition-point 2

set reset-times primary-search 10

set reset-times total-search 15

In words, we have this:

Main Server (Processor Ethernet)

Main Server (C-LAN)

—————-Transition point————————————

ESS Location (Processor Ethernet)

LSP (Processor Ethernet)

Mischief Managed

That wasn’t too difficult, was it? Heck, even I learned something today. I wasn’t sure about the 10-second timer until I did a little research. So, even if you are still scratching your heads, it was a truly satisfying experience for me.

Andrew Prokop is the Director of Vertical Industries at Arrow Systems Integration. Andrew is an active blogger and his widely-read blog, SIP Adventures, discusses every imaginable topic in the world of unified communications. Follow Andrew on Twitter at @ajprokop, and read his blog, SIP Adventures.

Understanding Avaya Aura SIP Registration

“Let’s start at the very beginning/a very good place to start/when you read you begin with A B C/when you sing you begin with Do Re Mi.”

I have always loved musicals, and Rogers and Hammerstein’s “The Sound of Music” is high on my list of favorites. Sure, it’s corny and far from historically accurate, but that doesn’t bother me in the least. I’m always willing to set aside any sense of reality for good singing, romance and adventure, and “The Sound of Music” has them all.

So … what does this have to do with unified communications? REGISTER, of course. Like Do Re Mi, you begin SIP with REGISTER.

This article is a continuation of the concepts I presented in A Close Look at Avaya Aura IMS Call Processing and An Even Closer Look at Avaya Aura IMS Call Processing, and I’d suggest you take a look at those before tackling this one.

Can you get SIP devices to communicate without REGISTER? Absolutely. In fact, when I teach my SIP class, the students put their SIP clients into point-to-point mode, which does not require REGISTER. This means that clients send SIP requests and responses directly to the other clients, not through a proxy. The clients can do everything all by themselves.

However, point-to-point without REGISTER has a serious downfall. The clients are required to know the IP addresses of all the other clients they wish to communicate with. While this is fine in a limited classroom environment, it becomes unwieldy after you grow beyond a handful of endpoints.

As an analogy, imagine having to know the IP address of everyone you wanted to send an email to. That’s the same problem you have if you don’t use REGISTER. It’s simply not practical.

The Tie that Binds

REGISTER associates a user’s identification, or Address of Record (AOR), with one or more locations. Note that I said locations. You are not limited to registering an AOR to a single device. Personally, I routinely register my AOR to a physical desk phone and multiple SIP soft-clients. Avaya Aura supports up to ten such registrations per user. That’s enough to make even the most device-crazy nerd happy.

You bind an AOR to an IP address with a Contact header.  For example, one of my soft clients might tell a SIP registrar that aprokop can be reached at 192.168.0.14 with this Contact header.

Contact: Andrew Prokop <SIP:aprokop@192.168.0.14>

Registrations are time-based and will eventually expire. This requires the client to periodically refresh a REGISTER with a new REGISTER. Actually, new isn’t the correct word to use for this. Subsequent REGISTER messages must contain the same Contact, To, From, call-ID and From Tag as the original registration. This allows the SIP registrar to know that it’s simply a refresh and not a new registration for the same AOR.

Note that CSeq will increment with each REGISTER sent.

Keeping Things Secure

I might tell my communications system that I am Andrew Prokop, but it would be foolish to trust me at face value. That’s why SIP allows a REGISTER to be challenged.

Before I go through a REGISTER challenge, allow me to define something known as a nonce.

Nonce stands for Number Once and is an arbitrary number used only once in a cryptographic communication. The recipient of a nonce will use it to encrypt his or her credentials. Number Once refers to the fact that encryption with this nonce can only be done one time. If someone were to sniff the LAN and obtain someone’s encrypted password, it won’t do them any good because it can only be used in a single transaction. It becomes stale and useless immediately after its first use.

A REGISTER flow is fairly simple and follows these steps:

  1. A user sends a REGISTER to the SIP registrar. For Avaya Aura, this is a Session Manager. The To and From headers contain the user’s AOR. The user specifies the number of seconds the registration should be valid in the Expires header. This value can be later raised or lowered by the registrar.
  2. The registrar returns a 401 Unauthorized response with a WWW-Authenticate header.  This header contains data that must be used to encrypt the user’s communications password. Specifically, it contains a nonce along with the name of the encryption algorithm that the client must use.
  3. The user sends a second REGISTER to the SIP registrar. This REGISTER contains an Authorization header. Within Authorization is the user’s encrypted password.
  4. If the correct password is received by the registrar, a 200 Ok response is sent to signify a successful registration. An Expires header may be present with a different value than what the user requested. This is the time the registration will be valid as determined by the registrar’s policies.

A registration is removed by sending a REGISTER with an Expires header value of 0 (zero).

In a picture, we have this.

Reg1Using the traceSM tool on an Avaya Aura Session Manager, I captured the following trace that shows a REGISTER, the challenge and a REGISTER with encrypted credentials.  Take a look at the headers, and you’ll see that they’re doing exactly what I said they would do.

Reg2 Reg3 Reg4

 

In the case of my daily work life, my various SIP devices will each send a REGISTER, be challenged and resend the REGISTER with the encrypted credentials. They periodically refresh their registrations to ensure that I am able to make and receive calls on all my devices until I am finished for the day.

Speaking of finished for the day, that’s about all I have to say about REGISTER. It’s not that complicated once you understand the basics. Just keep in mind that while registration isn’t absolutely mandatory, it enables a secure, scalable and easy to manage SIP solution.

… And these are a few of my favorite things!

Andrew Prokop is the Director of Vertical Industries at Arrow Systems Integration. Andrew is an active blogger and his widely-read blog, SIP Adventures, discusses every imaginable topic in the world of unified communications. Follow Andrew on Twitter at @ajprokop, and read his blog, SIP Adventures.

An Even Closer Look at Avaya Aura IMS Call Processing

Last week, I walked you through how Avaya implements IMS processing between Session Manager and Communication Manager.  Even though it may have looked fairly complicated and slightly convoluted, I actually did you a favor by greatly simplifying the call flow. The complete call flow is even more involved.

I also did myself a favor by presenting an abbreviated call flow. There were parts that baffled even me. So, I took it as a personal challenge to figure out the confusing parts as best as I could and put them into writing.

If you missed my previous article, it can be found at A Close Look at Avaya Aura Call Processing.

Allow me to begin by saying that nothing I wrote in my first article is incorrect. All that jazz about imsorig, origdone, imsterm and termdone is accurate. However, in terms of an outbound call from a SIP telephone, I started in the middle of the flow. There are quite a few messages that fly around the system before the actual IMS processing begins.

In the Beginning

Everything begins when an Avaya telephone informs Communication Manager that it has gone off-hook. In Avaya documentation, they refer to this as “Line Reservation.” Everything that Communication Manager does at the time of Line Reservation is a mystery to me, but it essentially sets aside resources required for call processing.

The telephone uses an INVITE message to kick everything off. However, this isn’t a typical INVITE. The To and From headers both refer to the caller. This is understandable because the user hasn’t started entering any dialing information. This is simply making Communication Manager aware that the telephone has been taken off-hook.

There also isn’t any SDP in the INVITE. That’s because dial tone will be generated locally by the phone. No media stream is required.

Lastly, the telephone tells Communication Manager that this is an off-hook event by putting the following in the To header.

avaya-cm-fnu=off-hook

I captured one of these INVITE messages with traceSM.

off2Upon receiving an off-hook INVITE, Communication Manager responds with a 183 Session In Progress. Now, I am used to 183 being used to deliver some form of early media, but there is no SDP in this response message. I can only assume that it is used to tell the telephone that the INVITE was received, and it’s safe to start playing dial tone.

off3

Next, Communication Manager tells Session Manager that the phone is off-hook. This, of course, is done with a PUBLISH message. Since the telephone subscribed to Dialog events during its boot cycle, Session Manager will then send a NOTIFY message to the phone.  I am going to take a guess and say that the NOTIFY causes the phone to indicate an active line appearance.

off4

There are no more SIP messages until the user has finished entering the complete dial string. Since the telephone is aware of the configured dial pattern (through Personal Profile Manager), it will wait until all digits have been entered before sending a new INVITE.

I have to admit to something. Since the dawn of time, I have always thought that an UPDATE was sent prior to a session being established and a re-INVITE was sent after the session was established. However, this new INVITE from the telephone is clearly a re-INVITE even though the off-hook session has not been established. I say this because the call-ID and From tag are identical between the two INVITE messages. This screams re-INVITE.

There are differences between the two INVITE messages, though. The To header now contains the dialed digits and the message body contains SDP. This INVITE looks like the kind of INVITE you would have expected in the first place. This INVITE can actually be used to make a call.

off6

From here on out, the call flow will look like the one I described in my previous blog article. There is still something that needs to occur, though. The off-hook INVITE is out there and needs to be attended to.

To close out the first session, Communication Manager will send a 484 Address Incomplete response. This will cause the telephone to respond with an ACK.

off7

Here now is the entire call flow. Note that I did not discuss the 407 Proxy Authentication Required response messages. For now you can ignore them, but rest assured that I will return to that subject in the very near future.

As you look at the flow, there is one more thing I want you to notice.  Session Manager sends both INVITE messages to Communication Manager as part of the imsorig processing, but only the re-INVITE will go through the origdone phase.  That makes sense, though, because the first INVITE received a 484 response. There is no point in sending it back to Session Manager for further processing.

off11

Mischief Managed

Well, there you have — an even more complicated Avaya call flow than the last time around. I hope this helps you understand what I was saying in my previous article about the differences between SIP as a protocol and SIP as a solution.  Clearly, what Avaya is doing with SIP is far more involved than what you will find in a generic text book. Of course, a full blown PBX requires a little more than your run-of-the-mill call flows.

 Andrew Prokop is the Director of Vertical Industries at Arrow Systems Integration. Andrew is an active blogger and his widely-read blog, SIP Adventures, discusses every imaginable topic in the world of unified communications. Follow Andrew on Twitter at @ajprokop, and read his blog, SIP Adventures.