Avaya Session Border Controller for Enterprise 7.

1
SP1 Release Notes

Release 7.1 SP1

Issue 2
December 2016

1
© 2016 Avaya Inc. All Rights Reserved.
© 2016 Avaya Inc. All Rights Reserved.

Notice

While reasonable efforts were made to ensure that the information in this document was complete and
accurate at the time of printing, Avaya Inc. can assume no liability for any errors. Changes and corrections
to the information in this document might be incorporated in future releases.
Documentation disclaimer

Avaya Inc. is not responsible for any modifications, additions, or deletions to the original published
version of this documentation unless such modifications, additions, or deletions were performed by
Avaya. Customer and/or End User agree to indemnify and hold harmless Avaya, Avaya's agents, servants
and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with,
subsequent modifications, additions or deletions to this documentation to the extent made by the
Customer or End User.
Link disclaimer

Avaya Inc. is not responsible for the contents or reliability of any linked Web sites referenced elsewhere
within this documentation, and Avaya does not necessarily endorse the products, services, or information
described or offered within them. We cannot guarantee that these links will work all the time and we have
no control over the availability of the linked pages.
Warranty

Avaya Inc. provides a limited warranty on this product. Refer to your sales agreement to establish the
terms of the limited warranty. In addition, Avaya’s standard warranty language, as well as information
regarding support for this product, while under warranty, is available through the Avaya Support Web
site: http://support.avaya.com
License

USE OR INSTALLATION OF THE PRODUCT INDICATES THE END USER'S ACCEPTANCE OF THE TERMS
SET FORTH HEREIN AND THE GENERAL LICENSE TERMS AVAILABLE ON THE AVAYA WEB SITE
http://support.avaya.com/LicenseInfo/ ("GENERAL LICENSE TERMS"). IF YOU DO NOT WISH TO BE
BOUND BY THESE TERMS, YOU MUST RETURN THE PRODUCT(S) TO THE POINT OF PURCHASE WITHIN
TEN (10) DAYS OF DELIVERY FOR A REFUND OR CREDIT.

Avaya grants End User a license within the scope of the license types described below. The applicable
number of licenses and units of capacity for which the license is granted will be one (1), unless a different
number of licenses or units of capacity is specified in the Documentation or other materials available to
End User. "Designated Processor" means a single stand-alone computing device. "Server" means a
Designated Processor that hosts a software application to be accessed by multiple users. "Software"
means the computer programs in object code, originally licensed by Avaya and ultimately utilized by End
User, whether as stand-alone Products or pre-installed on Hardware. "Hardware" means the standard
hardware Products, originally sold by Avaya and ultimately utilized by End User.
License type(s)

Concurrent User License (CU). End User may install and use the Software on multiple Designated
Processors or one or more Servers, so long as only the licensed number of Units are accessing and using
the Software at any given time. A "Unit" means the unit on which Avaya, at its sole discretion, bases the
pricing of its licenses and can be, without limitation, an agent, port or user, an e-mail or voice mail account
in the name of a person or corporate function (e.g., webmaster or helpdesk), or a directory entry in the
administrative database utilized by the Product that permits one user to interface with the Software. Units
may be linked to a specific, identified Server.

2
© 2016 Avaya Inc. All Rights Reserved.
Copyright

Except where expressly stated otherwise, the Product is protected by copyright and other laws respecting
proprietary rights. Unauthorized reproduction, transfer, and or use can be a criminal, as well as a civil,
offense under the applicable law.
Third-party components

Certain software programs or portions thereof included in the Product may contain software distributed
under third party agreements ("Third Party Components"), which may contain terms that expand or limit
rights to use certain portions of the Product ("Third Party Terms"). Information identifying Third Party
Components and the Third Party Terms that apply to them is available on the Avaya Support Web site:

http://support.avaya.com/ThirdPartyLicense/
Preventing toll fraud

"Toll fraud" is the unauthorized use of your telecommunications system by an unauthorized party (for
example, a person who is not a corporate employee, agent, subcontractor, or is not working on your
company's behalf). Be aware that there can be a risk of toll fraud associated with your system and that, if
toll fraud occurs, it can result in substantial additional charges for your telecommunications services.
Avaya fraud intervention

If you suspect that you are being victimized by toll fraud and you need technical assistance or support, call
Technical Service Center Toll Fraud Intervention Hotline at +1-800-643-2353 for the United States and
Canada. For additional support telephone numbers, see the Avaya Support Web site:
http://support.avaya.com
Trademarks

Avaya and the Avaya logo are either registered trademarks or trademarks of Avaya Inc. in the United
States of America and/or other jurisdictions. All other trademarks are the property of their respective
owners.

Downloading documents
For the most current versions of documentation, see the Avaya Support Web site:
http://support.avaya.com
Avaya support

Avaya provides a telephone number for you to use to report problems or to ask questions about your
product. The support telephone number is 1-800-242-2121 in the United States. For additional support
telephone numbers, see the Avaya Support Web site: http://support.avaya.com

3
© 2016 Avaya Inc. All Rights Reserved.
Table of Contents
Overview.................................................................................................................................................. 5
Documentation........................................................................................................................................ 5
List of Mandatory Patches:...................................................................................................................... 6
Installing sigma_script_sync.tar .......................................................................................................... 6
Upgrade path:.......................................................................................................................................... 6
Prerequisites:........................................................................................................................................... 7
For 7.1 GA release to 7.1 sp1 upgrade .................................................................................................... 9
Rollback path: .......................................................................................................................................... 9
Download files ....................................................................................................................................... 11
List of Fixed Issues: ................................................................................................................................ 11
List of vulnerabilities fixed:.................................................................................................................... 12
List of known issues and workarounds: ................................................................................................ 12

4
© 2016 Avaya Inc. All Rights Reserved.
Overview
This document provides information about the new enhancements in ASBCE Release 7.1 Service Pack
1, and the known issues for this release. Please note that there have been few GUI changes with 7.1
SP1 and details of these changes are now available in Administering Avaya Session Border Controller
for enterprise.

Documentation
The latest documentation for 7.1 is available on support.avaya.com.

No. Title Link

1. Avaya Session Border

Controller for Enterprise
Overview and Specification http://support.avaya.com/css/P8/documents/101026875

2. Deploying Avaya Session

Border Controller for
Enterprise http://support.avaya.com/css/P8/documents/101026879

3. Deploying Avaya Session

Border Controller in
Virtualized Environment http://support.avaya.com/css/P8/documents/101026877

4. Upgrading Avaya Session

Border Controller for
Enterprise http://support.avaya.com/css/P8/documents/101026883

5. Administering Avaya Session

Border Controller for
Enterprise http://support.avaya.com/css/P8/documents/101026873

6. Troubleshooting and
Maintaining Avaya Session
Border Controller for http://support.avaya.com/css/P8/documents/101026881
Enterprise

7. Avaya SBCE 7.x Security

Configuration and Best
Practices Guide https://downloads.avaya.com/css/P8/documents/101014066

5
© 2016 Avaya Inc. All Rights Reserved.
List of Mandatory Patches:
1. rollback_patch_7.0_sp2.sh :
Rollback of EMS/SBC from 7.1 Sp1 to 7.0 Sp2 requires rollback script
“rollback_patch_7.0_sp2.sh” needs to be applied on EMS/SBC.

2. sigma_script_sync.tar :

This patch is required to address issue with Database Sync failure between EMS and
SBCE’s caused due to sigma script.

Apply this patch on EMS after upgrading to 7.1 sp1.

These patches can be downloaded from PLDS.

Download id: SBCE0000066

Installing sigma_script_sync.tar

Note: Apply the patch on EMS only

1. On EMS, login as root user and take a backup of /usr/local/tomcat/webapps/sbc.war before

applying patch.
cp /usr/local/tomcat/webapps/sbc.war /home/ipcs
2. Copy the patch to the following directory by using an SCP client:
/home/ipcs
3. Run the following commands to untar the patch and install as root user:

cd /home/ipcs
tar -xvf sigma_script_sync.tar
cd sigma_script_sync
sh update_sigma_profile.sh

4. Reboot EMS by using the following command:

reboot

Upgrade path:
1. Avaya SBCE with releases prior to 7.0 SP2 must be upgraded to 7.1 GA release and then
upgrade to 7.1 SP1. Please note that upgrade from 7.0 SP2 to 7.1 GA build is not supported
and upgrade to 7.1 SP1 from 7.0 SP2 is supported only via CLI. Please refer “Upgrading Avaya
6
© 2016 Avaya Inc. All Rights Reserved.
 Session Border Controller for Enterprise” on Avaya support site for procedure to upgrade via
CLI. Customers wishing to upgrade to 7.1 GA load from 7.0 SP2, must downgrade to 7.0 SP1
and then upgrade to 7.1 GA load , so as to upgrade to 7.1 SP1 build.

Following upgrade paths are supported:

1. 7.0 SP2 7.1 SP1 [ This upgrade is supported only via CLI]
2. Avaya SBCE installed with releases 7.1 GA (build 11122) can upgrade directly to 7.1
SP1 via GUI OR CLI (both options supported).

Prerequisites:
➢ If ASG is enabled on SBCE, perform below procedure before initiating upgrade.

a. Login to EMS and SBCE and switch user to root login.

b. Move /etc/asg/lacfile to /archive/backup/

mv /etc/asg/lacfile /archive/backup

c. Disable ASG Authentication.

Sbce-asg-control.py –u
d. After performing above steps from 1 to 3 and making sure other prerequisites are
checked, the upgrade can be started.

Note: To restore ASG authentication after the SBCE is upgraded to 7.1 Sp2, copy the lacfile to
/etc/asg/ directory using below command while logged in as root user.
mv /archive/backup/lacfile /etc/asg/

Upgrade Instructions
Upgrades are supported on both, Hardware deployment as well as VMware deployment. Please
make sure that the system being upgraded does support the upgrade path mentioned above and all
upgrades need to be done during a maintenance window. If an upgrade is performed on a
production system, it is quite likely that active/ongoing calls will be dropped. For information about
the latest releases for 7.0 and 7.1, please refer http://support.avaya.com.

Note: Before starting with the upgrade, ensure that Avaya SBCE servers in the deployment have
unique hostnames. In case two or more servers have the same hostname, change the hostname. For
more information, see Troubleshooting and Maintaining Avaya Session Border Controller. Also,
please take a snapshot of the systems before proceeding with the upgrade.

In a multi-server deployment, the upgrade sequence for 7.1.X releases is:

1. Primary EMS
2. Secondary EMS
3. Avaya SBCE pair:
a. Avaya SBCE with lower node ID
b. Avaya SBCE with higher node ID

7
© 2016 Avaya Inc. All Rights Reserved.
You can find the node IDs in /usr/local/ipcs/etc/sysinfo. Before upgrading, ensure that the EMS
or Avaya SBCE with lower node id is secondary to avoid losing ongoing calls.

Note:
Please refer “Upgrading Avaya Session Border Controller for Enterprise” document on Avaya Support
site for procedure to upgrade the SBCE to latest version

Note: SBCE with lower node id to be upgraded first.

Upgrading EMS and SBCEs via CLI - applicable for upgrade from 7.0 SP2 to 7.1 SP1 build

Note: When upgrading HA SBCE pairs, make sure to upgrade SBCE with lower node id (NODE_ID) first
and also make sure that it’s HA state is “ Secondary”. If the server with lower node_id happens to be
primary server, make it Secondary from GUI before starting upgrade to avoid service outage.

Node id can be found in /usr/local/ipcs/etc/sysinfo file

Following is the procedure to upgrade EMS and SBCEs via CLI:

1. Copy the tar file to the respective device (EMS, SBCEs) using ipcs user on port 222. You can use
SFTP or SCP tools to access the server.

2. Connect to the system using SSH client.

3. Using root permissions move the upgrade tar file from the ipcs user home directory to
/archive/urpackages directory.

4. Ensure that the md5sum of the upgrade tar file matches the checksum given in the name of the
file. You can use the md5sum command to verify whether the md5sum and the checksum match.

5. Create new /archive/ temp_upgrade directory.

mkdir /archive/temp_upgrade

where temp_upgrade is the temporary directory.

The system creates a temporary directory in the archive directory.

6. As a root user delete the files in /archive/temp_upgrade/ directory

rm -rf /archive/temp_upgrade/*

This command removes all content in the temporary directory.

7. Untar the upgrade package to /archive/temp_upgrade/

8
© 2016 Avaya Inc. All Rights Reserved.
 tar -zxvf /archive/urpackages/SBCE-7.1.0.1-xx-xxxx-<md5sum>.tar.gz -C /archive/temp_upgrade.

The system extracts the upgrade tar file in the temporary directory.

8. Change the permission of ursbce file to make it executable

cd /archive/temp_upgrade

chmod +x ursbce.py

9 Start the upgrade with ursbce.py

./ursbce.py --upgrade --daemonize

This step will reboot the system.

For 7.1 GA release to 7.1 sp1 upgrade

Please refer “Upgrading Avaya Session Border Controller for Enterprise” for release 7.1 document on
Avaya Support site for procedure to upgrade the SBCE to latest version.

Rollback path:
Following rollback paths are supported:

1. Rollback from 7.1 SP17.0 SP2

2. Rollback from 7.1 SP1 7.1 GA

Note: Above rollback paths mentioned are supported using CLI only and for rollback from 7.1 SP1 to
7.0 Sp2 release can be performed by using rollback_patch_7.0_sp2.sh downloaded from PLDS. For
more information refer to Rollback procedure.

Rollback procedure:

Note: SBCE with lower node id must be rolled back first.

Node id can be found in /usr/local/ipcs/etc/sysinfo file

9
© 2016 Avaya Inc. All Rights Reserved.
Rollback sequence

In a multi-server deployment, the upgrade sequence is:

1. Primary EMS
2. Secondary EMS
3. Avaya SBCE pair:
c. Avaya SBCE with lower node ID
d. Avaya SBCE with higher node ID

You can find the node IDs in /usr/local/ipcs/etc/sysinfo. Before upgrading, ensure Avaya SBCE
with lower node id is secondary to avoid losing ongoing calls in HA setup.

Rollback from 7.1SP1 to 7.0 SP2

Before rollback of EMS/SBC, rollback patch needs to be applied on EMS/SBC. This patch can be
downloaded from PLDS.

Replace file “rollback_patch_7.0_sp2.sh” downloaded from PLDS with file in

/usr/local/ipcs/icu/workaround/rollback_patch_7.0_sp2.sh

Execute below command:

chmod 777 /usr/local/ipcs/icu/workaround/rollback_patch_7.0_sp2.sh

Following is the procedure to rollback EMS and SBCE’s using CLI.

2. Create a temp folder in path /usr/local/ipcs/

3. Untar the rollback package to temp directory.
cd /usr/local/ipcs/temp
tar –zxvf /archive/urpackages/<7.0 Sp2 package.tar.gz>
4. Run pre rollback script.
sh /usr/local/ipcs/icu/scripts/pre_rollback.sh
5. Run the ursbce.py script for rollback
./ursbce.py --rollback --daemonize

Rollback from 7.1SP1 to 7.1 GA:

Following is the procedure to rollback EMS and SBCE’s using CLI.

1 Create a temp folder in path /usr/local/ipcs/

2 Untar the rollback package to temp directory.
cd /usr/local/ipcs/temp
tar –zxvf /archive/urpackages/<7.1 GA package.tar.gz>
3 Run pre rollback script .
sh /usr/local/ipcs/icu/scripts/pre_rollback.sh
4 Run the ursbce.py script for rollback
./ursbce.py --rollback --daemonize

10
© 2016 Avaya Inc. All Rights Reserved.
Download files
Name Description
sbce-7.1.0.1-07-12368- Upgrade file required for upgrading to 7.1 SP1.
86c64b2642428dcce16fedba91cdfd33.tar.gz

Download ID: SBCE0000062

md5sum: 86c64b2642428dcce16fedba91cdfd33

sbce-7.1.0.1-07-12368-signatures.tar.gz This is a signatures tar file that consists of required

integrity check keys used for all packages on SBCE
system. It is uploaded in key bundles under System
Download ID: SBCE0000064 management.
This signature file shall be used for future upgrades
md5sum: 9525d69561a8e0b705984d5c45cf5419
from 7.1 SP1.

sbce-7.1.0.1-07-12368- SHA2 Signature for Upgrade Package. This will be used

86c64b2642428dcce16fedba91cdfd33.tar.gz.asc to validate the upgrade package integrity. This ASC file
shall be used for future upgrades from 7.1 SP1.
Download ID: SBCE0000065

md5sum: ef98981591330b4a85d3fe7dd66dfdbc

List of Fixed Issues:

The following table summarizes the issues fixed in this release:

Defect ID Summary
AURORA-9953 SBCE is not processing SDP offer received in UPDATE from TRUNK. One way
media issue observed for active calls.
AURORA-9983 Primary SBCE SSYNDI Crash during HA serialization on each and every call
after upgrade to 7.1
AURORA-9959 for OOD refer Notify expose Public IP to SM.

11
© 2016 Avaya Inc. All Rights Reserved.
AURORA-10062 Inbound Calls all failed, because SBCE cannot recover from split-brain mode

AURORA-9035 7.1 HA beta: ssyndi hangs on SBCE1 and SBCE2 fails to pass data; SBCE1
must be manually restarted
AURORA-10014 Outbound call fail in few seconds before SBCE re-register with the SP trunk

AURORA-10040 oneway media observed when call is on hold - PRACK is being sent with
incorrect PRACK header due to a high Seq number
AURORA-9533 SBCE sends wrong format for Month in meta-data to NICE server.

AURORA-9408 Upgrade to 7.1Beta with secondary EMS in VM, primary EMS cannot get error
msg in configuring weblm URL
AURORA-10021 CFD: customers need to be able to add the '+' character in Registration.

AURORA-9984 SBCE are in New state when we use DB password having & special character

AURORA-9808 factory reset does not happen properly

List of vulnerabilities fixed:

The following table summarizes the vulnerabilities fixed in this release:

Defect ID Summary
AURORA- RHEA-2016:1982 - Product Enhancement Advisory
10093
AURORA- [RHSA-2016:1940-01] Important: openssl security update
10065
AURORA- [RHSA-2016:1626-01] Moderate: python security update
9974
AURORA- [RHSA-2016:1547-01] Important: libtiff security update
9925
AURORA- RHSA-2016:1292-1 Important: libxml2 security update
9483

AURORA- [RHSA-2016:0760-01] Moderate: file security, bug fix, and enhancement update
9403
AURORA- [RHSA-2016:0741-01] Moderate: openssh security, bug fix, and enhancement
9402 update

List of known issues and workarounds:

➢ Upgrade from 7.0 sp2 to 7.1 SP1 fails on GUI:

12
© 2016 Avaya Inc. All Rights Reserved.
 Workaround is to upgrade EMS and SBCE’s via CLI. Refer the procedure described in
this document to upgrade EMS/SBCE’s via CLI.

➢ After performing the rollback from 7.1 Sp1 to 7.1 release on EMS using GUI, the version
for SBCE also displayed as 7.1 despite not performing rollback on SBCEs.

➢ Application restart failed message is displaying even though restart is successful:

The error shown is a false message and can be ignored.

➢ Upgrade Status of SBCE is shown as Failed on EMS GUI even though SBCE is upgraded
successfully:

The error shown is a false message and can be ignored.

➢ The status of Trunk and Call servers using TLS transport remains down even after
successful installation of certificate:

An application restart for each SBCE would resolve this issue.

➢ Reverse proxy is not working on some of the SBCE’s:

Check if the certificate installed has correct Subject Alternate Name (SAN). In Reverse
Proxy Profile ‘proxy ssl directives’ have been enabled and client certificate
verification is mandatory now. From the contents of a certificate, NGINX validates
Subject Alternate Name (SAN) if available, and if the check fails, NGINX does not
verify the common name (CN). In such a case, user is required to regenerate a
certificate with correct SAN or without SAN for Reverse proxy to work.

➢ Upgrade fails due to partially downloaded upgrade package on SBCE.

Please use workaround below:
1. Remove upgrade package from /archive/urpackages
rm –rf /archive/urpackages
2. Manually copy the upgrade package to /archive/urpackages and start with the
upgrade.

➢ All network interfaces are down after rollback from 7.1SP1 to 7.0SP2. Workaround is to
generate scp.out file using following commands:

/usr/local/ipcs/bin/savon_parser /usr/local/ipcs/config/ss/SysMon.SS.scp
/usr/local/ipcs/bin/savon_parser /usr/local/ipcs/config/sems/SysMon.SEMS.scp

13
© 2016 Avaya Inc. All Rights Reserved.
 Restart EMS/SBCEs using command “/etc/init.d/ipcs-init restart”

➢ Previous method of login as “ipcs” user and then switching to root user using sudo will
no longer work. Sudo users are disabled in 7.1 Sp1. In order to login as “root” user, root
password has to be provided.

➢ TLS handshake fails between SBC and back end server.

Workaround: If reverse proxy profiles are configured with server ip address and the
server is set to return CN as FQDN in server certificate, then either the FQDN needs to be
entered in server address field of reverse proxy profile or regenerate the server
certificate to include ip address in subjAltName and FQDN in CN.

➢ After upgrade or fresh installation, EMS GUI Page loads slowly and it takes 10-15 minutes
for the complete GUI to come up.
After upgrade, GUI loads slowly and similar to the screenshot below. It would take 10 -15
minutes for the complete GUI to come up as some permissions are getting set on related
fields which causes a delay in the GUI web page from getting loaded properly.

14
© 2016 Avaya Inc. All Rights Reserved.