Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 3015

Megaco Protocol Version 1.0

Pages: 179
Obsoletes:  28852886
Obsoleted by:  3525
Part 3 of 6 – Pages 45 to 75
First   Prev   Next

ToP   noToC   RFC3015 - Page 45   prevText

7.2 Command Application Programming Interface

Following is an Application Programming Interface (API) describing the Commands of the protocol. This API is shown to illustrate the Commands and their parameters and is not intended to specify implementation (e.g. via use of blocking function calls). It describes the input parameters in parentheses after the command name and the return values in front of the Command. This is only for
ToP   noToC   RFC3015 - Page 46
   descriptive purposes; the actual Command syntax and encoding are
   specified in later subsections.  The order of parameters to commands
   is not fixed.  Descriptors may appear as parameters to commands in
   any order.  The descriptors SHALL be processed in the order in which
   they appear.

   All parameters enclosed by square brackets ([. . . ]) are considered
   optional.

7.2.1 Add

The Add Command adds a Termination to a Context. TerminationID [,MediaDescriptor] [,ModemDescriptor] [,MuxDescriptor] [,EventsDescriptor] [,SignalsDescriptor] [,DigitMapDescriptor] [,ObservedEventsDescriptor] [,EventBufferDescriptor] [,StatisticsDescriptor] [,PackagesDescriptor] Add( TerminationID [, MediaDescriptor] [, ModemDescriptor] [, MuxDescriptor] [, EventsDescriptor] [, SignalsDescriptor] [, DigitMapDescriptor] [, AuditDescriptor] ) The TerminationID specifies the termination to be added to the Context. The Termination is either created, or taken from the null Context. For an existing Termination, the TerminationID would be specific. For a Termination that does not yet exist, the TerminationID is specified as CHOOSE in the command. The new TerminationID will be returned. Wildcards may be used in an Add, but such usage would be unusual. If the wildcard matches more than one TerminationID, all possible matches are attempted, with results reported for each one. The order of attempts when multiple TerminationIDs match is not specified. The optional MediaDescriptor describes all media streams.
ToP   noToC   RFC3015 - Page 47
   The optional ModemDescriptor and MuxDescriptor specify a modem and
   multiplexer if applicable. For convenience, if a Multiplex Descriptor
   is present in an Add command and lists any Terminations that are not
   currently in the Context, such Terminations are added to the context
   as if individual Add commands listing the Terminations were invoked.
   If an error occurs on such an implied Add, error 471 - Implied Add
   for Multiplex failure shall be returned and further processing of the
   command shall cease.

   The EventsDescriptor parameter is optional.  If present, it provides
   the list of events that should be detected on the Termination.

   The SignalsDescriptor parameter is optional.  If present, it provides
   the list of signals that should be applied to the Termination.

   The DigitMapDescriptor parameter is optional.  If present, defines a
   DigitMap definition that may be used in an EventsDescriptor.

   The AuditDescriptor is optional.  If present, the command will return
   descriptors as specified in the AuditDescriptor.

   All descriptors that can be modified could be returned by MG if a
   parameter was underspecified or overspecified.  ObservedEvents,
   Statistics, and Packages, and the EventBuffer Descriptors are
   returned only if requested in the AuditDescriptor.

   Add SHALL NOT be used on a Termination with a serviceState of
   "OutofService".

7.2.2 Modify

The Modify Command modifies the properties of a Termination. TerminationID [,MediaDescriptor] [,ModemDescriptor] [,MuxDescriptor] [,EventsDescriptor] [,SignalsDescriptor] [,DigitMapDescriptor] [,ObservedEventsDescriptor] [,EventBufferDescriptor] [,StatisticsDescriptor] [,PackagesDescriptor] Modify( TerminationID [, MediaDescriptor] [, ModemDescriptor] [, MuxDescriptor]
ToP   noToC   RFC3015 - Page 48
        [, EventsDescriptor]
        [, SignalsDescriptor]
        [, DigitMapDescriptor]
        [, AuditDescriptor]
        )

   The TerminationID may be specific if a single Termination in the
   Context is to be modified.  Use of wildcards in the TerminationID may
   be appropriate for some operations. If the wildcard matches more than
   one TerminationID, all possible matches are attempted, with results
   reported for each one.  The order of attempts when multiple
   TerminationIDs match is not specified. The CHOOSE option is an error,
   as the Modify command may only be used on existing Terminations.

   The remaining parameters to Modify are the same as those to Add.
   Possible return values are the same as those to Add.

7.2.3 Subtract

The Subtract Command disconnects a Termination from its Context and returns statistics on the Termination's participation in the Context. TerminationID [,MediaDescriptor] [,ModemDescriptor] [,MuxDescriptor] [,EventsDescriptor] [,SignalsDescriptor] [,DigitMapDescriptor] [,ObservedEventsDescriptor] [,EventBufferDescriptor] [,StatisticsDescriptor] [,PackagesDescriptor] Subtract(TerminationID [, AuditDescriptor] ) TerminationID in the input parameters represents the Termination that is being subtracted. The TerminationID may be specific or may be a wildcard value indicating that all (or a set of related) Terminations in the Context of the Subtract Command are to be subtracted. If the wildcard matches more than one TerminationID, all possible matches are attempted, with results reported for each one. The order of attempts when multiple TerminationIDs match is not specified. The use of CHOOSE in the TerminationID is an error, as the Subtract command may only be used on existing Terminations.
ToP   noToC   RFC3015 - Page 49
   ALL may be used as the ContextID as well as the TerminationId in a
   Subtract, which would have the effect of deleting all contexts,
   deleting all ephemeral terminations, and returning all physical
   terminations to Null context.

   By default, the Statistics parameter is returned to report
   information collected on the Termination or Terminations specified in
   the Command.  The information reported applies to the Termination's
   or Terminations' existence in the Context from which it or they are
   being subtracted.

   The AuditDescriptor is optional.  If present, the command will return
   descriptors as specified in the AuditDescriptor.   Possible return
   values are the same as those to Add.

   When a provisioned Termination is Subtracted from a context, its
   property values shall revert to:

   *  the default value, if specified for the property and not
      overridden by provisioning,
   *  otherwise, the provisioned value.

7.2.4 Move

The Move Command moves a Termination to another Context from its current Context in one atomic operation. The Move command is the only command that refers to a Termination in a Context different from that to which the command is applied. The Move command shall not be used to move Terminations to or from the null Context. TerminationID [,MediaDescriptor] [,ModemDescriptor] [,MuxDescriptor] [,EventsDescriptor] [,SignalsDescriptor] [,DigitMapDescriptor] [,ObservedEventsDescriptor] [,EventBufferDescriptor] [,StatisticsDescriptor] [,PackagesDescriptor] Move( TerminationID [, MediaDescriptor] [, ModemDescriptor] [, MuxDescriptor] [, EventsDescriptor] [, SignalsDescriptor] [, DigitMapDescriptor]
ToP   noToC   RFC3015 - Page 50
        [, AuditDescriptor]
        )

   The TerminationID specifies the Termination to be moved.  It may be
   wildcarded, but CHOOSE shall not be used in the TerminationID.  If
   the wildcard matches more than one TerminationID, all possible
   matches are attempted, with results reported for each one.  The order
   of attempts when multiple TerminationIDs match is not specified. By
   convention, the Termination is subtracted from its previous Context.
   The Context to which the Termination is moved is indicated by the
   target ContextId in the Action.  If the last remaining Termination is
   moved out of a Context, the Context is deleted.

   The remaining descriptors are processed as in the Modify Command. The
   AuditDescriptor with the Statistics option, for example, would return
   statistics on the Termination just prior to the Move. Possible
   descriptors returned from Move are the same as for Add.

   Move SHALL NOT be used on a Termination with a serviceState of
   "OutofService".

7.2.5 AuditValue

The AuditValue Command returns the current values of properties, events, signals and statistics associated with Terminations. TerminationID [,MediaDescriptor] [,ModemDescriptor] [,MuxDescriptor] [,EventsDescriptor] [,SignalsDescriptor] [,DigitMapDescriptor] [,ObservedEventsDescriptor] [,EventBufferDescriptor] [,StatisticsDescriptor] [,PackagesDescriptor] AuditValue(TerminationID, AuditDescriptor ) TerminationID may be specific or wildcarded. If the wildcard matches more than one TerminationID, all possible matches are attempted, with results reported for each one. The order of attempts when multiple TerminationIDs match is not specified. If a wildcarded response is requested, only one command return is generated, with the contents
ToP   noToC   RFC3015 - Page 51
   containing the union of the values of all Terminations matching the
   wildcard.  This convention may reduce the volume of data required to
   audit a group of Terminations.  Use of CHOOSE is an error.

   The appropriate descriptors, with the current values for the
   Termination, are returned from AuditValue.  Values appearing in
   multiple instances of a descriptor are defined to be alternate values
   supported, with each parameter in a descriptor considered
   independent.

   ObservedEvents returns a list of events in the EventBuffer.  If the
   ObservedEvents descriptor is audited while a DigitMap is active, the
   returned ObservedEvents descriptor also includes a digit map
   completion event that shows the current dial string but does not show
   a termination method.

   EventBuffer returns the set of events and associated parameter values
   currently enabled in the EventBufferDescriptor. PackagesDescriptor
   returns a list of packages realized by the Termination.
   DigitMapDescriptor returns the name or value of the current DigitMap
   for the Termination.  DigitMap requested in an AuditValue command
   with TerminationID ALL returns all DigitMaps in the gateway.
   Statistics returns the current values of all statistics being kept on
   the Termination.  Specifying an empty Audit Descriptor results in
   only the TerminationID being returned.  This may be useful to get a
   list of TerminationIDs when used with wildcard.  Annexes A and B
   provide a special syntax for presenting such a list in condensed
   form, such that the AuditValue command tag does not have to be
   repeated for each TerminationID.

   AuditValue results depend on the Context, viz. specific, null, or
   wildcarded.  The TerminationID may be specific, or wildcarded. (Note
   that ContextID All does not include the null Context.) The following
   illustrates other information that can be obtained with the Audit
   Command:
ToP   noToC   RFC3015 - Page 52
   +-----------+---------------+--------------------------------------+
   | ContextID | TerminationID | Information Obtained                 |
   +-----------+---------------+--------------------------------------+
   | Specific  | wildcard      | Audit of matching Terminations in a  |
   |           |               | Context                              |
   +-----------+---------------+--------------------------------------+
   | Specific  | specific      | Audit of a single Termination in a   |
   |           |               | Context                              |
   +-----------+---------------+--------------------------------------+
   | Null      | Root          | Audit of Media Gateway state and     |
   |           |               | events                               |
   +-----------+---------------+--------------------------------------+
   | Null      | wildcard      | Audit of all matching Terminations   |
   |           |               | in the Null Context                  |
   +-----------+---------------+--------------------------------------+
   | Null      | specific      | Audit of a single Termination        |
   |           |               | outside of any Context               |
   +-----------+---------------+--------------------------------------+
   | All       | wildcard      | Audit of all matching Terminations   |
   |           |               | and the Context to which they are    |
   |           |               | associated
   +-----------+---------------+--------------------------------------+
   | All       | Root          | List of all ContextIds               |
   +-----------+---------------+--------------------------------------+

7.2.6 AuditCapabilities

The AuditCapabilities Command returns the possible values of properties, events, signals and statistics associated with Terminations. TerminationID [,MediaDescriptor] [,ModemDescriptor] [,MuxDescriptor] [,EventsDescriptor] [,SignalsDescriptor] [,ObservedEventsDescriptor] [,EventBufferDescriptor] [,StatisticsDescriptor] AuditCapabilities(TerminationID, AuditDescriptor ) The appropriate descriptors, with the possible values for the Termination are returned from AuditCapabilities. Descriptors may be repeated where there are multiple possible values. If a wildcarded response is requested, only one command return is generated, with the
ToP   noToC   RFC3015 - Page 53
   contents containing the union of the values of all Terminations
   matching the wildcard.  This convention may reduce the volume of data
   required to audit a group of Terminations.

   Interpretation of what capabilities are requested for various values
   of ContextID and TerminationID is the same as in AuditValue.

   The EventsDescriptor returns the list of possible events on the
   Termination together with the list of all possible values for the
   EventsDescriptor Parameters.  EventBufferDescriptor returns the same
   information as EventsDescriptor.  The SignalsDescriptor returns the
   list of possible signals that could be applied to the Termination
   together with the list of all possible values for the Signals
   Parameters.  StatisticsDescriptor returns the names of the statistics
   being kept on the termination.  ObservedEventsDescriptor returns the
   names of active events on the termination.  DigitMap and Packages are
   not legal in AuditCapability.

7.2.7 Notify

The Notify Command allows the Media Gateway to notify the Media Gateway Controller of events occurring within the Media Gateway. Notify(TerminationID, ObservedEventsDescriptor, [ErrorDescriptor] ) The TerminationID parameter specifies the Termination issuing the Notify Command. The TerminationID shall be a fully qualified name. The ObservedEventsDescriptor contains the RequestID and a list of events that the Media Gateway detected in the order that they were detected. Each event in the list is accompanied by parameters associated with the event and an indication of the time that the event was detected. Procedures for sending Notify commands with RequestID equal to 0 are for further study. Notify Commands with RequestID not equal to 0 shall occur only as the result of detection of an event specified by an Events Descriptor which is active on the termination concerned. The RequestID returns the RequestID parameter of the EventsDescriptor that triggered the Notify Command. It is used to correlate the notification with the request that triggered it. The events in the list must have been requested via the triggering EventsDescriptor or embedded events descriptor unless the RequestID is 0 (which is for further study).
ToP   noToC   RFC3015 - Page 54

7.2.8 ServiceChange

The ServiceChange Command allows the Media Gateway to notify the Media Gateway Controller that a Termination or group of Terminations is about to be taken out of service or has just been returned to service. The Media Gateway Controller may indicate that Termination(s) shall be taken out of or returned to service. The Media Gateway may notify the MGC that the capability of a Termination has changed. It also allows a MGC to hand over control of a MG to another MGC. TerminationID, [ServiceChangeDescriptor] ServiceChange(TerminationID, ServiceChangeDescriptor ) The TerminationID parameter specifies the Termination(s) that are taken out of or returned to service. Wildcarding of Termination names is permitted, with the exception that the CHOOSE mechanism shall not be used. Use of the "Root" TerminationID indicates a ServiceChange affecting the entire Media Gateway. The ServiceChangeDescriptor contains the following parameters as required: * ServiceChangeMethod * ServiceChangeReason * ServiceChangeDelay * ServiceChangeAddress * ServiceChangeProfile * ServiceChangeVersion * ServiceChangeMgcId * TimeStamp The ServiceChangeMethod parameter specifies the type of ServiceChange that will or has occurred: 1) Graceful - indicates that the specified Terminations will be taken out of service after the specified ServiceChangeDelay; established connections are not yet affected, but the Media Gateway Controller should refrain from establishing new connections and should attempt to gracefully tear down existing connections on the Termination(s) affected by the serviceChange command. The MG should set termination serviceState at the expiry of ServiceChangeDelay or the removal of the termination from an active context (whichever is first), to "out of service".
ToP   noToC   RFC3015 - Page 55
   2) Forced - indicates that the specified Terminations were taken
      abruptly out of service and any established connections associated
      with them were lost. The MGC is responsible for cleaning up the
      context (if any) with which the failed termination is associated.
      At a minimum the termination shall be subtracted from the context.
      The termination serviceState should be "out of service".

   3) Restart - indicates that service will be restored on the specified
      Terminations after expiration of the ServiceChangeDelay. The
      serviceState should be set  to "inService" upon expiry of
      ServiceChangeDelay.

   4) Disconnected - always applied with the Root TerminationID,
      indicates that the MG lost communication with the MGC, but it was
      subsequently restored.  Since MG state may have changed, the MGC
      may wish to use the Audit command to resynchronize its state with
      the MG's.

   5) Handoff - sent from the MGC to the MG, this reason indicates that
      the MGC is going out of service and a new MGC association must be
      established. Sent from the MG to the MGC, this indicates that the
      MG is attempting to establish a new association in accordance with
      a Handoff received from the MGC with which it was previously
      associated.

   6) Failover - sent from MG to MGC to indicate the primary MG is out
      of service and a secondary MG is taking over.

   7) Another value whose meaning is mutually understood between the MG
      and the MGC.

   The ServiceChangeReason parameter specifies the reason why the
   ServiceChange has or will occur.  It consists of an alphanumeric
   token (IANA registered) and, optionally, an explanatory string.

   The optional ServiceChangeAddress parameter specifies the address
   (e.g., IP port number for IP networks) to be used for subsequent
   communications.  It can be specified in the input parameter
   descriptor or the returned result descriptor.  ServiceChangeAddress
   and ServiceChangeMgcId parameters must not both be present in the
   ServiceChangeDescriptor or the ServiceChangeResultDescriptor.  The
   ServiceChangeAddress provides an address to be used within the
   context of the association currently being negotiated, while the
   ServiceChangeMgcId provides an alternate address where the MG should
   seek to establish another association.
ToP   noToC   RFC3015 - Page 56
   The optional ServiceChangeDelay parameter is expressed in seconds. If
   the delay is absent or set to zero, the delay value should be
   considered to be null.  In the case of a "graceful"
   ServiceChangeMethod, a null delay indicates that the Media Gateway
   Controller should wait for the natural removal of existing
   connections and should not establish new connections.  For "graceful"
   only, a null delay means the MG must not set serviceState "out of
   service" until the termination is in the null context.

   The optional ServiceChangeProfile parameter specifies the Profile (if
   any) of the protocol supported.  The ServiceChangeProfile includes
   the version of the profile supported.

   The optional ServiceChangeVersion parameter contains the protocol
   version and is used if protocol version negotiation occurs (see
   section 11.3).

   The optional TimeStamp parameter specifies the actual time as kept by
   the sender.  It can be used by the responder to determine how its
   notion of time differs from that of its correspondent.  TimeStamp is
   sent with a precision of hundredths of a second, and is expressed in
   UTC.

   The optional Extension parameter may contain any value whose meaning
   is mutually understood by the MG and MGC.

   A ServiceChange Command specifying the "Root" for the TerminationID
   and ServiceChangeMethod equal to Restart is a registration command by
   which a Media Gateway announces its existence to the Media Gateway
   Controller.  The Media Gateway is expected to be provisioned with the
   name of one primary and optionally some number of alternate Media
   Gateway Controllers.  Acknowledgement of the ServiceChange Command
   completes the registration process, except when the MGC has returned
   an alternative ServiceChangeMgcId as described in the following
   paragraph.  The MG may specify the transport ServiceChangeAddress to
   be used by the MGC for sending messages in the ServiceChangeAddress
   parameter in the input ServiceChangeDescriptor. The MG may specify an
   address in the ServiceChangeAddress parameter of the ServiceChange
   request, and the MGC may also do so in the ServiceChange reply.  In
   either case, the recipient must use the supplied address as the
   destination for all subsequent transaction requests within the
   association.  At the same time, as indicated in section 9,
   transaction replies and pending indications must be sent to the
   address from which the corresponding requests originated.  This must
   be done even if it implies extra messaging because commands and
   responses cannot be packed together. The TimeStamp parameter shall be
   sent with a registration command and its response.
ToP   noToC   RFC3015 - Page 57
   The Media Gateway Controller may return an ServiceChangeMgcId
   parameter that describes the Media Gateway Controller that should
   preferably be contacted for further service by the Media Gateway. In
   this case the Media Gateway shall reissue the ServiceChange command
   to the new Media Gateway Controller.   The Gateway specified in an
   ServiceChangeMgcId, if provided, shall be contacted before any
   further alternate MGCs.  On a HandOff message from MGC to MG, the
   ServiceChangeMgcId is the new MGC that will take over from the
   current MGC.

   The return from ServiceChange is empty except when the Root
   terminationID is used.  In that case it includes the following
   parameters as required:

   *  ServiceChangeAddress, if the responding MGC wishes to specify a
      new destination for messages from the MG for the remainder of the
      association;

   *  ServiceChangeMgcId, if the responding MGC does not wish to sustain
      an association with the MG;

   *  ServiceChangeProfile, if the responder wishes to negotiate the
      profile to be used for the association;

   *  ServiceChangeVersion, if the responder wishes to negotiate the
      version of the protocol to be used for the association.

   The following ServiceChangeReasons are defined.  This list may be
   extended by an IANA registration as outlined in section 13.3.

         900 Service Restored
         901 Cold Boot
         902 Warm Boot
         903 MGC Directed Change
         904 Termination malfunctioning
         905 Termination taken out of service
         906 Loss of lower layer connectivity (e.g. downstream sync)
         907 Transmission Failure
         908 MG Impending Failure
         909 MGC Impending Failure
         910 Media Capability Failure
         911 Modem Capability Failure
         912 Mux Capability Failure
         913 Signal Capability Failure
         914 Event Capability Failure
         915 State Loss
ToP   noToC   RFC3015 - Page 58

7.2.9 Manipulating and Auditing Context Attributes

The commands of the protocol as discussed in the preceding sections apply to terminations. This section specifies how contexts are manipulated and audited. Commands are grouped into actions (see section 8). An action applies to one context. In addition to commands, an action may contain context manipulation and auditing instructions. An action request sent to a MG may include a request to audit attributes of a context. An action may also include a request to change the attributes of a context. The context properties that may be included in an action reply are used to return information to a MGC. This can be information requested by an audit of context attributes or details of the effect of manipulation of a context. If a MG receives an action which contains both a request to audit context attributes and a request to manipulate those attributes, the response SHALL include the values of the attributes after processing the manipulation request.

7.2.10 Generic Command Syntax

The protocol can be encoded in a binary format or in a text format. MGCs should support both encoding formats. MGs may support both formats. The protocol syntax for the binary format of the protocol is defined in Annex A. Annex C specifies the encoding of the Local and Remote descriptors for use with the binary format. A complete ABNF of the text encoding of the protocol per RFC2234 is given in Annex B. SDP is used as the encoding of the Local and Remote Descriptors for use with the text encoding as modified in section 7.1.8.

7.3 Command Error Codes

Errors consist of an IANA registered error code and an explanatory string. Sending the explanatory string is optional. Implementations are encouraged to append diagnostic information to the end of the string.
ToP   noToC   RFC3015 - Page 59
   When a MG reports an error to a MGC, it does so in an error
   descriptor.  An error descriptor consists of an error code and
   optionally the associated explanatory string.

   The identified error codes are:

         400 - Bad Request
         401 - Protocol Error
         402 - Unauthorized
         403 - Syntax Error in Transaction
         406 - Version Not Supported
         410 - Incorrect identifier
         411 - The transaction refers to an unknown ContextId
         412 - No ContextIDs available

         421 - Unknown action or illegal combination of actions
         422 - Syntax Error in Action
         430 - Unknown TerminationID
         431 - No TerminationID matched a wildcard
         432 - Out of TerminationIDs or No TerminationID available
         433 - TerminationID is already in a Context
         440 - Unsupported or unknown Package
         441 - Missing RemoteDescriptor
         442 - Syntax Error in Command
         443 - Unsupported or Unknown Command
         444 - Unsupported or Unknown Descriptor
         445 - Unsupported or Unknown Property
         446 - Unsupported or Unknown Parameter
         447 - Descriptor not legal in this command
         448 - Descriptor appears twice in a command
         450 - No such property in this package
         451 - No such event in this package
         452 - No such signal in this package
         453 - No such statistic in this package
         454 - No such parameter value in this package
         455 - Parameter illegal in this Descriptor
         456 - Parameter or Property appears twice in this Descriptor
         471 - Implied Add for Multiplex failure

         500 - Internal Gateway Error
         501 - Not Implemented
         502 - Not ready.
         503 - Service Unavailable
         504 - Command Received from unauthorized entity
         505 - Command Received before Restart Response
         510 - Insufficient resources
         512 - Media Gateway unequipped to detect requested Event
         513 - Media Gateway unequipped to generate requested Signals
ToP   noToC   RFC3015 - Page 60
         514 - Media Gateway cannot send the specified announcement
         515 - Unsupported Media Type
         517 - Unsupported or invalid mode
         518 - Event buffer full
         519 - Out of space to store digit map
         520 - Media Gateway does not have a digit map
         521 - Termination is "ServiceChangeing"
         526 - Insufficient bandwidth
         529 - Internal hardware failure
         530 - Temporary Network failure
         531 - Permanent Network failure
         581 - Does Not Exist

8. TRANSACTIONS

Commands between the Media Gateway Controller and the Media Gateway are grouped into Transactions, each of which is identified by a TransactionID. Transactions consist of one or more Actions. An Action consists of a series of Commands that are limited to operating within a single Context. Consequently each Action typically specifies a ContextID. However, there are two circumstances where a specific ContextID is not provided with an Action. One is the case of modification of a Termination outside of a Context. The other is where the controller requests the gateway to create a new Context. Following is a graphic representation of the Transaction, Action and Command relationships.
ToP   noToC   RFC3015 - Page 61
      +----------------------------------------------------------+
      | Transaction x                                            |
      |  +----------------------------------------------------+  |
      |  | Action 1                                           |  |
      |  | +---------+  +---------+  +---------+  +---------+ |  |
      |  | | Command |  | Command |  | Command |  | Command | |  |
      |  | |    1    |  |    2    |  |    3    |  |    4    | |  |
      |  | +---------+  +---------+  +---------+  +---------+ |  |
      |  +----------------------------------------------------+  |
      |                                                          |
      |  +----------------------------------------------------+  |
      |  | Action 2                                           |  |
      |  | +---------+                                        |  |
      |  | | Command |                                        |  |
      |  | |    1    |                                        |  |
      |  | +---------+                                        |  |
      |  +----------------------------------------------------+  |
      |                                                          |
      |  +----------------------------------------------------+  |
      |  | Action 3                                           |  |
      |  | +---------+  +---------+  +---------+              |  |
      |  | | Command |  | Command |  | Command |              |  |
      |  | |    1    |  |    2    |  |    3    |              |  |
      |  | +---------+  +---------+  +---------+              |  |
      |  +----------------------------------------------------+  |
      +----------------------------------------------------------+

              Figure 5 Transactions, Actions and Commands

   Transactions are presented as TransactionRequests.  Corresponding
   responses to a TransactionRequest are received in a single reply,
   possibly preceded by a number of TransactionPending messages (see
   section 8.2.3).

   Transactions guarantee ordered Command processing.  That is, Commands
   within a Transaction are executed sequentially. Ordering of
   Transactions is NOT guaranteed - transactions may be executed in any
   order, or simultaneously.

   At the first failing Command in a Transaction, processing of the
   remaining Commands in that Transaction stops.  If a command contains
   a wildcarded TerminationID, the command is attempted with each of the
   actual TerminationIDs matching the wildcard.  A response within the
   TransactionReply is included for each matching TerminationID, even if
   one or more instances generated an error.  If any TerminationID
   matching a wildcard results in an error when executed, any commands
   following the wildcarded command are not attempted.
ToP   noToC   RFC3015 - Page 62
   Commands may be marked as "Optional" which can override this
   behaviour -  if a command marked as Optional results in an error,
   subsequent commands in the Transaction will be executed.  If a
   command fails, the MG shall as far as possible restore the state that
   existed prior to the attempted execution of the command before
   continuing with command processing.

   A TransactionReply includes the results for all of the Commands in
   the corresponding TransactionRequest.  The TransactionReply includes
   the return values for the Commands that were executed successfully,
   and the Command and error descriptor for any Command that failed.
   TransactionPending is used to periodically notify the receiver that a
   Transaction has not completed yet, but is actively being processed.

   Applications SHOULD implement an application level timer per
   transaction.  Expiration of the timer should cause a retransmission
   of the request.  Receipt of a Reply should cancel the timer. Receipt
   of Pending should restart the timer.

8.1 Common Parameters

8.1.1 Transaction Identifiers

Transactions are identified by a TransactionID, which is assigned by sender and is unique within the scope of the sender. A response containing an error descriptor to indicate that the TransactionID is missing in a request shall use TransactionID 0 in the corresponding TransactionReply.

8.1.2 Context Identifiers

Contexts are identified by a ContextID, which is assigned by the Media Gateway and is unique within the scope of the Media Gateway. The Media Gateway Controller shall use the ContextID supplied by the Media Gateway in all subsequent Transactions relating to that Context. The protocol makes reference to a distinguished value that may be used by the Media Gateway Controller when referring to a Termination that is currently not associated with a Context, namely the null ContextID. The CHOOSE wildcard is used to request that the Media Gateway create a new Context. The MGC shall not use partially specified ContextIDs containing the CHOOSE wildcard. The MGC may use the ALL wildcard to address all Contexts on the MG. The null Context is not included when the ALL wildcard is used.
ToP   noToC   RFC3015 - Page 63

8.2 Transaction Application Programming Interface

Following is an Application Programming Interface (API) describing the Transactions of the protocol. This API is shown to illustrate the Transactions and their parameters and is not intended to specify implementation (e.g. via use of blocking function calls). It will describe the input parameters and return values expected to be used by the various Transactions of the protocol from a very high level. Transaction syntax and encodings are specified in later subsections.

8.2.1 TransactionRequest

The TransactionRequest is invoked by the sender. There is one Transaction per request invocation. A request contains one or more Actions, each of which specifies its target Context and one or more Commands per Context. TransactionRequest(TransactionId { ContextID {Command _ Command}, . . . ContextID {Command _ Command } }) The TransactionID parameter must specify a value for later correlation with the TransactionReply or TransactionPending response from the receiver. The ContextID parameter must specify a value to pertain to all Commands that follow up to either the next specification of a ContextID parameter or the end of the TransactionRequest, whichever comes first. The Command parameter represents one of the Commands mentioned in the "Command Details" subsection titled "Application Programming Interface".

8.2.2 TransactionReply

The TransactionReply is invoked by the receiver. There is one reply invocation per transaction. A reply contains one or more Actions, each of which must specify its target Context and one or more Responses per Context. TransactionReply(TransactionID { ContextID { Response _ Response }, . . . ContextID { Response _ Response } })
ToP   noToC   RFC3015 - Page 64
   The TransactionID parameter must be the same as that of the
   corresponding TransactionRequest.

   The ContextID parameter must specify a value to pertain to all
   Responses for the action.  The ContextID may be specific or null.

   Each of the Response parameters represents a return value as
   mentioned in section 7.2, or an error descriptor if the command
   execution encountered an error. Commands after the point of failure
   are not processed and, therefore, Responses are not issued for them.

   An exception to this occurs if a command has been marked as optional
   in the Transaction request. If the optional command  generates an
   error, the transaction still continues to execute, so the Reply
   would, in this case, have Responses after an Error.

   If the receiver encounters an error in processing a ContextID, the
   requested Action response will consist of the context ID and a single
   error descriptor, 422 Syntax Error in Action.

   If the receiver encounters an error such that it cannot determine a
   legal Action, it will return a TransactionReply consisting of the
   TransactionID and a single error descriptor, 422 Syntax Error in
   Action. If the end of an action cannot be reliably determined but one
   or more Actions can be parsed, it will process them and then send 422
   Syntax Error in Action as the last action for the transaction.  If
   the receiver encounters an error such that is cannot determine a
   legal Transaction, it will return a TransactionReply with a null
   TransactionID and a single error descriptor (403 Syntax Error in
   Transaction).

   If the end of a transaction can not be reliably determined and one or
   more Actions can be parsed, it will process them and then return 403
   Syntax Error in Transaction as the last action reply for the
   transaction.  If no Actions can be parsed, it will return 403 Syntax
   Error in Transaction as the only reply

   If the terminationID cannot be reliably determined it will send 442
   Syntax Error in Command as the action reply.

   If the end of a command cannot be reliably determined it will return
   442 Syntax Error in Command as the reply to the last action it can
   parse.
ToP   noToC   RFC3015 - Page 65

8.2.3 TransactionPending

The receiver invokes the TransactionPending. A TransactionPending indicates that the Transaction is actively being processed, but has not been completed. It is used to prevent the sender from assuming the TransactionRequest was lost where the Transaction will take some time to complete. TransactionPending(TransactionID { } ) The TransactionID parameter must be the same as that of the corresponding TransactionRequest. A property of root (normalMGExecutionTime) is settable by the MGC to indicate the interval within which the MGC expects a response to any transaction from the MG. Another property (normalMGCExecutionTime) is settable by the MGC to indicate the interval within which the MG should expects a response to any transaction from the MGC. Senders may receive more than one TransactionPending for a command. If a duplicate request is received when pending, the responder may send a duplicate pending immediately, or continue waiting for its timer to trigger another Transaction Pending.

8.3 Messages

Multiple Transactions can be concatenated into a Message. Messages have a header, which includes the identity of the sender. The Message Identifier (MID) of a message is set to a provisioned name (e.g. domain address/domain name/device name) of the entity transmitting the message. Domain name is a suggested default. Every Message contains a Version Number identifying the version of the protocol the message conforms to. Versions consist of one or two digits, beginning with version 1 for the present version of the protocol. The transactions in a message are treated independently. There is no order implied, there is no application or protocol acknowledgement of a message.

9. TRANSPORT

The transport mechanism for the protocol should allow the reliable transport of transactions between an MGC and MG. The transport shall remain independent of what particular commands are being sent and shall be applicable to all application states. There are several transports defined for the protocol, which are defined in normative Annexes to this document. Additional Transports may be defined as additional annexes in subsequent editions of this document, or in
ToP   noToC   RFC3015 - Page 66
   separate documents.  For transport of the protocol over IP, MGCs
   shall implement both TCP and UDP/ALF, an MG shall implement TCP or
   UDP/ALF or both.

   The MG is provisioned with a name or address (such as DNS name or IP
   address) of a primary and zero or more secondary MGCs (see section
   7.2.8) that is the address the MG uses to send messages to the MGC.
   If TCP or UDP is used as the protocol transport and the port to which
   the initial ServiceChange request is to be sent is not otherwise
   known, that request should be sent to the default port number for the
   protocol.  This port number is 2944 for text-encoded operation or
   2945 for binary-encoded operation, for either UDP or TCP.  The MGC
   receives the message containing the ServiceChange request from the MG
   and can determine the MG's address from it.  As described in section
   7.2.8, either the MG or the MGC may supply an address in the
   ServiceChangeAddress parameter to which subsequent transaction
   requests must be addressed, but responses (including the response to
   the initial ServiceChange request) must always be sent back to the
   address which was the source of the corresponding request.

9.1 Ordering of Commands

This document does not mandate that the underlying transport protocol guarantees the sequencing of transactions sent to an entity. This property tends to maximize the timeliness of actions, but it has a few drawbacks. For example: * Notify commands may be delayed and arrive at the MGC after the transmission of a new command changing the EventsDescriptor * If a new command is transmitted before a previous one is acknowledged, there is no guarantee that prior command will be executed before the new one. Media Gateway Controllers that want to guarantee consistent operation of the Media Gateway may use the following rules. These rules are with respect to commands that are in different transactions. Commands that are in the same transaction are executed in order (see section 8). 1. When a Media Gateway handles several Terminations, commands pertaining to the different Terminations may be sent in parallel, for example following a model where each Termination (or group of Terminations) is controlled by its own process or its own thread. 2. On a Termination, there should normally be at most one outstanding command (Add or Modify or Move), unless the outstanding commands are in the same transaction. However, a Subtract command may be
ToP   noToC   RFC3015 - Page 67
      issued at any time.  In consequence, a Media Gateway may sometimes
      receive a Modify command that applies to a previously subtracted
      Termination.  Such commands should be ignored, and an error code
      should be returned.

   3. On a given Termination, there should normally be at most one
      outstanding Notify command at any time.

   4. In some cases, an implicitly or explicitly wildcarded Subtract
      command that applies to a group of Terminations may step in front
      of a pending Add command.  The Media Gateway Controller should
      individually delete all Terminations for which an Add command was
      pending at the time of the global Subtract command.  Also, new Add
      commands for Terminations named by the wild-carding (or implied in
      a Multiplex descriptor) should not be sent until the wild-carded
      Subtract command is acknowledged.

   5. AuditValue and AuditCapability are not subject to any sequencing.

   6. ServiceChange shall always be the first command sent by a MG as
      defined by the restart procedure. Any other command or response
      must be delivered after this ServiceChange command.

   These rules do not affect the command responder, which should always
   respond to commands.

9.2 Protection against Restart Avalanche

In the event that a large number of Media Gateways are powered on simultaneously and they were to all initiate a ServiceChange transaction, the Media Gateway Controller would very likely be swamped, leading to message losses and network congestion during the critical period of service restoration. In order to prevent such avalanches, the following behavior is suggested: 1. When a Media Gateway is powered on, it should initiate a restart timer to a random value, uniformly distributed between 0 and a maximum waiting delay (MWD). Care should be taken to avoid synchronicity of the random number generation between multiple Media Gateways that would use the same algorithm. 2. The Media Gateway should then wait for either the end of this timer or the detection of a local user activity, such as for example an off-hook transition on a residential Media Gateway. 3. When the timer elapses, or when an activity is detected, the Media Gateway should initiate the restart procedure.
ToP   noToC   RFC3015 - Page 68
   The restart procedure simply requires the MG to guarantee that the
   first message that the Media Gateway Controller sees from this MG is
   a ServiceChange message informing the Media Gateway Controller about
   the restart.

   Note - The value of MWD is a configuration parameter that depends on
   the type of the Media Gateway. The following reasoning may be used to
   determine the value of this delay on residential gateways.

   Media Gateway Controllers are typically dimensioned to handle the
   peak hour traffic load, during which, in average, 10% of the lines
   will be busy, placing calls whose average duration is typically 3
   minutes.  The processing of a call typically involves 5 to 6 Media
   Gateway Controller transactions between each Media Gateway and the
   Media Gateway Controller.  This simple calculation shows that the
   Media Gateway Controller is expected to handle 5 to 6 transactions
   for each Termination, every 30 minutes on average, or, to put it
   otherwise, about one transaction per Termination every 5 to 6 minutes
   on average.  This suggests that a reasonable value of MWD for a
   residential gateway would be 10 to 12 minutes.  In the absence of
   explicit configuration, residential gateways should adopt a value of
   600 seconds for MWD.

   The same reasoning suggests that the value of MWD should be much
   shorter for trunking gateways or for business gateways, because they
   handle a large number of Terminations, and also because the usage
   rate of these Terminations is much higher than 10% during the peak
   busy hour, a typical value being 60%.  These Terminations, during the
   peak hour, are this expected to contribute about one transaction per
   minute to the Media Gateway Controller load. A reasonable algorithm
   is to make the value of MWD per "trunk" Termination six times shorter
   than the MWD per residential gateway, and also inversely proportional
   to the number of Terminations that are being restarted. For example
   MWD should be set to 2.5 seconds for a gateway that handles a T1
   line, or to 60 milliseconds for a gateway that handles a T3 line.

10. SECURITY CONSIDERATIONS

This section covers security when using the protocol in an IP environment.

10.1 Protection of Protocol Connections

A security mechanism is clearly needed to prevent unauthorized entities from using the protocol defined in this document for setting up unauthorized calls or interfering with authorized calls. The security mechanism for the protocol when transported over IP networks is IPsec [RFC2401 to RFC2411].
ToP   noToC   RFC3015 - Page 69
   The AH header [RFC2402] affords data origin authentication,
   connectionless integrity and optional anti-replay protection of
   messages passed between the MG and the MGC. The ESP header [RFC2406]
   provides confidentiality of messages, if desired. For instance, the
   ESP encryption service should be requested if the session
   descriptions are used to carry session keys, as defined in SDP.

   Implementations of the protocol defined in this document employing
   the ESP header SHALL comply with section 5 of [RFC2406], which
   defines a minimum set of algorithms for integrity checking and
   encryption. Similarly, implementations employing the AH header SHALL
   comply with section 5 of [RFC2402], which defines a minimum set of
   algorithms for integrity checking using manual keys.

   Implementations SHOULD use IKE [RFC2409] to permit more robust keying
   options. Implementations employing IKE SHOULD support authentication
   with RSA signatures and RSA public key encryption.

10.2 Interim AH scheme

Implementation of IPsec requires that the AH or ESP header be inserted immediately after the IP header. This cannot be easily done at the application level. Therefore, this presents a deployment problem for the protocol defined in this document where the underlying network implementation does not support IPsec. As an interim solution, an optional AH header is defined within the H.248 protocol header. The header fields are exactly those of the SPI, SEQUENCE NUMBER and DATA fields as defined in [RFC2402]. The semantics of the header fields are the same as the "transport mode" of [RFC2402], except for the calculation of the Integrity Check value (ICV). In IPsec, the ICV is calculated over the entire IP packet including the IP header. This prevents spoofing of the IP addresses. To retain the same functionality, the ICV calculation should be performed across the entire transaction prepended by a synthesized IP header consisting of a 32 bit source IP address, a 32 bit destination address and a 16 bit UDP destination port encoded as 10 hex digits. When the interim AH mechanism is employed when TCP is the transport Layer, the UDP Port above becomes the TCP port, and all other operations are the same. Implementations of the H.248 protocol SHALL implement IPsec where the underlying operating system and the transport network supports IPsec. Implementations of the protocol using IPv4 SHALL implement the interim AH scheme. However, this interim scheme SHALL NOT be used when the underlying network layer supports IPsec. IPv6 implementations are assumed to support IPsec and SHALL NOT use the interim AH scheme.
ToP   noToC   RFC3015 - Page 70
   All implementations of the interim AH mechanism SHALL comply with
   section 5 of [RFC2402] which defines a minimum set of algorithms for
   integrity checking using manual keys.

   The interim AH interim scheme does not provide protection against
   eavesdropping; thus forbidding third parties from monitoring the
   connections set up by a given termination. Also, it does not provide
   protection against replay attacks.  These procedures do not
   necessarily protect against denial of service attacks by misbehaving
   MGs or misbehaving MGCs. However, they will provide an identification
   of these misbehaving entities, which should then be deprived of their
   authorization through maintenance procedures.

10.3 Protection of Media Connections

The protocol allows the MGC to provide MGs with "session keys" that can be used to encrypt the audio messages, protecting against eavesdropping. A specific problem of packet networks is "uncontrolled barge-in". This attack can be performed by directing media packets to the IP address and UDP port used by a connection. If no protection is implemented, the packets must be decompressed and the signals must be played on the "line side". A basic protection against this attack is to only accept packets from known sources, checking for example that the IP source address and UDP source port match the values announced in the Remote Descriptor. This has two inconveniences: it slows down connection establishment and it can be fooled by source spoofing: * To enable the address-based protection, the MGC must obtain the remote session description of the egress MG and pass it to the ingress MG. This requires at least one network roundtrip, and leaves us with a dilemma: either allow the call to proceed without waiting for the round trip to complete, and risk for example, "clipping" a remote announcement, or wait for the full roundtrip and settle for slower call-set-up procedures. * Source spoofing is only effective if the attacker can obtain valid pairs of source destination addresses and ports, for example by listening to a fraction of the traffic. To fight source spoofing, one could try to control all access points to the network. But this is in practice very hard to achieve.
ToP   noToC   RFC3015 - Page 71
   An alternative to checking the source address is to encrypt and
   authenticate the packets, using a secret key that is conveyed during
   the call set-up procedure. This will not slow down the call set-up,
   and provides strong protection against address spoofing.

11. MG-MGC CONTROL INTERFACE

The control association between MG and MGC is initiated at MG cold start, and announced by a ServiceChange message, but can be changed by subsequent events, such as failures or manual service events. While the protocol does not have an explicit mechanism to support multiple MGCs controlling a physical MG, it has been designed to support the multiple logical MG (within a single physical MG) that can be associated with different MGCs.

11.1 Multiple Virtual MGs

A physical Media Gateway may be partitioned into one or more Virtual MGs. A virtual MG consists of a set of statically partitioned physical Terminations and/or sets of ephemeral Terminations. A physical Termination is controlled by one MGC. The model does not require that other resources be statically allocated, just Terminations. The mechanism for allocating Terminations to virtual MGs is a management method outside the scope of the protocol. Each of the virtual MGs appears to the MGC as a complete MG client. A physical MG may have only one network interface, which must be shared across virtual MGs. In such a case, the packet/cell side Termination is shared. It should be noted however, that in use, such interfaces require an ephemeral instance of the Termination to be created per flow, and thus sharing the Termination is straightforward. This mechanism does lead to a complication, namely that the MG must always know which of its controlling MGCs should be notified if an event occurs on the interface. In normal operation, the Virtual MG will be instructed by the MGC to create network flows (if it is the originating side), or to expect flow requests (if it is the terminating side), and no confusion will arise. However, if an unexpected event occurs, the Virtual MG must know what to do with respect to the physical resources it is controlling. If recovering from the event requires manipulation of a physical interface's state, only one MGC should do so. These issues are resolved by allowing any of the MGCs to create EventsDescriptors to be notified of such events, but only one MGC can have read/write access to the physical interface properties; all other MGCs have
ToP   noToC   RFC3015 - Page 72
   read-only access.  The management mechanism is used to designate
   which MGC has read/write capability, and is designated the Master
   MGC.

   Each virtual MG has its own Root Termination.  In most cases the
   values for the properties of the Root Termination are independently
   settable by each MGC.  Where there can only be one value, the
   parameter is read-only to all but the Master MGC.

   ServiceChange may only be applied to a Termination or set of
   Terminations partitioned to the Virtual MG or created (in the case of
   ephemeral Terminations) by that Virtual MG.

11.2 Cold Start

A MG is pre-provisioned by a management mechanism outside the scope of this protocol with a Primary and (optionally) an ordered list of Secondary MGCs. Upon a cold start of the MG, it will issue a ServiceChange command with a "Restart" method, on the Root Termination to its primary MGC. If the MGC accepts the MG, it will send a Transaction Accept, with the ServiceChangeMgcId set to itself. If the MG receives an ServiceChangeMgcId not equal to the MGC it contacted, it sends a ServiceChange to the MGC specified in the ServiceChangeMgcId. It continues this process until it gets a controlling MGC to accept its registration, or it fails to get a reply. Upon failure to obtain a reply, either from the Primary MGC, or a designated successor, the MG tries its pre-provisioned Secondary MGCs, in order. If the MG is unable to establish a control relationship with any MGC, it shall wait a random amount of time as described in section 9.2 and then start contacting its primary, and if necessary, its secondary MGCs again. It is possible that the reply to a ServiceChange with Restart will be lost, and a command will be received by the MG prior to the receipt of the ServiceChange response. The MG shall issue error 505 - Command Received before Restart Response.

11.3 Negotiation of Protocol Version

The first ServiceChange command from an MG shall contain the version number of the protocol supported by the MG in the ServiceChangeVersion parameter. Upon receiving such a message, if the MGC supports only a lower version, then the MGC shall send a ServiceChangeReply with the lower version and thereafter all the messages between MG and MGC shall conform to the lower version of the protocol. If the MG is unable to comply and it has established
ToP   noToC   RFC3015 - Page 73
   a transport connection to the MGC, it should close that connection.
   In any event, it should reject all subsequent requests from the MGC
   with Error 406 Version Not supported.

   If the MGC supports a higher version than the MG but is able to
   support the lower version proposed by the MG, it shall send a
   ServiceChangeReply with the lower version and thereafter all the
   messages between MG and MGC shall conform to the lower version of the
   protocol. If the MGC is unable to comply, it shall reject the
   association, with Error 406 Version Not Supported.

   Protocol version negotiation may also occur at "handoff" and
   "failover" ServiceChanges.

   When extending the protocol with new versions, the following rules
   should be followed.

   1. Existing protocol elements, i.e., procedures, parameters,
      descriptor, property, values, should not be changed unless a
      protocol error needs to be corrected or it becomes necessary to
      change the operation of the service that is being supported by the
      protocol.

   2. The semantics of a command, a parameter, descriptor, property,
      value should not be changed.

   3. Established rules for formatting and encoding messages and
      parameters should not be modified.

   4. When information elements are found to be obsolete they can be
      marked as not used. However, the identifier for that information
      element will be marked as reserved. In that way it can not be used
      in future versions.

11.4 Failure of an MG

If a MG fails, but is capable of sending a message to the MGC, it sends a ServiceChange with an appropriate method (graceful or forced) and specifies the Root TerminationID. When it returns to service, it sends a ServiceChange with a "Restart" method. Allowing the MGC to send duplicate messages to both MGs accommodates pairs of MGs that are capable of redundant failover of one of the MGs. Only the Working MG shall accept or reject transactions. Upon failover, the Primary MG sends a ServiceChange command with a "Failover" method and a "MG Impending Failure" reason. The MGC then
ToP   noToC   RFC3015 - Page 74
   uses the secondary MG as the active MG.  When the error condition is
   repaired, the Working MG can send a "ServiceChange" with a "Restart"
   method.

11.5 Failure of an MGC

If the MG detects a failure of its controlling MGC, it attempts to contact the next MGC on its pre-provisioned list. It starts its attempts at the beginning (Primary MGC), unless that was the MGC that failed, in which case it starts at its first Secondary MGC. It sends a ServiceChange message with a "Failover" method and a " MGC Impending Failure" reason. In partial failure, or manual maintenance reasons, an MGC may wish to direct its controlled MGs to use a different MGC. To do so, it sends a ServiceChange method to the MG with a "HandOff" method, and its designated replacement in ServiceChangeMgcId. The MG should send a ServiceChange message with a "Handoff" method and a "MGC directed change" reason to the designated MGC. If it fails to get a reply, or fails to see an Audit command subsequently, it should behave as if its MGC failed, and start contacting secondary MGCs. If the MG is unable to establish a control relationship with any MGC, it shall wait a random amount of time as described in section 9.2 and then start contacting its primary, and if necessary, its secondary MGCs again. No recommendation is made on how the MGCs involved in the Handoff maintain state information; this is considered to be out of scope of this recommendation. The MGC and MG may take the following steps when Handoff occurs. When the MGC initiates a HandOff, the handover should be transparent to Operations on the Media Gateway. Transactions can be executed in any order, and could be in progress when the ServiceChange is executed. Accordingly, commands in progress continue, transaction replies are sent to the new MGC (after a new control association is established), and the MG should expect outstanding transaction replies from the new MGC. No new messages shall be sent to the new MGC until the control association is established. Repeated transaction requests shall be directed to the new MGC. The MG shall maintain state on all terminations and contexts. It is possible that the MGC could be implemented in such a way that a failed MGC is replaced by a working MGC where the identity of the new MGC is the same as the failed one. In such a case, ServiceChangeMgcId would be specified with the previous value and the MG shall behave as if the value was changed, and send a ServiceChange message, as above.
ToP   noToC   RFC3015 - Page 75
   Pairs of MGCs that are capable of redundant failover can notify the
   controlled MGs of the failover by the above mechanism.



(page 75 continued on part 4)

Next Section