Add to collection(s) Add to saved
  1. No category
Uploaded by Nicos Stelikos

LTRCOL-2310

Deploying Enterprise
SIP Trunks with CUBE
and Unified CM
Hussain Ali, CCIE# 38068 (Voice, Collaboration)
Technical Marketing Engineer
Dilip Singh, CCIE# 16545 (Collaboration)
Technical Leader
LTRCOL-2310
Cisco Spark
Questions?
Use Cisco Spark to chat with the
speaker after the session
How
1.
Find this session in the Cisco Live Mobile App
2.
Click “Join the Discussion”
3.
Install Spark or go directly to the space
4.
Enter messages/questions in the space
Cisco Spark spaces will be
available until July 3, 2017.
cs.co/ciscolivebot#LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
•
SIP Trunking and CUBE Overview
•
SIP Trunking Design & Deployment Models
•
CUBE Architecture (Physical & Virtual)
•
Transitioning to SIP Trunking using CUBE
•
Advanced features on CUBE
•
CUBE Management & Troubleshooting
•
Futures & Key Takeaways
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
CUBE Overview
SIP Trunking Overcomes TDM Barriers
•
Improves Efficiency of interconnection between networks
•
•
Simplifies PSTN interconnection with IP end-to-end
Enables rich media services to employees, customers, partners
•
Carries converged voice, video and data traffic
Service Provider
TDM Trunking
Enterprise 1
Enterprise 2
A
IP
IP
TDM
A
TDM
Rich Media
Rich Media
SIP Trunking
Enterprise 2
Enterprise 1
SIP SP
IP
CUBECUBE
CUBE
SIP
IP
SIP
Rich Media
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
Why does an enterprise need an SBC ?
Enterprise 1
SIP
IP
IP
Enterprise 2
SIP
IP
CUBE
CUBE
Rich Media (Real time Voice, Video, Screenshare etc.. ) Rich Media
SESSION
CONTROL
SECURITY
INTERWORKING
DEMARCATION
Call Admissions
Control
Trunk Routing
Ensuring QoS
Statistics and Billing
Redundancy/
Scalability
Encryption
Authentication
Registration
SIP Protection
Voice Policy
Firewall Placement
Toll Fraud
SIP - SIP
H.323 - SIP
SIP Normalization
DTMF Interworking
Transcoding
Codec Filtering
Fault Isolation
Topology Hiding
Network Borders
L5/L7 Protocol
Demarcation
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
7
Cisco Unified Border Element – Router Integration
An Integrated Network Infrastructure Service
CUBE and
SRST
collocated:
Cisco Unified Border Element
SCCP SRST
on ISR G2
w/CUBE is
supported
 DTMF interworking
SIP SRST on
ISR G2
w/CUBE is not
supported
Any SRST on
ISR 4K with
CUBE
collocated is
not supported
TDM Gateway
 Address Hiding
PSTN Backup
 H.323 and SIP interworking
 SIP security
Voice Policy
 Transcoding
CUBE
Note: An SBC appliance would
have only these features
IP Routing &
MPLS
WAN & LAN
Physical
Interfaces
SRST
Note: Some features/components may require additional licensing
VXML
Unified CM
Conferencing and
Transcoding
FW, IPS,
QoS
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
8
Primary CUBE Differentiators
•
SBC integrated in the Router
•
•
•
Broadest Scale of price performance
•
•
•
Simplifies transition strategy from TDM to IP PSTN
Voice Policy
•
•
•
Enables Flexible Deployment Models – Centralized or Distributed
Allows optimal platform sizing for different size customers
Integrated SBC and TDM Gateway
•
•
Leverages installed base and knowledge base
Enables Flexible Deployment Models – Centralized or Distributed
TDOS is a major security issue .
White List / Black List is static and inadequate
Integration with CTG Solutions
•
•
•
CUCM recording solutions
CVP call center solutions
Expressway integration based on Use Cases
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
9
CUBE (Enterprise) Product Portfolio
50-150
ASR 1004/6 RP2
Introducing CUBE on
CSR
vCUBE [Performance
50-100
ASR 1002-X
ASR 1001-X
ISR 4451-X
dependent on vCPU and
memory]
CPS
20-35
ISR 4431
3900E Series ISR-G2
(3925E, 3945E)
ISR 4351
17
3900 Series ISR-G2 (3925, 3945)
ISR-4K (4321, 4331)
8-12
2900 Series
ISR-G2 (2901, 2911, 2921, 2951)
Note: SM-X-PVDM module
supported on XE3.16 or
later for ISR 4K platforms
<5
800 ISR
4
<50
500-600
900-1000
2000-2500
4000
4500-6000
7000-10,000
12K-14K
14-16K
Active Concurrent Voice Calls Capacity
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
10
For Your
Reference
CUBE Session Capacity Summary
Platform
CUBE SIP-SIP Sessions (Audio)
NanoCUBE (8XX and SPIAD Platforms)
2901 – 4321
2911 – 2921
15 - 120
100
200 – 400
4331
2951
3925 – 3945
4351
3925E – 3945E
4431
4451
ASR1001-X
ASR1002-X
ASR1004/1006 RP2
500
600
800 – 950
1000
2100 – 2500
3000
6000
12000
14000
16000
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
11
Introducing IOS-XE Release 16
• New OS from the platform team with the intent of consolidating OS’ on different
product portfolio
• UX will be the same as IOS-XE, no difference to end user
• IOS-XE Release 16.3.1 support for UC (CUBE, CME, SRST)
 Impacts XE based (ASR1K, ISR4K, and vCUBE) platforms
 There will be no CUBE 11.5.1 for the XE based platforms [ASR1K, ISR4K,
vCUBE]. CUBE 11.5.2 (July 2016 release) will have newer and March 2016
features for the XE based platforms introduced in IOS-XE release 16.3.1
 IOS-XE 16 requires a minimum of ASR1001-X, 1002-X, 1004/1006 RP2,
ESP20 (Embedded Service Processor, SIP40 (SPA Interface processor)
 It will include all features up to and including IOS-XE 3.17 as well
• Due to new hardware requirements, customers will have the following migrations
options as IOS-XE 3.17 rebuilds will stop by June 2017
 Replace unsupported ASR1K hardware and upgrade to IOS-XE 16.3.1 or later
and continue to enjoy new feature set/support for any issues
 Drop using new feature set and move back to IOS-XE3.16 long maintenance
release for longer support
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
12
CUBE Software Release Mapping
ISR G2
ASR 1K / ISR-4K/vCUBE (CSR)
IOS XE Release
3.16
15.5(3)S
3.17
15.6(1)S
CUBE Vers.
2900/ 3900
FCS
CUBE Vers.
FCS
11.1.0
11.5.0
CUBE
Vers.
15.5(3)M
15.6(1)T
July 2015
Nov 2015
2900/ 3900
FCS
11.1.0
11.5.0
CUBE
Vers.
IOS XE Release 16 2
FCS
11.5.14
15.6(2)T14
Mar 2016
N/A 3
16.2.13
Mar 2016
11.5.2
15.6(3)M1
Dec 2016
11.5.23
16.3.2/16.4.13
Nov 2016
EOL
EOL
EOL
11.6.0
16.5.1
Mar 2017
July 2015
Nov 2015
2
IOS-XE 16 requires a minimum of ASR1001-X, 1002-X, 1004/1006 RP2, ESP20 (Embedded Service Processor, SIP40 (SPA Interface
processor)
3 IOS-XE
release 16.2.1 does not support CUBE functionality on the platforms. There is no CUBE version 11.5.1 for the XE based
platforms. All CUBE features from 11.5.0 (IOS-XE 3.17) and earlier versions along with CUBE 11.5.1 (March 2016 release) on ISR G2
are included in CUBE release 11.5.2 for the IOS-XE based platforms, IOS-XE release 16.3.1 [July 2016 release]
4 IOS
15.6(2)T will show CUBE Release version to be 12.0.0 but due to DDTS# CSCuz43735, rebuilds for this release train will align
to CUBE release 11.5.1, that is 15.6(2)T1/T2/T3/T4 and so on will be CUBE version 11.5.1
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
13
CUBE Software Release Mapping – Earlier Releases
CUBE Vers.
2900/ 3900
FCS
CUBE Ent
ASR Parity
with ISR
8.5
15.1(2)T
July 2010
<50%
1.4
3.2
15.1(1)S
Nov 2010
8.6
15.1(3)T
Nov 2010
<50%
1.4.1
3.3
15.1(2)S
March 2011
8.7
15.1(4)M
April 2011
~50%
1.4.2
3.4
15.1(3)S
July 2011
8.8
15.2(1)T
July 2011
~70%
1.4.3
3.5
15.2(1)S
Nov 2011
8.9
15.2(2)T
Nov 2011
>80%
1.4.4
3.6
15.2(2)S
Mar 2012
Mar 2012
>85%
9.0
3.7
15.2(4)S
July 2012
9.0.1
3.8
15.3(1)S
Oct 2012
9.0.2
3.9
15.3(2)S
Mar 2013
ISR G2
9.0
15.2(3)T/
15.2(4)M
ASR 1K Series
CUBE Vers.
IOS XE Release
FCS
9.0.1
15.3(1)T
Oct 2012
9.0.2
15.3(2)T
Mar 2013
>95%
>95%
9.5.1
15.3(3)M1
Oct 2013
>95%
9.5.1
3.10.1
15.3(3)S1
Oct 2013
10.0.0
15.4(1)T
Nov 2013
10.0.0
3.11
15.4(1)S
Nov 2013
10.0.1
15.4(2)T
Mar 2014
>95%
>95%
10.0.1
3.12
15.4(2)S
Mar 2014
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
14
CUBE Software Release Mapping – Earlier Releases
ISR G2
CUBE
Vers.
2900/ 3900
FCS
10.0.2
15.4(3)M
July 2014
10.5.0
15.5(1)T
Nov 2014
11.0.0
15.5(2)T
Mar 2015
CUBE Ent
ASR Parity
with ISR
>95%
>95%
>95%
ASR 1K / ISR-4K Series
CUBE
Vers.
IOS XE Release
10.0.2
3.13
15.4(3)S
July 2014
10.5.0
3.14
15.5(1)S
Nov 2014
11.0.0
3.15
15.5(2)S
Mar 2015
LTRCOL-2310
FCS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
15
CUBE Interoperability
•
•
•
Validated with Service
Providers World-Wide
Independently Tested
with 3-Party PBXs in
tekVizion Labs
Standards based
Verified by
Proven Interoperability and Interworking with
Service Providers Worldwide
Cisco Interoperability Portal:
www.cisco.com/go/interoperability
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
16
Cisco Unified Border Element
Leverage all the advantages Cisco can offer
INTEROPERABILITY
MIGRATE WITH EXISTING EQUIPMENT
 Network devices are multipurpose
 Tested with PBX’s
 Equipment inventory is simplified
 Validated with Service
Providers
 Leverage existing training
 Migration to SIP is phased
END TO END SUPPORT
CUBE
ADVANTAGE
 Standards Based
STATE OF THE ART
TECHNOLOGY
 Safe, Trusted, Reliable
 Largest R&D spending
 Familiar interfaces and
management
 Revolutionary Platforms (ISR G2,
UCS)
 Portfolio breadth
 Broadest depth of protocols: SIP
plus more
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
17
CUBE Licensing
CUBE ISR(G2/4K), ASR and CSR Licensing
Platform
Redundancy Licenses
( 1 SKU for Active/Standby Pair)
Single-Use Licenses
Cisco 881, 886, 887, 888, 892F, SPIAD
FL-NANOCUBE
N/A
ISR G2 (2901, 2911, 2921, 2951, 3925, 3945,
3925E, 3945E)
FL-CUBEE-5
FL-CUBEE-25
FL-CUBEE-100
FL-CUBEE-5-RED
FL-CUBEE-25-RED
FL-CUBEE-100-RED
FL-CUBEE-5
FL-CUBEE-25
FL-CUBEE-100
FL-CUBEE-5-RED
FL-CUBEE-25-RED
FL-CUBEE-100-RED
Cisco ASR1001-X, 1002-X, 1004 RP2, 1006 RP2
FLASR1-CUBEE-100P
FLASR1-CUBEE-4KP
FLASR1-CUBEE-16KP
FLASR1-CUBEE-100R
FLASR1-CUBEE-4K-R
FLASR1-CUBEE-16KR
vCUBE (CUBE on CSR 1000v)
APPX Package (No TLS/SRTP) or
AX (All vCUBE features) CSR licensing package
Same SKUs as ASR1K series
Same SKUs as ASR1K series
ISR-4K (4321, 4331, 4351, 4431, 4451)
For Your
Reference
http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-borderelement/order_guide_c07_462222.html
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
19
CUBE Licensing FAQs
•
What is a CUBE license?

•
CUBE is part of the UCK9 package on Cisco Routing platforms and is a Right-to-Use (RTU) license. There is no
licensing file to install to use the CUBE feature set. It is a paper/trust-based license on top of the Unified
Communications (UCK9) feature set that is enabled as discussed below.
How to enable UCK9 (SRST, CME, CUBE, GW, etc) feature set of which CUBE is a
part of?

General information on IOS Software Activation (licensing) can be found here .
1.
2.
3.
4.
5.
6.
•
Are CUBE licenses incremental?

•
For ISR G2s/4K series, install the UCK9 package license to access all the voice features including CUBE. For SIP TLS/SRTP, SEC-K9
license is also required.
For ASR1K series, Advanced IP Services or Advanced Enterprise Services package/image needs to be installed for CUBE
For vCUBE (CUBE on CSR 1000v), APPX (no TLS/SRTP) or AX (ALL vCUBE features) package license needs to be installed to access
the CUBE feature set and upgrade from the default throughput of 100 kbps
For 8XX series, Advanced IP services or higher is needed to access the NanoCUBE feature set
Once the platform is ready, CUBE license needs to be purchased to start using the feature set
The RED SKUs require a separate SMARTNET and do not need any additional Single-Use case SKUs
Yes, CUBE licenses can be added together to provide an aggregate session count. This way, a customer can start with
a smaller numbers of sessions and grow their system over time as call volume increases. E.g. a customer may buy a
FL-CUBEE-5 license to start with allowing a total of 5 sessions, and later add 2 more FL-CUBE-5 licenses for a total of
15 sessions.
Is CUBE Licensing Enforced?

No, CUBE is a paper-based honor license (no file to install) that allows to run the CUBE RTU (Right-to-Use) feature
set once you have the UCK9 license installed. More info on ordering here.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
20
CUBE Licensing FAQs – Cont’d
•
What constitutes as a session?

•
Does a call recording solution require additional licensing?

•
No, Sessions created between CUBE and the Call Recording server such as MediaSense® do not require
additional licenses and are not counted against the CUBE licensing limit. However, keep in mind the platform
capacity numbers.
Can a customer migrate from a Single-Use to a RED license?

•
A session is a single audio or a video call across the CUBE, regardless of call legs. Some vendors consider one
call as two sessions.
No, Currently there are no migration SKUs, that is, if the customer previously purchased a Single-Use license, it
cannot be converted into a RED license in future. For further assistance, please reach out to the CUBE team.
Can standalone CUBE Licenses be transferred?



No, CUBE licensing is not transferable between chassis at this time.
FL-CUBEE-XX licenses can be bought for any ISR G2 platform, but cannot be transferred between platforms.
FL-CUBEE-XX licenses are only for ISR G2 (i.e. you buy FL-CUBEE-5, it applies to a single ISR G2 that you buy
it for, which could be a 2901, 2911, 3925, etc., but only a single platform.)
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
21
Customer Deployment Scenario 1
Two active CUBEs, no redundancy (i.e.
NO call preservation on failure of box), no
load balancing
Expecting 100 sessions across each
Location
•
Licensing requirement : Two FL-CUBEE100
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
22
Customer Deployment Scenario 2
Geographic Redundancy - Two active CUBEs,
NO call preservation on failure of box BUT load
balancing
• Expecting 100 sessions across each Location,
and in case of one Location failing, expecting
newer 100 calls to failover to the other Location
• Licensing requirement : Two FL-CUBEE-100-RED
• No additional Single-Use SKUs are required
• If a box fails in this scenario, the calls on it are
lost . The load balancing algorithm ensures the
next call is sent to the non-failed site
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
23
Customer Deployment Scenario 3
Layer 2 Box-to-Box Redundancy with
Call Preservation
Expecting 100 sessions across an active CUBE
in a CUBE HA pair as shown here
•
•
Licensing requirement : One FL-CUBEE100-RED for the pair
Separate single use case licenses are not
required
What if the standby CUBE was at a different
Location
•
Layer 2 Box-to-Box redundancy is not
supported across geographical data centers.
Typically, it is two boxes in the same rack
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
24
Customer Deployment Scenario 4
Box-to-Box and Redundancy (call preservation on failure within location) and load
balancing/redundancy across locations
Expecting 100 sessions per Location
•
Licensing requirement : Two FL-CUBEE-100-RED, one per Active/Standby pair. In total you will have 200-RED only and no additional
Single-use case SKUs are required.
Scenarios Covered
•
•
If R1 or R3 went down, R2 or R4 respectively will take over
If Location 1 (both R1 and R2) becomes unavailable, RED license allows newer calls to flow to Location 2. RED license
allows transfer not only within one redundant pair from Active to Standby, allowing call preservation, but also from one pair
to the other, that is from one Data Center to the other for new calls. In that case, Location 2 will handle 200 sessions. This
is called Dual Redundancy
Stateful
Preservation
Stateful
Preservation
Geographic Redundancy
Newer Calls
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
25
Customer Deployment Scenario 5
In-box Hardware and Software Redundancy
• Licensing requirement : RED license is not required here, regular SingleUse CUBE license covers all In-box Redundancies
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
26
Agenda
•
SIP Trunking and CUBE Overview
•
SIP Trunking Design & Deployment Models
•
CUBE Architecture (Physical & Virtual)
•
Transitioning to SIP Trunking using CUBE
•
Advanced features on CUBE
•
CUBE Management & Troubleshooting
•
Futures & Key Takeaways
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
SIP Trunking Design
and Deployment
Models
Cisco Session Management & CUBE
Essential Elements for Collaboration
•
CUBE provides session border control
between IP networks
•
Demarcation
• Interworking
• Session control
• Security
•
Cisco SME centralizes
network control
•
Centralizes dial plan
• Centralized applications
• Aggregates PBXs
SIP TRUNK TO CUBE
CUBE
Mobile
Cisco B2B
Cisco Session
Management
IM, Presence,
Voicemail
Video
3rd Party IP
PBX
LTRCOL-2310
TDM PBX
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
29
CUBE/vCUBE Deployment Scenarios
TDM (Not available in vCUBE)
SIP Trunks
for PSTN
Access
SIP
SIP Trunk
H.323
SBC
SP VOIP
Services
CUBE
Standby
Networkbased
Media
Recording
Solution
Partner API
MediaSense
Extending to Video and
High Availability for Audio Calls
CUBE
SIP
SIP
RTP
RTP
CUBE
SBC
SP IP
Network
SBC
SP IP
Network
Active
IVR
Integration
for Contact
Centers
Business to
Business
Telepresence
CVP
vXML Server
Media
Server
SIP
CUBE
SIP
CUBE
SBC
SIP
SP IP
Network
LTRCOL-2310
CUBE
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
30
NanoCUBE Deployment Scenarios
Service Provider
Call Control
NanoCUBE
Hosted
Service
Small
Business
SIP Trunking
Small
Business
CPE
NANOCUBE
8xx
SIP
NANO
-CUBE
SIP
SIP
IAD
8xx
CUBE
CUCM
SIP
SIP
PRI
TDM PBX
IP PBX
Enterprise
Hosted Service
Small Business
SIP Trunking
Small Business
LTRCOL-2310
PRI To SIP
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
31
The Centralized Model
Characteristics of Centralized
Operational Benefits
• Central Site is the only location with
SIP session connectivity to IP PSTN
• Centralizes Physical
Operations
• Voice services delivered to Branch
Offices over the Enterprise IP WAN
(usually MPLS)
• Centralizes Dial-Peer
Management
• Media traffic hairpins through
central site between SP and
branches
• Centralizes SIP Trunk
Capacity
Challenges
• Increased campus bandwidth, CAC,
latency; media optimization
• HA in campus
• Survivability at branch (PSTN
connection at the branch)
• Emergency services
• Legal/Regulatory
Centralized
IP PSTN
Enterprise
IP WAN
CUBE
Site-SP Media
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
32
The Distributed Model
Characteristics of Distributed
Operational Benefits
Challenges
• Each site has direct connection
for SIP sessions to SP
• Leverages existing branch
routers
• Distributed dial-peer
management
• Takes advantage of SP session
pooling, if offered by SP
• No media hair-pinning thru any
site
• Distributed operational overhead
• Media traffic goes direct from
each branch site to the SP
• Lower latency on voice or video
• IP addressing to Service Provider
from branch
• Built-in Redundancy strategy
Distributed
• Quickest transition from
IP PSTN
existing
TDM
Enterprise
IP WAN
CUBE
CUBE
CUBE
CUBE
LTRCOL-2310
CUBE
Site-SP Media
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
33
And the Hybrid Model
Characteristics of Hybrid
Benefits
• Connection to SP SIP service is determined on a site by
site basis to be either direct or routed through a regional
site.
• Decision to route call direct or indirect based on various
criteria
• Adaptable to site specific requirements
• Optimizes BW use on Enterprise WAN
• Adaptable to regional SP issues
• Built-in redundancy strategy
• Media traffic goes direct from site to SP or hairpins
through another site, depending on branch configuration.
Hybrid
IP PSTN
Enterprise
IP WAN
CUBE
CUBE
CUBE
CUBE
CUBE
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
34
WEBEX CCA Solution using CUBE Enterprise
Requirements
WEBEX
Quad
CUBE
Replacement for TDM audio connection to WEBEX with
VOIP using SIP signaling.
•
High capacity SIP media connectivity for WEBEX cloud ,
including telepresence integration.
How
A
Enterprise
IP WAN
(MPLS)
CUBE
•
•
CUBE Reduces SIP protocol “chatter” between CUCM and
WEBEX cloud thru normalization.
•
CUBE allows SIP sessions from ALL enterprise sites to
WEBEX to avoid “hairpin” media flows.
•
CUBE support on ASR provides high performance for
signaling and media transport of WEBEX.
Headquarters
CUBE
CUBE
CUBE
Benefit
•
Branch
Office
Branch
Office
Branch
Office
Best possible WEB conference experience for Enterprise
users, with most efficient network usage.
Future Capabilities
•
Integration with WEBEX One Touch for improved
telepresence session set up (i.e. one touch)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
In-Depth Explanation of SIP Deployment Models
New White Paper will be posted by the end of January at the following URL:
www.cisco.com/go/cube
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
36
Agenda
•
SIP Trunking and CUBE Overview
•
SIP Trunking Design & Deployment Models
•
CUBE Architecture (Physical & Virtual)
•
Transitioning to SIP Trunking using CUBE
•
Advanced features on CUBE
•
CUBE Management & Troubleshooting
•
Futures & Key Takeaways
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
CUBE Call Flow
CUBE Call Processing



Provides full inspection of signaling, and
protection against malformed and malicious
packets
Media Flow-Through
 Signaling and media terminated by the Cisco
Unified Border Element
 Transcoding and complete IP address hiding
require this model
Media is handled in two different modes:



IP
SIP B2B User Agent
Signaling is terminated, interpreted and
re-originated


CUBE
Actively involved in the call treatment,
signaling and media streams
CUBE
Media Flow-Through
Media Flow-Around
Digital Signal Processors (DSPs) are only
required for transcoding (calls with
dissimilar codecs)
IP
Media Flow-Around
 Only Signaling is terminated by CUBE
 Media bypasses the Cisco Unified Border
Element
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
39
Cisco Unified Border Element Basic Call Flow
Originating
Endpoint 1000
voice service voip
mode border-element
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
Incoming VoIP Call
Outgoing VoIP Call
Terminating
Endpoint –
2000
CUBE
dial-peer voice 1 voip
incoming called-number 2000
session protocol sipv2
session target ipv4:1.1.1.1
codec g711ulaw
dial-peer voice 2 voip
destination-pattern 2000
session protocol sipv2
session target ipv4:2.2.2.2
codec g711ulaw
1.
Incoming VoIP setup message from originating endpoint
2.
This matches inbound VoIP dial peer 1 for characteristics such as codec, VAD,
DTMF method, protocol, etc.
3.
Match the called number to outbound VoIP dial peer 2
4.
Outgoing VoIP setup message
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
40
Understanding the Call flow
Incoming VoIP Call Leg
Matches an Incoming Dial-peer
1000
1.1.1.1
VRF1 – 10.10.10.10
INVITE /w SDP
c= 1.1.1.1
m=audio abc RTP/AVP 0
Outgoing VoIP Call Leg
Matches an Outbound Dial-peer
CUBE
20.20.20.20 – VRF2
INVITE /w SDP
2000
2.2.2.2
c= 20.20.20.20
m=audio xxx RTP/AVP 0
100 TRYING
100 TRYING
180 RINGING
180 RINGING
200 OK
200 OK
c= 10.10.10.10
m=audio xyz RTP/AVP 0
c= 2.2.2.2
m=audio uvw RTP/AVP 0
ACK
ACK
1.1.1.1
BYE
200 OK
RTP (Audio)
10.10.10.10
20.20.20.20
2.2.2.2
BYE
200 OK
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
41
Basic Show Commands for Active Calls
CUBE# show call active voice brief
121A : 17 13:02:24.215 IST Mon Jun 27 2011.1 +2040 pid:1 Answer 1000 active
dur 00:00:14 tx:0/0 rx:0/0
IP 1.1.1.1:6000 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a
VRF:VRF1
121A : 18 13:02:24.225 IST Mon Jun 27 2011.1 +2020 pid:2 Originate 2000 active
dur 00:00:14 tx:0/0 rx:0/0
IP 2.2.2.2:6001 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a
VRF:VRF2
Telephony call-legs: 0
SIP call-legs: 2
H323 call-legs: 0
Call agent controlled call-legs: 0
SCCP call-legs: 0
Multicast call-legs: 0
Total call-legs: 2
CUBE# show voip rtp connections
VoIP RTP active connections :
No. CallId
dstCallId LocalRTP
1
17
18
17474
2
18
17
17476
RmtRTP
6000
6001
LocalIP
10.10.10.10
20.20.20.20
RemoteIP
1.1.1.1
2.2.2.2
MPSS
NO
NO
VRF
VRF1
VRF2
Found 2 active RTP connections
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
42
CUBE Architecture
ISR G2 vs ASR1K vs ISR 4K vs
vCUBE (CUBE on CSR)
ASR/ISR-4K & ISR-G2 Architecture Comparison
ASR/ISR-4K (IOS-XE) Architecture
ISR G2 Architecture
CPU
Kernel
Msg I/f
I/O
Control
Plane
IOS-XE
IOS-XE
Signaling
IOS
Control Plane
Signaling
RP
ESP
I/O
I/O
Data Plane
I/O

ISR: Pkt fwd’ing and signaling are handled by the
same CPU

ASR: Pkt fwd’ing and signaling are handled by
different CPUs
‒
ESP must be programmed or instructed by the
control plane to do specific media functions
‒
Performed by Forwarding Plane Interface (FPI)
Data (Forwarding) Plane
Media
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
44
Introducing vCUBE (CUBE on CSR 1000v)
Architecture
•
CSR (Cloud Services Router) 1000v runs on a Hypervisor – IOS
XE without the router
ESXi Container
ESP (data plane)
RP (control plane)
IOS-XE
Chassis Mgr.
Forwarding Mgr.
Chassis Mgr.
QFP Client
/ Driver
CUBE signaling
FFP code
Forwarding Mgr.
CUBE media processing
Kernel (incl. utilities)
Virtual CPU
Memory
Flash / Disk
Console
Mgmt ENET
Ethernet NICs
CSR 1000v (virtual IOS-XE)
Hypervisor
X86 Multi-Core CPU
Memory Banks
vSwitch NIC
Hardware
GE
LTRCOL-2310
…
GE
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
45
Introducing vCUBE (CUBE on CSR 1000v) –
Cont’d
•
CSR1000v is a virtual machine, running on x86 server (no specialized hardware) with
physical resources are managed by hypervisor and shared among VMs
•
Requires APPX (No TLS/SRTP) or AX (All vCUBE features) CSR licensing package to
access voice CLI and increase throughput from 100 kbps default. CUBE Licensing
follows ASR1K SKUs and still trust based
•
No DSP based features (transcoding/inband-RFC2833 DTMF/ASP/NR) available
•
vMotion for vCUBE not supported today
•
vCUBE Tested Reference Configurations [UCS base-M2-C460, C220-M3S, ESXi 5.1.0
& 5.5.0]. ESXi 6.0 supported with IOS-XE 16.3.1 or later
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
vCUBE Considerations
•
Explicit subscription of CPU and memory reservation is required which the OVA
for CSR1000V provides
•
Disable Hyperthreading
•
“vCUBE media performance depends on the underlying VM platform consistently
providing packet switching latency of less than 5ms. Given the platform resource
requirements and latency requirements are met, latency and jitter values observed
on a vCUBE would the same as the values obtained on a CUBE running on a
hardware platform, with a recommended hardware configuration and identical
software configuration, under the same network conditions.”
•
2 network interface required at the very minimum
•
Specs based hardware supported but performance benchmarked for Cisco UCS B
and C series only
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
47
ASR, CSR & ISR-G2/4K Feature Comparison
General Platform Features
ASR1K
ISR-G2
4300/4400 (XE3.13.1)
vCUBE (XE3.15+)
High Availability Implementation
Redundancy-Group
Infrastructure
HSRP Based
Redundancy-Group
Infrastructure
Redundancy-Group
Infrastructure
TDM Trunk Failover/Coexistence
Not Available
Exists
Exists
Not Available
Media Forking
XE3.8
15.2.1T
XE3.10
Exists
Software MTP registered to
CUCM (Including HA Support)
XE3.6
Exists
Exists
Exists
DSP Card
SPA-DSP
PVDM3
PVDM4/SM-X-PVDM
Not Available
Transcoder registered to CUCM
Not Available
Exists via SCCP
Exists via SCCP (XE3.11)
Not Available
Transcoder Implementation
Local Transcoder Interface
(LTI)
SCCP or
LTI (starting IOS 15.2.3T)
SCCP and LTI
SCCP based on a separate
platform, CUCM controlled
Embedded Packet Capture
Exists
Exists
Exists
Exists
Web-based UC API
XE3.8
15.2.2T
Exists
Exists
Noise Reduction & ASP
Exists
15.2.3T
Exists
Not Available
Call Progress Analysis
XE3.9
15.3.2T
Exists
Not Available
Standalone CME/SRST feature
set, not collocated with CUBE
Not Available
Exists
XE3.11
Not Available
SRTP-RTP Call flows
Exists (NO DSPs needed)
Exists (DSPs required)
Exists (NO DSPs needed)
Exists (No DSPs needed)
VXML GW
Not Available
Exists
Not Available
Not Available
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
48
vCUBE
Installation using
OVA
vCUBE – CSR1000v Installation with OVA
•
Download CSR1000v OVA from cisco.com
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
50
vCUBE – Download XE3.15 or later image
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
51
vCUBE – Deploy OVA
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
52
vCUBE – Installation Cont’d
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
53
vCUBE – Installation Cont’d
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
54
vCUBE – Choose Form factor
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
55
vCUBE Installation Cont’d
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
56
vCUBE – Assign LAN, WAN, and VM Network
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
57
vCUBE Installation Cont’d
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
58
vCUBE Installation – Edit Settings to add Serial Port
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
59
vCUBE Installation – Edit Settings to add Serial Port
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
60
Serial Port – Connect via Network
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
61
Serial Port – Define URL
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
62
Serial Port – Verify Settings
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
63
vCUBE Installation – Power On VM
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
64
Install process takes some time
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
65
Install process takes some time
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
vCUBE – Initial Configuration
•
Assign IP to VM Network Interface, Gig3 below, and enable console access with
“platform console serial” CLI, and set enable password
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
67
vCUBE – Initial Configuration – Telnet into Router
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
68
Initial Configuration – Copy License File to Flash:
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
69
Initial Configuration – Install License File
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
70
Initial Configuration – Verify New Throughput Level
and boot CSR to the correct package
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
71
vCUBE Initial Setup – Voice CLI is now accessible
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
72
Agenda
•
SIP Trunking and CUBE Overview
•
SIP Trunking Design & Deployment Models
•
CUBE Architecture (Physical & Virtual)
•
Transitioning to SIP Trunking using CUBE
•
Advanced features on CUBE
•
CUBE Management & Troubleshooting
•
Futures & Key Takeaways
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Transitioning to Centralized SIP Trunking...
Re-purpose your existing Cisco voice gateway’s as Session Border Controllers
BEFORE
SIP/H323/MGCP
AFTER
Media
SIP Trunks
Media
Standby
Enterprise Campus
A
CUBE
A
High-density Dedicated
Gateways
IP PSTN
Active
CUBE
MPLS
MPLS
CUBE with High
Availability
PSTN is now
used only for
emergency
calls over FXO
lines
SRST
SRST
CME
CME
TDM PBX
Enterprise
Branch Offices
Enterprise
Branch Offices
LTRCOL-2310
TDM PBX
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
74
Steps to transitioning...
SIP Trunk
Media
Standby
A
• Step 1 – Configure IP PBX to route
all calls (HQ and branch offices) to
the edge SBC
CUBE
IP PSTN
Active
• Step 2 – Get SIP Trunk details from
the provider
CUBE
Enterprise
Campus
CUBE with High
Availability
• Step 3 – Enable CUBE application
on Cisco routers
MPLS
PSTN is now
used only for
emergency
calls over FXO
lines
SRST
CME
TDM PBX
Enterprise Branch
Offices
• Step 4 – Configure call routing on
CUBE (Incoming & Outgoing dialpeers)
• Step 5 – Normalize SIP messages
to meet SIP Trunk provider’s
requirements
• Step 6 – Execute the test plan
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
75
Step 1: Configure CUCM to route calls to the edge SBC
SIP Trunk Pointing to CUBE
Standby
A
CUBE
Active
IP PSTN
CUBE
Enterprise
Campus
CUBE with High
Availability
MPLS
• Configure CUCM to route all
is now
PSTN calls (central and branch) PSTN
used only for
to CUBE via a SIP trunk
emergency
SRST
calls over
FXO lines
of
• Make sure all different patterns
calls – local, long distance,
CME
international, emergency,
informational etc.. are pointing
TDM to
PBX
Enterprise
CUBE
Branch Offices
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
76
Step 2: Get details from SIP Trunk provider
Item
SIP Trunk service provider requirement
Sample Response
1
SIP Trunk IP Address (Destination IP Address for INVITES)
66.77.37.2 or DNS
2
SIP Trunk Port number (Destination port number for INVITES)
5060
3
SIP Trunk Transport Layer (UDP or TCP)
UDP
4
Codecs supported
G711, G729
5
Fax protocol support
T.38
6
DTMF signaling mechanism
RFC2833
7
Does the provider require SDP information in initial INVITE (Early offer
required)
Yes
8
SBC’s external IP address that is required for the SP to
accept/authenticate calls (Source IP Address for INVITES)
128.107.214.195
9
Does SP require SIP Trunk registration for each DID? If yes, what is the
username & password
No
10
Does SP require Digest Authentication? If yes, what is the username &
password
No
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Step 3: Enable CUBE Application on Cisco routers
1. Enable CUBE Application
voice service voip
mode border-element license capacity 20  License count entered here not enforced though this CLI is
allow-connections sip to sip
required to see “show cube” CLI output
 By default IOS/IOS-XE voice devices do not allow an incoming
VoIP leg to go out as VoIP
2. Configure any other global settings to meet SP’s requirements
voice service voip
media bulk-stats  To increment Rx/Tx counters on IOS-XE based platforms. W/O this CLI, it will show 0/0
sip
early-offer forced
header-passing
error-passthru
3. Create a trusted list of IP addresses to prevent toll-fraud
voice service voip
ip address trusted list 
ipv4 66.77.37.2 ! ITSP SIP Trunk
ipv4 10.10.1.20/28 ! CUCM
sip
silent-discard untrusted 
Applications initiating signalling towards CUBE, e.g. CUCM, CVP,
Service Provider’s SBC. IP Addresses from dial-peers with “session target
ip” or Server Group are trusted by default and need not be populated here
Default configuration starting XE 3.10.1 /15.3(3)M1 to mitigate TDoS Attack
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
78
Step 4: Configure Call routing on CUBE
Standby
A
Enterprise
Campus
MPLS
LAN Dial-Peers
•
CUBE with High
Availability
CUBE
Active
IP PSTN
CUBE
WAN Dial-Peers
PSTN is now
Dial-Peer – “static routing” table mapping phone numbers
used only forto interfaces or IP addresses
emergency calls
overthe
FXO IP
linesPBX
towards
•
SRST
LAN Dial-Peers – Dial-peers
that are facing
for sending and
receiving calls to & from the PBX. Always bind LAN interface(s) on CUBE to LAN dialpeers
CME
•
TDM PBX the SIP Trunk provider for sending
WAN Dial-Peers – Dial-peers that are facing towards
Enterprise Branch
& receiving calls to & from Offices
the ITSP. Always bind CUBE’s WAN interface(s) to WAN dialpeer(s), ensuring SIP/RTP being source from the correct WAN interface(s)
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
79
WAN Dial-Peer Configuration
Inbound Dial-Peer for call legs from SP to CUBE
dial-peer voice 200 voip
description *** Inbound WAN side dial-peer ***
incoming called-number 702475….$
session protocol sipv2
voice-class sip bind control source gig0/1
voice-class sip bind media source gig0/1
codec g711ulaw
dtmf-relay rtp-nte
no vad
Specific to your DID range
assigned by the SP
Apply bind to all dial-peers when
CUBE has multiple interfaces.
Gig0/1 faces SP.
Outbound Dial-Peer for call legs from CUBE to SP
dial-peer voice 201 voip
description *** Outbound WAN side dial-peer ***
translation-profile outgoing Digitstrip
destination-pattern 91[2-9]..[2-9]......$
session protocol sipv2
voice-class sip bind control source gig0/1
voice-class sip bind media source gig0/1
session target ipv4:<SIP_Trunk_IP_Address>
codec g711ulaw
dtmf-relay rtp-nte
no vad
Translation rule/profile to strip the
access code (9) before delivering
the call to the SP
Dial-peer for making long distance
calls to SP, based on NANP (North
American Numbering Plan)
Note: Separate outgoing DP to be created for Local, International,
Emergency, Informational calls etc.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
80
LAN Dial-Peer Configuration
Inbound Dial-Peer for call legs from CUCM to CUBE
dial-peer voice 100 voip
description *** Inbound LAN side dial-peer ***
incoming called-number 9T
session protocol sipv2
voice-class sip bind control source gig0/0
voice-class sip bind media source gig0/0
codec g711ulaw
dtmf-relay rtp-nte
no vad
CUCM sending 9 (access code) + All
digits dialed
Apply bind to all dial-peers when
CUBE has multiple interfaces. Gig0/0
faces CUCM.
Outbound Dial-Peer for call legs from CUBE to CUCM
dial-peer voice 101 voip
description *** Outbound LAN side dial-peer ***
destination-pattern 702475….$
session protocol sipv2
voice-class sip bind control source gig0/0
voice-class sip bind media source gig0/0
session target ipv4:<CUCM_IP_Address>
codec g711ulaw
dtmf-relay rtp-nte
no vad
SP will be sending 10 digits (NANP)
based on your DID that is being
delivered to CUCM
Default codec is G729 if none is
specified
Note: If more than 1 CUCM cluster exists, you will have to create multiple such LAN dial-peers with “preference CLI” for CUCM redundancy/load balancing as the
81
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
traditional way to accommodate multiple trunks
SIP Normalization
SIP profiles is a mechanism to normalize or customize SIP at the
network border to provide interop between incompatible devices
SIP incompatibilities arise due to:
•
•
•
A device rejecting an unknown header (value
or parameter) instead of ignoring it
A device expecting an optional header
value/parameter or can be implemented in
multiple ways
A device sending a value/parameter that must
be changed or suppressed (“normalized”)
before it leaves/enters the enterprise to comply
with policies
•
Variations in the SIP standards of how to
achieve certain functions
•
With CUBE 10.0.1 SIP Profiles
can be applied to inbound SIP
messages as well
Add user=phone for INVITEs
Incoming
INVITE
sip:5551000@sip.com:5060
SIP/2.0
Outgoing
CUBE
INVITE
sip:5551000@sip.com:5060
user=phone SIP/2.0
voice class sip-profiles 100
request INVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
request REINVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
Modify a “sip:” URI to a “tel:” URI in INVITEs
Outgoing
Incoming
INVITE
sip:2222000020@9.13.24.6:5060
SIP/2.0
CUBE
INVITE
tel:2222000020
SIP/2.0
voice class sip-profiles 100
request INVITE sip-header SIP-Req-URI modify "sip:(.*)@[^ ]+" "tel:\1"
request INVITE sip-header From modify "<sip:(.*)@.*>" "<tel:\1>"
request INVITE sip-header To modify "<sip:(.*)@.*>" "<tel:\1>"
More information at http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/118825-technote-sip-00.html
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
82
Normalize Outbound SIP Message (Example 1)
SIP Provider
Requirement
For Call Forward & Transfer scenarios back to PSTN, the
Diversion header should match the registered DID of your network
SIP INVITE that CUBE sends
Sent:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0
………
Diversion: <sip:3000@9.44.44.4>;privacy=off;
reason=unconditional;screen=yes
……...
m=audio 6001 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
For Your
Reference
SIP INVITE that Service Provider expects
Sent:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0
……….
Diversion: <sip:4085266855@9.44.44.4>;
privacy=off;reason=unconditional;screen=yes
……….
m=audio 32278 RTP/AVP 18 8 101
a=rtpmap:0 PCMU/8000
Configure
SIP Profiles
voice class sip-profiles 500
request INVITE sip-header Diversion modify “sip:(.*>)” “sip:4085266855@9.44.44.4>”
request REINVITE sip-header Diversion modify “sip:(.*>)” “sip:4085266855@9.44.44.4>”
Apply to
Outgoing
Dial-peer
dial-peer voice 4000 voip
description Incoming/outgoing SP
voice-class sip profiles 500
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
83
Normalize Inbound SIP Message (Example 2)
CUBE
Requirement
For Your
Reference
SIP Diversion header must include a user portion
SIP INVITE received by CUBE
Received:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0
………
Diversion: <sip:9.44.44.4>;privacy=off;
reason=unconditional;screen=yes
……...
m=audio 6001 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
SIP INVITE CUBE expects
Received:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0
……….
Diversion: <sip:1234@9.44.44.4>;privacy=off;
reason=unconditional;screen=yes
……….
m=audio 32278 RTP/AVP 18 8 101
a=rtpmap:0 PCMU/8000
Enable Inbound SIP
Profile feature
voice service voip
sip
sip-profiles inbound
Configure Inbound
SIP Profile to add a
dummy user part
voice class sip-profiles 700
request INVITE sip-header Diversion modify “sip:” sip:1234@
Apply to incoming
Dial-peer
dial-peer voice 4000 voip
description Incoming/outgoing SP
voice-class sip profiles 700 inbound
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
84
SIP Profile Rule
Tagging
SIP Profile – Feature Overview
Existing Implementation
1. Insertion

New rules are always inserted at the end, there was no way to insert a rule at the beginning or in between
existing rules.

Only way to achieve this is by removing the complete profile and configuring it again in the desired order.
2. Deletion

While deleting a rule User has to give complete no form of that rule.

If there are duplicate rules, always 1st one is deleted.
3. Modification

There is no direct way to modify an existing rule. User has to delete and reconfigure the profile.
4. Duplication

If the same profile/rules applied more than once, then the rules are be duplicated
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
86
SIP Profile Tagging Enhancement
New rule tagging mechanism is being introduced
1. Insertion :

New rules can be inserted at any position i.e at the beginning, at the end or in between existing rules
by specifying rule tag number.
2. Deletion :

Rules can be deleted by giving no form of the rule with just the tag number.
3. Modification :

Any of the existing rules can be modified by specifying the rule tag number.
4. Duplication :

When a rule with an existing tag number is applied again, the rule will be over-written, without creating
any duplicate rules.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
87
SIP Profile Tagging Enhancement – Cont’d
 A mechanism to automatically upgrade the legacy SIP Profile configurations to
the new rule format has been provided. The following exec CLI is being provided
to upgrade existing implementation
voice sip sip-profiles upgrade
 A mechanism to automatically downgrade the SIP Profile configurations with the
rule tags to non-rule format has been provided. The following exe CLI has been
provided for this purpose
voice sip sip-profiles downgrade
 Note: When SIP Profiles are configured in “rule <tag>” format and the IOS
version is migrated to a version which does not have this capability, then all the
SIP Profile configurations will be lost. Hence, it is advisable to execute voice
sip sip-profiles downgrade before IOS version migration.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
88
SIP Profile Tagging – Configuration
• For tagging the rules, an additional option of “rule <tag>” has been provided
CUBE(config)#voice class sip-profiles 1
CUBE(config-class)#?
VOICECLASS configuration commands:
exit
Exit from voice class configuration mode
help
Description of the interactive help system
no
Negate a command or set its defaults
request sip request
response
sip response
rule
Specify the rule
CUBE(config-class)#rule ?
The new
keyword “rule”
“tag” to be
provided with
rule keyword
<1-1073741823>
Specify the rule tag
before
The rule to be inserted before
CUBE(config-class)#rule 1 ?
request sip request
response
sip response
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
SIP Profile Tagging – Configuration Cont’d
• For inserting a rule between two rules, “before” option has been provided
CUBE(config)#voice class sip-profiles 1
CUBE(config-class)#rule before ?
<1-1073741823>
Specify the rule tag
For inserting a rule
between two rules, the
new before keyword
is being introduced
CUBE(config-class)#rule before 3 ?
request sip request
response
sip response
•
If rule <tag> option is used to configure a SIP Profile rule, then this rule can
be deleted by specifying just the tag number instead of specifying the entire
rule configuration.
CUBE(config)#voice class sip-profiles 1
CUBE(config-class)#no rule before <tag>
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
90
Configuration Example
•
For tagging the rules:
voice class sip-profiles 1
rule 1 request INVITE sip-header Contact Modify “(.*)” “\1;temp=xyz”
rule 2 request INVITE sip-header Supported Add “Supported: ”
•
For inserting a rule between two rules using “before” option:
rule before 2 request INVITE sip-header To Modify “(.*)” “\1;temp=abc”
before
voice class sip-profiles 1
option
rule 1 request INVITE sip-header Contact Modify “(.*)” “\1;temp=xyz”
rule 2 request INVITE sip-header To Modify “(.*)” “\1;temp=abc”
The new rule has
rule 3 request INVITE sip-header Supported Add “Supported: ”
been inserted
between #1 and
#3
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
91
Configuration Example continued….
•
Auto-Upgrade : Exec command - “voice sip sip-profiles upgrade”
•
Suppose we have the following rules configured:
request INVITE sip-header Contact Modify “(.*)” “\1;temp=xyz”
request INVITE sip-header Supported Add “Supported: ”
request REGISTER sip-header Contact Modify “(.*)” “\1;temp=abc”
•
After auto upgrade, the rules will be automatically upgraded as follows:
rule 1 request INVITE sip-header Contact Modify “(.*)” “\1;temp=xyz”
rule 2 request INVITE sip-header Supported Add “Supported: ”
rule 3 request REGISTER sip-header Contact Modify “(.*)” “\1;temp=abc”
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
92
Configuration Example continued….
•
Auto-Downgrade : Exec command - “voice sip sip-profiles downgrade”
•
Suppose we have the following rules configured:
rule 1 request INVITE sip-header Contact Modify “(.*)” “\1;temp=xyz”
rule 2 request INVITE sip-header Supported Add “Supported: ”
rule 3 request REGISTER sip-header Contact Modify “(.*)” “\1;temp=abc”
•
After auto downgrade, the rules will be automatically downgraded as follows:
request INVITE sip-header Contact Modify “(.*)” “\1;temp=xyz”
request INVITE sip-header Supported Add “Supported: ”
request REGISTER sip-header Contact Modify “(.*)” “\1;temp=abc”
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
93
SIP Profile
Support for NonStandard
Headers
SIP Profile support for Non-Standard Headers
 Introducing support for adding/copying/removing/modifying non-
standard SIP headers using SIP profiles
 A new 'WORD' option has been added to the SIP Profiles CLI chain to
allow the user to configure any non-standard SIP Header
CUBE(config)#voice class sip-profiles 1
CUBE(config-class)#request INVITE sip-header ?
Accept-Contact SIP header Accept-Contact
…….
Via
SIP header Via
WORD
Any other SIP header name
WWW-Authenticate
SIP header WWW-Authenticate
The new “WORD”
option for specifying
unsupported headers
CUBE(config-class)#request INVITE sip-header WORD ?
ADD
addition of the header
COPY Copy a header
MODIFY
Modification of a header
REMOVE
Removal of a header
CUBE(config-class)#request INVITE sip-header WORD ADD “MyCustomHeader : Hussain Ali”
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Step 6: Execute the Test Plan
•
Inbound and outbound Local, Long distance, International calls for G711 &
G729 codecs (if supported by provider)
•
Outbound calls to information and emergency services
•
Caller ID and Calling Name Presentation
•
Supplementary services like Call Hold, Resume, Call Forward & Transfer
•
DTMF Tests
•
Fax calls – T.38 and fallback to pass-through (if option available)
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
96
Transitioning to Distributed SIP Trunking Model..
Re-purpose your existing Cisco voice gateway’s as CUBE at every branch
SIP/H323 Trunks
Standby
A
Media
• SIP Trunks pointing to CUBE
at each branch
CUBE
Active
SIP SP-1
Enterprise
Campus
CUBE with High
Availability
MPLS
CUBE
CUBE
• Provides the ability to
connect to different service
providers
SIP SP2
CUBE/SRST
CUBE/SRST
• Call Routing change on
CUCM
CUBE
CUBE
PSTN is
now used
only for
emergency
calls over
CUBE FXO lines
• Can continue to use
centralized call control
• CUBE & SRST can be colocated on the same platform
TDM PBX
Enterprise
Branch Offices
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
97
Agenda
•
SIP Trunking and CUBE Overview
•
SIP Trunking Design & Deployment Models
•
CUBE Architecture (Physical & Virtual)
•
Transitioning to SIP Trunking using CUBE
•
Advanced features on CUBE
•
CUBE Management & Troubleshooting
•
Futures & Key Takeaways
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
CUBE Dial-Peers
Call Routing
Understanding Dial-Peer Matching Techniques:
LAN & WAN Dial-Peers
• LAN Dial-Peers – Dial-peers that are facing towards the IP PBX for sending
and receiving calls to & from the PBX. Should be bound to the LAN interface(s)
of CUBE to ensure SIP/RTP is sourced from the LAN IP(s) of the CUBE.
•
WAN Dial-Peers – Dial-peers that are facing towards the SIP Trunk provider for
sending & receiving calls to & from the provider. Should be bound to WAN
interface(s) of CUBE.
Inbound LAN Dial-Peer
A
Outbound Calls
CUCM SIP Trunk
Outbound WAN Dial-Peer
ITSP SIP Trunk
IP PSTN
CUBE
Inbound Calls
Outbound LAN Dial-Peer
Inbound WAN Dial-Peer
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
100
Understanding Inbound Dial-Peer Matching Techniques
Priority
0
1
Inbound LAN Dial-Peer
Filter dial-peers based
on incoming VRF if
configured and then 1
to 3 below
Match Based on URI
of an incoming
INVITE message
2
Match based on
Called Number
3
Match based on
Calling number
4
Default Dial-Peer = 0
A
Outbound Calls
SP SIP Trunk
CUCM SIP Trunk
CUBE
Inbound Calls
Exact Pattern
match
Host Name/IP
Address
User portion of
URI
Phone-number of
tel-uri
IP
PSTN
Inbound WAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
101
Understanding Inbound Dial-Peer Matching Techniques
Priority
Inbound LAN Dial-Peer
voice class uri 1001 sip
host ipv4:10.1.1.1
A
1
B
C
D
CUBE
dial-peer voice 3 voip
incoming uri to 2001
dial-peer voice 4 voip
incoming uri from 1001
2
dial-peer voice 5 voip
incoming called-number 654321
3
dial-peer voice 6 voip
answer-address 555
4
dial-peer voice 7 voip
destination-pattern 555
IP
PSTN
Inbound Calls
dial-peer voice 1 voip
incoming uri via 1001
dial-peer voice 2 voip
incoming uri request 2001
SP SIP Trunk
CUCM SIP Trunk
voice class uri 2001 sip
host ipv4:10.2.1.1
A
Outbound Calls
Inbound WAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
102
Understanding Inbound Dial-Peer Matching Techniques
Priority
voice class uri 1001 sip
host ipv4:10.1.1.1
voice class uri 2001 sip
host ipv4:10.2.1.1
A
1
B
C
D
Inbound LAN Dial-Peer
A
dial-peer voice 3 voip
incoming uri to 2001
dial-peer voice 4 voip
incoming uri from 1001
2
dial-peer voice 5 voip
incoming called-number 654321
3
dial-peer voice 6 voip
answer-address 555
4
dial-peer voice 7 voip
destination-pattern 555
SP SIP Trunk
CUCM SIP Trunk
CUBE
dial-peer voice 1 voip
incoming uri via 1001
dial-peer voice 2 voip
incoming uri request 2001
Outbound Calls
IP
PSTN
Inbound Calls
Inbound WAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
103
Understanding Inbound Dial-Peer Matching Techniques
Priority
voice class uri 1001 sip
host ipv4:10.1.1.1
voice class uri 2001 sip
host ipv4:10.2.1.1
A
1
B
C
D
Inbound LAN Dial-Peer
A
dial-peer voice 3 voip
incoming uri to 2001
dial-peer voice 4 voip
incoming uri from 1001
2
dial-peer voice 5 voip
incoming called-number 654321
3
dial-peer voice 6 voip
answer-address 555
4
dial-peer voice 7 voip
destination-pattern 555
SP SIP Trunk
CUCM SIP Trunk
CUBE
IP
PSTN
Inbound Calls
dial-peer voice 1 voip
incoming uri via 1001
dial-peer voice 2 voip
incoming uri request 2001
Outbound Calls
Inbound WAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
104
Understanding Inbound Dial-Peer Matching Techniques
Priority
Inbound LAN Dial-Peer
voice class uri 1001 sip
host ipv4:10.1.1.1
A
1
B
A
CUBE
dial-peer voice 3 voip
incoming uri to 2001
D
dial-peer voice 4 voip
incoming uri from 1001
2
dial-peer voice 5 voip
incoming called-number 654321
3
dial-peer voice 6 voip
answer-address 555
4
dial-peer voice 7 voip
destination-pattern 555
IP
PSTN
Inbound Calls
Inbound WAN Dial-Peer
dial-peer voice 1 voip
incoming uri via 1001
C
SP SIP Trunk
CUCM SIP Trunk
voice class uri 2001 sip
host ipv4:10.2.1.1
dial-peer voice 2 voip
incoming uri request 2001
Outbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
105
Understanding Inbound Dial-Peer Matching Techniques
Priority
Inbound LAN Dial-Peer
voice class uri 1001 sip
host ipv4:10.1.1.1
A
1
B
C
dial-peer voice 3 voip
incoming uri to 2001
D
dial-peer voice 4 voip
incoming uri from 1001
2
dial-peer voice 5 voip
incoming called-number 654321
3
dial-peer voice 6 voip
answer-address 555
4
dial-peer voice 7 voip
destination-pattern 555
IP
PSTN
CUBE
Inbound Calls
dial-peer voice 1 voip
incoming uri via 1001
dial-peer voice 2 voip
incoming uri request 2001
SP SIP Trunk
CUCM SIP Trunk
voice class uri 2001 sip
host ipv4:10.2.1.1
A
Outbound Calls
Inbound WAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
106
Understanding Inbound Dial-Peer Matching Techniques
Priority
Inbound LAN Dial-Peer
voice class uri 1001 sip
host ipv4:10.1.1.1
A
1
2
3
4
B
CUBE
C
dial-peer voice 3 voip
incoming uri to 2001
D
dial-peer voice 4 voip
incoming uri from 1001
dial-peer voice 5 voip
incoming called-number 654321
dial-peer voice 6 voip
answer-address 555
dial-peer voice 7 voip
destination-pattern 555
IP
PSTN
Inbound Calls
dial-peer voice 1 voip
incoming uri via 1001
dial-peer voice 2 voip
incoming uri request 2001
SP SIP Trunk
CUCM SIP Trunk
voice class uri 2001 sip
host ipv4:10.2.1.1
A
Outbound Calls
Inbound WAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
107
Understanding Inbound Dial-Peer Matching Techniques
Priority
Inbound LAN Dial-Peer
voice class uri 1001 sip
host ipv4:10.1.1.1
A
1
B
CUBE
C
dial-peer voice 3 voip
incoming uri to 2001
D
dial-peer voice 4 voip
incoming uri from 1001
2
dial-peer voice 5 voip
incoming called-number 654321
3
dial-peer voice 6 voip
answer-address 555
4
dial-peer voice 7 voip
destination-pattern 555
IP
PSTN
Inbound Calls
dial-peer voice 1 voip
incoming uri via 1001
dial-peer voice 2 voip
incoming uri request 2001
SP SIP Trunk
CUCM SIP Trunk
voice class uri 2001 sip
host ipv4:10.2.1.1
A
Outbound Calls
Inbound WAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
108
Understanding Outbound Dial-Peer Matching Techniques
Priority
0
1
2
3
4
Outbound WAN Dial-Peer
Match Based on DPG,
DPPP, COR/LPCOR if
configured
Match Based on URI of
incoming INVITE
message & carrier-id
target
Match based on Called
Number & carrier-id
target
Match based on URI of
an incoming INVITE
message
Match based on Called
number
Outbound Calls
A
Exact Pattern
match
Host Name/IP
Address
User portion of
URI
Phone-number of
tel-uri
Exact Pattern
match
Host Name/IP
Address
User portion of
URI
Phone-number of
tel-uri
CSCua14749 – Carrier-id CLI not working on XE based
platforms
SP SIP Trunk
CUCM SIP Trunk
CUBE
IP
PSTN
Inbound Calls
Outbound LAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Understanding Outbound Dial-Peer Matching Techniques
Priority
Outbound WAN Dial-Peer
voice class uri 2001 sip
host ipv4:10.2.1.1
Outbound Calls
A
1
2
dial-peer voice 1 voip
destination uri 2001
carrier-id target orange
dial-peer voice 2 voip
destination-pattern 654321
carrier-id target orange
SP SIP Trunk
CUCM SIP Trunk
CUBE
IP
PSTN
Inbound Calls
Outbound LAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-route-
voice class uri 2001 sip
host ipv4:10.2.1.1
3
4
dial-peer voice 3 voip
destination uri 2001
dial-peer voice 4 voip
destination-pattern 654321
tag="cid:orange@10.1.1.1";branch=z9hG4bK23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
110
Understanding Outbound Dial-Peer Matching Techniques
Outbound WAN Dial-Peer
Priority
voice class uri 2001 sip
host ipv4:10.2.1.1
1
Outbound Calls
A
dial-peer voice 1 voip
destination uri 2001
carrier-id target orange
SP SIP Trunk
CUCM SIP Trunk
CUBE
IP
PSTN
Inbound Calls
Outbound LAN Dial-Peer
2
3
dial-peer voice 2 voip
destination-pattern 654321
carrier-id target orange
voice class uri 2001 sip
host ipv4:10.2.1.1
dial-peer voice 3 voip
destination uri 2001
4
dial-peer voice 4 voip
destination-pattern 654321
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-route-
tag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
111
Understanding Outbound Dial-Peer Matching Techniques
Outbound WAN Dial-Peer
Priority
Outbound Calls
voice class uri 2001 sip
host ipv4:10.2.1.1
A
1
2
dial-peer voice 1 voip
destination uri 2001
carrier-id target orange
dial-peer voice 2 voip
destination-pattern 654321
carrier-id target orange
voice class uri 2001 sip
host ipv4:10.2.1.1
3
dial-peer voice 3 voip
destination uri 2001
4
dial-peer voice 4 voip
destination-pattern 654321
SP SIP Trunk
CUCM SIP Trunk
CUBE
IP
PSTN
Inbound Calls
Outbound LAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
112
Understanding Outbound Dial-Peer Matching Techniques
Outbound WAN Dial-Peer
Priority
Outbound Calls
voice class uri 2001 sip
host ipv4:10.2.1.1
1
2
dial-peer voice 1 voip
destination uri 2001
carrier-id target orange
dial-peer voice 2 voip
destination-pattern 654321
carrier-id target orange
voice class uri 2001 sip
host ipv4:10.2.1.1
3
dial-peer voice 3 voip
destination uri 2001
4
dial-peer voice 4 voip
destination-pattern 654321
A
SP SIP Trunk
CUCM SIP Trunk
CUBE
IP
PSTN
Inbound Calls
Outbound LAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
113
CUBE Advanced Call
Routing
Understanding Outbound Dial-Peer Matching Techniques
Priority
1
Match Based on URI of
incoming INVITE message
& carrier-id target
Outbound WAN Dial-Peer
Outbound Calls
Exact Pattern
match
Host Name/IP
Address
A
2
Phone-number of
tel-uri
INVITE sip:654321@10.2.1.1 SIP/2.0
Match based on URI of an
incoming INVITE message
Host Name/IP
Address
User portion of URI
4
Inbound Calls
Outbound LAN Dial-Peer
Received:
Exact Pattern
match
3
IP PSTN
CUBE
User portion of URI
Match based on Called
Number & carrier-id target
SP SIP Trunk
SIP Trunk
Match based on Called
number
Phone-number of
tel-uri
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
115
Additional Headers for Outbound Dial-Peer Matching
Outbound WAN Dial-Peer
Match Based on URI of incoming INVITE message with
or without carrier-id target
Outbound Calls
A
Match based on CALLED
carrier-id target
Number with or without
IP PSTN
CUBE
Inbound Calls
Match Based on FROM Header of incoming INVITE
Match Based on TO Header of incoming INVITE
Match Based on VIA Header of incoming INVITE
Match based on DIVERSION Header of incoming
INVITE
Match based on REFERRED-BY Header of incoming
INVITE
Match based on CALLING
SP SIP Trunk
SIP Trunk
Number
Outbound LAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
116
Introducing Outbound Dial-peer Provision Policy
•
Flexibility to choose how outbound dial-peers are selected
•
Dynamically set the priority based on Inbound dial-peers
•
Additional Inbound Leg Headers for Outbound Dial-peer Matching
VIA
•
TO
DIVERSION
REFERRED-BY
Calling Number
User-defined outbound dial-peer provision policy on a per incoming call bases
1.
2.
3.
•
FROM
A provision policy contains two rules to save the match attributes and its precedence
Up to two match attributes can be defined from each rule of a provision policy
A provision policy setup will be used to match outbound dial-peers once it is associated to an
incoming VoIP call.
Outbound dial-peer match attributes
destination uri-via
destination uri-diversion
destination e164-pattern-map
destination uri-to
destination uri-referred-by
destination uri
destination uri-from
destination calling
destination-pattern
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
117
Dial-peer Provision Policy Configuration
1.
Define Voice Class Dial-peer Provision Policy
CUBE(config)#voice class dial-peer provision-policy <tag>
CUBE(config-class)# description “Match outbound dial-peer based on this Criteria”
CUBE(config-class)#preference ?
<1-2> Preference order
CUBE(config-class)#preference 1 first-attribute second-attribute
called
Match called number
calling Match calling number
carrier-id
Match carrier id
diversion
Match diversion uri
from
Match from uri
to
Match to uri
uri
Match destination uri
via
Match via uri
referred-by
Match referred-by uri
voice class dial-peer provision-policy <tag>
description ‘Match outbound dial-peer based on criteria defined here’
preference 1 first-attribute second-attribute
preference 2 first-attribute second-attribute
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
118
Dial-peer Provision Policy Configuration – Cont’d
2.
Associate Voice Class Provision Policy to an Incoming Dial-peer
dial-peer voice 1 voip
description Inbound Dial-peer
destination provision-policy <tag>
3.
Define Outbound Dial-peer with match patterns based on attributes in a policy
CUBE(config)#dial-peer voice 2 voip
CUBE(config-dial-peer)#description Outbound Dial-peer
CUBE(config-dial-peer)#destination ?
calling
Match destination calling number
e164-pattern-map
Configure voice class to match destination e164-pattern-map
uri
Configure voice class to match destination URI
uri-diversion
voice class uri to match sip diversion header
uri-from
voice class uri to match sip from header
uri-referred-by
voice class uri to match sip referred-by header
uri-to
voice class uri to match sip to header
uri-via
voice class uri to match sip via header
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
119
Dial-peer Provision Policy Configuration
– Cont’d
For Your
Reference
Configuring a match command for an outbound dial-peer according to the provision policy rule
attribute configured
Provision Policy Rule Attribute
Outbound Dial-peer Match command
Called
destination-pattern pattern
destination e164-pattern-map pattern-map-class-id
Calling
destination calling e164-pattern-map pattern-map-class-id
carrier-id
carrier-id target
Uri
destination uri uri-class-tag
Via
destination uri-via uri-class-tag
To
destination uri-to uri-class-tag
from
destination uri-from uri-class-tag
diversion
destination uri-diversion uri-class-tag
referred-by
destination uri-referred-by uri-class-tag
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
120
Dial-peer Provision Policy Example – Match on FROM
voice class uri 10 sip
user-id 555
voice class uri 20 sip
host 10.2.1.1
dial-peer voice 1000 voip
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10
dial-peer voice 2000 voip
description "Inbound dialpeer. Choose outbound based on DPP 20"
destination provision-policy 20
voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
!
voice class dial-peer provision-policy 20
description "Match outbound DP based on FROM first, if no match
select based on TO"
preference 1 from
preference 2 to
dial-peer voice 20201 voip
description "Outbound dialpeer based on FROM"
destination uri-from 10
dial-peer voice 20202 voip
description "Outbound dialpeer based on TO"
destination uri-to 20
dial-peer voice 10000 voip
description "Outbound dialpeer based on FROM and TO"
destination uri-from 10
destination uri-to 20
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
121
Dial-peer Provision Policy Example – Match on FROM
voice class uri 10 sip
user-id 555
voice class uri 20 sip
host 10.2.1.1
dial-peer voice 1000 voip
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10
dial-peer voice 2000 voip
description "Inbound dialpeer. Choose outbound based on DPP 20"
destination provision-policy 20
dial-peer voice 20201 voip
description "Outbound dialpeer based on FROM"
destination uri-from 10
dial-peer voice 20202 voip
description "Outbound dialpeer based on TO"
destination uri-to 20
dial-peer voice 10000 voip
description "Outbound dialpeer based on FROM and TO"
destination uri-from 10
destination uri-to 20
voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
Received:
voice class dial-peer provision-policy 20
description "Match outbound DP based on FROM first, if no match
select based on TO"
preference 1 from
preference 2 to
From: "555" <sip:555@10.1.1.1:5060>;tag=1
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
122
Dial-peer Provision Policy Example – Match on FROM
voice class uri 10 sip
user-id 555
voice class uri 20 sip
host 10.2.1.1
dial-peer voice 1000 voip
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10
dial-peer voice 2000 voip
description "Inbound dialpeer. Choose outbound based on DPP 20"
destination provision-policy 20
dial-peer voice 20201 voip
description "Outbound dialpeer based on FROM"
destination uri-from 10
dial-peer voice 20202 voip
description "Outbound dialpeer based on TO"
destination uri-to 20
dial-peer voice 10000 voip
description "Outbound dialpeer based on FROM and TO"
destination uri-from 10
destination uri-to 20
voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
Received:
voice class dial-peer provision-policy 20
description "Match outbound DP based on FROM first, if no match
select based on TO"
From: "555" <sip:555@10.1.1.1:5060>;tag=1
preference 1 from
preference 2 to
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
123
Dial-peer Provision Policy Example – Match on TO
voice class uri 10 sip
user-id 555
voice class uri 20 sip
host 10.2.1.1
dial-peer voice 1000 voip
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10
dial-peer voice 2000 voip
description "Inbound dialpeer. Choose outbound based on DPP 20"
destination provision-policy 20
voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
voice class dial-peer provision-policy 20
description "Match outbound DP based on FROM first, if no match
select based on TO"
preference 1 from
preference 2 to
dial-peer voice 20201 voip
description "Outbound dialpeer based on FROM"
destination uri-from 10
shutdown
dial-peer voice 20202 voip
description "Outbound dialpeer based on TO"
destination uri-to 20
dial-peer voice 10000 voip
description "Outbound dialpeer based on FROM and TO"
destination uri-from 10
destination uri-to 20
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
124
Dial-peer Provision Policy Example – Match on TO
voice class uri 10 sip
user-id 555
voice class uri 20 sip
host 10.2.1.1
dial-peer voice 1000 voip
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10
dial-peer voice 2000 voip
description "Inbound dialpeer. Choose outbound based on DPP 20"
destination provision-policy 20
voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
voice class dial-peer provision-policy 20
description "Match outbound DP based on FROM first, if no match
select based on TO"
preference 1 from
preference 2 to
dial-peer voice 20201 voip
description "Outbound dialpeer based on FROM"
destination uri-from 10
shutdown
dial-peer voice 20202 voip
description "Outbound dialpeer based on TO"
destination uri-to 20
dial-peer voice 10000 voip
description "Outbound dialpeer based on FROM and TO"
destination uri-from 10
destination uri-to 20
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
125
Dial-peer Provision Policy Example – Match on FROM & TO
voice class uri 10 sip
user-id 555
voice class uri 20 sip
host 10.2.1.1
dial-peer voice 1000 voip
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10
dial-peer voice 2000 voip
description "Inbound dialpeer. Choose outbound based on DPP 20"
destination provision-policy 20
voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
voice class dial-peer provision-policy 20
description "Match outbound DP based on FROM first, if no match
select based on TO"
preference 1 from
preference 2 to
dial-peer voice 20201 voip
description "Outbound dialpeer based on FROM"
destination uri-from 10
dial-peer voice 20202 voip
description "Outbound dialpeer based on TO"
destination uri-to 20
dial-peer voice 10000 voip
description "Outbound dialpeer based on FROM and TO"
destination uri-from 10
destination uri-to 20
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
.....
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
126
Dial-peer Provision Policy Example – Match on FROM & TO
voice class uri 10 sip
user-id 555
voice class uri 20 sip
host 10.2.1.1
dial-peer voice 1000 voip
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10
dial-peer voice 2000 voip
description "Inbound dialpeer. Choose outbound based on DPP 20"
destination provision-policy 20
dial-peer voice 20201 voip
description "Outbound dialpeer based on FROM"
destination uri-from 10
dial-peer voice 20202 voip
description "Outbound dialpeer based on TO"
destination uri-to 20
dial-peer voice 10000 voip
description "Outbound dialpeer based on FROM and TO"
destination uri-from 10
destination uri-to 20
voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
Received:
voice class dial-peer provision-policy 20
description "Match outbound DP based on FROM first, if no match
select based on TO"
preference 1 from
preference 2 to
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
127
Dial-peer Provision Policy Example – Match on FROM & TO
voice class uri 10 sip
user-id 555
voice class uri 20 sip
host 10.2.1.1
dial-peer voice 1000 voip
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10
dial-peer voice 2000 voip
description "Inbound dialpeer. Choose outbound based on DPP 20"
destination provision-policy 20
dial-peer voice 20201 voip
description "Outbound dialpeer based on FROM"
destination uri-from 10
dial-peer voice 20202 voip
description "Outbound dialpeer based on TO"
destination uri-to 20
dial-peer voice 10000 voip
description "Outbound dialpeer based on FROM and TO"
destination uri-from 10
destination uri-to 20
voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
Received:
voice class dial-peer provision-policy 20
description "Match outbound DP based on FROM first, if no match
select based on TO"
preference 1 from
preference 2 to
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
128
Destination Dial-peer Group
•
Allows grouping of outbound dial-peers based on an incoming dial-peer, reducing
existing outbound dial-peer provisioning requirements
• Eliminates the need to configure extra outbound dial-peers that are sometimes
needed as workarounds to achieve desired call routing outcome
•
Multiple outbound dial-peers are saved under a new “voice class dpg <tag>”. The
new “destination dpg <tag>” command line of an inbound voip dial-peer
can be used to reference the new dpg (dial-peer group)
•
Once an incoming voip call is handled by an inbound voip dial-peer with an
active dpg, dial-peers of a dpg will then be used as outbound dial-peers for an
incoming call
•
The order of outgoing call setups will be the sorted list of dial-peers from a dpg,
i.e, the destination-patterns of the outgoing dial-peers is not relevant for selection
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
129
Destination Dial-peer Group Configuration
voice class dpg 10000
description Voice Class DPG for SJ
dial-peer 1001 preference 1
dial-peer 1002 preference 2
dial-peer 1003
!
dial-peer voice 100 voip
description Inbound DP
incoming called-number 1341
destination dpg 10000
1. Incoming Dial-peer is first
matched
dial-peer voice 1001 voip
destination-pattern 8888
session protocol sipv2
session target ipv4:10.1.1.1
!
dial-peer voice 1002 voip
destination-pattern 8888
session protocol sipv2
session target ipv4:10.1.1.2
!
dial-peer voice 1003 voip
destination-pattern 8888
session protocol sipv2
session target ipv4:10.1.1.3
2. Now the DPG associated with
the INBOUND DP is selected
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
130
Outbound Dial-Peer Matching Criteria Summary
Priority
Outbound WAN Dial-Peer
Outbound Calls
0
1
2
3
4
Match Based on DPG,
DPPP, COR/LPCOR if
configured
Match Based on URI of
incoming INVITE
message & carrier-id
target
Match based on Called
Number & carrier-id
target
Match based on URI of
an incoming INVITE
message
Match based on Called
number
A
Exact Pattern
match
Host Name/IP
Address
User portion of
URI
Phone-number of
tel-uri
Exact Pattern
match
Host Name/IP
Address
User portion of
URI
Phone-number of
tel-uri
CSCua14749 – Carrier-id CLI not working on XE based
platforms
SP SIP Trunk
CUCM SIP Trunk
CUBE
IP
PSTN
Inbound Calls
Outbound LAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
131
Destination Server Group
•
•
•
Supports multiple destinations (session targets) be defined in a group and applied to
a single outbound dial-peer
Once an outbound dial-peer is selected to route an outgoing call, multiple
destinations within a server group will be sorted in either round robin or preference
[default] order
This reduces the need to configure multiple dial-peers with the same capabilities but
different destinations. E.g. Multiple subscribers in a cluster
voice class server-group 1
hunt-scheme {preference | round-robin}
ipv4 1.1.1.1 preference 5
ipv4 2.2.2.2
ipv4 3.3.3.3 port 3333 preference 3
ipv6 2010:AB8:0:2::1 port 2323 preference 3
ipv6 2010:AB8:0:2::2 port 2222
dial-peer voice 100 voip
description Outbound DP
destination-pattern 1234
session protocol sipv2
codec g711ulaw
dtmf-relay rtp-nte
session server-group 1
* DNS target not supported in server group
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
132
Multiple Destination-Patterns Under Same
Outbound Dial-Peer
Site A
(919)200-2000
Site B
(510)100-1000
Site C
(408)100-1000
G729 Sites
voice class e164-pattern-map 100
e164 919200200.
e164 510100100.
e164 408100100.
dial-peer voice 1 voip
destination e164-pattern-map 100
codec g729r8
session target ipv4:10.1.1.1
A
SIP Trunk
Provides the ability to combine multiple
destination-patterns targeted to the
same destination to be grouped into a
single dial-peer
Up to 5000 entries in a text file
SP SIP Trunk
IP PSTN
CUBE
Site A
(919)200-2010
Site B
(510)100-1010
Site C
(408)100-1010
G711 Sites
voice class e164-pattern-map 200
url flash:e164-pattern-map.cfg
dial-peer voice 1 voip
destination e164-pattern-map 200
codec g711ulaw
session target ipv4:10.1.1.1
LTRCOL-2310
! This is an example of the contents of
E164 patterns text file stored in
flash:e164-pattern-map.cfg
9192002010
5101001010
4081001010
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
133
Multiple Incoming Patterns Under Same
Incoming Dial-peer
Site A
(919)200-2000
Site B
(510)100-1000
Site C
(408)100-1000
G729 Sites
voice class e164-pattern-map 300
e164 919200200.
e164 510100100.
e164 408100100.
dial-peer voice 1 voip
description Inbound DP via Calling
incoming calling e164-pattern-map 300
codec g729r8
A
SIP Trunk
Provides the ability to combine multiple
incoming called OR calling numbers on
a single inbound voip dial-peer, reducing
the total number of inbound voip dialpeers required with the same routing
capability
Up to 5000 entries in a text file
SP SIP Trunk
IP PSTN
CUBE
Site A
(919)200-2010
Site B
(510)100-1010
Site C
(408)100-1010
G711 Sites
voice class e164-pattern-map 400
url flash:e164-pattern-map.cfg
dial-peer voice 2 voip
description Inbound DP via Called
incoming called e164-pattern-map 400
codec g711ulaw
LTRCOL-2310
! This is an example of the
contents of E164 patterns text
file stored in flash:e164pattern-map.cfg
9192002010
5101001010
4081001010
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
134
URI Based Dialing Overview
INVITE sip:user@xyz.com
INVITE sip:user@xyz.com
CUBE
SBC
Enterprise
xyz.com
Enterprise
abc.com
Existing CUBE behavior:
• In CUBE URI based routing (user@host), the “user” part must be present and must be an
E164 number
• The outgoing SIP ‘Request-URI’ and ‘To header URI’ are always set to the session target
information of the outbound dial-peer
• For Req-URIs with same user name e.g. hussain@cisco.com, hussain@google.com, two
different dial-peers are configured with the respective session targets
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
135
URI Based Dialing Enhancement –
For Your
Reference
URI Pass Through
INVITE sip:1234@cisco.com
dial-peer voice 100 voip
incoming uri request 1
CUBE
INVITE sip:1234@cisco.com
dial-peer voice 200 voip
session protocol sipv2
destination uri 1
voice-class sip call-route url
session protocol sipv2
session target ipv4:10.1.1.1
voice-class sip requri-passing
voice class uri 1 sip
host cisco.com
•
By default, the host portion is replaced with the session target value of the matched
outbound dial-peer
• Enhancement : Outgoing INVITE has same request URI as received in Incoming INVITE.
This can be achieved by configuring ‘requri-passing’ in the outgoing dial-peer or
globally.
• Allows for peer-to-peer calling between enterprises using URIs
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
136
URI Based Dialing Enhancement –
For Your
Reference
‘User’ portion non-E164 format
INVITE sip:hussain@cisco.com
dial-peer voice 100 voip
incoming uri request 1
CUBE
INVITE sip:hussain@10.1.1.1
dial-peer voice 200 voip
session protocol sipv2
destination uri 1
voice-class sip call-route url
session protocol sipv2
session target ipv4:10.1.1.1
voice class uri 1 sip
host cisco.com
•
By default, alphanumeric/non-E164 users were not allowed
• Enhancement : User part in Incoming INVITE Req-URI can be of Non-E164 format. e.g.
sip:hussain@cisco.com. Outgoing INVITE will have user portion as it is received i.e.
‘hussain’ (unless SIP profiles are applied).
•
Useful for video calls
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
137
URI Based Dialing Enhancement –
For Your
Reference
‘User’ portion absent
INVITE sip:cisco.com
CUBE
dial-peer voice 100 voip
incoming uri request 1
INVITE sip:cisco.com
dial-peer voice 200 voip
session protocol sipv2
destination uri 1
voice-class sip call-route url
session protocol sipv2
session target ipv4:10.1.1.1
voice-class sip requri-passing
voice class uri 1 sip
host cisco.com
•
By default, call is rejected with “400 Bad Request”
•
Enhancement : Incoming INVITE with no user portion (e.g. sip:cisco.com.) is supported. Dial-peer
matching will happen based on ‘host’ portion. Outgoing INVITE Req-URI will not have any user portion in
this case (unless sip-profiles are applied).
•
•
If user portion is present in incoming INVITE ‘To header’, it is retained in outgoing INVITE ‘To Header’
If ‘voice-class sip requri-passing’ is not configured, INVITE will go out as sip:10.1.1.1
•
REFER and 302, both consume and pass-through cases supported as well
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
138
URI Based Dialing Enhancement –
Deriving Target host from Incoming INVITE Req-URI
INVITE sip:hussain@cisco.com
dial-peer voice 100 voip
incoming uri request 1
CUBE
INVITE sip:hussain@10.1.1.1
dial-peer voice 200 voip
session protocol sipv2
destination uri 1
voice-class sip call-route url
session protocol sipv2
session target sip-uri
voice class uri 1 sip
user hussain
user .*
•
•
For different hosts with the same ‘user’, multiple outgoing dial-peers had to be configured
Enhancement : To support URIs with the same user portion but with different domains, only one
dial-peer per can be configured. Outgoing dial-peer needs to be configured with ‘session
target sip-uri’ instead of regular session target configuration. This will trigger DNS
resolution of the domain of incoming INVITE Req-URI and dynamically determine the session
target IP.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
139
Media Manipulation
Audio Transcoding and Transrating
iLBC, iSAC,
Speex
Enterprise
VoIP
SP VoIP
IP Phones:
G.711, G.729 20 ms,
G.722
CUBE
G.729 30 ms
•
•
Transcoding (12.4.20T)
• One voice codec to any other codec E.g. iLBC-G.711 or iLBCG.729
• CUCM 7.1.5 or later supports universal Transcoding
• Transcoding: G.711, G.723.1, G.726, G.728,
G.729/a, iLBC, G.722
• Transrating: G.729 20ms ↔ 30ms (AT&T)
Transrating (15.0.1M)
• Different packetizations of the same codec
•
E.g. G.729 20ms to G.729 30ms
• Support for SIP-SIP calls
• No sRTP support with transrating
dial-peer voice 2 voip
codec g729r8 bytes 30 fixed-bytes
!Call volume (gain/loss) adjustment
dial-peer voice 2 voip
audio incoming level-adjustment x
audio outgoing level-adjustment y
LTRCOL-2310
Supported Codecs
Packetization
(ms)
G.711 a-law 64 Kbps
10, 20, 30
G.711 µlaw 64 Kbps
10, 20, 30
G.723 5.3/6.3 Kbps
30, 60
G.729, G.729A, G.729B, 10, 20, 30, 40, 50,
G.729AB 8 Kbps
60
G.722—64 Kbps
10, 20, 30
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
141
Configuration for SCCP based Transcoding
(ISR-G2/4K)
1. Enabling dspfarm services
under voice-card
voice-card 1
dspfarm ! Only ISR G2
dsp services dspfarm
2. telephony-service configuration
telephony-service
sdspfarm units 1
sdspfarm transcode sessions 128
sdspfarm tag 1 CUBE-XCODE
max-ephones 10
max-dn 10
ip source-address
<CUBE_internal_IP> port 2000
For Your
Reference
3. SCCP configuration
sccp local GigabitEthernet0/0
sccp ccm <CUBE_internal_IP> identifier 1 version 7+
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 1 register CUBE-XCODE
4. dspfarm profile configuration
dspfarm profile 1 transcode
codec g711ulaw
codec g711alaw
codec g729r8
maximum sessions 10
associate application SCCP
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
142
Configuration for LTI based Transcoding
(ISR-G2/4K & ASR)
1. Enabling dspfarm services
under voice-card
voice-card 0/1
dspfarm ! Only ISR G2
dsp services dspfarm
2. dspfarm profile configuration
dspfarm profile 1 transcode
codec g711ulaw
codec g711alaw
codec g729abr8
codec g729ar8
codec ilbc
maximum sessions 100
associate application CUBE
Feature Notes:
• This uses Local Transcoding Interface to
communicate between CUBE and DSPs
• Also available on ISR-G2 starting IOS 15.2.3T
• Can only be used if CUBE invokes the DSP
for media services
• CUCM cannot invoke DSPs using this LTI
interface
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
143
External/PSTN Call
Recording
External/PSTN Call Recording Options (no DSPs needed for CallRecording on CUBE)
•
CUBE Controlled (Dial-peer based ORA)
•
Based on Open Recording Architecture, metadata sent in Cisco Proprietary format from CUBE to Recorder
• Dial-peer controlled, IP-PBX independent
• Source of recorded media (RTP only) is always CUBE (External calls only). For SRTP-RTP calls, apply
media forking CLI on the RTP leg only.
• Records both audio and video calls and supported with CUBE HA (Inbox or box-2-box)
•
CUBE Controlled (Dial-peer based SIPREC)
•
Based on SIPREC (RFC 6341, 7245, Metadata-draft-17, Protocol-draft-15), CUBE sends metadata in XML
format
• Dial-peer controlled, IP-PBX independent
• Source of recorded media (RTP only) is always CUBE (External calls only). For SRTP-RTP calls, apply
media forking CLI on the RTP leg only.
• Records both audio and video calls and supported with CUBE HA (Inbox or box-2-box)
•
CUCM NBR (Network Based Recording)
•
CUCM Controlled, requires CUCM 10+ and UC Services API be enabled on CUBE
• Recording triggered by CUCM and this mode records only Audio calls
• Source of Recorded Media can be CUBE or Endpoint (BiB), CUBE as source desired for PSTN calls
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
145
CUBE Controlled Recording Option – Media Forking
Dial-peer based – Open Recording Architecture (ORA)
• CUBE sets up a stateful SIP session
with MediaSense server
Cisco Search/Play demo app or Partner
Application
Cisco MediaSense
(authentication disabled w/o UCM)
• After SIP dialog established, CUBE
forks the RTP and sends it for
MediaSense to record
MediaSense
• With XE 3.10.1, Video calls supported
and CUBE HA for audio calls
SIP
Cisco Proprietary Metadata
A
SIP
SIP
SP SIP
RTP
• Call agent
independent
• Configured on a per
Dial-peer level to fork
RTP
CUBE
media class 9
recorder parameter
media-recording 950
dial-peer voice 901 voip
RTP
dial-peer voice 950 voip
description dial-peer pointing to MediaSense
Needs to
match
description dial-peer that needs to be forked
session protocol sipv2
media-class 9
destination-pattern 9999 ! Dummy
session protocol sipv2
session transport tcp
session target ipv4:<Mediasense_IP>
! Bind on this DP mandatory
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
146
Audio only Media Forking for an Audio/Video Call
CUBE Controlled Recording – Dial-peer based
• MediaSense 10+ or any recording server can decline the video stream and choose to have only the audio
stream recorded by setting the video port as 0 in the SDP answer
• CUBE can be configured to offer only audio streams to be recorded even if the call that is being recorded
is an audio/video call
• Support for forwarding any 3rd
MediaSense
party IP PBX GUID to the
recording server by use of SIP
SIP
Profiles
Cisco Proprietary Metadata
A
SIP
SIP
SP SIP
RTP
CUBE
RTP
media profile recorder 100
media-class 1
recorder profile 100
media-type audio
media-recording 950
dial-peer voice 1 voip
description dial-peer that needs to be forked
session protocol sipv2
media-class 1
dial-peer voice 950 voip
description dial-peer pointing to MediaSense
destination-pattern 9999 ! Dummy
session protocol sipv2
session transport tcp
session target ipv4:<Mediasense_IP>
! Bind on this DP mandatory
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
147
CUBE Controlled Recording Option - SIPREC
Dial-peer based – SIPREC Standard
• SIP is used as a protocol between CUBE and the recording server, where CUBE acts as the recording
client and any third party recorder acts as the recording server
• Along with SDP, metadata information is passed by CUBE to the recording server in XML format
SIPREC Compliant Recorder
• Metadata includes the
communication session details of
audio or video calls and also
identifies the participants of the call
Recorder
XML Metadata
A
SIP
SIP
SP SIP
RTP
• SIP Profiles can
additionally be used to
forward 3rd party IP PBX
Call Identifier to the
Recorder for Correlation
CUBE
media class 9
recorder parameter siprec
media-recording 950
dial-peer voice 901 voip
RTP
dial-peer voice 950 voip
description dial-peer pointing to MediaSense
Needs to
match
description dial-peer that needs to be forked
session protocol sipv2
media-class 9
destination-pattern 9999 ! Dummy
session protocol sipv2
session transport tcp
session target ipv4:<Mediasense_IP>
! Bind on this DP mandatory
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
148
CUCM (10.X or later) Controlled Recording
UC Services API – Network Based Recording
3.
1. Enable HTTP on IOS
ip http server
http client persistent
Gateway/CUBE Recording
Enabled
2. Enable the API on IOS
4.
1.
uc wsapi
source-address [IP_Address_of_CUBE]
2.
3. Enable XMF service within the API
5.
provider xmf
remote-url 1 http://CUCM:8090/ucm_xmf
no shutdown
[1] – [3]: An external call is answered by user with IP phone
[4] – [5]: CUCM sends forking request over HTTP to CUBE, which
sends two media streams towards the Recording Server
• Recording not preserved on failover in CUBE HA
• Selective Recording, Mobile/SNR/MVA Calls
• Recording Call Preservation
Now Supports Inbound CVP (Survivability.tcl) Call Recording
[IOS 15.6(1)T, IOS-XE 3.17]
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
149
Call Admission Control
Call Admission Control at the edge...
CUBE provides various CAC mechanisms to safeguard your network from SIP based attacks and to enforce policies based on:
• Total calls
• Maximum connections per destination
• CPU & Memory
• Dial-peer or interface bandwidth
• Call spike detection
Total Calls,
CPU, Memory
High Water Mark
Low Water Mark
Call Spike
Detection
CUBE
call spike call-number [steps
number-of-steps size milliseconds]
call spike 10 steps 5 size 200
CUBE
call threshold global [total/mem/cpu] calls low xx high yy
call treatment on
Max Calls per
Destination
Call #1
Max Bandwidth
based
Call #3 Rejected
by CUBE
Call #1 – 80Kbps
Call #2 – 80 Kbps
Call #2
Call #3
Call #3
Rejected by
CUBE
If a call spike is detected,
reject calls
CUBE
dial-peer voice 1 voip
max-conn 2
Call #3 – 80 Kbps
CUBE
dial-peer voice 1 voip
max-bandwidth 160
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
151
Call Admission Control at the edge...
CUBE provides various CAC mechanisms to safeguard your network from SIP based attacks and to enforce policies based on:
• Total calls
• Maximum connections per destination
• CPU & Memory
• Dial-peer or interface bandwidth
• Call spike detection
Total Calls,
CPU, Memory
High Water Mark
Low Water Mark
Call Spike
Detection
CUBE
call spike call-number [steps
number-of-steps size milliseconds]
call spike 10 steps 5 size 200
CUBE
call threshold global [total/mem/cpu] calls low xx high yy
call treatment on
Max Calls per
Destination
Call #1
Max Bandwidth
based
Call #3 Rejected
by CUBE
Call #1 – 80Kbps
Call #2 – 80 Kbps
Call #2
Call #3
Call #3
Rejected by
CUBE
If a call spike is detected,
reject calls
CUBE
dial-peer voice 1 voip
max-conn 2
Call #3 – 80 Kbps
CUBE
dial-peer voice 1 voip
max-bandwidth 160
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
152
Multiple NonAuthenticated SIP
Trunks on a CUBE
Non-Authenticated SIP Trunking to more than one
Service Provider
SIP SP-1
(10.10.10.2)
A
Active
CUBE
SIP SP-2
(20.20.20.2)
Large enterprises are deploying more
than one SIP Trunk provider for:
• Alternate call routing
• Load balancing
Enterprise
Campus
SIP SP-1’s
network
SIP SP-2’s
network
MPLS
interface loopback1
ip address 10.10.10.1 255.255.255.0
interface loopback2
SRSTip address 20.20.20.1 255.255.255.0
dial-peer voice 10 voip
description “Primary path to SIP SP-1”
CME
destination-pattern
91[2-9]..[2-9]......
session protocol sipv2
session target ipv4:10.10.10.2 TDM PBX
Enterprisesip options-keepalive
voice-class
Branch
Offices
voice-class
sip bind control source-interface loopback1
voice-class sip bind media source-interface loopback1
dial-peer voice 20 voip
description “Secondary path to SIP SP-2”
destination-pattern 91[2-9]..[2-9]......
session protocol sipv2
session target ipv4:20.20.20.2
preference 2
voice-class sip options-keepalive
voice-class sip bind control source-interface loopback2
voice-class sip bind media source-interface loopback2
NOTE: Dual SPs can be used for outbound calls, but to
be utilised for inbound calls, arrangements between
SPs required
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
154
Multiple
Authenticated/Register
ed SIP Trunks on a
CUBE
Multiple Instances of SIP-UA on a CUBE
Existing Implementation, prior to IOS 15.6(2)T and IOS-XE 16.3.1
•
CUBE Configuration generally consists of
•
Global – Everything under voice service voip
•
Call Routing – Dial-peers (Any configuration under dial-peers always overrides Global config)
•
SIP User Agent Config – Everything under sip-ua, applicable globally on the platform
•
No provision to configure specific bind/credentials/outbound proxy for
different registrar
•
No provision to configure specific configs (e.g. timers, retry) for
different tenants
•
Unable to handle authentication challenge for more than one trunk that
have the same SIP realm
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
156
Introducing Tenants on CUBE
•
Every Registrar/User Agent/ITSP connected to CUBE can be
considered a Tenant to CUBE
•
Allows specific global configurations (CLI under sip-ua) for multiple
tenants such as specific SIP Bind for REGISTER messages
•
Allows differentiated services for different tenants
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
157
“Voice class Tenant” Overview
•
Most configs under “sip-ua” and “voice service voip” added in “voice class tenant <tag>”,
e.g. Registrar and Credentials CLI under tenant using different bind and outbound proxy
Prior to Multi Tenancy
sip-ua
registrar 1 ipv4:60.60.60.60:9051 expires 3600
registrar 2 ipv4:70.70.70.70:9052 expires 3600
credentials username aaaa password 7 06070E204D realm aaaa.com
credentials username bbbb password 7 110B1B0715 realm bbbb.com
voice service voip
outbound-proxy ipv4:10.64.86.35:9057
bind control source-interface GigabitEthernet0/1
Global OB Proxy and Bind
E164 - aaaa
Registrar - 1
E164 - bbbb
Registrar - 2
With Voice Class Tenant (Multi-Tenancy)
voice class tenant 1
registrar 1 ipv4:60.60.60.60:9051 expires 3600
credentials username aaaa password 7 06070E204D realm aaaa.com
outbound-proxy ipv4:10.64.86.35:9057
bind control source-interface GigabitEthernet0/0
voice class tenant 2
registrar 1 ipv4:70.70.70.70:9052 expires 3600
credentials username bbbb password 7 110B1B0715 realm bbbb.com
outbound-proxy ipv4:10.64.86.40:9040
bind control source-interface GigabitEthernet0/1
OB Proxy 1 & Bind-1
E164 - aaaa
Registrar - 1
OB Proxy 2 & Bind-2
E164 - bbbb
LTRCOL-2310
Registrar - 1
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
158
Authenticating Multiple trunks with same Realm
•
Requirement : To register two different authenticated numbers/usernames to different
registrars, but with the same realm
•
Prior to IOS 15.6(2)T / IOS-XE 16.3.1, CUBE could register multiple trunks only with
different realms as the “authentication” command only accepted different realms. If the
realms were the same, it just overwrote the username and password
•
Now each credential/authentication pair can be defined under its own voice class tenant
so that the same realm can be used for authentication
With Voice Class Tenant (Multi-Tenancy)
voice class tenant 1
registrar 1 dns:cisco.com expires 3600
credentials number +1234 username aaaa@cisco password 0 AAAA realm cisco.com
authentication username aaaa@cisco password 7 AAAA realm cisco.com
voice class tenant 2
registrar 1 dns:cisco.com expires 3600
credentials number +6789 username bbbb@cisco password 0 BBBB realm cisco.com
authentication username bbbb@cisco password 7 BBBB realm cisco.com
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
159
Configuring Voice Class Tenant
• Configure voice class tenant
Add new voice class tenant
voice class tenant 1
registrar 1 ipv4:10.64.86.35:9052 expires 3600
credentials username aaaa password 7 06070E204D realm aaaa.com
credentials number bbbb username bbbb password 7 110B1B0715 realm bbbb.com
bind control source-interface GigabitEthernet0/0
bind media source-interface GigabitEthernet0/0
copy-list 1
outbound-proxy ipv4:10.64.86.35:9055
early-offer forced
• Apply tenant to the desired dial-peer
dial-peer voice 1 voip
destination-pattern 111
session protocol sipv2
session target ipv4:10.64.86.35:9051
session transport udp
voice-class sip tenant 1
Apply Tenant to a Dial-peer
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
160
Multi-VRF Aware
CUBE
Introduction to Multi-VRF
ATT
VZN
SPT
•
Virtual Routing and Forwarding (VRF) is an IP technology that allows for multiple
instances of a routing table to coexist on the same router at the same time as
opposed to a single global route table, allowing for multiple virtual networks within a
single network entity to isolate between media and data virtual networks
•
Multi-VRF allows for the use of only one router to accomplish the tasks that
multiple routers usually perform
•
Prior to IOS 15.6(2)T / IOS-XE 16.3.1, CUBE only supports a single VRF for Voice
[voice vrf vrfname]
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
162
Multi-VRF and CUBE Enterprise
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
163
Multi-VRF Aware Call Routing on CUBE
•
CUBE allows intra and inter VRF routing of voice and video calls without the need of Route
Leaks improving security at the network level
•
Overlapped IP addressing and Dial Plan with Multi VRF feature provides seamless integration
of networks
•
Show command outputs enhanced to display the VRF ID’s for active voice and video calls
•
Provision to configure RTP port ranges for each VRF and allocation of Local RTP ports based
upon VRF. Listen sockets on UDP, TCP and TLS transports based on the VRF
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
164
Multi-VRF Design Considerations
•
It is strongly recommended to deploy CUBE 11.5.2 or later [IOS 15.6(3)M, IOSXE 16.3.1] for Multi-VRF aware call routing as inbound dial-peers are filtered
based on the incoming VRF FIRST and then followed by the regular inbound
dial-peer matching. This ensures no potential routing issues will exist for
incoming INVITES or any out-of-dialog messages such as REGISTER,
OPTIONS, NOTIFY, etc
• Dial-peer bind statements are mandatory as the VRF association to a dial-peer
is based upon the interface sip bind and both Control and Media on a dial-peer
has to bind with the same VRF
• Whenever global sip bind interface associated with a VRF is
added/modified/removed, user should restart the sip services under
“voice service voip  sip  call service stop/no call service stop”
• Default incoming dial-peer (dial-peer 0) match is not supported with VRF
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
165
Understanding Inbound Dial-Peer Matching Techniques
Priority
0
1
Inbound LAN Dial-Peer
Filter dial-peers based
on incoming VRF if
configured and then 1
to 3 below
Match Based on URI
of an incoming
INVITE message
2
Match based on
Called Number
3
Match based on
Calling number
4
Default Dial-Peer = 0
A
Outbound Calls
SP SIP Trunk
CUCM SIP Trunk
CUBE
Exact Pattern
match
Host Name/IP
Address
User portion of
URI
Phone-number of
tel-uri
Inbound Calls
IP
PSTN
Inbound WAN Dial-Peer
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
166
Multi-VRF Design Considerations – Cont’d
•
Whenever destination server group is used with VRF, ensure that the server
group should have the candidates (i.e. session targets) belonging to the same
network as that of sip bind on the dial-peer where the server-group is
configured. Sample Configuration in notes section below
• Dial-peer group feature or COR (Class of Restriction) lists can be used to
restrict call routing to the same or group of VRFs (e.g. Overlapping Dial
plans)
• The DSP resources are a global pool and not reserved on a per VRF basis. It is
used on a first come first serve basis
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
167
For Your
Reference
Multi-VRF Feature Restrictions
•
•
•
•
•
•
CUBE + CME co-located with VRF and TDM-SIP gateway are not supported
IPV6 with VRF is not supported on CUBE. Only IPv4 is supported with VRF
Multi-VRF calls across CUBE are supported in SIP-SIP flow-through mode only and not
supported in flow-around mode. Media Anti-trombone is not supported with VRF
Legacy global voice vrf and Multi VRF doesn’t co-exist. Customers using global voice vrf
have to remove the CLI in order to use Multi VRF feature
UC Services API (CUCM NBR Recording) is not VRF aware. Works globally for all call
recordings and will not separate the call notification on a per VRF basis
With Single/Multi VRF configured, DNS request will be at global (i.e. no vrf is associated with
the DNS request)
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
168
CUBE Multi VRF - Basic Configuration
VRF 1
Gig0/0/0
Gig0/0/1
VRF 2
CUBE
ip vrf vrf1
rd 1:1
ip vrf vrf2
rd 2:2
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
ip address 7.44.44.13 255.255.0.0
ip vrf forwarding vrf1
ip address 6.44.44.13 255.255.0.0
ip vrf forwarding vrf2
dial-peer voice 100 voip
dial-peer voice 200 voip
voice-class sip bind all interface GigE0/0/0
voice-class sip bind all interface GigE0/0/1
1. Configure VRF
2. Apply VRF under the interface/sub-interface
3. Bind the VRF associated interface to the dial-peer (VRF association by dial-peer bind CLI)
• Up to 54 different VRFs supported in 15.6(3)M and IOS-XE 16.3.1 or later releases
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
169
CUBE Multi VRF – Inbound dial-peer match
VRF 1
INVITE
sip:2000@7.44.44.13
ip vrf vrf1
INVITE
sip:2000@6.44.44.13
CUBE
VRF 2
ip vrf vrf2
rd 1:1
rd 2:2
!
!
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
ip address 7.44.44.13 255.255.0.0
ip vrf forwarding vrf1
ip address 6.44.44.13 255.255.0.0
ip vrf forwarding vrf2
!
!
dial-peer voice 100 voip
dial-peer voice 200 voip
voice-class sip bind all interface GigE0/0/0
incoming called-number 2000
voice-class sip bind all interface GigE0/0/1
incoming called-number 2000
 Inbound match based on VRF where SIP INVITE received
 For VRF 1, dial-peer 100 is matched
 For VRF 2, dial-peer 200 is matched
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
170
CUBE Multi VRF – Inter/Intra VRF Routing
VRF 1
INVITE sip:3000@6.44.44.13
INVITE sip:3000@7.44.44.13
VRF 2
CUBE
ip vrf vrf1
ip vrf vrf2
rd 1:1
rd 2:2
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
dial-peer voice 1 voip
voice-class sip bind all interface GigE0/0/0
incoming called-number 3000
VRF1
ip address 7.44.44.13 255.255.0.0
ip vrf forwarding vrf1
Inter VRF
Routing
dial-peer voice 2 voip
voice-class sip bind all interface GigE0/0/1
incoming called-number 2000
dial-peer voice 100 voip
VRF2
dial-peer voice 200 voip
voice-class sip bind all interface GigE0/0/0
destination-pattern 2000
session-target ipv4: 10.1.1.1
voice-class sip bind all interface GigE0/0/1
destination-pattern 3000
session-target ipv4:10.2.2.2
Intra VRF
Routing
VRF2
dial-peer voice 2000 voip
dial-peer voice 1000 voip
voice-class sip bind all interface GigE0/0/0
incoming called-number 2000
ip address 6.44.44.13 255.255.0.0
ip vrf forwarding vrf2
voice-class sip bind all interface GigE0/0/1
incoming called-number 3000
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
171
CUBE Multi VRF – Routing w/ Overlapped Dial Plan
INVITE
sip:2000@10.1.1.1
INVITE
sip:2000@10.1.1.1
INVITE
sip:2000@7.44.44.13
INVITE
sip:2000@6.44.44.13
ip vrf vrf1
interface GigabitEthernet0/0/0
ip address 7.44.44.13 255.255.0.0
ip vrf forwarding vrf1
voice class dpg 100
dial-peer 11 preference 1
ip vrf vrf2
interface GigabitEthernet0/0/1
Route Inter or
ip address 6.44.44.13 255.255.0.0
Intra VRF calls
ip vrf forwarding vrf2
based on
voice class dpg 200
outbound
dial-peer 22 preference 1
dial-peer groups
dial-peer voice 1 voip
dial-peer voice 2 voip
voice-class sip bind all interface GigE0/0/0
incoming called-number 2000
destination dpg 100
voice-class sip bind all interface GigE0/0/1
incoming called-number 2000
destination dpg 100
VRF1
VRF2
dial-peer voice 11 voip
dial-peer voice 22 voip
voice-class sip bind all interface GigE0/0/0
destination-pattern 8888
session-target ipv4:10.1.1.1
voice-class sip bind all interface GigE0/0/1
destination-pattern 2000
session-target
ipv4:10.2.2.2
© 2017 Cisco and/or
its affiliates. All rights reserved. Cisco Public
VRF1
CUBE Multi VRF – Call Routing w/ Overlapped IP
INVITE
sip:1000@10.1.1.1
INVITE
sip:2000@10.1.1.1
INVITE
sip:1000@7.44.44.13
INVITE
sip:2000@7.44.44.13
ip vrf vrf1
interface GigabitEthernet0/0/0
ip address 7.44.44.13 255.255.0.0
ip vrf forwarding vrf1
ip vrf vrf2
Overlapped
local IP
dial-peer voice 1 voip
ip address 7.44.44.13 255.255.0.0
ip vrf forwarding vrf2
dial-peer voice 2 voip
voice-class sip bind all interface GigE0/0/0
incoming called-number 1000
destination dpg 100
voice class dpg 100
interface GigabitEthernet0/0/1
voice-class sip bind all interface GigE0/0/1
incoming called-number 2000
destination dpg 200
VRF1
VRF2 voice class dpg 200
dial-peer 11 preference 1
dial-peer 22 preference 1
dial-peer voice 11 voip
dial-peer voice 22 voip
voice-class sip bind all interface GigE0/0/0
destination-pattern 1000
session-target ipv4:10.1.1.1
voice-class sip bind all interface GigE0/0/1
destination-pattern 2000
session-target
ipv4:10.1.1.1
© 2017 Cisco and/or
its affiliates. All rights reserved. Cisco Public
CUBE Multi Tenant Configuration Example
VRF 1
VRF 2
CUBE
ip vrf vrf1
rd 1:1
interface GigabitEthernet0/0/0
ip address 7.44.44.13 255.255.0.0
ip vrf forwarding vrf1
voice class tenant 1
registrar ipv4:10.1.1.5 expires 3600
credentials username vrf1 password 7 104F081804 realm vrf1.com
max-forwards 57
retry invite 7
timers trying 100
bind all source-interface GigabitEthernet0/0/0
dial-peer voice 1 voip
voice-class sip bind all interface GigabitEthernet0/0/0
incoming called-number 2000
voice class sip tenant 1
dial-peer voice 11 voip
voice-class sip bind all interface GigabitEthernet0/0/0
destination-pattern 2000
session-target ipv4: 10.1.1.1
voice-class sip tenant 1
ip vrf vrf2
rd 2:2
interface GigabitEthernet0/0/1
ip address 6.44.44.13 255.255.0.0
ip vrf forwarding vrf2
voice class tenant 2
registrar ipv4:10.2.2.5 expires 3600
credentials username vrf1 password 7 104F081804 realm vrf2.com
max-forwards 58
retry invite 5
timers trying 200
bind all source-interface GigabitEthernet0/0/1
dial-peer voice 2 voip
voice-class sip bind all interface GigabitEthernet0/0/1
incoming called-number 3000
voice class sip tenant 2
dial-peer voice 22 voip
voice-class sip bind all interface GigabitEthernet0/0/1
destination-pattern 3000
session-target ipv4: 10.2.2.2
voice-class sip tenant 2
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
174
High Availability
CUBE High Availability Options
• Inbox redundancy
•
•
•
ASR 1006, preserves signaling & media
Stateful failover
Local redundancy
ASR(config)#redundancy
ASR-RP2(config-red)#mode sso
ASR-RP2(config-red)#end
• L2 Box-to-Box redundancy
•
•
•
•
•
ISR G2/4K (Stateful failover)
ASR 1001-X/2-X/4/6 (Stateful failover)
Local redundancy (Both routers must be
physically located on the same Ethernet LAN)
Not supported across data centers
Only 1 RP and 1 ESP in ASR1006
•
Preserves both signaling and media
Active
CUBE
Virtual
IP
Virtual
IP
SIP SP
CUBE
Standby
• Clustering with load balancing
•
•
•
All platforms
Load balancing by
• SP call agent
• Cisco Unified SIP Proxy
Local and geographical redundancy
SIP SP
CUSP
CUSP
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
176
CUBE HA Design Considerations on ISR-G2 for Box-to-Box
Redundancy
•
Anytime a platform is reloaded in a CUBE-HA relationship, it always boots up as Standby
•
All active calls are checkpointed (Calls that are connected - 200OK / ACK transaction completed)
•
All signaling/media is sourced from/to the Virtual IP Address
•
Multiple Traffic (SIP/RTP) interfaces (Gig0/0, Gig0/1) require preemption and interface tracking
•
HSRP Group number should be unique to a pair/interface combination on the same L2
•
All interfaces of the same group have to be configured with the same priority
•
No media-flow around or UC Services API (CUCM NBR) support for CUBE HA
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
177
CUBE HA Design Considerations on ISR-G2 for Box-to-Box
Redundancy – Cont’d
•
Lower IP Address for ALL the interfaces (Gig0/0, Gig0/1, Gig0/2) should be on the same platform,
which is used as a tie breaker for the HSRP Active state
•
Multiple HSRP Groups/Interfaces/sub-interfaces can be used on either LAN or WAN side
•
Upto 6 multimedia lines in the SDP are checkpointed for CUBE HA
•
SDP Passthru (upto 2 m-lines) calls are also checkpointed starting IOS 15.6(1)T
•
TDM or SRST or VXML GW cannot be collocated with CUBE HA
•
Both platforms must be connected via a physical Switch across all likewise interfaces for CUBE HA to
work, i.e. Gig0/0 of CUBE-1 and CUBE-2 must terminate on the same switch and so on
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
178
CUBE HA Design Considerations on ISR-G2 for Box-to-Box
Redundancy – Cont’d
•
Cannot have WAN terminated on CUBEs directly or Data HSRP on either side. Both Active/Standby
must be in the same Data Center
•
Both the CUBEs must be running on the same type of platform and IOS version and identical
configuration. Loopback interfaces cannot be used for bind as they are always up. Sub-interfaces are
supported for all interfaces. Port Channels are supported for all interfaces from IOS 15.6(3)M
•
CUBE HA only checkpoints SIP/RTP Traffic. Support for Survivability.tcl preservation was added in
15.6(2)T for CVP deployments
•
Out-of-band DTMF (Notify/KPML) will not work post switchover
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
179
CUBE HA Design Considerations on ISR-G2 for Box-to-Box
Redundancy – Cont’d
•
CCB (courtesy callback) feature is not supported if a callback was registered with CVP and then a
switchover was done on CUBE. The CCB will not work in these scenarios.
•
Recommended to configure TCP session transport for the SIP trunk between CVP and CUBE
•
LTI based transcoding called flows including SRTP/RTP interworking preserved starting 15.5(2)T.
Requires same PVDM3 chip capacity on both active and standby in the same slot/subslot. CPA calls
(prior to being transferred to the agent), SCCP based media resources, Noise Reduction, ASP,
transrating calls are not checkpointed
•
SRTP - RTP, SRTP - SRTP and SRTP passthru supported on ISR-G2
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
180
CUBE HA Design Considerations on ISR-G2 for Box-to-Box
Redundancy – Cont’d
•
CUBE HA with HSRP is supported with VRFs configured
•
Traffic interfaces (SIP/RTP) can have VRFs configured but HSRP interface [ipc zone default config –
Gig0/2 above] cannot have any VRF associated with it. This means for every CUBE HA deployment
where VRFs are being utilized for SIP/RTP interfaces, at least three interfaces are required. Otherwise,
any of the LAN interfaces (Gig0/0 above) can be used as an HSRP interface
•
VRF ID’s will be check pointed for the calls before and after switchover. VRF Configurations in both
active and standby routers have to be identical. This includes VRF based rtp port range as well
•
Upon failover, the previously ACTIVE CUBE goes through a reload by design, preserving
signaling/media. Thus, running config should always be saved to avoid losing it due to the reload
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
181
CUBE Configuration on ISR-G2 Box-to-Box Redundancy
CUBE 2
CUBE 1
CUBE-1> enable
CUBE-1# configure terminal
CUBE-1(config)# ip vrf LAN-VRF
CUBE-1(config)# rd 1:1
CUBE-1(config)# ip vrf WAN-VRF
CUBE-1(config)# rd 2:2
CUBE-2> enable
CUBE-2# configure terminal
CUBE-2(config)# ip vrf LAN-VRF
CUBE-2(config)# rd 1:1
CUBE-2(config)# ip vrf WAN-VRF
CUBE-2(config)# rd 2:2
Configure VRFs
on the platform
(if applicable)
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
182
CUBE Configuration on ISR-G2 Box-to-Box Redundancy
CUBE 1
interface GigabitEthernet0/0
description “Enterprise LAN”
ip vrf forwarding LAN-VRF
ip address 10.10.1.11 255.255.255.0
standby version 2
standby 1 ip 10.10.1.13
standby delay minimum 30 reload 60
standby 1 preempt
standby 1 track 2 decrement 10
standby 1 track 3 decrement 10
standby 1 priority 50
Inside interfaces :
HSRP group 1
VRF ID : LAN-VRF
(if applicable)
Interface can be
utilized as an HSRP
interface if no VRFs
are required or
configured
CUBE 2
interface GigabitEthernet0/0
description “Enterprise LAN”
ip vrf forwarding LAN-VRF
ip address 10.10.1.12 255.255.255.0
standby version 2
standby 1 ip 10.10.1.13
standby delay minimum 30 reload 60
standby 1 preempt
standby 1 track 2 decrement 10
standby 1 track 3 decrement 10
standby 1 priority 50
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
183
CUBE Configuration on ISR-G2 Box-to-Box Redundancy
CUBE 1
interface GigabitEthernet0/1
description “Enterprise WAN”
ip vrf forwarding WAN-VRF
ip address 128.107.66.77 255.255.255.0
standby version 2
standby 10 ip 128.107.66.79
standby delay minimum 30 reload 60
standby 10 preempt
standby 10 track 1 decrement 10
standby 10 track 3 decrement 10
standby 10 priority 50
CUBE 2
interface GigabitEthernet0/1
description “Enterprise WAN”
ip vrf forwarding WAN-VRF
ip address 128.107.66.78 255.255.255.0
standby version 2
standby 10 ip 128.107.66.79
standby delay minimum 30 reload 60
standby 10 preempt
standby 10 track 1 decrement 10
standby 10 track 3 decrement 10
standby 10 priority 50
Outside
interfaces :
HSRP group 10
VRF ID : WANVRF (if
applicable)
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
184
CUBE Configuration on ISR-G2 Box-to-Box Redundancy
CUBE 1
interface GigabitEthernet0/2
description “HSRP Interface”
ip address 1.1.1.1 255.255.255.0
standby version 2
standby 100 ip 1.1.1.3
standby delay minimum 30 reload 60
standby 100 preempt
standby 100 name CUBEHA
standby 100 track 1 decrement 10
standby 100 track 2 decrement 10
standby 100 priority 50
!
track 1 interface Gig0/0 line-protocol
track 2 interface Gig0/1 line-protocol
track 3 interface Gig0/2 line-protocol
CUBE 2
interface GigabitEthernet0/2
description “HSRP Interface”
ip address 1.1.1.2 255.255.255.0
standby version 2
standby 100 ip 1.1.1.3
standby delay minimum 30 reload 60
standby 100 preempt
standby 100 name CUBEHA
standby 100 track 1 decrement 10
standby 100 track 2 decrement 10
standby 100 priority 50
!
track 1 interface Gig0/0 line-protocol
track 2 interface Gig0/1 line-protocol
track 3 interface Gig0/2 line-protocol
HSRP interfaces :
HSRP group 100
CANNOT HAVE VRFs
associated
Configure Interface
Tracking (for line protocol
on corresponding
interfaces of the platform
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
185
CUBE Configuration on ISR-G2 Box-to-Box Redundancy
CUBE 1
redundancy inter-device
scheme standby CUBEHA
voice service voip
mode border-element
allow-connections sip to sip
redundancy
ipc zone default
association 1
no shutdown
protocol sctp
local-port 5000
local-ip 1.1.1.1
remote-port 5000
remote-ip 1.1.1.2
CUBE 2
Define Redundancy scheme: Creates
interdependency b/w CUBE
redundancy & HSRP
Turn on CUBE Redundancy
HSRP Interface - IPC configuration :
Allows the ACTIVE CUBE to tell the
STANDBY about the state of the calls.
CONFIG SHOULD BE APPLIED on the
LAN SIDE (to avoid SPLIT BRAIN) and a
NON-VRF associated interface
CANNOT HAVE VRFs
associated with this interface
LTRCOL-2310
redundancy inter-device
scheme standby CUBEHA
voice service voip
mode border-element
allow-connections sip to sip
redundancy
ipc zone default
association 1
no shutdown
protocol sctp
local-port 5000
local-ip 1.1.1.2
remote-port 5000
remote-ip 1.1.1.1
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
186
CUBE Configuration on ISR-G2 Box-to-Box Redundancy
Configuration on Active and Standby
dial-peer voice 100 voip
description TO SERVICE PROVIDER
destination-pattern 9T
session protocol sipv2
session target ipv4:y.y.y.y
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
!
dial-peer voice 200 voip
description TO CUCM
destination-pattern 555….
session protocol sipv2
session target ipv4:10.10.1.10
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
!
ip rtcp report interval 3000
!
gateway
media-inactivity-criteria all
timer receive-rtcp 5
timer receive-rtp 86400
Bind traffic destined to the outside (SP SIP trunk)
to the outside Physical interface.
This ensures that all RTP and SIP packets are
created with the virtual IP associated with the
respective physical interface.
CUBE HA does not work with loopback interfaces
as they are always up
Bind traffic destined to the inside (CUCM or IP
PBX) to the inside Physical interface.
This ensures that all RTP and SIP packets are
created with the virtual IP associated with the
respective physical interface.
Configure media inactivity feature to clean up any
calls that may not disconnect after a failover
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
187
CUBE HA Design Considerations on ASR1K/ISR-4K/vCUBE
for Box-to-Box Redundancy
•
Uses Redundancy Group (RG) Infrastructure Protocol
•
Only active calls are checkpointed (Calls that are connected - 200OK / ACK transaction completed)
•
GE0/0/0 and GE0/0/1 are referred to as traffic (SIP/RTP) interfaces and GE0/0/2 is RG (Redundancy
Group) Control/data interface
•
Starting IOS-XE 16.3.1, Port channel is supported for both RG Control/data and traffic interfaces
•
All signaling/media is sourced from/to the Virtual IP Address
•
When configuration is applied and saved, the platform must go through a reload cycle
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
188
CUBE HA Design Considerations on ASR1K/ISR-4K/vCUBE
for Box-to-Box Redundancy
•
Anytime a platform is reloaded in a CUBE-HA relationship, it always boots up as Standby
•
Lower address for all the interfaces (GE0/0/0, GE0/0/1, and GE0/0/2) should be on the same platform
•
Redundancy Interface Identifier, rii (HSRP Group number) should be unique to a pair/interface
combination on the same L2
•
Configuration on both the CUBEs must be identical including physical configuration and must be
running on the same type of platform and IOS-XE version. Loopback interfaces cannot be used as
bind as they are always up. Sub-interfaces are supported
•
Multiple RII Groups/Interfaces/sub-interfaces can be used on either LAN or WAN side
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
189
CUBE HA Design Considerations on ASR1K/ISR-4K/vCUBE for
Box-to-Box Redundancy
•
Multiple traffic (SIP/RTP) interfaces (GE0/0/1, GE0/0/1) require interface tracking to be configured
•
Upto 6 multimedia lines in the SDP are checkpointed for CUBE HA. SDP Passthru (upto 2 m-lines) calls
are also checkpointed starting IOS-XE 3.17
•
No media-flow around or UC Services API (CUCM NBR) support for CUBE HA
•
CUBE-HA preserves both signaling and media and is not supported over a crossover cable connection
for the RG-control/data link (GE0/0/2)
•
Both platforms must be connected via a physical Switch across all likewise interfaces for CUBE HA to
work, i.e. GE0/0/0 of CUBE-1 and CUBE-2 must terminate on the same switch and so on. Multiple
interfaces/sub-interfaces can be used on either LAN or WAN side
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
190
CUBE HA Design Considerations on ASR1K/ISR-4K/vCUBE for
Box-to-Box Redundancy
•
Cannot have WAN terminated on CUBEs directly or Data HA on either side. Both Active/Standby must
be in the same Data Center
•
CUBE HA only checkpoints SIP/RTP Traffic. Support for Survivability.tcl preservation was added in IOSXE 3.17 for CVP deployments
•
CCB (courtesy callback) feature is not supported if a callback was registered with CVP and then a
switchover was done on CUBE. The CCB will not work in these scenarios.
•
Recommended to configure TCP session transport for the SIP trunk between CVP and CUBE
•
Out-of-band DTMF (Notify/KPML) will not work post switchover
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
191
CUBE HA Design Considerations on ASR1K/ISR-4K/vCUBE for
Box-to-Box Redundancy
•
LTI based transcoding called flows are preserved starting IOS-XE 3.15. Requires same SPA-DSP
module capacity on both active and standby in the same slot/subslot. CPA calls (prior to being
transferred to the agent), SCCP based media resources, Noise Reduction, ASP, transrating calls are
not checkpointed
•
CUBE HA with RG Infra protocol is supported with VRFs configured. Traffic interfaces (SIP/RTP) can
have VRFs configured but RG Control/Data interface [GE0/0/2] cannot have any VRF associated with it
•
VRF ID’s will be check pointed for the calls before and after switchover. VRF Configurations in both
active and standby routers have to be identical. This includes VRF based rtp port range as well
•
SRTP - RTP, SRTP - SRTP supported partially. SRTP Passthru completely supported as packets
pass without encryption/decryption [See Note below]
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
192
CUBE HA Design Considerations on ASR1K/ISR-4K/vCUBE for
Box-to-Box Redundancy
•
Upon failover, the previously ACTIVE CUBE goes through a reload by design, preserving
signaling/media
•
Upon failover, starting IOS-XE3.11, the previously ACTIVE CUBE can be moved to a PROTECTED
state to avoid the reload
•
Running configuration should always be saved to avoid losing it due to the reload by design when the
switchover happens
•
It is mandatory to use separate interface for redundancy (RG Control/data, GE0/0/2). i.e interface used
for traffic cannot be used for HA keepalives and checkpointing
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
193
CUBE Configuration on ASR/ISR-4K/vCUBE Box-toBox Redundancy
CUBE 1
CUBE-1> enable
CUBE-1# configure terminal
CUBE-1(config)# ip vrf LAN-VRF
CUBE-1(config)# rd 1:1
CUBE-1(config)# ip vrf WAN-VRF
CUBE-1(config)# rd 2:2
CUBE 2
CUBE-2> enable
CUBE-2# configure terminal
CUBE-2(config)# ip vrf LAN-VRF
CUBE-2(config)# rd 1:1
CUBE-2(config)# ip vrf WAN-VRF
CUBE-2(config)# rd 2:2
Configure VRFs
on the platform
(if applicable)
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
194
CUBE Configuration on ASR/ISR-4K/vCUBE Box-toBox Redundancy
CUBE 1
redundancy
mode none
application redundancy
group 1
name voice-b2bha
priority 100 failover threshold 75
control GigabitEthernet 0/0/2 protocol 1
data GigabitEthernet 0/0/2
timers delay 30 reload 60
voice service voip
mode border-element
allow-connections sip to sip
redundancy-group 1
CUBE 2
Disables software redundancy
For ASR1006: mode rpr
redundancy
mode none
application redundancy
group 1
name voice-b2bha
priority 100 failover threshold 75
control GigabitEthernet 0/0/2 protocol 1
data GigabitEthernet 0/0/2
timers delay 30 reload 60
Configure RG
Group for use
with CUBE HA
voice service voip
mode border-element
allow-connections sip to sip
redundancy-group 1
Turn on CUBE
Redundancy
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
195
CUBE Configuration on ASR1K/ISR-4K/vCUBE Box-toBox Redundancy
CUBE 1
track 1 interface GigabitEthernet 0/0/0
line-protocol
track 2 interface GigabitEthernet 0/0/1
line-protocol
redundancy
application redundancy
group 1
track 1 shutdown
track 2 shutdown
CUBE 2
track 1 interface GigabitEthernet 0/0/0
line-protocol
track 2 interface GigabitEthernet 0/0/1
line-protocol
Track interfaces
to trigger
switchover
redundancy
application redundancy
group 1
track 1 shutdown
track 2 shutdown
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
196
CUBE Configuration on ASR1K/ISR-4K/vCUBE Box-toBox Redundancy
CUBE 1
CUBE 2
interface GigabitEthernet0/0/0
description “Enterprise LAN”
ip vrf forwarding LAN-VRF
ip address 10.10.1.1 255.255.255.0
redundancy rii 1
redundancy group 1 ip 10.10.1.3 exclusive
Inside interfaces :
Redundancy Interface
Identifier 1
VRF ID : LAN-VRF (if
applicable)
interface GigabitEthernet0/0/0
description “Enterprise LAN”
ip vrf forwarding LAN-VRF
ip address 10.10.1.2 255.255.255.0
redundancy rii 1
redundancy group 1 ip 10.10.1.3 exclusive
interface GigabitEthernet0/0/1
description “Enterprise WAN”
ip vrf forwarding WAN-VRF
ip address 20.20.1.1 255.255.255.0
redundancy rii 2
redundancy group 1 ip 20.20.1.3 exclusive
Outside interfaces:
Redundancy Interface
Identifier 2
VRF ID : WAN-VRF (if
applicable)
interface GigabitEthernet0/0/1
description “Enterprise WAN”
ip vrf forwarding WAN-VRF
ip address 20.20.1.2 255.255.255.0
redundancy rii 2
redundancy group 1 ip 20.20.1.3 exclusive
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
197
CUBE Configuration on ASR1K/ISR-4K/vCUBE Box-toBox Redundancy
CUBE 1
interface GigabitEthernet 0/0/2
ip address 3.3.1.1 255.255.255.0
CUBE 2
interface GigabitEthernet 0/0/2
ip address 30.3.1.2 255.255.255.0
RG Control/Data interface :
CANNOT HAVE VRFs associated
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
198
CUBE Configuration on ASR1K/ISR-4K/vCUBE Box-toBox Redundancy
Configuration on Active and Standby
dial-peer voice 100 voip
description to-SIP-SP
destination-pattern 9T
session protocol sipv2
session target ipv4:y.y.y.y
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
!
dial-peer voice 200 voip
description to-CUCM
destination-pattern 555….
session protocol sipv2
session target ipv4:10.10.1.10
voice-class sip bind control source-interface GigabitEthernet0/0/0
voice-class sip bind media source-interface GigabitEthernet0/0/0
!
ip rtcp report interval 3000
!
gateway
media-inactivity-criteria all
timer receive-rtcp 5
timer receive-rtp 86400
Bind traffic destined to the outside (SP SIP
trunk) to the outside Physical interface to
make sure it uses the virtual IP address as
the source-IP for all calls
Bind traffic destined to the inside (CUCM or
IP-PBX) to the inside Physical interface
Configure media inactivity feature to
clean up any calls that may not
disconnect after a failover
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
199
PortChannel2
Additional Supported options for CUBE HA
CUBE-1
Gig0/0/0
Gig0/0/2.200
Gig0/0/2.100 – ITSP 1
Gig0/0/1
CUBE
vPC
PortChannel2
CUCM
•
•
•
PortChannel34
vPC
Switch A
Switch B
PortChannel34
Gig0/0/3
Gig0/0/1
redundancy
rii 3
Switch E
ITSP 1
Gig0/0/4
redundancy
rii 2
Switch D
redundancy
rii 1
Gig0/0/3
WAN
Edge
Switch C
ITSP 2
Gig0/0/4
Gig0/0/2.100
Gig0/0/2.200 – ITSP 2
Gig0/0/0
CUBE
CUBE-2
The RG control data interfaces can be a sub interface that is part of the same port channel used for voice traffic. This will go to switch D and E
thereby eliminating the need for additional switches for RG control/data. This is provided there is sufficient bandwidth for voice + RG
data/control on the port channel (for example when using 10G)
Multiple ITSPs or multiple trunks from the same ITSP can be terminated on the same CUBE ENT HA (ISR G2, ISR 4K, ASR 1K, vCUBE) pair
2017 Cisco and/or
its affiliates.
All rights
Public
Port Channel(s) can be used on the WAN/ITSP side as well as shown for the LAN side in the above© diagram
with
L2 and
CEreserved.
routerCisco
redundancy
ASR B2B Redundancy : PROTECTED MODE
•
Default failover redundancy behavior in a B2B HA pair is to reload the affected router to avoid out-of-sync
conditions/Split brain
•
Starting XE3.11, an ASR can be configured to transition into PROTECTED mode
•
In PROTECTED mode
o
o
•
Bulk sync request, Call checkpointing, and incoming call processing are disabled
The router in PROTECTED mode needs to be manually reloaded to come out of this state
The PROTECTED mode is enabled with the following CLI
voice service voip
no redundancy-reload !  Default is ‘redundancy-reload’
•
Track for the RG Control/data interface (GE0/0/2) with the same ‘track <id> shutdown’ under redundancy
group needs to be added
track 1 interface GigabitEthernet0/0/0 line-protocol
track 2 interface GigabitEthernet0/0/1 line-protocol
track 3 interface GigabitEthernet0/0/2 line-protocol !  Track for RG Control/data interface
redundancy
application redundancy
group 1
track 1 shutdown
track 2 shutdown
track 3 shutdown
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
201
CUBE SIP Trunk Monitoring with OOD Options message
A
SP SIP Trunk
CUCM SIP Trunk
CUBE
SP
SIP
OOD Options
INVITE
DP 100 =
ACTIVE
200 OK
•
Out-of-dialog OPTIONS message sent
to check the status of the SIP Trunk
INVITE
•
The dial-peer is “busyout” if it does
not receive a response within a
configurable time period
•
For an INVITE that matches a
“busyout” dial-peer, CUBE sends “503
Service Unavailable”
•
If there is a secondary dial-peer
configured, the call will be re-routed
the secondary path
200 OK
200 OK
OOD Options
Timeout – no
response
DP 100 = BUSYOUT
INVITE
OOD Options
503 Service Unavailable
OOD Options
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
202
CUBE SIP Trunk Monitoring with OOD Options message
A
SP SIP Trunk
CUCM SIP Trunk
SP SIP
CUBE
OOD Options
200 OK
INVITE
DP 100 =
ACTIVE
INVITE
200 OK
200 OK
OOD Options
Timeout – no
response
DP 100 = BUSYOUT
INVITE
OOD Options
503 Service Unavailable
OOD Options
dial-peer voice 100 voip
voice-class sip options-keepalive
up-interval 20 down-interval 20 retry 3
Three timers that can be configured:
• up-Interval: OPTIONS keepalive
timer interval for UP endpoint
• down-interval: OPTIONS keepalive
timer interval for DOWN endpoint
• retry: Retry count for OPTIONS
keepalive transmission
Warning:
• Each dial-peer that has options
message configured sends out a
separate message.
• EEM Script can be used to busyout
other dial-peers
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
203
OOD OPTIONS Ping Keepalive Enhancement
A
SP SIP Trunk
CUCM SIP Trunk
SP SIP
•
Each dial-peer that has OPTIONS message
configured sends out a separate message, even
if the session targets are same
•
Network bandwidth and process runtime are
wasted in CUBE and remote targets to sustain
duplicate OOD OPTIONS Ping heartbeat
keepalive connection
•
Consolidate SIP OOD Options Ping connections
by grouping SIP dial-peers with same OOD
Options Ping setup
•
New CLI : “voice class sip-keepaliveprofile <tag>” is used to define OOD
OPTIONS Ping setup
•
Consolidated SIP OOD Options Ping connection
will then be established with a target for multiple
SIP dial-peers with the same target and OOD
Options Ping profile setup
CUBE
OOD Options (DP 100)
200 OK
DP 100 : Session Target IPv4:1.1.1.1
INVITE
INVITE (DP 100)
200 OK
200 OK
OOD Options (DP 200)
200 OK
DP 200: Session Target IPv4:1.1.1.1
OOD Options (DP 300)
200 OK
DP 300: Session Target IPv4:1.1.1.1
OOD Options (DP 400)
200 OK
DP 400: Session Target IPv4:1.1.1.1
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
204
OOD OPTIONS Ping Keepalive Enhancement Configuration
voice class sip-options-keepalive 1
description UDP Options consolidation
down-interval 49
up-interval 180
retry 7
transport udp
dial-peer voice 1 voip
destination-pattern 6666
session protocol sipv2
session target ipv4:10.104.45.253
voice-class sip options-keepalive profile 1
dial-peer voice 2 voip
destination-pattern 5555
session protocol sipv2
session target ipv4:10.104.45.253
voice-class sip options-keepalive profile 1
Sample Show command output
CUBE#sh voice class sip-options-keepalive 1
Voice class sip-options-keepalive: 1
Single OOD Option
Ping Group applied
to multiple dial-peers
with same session
targets
AdminStat: Up
Description: UDP Options consolidation
Transport: udp
Sip Profiles: 0
Interval(seconds) Up: 180
Down: 49
Retry: 7
Peer Tag
Server Group
OOD SessID
OOD Stat
IfIndex
--------
------------
----------
--------
-------
1
4
Active
9
2
4
Active
10
OOD SessID: 4
OOD Stat: Active
Target: ipv4:10.104.45.253
Transport: udp
Sip Profiles: 0
•
With OOD Options Ping Keepalive group, an options ping keepalive connection is established on per remote target base as opposed
an options ping keepalive connection established per dial-peer basis. Up to 10,000 “voice class sip-options-keepalive <tag>” can be
defined per system
•
Either legacy “sip options-keepalive” or the new “sip options-keepalive profile <tag>” can be configured on a dial-peer. Dial-peers with
Destination Server Group instead of Session Target IP must use Options Keepalive Profile and not the legacy CLI.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
205
SIP Trunk to TDM PSTN Failover
•
Collocated Cisco Unified Border Element and TDM GW offers:
•
Alternate call routing path (upon congestion or SIP Trunk failure)
•
Easy SIP Trunking migration
SIP Trunk
(Primary)
SBC
IP
SP
VoIP
CUBE
• Deployed in small to medium sized
enterprise networks
• Deployed at branch locations for
PSTN calls during survivability
mode
• Deployed at branch locations for
emergency services
TDM Trunk
(Secondary)
dial-peer voice 10 voip
description “Primary path to SIP Trunk provider”
destination-pattern 91[2-9]..[2-9]......
session protocol sipv2
session target ipv4:10.10.10.1
voice-class sip options-keepalive
dial-peer voice 20 pots
description “Secondary path to PSTN”
destination-pattern 91[2-9]..[2-9]......
preference 2
port 0/0/0:23
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
206
Video Suppression
Video Suppression
INVITE w/
audio only
SP
SIP
A
CUBE
Video
Endpoints
INVITE w/ audio,
video, application
SBC
CUBE(config)#voice service voip
CUBE(conf-voi-serv)#sip
CUBE(conf-serv-sip)#audio forced
CUBE(conf-serv-sip)#dial-peer voice 100 voip
CUBE(conf-serv-sip)#description “Outgoing Dial-peer”
CUBE(config-dial-peer)#voice-class sip audio forced
•
When CUBE receives video capabilities as part of SDP, it passes them across by
default
•
This feature adds a mechanism on CUBE to allow only audio and image (for T.38
fax) media capabilities and drop all other media capabilities like video,
application m-lines etc. while routing calls to service providers
»Only supported for SIP-SIP calls not in SDP Passthru mode
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
208
MMoH
Multicast MoH to Unicast MoH Conversion- CUBE
Multicast MoH
Hold
A
♬ ♬ ♬
Unicast MoH
CUBE
♬ ♬
SP
SIP
Active Call
ccm-manager music-on-hold
ip multicast-routing distributed
“ip pim dense-mode” under interface
•
Extends the ability for enterprises to play Multicast MoH to Service Providers
•
CUBE converts Multicast MoH from the MoH server to unicast MoH streamed to
the service provider
•
Provides the ability to play Multicast MoH over the WAN from the MoH server at
the HQ to the CUBE at the remote branch (distributed architecture), saving WAN
bandwidth
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
210
Contact Center
Features
Mid-call codec renegotiation
G.711
3
CVP
2
1
G.711
Call Xfer (signaling only)
Provider supports both
G.711 and G.729 codecs
G.729 /
G.711
SP SIP
SIP
CUBE
4
G.729
G.729
1
Call arrives on G.729 SIP trunk
2
CVP connects call to speech recognition server that
requires G.711 so the call renegotiates G.711 e2e
3
CVP xfers call to a remote agent that uses G.729
4
Call renegotiates to G.729 e2e
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
212
Mid-call Xcoder Insert/Drop
G.711
3
CVP
2
Transcoder Inserted
G.711
Call Xfer (signaling only)
Provider supports only
G.729 codec
1
G.729 /
G.711
SP SIP
SIP
CUBE
4
G.729
G.729
Transcoder Dropped
1
Call arrives on G.729 SIP trunk
2
CVP connects call to speech recognition server that
requires G.711. Since provider does not support G711
CUBE inserts transcoder
3
CVP xfers call to a remote agent that uses G.729
4
CUBE drops xcoder and e2e call becomes G.729 again
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
213
REFER Handling for Contact Centers
•
Enables CUBE to handle REFER messages more efficiently in contact center deployments
•
CUBE can operate in either consume mode or pass-through mode
REFER Consumption
A
3. INVITE
SIP SP
CUBE
2. INVITE
CVP
Based on “Refer-To” header,
CUBE does outbound dial-peer
match and sends out an INVITE
message
No supplementary-service sip refer
supplementary-service media-renegotiate
1. REFER
REFER Pass-through (Default mode)
A
SIP SP
CUBE
2. REFER
CVP
CUBE will pass across the
Refer message “as-is” without
any modification
1. REFER
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
214
REFER Handling Enhancement
• A new CLI, “refer consume”, has been added to the SIP dial peer.
• The final decision to consume or pass-through REFER is determined based on this new
CLI option configured on the Refer-To dial-peer.
“supplementary-service sip refer”
“refer consume”
Configured globally or
at inbound dial-peer
Configured at dialpeer that matches
‘refer-To’
Yes (default)
No (default)
REFER Pass-through
Yes (default)
Yes
REFER Consume
No
No (default)
REFER Consume
No
Yes
REFER Consume
LTRCOL-2310
Outcome
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
215
Call Progress Analysis on SIP Trunks
Sent:
Received:
INVITE sip:2776677@9.41.35.205:5060
SIP/2.0
UPDATE
sip:sipp@9.42.30.151:7988;transport=UDP
SIP/2.0
Via: SIP/2.0/UDP
SIP/2.0/UDP 9.41.35.205:5060;branch=z9hG4bK6F26CF
9.42.30.151:7988;branch=z9hG4bK-16368-1-0
Via:
……………..
…………….
event=detected
--uniqueBoundary
status=Asm
Content-Type: application/x-cisco-cpa
pickupT=2140
Content-Disposition: signal;handling=optional
maxActGlitchT=70
numActGlitch=12
Events=FT,Asm,AsmT,Sit
valSpeechT=410
CPAMinSilencePeriod=608
maxPSSGlitchT=40
CPAAnalysisPeriod=2500
numPSSGlitch=1
CPAMaxTimeAnalysis=3000
silenceP=290
CPAMaxTermToneAnalysis=15000
termToneDetT=0
CPAMinValidSpeechTime=112
noiseTH=1000
actTh=32000
SIP Dialer
SIP SP
CVP
Contact Center
CUBE
Dialer will then instruct
CUBE on whether to
connect the call to an agent
or disconnect the call by
sending REFER, RE-INVTE,
BYE, CANCEL etc.
CUBE detects fax tone
Transcoder Inserted
to detect tones
CUBE will then
connect/disconnect the
call appropriately
LTRCOL-2310
Configuration on CUBE:
voice service voip
cpa
dspfarm profile 1 transcode universal
call-progress analysis
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
216
CUBE Security
Note
•
CUBE version 11.5.0 [IOS 15.6(1)T, IOS-XE 3.17] or later was used to
develop the best practices included in the CUBE Security presentation,
unless a specific version is mentioned on a slide
•
The CUBE Configuration guide is the comprehensive resource for
security configuration and more
•
All best practices around Cisco IOS/IOS-XE Routers apply to CUBE as
well
•
CUBE Configuration generally consists of
•
•
•
Global – Everything under voice service voip
Call Routing – Dial-peers (Any configuration under dial-peers always overrides Global config)
SIP User Agent Config – Everything under sip-ua
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
218
Collaboration Deployment
Enterprise LAN
Unified CM
ITSP WAN (SIP Provider)
PSTN (PRI/FXO)
TDM Backup
(Not available in vCUBE)
PSTN
CUBE
SIP
H.323
RTP
MediaSense
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
219
CUBE/GW
Security
Overview
CUBE Voice Security Protection per Design Specs
DOS
• B2BUA – L7
Inspection
• Call Volume/BW
Limiting (CAC)
• Call Codec
Limiting
• SIP Malformed
Inspection
• SIP Listen Port
Configuration
• RTP Malformed
• Topology Hiding
• Co-resident IOS:
ACLs, FW, IPS
Voice Application Code
L7 Protocol-independent memory structures holding call
state and attributes (CLID, Called #, Codec…)
Dial-peer
SIP/H.323
Protocol
Stack
Dial-peer
DTMF xlation
Codec Filtering
Xcoding Control
SIP/H.323
Protocol
Stack
RTP
Library
TCP UDP TLS
RTP
Library
DSP API
DSP Hardware
TCP UDP TLS
Identity / Service Theft
• SIP Digest Authentication
• SIP Hostname Validation
• SIP Trunk Register
• CDR
• Toll Fraud
• Co-resident IOS: ACLs, COR
Privacy
• SIP Header Manipulation
• Authentication and
encryption (media) – SRTP
• Authentication and
encryption (signaling) – TLS
• Co-resident IOS: All VPN
features
IOS Infrastructure (ACLs, FW, IPS, VPN)
Ingress I/F
HW LAN/WAN Interfaces
Signaling
Egress I/F
Media
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
221
Five Layers of Security in CUBE
EXTERNAL
SECURITY
Policy
APPLICATION LAYER
Dialpeer
Matching
Voice Trust
List
TCP & UDP
Mechanisms
NETWORK LAYER
Access
Control Lists
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
222
CUBE Security Best Practices Summary
•
•
•
•
•
•
•
IP TRUST LIST: Don’t respond to any SIP INVITEs if not originated
from an IP address specified in this trust list
CALL THRESHOLD: Protect against CPU, Memory & Total Call spike
CALL SPIKE PROTECTION: Protect against spike of INVITE
messages within a sliding window
BANDWIDTH BASED CAC: Protect against excessive media
MEDIA POLICING: Protect against negotiated Bandwidth overruns and
RTP Floods
USE NBAR POLICIES: Protect against overall SIP, RTP flood attacks
from otherwise “trusted” sources
DEFINE VOICE POLICIES: identify patterns of valid phone calls that
might suggest potential abuse.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
223
Topology Used in this section
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
224
Topology/Address Hiding
10.10.1.10
10.10.1.11
128.107.214.21
66.66.66.66
MPLS
Inside
SBC
CUBE
Enterprise LAN —10.10.1.x/24
•
ITSP WAN
Requirements
•
•
Outside
SP IP
Network
Maintain connectivity without exposing the IP network details
B2BUA provides complete topology hiding on signaling and media
•
•
Maintains security and operational independence of both networks
Provides implicit NAT service by substituting Cisco Unified Border Element IP
addresses on all traffic
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
225
SIP Trunk to ITSP
Item
SIP Trunk service provider requirement
Sample
Response
1
SIP Trunk IP Address (Destination IP Address for INVITES)
20.1.1.2 or DNS
2
SIP Trunk Port number (Destination port number for INVITES)
5060
3
SIP Trunk Transport Layer (UDP or TCP)
UDP
4
Codecs supported
G711, G729
5
Fax protocol support
T.38
6
DTMF signaling mechanism
RFC2833
7
Does the provider require SDP information in initial INVITE (Early offer required)
Yes
8
SBC’s external IP address that is required for the SP to accept/authenticate calls
(Source IP Address for INVITES)
20.1.1.1
9
Does SP require SIP Trunk registration for each DID? If yes, what is the
username & password
No
10
Does SP require Digest Authentication? If yes, what is the username & password
No
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
226
IP Trust List for Signaling
1. Enable CUBE Application
voice service voip
mode border-element license capacity 20  License count entered here not enforced though
this CLI is required to see “show cube” CLI output
allow-connections sip to sip
 By default IOS/IOS-XE voice devices do not allow
an incoming VoIP leg to go out as VoIP
2. Configure any other global settings or security measures
voice service voip
h323
call service stop
 Disable H323 if not using it
3. Create a trusted list of IP addresses to prevent toll-fraud
voice service voip
ip address trusted list
 Applications initiating signaling towards CUBE, e.g. CUCM, CVP,
ipv4 66.77.37.2 ! ITSP SIP Trunk Service Provider’s SBC. IP Addresses from dial-peers with
ipv4 10.10.1.20/28 ! CUCM
“session target ip” or Server Group are trusted by default and
need not be populated here
sip
silent-discard untrusted  Default configuration starting XE 3.10.1 /15.3(3)M1 to mitigate TDoS Attack
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
227
Toll Fraud Mitigation
•
Default operation in 15.1.2T has changed
•
As of 15.1.2T, by default, only calls from “trusted” source IP addresses will be
accepted – similar to CUCM operation
•
If you want to restore pre-15.1.2T default operation, use “voice service voip >
no ip address trusted authenticate”. This is NOT RECOMMENDED.
10.10.1.10
IP
10.10.10.2
voice service voip
ip address trusted list
ipv4 10.10.1.10
ipv4 66.66.66.66
Toll Fraud Prevention – more info:
http://www.cisco.com/en/US/tech/tk652/tk90/technologies_te
ch_note09186a0080b3e123.shtml
SP
SIP
CUBE
66.66.66.66
router#sh ip address trusted list
IP Address Trusted Authentication
Administration State: UP
Operation State:
UP
IP Address Trusted Call Block Cause: call-reject (21)
VoIP Dial-peer IPv4 Session Targets:
Peer Tag
Oper State
Session Target
-----------------------------1
UP
ipv4:30.1.1.1
2
DOWN
ipv4:40.1.1.1
IP Address Trusted List:
ipv4 10.10.1.10
ipv4 66.66.66.66
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
228
Configure Call Routing on CUBE
Standby
A
Enterprise
Campus
MPLS
LAN Dial-Peers
•
CUBE
Active
IP PSTN
CUBE
WAN Dial-Peers
Dial-Peer – “static routing” table mapping phone
SRST
•
CUBE with High
Availability
PSTN is now
used only for
numbers
emergency callsto
over FXO lines
interfaces or IP addresses
LAN Dial-Peers – Dial-peers that are facing towards the IP PBX for sending and
receiving calls to & from the PBX
CME
•
WAN Dial-Peers – Dial-peers that are facing towards
the SIP Trunk provider for
TDM PBX
Enterprise
sending & receiving calls
to &Branch
from the provider
Offices
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
229
Understanding Dial-Peer Matching Techniques:
LAN & WAN Dial-Peers
•
LAN Dial-Peers – Dial-peers that are facing towards the IP PBX for sending
and receiving calls to & from the PBX
•
WAN Dial-Peers – Dial-peers that are facing towards the SIP Trunk provider for
sending & receiving calls to & from the provider
Inbound LAN Dial-Peer
A
Outbound Calls
CUCM SIP Trunk
Outbound WAN Dial-Peer
ITSP SIP Trunk
IP PSTN
CUBE
Inbound Calls
Outbound LAN Dial-Peer
Inbound WAN Dial-Peer
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
230
WAN Dial-Peer Configuration
Inbound Dial-Peer for call legs from SP to CUBE
dial-peer voice 100 voip
description *** Inbound WAN side dial-peer ***
incoming called-number 70247595..$
OR
incoming uri via tag
session protocol sipv2
voice-class sip bind control source gig0/1
voice-class sip bind media source gig0/1
Specific to your DID range
assigned by the SP
No “incoming called-number . ”
Apply bind to all dial-peers when
CUBE has multiple interfaces.
Gig0/1 faces SP.
Outbound Dial-Peer for call legs from CUBE to SP
dial-peer voice 200 voip
description *** Outbound WAN side dial-peer ***
translation-profile outgoing Digitstrip
destination-pattern 91[2-9]..[2-9]......$
session protocol sipv2
voice-class sip bind control source gig0/1
voice-class sip bind media source gig0/1
session target ipv4:<SIP_Trunk_IP_Address>
codec g711ulaw
dtmf-relay rtp-nte
Translation rule/profile to strip the
access code (9) before delivering
the call to the SP
Dial-peer for making long distance
calls to SP, based on NANP (North
American Numbering Plan)
No “destination-pattern .T ”
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
231
LAN Dial-Peer Configuration
Inbound Dial-Peer for call legs from CUCM to CUBE
dial-peer voice 300 voip
description *** Inbound LAN side dial-peer ***
incoming called-number 9T
session protocol sipv2
voice-class sip bind control source gig0/0
voice-class sip bind media source gig0/0
codec g711ulaw
dtmf-relay rtp-nte
CUCM sending 9 (access code) + All
digits dialed
Apply bind to all dial-peers when
CUBE has multiple interfaces. Gig0/0
faces CUCM.
Outbound Dial-Peer for call legs from CUBE to CUCM
dial-peer voice 400 voip
description *** Outbound LAN side dial-peer ***
destination-pattern 70247595..$
session protocol sipv2
voice-class sip bind control source gig0/0
voice-class sip bind media source gig0/0
session target ipv4:<CUCM_IP_Address>
codec g711ulaw
dtmf-relay rtp-nte
SP will be sending 10 digits (NANP)
based on your DID that is being
delivered to CUCM
Default codec is G729 if none is
specified
Note: If more than 1 CUCM cluster exists, you will have to create multiple such LAN dial-peers with “preference CLI” for
CUCM redundancy/load balancing as the traditional way to accommodate multiple trunks
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
232
ACLs Applied on WAN Interfaces
ip access-list extended ITSP-INBOUND
permit udp host ITSP_IP_ADDRESS host CUBE_WAN_IP_ADDRESS eq 5060
permit tcp host ITSP_IP_ADDRESS host CUBE_WAN_IP_ADDRESS eq 5060
permit udp host ITSP_IP_ADDRESS host CUBE_WAN_IP_ADDRESS range 16384 32767
ip access-list extended APPLY_to_GIG0-1
permit udp host 66.66.66.66 host 128.107.214.21 eq 5060
permit tcp host 66.66.66.66 host 128.107.214.21 eq 5060
permit udp host 66.66.66.66 host 128.107.214.21 range 16384 32767
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
233
SIP Listening Port Protection

Default SIP Listen ports are 5060 (UDP/TCP) and 5061 (TLS)

These ports are well-known and can be the target of attacks

Change the SIP Listen port to a different setting that is not well-known

Global setting, i.e. single port per router can be configured

Cannot configure the same listening port for both UDP/TCP and TLS

Cannot reconfigure a SIP listen port when calls are active
voice service voip
sip
listen-port non-secure 2000 secure 2050
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
234
RTP Port Range and Phantom Packets

A phantom packet is a valid RTP packet meant for the CUBE or Voice TDM gateway without an
existing signaling session

When a phantom packet is received by the VoIP RTP layers of the gateways, the packet is punted
to the UDP process to check if it is required by any other applications causing performance issues

A malicious attacker can also send a large number of phantom/rogue packets to impact CPU

Configure VoIP port range for phantom packets. If a phantom packet is received on the configured
port, the VoIP RTP layer can safely drop the packet. If a phantom packet is received on any other
port, the VoIP RTP layer punts the packet to the UDP process.

RTP port range on ISR G2 is from 16K to 32K, and 8K to 48K on ISR 4K, ASR1K, and vCUBE
voice service voip
rtp-port range 16384 32766
! applies to the global port table which is all ipaddress outside of the media-address ranges
media-address range 10.10.1.11 10.10.1.11 port-range 16384 32766  Internal Interface
media-address range 128.107.214.21 128.107.214.21 port-range 16384 32766  External Interface
! the port-range here decides which ports to be used for this media-range
port-range 16384 32766
! used to drop phantom packets within this port-range, no impact on which ports to use
sip
source filter ! Filter out incoming incorrect remote addr/port RTP packets
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Close Unused Session Transport Mechanisms
•
Close Unused H.323/SIP Ports and Transport Mechanisms
•
By default these ports are open when a voice-enabled software load is
deployed on the router (either as a PRI gateway or Cisco UBE).
sip-ua
no transport tcp
no transport udp
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
236
SIP Registration/Digest Authentication
•
SIP Registration: A SP SIP trunk requiring a registration sequence is
more secure than one that doesn’t. However, many SPs do not
currently support or offer SIP registration.
sip-ua
credentials username 1001 password 0822455D0A16 realm cisco.com
•
SIP Digest Authentication: Cisco UBE responds to SIP Digest
Authentication challenges from a SP call agent.
sip-ua
authentication username xxx password yyy
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
237
Call Admission Control at the edge...
CUBE provides various CAC mechanisms to safeguard your network from SIP based attacks and to enforce policies based on:
• Total calls
• Maximum connections per destination
• CPU & Memory
• Dial-peer or interface bandwidth
• Call spike detection
Total Calls,
CPU, Memory
High Water Mark
Low Water Mark
Call Spike
Detection
CUBE
call spike call-number [steps
number-of-steps size milliseconds]
call spike 10 steps 5 size 200
CUBE
call threshold global [total/mem/cpu] calls low xx high yy
call treatment on
Max Calls per
Destination
Call #1
Max Bandwidth
based
Call #3 Rejected
by CUBE
Call #1 – 80Kbps
Call #2 – 80 Kbps
Call #2
Call #3
Call #3
Rejected by
CUBE
If a call spike is detected,
reject calls
CUBE
dial-peer voice 1 voip
max-conn 2
Call #3 – 80 Kbps
CUBE
dial-peer voice 1 voip
max-bandwidth 160
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
238
Call Admission Control at the edge...
CUBE provides various CAC mechanisms to safeguard your network from SIP based attacks and to enforce policies based on:
• Total calls
• Maximum connections per destination
• CPU & Memory
• Dial-peer or interface bandwidth
• Call spike detection
Total Calls,
CPU, Memory
High Water Mark
Low Water Mark
Call Spike
Detection
CUBE
call spike call-number [steps
number-of-steps size milliseconds]
call spike 10 steps 5 size 200
CUBE
call threshold global [total/mem/cpu] calls low xx high yy
call treatment on
Max Calls per
Destination
Call #1
Max Bandwidth
based
Call #3 Rejected
by CUBE
Call #1 – 80Kbps
Call #2 – 80 Kbps
Call #2
Call #3
Call #3
Rejected by
CUBE
If a call spike is detected,
reject calls
CUBE
dial-peer voice 1 voip
max-conn 2
Call #3 – 80 Kbps
CUBE
dial-peer voice 1 voip
max-bandwidth 160
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
239
Call Admission Control Based on Total Calls, CPU
and Memory usage
•
CUBE provides various different CAC mechanisms – based on Total
calls, CPU Utilization & Memory utilization
Total Calls, CPU,
Memory
High Water Mark
Low Water Mark
CUBE
Configuration on CUBE
Step1 :
 Set the threshold for Total-Calls
call threshold global total-calls low <low-threshold> high <high-threshold>
 Set the threshold for Total-memory
call threshold global total-mem low <low-threshold> high <high-threshold>
 Set the threshold for CPU usage (Average or last 5 seconds)
call threshold global cpu-5sec low <low-threshold> high <high-threshold>
OR
call threshold global cpu-avg low <low-threshold> high <high-threshold>
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
240
Call Admission Control Based on Total Calls, CPU
and Memory usage
Configuration on CUBE
Step 2 :
 Enable the Call Treatment using:
call treatment on
Step 3 :
 Enter the Call Treatment cause-code:
call treatment cause-code ?
busy
Insert cause code indicating the GW is busy (17)
no-QoS
Insert cause code indicating the GW cant provide QoS (49)
no-resource
Insert cause code indicating the GW has no resource (47)
Call Treatment Options
call treatment action ?
hairpin
Hairpin
playmsg
Play the selected message
reject
Disconnect the call and pass down cause code
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
241
Call Admission Control based on Call spikes

Call spike CAC monitors call arrival rate over a moving window of time; calls
exceeding the configured rate threshold are rejected

Protection against unexpected high call volumes, and INVITE-based DOS
attacks

Can be configured globally or on a per dial-peer level

Error code will be sent when a call spike occurs

This error code is also configurable globally or on a per dial-peer level
Call Spike
Detection
CUBE
If a call spike is detected, reject calls
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
242
Call Admission Control based on Call spikes
Configuration on CUBE
call spike call-number [steps number-of-steps size milliseconds]
A
SIP SP
CUBE
If a call spike is detected, reject calls
• 10 calls accepted during the most recent window
• The most recent window is 1-second (5x200ms)
• The window moves on every 200ms
Example:
call spike 10 steps 5 size 200
Call arrival
2
200ms
2
200ms
2
200ms
2
200ms
2
200ms
3
1
200ms
200ms
4
200ms
10 calls; all accepted
Most recent
time window
11 calls; 10 acc, 1 rejected
10 calls; all accepted
12 calls; 10 acc, 2 rejected
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
243
Call Admission Control based on Bandwidth
 Bandwidth based CAC feature provides a mechanism to limit number of SIP calls
based on the aggregate media bandwidth limit either at:
 Dial-Peer level or,
 Interface level
 Provides the ability to configure the SIP error response code for calls rejected by this
feature
 Examples:
Call #1 – 80Kbps
Call #2 – 80 Kbps
Call #3 – 80 Kbps
dial-peer voice 1 voip
max-bandwidth 160
CUBE
Call #3 Rejected by CUBE
At Dial-Peer level
At Interface level
dial-peer voice 1 voip
destination-pattern 2...
max-bandwidth 160
session protocol sipv2
session target ipv4:9.44.44.9:6080
!
CUBE# call threshold interface GigabitEthernet0/0 intbandwidth low 120 high 160
!
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
244
Media Policing to protect against RTP Floods

Leaky Bucket Algorithm (LBA) checks RTP payload in the
RTP packet against the expected negotiated rate in SIP
signaling and identify violation if any

LBA identifies violation and triggers policing actions on
violated rtp packets.

Policing actions can be one of the following:


Drop all violated packets

Drop all the violated packets as well as disconnect call
once it reaches the configured number of violations, or

Ignore the violations
SYSLOG and SNMP trap can be generated to inform
violation to the system administrator.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
245
NBAR to protect against SIP flooding and UDP
attacks at opened RTP ports
Interface configuration
interface GigabitEthernet0/0-1 ! Both Internal and External interfaces
service-policy input throttle
global configuraiton
class-map match-any rtp
match protocol rtp
class-map match-any sip
match protocol sip
!
policy-map throttle
class sip
police 8000
class rtp
police 150000
class class-default
police 8000
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
246
Control Plane Policing (CoPP) – To prevent packet
flooding/Large Rate of packet arrival
ip access-list extended coppacl-udp-icmp
permit udp any host 10.10.1.11 range 16384 32767
permit udp any host 128.107.214.21 range 16384 32767
permit icmp any host 10.10.1.11 range 16384 32767
permit icmp any host 128.107.214.21 range 16384 32767
!
class-map match-all copp-rtp-icmp
match access-group name coppacl-udp-icmp
!
policy-map copp-policy-rtp-icmp
class copp-rtp-icmp
police rate 100 pps conform-action transmit exceed-action drop
!
control-plane
service-policy input copp-policy-rtp-icmp
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
247
SIP
MGCP
H323
RTP
CUBE +
TDM GW
TDM
Service
Provider
VOIP
Protocols
TDM
Private
Network
IP
Proposed Network Topology for Integrated Voice Gateway /
Voice Policy Solution based on UC Services API
Call Control
CUCM
API features for Media
control & stats,
including Media
Forking
API features for
TDM & VOIP
Signaling
SRE
ETM Voice
Policy
Appliance
Voice Policy
Distribution &
Aggregation
Secure Logix
Voice Policy
Server
http://www.cisco.com/c/dam/en/us/products/collateral/unified-communications/unified-border-element/tdos_brochure.pdf
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
248
Voice Security Attacks
CUBE Protection with an External Voice Policy
Threat / Use Case
Mitigation Action provided by CUBE w/ SecureLogix
IVR cycling with repeating DTMF tones in
WAVE files
Detect repeated DTMF tones that cause cycling, then take policy action
(disconnect, transfer)
Harassing Calls
Detect multiple phone calls from same phone # (or exchange), then take
policy action (disconnect, record)
Contact Center abuse
Detect unusual activity from specific phone # or exchange, then take policy
action (transfer, record)
Unauthorized Modem Usage
Detect Modem traffic, then take policy action (disconnect)
911 Notification
Detect 911 activity then take policy action (send alert)
Toll Fraud
Detect secondary dial tones then take policy action (disconnect)
Social Network Attacks
Detect call patterns from area codes or exchange then take policy
Unauthorized FAX usage
Limit time of day usage on FAX
Inappropriate use of phones
Detect phone calls to 900 area codes and disconnect
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
249
Firewall : General Guidelines
•
Purchase SIP Trunking services from a trusted SP
•
Use an external Firewall for connections that have both voice and data, though most customers just
use a dedicated circuit for voice
•
Have the firewall rules work on data (i.e. Non port 5060 and non UDP port) (setup firewall rules on
CUBE to drop anything that is not voice)
•
Use a voip trust list
•
When it comes to have colocation of Firewall with CUBE on the same platform, ZBFW is only
supported on ISR G2 with CUBE collocated and not with ASR1K/ISR4K/CSR1000v (vCUBE) series
•
Having an MPLS for terminating only SIP traffic from a trusted provider should be sufficient and CUBE
basically acts as a Voice Firewall (address/topology hiding). An external Firewall is still supported and
assumes
•
UDP RTP port range and SIP signaling port range is opened up to CUBE
•
CUBE is agnostic to the underlying IP path and cannot be behind a NAT
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
250
CUBE Firewall Deployment Scenarios
F/W
between
CUBE and
ITSP
F/W between
CUBE and
rest of
Enterprise UC
Network
F/W on
either side
of CUBE
No
Firewall
SIP
H.323
SIP Trunk
CUBE
SIP
H.323
CUBE
SBC
SP VOIP
Services
SBC
SP VOIP
Services
SBC
SP VOIP
Services
SIP Trunk
CUBE
SIP
H.323
SP VOIP
Services
SIP Trunk
SIP
H.323
SBC
SIP Trunk
CUBE
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
251
Zone-based Firewall (ISR G2)
Global configuraiton
class-map match-any throttle_rtp
match protocol rtp
class-map type inspect sip match-any options-png
class-map type inspect sip match-any sip-match
class-map type inspect sip match-any options-ping
match request method invite
class-map type inspect match-any sip-protocol
match protocol sip
class-map type inspect sip match-any options-throttle
match request method options
class-map match-any sip
match protocol sip
!
zone security inside
zone security outside
zone-pair security in2out source inside destination
outside
service-policy type inspect nonoptions-throttle
zone-pair security out2in source outside destination
inside
service-policy type inspect nonoptions-throttle
zone-pair security selfout source self destination
outside
service-policy type inspect nonoptions-throttle
zone-pair security outself source outside destination
self
service-policy type inspect nonoptions-throttle
policy-map type inspect sip throttle-Policy
class type inspect sip options-throttle
rate-limit 2
policy-map throttle
class sip
police 20000
class throttle_rtp
police 150000
class class-default
police 8000
policy-map throttle_rtp
policy-map type inspect nonoptions-throttle
class type inspect sip-protocol
inspect
service-policy sip throttle-Policy
class class-default
drop
!
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
252
Improving Security through Multi-VRF Call Routing
•
Virtual Routing and Forwarding (VRF) is an IP technology that allows for multiple
instances of a routing table to coexist on the same router at the same time as
opposed to a single global route table, allowing for multiple virtual networks within a
single network entity to isolate between media and data virtual networks
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
253
Multi-VRF Aware Call Routing on CUBE
•
Multi-VRF allows for the use of only one router to accomplish the tasks that multiple routers usually
perform as it provides logical separation of routing instances/tables (and by the implication address
space) within one router, that is, each VRF has its own routing table as opposed to a single global
route table
•
CUBE allows intra and inter VRF routing of voice and video calls between Service providers and
customer networks
•
Security can be improved by deploying Multi VRF at the network level
•
IP address and Overlapped Dial Plan with Multi VRF feature provides seamless integration of
networks. CUBE can route VoIP calls across different VRF’s without the need of Route Leaks
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
254
SIP TLS Support
with SRTP
Secure SIP
•
Requires deploying both SIP TLS (secure signaling) and SRTP (secure media)
•
SRTP-RTP Interworking requires DSPs (secure transcoder) only on ISR G2s. DSPs are not needed
for SRTP-RTP interworking on ISR 4K, ASR 1K, and vCUBE
•
CUBE initially supported only TLS v1.0 with following Cipher Suites
SSL_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_128_CBC_SHA
•
CUBE now supports TLS v1.2 with the following Cipher Suites
TLS_DHE_RSA_WITH_AES_128_CBC_SHA1
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
•
TLS v1.2 is backward compatible ( fallback to TLS v1.0 / TLS v1.1 )
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
256
TLS Cipher Suite Category
•
Default Ciphers – TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA1,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
•
Strict Ciphers –
•
ECDSA Ciphers – TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA1,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
257
SRTP Support
• CUBE and DSP initially provided SRTP support for the following crypto suites:
AES_CM_128_HMAC_SHA1_32
AES_CM_128_HMAC_SHA1_80
• AES-GCM and AES-CCM Authenticated Encryption in Secure RTP (SRTP) is required
AEAD_AES_128_GCM
AEAD_AES_256_GCM
AEAD_AES_128_CCM
AEAD_AES_256_CCM
• Since DSP doesn’t support these new crypto suites – CUBE will provide signaling and
media pass-through for the unsupported crypto suites
• CUBE will now be able to pass across crypto attributes (containing any unsupported
crypto suites) as well as media packets (encrypted with unsupported crypto suites)
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
258
SRTP Passthrough Configuration (Unsupported
Crypto Suites)
•
A CLI has been enhanced to configure/enable pass-through of
unsupported crypto suites:
Global Configuration:
Dial-peer level configuration:
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
259
SIP TLS/SRTP support for Microsoft Skype for Business
(Lync) Interop
TLS 1.2 support on CUBE
•
•
Secure SIP signaling from either/both Microsoft Skype4Business (Lync)
clients or CUCM endpoints to CUBE
Requires CUBE 11.5 or later
Business to Business
CUCM
Cluster
Cisco
End Point
A
Internet
IP-PSTN
Consumer to Business
CUBE
Lync
Client
SIP over TLS 1.2
Lync
Server
SIP over TCP/UDP
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
260
Voice Security Attacks
CUBE Protection at Various Layers (1 of 4)
SBC Threat /
Security
Requirement
Calls/Traffic from
untrusted sources
Network Layer (protects at entry point
in the network)
Malformed Signaling
Packets
Protection built in the B2BUA layer
ACLs, NBAR, CoPP
Access Control Lists (ACLs) to Allow/Deny
Explicit Sources of Calls
a. Only allow service provider’s SBC to
initiate traffic from PSTN side
DoS/TDoS Attacks
Application Layer (CUBE)
Toll Fraud prevention using
a. IP Trust Lists [IOS 15.1(2)T]
b. Silent-discard CLI – TDoS attack
mitigation [IOS 15.3(3)M]
b. Only allow your enterprise call agent
(CUCM) to initiate traffic from internal
network side
c. Topology/Address Hiding for both
media and signaling
c. Modifiable port range
d. SIP Trunk Registration/Authentication
– prevents session hijacking
Close unused H323/SIP ports and transport
mechanisms.
sip-ua
no transport tcp
no transport udp
NBAR – protection against
signaling(SIP/H.323/SIP-TLS), UDP attacks on
open RTP ports, and crafted packets
e. Option to change well known listening
ports
f. Explicit incoming/outgoing dial-peer
matching
Automatic checks by SIP/H.323 Protocol
stacks in IOS Voice code
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
261
Voice Security Attacks
CUBE Protection at Various Layers (2 of 4)
SBC Threat /
Security
Requirement
Large Rate of packet
arrival, flooding
Rogue/Phantom RTP /
RTCP packets
Malformed RTP / RTCP
packets
Network Layer (protects at entry point
in the network)
Application Layer (CUBE)
Protection built in the B2BUA layer
ACLs, NBAR, CoPP
Control Plane Policing (CoPP policy)
implemented with ACLs – limits the rate of
packets and mitigates attacks from otherwise
Trustred Sources
Deep packet inspection with ACL and NBAR
Policing
NBAR Policing to classify them as invalid
•
CAC mechanisms based on
CPU/memory/bandwidth utilization and
total number of calls
•
Call Spike monitors call arrival rate over
a moving window of time
•
UC Services API, External Voice Policy,
SecureLogix Solution (SIP Flooding)
•
Define media address and RTP port
ranges
•
Source filter - Filters out incoming
incorrect remote address/port RTP
Packets
•
Automatic checks by IOS Voice code on
Call-ID, RTP sequence numbers, SSRC
RTP Library check in the IOS Voice code,
DSP check
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
262
Voice Security Attacks
CUBE Protection at Various Layers (3 of 4)
SBC Threat /
Security
Requirement
Encrypted signaling or
media
Network Layer (protects at entry point
in the network)
Application Layer (CUBE)
Protection built in the B2BUA layer
ACLs, NBAR, CoPP
•
Service Providers provide SIP trunks over
secure VPN
•
TLS signed INVITES / Digest
Authentication
•
IPSec for untrusted WAN segments, deploy
TLS/SRTP internally
•
TLS to non-TLS, SRTP Passthru,
SRTP/RTP interworking
•
Optional : Front end CUBE with an external
FW
•
SHA1-80, SHA1-128, SHA1-256 crypto
suite
•
Most SPs do not offer encrypted SIP
Trunks today
Rogue BYEs
(ie Bye with Random
CallID)
Policed with ACLs and Control Plane Policing
Automatic checks at signaling Protocol
Stack, Call Leg Transaction checks within
IOS Voice code
Eavesdropping/Privacy
Encryption
SIP-TLS with sRTP, UC Services API,
External Voice Policy, SecureLogix Solution
263
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
263
Voice Security Attacks
CUBE Protection at Various Layers (4 of 4)
SBC Threat /
Security
Requirement
Service Theft
Network Layer (protects at entry point
in the network)
Application Layer (CUBE)
Protection built in the B2BUA layer
ACLs, NBAR, CoPP
ACLs
IPSec
•
•
•
•
•
•
•
•
LTRCOL-2310
Class of Restriction
Toll Fraud prevention mechanisms listed
above
SIP Trunk Registration
(authentication/credentials CLI)
SIP Hostname Validation
Encryption (TLS with SRTP)
Monitor CDR from CUBE to scan for call
patterns and volumes that may indicate
unauthorized use
UC Services API, External Voice Policy,
SecureLogix Solution
TCL (blacklist/whitelist), PIN
authorization
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
264
Agenda
•
SIP Trunking and CUBE Overview
•
SIP Trunking Design & Deployment Models
•
CUBE Architecture (Physical & Virtual)
•
Transitioning to SIP Trunking using CUBE
•
Advanced features on CUBE
•
CUBE Management & Troubleshooting
•
Futures & Key Takeaways
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Monitoring
CUBE Monitoring
•
Network Management Tools can be used to monitor key CUBE
statistics like SIP Trunk status, Trunk utilization, Call Arrival Rate,
Call Success/Failure count, voice quality metrics etc..
•
Network Management Tools can send SNMP Queries to CUBE
•
CUBE responds to the SNMP queries with real time values
of the monitored objects
•
CUBE can also send SNMP Traps to alert the
network management tool of certain events like
SIP Trunk failure, link down, high CPU etc..
Some Network Management Tools:
-
Cisco Unified Operations Manager
Arcana Networks
Solarwinds
Network
Management
Tool
SNMP
Query
SNMP
Response
SIP
H.323 or SIP
CUBE
SBC
SP IP
Network
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
267
CUBE Monitoring
Area
For Your
Reference
Information
Method
Router Health
CPU, Memory, I/f
 CISCO-PROCESS-MIB, cpmCPUTotal5minRev
 CISCO-MEMORY-POOL-MIB, ciscoMemoryPoolTable
 IF-MIB, IfEntry
SIP Trunk Status
SIP Trunk Status
 SIP OOD Options Ping, CLI dial-peer status
Trunk Utilization




Call Arrival Rate
 CUBE 1.4: CISCO-VOICE-DIAL-CONTROL-MIB, cvCallRateMonitor
Call Success/Failure
 DIAL-CONTROL-MIB, dialCtlPeerStatsSuccessCalls, dialCtlPeerStatsAcceptCalls,
dialCtlPeerStatsFailCalls, dialCtlPeerStatsRefuseCalls
 CISCO-SIP-UA-MIB, cSipStatsErrClient, cSipStatsErrServer, cSipStatsGlobalFail
SIP retries
 CISCO-SIP-UA-MIB, cSipStatsRetry
DSP Availability
 CISCO-DSP-MGMT-MIB, cdspCardResourceUtilization, cdspDspfarmUtilObjects
Transcoding util.
 CUBE 1.4: CISCO-DSP-MGMT-MIB, cdspTotAvailTranscodeSess, cdspTotUnusedTranscodeSess
MTP utilization
 CUBE 1.4: CISCO-DSP-MGMT-MIB, cdspTotAvailMtpSess, cdspTotUnusedMtpSess
Loss, delay, jitter
 CISCO-VOICE-DIAL-CONTROL-MIB, cvVoIPCallActiveTable
IP SLA
 CISCO-RTTMON-RTP-MIB, rttMonJitterStatsTable , rttMonLatestJitterOperTable
Traffic Reports (Calls,
Sessions, Capacity Planning,
Errors)
Media Resources
(DSPs)
Voice Quality
CUBE 1.4: CISCO-VOICE-DIAL-CONTROL-MIB, cvCallVolume
Older CUBE: DIAL-CONTROL-MIB, callActive
CISCO-DIAL-CONTROL-MIB, cCallHistoryTable
CUBE 8.5: SIP RAI Trunk Utilization
More info in CUBE Management and Manageability Specification at:
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps5640/white_paper_c11-613550.html
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
268
Also see BRKNMS-2333
Also see BRKUCC-2670
Prime Collaboration
Monitoring CUCM SIP Trunk Status
• Capacity, Busy Hour Traffic, Average
Capacity
Monitoring CUBE Status
•
CPU, DSP, Active Calls, etc.
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
269
Prime Collaboration
CUBE Provisioning with Templates
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ${hostname}
!
logging message-counter syslog
logging buffered 51200 warnings
no logging console
!
voice service voip
allow-connections sip to sip
fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711ulaw
sip
rel1xx disable
header-passing error-passthru
early-offer forced
midcall-signaling passthru
sip-profiles 100
!
voice class codec 1
codec preference 1 ${codec-pref-1}
codec preference 2 ${codec-pref-2}
codec preference 3 ${codec-pref-3}
!
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
270
Prime Collaboration - Assurance
CUBE Features Benefits matrix
Features
Monitoring Cisco Unified
Border Element
(CUBE)
Benefits


Detecting SIP trunk Outage 
Has built in knowledge to auto-discover the CUBE system.
It will also enable administrator to monitor CPU and DSP intensive tasks
like Transcoding and MTP session usage. Administrator will get notified
when usage crosses the configured threshold.
Accurate Option Ping Method based CUBE SIP Trunk outage detection
Pro-actively Monitoring
SIP trunk Utilization


Incoming or Outgoing Call stats to understand call traffic pattern
Incoming or Outgoing Utilization to understand trunk usage pattern
Detecting DSP failure

Call Performance metrics

Detects and notifies when a DSP chip/card fails that might potentially
cause service disruption such as call drop due to unavailability for
resources for transcoding.
Additional CUBE KPIs such as call stats for deeper monitoring
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
271
Prime Collaboration
CUBE Performance metrics
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
272
Prime Collaboration - Assurance
CUBE SIP Trunk Usage Monitoring
•
Monitors both individual SIP trunk
usage and Aggregated SIP Route
Group usage
•
Provides 7 days trend graph
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
273
Prime Collaboration Assurance
CUBE Performance metrics
•
Monitors and provide 7 days of
historical report for various CUBE
performance metrics
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
274
Prime Collaboration - Analytics
CUBE SIP Trunk Capacity Planning report
•
Monitors both individual SIP trunk
usage and Aggregated SIP Route
Group usage
•
Provides up to 1 year trend graph
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
275
Prime Collaboration - Analytics
CUBE SIP Trunk Busy Hour Erlang Capacity Planning report
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
276
Introducing ManageExpress® Border Manager
•
Simplified provisioning
and management
•
Uniform policies across all SBCs
•
Real time 911/211 alerting
and monitoring
•
Voice quality monitoring
•
Reduce operational costs
•
Available on the Cisco price list
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
277
Topology with Real Time Monitoring
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
278
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
279
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
280
Voice Quality Metrics
Voice Call Quality Monitoring on CUBE
•
Three mechanism exist to monitor call quality statistics
1.
2.
3.
End of call statistics in BYE message, 5 critical call parameters (MoSQe, Delay,
Jitter, Loss, OoO)
End of call CDRs if configured
Real time export of 30+ AQM via Flexible NetFlow
CDR Example or MIB file: CISCO-VOICE-DIAL-CONTROL-MIB
<MOS-Con>4.4072</MOS-Con>
<round-trip-delay>1 ms</round-trip-delay>
<receive-delay>64 ms</receive-delay>
<voice-quality-total-packet-loss>0.0000 %</ voice-quality-total-packet-loss>
< voice-quality-out-of-order>0.0000 %</ voice-quality-out-of-order>
•
CDR will be sent to Radius server at the end of a call if AAA accounting is
configured
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
282
Audio Quality Monitor using Flexible NetFlow
•
AQM uses FNF to export up to 30 voice quality metrics measured by “media monitoring” CLI
•
To help the NetFlow collector to process the flow record, AQM also reports call related
information such as calling number, called number, call setup time, etc
Configuration to enable VQM Calculation
voice service voip
media monitoring [num] persist
!
The max number of channels used for monitoring
media statistics
!
Enable media statistics for VQM calculation
dial-peer voice [tag] voip
media monitoring
! Enable media monitoring on this dial-peer, every call leg matching this dial-peer will be monitored
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
283
For Your
Reference
FNF Configuration
flow record type performance-monitor aqm
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect application voice number called
collect application voice number calling
collect application voice setup time
collect application voice call duration
collect application voice rx bad-packet
collect application voice rx out-of-sequence
collect application voice codec id
collect application voice play delay current
collect application voice play delay minimum
collect application voice play delay maximum
collect application voice sip call-id
collect application voice router global-call-id
collect application voice delay round-trip
collect application voice delay end-point
collect application voice r-factor 1
collect application voice r-factor 2
collect application voice mos conversation
collect application voice mos listening
collect application voice concealment-ratio average
collect application voice jitter configured type
collect application voice jitter configured minimum
collect application voice jitter configured maximum
collect application voice jitter configured initial
collect application voice rx early-packet count
collect application voice rx late-packet count
collect application voice jitter buffer-overrun
collect application voice packet conceal-count
!
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
284
For Your
Reference
FNF Configuration – Cont’d
flow exporter aqm-exporter
destination <IP addr>
source FastEthernet8
transport udp 2055
option application-attributes
!
flow monitor type performance-monitor aqm-mon
record aqm
exporter aqm-exporter
cache entries 1000
cache timeout synchronized 10
history size 60 timeout 5
class-map match-all aqm-class
match application rtp
match application attribute media-type audio
!
policy-map type performance-monitor aqm-policy
class aqm-class
flow monitor aqm-mon
!
interface FastEthernet8
ip address 10.10.10.11 255.255.0.0
load-interval 30
duplex full
speed 100
service-policy type performance-monitor input aqm-policy
service-policy type performance-monitor output aqm-policy
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
285
For Your
Reference
Viewing AQM
CUBE# show call active voice stats
DSP/TX: PK=0, SG=0, NS=0, DU=0, VO=0
DSP/RX: PK=34, SG=0, CF=1, RX=660, VO=660, BS=0, BP=0, LP=0, EP=0
DSP/PD: CU=69, MI=69, MA=69, CO=0, IJ=0.0000
DSP/PE: PC=0, IC=0, SC=0, RM=0, BO=0, EE=0
DSP/LE: TP=0, TX=0, RP=0, RM=0, BN=0, ER=0, AC=0
DSP/ER: RD=0, TD=0, RC=0, TC=0
DSP/IC: IC=0
DSP/EC: CI=g711alaw, FM=5, FP=1, VS=0, GT=1.0000, GR=1.0000, JD=adaptive, JN=60,
JM=40, JX=1000
DSP/KF: KF=0.0000, AV=0.0000, MI=0.0000, BS=0.0000, NB=0, FL=0, NW=0, VR=0.0
DSP/CS: CR=0.0000, AV=0.0000, MX=0.0000, CT=0, TT=0, OK=0, CS=0, SC=0, TS=50, DC=0
DSP/RF: ML=-1.0000, MC=-1.0000, R1=-1, R2=-1, IF=0, ID=0, IE=0, BL=25, R0=93, VR=2.0
DSP/UC: U1=0, U2=0, T1=0, T2=0
DSP/DL: RT=0, ED=0
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
286
AQM viewing through ARCANA’s MEBM
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
287
AQM stats per network segment
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
288
Incremental metrics are provided through out the call
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
289
Troubleshooting
Troubleshooting of Calls
show cube status
Is CUBE Active ?
CUBE-Version : 9.0
SW-Version : 15.2.1T, Platform 2911
HA-Type : none
Licensed-Capacity : 200
debug voip ccapi inout
Is the call matching
right Dial-peers ?
Are we sending the
right SIP call to SP based
on their requirements ?
Oct 26 18:59:01.146: //-1/66A6B1BF8013/CCAPI
cc_api_call_setup_ind_common:
.................
Incoming Dial-peer=1, Progress Indication=NULL(0), Calling IE
Present=TRUE,
.................
Outgoing Dial-peer=100, Params=0x26E8574, Progress
Indication=NULL(0)
debug ccsip messages
Received:
INVITE sip:912025552000@14.128.101.24:5060 SIP/2.0
Date: Wed, 26 Oct 2011 18:59:01 GMT
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK,
UPDATE, REFER, SUBSCRIBE, NOTIFY
From: "Paul Hewson"
<sip:1500@10.88.156.166>;tag=90d94d92-6ee4-45aa-9f182d09025c1ee4-27352390
................
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
291
CUBE Debugging
•
When debugging in IOS, configure logging buffered to a fairly large value
(based on available memory)
•
Disable logging to the console with command ‘no logging console’
•
Enable timestamps for debugs
•
Make sure router has NTP enabled
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
logging buffered 10000000
no logging console
clock timezone EST -5 0
clock summer-time EDT recurring
ntp server 10.14.1.1
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
292
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY, INFO, REGISTER
.........
.........
 Outbound INVITE message
 Sent with destination number as 1000 and IP address
20.1.1.2 on port 5060
 Calling number is 2000 with source IP address of call is
20.1.1.1
 Cisco-GUID uniquely identifies this call leg
v=0
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
 “c” parameter identifies the IP address (20.1.1.1) that the
peer device should send the media to
 “m” parameter identifies:
 the type of call (audio)
 port number for media (16950)
 payload type for the 1st preferred codec (18 for G729)
 dtmf (101 for RFC2833)
 “a’” parameter identifies all the codecs and other
descriptors for this call leg
Internal
Network
External
Network
SIP SP
10.1.1.1
CUBE
B2B User
Agent
LTRCOL-2310
20.1.1.1
20.1.1.2
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
293
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY, INFO, REGISTER
.........
.........
Sent:
INVITE
Internal
Network
External
Network
10.1.1.1
20.1.1.1
SIP SP
CUBE
20.1.1.2
B2B User
Agent
 Outbound INVITE message
 Sent with destination number as 1000 and IP address
20.1.1.2 on port 5060
 Calling number is 2000 with source IP address of call is
20.1.1.1
 Cisco-GUID uniquely identifies this call leg
 Outbound INVITE message
v=0
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
 “c” parameter identifies the IP address (20.1.1.1) that the
peer device should send the media to
 “m” parameter identifies:
 the type of call (audio)
 port number for media (16950)
 payload type for the 1st preferred codec (18 for G729)
 dtmf (101 for RFC2833)
 “a’” parameter identifies all the codecs and other
descriptors for this call leg
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
294
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY, INFO, REGISTER
.........
.........
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
To: <sip:1000@20.1.1.2>
v=0
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
Internal
Network
External
Network
10.1.1.1
20.1.1.1
SIP SP
CUBE
B2B User
Agent
20.1.1.2
 Outbound INVITE message
 Sent with destination number
as 1000 and IP address
20.1.1.2 on port 5060
 Calling number is 2000 with source IP address of call is
20.1.1.1
 Cisco-GUID uniquely identifies this call leg
 “c”with
parameter
identifies the
IP address (20.1.1.1) that the
Sent
destination
number
peer device should send the media to
as 1000
and IP address
“m” parameter identifies:
20.1.1.2
5060
 theon
typeport
of call
(audio)
 port number for media (16950)
 payload type for the 1st preferred codec (18 for G729)
 dtmf (101 for RFC2833)
 “a’” parameter identifies all the codecs and other
descriptors for this call leg
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
295
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY, INFO, REGISTER
.........
.........
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
v=0
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
Internal
Network
External
Network
SIP SP
10.1.1.1
CUBE
B2B User
Agent
20.1.1.1
20.1.1.2
 Outbound INVITE message
 Sent with destination number as 1000 and IP address
20.1.1.2 on port 5060
 Calling number is
2000 with source IP
address of call is 20.1.1.1
 Cisco-GUID uniquely identifies this call leg
 “c” parameter identifies the IP address (20.1.1.1) that the
peer device should send the media to

“m” parameter
identifies:
 Calling
number
is 2000
 the type of call (audio)
with
source
address
 port
number IP
for media
(16950)of
st
type for the 1 preferred codec (18 for G729)
call payload
is 20.1.1.1
 dtmf (101 for RFC2833)
 “a’” parameter identifies all the codecs and other
descriptors for this call leg
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
296
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY, INFO, REGISTER
.........
.........
Internal
Network
External
Network
SIP SP
10.1.1.1
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
B2B User
v=0
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
CUBE
20.1.1.1
20.1.1.2
Agent
 Outbound INVITE message
 Sent with destination number as 1000 and IP address
20.1.1.2 on port 5060
 Calling number is
2000 with source IP address of call is 20.1.1.1
 Cisco-GUID uniquely
identifies this call leg
 “c” parameter identifies the IP address (20.1.1.1) that the
peer device should send the media to
 “m” parameter identifies:
 the type of
call (audio)
 Cisco-GUID
uniquely
 port number for media (16950)
identifies
this
call
 payload
type
for the 1st preferred codec (18 for G729)
 dtmf (101 for RFC2833)
 “a’” parameter identifies all the codecs and other
descriptors for this call leg
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
297
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid:
c=IN2734093693-2617381344-2150402492-1649307186
IP4 20.1.1.1
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE,
INFO, REGISTER
c=IN IP4NOTIFY,
20.1.1.1
.........
.........
Internal
Network
External
Network
10.1.1.1
20.1.1.1
SIP SP
CUBE
B2B User
Agent
20.1.1.2
 Outbound INVITE message
 “c” parameter
the IP
address
 Sent withidentifies
destination number
as 1000
and IP address
20.1.1.2 on port 5060
(20.1.1.1)
that the peer device should
 Calling number is
send the2000
media
to IP address of call is 20.1.1.1
with source
v=0
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
 Cisco-GUID uniquely identifies this call leg
 “c” parameter identifies the IP address
(20.1.1.1) that the peer device should
send the media to
 “m” parameter identifies:
 the type of call (audio)
 port number for media (16950)
 payload type for the 1st preferred codec (18 for G729)
 dtmf (101 for RFC2833)
 “a’” parameter identifies all the codecs and other
descriptors for this call leg
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
298
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY, INFO, REGISTER
.........
.........
v=0
m=audio
16950 RTP/AVP 18 101
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
Internal
Network
External
Network
SIP SP
10.1.1.1
CUBE
B2B User
Agent
20.1.1.1
20.1.1.2
 Outbound INVITE
message
 m” parameter
identifies:
 Sent with destination number as 1000 and IP address
 the type
ofoncall
20.1.1.2
port (audio)
5060

Calling
number
is
 port number for media (16950)
2000 with source IP address
of call is 20.1.1.1
 payload
type uniquely
for theidentifies
1st preferred
 Cisco-GUID
this call leg
codec (18 for G729)
 dtmf (101
for RFC2833)
“c” parameter
identifies the IP address
(20.1.1.1) that the peer device should
send the media to
 “m” parameter identifies:
 the type of call (audio)
 port number for media (16950)
 payload type for the 1st preferred
codec (18 for G729)
 dtmf (101 for RFC2833)
 “a’” parameter identifies all the codecs and other
descriptors for this call leg
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
299
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY, INFO, REGISTER
.........
.........
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
Internal
Network
External
Network
SIP SP
10.1.1.1
CUBE
B2B User
Agent
20.1.1.1
20.1.1.2
 Outbound INVITE message
 Sent with destination number as 1000 and IP address
20.1.1.2 on port 5060
 Calling number is
2000 with source IP address of call is 20.1.1.1
 Cisco-GUID uniquely identifies this call leg
 “c” parameter identifies the IP address
(20.1.1.1) that the peer device should
send the media to
 “a’” parameter
identifies
all the codecs
 “m” parameter
identifies:
 the type of call
and other descriptors
for(audio)
this call leg
 port number for media (16950)
 payload type for the 1st preferred codec (18 for G729)
 dtmf (101 for RFC2833)
 “a’” parameter identifies all the codecs
and other descriptors for this call leg
v=0
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
300
CUBE Per-Call Debugging (PCD)
•
Useful for CUBE under high call volume
•
Available on all CUBE(Ent) ASR releases and in 15.1(2)T and later on ISR
•
All the debug pertaining to a particular call goes into a buffer
•
“Trigger-points” looks for specific info in the buffers to export the debug info to
an output destination
•
Can trigger based on user-defined criteria or log every call
•
SIP 4XX, 5XX, or 6XX Response
• Q.850 Cause code
• Call Admission Control limits
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
301
For Your
Reference
CUBE Per-Call Debugging (PCD)
1. Define buffers and buffer sizes
per-call num-buffer <num>
per-call buffer-size debug <num>
2. Turn per-call debugging on/off
per-call shutdown
per-call active debug
per-call inactive
3. Set trigger points
per-call
per-call
per-call
per-call
trigger
trigger
trigger
trigger
cause 1
cause 41
sip-message 404
sip-message 488
4. Export debug buffer content
per-call export primary [flash | ftp |
http | pram | rcp | tftp] secondary
[flash | ftp | http | pram | rcp | tftp]
5. Show buffer content status
show per-call stat
show per-call buffer list
6. Show buffer contents on console
router#show per-call buffer content ?
<0-10000000> Specify the buffer num
router#show per-call buffer content 1
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
302
IOS Embedded Packet capture on ISR-G2
Provides ability to do packet captures only for interested traffic from within IOS
Step 1. Configure capture profile
ip traffic-export profile BRKUCC2934 mode
capture
bidirectional
incoming access-list 123
outgoing access-list 123
access-list 123 permit udp any any eq 5060
access-list 123 permit tcp any any eq 5060
interface fa0/0
ip traffic-export apply BRKUCC2934 [size
<bytes>]
Create profile with
name “BRKUCC2934”
Create access-lists to define “interesting” traffic
In this eg, only SIP Traffic (TCP/UDP port 5060) is
being captured
Apply this profile to an
interface that this traffic
traverses
2. Capture traffic with these exec
(enable) level commands
Note: The exec cmds don’t appear until a profile has been configured
router# traffic-export interface fa0/0 clear
router# traffic-export interface fa0/0 start
<capture the problem>
router# traffic-export interface fa0/0 stop
• Clear the buffer to remove
previous contents
• Start the capture when ready
• Stop after the problem is captured
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
303
IOS Embedded Packet capture (.. cont’d)
Step 3. Export the pcap file to a server
router# traffic-export interface fa0/0 copy
ftp://x.x.x.x/BRKUCC2934_capture.pcap
Export the contents of the
buffer to an external FTP
server as a PCAP file
Step 4. Display ladder diagram
(with Wireshark)
The PCAP file can be viewed
in Wireshark. It provides the
ability to filter based on
calling/called numbers and
create a flow graph as
shown
Debug Decoder: http://translatorx.cisco.com
IP Traffic Capture: http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
304
Serviceability
New CUBE Serviceability Features
Call Arrival Rate
Example:
show call history stats cps
Histogram for Call rate
Histogram for Concurrent calls
Histogram for Call duration
Histogram for SIP message rate
High/Low watermark for Call Rate
High/Low watermark for Concurrent calls
High/Low watermark for SIP message rate
1122222357676678753222211111122247545789774322213311112245654598843333222
10
9
*
*
8
*
**
***
7
* * ***
*
*****
*
##*
6
********
*
*****
** *##*
5
*########*
#* *####*
*######*
4
*########*
*#***####**
*########*
3
**########**
*#########**
**
*########*****
2
******#########*****
****##########**** **
***########********
1 *######################################################################*
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
0
5
0
5
0
5
0
5
0
5
0
5
0
Call switching rate / CPS (last 72 hours)
* = maximum calls/s
# = average calls/s
Histogram for Call Failure Rate
High/Low watermark for Call Failure Rate
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
306
Call History Stats – Graphical or Tabular form
Last 60 sec, 60 minutes, 72 hours
show call history stats connected [table]
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
307
Ability to sort dial-peers
show run dial-peer sort
dial-peer (default)
dial-peer sort
dial-peer voice 4020 pots
destination-pattern 4020
port 0/2/0
!
dial-peer voice 5000 voip
destination-pattern 5...
session protocol sipv2
session target ipv4:1.4.65.5
!
dial-peer voice 5 pots
incoming called-number 1...
port 1/0/0:23
dial-peer voice 5 pots
incoming called-number 1...
port 1/0/0:23
!
dial-peer voice 4020 pots
destination-pattern 4020
port 0/2/0
!
dial-peer voice 5000 voip
destination-pattern 5...
session protocol sipv2
session target ipv4:1.4.65.5
dial-peer sort descending
dial-peer voice 5000 voip
destination-pattern 5...
session protocol sipv2
session target ipv4:1.4.65.5
!
dial-peer voice 4020 pots
destination-pattern 4020
port 0/2/0
!
dial-peer voice 5 pots
incoming called-number 1...
port 1/0/0:23
LTRCOL-2310
Dial Peer
tag
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
308
Total Number of Active Concurrent Calls
Total Number of Active Calls
 A single call can have multiple calllegs. To determine the total number
of active calls from call-legs is
challenging
 CLI added to display the value of
current number of active
(connected) calls on CUBE
 The table defines the relation
between call-legs and number of
active calls
Router# show call active total-calls
Total Number of Active Calls : 10
Call Flow
Call-legs
Connected
call
Basic call (audio/video)
2
1
Transferred call (Refer
handling)
3
2
Transcoded call (SCCP)
4
1
Calls after rotary/hunt
2+x
1
Forwarded calls (CUBE
handling)
3
1
Forked call (media forking)
3
2
Forked call (signaling forking)
2
1
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
309
Avoiding Non-Call-Context Debug Logs
• Many times SIP debugs contain unrelated debugs that are not useful in
debugging issues related to call failures
• Starting CUBE 10.0.1, non-call-context debugs will not be printed when
debug ccsip is issued
• This applies to messages originating from CUBE. Non-call context
INBOUND messages towards CUBE will still be printed when
debug ccsip is issued.
• If a message is not part of any call, that debug will not be printed
• Affected messages: OPTIONS, REGISTER, SUBSCRIBE/NOTIFY
• To see the above OUTBOUND messages in debugs, issue the following
command
debug ccsip non-call
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
310
Debugging Made Easier
Categorize Debugs based on Severity
 Existing SIP debugs have become
too verbose and un-manageable. To
minimize verbosity, the SIP-INFO
debugs are further categorized
based on functionality and Level
 Categories only applicable when
CCSIP INFO or ALL debug is
enabled
 Categorization based on Severity
1.
2.
3.
4.
Critical
Notifications
Informational
Verbose
Router# debug ccsip level <critical | info |
notify | verbose>
Severity
Level
Description
1
Critical
Feature specific Errors, things going wrong,
resource failures that does not fail call as such
2
Notifications
Important milestones reached. Important steps
while processing that needs to be noticed
3
Informational
Much of the details to understand flow. These
give more information related to working of flow
4
Verbose
Information that is in too detail and not really
much helpful in debugging
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
311
Debugging Made Easier
Categorize Debugs based on Functionality
 Categorization based on
Functionality
1.
2.
3.
4.
5.
6.
7.
Audio/video/sdp/control
Configuration /sip-transport
CAC
DTMF/FAX/Line-side
Registration
Sdp - passthrough
Sip-profile/SRTP/transcoder
Router# debug ccsip feature < audio | cac |
config | control | dtmf | fax | line | misc |
misc-features | parse | registration | sdpnegotiation | sdp-passthrough | sip-profiles |
sip-transport | srtp | supplementary-services
| transcoder | video >
Example: enabling DTMF and audio debugs only with default log level is considered.
DTMF(32) debug code
CUBE#sh debugging
CCSIP SPI: SIP info debug tracing is enabled (filter is OFF)
CCSIP SPI: audio debugging for ccsip info is enabled (active)
CCSIP SPI: dtmf debugging for ccsip info is enabled (active)
Audio(2) debug code
May 21 17:54:53.377: //444/5FE632EB8479/SIP/Info/verbose/32/sipSPI_ipip_store_channel_info: dtmf negotiation
done, storing negotiated dtmf = 0,
May 21 17:54:53.377: //444/5FE632EB8479/SIP/Info/info/2/sipSPIUpdateCallEntry:
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
312
Debugging Made Easier
Categorize Debugs based on Functionality
CUBE# show cube debug category codes
 This CLI is used to collect the
predefined debug features category
codes , which helps in analysis of
debugs manually.
|----------------------------------------------| show cube debug category codes values.
|----------------------------------------------| Indx | Debug Name
|
Value
|----------------------------------------------| 01 | SDP Debugs
|
1
| 02 | Audio Debugs
|
2
| 03 | Video Debugs
|
4
| 04 | Fax Debugs
|
8
| 05 | SRTP Debugs
|
16
| 06 | DTMF Debugs
|
32
| 07 | SIP Profiles Debugs |
64
| 08 | SDP Passthrough Deb |
128
| 09 | Transcoder Debugs
|
256
| 10 | SIP Transport Debugs |
512
| 11 | Parse Debugs
|
1024
| 12 | Config Debugs
|
2048
| 13 | Control Debugs
|
4096
| 14 | Mischellaneous Debugs|
8192
| 15 | Supp Service Debugs |
16384
| 16 | Misc Features Debugs|
32768
| 17 | SIP Line-side Debugs |
65536
| 18 | CAC Debugs
|
131072
| 19 | Registration Debugs |
262144
|----------------------------------------------LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
313
Agenda
•
SIP Trunking and CUBE Overview
•
SIP Trunking Design & Deployment Models
•
CUBE Architecture (Physical & Virtual)
•
Transitioning to SIP Trunking using CUBE
•
Advanced features on CUBE
•
CUBE Management & Troubleshooting
•
Futures & Key Takeaways
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
IP Trunk Evolution – Cutting edge designs
Cloud Connected Audio
Media Manipulation & Optimization
Improved quality of speech
by Noise Cancellation,
Acoustic shock prevention
Customer
Network
Speech corrupted with
background noise
A
SIP Trunk to
Webex
IP Cloud
SIP Trunk SP
Cisco WebEx
Collaboration Cloud
CUBE
Network based recording
conne
ction
Integration of Voice Policies
SecureLogix
Application Layer
Voice Policy:
Partner
Application
Cisco
MediaSense
Cisco
peerin
WebEx
iPOP
g
Media
Sense
 Centralized voice policy
creation/distribution
 Protection from external
harassing calls
 Service Abuse control
by internal users
 Enterprise-wide UC
reporting & analytics
 Compliance & Data
Leakage prevention
UC
Application
Network
A
SIP Trunk SP
CUBE
Platform
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
315
Key Takeaways
•
It is a manageable transition from existing TDM based networks to SIP
networks using these network design techniques
•
Enterprise SBC (Cisco Unified Border Element - CUBE) is an essential
component of a UC solution providing;
•
Security, Session Management, Interworking, Demarcation
• Over 18,000 Enterprise customers all over the Globe
• Proven interoperability with 3rd party PBX vendors and different service providers
around the world (more than 160 countries)
•
Now is the time to deploy SIP Trunking in either a Centralized or a Distributed
solution to save money, simplify your topology and setup your infrastructure for
future services
•
Complete feature Presentations, Lab Guide, Free Hands-on Lab access &
Application Notes :
»https://cisco.box.com/cube
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
316
Complete Your Online
Session Evaluation
•
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
•
Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be
available for viewing on demand after the
event at www.CiscoLive.com/Online.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
•
Demos in the Cisco campus
•
Walk-in Self-Paced Labs
•
Lunch & Learn
•
Meet the Engineer 1:1 meetings
•
Related sessions
LTRCOL-2310
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
318
Thank you
Related documents
June 8, 2010
June 8, 2010
Presentation - Achieving Impact 2014
Presentation - Achieving Impact 2014
September 15, 2009 Agenda
September 15, 2009 Agenda
Combine your voice and data networks Why use
Combine your voice and data networks Why use
Download