Deploying Enterprise SIP Trunks With CUBE, CUCM and MediaSense SBC PDF

Deploying Enterprise SIP Trunks with
CUBE (Cisco Unified Border Element),

CUCM, and MediaSense
Hussain Ali, CCIE# 38068 (Voice, Collaboration)
Technical Marketing Engineer
Dilip Singh, CCIE# 16545 (Collaboration)
Technical Leader
LTRCOL-2310 July 2016

Agenda
• Introduction
• Technology Overview
• Session Initiation Protocol (SIP)
• Cisco Unified Border Element (CUBE)
• Cisco Unified Communications Manager (CUCM)
• Cisco MediaSense
• Lab Overview
• Network Setup / Topology
• Tasks
• Lab Access
Objectives
• Provide a quick overview of SIP basics, CUCM, CUBE and MediaSense
• Understand and deploy a working ITSP SIP trunk for making and receiving
calls
• Understand how to capture and analyze CUCM traces and CUBE debugs to
troubleshoot SIP issues using available tools
• To leave participants with good understanding of CUCM, CUBE and
MediaSense SIP Trunk operation and monitoring
LTRCOL-2310 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
CUBE Overview
CUBE (Enterprise) Product Portfolio
50-150 ASR 1004/6 RP2
Introducing CUBE on ASR 1002-X
50-100 CSR
ASR 1001-X
vCUBE [Performance
dependent on vCPU and ISR 4451-X
memory] ISR 4431
20-35 3900E Series ISR-G2
(3925E, 3945E)
CPS
ISR 4351
17
3900 Series ISR-G2 (3925, 3945)

ISR-4K (4321, 4331)
8-12
2900 Series
ISR-G2 (2901, 2911, 2921, 2951) Note: SM-X-PVDM module
supported on XE3.16 or
<5
later for ISR 4K platforms
800 ISR
4 <50 500-600 900-1000 2000-2500 4000 4500-6000 7000-10,000 12K-14K 14-16K
Active Concurrent Voice Calls Capacity

5 LTRCOL-2310 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
For Your
CUBE Session Capacity Summary Reference
Platform CUBE SIP-SIP Sessions (Audio)

NanoCUBE (8XX and SPIAD Platforms) 15 - 120
2901 – 4321 100
2911 – 2921 200 – 400
4331 500
2951 600
3925 – 3945 800 – 950
4351 1000
3925E – 3945E 2100 – 2500
4431 3000
4451 6000
ASR1001-X 12000
ASR1002-X 14000
ASR1004/1006 RP2 16000
Introducing IOS-XE Release 16
• New OS from the platform team with the intent of consolidating OS’ on different
product portfolio
• UX will be the same as IOS-XE, no difference to end user
• IOS-XE Release 16.3.1 support for UC (CUBE, CME, SRST)
 Impacts XE based (ASR1K, ISR4K, and vCUBE) platforms
 There will be no CUBE 11.5.1 for the XE based platforms [ASR1K, ISR4K,
vCUBE]. CUBE 11.5.2 (July 2016 release) will have newer and March 2016
features for the XE based platforms introduced in IOS-XE release 16.3.1
 IOS-XE 16 requires a minimum of ASR1001-X, 1002-X, 1004/1006 RP2,
ESP20 (Embedded Service Processor, SIP40 (SPA Interface processor)
 It will include all features up to and including IOS-XE 3.17 as well
• Due to new hardware requirements, customers will have the following migrations
options as IOS-XE 3.17 rebuilds will stop by June 2017
 Replace unsupported ASR1K hardware and upgrade to IOS-XE 16.3.1 or later
and continue to enjoy new feature set/support for any issues
 Drop using new feature set and move back to IOS-XE3.16 long maintenance
release for longer support
CUBE Software Release Mapping
ISR G2 CUBE Ent ASR 1K1 / ISR-4K1/vCUBE (CSR)1
ASR Parity
CUBE Vers. 2900/ 3900 FCS with ISR CUBE Vers. IOS XE Release FCS
11.0.0 15.5(2)T Mar 2015 >95% 11.0.0 3.15 15.5(2)S Mar 2015
11.1.0 15.5(3)M July 2015 >95% 11.1.0 3.16 15.5(3)S July 2015
11.5.0 15.6(1)T Nov 2015 >95% 11.5.0 3.17 15.6(1)S Nov 2015
CUBE Vers. 2900/ 3900 FCS CUBE Vers. IOS XE Release 16 2 FCS
11.5.14 15.6(2)T14 Mar 2016 N/A 3 16.2.13 Mar 2016

11.5.2 15.6(3)M July 2016 11.5.23 16.3.13 July 2016
1 IOS-XE3.13.1/3.16.1 or later recommended for all ISR-4K series and XE3.16.1 or later for vCUBE
2 IOS-XE 16 requires a minimum of ASR1001-X, 1002-X, 1004/1006 RP2, ESP20 (Embedded Service Processor, SIP40 (SPA
Interface processor)
3 IOS-XE release 16.2.1 does not support CUBE functionality on the platforms. There is no CUBE version 11.5.1 for the XE
based platforms. All CUBE features from 11.5.0 (IOS-XE 3.17) and earlier versions along with CUBE 11.5.1 (March 2016 release)
on ISR G2 are included in CUBE release 11.5.2 for the IOS-XE based platforms, IOS-XE release 16.3.1 [July 2016 release]
4 IOS 15.6(2)T will show CUBE Release version to be 12.0.0 but due to DDTS# CSCuz43735, rebuilds for this release train will
align to CUBE release 11.5.1, that is 15.6(2)T1/T2/T3/T4 and so on will be CUBE version 11.5.1
CUBE Software Release Mapping – Earlier Releases
ISR G2 CUBE Ent ASR 1K Series
ASR Parity
CUBE Vers. 2900/ 3900 FCS with ISR CUBE Vers. IOS XE Release FCS
8.5 15.1(2)T July 2010 <50% 1.4 3.2 15.1(1)S Nov 2010
8.6 15.1(3)T Nov 2010 <50% 1.4.1 3.3 15.1(2)S March 2011
8.7 15.1(4)M April 2011 ~50% 1.4.2 3.4 15.1(3)S July 2011
8.8 15.2(1)T July 2011 ~70% 1.4.3 3.5 15.2(1)S Nov 2011
8.9 15.2(2)T Nov 2011 >80% 1.4.4 3.6 15.2(2)S Mar 2012
15.2(3)T/
9.0 Mar 2012 >85% 9.0 3.7 15.2(4)S July 2012
15.2(4)M
9.0.1 15.3(1)T Oct 2012 >95% 9.0.1 3.8 15.3(1)S Oct 2012
9.0.2 15.3(2)T Mar 2013 >95% 9.0.2 3.9 15.3(2)S Mar 2013
9.5.1 15.3(3)M1 Oct 2013 >95% 9.5.1 3.10.1 15.3(3)S1 Oct 2013
10.0.0 15.4(1)T Nov 2013 >95% 10.0.0 3.11 15.4(1)S Nov 2013
10.0.1 15.4(2)T Mar 2014 >95% 10.0.1 3.12 15.4(2)S Mar 2014
CUBE Software Release Mapping – Earlier Releases
ISR G2 CUBE Ent ASR 1K / ISR-4K Series
CUBE ASR Parity CUBE
2900/ 3900 FCS with ISR IOS XE Release FCS
Vers. Vers.
10.0.2 15.4(3)M July 2014 >95% 10.0.2 3.13 15.4(3)S July 2014
10.5.0 15.5(1)T Nov 2014 >95% 10.5.0 3.14 15.5(1)S Nov 2014
CUBE Interoperability
• Validated with Service
Providers World-Wide
• Independently Tested
with 3-Party PBXs in
tekVizion Labs
• Standards based
Verified by
Proven Interoperability and Interworking with

Service Providers Worldwide
Cisco Interoperability Portal:
www.cisco.com/go/interoperability
LTRCOL-2310 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Collaboration Deployment
Enterprise LAN ITSP WAN (SIP Provider)
PSTN (PRI/FXO)
Unified CM TDM Backup
(Not available in vCUBE)
PSTN
CUBE
SIP
H.323
RTP
MediaSense
CUBE Licensing
For Your
CUBE ISR(G2/4K), ASR and CSR Licensing Reference
Redundancy Licenses
Platform Single-Use Licenses
( 1 SKU for Active/Standby Pair)
Cisco 881, 886, 887, 888, 892F, SPIAD FL-NANOCUBE N/A
FL-CUBEE-5 FL-CUBEE-5-RED
ISR G2 (2901, 2911, 2921, 2951, 3925, 3945,
3925E, 3945E)
ISR-4K (4321, 4331, 4351, 4431, 4451)
FLASR1-CUBEE-100P FLASR1-CUBEE-100R
Cisco ASR1001-X, 1002-X, 1004 RP2, 1006 RP2 FLASR1-CUBEE-4KP FLASR1-CUBEE-4K-R
FLASR1-CUBEE-16KP FLASR1-CUBEE-16KR
vCUBE (CUBE on CSR 1000v)

APPX Package (No TLS/SRTP) or Same SKUs as ASR1K series Same SKUs as ASR1K series
AX (All vCUBE features) CSR licensing package
http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-
element/order_guide_c07_462222.html
CUBE Licensing FAQs
• How to enable CUBE feature set?
 General information on IOS Software Activation (licensing) can be found here .
1. For ISR G2s/4K series, install the UCK9 package license to access all the voice features including CUBE. For SIP
TLS/SRTP, SEC-K9 license is also required.
2. For ASR1K series, Advanced IP Services or Advanced Enterprise Services package/image needs to be installed for CUBE
3. For vCUBE (CUBE on CSR 1000v), APPX (no TLS/SRTP) or AX (ALL vCUBE features) package license needs to be
installed to access the CUBE feature set and upgrade from the default throughput of 100 kbps
4. For 8XX series, Advanced IP services or higher is needed to access the NanoCUBE feature set
5. Once the platform is ready, CUBE license needs to be purchased to start using the feature set
6. The RED SKUs require a separate SMARTNET and do not need any additional Single-Use case SKUs
• Are CUBE licenses incremental?

 Yes, CUBE licenses can be added together to provide an aggregate session count. This way, a customer
can start with a smaller numbers of sessions and grow their system over time as call volume increases.
E.g. a customer may buy a FL-CUBEE-5 license to start with allowing a total of 5 sessions, and later add 2
more FL-CUBE-5 licenses for a total of 15 sessions.
• Is CUBE Licensing Enforced?

 No, CUBE is a paper-based honor license (no file to install) that allows to run the CUBE RTU (Right-to-
Use) feature set once you have the UCK9 license installed. More info on ordering here.
CUBE Licensing FAQs – Cont’d
• What constitutes as a session?
 A session is a single audio or a video call across the CUBE, regardless of call legs. Some vendors consider one
call as two sessions.
• Does a call recording solution require additional licensing?

 No, Sessions created between CUBE and the Call Recording server such as MediaSense® do not require
additional licenses and are not counted against the CUBE licensing limit. However, keep in mind the platform
capacity numbers.
• Can a customer migrate from a Single-Use to a RED license?

 No, Currently there are no migration SKUs, that is, if the customer previously purchased a Single-Use license, it
cannot be converted into a RED license in future. For further assistance, please reach out to the CUBE team.
• Can standalone CUBE Licenses be transferred?

 No, CUBE licensing is not transferable between chassis at this time.
 FL-CUBEE-XX licenses can be bought for any ISR G2 platform, but cannot be transferred between platforms.
 FL-CUBEE-XX licenses are only for ISR G2 (i.e. you buy FL-CUBEE-5, it applies to a single ISR G2 that you buy
it for, which could be a 2901, 2911, 3925, etc., but only a single platform.)
CUBE Call Flow
CUBE Call Processing
CUBE
 Actively involved in the call treatment,
signaling and media streams
 SIP B2B User Agent IP
 Signaling is terminated, interpreted and Media Flow-Through

 Signaling and media terminated by the Cisco
re-originated Unified Border Element
 Provides full inspection of signaling, and  Transcoding and complete IP address hiding
protection against malformed and malicious require this model
packets
 Media is handled in two different modes: CUBE
 Media Flow-Through IP
 Media Flow-Around
Media Flow-Around
 Digital Signal Processors (DSPs) are only  Only Signaling is terminated by CUBE
required for transcoding (calls with  Media bypasses the Cisco Unified Border
dissimilar codecs) Element
Cisco Unified Border Element Basic Call Flow
voice service voip
mode border-element
allow-connections h323 to h323
Originating allow-connections h323 to sip Terminating
allow-connections sip to h323
Endpoint - allow-connections sip to sip
Endpoint –
1000 2000
Incoming VoIP Call Outgoing VoIP Call
CUBE
dial-peer voice 1 voip dial-peer voice 2 voip

incoming called-number 2000 destination-pattern 2000
session protocol sipv2 session protocol sipv2
session target ipv4:1.1.1.1 session target ipv4:2.2.2.2
codec g711ulaw codec g711ulaw
1. Incoming VoIP setup message from originating endpoint
2. This matches inbound VoIP dial peer 1 for characteristics such as codec, VAD,
DTMF method, protocol, etc.
3. Match the called number to outbound VoIP dial peer 2
4. Outgoing VoIP setup message
Understanding the Call flow
Incoming VoIP Call Leg Outgoing VoIP Call Leg
Matches an Incoming Dial-peer Matches an Outbound Dial-peer
VRF1 – 10.10.10.10 CUBE 20.20.20.20 – VRF2

1000 2000
INVITE /w SDP
1.1.1.1 INVITE /w SDP 2.2.2.2
c= 1.1.1.1
c= 20.20.20.20
m=audio abc RTP/AVP 0
m=audio xxx RTP/AVP 0
100 TRYING 100 TRYING
180 RINGING 180 RINGING

200 OK
200 OK c= 2.2.2.2
c= 10.10.10.10 m=audio uvw RTP/AVP 0
m=audio xyz RTP/AVP 0 ACK
ACK
RTP (Audio)
1.1.1.1 10.10.10.10 20.20.20.20 2.2.2.2
BYE BYE
200 OK
200 OK
Basic Show commands for Active Calls
CUBE# show call active voice brief
121A : 17 13:02:24.215 IST Mon Jun 27 2011.1 +2040 pid:1 Answer 1000 active
dur 00:00:14 tx:0/0 rx:0/0
IP 1.1.1.1:6000 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a VRF:VRF1
121A : 18 13:02:24.225 IST Mon Jun 27 2011.1 +2020 pid:2 Originate 2000 active
dur 00:00:14 tx:0/0 rx:0/0
IP 2.2.2.2:6001 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a VRF:VRF2
Telephony call-legs: 0
SIP call-legs: 2
H323 call-legs: 0
Call agent controlled call-legs: 0
SCCP call-legs: 0
Multicast call-legs: 0
Total call-legs: 2
CUBE# show voip rtp connections
VoIP RTP active connections :
No. CallId dstCallId LocalRTP RmtRTP LocalIP RemoteIP MPSS VRF
1 17 18 17474 6000 10.10.10.10 1.1.1.1 NO VRF1
2 18 17 17476 6001 20.20.20.20 2.2.2.2 NO VRF2
Found 2 active RTP connections
CUBE Architecture
ISR G2 vs ASR1K vs ISR 4K vs vCUBE (CUBE on
CSR)
ASR/ISR-4K & ISR-G2 Architecture Comparison
ASR/ISR-4K (IOS-XE) Architecture ISR G2 Architecture
Control Plane CPU
IOS
RP Control
Plane
IOS IOS
I/O I/O
Signaling
Signaling
Kernel Data Plane
 ISR: Pkt fwd’ing and signaling are handled by the

Msg I/f same CPU
 ASR: Pkt fwd’ing and signaling are handled by

different CPUs
I/O ESP I/O
‒ ESP must be programmed or instructed by the
control plane to do specific media functions
Data (Forwarding) Plane
‒ Performed by Forwarding Plane Interface (FPI)
Media
Introducing vCUBE (CUBE on CSR 1000v)
Architecture
• CSR (Cloud Services Router) 1000v runs on a Hypervisor – IOS
XE without the router
ESXi Container
RP (control plane) ESP (data plane) FFP code
Chassis Mgr. QFP Client Chassis Mgr.

IOS-XE Forwarding Mgr. / Driver Forwarding Mgr.
CUBE signaling CUBE media processing

Kernel (incl. utilities)
Virtual CPU Memory Flash / Disk Console Mgmt ENET Ethernet NICs
CSR 1000v (virtual IOS-XE)
Hypervisor vSwitch NIC
X86 Multi-Core CPU Memory Banks Hardware GE … GE

Introducing vCUBE (CUBE on CSR 1000v) –
Cont’d
• CSR1000v is a virtual machine, running on x86 server (no specialized hardware) with
physical resources are managed by hypervisor and shared among VMs
• Can be installed either using an OVA file or deployed with an ISO image
• Requires APPX (No TLS/SRTP) or AX (All vCUBE features) CSR licensing package to
access voice CLI and increase throughput from 100 kbps default. CUBE Licensing
follows ASR1K SKUs and still trust based
• No DSP based features (transcoding/inband-RFC2833 DTMF/ASP/NR) available
• vMotion for vCUBE not supported today
• vCUBE Tested Reference Configurations [UCS base-M2-C460, C220-M3S, ESXi 5.1.0
& 5.5.0]
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
LTRCOL-2310
vCUBE Considerations
• Explicit subscription of CPU and memory reservation is required which the OVA
for CSR1000V provides
• Disable Hyperthreading
• “vCUBE media performance depends on the underlying VM platform consistently
providing packet switching latency of less than 5ms. Given the platform resource
requirements and latency requirements are met, latency and jitter values observed
on a vCUBE would the same as the values obtained on a CUBE running on a
hardware platform, with a recommended hardware configuration and identical
software configuration, under the same network conditions.”
• 2 network interface required at the very minimum
• Specs based hardware supported but performance benchmarked for Cisco UCS B
and C series only
ASR, CSR & ISR-G2/4K Feature Comparison
General Platform Features ASR1K ISR-G2 4300/4400 (XE3.13.1) vCUBE (XE3.15+)
Redundancy-Group Redundancy-Group Redundancy-Group
High Availability Implementation HSRP Based
Infrastructure Infrastructure Infrastructure
TDM Trunk Failover/Co-
Not Available Exists Exists Not Available
existence
Media Forking XE3.8 15.2.1T XE3.10 Exists
Software MTP registered to
XE3.6 Exists Exists Exists
CUCM (Including HA Support)
DSP Card SPA-DSP PVDM3 PVDM4/SM-X-PVDM Not Available
Transcoder registered to CUCM Not Available Exists via SCCP Exists via SCCP (XE3.11) Not Available
Local Transcoder Interface SCCP or SCCP based on a separate
Transcoder Implementation SCCP and LTI
(LTI) LTI (starting IOS 15.2.3T) platform, CUCM controlled
Embedded Packet Capture Exists Exists Exists Exists
Web-based UC API XE3.8 15.2.2T Exists Exists
Noise Reduction & ASP Exists 15.2.3T Exists Not Available
Call Progress Analysis XE3.9 15.3.2T Exists Not Available
CME/SRST feature set Not Available Exists XE3.11 Not Available
SRTP-RTP Call flows Exists (NO DSPs needed) Exists (DSPs required) Exists (NO DSPs needed) Exists (No DSPs needed)
VXML GW Not Available Exists Not Available Not Available
Module 1
Step 1: Configure CUCM to route calls to the edge SBC
SIP Trunk Pointing to CUBE
Standby
CUBE
A
Active IP PSTN
CUBE
Enterprise CUBE with High
Campus Availability
MPLS
• Configure CUCM to route all PSTN
PSTN is now
calls (central and branch) to CUBE via
used only for
a SIP trunk
emergency
SRST calls over
• Make sure all different patterns of calls
FXO lines
– local, long distance, international,
emergency, CME
informational etc.. are
pointing to CUBE
TDM PBX
Enterprise
Branch Offices
Module 1
Step 2: Get details from SIP Trunk provider
Item SIP Trunk service provider requirement Sample Response
1 SIP Trunk IP Address (Destination IP Address for INVITES) 66.77.37.2 or DNS

2 SIP Trunk Port number (Destination port number for INVITES) 5060
3 SIP Trunk Transport Layer (UDP or TCP) UDP
4 Codecs supported G711, G729
5 Fax protocol support T.38
6 DTMF signaling mechanism RFC2833
7 Does the provider require SDP information in initial INVITE (Early offer Yes
required)
8 SBC’s external IP address that is required for the SP to 128.107.214.AAA
accept/authenticate calls (Source IP Address for INVITES) 128.107.214.BBB
9 Does SP require SIP Trunk registration for each DID? If yes, what is the No
username & password
10 Does SP require Digest Authentication? If yes, what is the username & No
password
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
LTRCOL-2310
Step 3: Enable CUBE Application on Cisco routers
1. Enable CUBE Application Module 1
voice service voip
mode border-element license capacity 20  License count entered here not enforced though this CLI is
required to see “show cube” CLI output
allow-connections sip to sip  By default IOS/IOS-XE voice devices do not allow an incoming
VoIP leg to go out as VoIP
2. Configure any other global settings to meet SP’s requirements

voice service voip
media bulk-stats  For Rx/Tx counters to increment on IOS-XE based platforms. W/O this CLI, it will show 0/0
no h323  Disable H323 if not using it
sip
early-offer forced
header-passing
error-passthru
3. Create a trusted list of IP addresses to prevent toll-fraud

voice service voip
ip address trusted list  Applications initiating signaling towards CUBE, e.g. CUCM, CVP,
ipv4 66.77.37.2 ! ITSP SIP Trunk Service Provider’s SBC. IP Addresses from dial-peers with “session target
ipv4 10.10.1.20/28 ! CUCM ip” statement trusted by default and need not be populated here
sip
silent-discard untrusted  Default configuration starting XE 3.10.1 /15.3(3)M1 to mitigate TDoS Attack
Module 1
Step 4: Configure Call routing on CUBE
Standby CUBE with High
Availability
CUBE
A
Active IP PSTN
CUBE
Enterprise
Campus
MPLS
LAN Dial-Peers WAN Dial-Peers
PSTN is now
• Dial-Peer – “static routing” table mapping phone numbers
used onlyto
forinterfaces or IP addresses
emergency calls
• LAN Dial-Peers – Dial-peers
SRST that are facing towards over
theFXO
IP lines
PBX for sending and
receiving
calls to & from the PBX CME
• WAN Dial-Peers – Dial-peers that are facing towards

TDM PBXthe SIP Trunk provider for sending
Enterprise Branch
& receiving calls to & from the provider
Offices
Module 1
Understanding Dial-Peer matching Techniques:
LAN & WAN Dial-Peers
• LAN Dial-Peers – Dial-peers that are facing towards the IP PBX for sending
and receiving calls to & from the PBX
• WAN Dial-Peers – Dial-peers that are facing towards the SIP Trunk provider for
sending & receiving calls to & from the provider
Inbound LAN Dial-Peer Outbound Calls Outbound WAN Dial-Peer
A
CUCM SIP Trunk SP SIP Trunk
IP PSTN
CUBE
Inbound Calls
Outbound LAN Dial-Peer Inbound WAN Dial-Peer
Module 1
WAN Dial-Peer Configuration
Inbound Dial-Peer for call legs from SP to CUBE
dial-peer voice 200 voip
description *** Inbound WAN side dial-peer *** Specific to your DID range
incoming called-number 702475….$
session protocol sipv2
assigned by the SP
voice-class sip bind control source gig0/1
voice-class sip bind media source gig0/1
Apply bind to all dial-peers when
codec g711ulaw CUBE has multiple interfaces.
dtmf-relay rtp-nte Gig0/1 faces SP.
no vad
Outbound Dial-Peer for call legs from CUBE to SP
dial-peer voice 201 voip Translation rule/profile to strip the
description *** Outbound WAN side dial-peer *** access code (9) before delivering
translation-profile outgoing Digitstrip the call to the SP
destination-pattern 91[2-9]..[2-9]......$
session protocol sipv2 Dial-peer for making long distance
voice-class sip bind control source gig0/1 calls to SP, based on NANP (North
American Numbering Plan)
session target ipv4:<SIP_Trunk_IP_Address>
codec g711ulaw Note: Separate outgoing DP to be created for Local, International,
dtmf-relay rtp-nte Emergency, Informational calls etc.
no vad
Module 1
LAN Dial-Peer Configuration
Inbound Dial-Peer for call legs from CUCM to CUBE
description *** Inbound LAN side dial-peer ***
CUCM sending 9 (access code) + All
incoming called-number 9T
session protocol sipv2 digits dialed
Apply bind to all dial-peers when
codec g711ulaw CUBE has multiple interfaces. Gig0/0
dtmf-relay rtp-nte faces CUCM.
no vad
Outbound Dial-Peer for call legs from CUBE to CUCM
description *** Outbound LAN side dial-peer *** SP will be sending 10 digits (NANP)
destination-pattern 702475….$ based on your DID that is being
session protocol sipv2 delivered to CUCM
session target ipv4:<CUCM_IP_Address>
codec g711ulaw Default codec is G729 if none is
dtmf-relay rtp-nte specified
no vad
Note: If more than 1 CUCM cluster exists, you will have to create multiple such LAN dial-peers with “preference CLI” for CUCM redundancy/load balancing as the
traditional way to accommodate multiple trunks
Module 2
Step 5: SIP Normalization
SIP profiles is a mechanism to normalize or customize SIP at the
network border to provide interop between incompatible devices
SIP incompatibilities arise due to: Add user=phone for INVITEs
• A device rejecting an unknown header (value Incoming Outgoing
or parameter) instead of ignoring it CUBE
INVITE INVITE
sip:5551000@sip.com:5060 sip:5551000@sip.com:5060
• A device expecting an optional header SIP/2.0 user=phone SIP/2.0
value/parameter or can be implemented in
voice class sip-profiles 100
multiple ways request INVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
request REINVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
• A device sending a value/parameter that must
be changed or suppressed (“normalized”)
before it leaves/enters the enterprise to comply Modify a “sip:” URI to a “tel:” URI in INVITEs
with policies Incomi Outgoing
• Variations in the SIP standards of how to INVITE ng CUBE
INVITE
sip:2222000020@9.13.24.6:5060 tel:2222000020
achieve certain functions SIP/2.0 SIP/2.0
voice class sip-profiles 100

• With CUBE 10.0.1 SIP Profiles request INVITE sip-header SIP-Req-URI modify "sip:(.*)@[^ ]+" "tel:\1"
request INVITE sip-header From modify "<sip:(.*)@.*>" "<tel:\1>"
can be applied to inbound SIP request INVITE sip-header To modify "<sip:(.*)@.*>" "<tel:\1>"
messages as well
More information at http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/118825-technote-sip-00.html
Module 2
For Your
Normalize Inbound SIP Message (Example 1) Reference
CUBE SIP Diversion header must include a user portion
Requirement
SIP INVITE received by CUBE SIP INVITE CUBE expects
Received: Received:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0 INVITE sip:2000@9.44.44.4:5060 SIP/2.0
……… ……….
User-Agent: SP-SBC User-Agent: SP-SBC
……… ……….
Diversion: <sip:9.44.44.4>;privacy=off; Diversion: <sip:1234@9.44.44.4>;
reason=unconditional;screen=yes privacy=off;reason=unconditional;screen=yes
……... ……….
m=audio 6001 RTP/AVP 0 8 18 101 m=audio 32278 RTP/AVP 18 8 101
a=rtpmap:0 PCMU/8000 a=rtpmap:0 PCMU/8000
……... ………..
Enable Inbound SIP voice service voip

Profile feature sip
sip-profiles inbound
Configure Inbound
SIP Profile to add a voice class sip-profiles 700
dummy user part request INVITE sip-header Diversion modify “sip:” sip:1234@
dial-peer voice 4000 voip voice service voip
Apply to Dial-peer
description Incoming/outgoing SP sip
or Globally
voice-class sip profiles 700 inbound sip profiles 700 inbound
LTRCOL-2310
Module 2
SIP Profile support for Non-Standard Headers
 Introducing support for adding/copying/removing/modifying non-
standard SIP headers using SIP profiles
 A new 'WORD' option has been added to the SIP Profiles CLI chain to
allow the user to configure any non-standard SIP Header
CUBE(config)#voice class sip-profiles 1
CUBE(config-class)#request INVITE sip-header ?
Accept-Contact SIP header Accept-Contact The new “WORD”
……. option for specifying
Via SIP header Via unsupported headers
WORD Any other SIP header name
WWW-Authenticate SIP header WWW-Authenticate
CUBE(config-class)#request INVITE sip-header WORD ?

ADD addition of the header
COPY Copy a header
MODIFY Modification of a header
REMOVE Removal of a header
CUBE(config-class)#request INVITE sip-header WORD ADD “MyCustomHeader : Hussain Ali”
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
LTRCOL-2310
Module 3
Audio Transcoding and Transrating
iLBC, iSAC,
Speex Enterprise IP Phones:
SP VoIP VoIP G.711, G.729 20 ms,
CUBE G.722
G.729 30 ms
• Transcoding (12.4.20T) • Transcoding: G.711, G.723.1, G.726, G.728,

G.729/a, iLBC, G.722
• One voice codec to any other codec E.g. iLBC-G.711 or iLBC-G.729 • Transrating: G.729 20ms ↔ 30ms (AT&T)
• Support for H.323 and SIP
• CUCM 7.1.5 or later supports universal Transcoding Packetization
Supported Codecs
(ms)
• Transrating (15.0.1M) G.711 a-law 64 Kbps 10, 20, 30
• Different packetizations of the same codec
• E.g. G.729 20ms to G.729 30ms G.711 µlaw 64 Kbps 10, 20, 30
• Support for SIP-SIP calls
G.723 5.3/6.3 Kbps 30, 60
• No sRTP support with transrating
G.729, G.729A, G.729B, 10, 20, 30, 40, 50,
dial-peer voice 2 voip !Call volume (gain/loss) adjustment G.729AB 8 Kbps 60
codec g729r8 bytes 30 fixed-bytes dial-peer voice 2 voip
audio incoming level-adjustment x G.722—64 Kbps 10, 20, 30
audio outgoing level-adjustment y
Module 3
Configuration for SCCP based Transcoding For Your
(ISR-G2/4K) Reference
1. Enabling dspfarm services 3. sccp configuration
under voice-card
voice-card 1 sccp local GigabitEthernet0/0
dspfarm ! Only ISR G2 sccp ccm <CUBE_internal_IP> identifier 1 version 7+
dsp services dspfarm
sccp
sccp ccm group 1
2. telephony-service configuration associate ccm 1 priority 1
telephony-service associate profile 1 register CUBE-XCODE
sdspfarm units 1
sdspfarm transcode sessions 128 4. dspfarm profile configuration
sdspfarm tag 1 CUBE-XCODE
max-ephones 10
max-dn 10 dspfarm profile 1 transcode
ip source-address codec g711ulaw
<CUBE_internal_IP> port 2000 codec g711alaw
codec g729r8
maximum sessions 10
associate application SCCP
Module 3
Configuration for LTI based Transcoding
(ISR-G2/4K & ASR)
1. Enabling dspfarm services
under voice-card
voice-card 0/1 Feature Notes:
dspfarm ! Only ISR G2 • This uses Local Transcoding Interface to
dsp services dspfarm communicate between CUBE and DSPs
• Also available on ISR-G2 starting IOS 15.2.3T
2. dspfarm profile configuration • Can only be used if CUBE invokes the DSP
for media services
dspfarm profile 1 transcode
codec g711ulaw • CUCM cannot invoke DSPs using this LTI
codec g711alaw interface
codec g729abr8
codec g729ar8
codec ilbc
maximum sessions 100
associate application CUBE
Module 4
Call Admission Control at the edge...
CUBE provides various CAC mechanisms to safeguard your network from SIP based attacks and to enforce policies based on:
• Total calls • Maximum connections per destination
• CPU & Memory • Dial-peer or interface bandwidth
• Call spike detection
Total Calls, Call Spike call spike call-number [steps

High Water Mark Detection number-of-steps size milliseconds]
CPU, Memory call spike 10 steps 5 size 200
Low Water Mark
CUBE CUBE
call threshold global [total/mem/cpu] calls low xx high yy If a call spike is detected,
call treatment on reject calls
Max Calls per Max Bandwidth Call #3 Rejected

Call #3
Destination Rejected by based by CUBE
Call #1 CUBE Call #1 – 80Kbps
Call #2 Call #2 – 80 Kbps
Call #3 CUBE Call #3 – 80 Kbps
CUBE

max-conn 2 max-bandwidth 160
Module 4, 5
Call Admission Control at the edge...
CUBE provides various CAC mechanisms to safeguard your network from SIP based attacks and to enforce policies based on:
• Total calls • Maximum connections per destination
• CPU & Memory • Dial-peer or interface bandwidth
• Call spike detection
Total Calls, Call Spike call spike call-number [steps

High Water Mark Detection number-of-steps size milliseconds]
CPU, Memory call spike 10 steps 5 size 200
Low Water Mark
CUBE CUBE
call threshold global [total/mem/cpu] calls low xx high yy If a call spike is detected,
call treatment on reject calls
Max Calls per Max Bandwidth Call #3 Rejected

Call #3
Destination Rejected by based by CUBE
Call #1 CUBE Call #1 – 80Kbps
Call #2 Call #2 – 80 Kbps
Call #3 CUBE Call #3 – 80 Kbps
CUBE

max-conn 2 max-bandwidth 160
Module 6
Destination Dial-peer Group
• Allows grouping of outbound dial-peers based on an incoming dial-peer, reducing
existing outbound dial-peer provisioning requirements
• Eliminates the need to configure extra outbound dial-peers that are sometimes
needed as workarounds to achieve desired call routing outcome
• Multiple outbound dial-peers are saved under a new “voice class dpg <tag>”. The
new “destination dpg <tag>” command line of an inbound voip dial-peer
can be used to reference the new dpg (dial-peer group)
• Once an incoming voip call is handled by an inbound voip dial-peer with an active
dpg, dial-peers of a dpg will then be used as outbound dial-peers for an incoming
call
• The order of outgoing call setups will be the sorted list of dial-peers from a dpg,
i.e, the destination-patterns of the outgoing dial-peers is not relevant for selection
Module 6
Destination Dial-peer Group Configuration
voice class dpg 10000 description DPG 10000
description Voice Class DPG for DP Source SJ destination-pattern 3333
dial-peer 1001 preference 1 session protocol sipv2
dial-peer 1002 preference 2 session target ipv4:10.1.1.1
dial-peer 1003 !
! dial-peer voice 1002 voip
dial-peer voice 100 voip description DPG 10000
description DP Source SJ w/voice class dpg destination-pattern 2222
incoming called-number 1341 session protocol sipv2
destination dpg 10000 session target ipv4:10.1.1.2
!
description DPG 10000
1. Incoming Dial-peer is first destination-pattern 1111
matched
2. Nowsession target
the DPG ipv4:10.1.1.3
associated
with the INBOUND DP is
selected
Module 6
Debugging Made Easier
Categorize Debugs based on Functionality
 Categorization based on
Functionality Router# debug ccsip feature < audio | cac |
1. Audio/video/sdp/control config | control | dtmf | fax | line | misc |
2. Configuration /sip-transport misc-features | parse | registration | sdp-
3. CAC negotiation | sdp-passthrough | sip-profiles
4. DTMF/FAX/Line-side | sip-transport | srtp | supplementary-
5. Registration services | transcoder | video >
6. Sdp - passthrough
7. Sip-profile/SRTP/transcoder
Example: enabling DTMF and audio debugs only with default log level is considered.
DTMF(32) debug code
CUBE#sh debugging
CCSIP SPI: SIP info debug tracing is enabled (filter is OFF)
CCSIP SPI: audio debugging for ccsip info is enabled (active)
CCSIP SPI: dtmf debugging for ccsip info is enabled (active) Audio(2) debug code
May 21 17:54:53.377: //444/5FE632EB8479/SIP/Info/verbose/32/sipSPI_ipip_store_channel_info: dtmf negotiation

done, storing negotiated dtmf = 0,
May 21 17:54:53.377: //444/5FE632EB8479/SIP/Info/info/2/sipSPIUpdateCallEntry:
Call 444 set InfoType to SPEECH
Module 6
Debugging Made Easier
Categorize Debugs based on Functionality
|-----------------------------------------------
| show cube debug category codes values.
CUBE# show cube debug category codes |-----------------------------------------------
| Indx | Debug Name | Value
|-----------------------------------------------
| 01 | SDP Debugs | 1
 This CLI is used to collect the | 02 | Audio Debugs | 2
predefined debug features category | 03 | Video Debugs | 4
| 04 | Fax Debugs | 8
codes , which helps in analysis of | 05 | SRTP Debugs | 16
debugs manually. | 06 | DTMF Debugs | 32
| 07 | SIP Profiles Debugs | 64
| 08 | SDP Passthrough Deb | 128
| 09 | Transcoder Debugs | 256
| 10 | SIP Transport Debugs | 512
| 11 | Parse Debugs | 1024
| 12 | Config Debugs | 2048
| 13 | Control Debugs | 4096
| 14 | Mischellaneous Debugs| 8192
| 15 | Supp Service Debugs | 16384
| 16 | Misc Features Debugs| 32768
| 17 | SIP Line-side Debugs | 65536
| 18 | CAC Debugs | 131072
| 19 | Registration Debugs | 262144
|-----------------------------------------------
Module 7
Multiple Incoming Patterns Under Same
Incoming/Outgoing Dial-peer
voice class e164-pattern-map 300 Provides the ability to combine multiple
e164 919200200.
e164 510100100. incoming called OR calling numbers on
Site A (919)200-2000 e164 408100100. a single inbound voip dial-peer, reducing
the total number of inbound voip dial-
(510)100-1000 dial-peer voice 1 voip
Site B description Inbound DP via Calling peers required with the same routing
incoming calling e164-pattern-map 300 capability
Site C (408)100-1000 codec g729r8
Up to 5000 entries in a text file
G729 Sites A SIP Trunk SP SIP Trunk IP PSTN

CUBE
Site A voice class e164-pattern-map 400 ! This is an example of the

(919)200-2010 contents of E164 patterns text
url flash:e164-pattern-map.cfg
file stored in flash:e164-
Site B (510)100-1010
dial-peer voice 2 voip pattern-map.cfg
description Outbound DP via Called
Site C (408)100-1010 9192002010
destination e164-pattern-map 400 5101001010
codec g711ulaw 4081001010
G711 Sites
Module 8
Destination Server Group
• Supports multiple destinations (session targets) be defined in a group and applied to
a single outbound dial-peer
• Once an outbound dial-peer is selected to route an outgoing call, multiple
destinations within a server group will be sorted in either round robin or preference
[default] order
• This reduces the need to configure multiple dial-peers with the same capabilities but
different destinations. E.g. Multiple subscribers in a cluster
voice class server-group 1 dial-peer voice 100 voip
hunt-scheme {preference | round-robin} description Outbound DP
ipv4 1.1.1.1 preference 5 destination-pattern 1234
ipv4 2.2.2.2 session protocol sipv2
ipv4 3.3.3.3 port 3333 preference 3 codec g711ulaw
ipv6 2010:AB8:0:2::1 port 2323 preference 3 dtmf-relay rtp-nte
ipv6 2010:AB8:0:2::2 port 2222 session server-group 1
* DNS target not supported in server group
Overview: Unified Communications
Manager
CUCM Overview
• Management • CAC and QoS
• Centralized Dial Plan • Locations based (static)
• Centralized Reporting • RSVP (dynamic)
• Multi-protocol Interworking (SIP,
• H.323, MGCP, SCCP, Q.SIG,…) • Security
• Device Authentication
• Centralized Trunking
• TLS, SSL support
• TDM
• SRTP
• IP PSTN (SIP/H323)
• Inter-Cluster • Toll Fraud and Privacy
• Application Integrations • Scalability

• Voicemail
• Conferencing
• Mobility
• Fax Servers
• Recording
Overview: Cisco MediaSense
MediaSense – Features
• Full-time audio recording via Communication Manager Recording
Profile
• Phone Based Recording (Built in Bridge)
• Unified Border Element (CUBE) based TDM gateway MediaSense
• On-Demand recording
• Recording using Phone softkey (Built in Bridge)
• Playback of recorded sessions via URLs
• Selective recording via partner applications
• Real-Time monitoring of active sessions
• Download
– Recordings can be exported to AAC/MP4 or PCM/WAV
– Export using Search and Play portal or using the REST API
MediaSense - Captures
• “Active Recording” aka “Media Forking”
• The process of duplicating media streams from a conversation to a recording or
monitoring system
• Two mechanisms for Media Forking:

• In Cisco IP phones: “Built-in Bridge” aka “BiB”
CUCM initiates recording in BiB based on:
‘Full time’ or ‘Selective’
• In IOS ISR/ASR network platforms (CUBE)
Today: dial-peer configuration control to initiate recording sessions
Tomorrow: CUCM dynamic control
(using the same mechanism to initiate recording sessions as BiB)
Overview: Lab Overview
Lab – Network Setup – POD A’s [Modules 1 to 10]
CUCM-POD a LAN WAN
CUBE-a
Gig0/0 – 10.10.1.21 SP IP
Gig0/1 – 128.107.214.AAA Network
CUBE
10.10.1.20 Cisco MediaSense CenturyLink® SIP Trunk
Student PC-A 66.77.37.2
Win7K VM to access
your Lab components
including IP Soft 10.10.1.16
Phone via Remote
Desktop
IP – 10.10.1.201
Phone# +1(702)475-95DN
DN: 95DN
Internet Classroom PC
OR
Your Home PC
Lab – Network Setup – POD B’s [Modules 1 to 10]
CUCM-POD b LAN WAN
CUBE-b
Gig0/0 – 10.10.1.22 SP IP
Gig0/1 – 128.107.214.BBB Network
CUBE
10.10.1.28 Cisco MediaSense CenturyLink® SIP Trunk
66.77.37.2
Student PC-B
Win7K VM to access
your Lab components
including IP Soft 10.10.1.16
Phone via Remote
Desktop
IP – 10.10.1.202
Phone# +1(702)475-95DN
DN: 95DN
Internet
Classroom PC
OR
Your Home PC
HA Network Setup – Pod XA and XB Combined
POD-A IP Phone
CUCM-POD a IP – 10.10.1.201 Module 11
Phone# +1(702)475-95DN
Student PC-A (VM)
CUBE-a
10.10.1.20 Gig0/0 – 10.10.1.21 Gig0/1 – 128.107.214.AAA
128.107.214.VIP
MediaSense CUBE
10.10.1.23
Group X0
Group X
HSRP
HSRP
Keepalives SP IP
Network
10.10.1.16
CenturyLink® SIP Trunk
Gig0/0 – 10.10.1.22 Gig0/1 – 128.107.214.BBB 66.77.37.2
CUCM-POD b CUBE
LAN CUBE-b WAN
Virtual IP Virtual IP
POD-B IP Phone
10.10.1.28 IP – 10.10.1.202
Phone# +1(702)475-95DN
Student PC-B (VM) LTRCOL-2310 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Lab – Access
Lab – Access
• Disable Pop-up blockers and Go to :
https://LABOPS-OUT.CISCO.COM/LABOPS/ILT
• Register with your email and Class ID/name of husali_v20073
• Pick a Pod based on the POST-IT note in front of you. E.g, POD 8B
corresponds to CB-CUBE-8 and Student PC-B (bottom Laptop icon)
• Download the Lab Guide (contains solutions) from the Courseware link
and choose your respective Pod-a or Pod-b lab guides
• Click on the Laptop icon for Student PC-a or PC-b to download the
remote desktop shortcut. Save the shortcut and edit its settings to make
RDP display to full screen
• RDP Credentials : Username  administrator
Password  C1sc0123 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
LTRCOL-2310
Dialed Number Analyzer for CUBE
Dialed Number Analyzer (DNA) for CUBE
Features Use Cases
• Emulation of CUBE
• Dial-Plan validation
• E164 and URI Call Routing
Features • Understand Call routing logic
• 2 Input modes – E164 and SIP • Pre-deployment config

Message validation
• 10 Call Routing features • Interoperability Testing
• Output SIP Invite Generation

• Real-time config editing and testing
• Hover feature
Input Option – Calling / Called Number
https://cway.cisco.com/tools/DNACube
Input Option – Calling / Called Number
Input Option – SIP Message
More Information - https://supportforums.cisco.com/document/13048886/dialed-number-analyzer-cube

Demo
SIP Profile Test Tool
Features Use Cases
• Validate SIP Profile Configuration • SIP Normalization behavior

testing
• Outbound SIP Profile feature
• Interoperability testing
• SIP Copy-list feature is supported
• Pre-deployment config validation
• Real-time config editing and testing
• User friendly interface
• Highlight feature
https://cway.cisco.com/tools/SipProfileTest/
More Information - https://supportforums.cisco.com/document/13058446/sip-profile-test-tool

Demo
External/PSTN Call Recording
Module 9
External/PSTN Call Recording Options
• CUBE Controlled (Dial-peer based ORA)
• Based on Open Recording Architecture, metadata sent in Cisco Proprietary format from CUBE to Recorder
• Dial-peer controlled, IP-PBX independent
• Source of recorded media (RTP only) is always CUBE (External calls only). For SRTP-RTP calls, apply
media forking CLI on the RTP leg only.
• Records both audio and video calls and supported with CUBE HA (Inbox or box-2-box)
• CUBE Controlled (Dial-peer based SIPREC)

• Based on SIPREC (RFC 6341, 7245, Metadata-draft-17, Protocol-draft-15), CUBE sends metadata in XML
format
• Dial-peer controlled, IP-PBX independent
• Source of recorded media (RTP only) is always CUBE (External calls only). For SRTP-RTP calls, apply
media forking CLI on the RTP leg only.
• Records both audio and video calls and supported with CUBE HA (Inbox or box-2-box)
• CUCM NBR (Network Based Recording)

• CUCM Controlled, requires CUCM 10+ and UC Services API be enabled on CUBE
• Recording triggered by CUCM and this mode records only Audio calls
• Source of Recorded Media can be CUBE or Endpoint (BiB), CUBE as source desired for PSTN calls
CUBE Controlled Recording Option – Media Forking
Dial-peer based – Open Recording Architecture (ORA) Module 9
• CUBE sets up a stateful SIP session
Cisco Search/Play demo app with MediaSense server
-or- • After SIP dialog established, CUBE
Partner Application
forks the RTP and sends it for
MediaSense to record
Cisco MediaSense MediaSense
(authentication disabled w/o UCM) • With XE 3.10.1, Video calls
supported and CUBE HA for audio
SIP
calls
Cisco Proprietary Metadata
A SIP SIP
SP SIP
CUBE
RTP RTP
media class 9
recorder parameter dial-peer voice 950 voip
• Call agent independent media-recording 950 description dial-peer pointing to MediaSense
• Configured on a per Needs to destination-pattern 7777 ! Dummy

dial-peer voice 901 voip match
Dial-peer level to fork description dial-peer that needs to be forked session transport tcp
RTP session protocol sipv2 session target ipv4:<Mediasense_IP>
media-class 9 ! Bind on this DP mandatory for CUBE HA
Module 10
Ability to sort dial-peers
show run dial-peer sort
dial-peer (default) dial-peer sort dial-peer sort descending

dial-peer voice 4020 pots dial-peer voice 5 pots dial-peer voice 5000 voip
destination-pattern 4020 incoming called-number 1... destination-pattern 5...
port 0/2/0 port 1/0/0:23 session protocol sipv2
! ! session target ipv4:1.4.65.5 Dial Peer tag
dial-peer voice 5000 voip dial-peer voice 4020 pots !
destination-pattern 5... destination-pattern 4020 dial-peer voice 4020 pots
session protocol sipv2 port 0/2/0 destination-pattern 4020
session target ipv4:1.4.65.5 ! port 0/2/0
! dial-peer voice 5000 voip !
dial-peer voice 5 pots destination-pattern 5... dial-peer voice 5 pots
incoming called-number 1... session protocol sipv2 incoming called-number 1...
port 1/0/0:23 session target ipv4:1.4.65.5 port 1/0/0:23
High Availability
Module 11
CUBE High Availability Options
• Inbox redundancy
• ASR 1006, preserves signaling & media
• Stateful failover
• Local redundancy
ASR(config)#redundancy
ASR-RP2(config-red)#mode sso
ASR-RP2(config-red)#end
• L2 Box-to-Box redundancy
Active
• ISR G2/4K (Stateful failover)
• ASR 1001-X/2-X/4/6 (Stateful failover)
• Local redundancy (Both routers must be Virtual
CUBE
Virtual
SIP SP
physically located on the same Ethernet LAN) IP IP
• Not supported across data centers CUBE
• Only 1 RP and 1 ESP in ASR1006 Standby
• Preserves both signaling and media
• Clustering with load balancing

• All platforms
• Load balancing by
• SP call agent SIP SP
• Cisco Unified SIP Proxy CUSP CUSP
• Local and geographical redundancy
CUBE HA Design Considerations on ISR-G2 for Box-to-Box
Redundancy
• Anytime a platform is reloaded in a CUBE-HA relationship, it always boots up as Standby

• All active calls are checkpointed (Calls that are connected - 200OK / ACK transaction completed)
• All signaling/media is sourced from/to the Virtual IP Address
• Multiple Traffic (SIP/RTP) interfaces (Gig0/0, Gig0/1) require preemption and interface tracking
• HSRP Group number should be unique to a pair/interface combination on the same L2
• All interfaces of the same group have to be configured with the same priority
• No media-flow around or UC Services API (CUCM NBR) support for CUBE HA Module 11
Redundancy – Cont’d
Module 11
• Lower IP Address for ALL the interfaces (Gig0/0, Gig0/1, Gig0/2) should be on the same platform,
which is used as a tie breaker for the HSRP Active state
• Multiple HSRP Groups/Interfaces/sub-interfaces can be used on either LAN or WAN side
• Upto 6 multimedia lines in the SDP are checkpointed for CUBE HA
• SDP Passthru (upto 2 m-lines) calls are also checkpointed starting IOS 15.6(1)T
• TDM or SRST or VXML GW cannot be collocated with CUBE HA
• Both platforms must be connected via a physical Switch across all likewise interfaces for CUBE HA to
work, i.e. Gig0/0 of CUBE-1 and CUBE-2 must terminate on the same switch and so on
• Cannot have WAN terminated on CUBEs directly or Data HSRP on either side. Both Active/Standby
must be in the same Data Center
• Both the CUBEs must be running on the same type of platform and IOS version and identical
configuration. Loopback interfaces cannot be used for bind as they are always up. Sub-interfaces are
supported
• CUBE HA only checkpoints SIP/RTP Traffic. Support for Survivability.tcl preservation was added in
15.6(2)T for CVP deployments
• Out-of-band DTMF (Notify/KPML) will not work post switchover Module 11
• CCB (courtesy callback) feature is not supported if a callback was registered with CVP and then a
switchover was done on CUBE. The CCB will not work in these scenarios.
• Recommended to configure TCP session transport for the SIP trunk between CVP and CUBE
• LTI based transcoding called flows including SRTP/RTP interworking preserved starting 15.5(2)T.
Requires same PVDM3 chip capacity on both active and standby in the same slot/subslot. CPA calls
(prior to being transferred to the agent), SCCP based media resources, Noise Reduction, ASP,
transrating calls are not checkpointed
• SRTP - RTP, SRTP - SRTP and SRTP passthru supported on ISR-G2 Module 11
• CUBE HA with HSRP is supported with VRFs configured

Module 11
• Traffic interfaces (SIP/RTP) can have VRFs configured but HSRP interface [ipc zone default config –
Gig0/2 above] cannot have any VRF associated with it. This means for every CUBE HA deployment
where VRFs are being utilized for SIP/RTP interfaces, at least three interfaces are required. Otherwise,
any of the LAN interfaces (Gig0/0 above) can be used as an HSRP interface
• VRF ID’s will be check pointed for the calls before and after switchover. VRF Configurations in both
active and standby routers have to be identical. This includes VRF based rtp port range as well
• Upon failover, the previously ACTIVE CUBE goes through a reload by design, preserving
signaling/media. Thus, running config should always be saved to avoid losing it due to the reload
CUBE Configuration on ISR-G2 Box-to-Box Redundancy
Module 11
CUBE 1 CUBE 2
CUBE-1> enable CUBE-2> enable
CUBE-1# configure terminal CUBE-2# configure terminal
CUBE-1(config)# ip vrf LAN-VRF Configure VRFs on the CUBE-2(config)# ip vrf LAN-VRF
CUBE-1(config)# rd 1:1 platform (if applicable) CUBE-2(config)# rd 1:1
CUBE-1(config)# ip vrf WAN-VRF CUBE-2(config)# ip vrf WAN-VRF
CUBE-1(config)# rd 2:2 CUBE-2(config)# rd 2:2
CUBE 1 CUBE 2
Module 11
interface GigabitEthernet0/0 interface GigabitEthernet0/0
description “Enterprise LAN” Inside interfaces : description “Enterprise LAN”
ip vrf forwarding LAN-VRF HSRP group 1 ip vrf forwarding LAN-VRF
ip address 10.10.1.11 255.255.255.0 VRF ID : LAN-VRF (if ip address 10.10.1.12 255.255.255.0
standby version 2 applicable) standby version 2
standby 1 ip 10.10.1.13 Interface can be standby 1 ip 10.10.1.13
standby delay minimum 30 reload 60 utilized as an HSRP standby delay minimum 30 reload 60
standby 1 preempt interface if no VRFs standby 1 preempt
standby 1 track 2 decrement 10 are required or standby 1 track 2 decrement 10
standby 1 track 3 decrement 10 configured standby 1 track 3 decrement 10
standby 1 priority 50 standby 1 priority 50
Module 11
CUBE 1 CUBE 2
description “Enterprise WAN” description “Enterprise WAN”
ip vrf forwarding WAN-VRF ip vrf forwarding WAN-VRF
ip address 128.107.66.77 255.255.255.0 ip address 128.107.66.78 255.255.255.0
standby version 2 Outside interfaces : standby version 2
standby 10 ip 128.107.66.79 HSRP group 10 standby 10 ip 128.107.66.79
standby delay minimum 30 reload 60 VRF ID : WAN-VRF standby delay minimum 30 reload 60
standby 10 preempt (if applicable) standby 10 preempt
standby 10 track 1 decrement 10 standby 10 track 1 decrement 10
CUBE 1 CUBE 2
description “HSRP Interface” description “HSRP Interface”
ip address 1.1.1.1 255.255.255.0 ip address 1.1.1.2 255.255.255.0
standby version 2 HSRP interfaces : standby version 2
standby 100 ip 1.1.1.3 HSRP group 100 standby 100 ip 1.1.1.3
standby delay minimum 30 reload 60 standby delay minimum 30 reload 60
CANNOT HAVE VRFs standby 100 preempt
standby 100 preempt
standby 100 name CUBEHA associated standby 100 name CUBEHA
! !
Configure Interface
track 1 interface Gig0/0 line-protocol track 1 interface Gig0/0 line-protocol
track 2 interface Gig0/1 line-protocol Tracking (for line protocol
track 2 interface Gig0/1 line-protocol
track 3 interface Gig0/2 line-protocol on corresponding track 3 interface Gig0/2 line-protocol
interfaces of the platform
Module 11
CUBE 1 CUBE 2
Define Redundancy scheme: Creates redundancy inter-device
redundancy inter-device
interdependency b/w CUBE redundancy & HSRP scheme standby CUBEHA
scheme standby CUBEHA
voice service voip voice service voip

mode border-element Turn on CUBE Redundancy mode border-element
allow-connections sip to sip allow-connections sip to sip
redundancy redundancy
ipc zone default HSRP Interface - IPC configuration : ipc zone default
association 1 Allows the ACTIVE CUBE to tell the association 1
no shutdown STANDBY about the state of the calls. no shutdown
protocol sctp CONFIG SHOULD BE APPLIED on the protocol sctp
local-port 5000 LAN SIDE (to avoid SPLIT BRAIN) and a local-port 5000
local-ip 1.1.1.1 NON-VRF associated interface local-ip 1.1.1.2
remote-port 5000 CANNOT HAVE VRFs remote-port 5000
remote-ip 1.1.1.2 associated with this interface remote-ip 1.1.1.1
Configuration on Active and Standby
Bind traffic destined to the outside (SP SIP trunk)
to the outside Physical interface.
description TO SERVICE PROVIDER
destination-pattern 9T
This ensures that all RTP and SIP packets are
session protocol sipv2 created with the virtual IP associated with the
session target ipv4:y.y.y.y respective physical interface.
voice-class sip bind control source-interface GigabitEthernet0/1 CUBE HA does not work with loopback interfaces
voice-class sip bind media source-interface GigabitEthernet0/1 as they are always up
!
description TO CUCM Bind traffic destined to the inside (CUCM or IP
destination-pattern 555…. PBX) to the inside Physical interface.
session protocol sipv2 This ensures that all RTP and SIP packets are
session target ipv4:10.10.1.10 created with the virtual IP associated with the
voice-class sip bind control source-interface GigabitEthernet0/0 respective physical interface.
voice-class sip bind media source-interface GigabitEthernet0/0
!
ip rtcp report interval 3000
! Configure media inactivity feature to clean up any
gateway calls that may not disconnect after a failover
media-inactivity-criteria all
timer receive-rtcp 5
timer receive-rtp 86400
Module 11
CUBE HA Design Considerations on ASR1K/ISR-4K/vCUBE
for Box-to-Box Redundancy
• Uses Redundancy Group (RG) Infrastructure Protocol

• Only active calls are checkpointed (Calls that are connected - 200OK / ACK transaction completed)
• GE0/0/0 and GE0/0/1 are referred to as traffic (SIP/RTP) interfaces and GE0/0/2 is RG (Redundancy
Group) Control/data interface
• Starting IOS-XE 16.3.1, Port channel is supported for both RG Control/data and traffic interfaces
• All signaling/media is sourced from/to the Virtual IP Address
• When configuration is applied and saved, the platform must go through a reload cycle
Additional Supported options for CUBE HA
CUBE-1
PortChannel2
Gig0/0/0
Gig0/0/2.200
Gig0/0/2.100 – ITSP 1
Gig0/0/1
CUBE
Gig0/0/3 Gig0/0/4 ITSP 1
PortChannel34
redundancy
redundancy
redundancy
WAN
rii 1
rii 2
rii 3
Switch D Switch E Switch A Switch B Switch C Edge
PortChannel34
CUCM
Gig0/0/3 Gig0/0/4 ITSP 2
Gig0/0/1
PortChannel2
Gig0/0/2.100
Gig0/0/2.200 – ITSP 2
Gig0/0/0 CUBE
CUBE-2
• The RG control data interfaces can be a sub interface that is part of the same port channel used for voice traffic. This will go to switch D and E
thereby eliminating the need for additional switches for RG control/data. This is provided there is sufficient bandwidth for voice + RG
data/control on the port channel (for example when using 10G)
• Multiple ITSPs can be terminated on the same CUBE HA pair, PortChannels can be used on WAN side as well, with L2 and CE router redundancy
Key Takeaways
• It is a manageable transition from existing TDM based networks to SIP
networks using these network design techniques
• Enterprise SBC (Cisco Unified Border Element - CUBE) is an essential
component of a UC solution providing;
• Security, Session Management, Interworking, Demarcation
• Over 17,000 Enterprise customers all over the Globe
• Proven interoperability with 3rd party PBX vendors and different service providers
around the world (more than 160 countries)
• Now is the time to deploy SIP Trunking in either a Centralized or a Distributed
solution to save money, simplify your topology and setup your infrastructure for
future services
• Complete feature Presentations, Lab Guide, Free Hands-on Lab access &
Application Notes :
»https://cisco.box.com/cube
19,000+
Members
Join the Customer Connection Program Strong
• Influence product direction

Join in World of Solutions
• Access to early adopter & beta trials
Collaboration zone
• Monthly technical & roadmap briefings
 Join at the Customer Connection stand
• Connect in private online community  New member thank-you gift *
 CCP ribbon for access to NDA sessions
• Exclusive perks at Cisco Live
• Collaboration NDA Roadmap Sessions Mon & Tues
• Q&A Open Forum with Collaboration Product
Management Tues 4:00 – 5:30 Join Online
• Reserved seats at Collaboration Innovation Talk www.cisco.com/go/ccp
Thurs 8:00am – 9:00am
Come to Collaboration zone to get your
• 2 new CCP tracks launching at Cisco Live:
ribbon and new member gift
Security & Enterprise Networks
* While supplies last
Complete Your Online Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 Amazon gift card.
• Complete your session surveys
through the Cisco Live mobile
app or from the Session Catalog
on CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be available

for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you

Deploying Enterprise SIP Trunks With CUBE, CUCM and MediaSense SBC PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Deploying Enterprise SIP Trunks With CUBE, CUCM and MediaSense SBC PDF

Uploaded by

Copyright:

Available Formats

Deploying Enterprise SIP Trunks with

CUBE (Cisco Unified Border Element),

LTRCOL-2310 July 2016

3900 Series ISR-G2 (3925, 3945)

4 <50 500-600 900-1000 2000-2500 4000 4500-6000 7000-10,000 12K-14K 14-16K

Active Concurrent Voice Calls Capacity

Platform CUBE SIP-SIP Sessions (Audio)

11.5.14 15.6(2)T14 Mar 2016 N/A 3 16.2.13 Mar 2016

Proven Interoperability and Interworking with

Cisco 881, 886, 887, 888, 892F, SPIAD FL-NANOCUBE N/A

vCUBE (CUBE on CSR 1000v)

• Are CUBE licenses incremental?

• Is CUBE Licensing Enforced?

• Does a call recording solution require additional licensing?

• Can a customer migrate from a Single-Use to a RED license?

• Can standalone CUBE Licenses be transferred?

 Signaling is terminated, interpreted and Media Flow-Through

 Media is handled in two different modes: CUBE

dial-peer voice 1 voip dial-peer voice 2 voip

VRF1 – 10.10.10.10 CUBE 20.20.20.20 – VRF2

180 RINGING 180 RINGING

 ISR: Pkt fwd’ing and signaling are handled by the

 ASR: Pkt fwd’ing and signaling are handled by

RP (control plane) ESP (data plane) FFP code

Chassis Mgr. QFP Client Chassis Mgr.

CUBE signaling CUBE media processing

CSR 1000v (virtual IOS-XE)

Hypervisor vSwitch NIC

X86 Multi-Core CPU Memory Banks Hardware GE … GE

VXML GW Not Available Exists Not Available Not Available

1 SIP Trunk IP Address (Destination IP Address for INVITES) 66.77.37.2 or DNS

2. Configure any other global settings to meet SP’s requirements

3. Create a trusted list of IP addresses to prevent toll-fraud

• WAN Dial-Peers – Dial-peers that are facing towards

Inbound LAN Dial-Peer Outbound Calls Outbound WAN Dial-Peer

voice class sip-profiles 100

Enable Inbound SIP voice service voip

CUBE(config-class)#request INVITE sip-header WORD ?

• Transcoding (12.4.20T) • Transcoding: G.711, G.723.1, G.726, G.728,

Total Calls, Call Spike call spike call-number [steps

Max Calls per Max Bandwidth Call #3 Rejected

dial-peer voice 1 voip dial-peer voice 1 voip

Total Calls, Call Spike call spike call-number [steps

Max Calls per Max Bandwidth Call #3 Rejected

dial-peer voice 1 voip dial-peer voice 1 voip

May 21 17:54:53.377: //444/5FE632EB8479/SIP/Info/verbose/32/sipSPI_ipip_store_channel_info: dtmf negotiation

G729 Sites A SIP Trunk SP SIP Trunk IP PSTN

Site A voice class e164-pattern-map 400 ! This is an example of the

* DNS target not supported in server group

• Application Integrations • Scalability

• Two mechanisms for Media Forking:

10.10.1.20 Gig0/0 – 10.10.1.21 Gig0/1 – 128.107.214.AAA

• 2 Input modes – E164 and SIP • Pre-deployment config

• 10 Call Routing features • Interoperability Testing

• Output SIP Invite Generation

More Information - https://supportforums.cisco.com/document/13048886/dialed-number-analyzer-cube

• Validate SIP Profile Configuration • SIP Normalization behavior

More Information - https://supportforums.cisco.com/document/13058446/sip-profile-test-tool

• CUBE Controlled (Dial-peer based SIPREC)

• CUCM NBR (Network Based Recording)

• Configured on a per Needs to destination-pattern 7777 ! Dummy

dial-peer (default) dial-peer sort dial-peer sort descending

• Preserves both signaling and media