Professional Documents
Culture Documents
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
CUBE Overview,
Deployments, and
SIP Trunk Sizing
On-Prem Collaboration Deployment
DEMARC
Enterprise LAN ITSP WAN (SIP Provider)
PSTN (PRI/FXO)
Unified CM
TDM Backup
(Not available in
10.10.1.21 vCUBE)
10.10.1.20
66.77.37.2
Gig0/0
PSTN
Gig0/1
CUBE 128.107.214.195
SIP
H.323
DEMARC
RTP
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Calls Per Second : Short duration 30 sec CHT
CUBE (Enterprise) Product Portfolio [Not to Scale]
ASR 1004/6 RP2
50-150
Active Concurrent Voice Calls Capacity BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
CUBE Software Release Mapping
CUBE Initial IOS-XE Release for this CUBE Subsequent IOS-XE Release for
Version version and Release date this CUBE version
11.5.2 16.3.2/16.4.1 Nov 2016 16.3.3 - 16.3.9 / 16.4.2 – 16.4.3
11.6.0 16.5.1 March 2017 16.5.1b – 16.5.3
12.0.0 16.6.1 July 2017 16.6.2 – 16.6.6
12.0.0 16.7.1 Nov 2017 16.7.2 – 16.7.3
12.1.0 16.8.1 March 2018 16.8.2 – 16.8.3
12.1.0 16.9.1 July 2018 16.9.2 – 16.9.4 – 16.9.5
12.5.0 16.10.1a Nov 2018 16.10.2 – 16.10.3
12.6.0 16.11.1a March 2019 -
12.7.0 16.12.1c July 2019 16.12.1a – 16.12.2
12.7.1 17.1.1 Nov 2019 -
TBD 17.2.1 March 2020 -
14.0 17.3.1 July 2020 -
TBD 17.4.1 Nov 2020 -
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Platform Roadmap [Subject to Change]
• CUBE Support for ISR 4461 –
March 2020 – IOS-XE 17.2.1
Platform
Encrypted video Encrypted Video calls
1CSR1Kv - Based on tests using Cisco UCS ® C240 host with Intel
calls w/GCM256 CPS SHA1_80 – GCM128 CPS
® Xeon ® 6132 2.60GHz processors running VMware ESXi 6.0.
sRTP(G711)-RTP(G711) sRTP(G711) - sRTP(G711)
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
CUBE Licensing
Updates
New CUBE Licensing Offer
What is Smart Licensing?
• Smart Licensing is a Cisco wide initiative that provides a License Inventory
Management System which provides Customers, Cisco, and Selected
Partners with information about License Ownership and Use
• All licenses are delivered directly to your cloud based Cisco Smart
Software Manager (CSSM) account allowing you to control where they are
used and monitor how they are used.
• Smart Licenses do not require registration, so no more PAKs
• Smart licenses entitle the CUSTOMER, not the product instance.
Licenses are not node locked.
• Licenses are pooled for flexible
use by devices registered to the
same account
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Cisco Unified Border Element (CUBE)
SIP Trunking to a Provider
Note: Platform technology licenses are required to enable CUBE functionality. See later slide.
As part of migration to Smart and SWSS enabled licensing for CUBE, all $0 licenses from router bundles will be removed by end of April 2019. Product Bulletin for
the same can be accessed at https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-element/bulletin-c25-742073.html
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
New CUBE Offer with Smart Licensing
Cisco Software Support Service (SWSS) is required for a minimum of 12 months when purchasing
CUBE session license(s).
SWSS provides access to software maintenance, updates, upgrades, and technical support
Note: Platform technology licenses are required to enable CUBE functionality. See later slide.
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Cisco Unified Border Element (CUBE)
Lineside
Third Party Call
Control in SP Cloud
New • CUBE Lineside features compliment
Offer
hosted call control solutions with:
• SIP proxy registration of IP phones (Cisco MPP or
PE-SBC
3rd party).
• Service continuity should the hosted service
become unavailable.
Business
Internet
Lineside Note: NanoCUBE RTU licenses will remain
Connection Certified
demarcation available for ISR800 series products only.
CUBE Lineside
Hosted
SIP Service IP
Cloud-based Phones
call control
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Cisco Unified Border Element (CUBE)
Media Proxy
New • Standalone application that extends CUBE trunk session
Offer forking to allow a call to be replicated up to five times for
media recording redundancy & load balancing and call
analytics.
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
The Road To Smart Licensing
IOS XE IOS XE IOS XE IOS XE IOS XE
16.5 to 16.9 16.10 16.11 to 17.1 17.2 17.3
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
CUBE Trunk – Road to Smart Licensing (SL)
• IOS XE 16.9 and earlier: Smart is optional for the platform (UCK9,
SecK9). CUBE not enabled for SL
• IOS XE 16.10: Smart is the only platform option. CUBE not formally
supported for SL
• IOS XE 16.11 - 17.1: CUBE fully supported for SL. CSSM registration
is required - SIP stack will be disabled in "Eval Expired" licensing state.
Reported licenses manually configured using 'mode border-element
command'. No policing or enforcement of CUBE license usage
(provided platform is registered).
• IOS XE 17.2 (March 2020): As above, but "mode border-element
license capacity" deprecated and replaced with a dynamic use
calculation.
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Migration Offers for CUBE Licenses
CiscoONE CiscoONE RTU RTU
Licenses Licenses Licenses Licenses
without with and EoS and
SWSS SWSS Platform Current
Platform
No migration
No migration Use PUT to No Migration 100% license
New licenses purchase $0 New licenses discount
required with migration required with when
SWSS SKUs SWSS purchased
with SWSS
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
CUBE Architecture
Physical vs Virtual
Virtual CUBE (CUBE on CSR 1000v)
Architecture
• CSR (Cloud Services Router) 1000v runs on a Hypervisor – IOS
XE without the router
ESXi Container
Virtual CPU Memory Flash / Disk Console Mgmt ENET Ethernet NICs
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Applicable Roadmap [Subject to Change]
• March 2021– IOS-XE 17.5.1
• CUBE support in AWS / Azure
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Agenda
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Step 1:
Configure CUCM to route calls to the edge SBC
SIP Trunk Pointing to CUBE
Standby
CUBE
A
Active IP PSTN
CUBE
Enterprise CUBE with High
Campus Availability
MPLS
• Configure CUCM to route all PSTN
PSTN is now
calls (central and branch) to CUBE
used only for
(Gig0/0
SRST
in our slides) via a SIP trunk
emergency
calls over
FXO lines
• Make sure all different patterns of
calls – local,
CME long distance,
international, emergency,TDM PBX
informational
Enterprise etc.. are pointing to
Branch Offices
CUBE BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Step 2: Get details from SIP Trunk provider
Item SIP Trunk service provider requirement Sample Response
1 SIP Trunk IP Address (Destination IP Address for INVITES) 66.77.37.2 or DNS
2 SIP Trunk Port number (Destination port number for INVITES) 5060
3 SIP Trunk Transport Layer (UDP or TCP) UDP
4 Codecs supported G711, G729
5 Fax protocol support T.38
6 DTMF signaling mechanism RFC2833
7 Does the provider require SDP information in initial INVITE (Early Yes
offer required)
8 SBC’s external IP address that is required for the SP to
128.107.214.195
accept/authenticate calls (Source IP Address for INVITES)
9 Does SP require SIP Trunk registration for each DID? If yes, what is No
the username & password
10 Does SP require Digest Authentication? 408-944-7700
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Step 3: Enable CUBE Application on Cisco routers
1. Enable CUBE Application
voice service voip
mode border-element license capacity 20 Required for Smart Licensing Today
allow-connections sip to sip By default IOS/IOS-XE voice devices do not allow
an incoming VoIP leg to go out as VoIP
10.10.1.20
66.77.37.2
10.10.1.21 128.107.214.195
• LAN Dial-Peers – Dial-peers that are facing towards the IP PBX for sending and receiving call
legs to and from the PBX. Always bind LAN interface(s) on CUBE to LAN dial-peers, ensuring
SIP/RTP is sourced from the intended LAN interfaces(s)
• WAN Dial-Peers – Dial-peers that are facing towards the SIP Trunk provider for sending and
receiving call legs to and from the ITSP. Always bind CUBE’s WAN interface(s) to WAN dial-
peer(s).
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Applicable Roadmap [Subject to Change]
• July 2020 – IOS-XE 17.3.1
• CUBE to be enabled for Opus codec negotiation
• Trust List will be bypassed for validated CN/SAN
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
SIP Normalization
SIP profiles is a mechanism to normalise or customise SIP at the
network border to provide interop between incompatible devices
SIP incompatibilities arise due to: Add user=phone for INVITEs
• A device rejecting an unknown header (value Incoming Outgoing
or parameter) instead of ignoring it CUBE
INVITE INVITE
sip:5551000@sip.com:5060 sip:5551000@sip.com:5060
• A device expecting an optional header SIP/2.0 user=phone SIP/2.0
value/parameter or can be implemented in
voice class sip-profiles 100
multiple ways rule 1 request INVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
rule 2 request REINVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
• A device sending a value/parameter that
must be changed or suppressed Modify a “sip:” URI to a “tel:” URI in INVITEs
(“normalised”) before it leaves/enters the
enterprise to comply with policies Incoming Outgoing
CUBE
INVITE INVITE
• Variations in the SIP standards of how to sip:2222000020@9.13.24.6:5060 tel:2222000020
achieve certain functions SIP/2.0 SIP/2.0
messages as well
More information at http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/118825-technote-sip-00.html
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Applicable Roadmap [Subject to Change]
• Nov 2020 – IOS-XE 17.4.1
• Conditional SIP Header modification, i.e. apply SIP profile if
a certain condition(s) is/are met. E.g., remove diversion
header if content in diversion header contains 41 but NOT
no-answer
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Agenda
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
CUBE Dial-Peers
Advanced Call Routing
dial-peer voice 100 voip dial-peer voice 201 voip
description *Inbound LAN dial-peer. From CUCM to CUBE* description *Outbound WAN dial-peer. From CUBE to SP*
session protocol sipv2 destination-pattern 81[2-9]..[2-9]......$
incoming called-number 8T session protocol sipv2
voice-class sip bind control source-interface Gig0/0 session target ipv4:10.1.40.11
voice-class sip bind media source-interface Gig0/0 session transport udp
dtmf-relay rtp-nte voice-class sip bind control source-interface Gig0/1
codec g711ulaw voice-class sip bind media source-interface Gig0/1
no vad dtmf-relay rtp-nte
codec g711ulaw
no vad
Inbound LAN Dial-Peer Outbound WAN Dial-Peer
Outbound Calls
A
CUCM SIP Trunk ITSP SIP Trunk
G0/0 CUBE G0/1
198.18.133.3 10.1.40.11
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Understanding Inbound Dial-Peer Matching Techniques
Priority
Inbound LAN Dial-Peer Outbound Calls
Exact Pattern
Match Based on match A CUCM SIP Trunk SP SIP Trunk
IP
1 URI of an incoming Host Name/IP CUBE PSTN
INVITE message Address
Inbound Calls
Inbound WAN Dial-Peer
User portion of
2 Match based on URI Received:
Called Number Phone-number of INVITE sip:654321@10.2.1.1 SIP/2.0
tel-uri Via: SIP/2.0/UDP 10.1.1.1:5060;x-route-
tag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
3 Match based on From: "555" <sip:555@10.1.1.1:5060>;tag=1
Calling number To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
4 Default Dial-Peer 0 CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Outbound Dial-Peer Matching Criteria Summary
Priority Outbound WAN Dial-Peer
Outbound Calls
Match Based on DPG,
0 DPPP, COR/LPCOR if A CUCM SIP Trunk SP SIP Trunk
IP
configured CUBE PSTN
Exact Pattern Outbound LAN Inbound Calls
match Dial-Peer
Match Based on Host Name/IP Received:
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Destination Server Group
• Supports multiple destinations (session targets) be defined in a group and
applied to a single outbound dial-peer
• Once an outbound dial-peer is selected to route an outgoing call, multiple
destinations within a server group will be sorted in either round robin or
preference [default] order
• This reduces the need to configure multiple dial-peers with the same
capabilities but different destinations. E.g. Multiple subscribers in a cluster
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Multiple Number Patterns Under Same
Incoming/Outgoing Dial-peer
voice class e164-pattern-map 300
e164 200. Up to 1000 entries
e164 510100100. in a pattern map
Site A 2000
e164 408100100.
Site B (510)100-1000 dial-peer voice 1 voip
description Inbound DP via Calling
Site C (408)100-1000 incoming calling e164-pattern-map 300
codec g729r8
G729 Sites
A SIP Trunk SP SIP Trunk IP PSTN
CUBE
Up to 5000 entries in a text file
Site A (919)200-2010 voice class e164-pattern-map 400 ! This is an example of the contents
url flash:e164-pattern-map.cfg of E164 patterns text file stored
Site B (510)100-1010
in flash:e164-pattern-map.cfg
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
External/PSTN
Call Recording
External/PSTN Call Recording Options
• CUBE Controlled (Dial-peer based SIPREC)
• SIPREC based, CUBE sends metadata in XML format
• Dial-peer controlled, IP-PBX independent
• Source of recorded media (RTP only) is always CUBE (External calls only).
• Records both audio and video calls and supported with CUBE HA
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Introducing
CUBE Media
Proxy
Existing Recording Architectures
• Current recording architectures allow only one fork from each leg
(in-leg/out-leg) to only one recorder
• No support for forking secure RTP stream
• MiFiD II Compliance requirements:
• Support for more than one recorders
• High Availability (Redundancy)
• Secure forking
• Call scenarios support
• External calls (inbound/outbound from/to ITSP, PSTN calls)
• Internal calls (on-prem calls)
• Contact center
• Common Metadata
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
CUBE Media Proxy: Overview
• Media proxy is based on CUBE architecture
• Supports the same ISR 4Ks, ASR1Ks, CSR1K on which CUBE is supported
today
• Call Recording mechanism (triggers) is CUCM NBR based (GW based and
Phone BiB)
• Media proxy is designed to fork media to multiple recorders i.e. multiple
forked legs, and supports up to 5 recorders
• CUBE Media Proxy High Availability is also supported
• CUSP (Optional) supports Media proxy with recorder redundancy and load
balancing
• Secured forking (SRTP – SRTP) for Phone Based (BiB) recording
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
CUCM NBR GW forking to
Media Proxy
Recorder1
6
RTP
Recorder2
Media Proxy
RTP
5
Speech Analytics
1 SIP
CUBE RTP
2 0. CUCM registers to CUBE as an external XMF Application (using UC GW services API – CUCM NBR)
1,2. Initial call setups via CUBE-Ent
3. CUCM sets up SIP (recording) session with CUBE Media Proxy (offer/answer) with dummy port
4. MP destination IP/port obtained in Step-3 relayed by CUCM to CUBE via XMF API interface (HTTP)
5. CUBE-Ent starts to fork media streams to the MP (target ip/port received in Step-4). MP accepts RTP because of
Media latching in the inbound leg from CUCM
6. MP sets up SIP recording sessions with the 3 Recorders for multi-fork.
The ingress media stream from CUBE-Ent is then multi-forked by MP towards the 3 recorders simultaneously using
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
the destination ip/ports as negotiated in the SIP offer/answer b/w MP and the Recorders.
CUBE Media Proxy: Design requirements
• Video call Recording is not supported today
• Secure media (SRTP) forking of non-secure calls is not supported
• CUBE Media Proxy and CUBE cannot be co-located
• Mid-call signaling updates from Recorders are not supported
• Early offer from CUCM to Media Proxy is required
• No support for SRTP fallback
• Media Proxy sends metadata to the recorders (FROM header)
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
CUBE Media Proxy Capacities
Media Proxy: Capacity for Various Platforms (IOS-XE 16.12+)
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Agenda
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Security
Updates
Secure SIP Trunks with CUBE
LAN WAN
Gig0/0/0 Gig0/0/1
SIP TLS TCP/UDP SP IP
RTP Network
SRTP CUBE
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
IOS-XE 16.11.1 or later Security Readiness changes
• For IOS-XE 16.11.1 or later, a master key must be pre-configured for
passwords before it can used in authentication, credentials and/or
shared-secret CLIs
• Type 6 passwords are encrypted using AES cipher and user defined
master key
• If master key is not pre-configured, there will be an error shown when the
password is configured
LocalGateway(config-sip-ua)#authentication username ali password 0 hussain123
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
IOS-XE 16.11.1 Security Configuration Requirement
• Dial-peer, SIP-UA, Tenants, and STUN authentication credentials/shared
secrets will use the new Secure reversible encryption Type 6 AES format
password
LocalGateway(config-sip-ua)#authentication username ali password ?
0 Specifies an UNENCRYPTED password will follow
6 Specifies an ENCRYPTED password will follow
7 Specifies a HIDDEN password will follow
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Webex Calling
(VAR Channel)
Local Gateway (LGW)
Webex Calling (VAR) - Local Gateway Deployment
• Enables BYoPSTN option for Webex
Calling
• Provides connectivity to a customer-
owned PSTN service
Cisco Webex Calling
• May also provide connectivity to an on-
premises IP PBX or dedicated SBC/PSTN
Internet GW
• Endpoint registration is NOT proxied
PSTN
through Local Gateway, unlike CUBE
Customer Site Lineside. Endpoints directly register to
Local
Gateway Webex Calling over the Internet.
SBC or • All communication between Webex
IP PBX Webex Calling Endpoints
Calling and endpoints/LGW is secured
(SIP TLS/sRTP)© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Local Gateway
Platform Support • Cisco CUBE (for IP-based connectivity) or
Cisco IOS Gateway (for TDM-based connectivity)
Local Gateway (LGW) • Hardware and software requirements:
• ISR 4321, 4331, 4351, 4431, 4451 (IOS XE 16.9(4) and
16.12.2 or later)
• IOS-XE 16.10.x is not supported as Local Gateway for
any platform
• CSR 1000v (vCUBE) (IOS XE 16.9(4) and 16.12.2
or later)
• ISR 1100 (IOS-XE 16.12.2 or later)
• CUBE calling licenses included in Webex Calling Flex License
2 3
IP
PSTN
Cisco Webex Calling
PSTN
Provisioning Layer
TDM
1 Load Network
Balancers Functions
PSTN Local Gateway Access Cisco Webex Calling
On-premises (CUBE/IOS GW) Network
SBC or IP PBX Certificate
Peering
Access SBC
Webex Calling Endpoints SBC
Customer Site
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Local Gateway
Security and Authentication
2
1 Cisco Trusted Core Root Bundle Provision SIP digest credentials
Download signed (Public CA trust anchors) generated by Webex Calling on LGW
CA root bundle Cisco PKI
from Cisco PKI Cisco Webex Calling
Local Gateway
(CUBE/IOS GW) Internet
Cisco Webex Calling
• In most cases, Local Gateway and endpoints can sit on internal customer
network using private IP addresses with NAT (media latching in Access SBC)
• Firewall needs to allow outbound traffic (SIP, RTP/UDP, HTTP) to specific IP
addresses/ports (see Cisco Webex Calling firewall and network configuration guide)
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Local Gateway
Firewall and NAT traversal – IP Addresses and Ports (NA)
LGW
Cisco Webex North America
Customer
Site Calling Region
199.59.65.0/25
LGW Cisco Webex 199.59.66.0/25
SIP signaling 8000-65535 TLS TCP 8934
Calling facing interface 199.59.70.0/25
199.59.71.0/25
199.59.65.0/25
LGW Cisco Webex 199.59.66.0/25
RTP media 8000-48000* UDP 19560-65535
Calling facing interface 199.59.70.0/25
199.59.71.0/25
*: Default range. Can be reduced based on number of concurrent sessions (4 UDP ports per session)
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/broadcloud/webexcalling/customers/cisco-webex-calling-configuration-
guide/cisco-webex-calling-configuration-guide_chapter_01101.html
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Establishing Secure Connectivity b/w LGW and Webex
Calling
Local GW
Import Cisco Webex Calling root CA certificate Cisco Webex Calling
Setup the credentials and trustpoint
Initiate TLS Connection
Certificate from Cisco Webex Calling
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Local Gateway DDTSs to keep in mind
• CSCvq38104 : Webex Calling - TDM-IP - Hold/Resume from Webex Calling causes one-
way audio – Fixed in 16.9.4 and 16.12.2
• CSCvo91685 : CUBE doesn't send INVITE to Registrar to which CUBE is registered (With
tcp as the transport, if the TCP session terminates abruptly, CUBE attempts registration only
after registration refresh timer expires) – Fixed in 16.9.4 and 16.12.2
• CSCvj90605 : One-way audio/ No-Way Audio during secure calls SRTP-SRTP /SRTP-RTP
after HA switchover / CSCvo13094 :Webex SRTP ROC Preservation Changes – Fixed in
16.12.
• CSCvq63632 : LGW/CUBE/TDM memory leak when STUN is enabled – Fixed in 16.9.4 and
16.12.2
• CSCvq31872 : LGW - Call-Hold failure as 401 is wrongly processed – Fixed in 16.9.4 and
16.12.2
• CSCvi48253 : Self-signed certificates expire on 00:00 1 Jan 2020 UTC – Does not apply
as we do not need to create self signed certificates for LGW.
• Standalone LGW deployments : Recommended to use IOS-XE 16.12.2
PSTN PSTN
Provider Y Provider Z
Customer 1’s Customer 2’s
SIP Trunk SIP Trunk
Virtualized
Local GW’s
Cloud Hosted
Internet Cisco Webex Calling
Customer 1 Customer 2
• Partner hosts and manages customer’s
Local Gateway (e.g., vCUBE) - connected
OTT to Webex Calling
Webex Calling Endpoints Webex Calling Endpoints
• Not recommended if on-premises PBX or
SBC is present (requires VPN between
Partner DC and customer network)
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Onboarding
process
Onboarding
Local
Gateway:
Step 1. Control Hub
1a. Log in to customer portal and navigate to Services
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
1b. Navigate to Locations under Call options
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
1c. Select an existing Location or Add Location
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
1d. Local gateway configuration. Click Edit and Read the
warning that pops up. Click Continue
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
1e. Choose between Cloud Connected PSTN or LGW
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
1f. Can either create a new local gateway or select
existing one by clicking Manage
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
1g. Once the
customer has
selected the
desired local
gateway, they can
save the local
gateway for the
given site.
Parameters on this display
required for onboarding LGW
in Step 2
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
1h. Click Retrieve Username and Reset Password. Click
Done
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Select
Phone
Number
Porting
Confirmation
and Click
Save
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
1i. Local gateway has been assigned to the Location
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Onboarding
Local
Gateway:
Step 2. Control Hub
parameters into Cisco
IOS-XE platform
Control Hub Connection Parameters
LGW CLI Config
voice class tenant 200
registrar dns:40462196.cisco-bcld.com scheme sips expires 240 refresh-ratio 50 tcp tls
credentials number Hussain6346_LGU username Hussain2572_LGU password 0 meX7]~)VmF
realm BroadWorks
authentication username Hussain2572_LGU password 0 meX7]~)VmF realm BroadWorks
authentication username Hussain2572_LGU password 0 meX7]~)VmF realm 40462196.cisco-
bcld.com
sip-server dns:40462196.cisco-bcld.com
connection-reuse
srtp-crypto 200
session transport tcp tls
url sips
error-passthru
bind control source-interface GigabitEthernet0/0/1
bind media source-interface GigabitEthernet0/0/1
no pass-thru content custom-sdp
sip-profiles 200
outbound-proxy dns:la01.sipconnect-us10.cisco-bcld.com
…
voice class sip-profiles 200
rule 1 request ANY sip-header SIP-Req-URI modify "sips:" "sip:"
rule 10 request ANY sip-header To modify "<sips:" "<sip:"
rule 11 request ANY sip-header From modify "<sips:" "<sip:"
rule 12 request ANY sip-header Contact modify "<sips:(.*)>" "<sip:\1;transport=tls>"
rule 13 response ANY sip-header To modify "<sips:" "<sip:"
rule 14 response ANY sip-header From modify "<sips:" "<sip:"
rule 15 response ANY sip-header Contact modify "<sips:" "<sip:"
rule 16 request ANY sip-header From modify ">" ";otg=hussain2572_lgu>"
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
rule 17 request ANY sip-header P-Asserted-Identity modify "<sips:" "<sip:"
Onboarding
Local
Gateway:
Step 3. Call Routing
on Local Gateway
Call Routing on Local Gateway
• IP based Call Routing on Local Gateway has three key
considerations
1. All call routing is E.164 based
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
1. LGW
Deployment
Options w/o an
on-prem IP PBX
Call Routing
Single Local Gateway (can be shared across multiple
sites)
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Local Gateway call routing to dedicated PSTN GW/SBC or IP PSTN
Local Gateway
Existing SBC /
Cisco Webex Calling
PSTN GW IP PSTN
voice class uri 200 sip
voice class uri 100 sip pattern dtg=hussain2572.lgu
host <pstn ip address> ! pattern uniquely identifies a Local gateway site within an
! Or existing SBC / PSTN GW ! Enterprise Trunk Group OTG/DTG from Control Hub
Received:
INVITE sip:+16785551234@198.18.1.226:5061;transport=tls;dtg=hussain2572_lgu SIP/2.0
Via: SIP/2.0/TLS 199.59.70.30:8934;branch=z9hG4bK2hokad30fg14d0358060.1
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
CUBE Support for
Webex Edge for Meetings
Webex Edge Audio
Cisco Webex Edge Audio
• CUBE Support starting IOS-XE 16.12.2
Meeting
CUBE
IP Phone
Customer
Premises Signaling
Media Path
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Key Takeaways & Roadmap (subject to change)
• Microsoft Teams Direct Routing Certification for CUBE (WIP)
• Fax detect on IOS-XE
• Programmability (CUBE Yang modelling)
• mVRF media bypass and support for 100 VRFs
• TLS Server Name Indication and Server side SAN validation
• DTMF masking for contact center
https://cisco.box.com/CUBE-Enterprise
https://cisco.box.com/WebexCalling
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual Space via Webex Teams
New Contact Preference in Support Case Manager
Demo video
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Thank you
Reference slides
Licensing
CUBE Version 12.x
Deployment Examples /
Smart Licensing Scenarios
Customer Deployment Scenario 1a
Separate Deployments:
• Two active CUBEs in separate locations Location 1
• No Box to Box redundancy (Redundancy Group HA) Active
• No load balancing
50 Calls
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Customer Deployment Scenario 1b
Separate Deployments: Location 1
• Two active CUBEs in the same location
• No Box to Box redundancy (Redundancy Group HA) Active
• No load balancing 50 Calls
• Each CUBE processes up to 50 concurrent sessions.
License Requirement:
• 100 x CUBE-T-STD
• CUBE platforms may register to: Active
• The same Virtual Account holding a common pool of 100 licenses 50 Calls
• Different Virtual Accounts, each with 50 licenses
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Customer Deployment Scenario 2a
Geographic Load Balancing:
• Two active CUBEs in separate locations Location 1
• No Box to Box redundancy (Redundancy Group HA)
• Load balancing b/w locations provided by SP
Active
• Total call load across both locations up to 200 concurrent
sessions. 200 Calls
License Requirement: Location 2
• 200 x CUBE-T-STD
• CUBE platforms register to the same Virtual Account holding
a common pool of licenses Active
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Customer Deployment Scenario 2b
Load Balancing within a location:
Location 1
• Two active CUBEs in the same location
• No Box to Box redundancy (Redundancy Group HA)
• Load balancing between CUBEs provided by SP or with
CUSP Active
• Total call load across both CUBEs up to 200 concurrent 200 Calls
sessions.
License Requirement:
• 200 x CUBE-T-STD
• CUBE platforms register to the same Virtual Account Active
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Customer Deployment Scenario 3
Stateful
License Requirement: Standby
• 250 x CUBE-T-RED
• Both CUBE platforms register to the same Virtual
Account holding a common pool of licenses
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Customer Deployment Scenario 4a Location 1
Stateful
• One pair of High Availability CUBEs in RG at each site HA Pair 1
Stateful
HA Pair 2
• All CUBE platforms register to the same Virtual Account holding Standby
a common pool of licenses
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Customer Deployment Scenario 4b Location 1
Stateful
• Two pairs of High Availability CUBEs in separate RGs at the HA Pair 1
same site Standby
• Load balancing across HA pairs provided by SP or with CUSP
• Total call load for location up to 600 concurrent sessions
• If an active CUBE fails, stateful failover of local load to standby
600 Calls
• If HA pair 1 fails, all associated calls fail. Total load serviced by
active CUBE in HA pair 2
License Requirement: Active
Stateful
• 600 x CUBE-T-RED HA Pair 2
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Customer Deployment Scenario 5
Inbox Hardware or Software Redundancy: ASR1006/1006-x
Hardware Redundancy
• Stateful Switchover (SSO): ASR1006 with dual route
processors (control plane) and dual ESPs (forwarding
plane)
• Route Processor Redundancy (RPR): ASR1001/2/4 with
Dual Forwarding Plane Hardware
software redundancy.
Dual Control Plane Hardware
• Both options provide stateful failover.
• Required call volume up to 350 concurrent sessions.
License Requirement: Active IOS Standby IOS
• 350 x CUBE-T-STD
• Active route processor registers to Smart virtual account ASR1001/2/4
Software Redundancy
• Standby route processor takes over registration on
failover
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
Customer Deployment Scenario 6
Third Party Call Control Hosted
in SP Cloud
SIP
Lineside registration proxy and survivability Service
Cloud-based
• A customer using a cloud call control service uses CUBE PE-SBC call control
for lineside optimization and survivability.
• A CUBE platform is deployed at four customer sites. Business
• Each site has 25 handsets that register to the cloud Internet
service.
A Lineside CUBE at each of the 4 locations
License Requirement:
• 100 x CUBE-L-STD
• All CUBE platforms register to the same Virtual Account 25 handsets at each of the 4 locations
holding a common pool of licenses
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Customer Deployment Scenario 7
150 Recordings
recording servers.
• Total concurrent call load is 50 calls.
License Requirement: Media Proxy
Active
• 150 x CUBE-MP-RED
50 Calls
• Only redundant licenses are available for
Media Proxy
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
Customer Deployment Scenario 8
Media Proxy:
• Active and Standby CUBE Media Proxies in HA
Redundancy Group (RG) Location 1
• Both Media Proxies must be in the same layer 2
network
Media Proxy
• Total call load for HA pair 150 calls, each forked 3 Active
Stateful
times. HA Pair 1
Standby
• If active Media Proxy fails, stateful failover of all
calls to standby 150 Calls
Media Proxy
License Requirement:
• 450 x CUBE-MP-RED
• Both Media Proxy platforms register to the same
Virtual Account holding a common pool of licenses
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
Customer Deployment Scenario 9
Media Proxy:
• A media proxy platform used to fork calls to 3
Location 1
recording servers.
150 Recordings
• Total concurrent call load is 50 calls from CUBE
triggered using CUCM NBR
License Requirement: Media Proxy
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Reference slides
Webex Calling
2. LGW
Deployment
Options with an
IP PBX e.g. UCM
Call Routing
With an IP PBX/CUCM
• CUCM routes incoming calls to
local destinations or to the PSTN
• Webex Calling sends calls
(per existing dial plan)
Cisco Webex that do not match the
• Add route/translation patterns to Calling customer’s Webex Calling
send calls for Webex Calling to destinations to the Local GW
Local GW (normalized as +E.164’s)
• Includes PSTN numbers and
Internet CUCM internal extensions
PSTN (unknown to Webex Calling)
Customer Site
PSTN gateway may Local GW routes calls
be dedicated or coming from Webex
co-resident with PSTN
CUCM Calling to CUCM (and
GW
Local GW Local GW vice versa)
Webex Calling Endpoints
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
2a. Unified CM with Dedicated PSTN GW
(Preferred Option)
• Webex Calling routes all calls that do
not match Customer’s Webex Calling
destinations to the Local GW
Cisco Webex assigned to the site
Calling • Includes PSTN destinations and CUCM
internal extensions
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
2a. Local Gateway call routing to/from CUCM w/Dedicated PSTN
Existing SBC /
Local Gateway
5065
5060
PSTN GW
Cisco Webex Calling
Unified CM
voice class uri 300 sip voice class uri 200 sip
pattern :5065 pattern dtg=hussain2572.lgu
! pattern matches the CUCM signaling via port for Webex
! Calling trunk to distinguish from PSTN SIP trunk at 5060 ! pattern uniquely identifies a Local gateway site within
! an Enterprise, Trunk Group OTG/DTG from Control Hub
dial-peer voice 300 voip
description Incoming dial-peer from CUCM to WxC dial-peer voice 200 voip
incoming uri via 300 description Incoming dial-peer from Webex Calling
destination dpg 200 incoming uri request 200
destination dpg 300
voice class dpg 200
description Incoming CUCM (DP300) to WxC(DP201) voice class dpg 300
dial-peer 201 preference 1 description Incoming WxC (DP200) to CUCM(DP301)
dial-peer 301 preference 1
dial-peer voice 301 voip
description Outgoing dial-peer to CUCM
destination-pattern BAD.BAD dial-peer voice 201 voip
session server-group 301 description Outgoing dial-peer to Webex Calling
destination-pattern BAD.BAD
voice class server-group 301 session target sip-server
ipv4 <cucm-node-1> port 5065
ipv4 <cucm-node-5> port 5065 BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
2b. Unified CM with Co-located PSTN GW/SBC and
Local Gateway
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
2b. Unified CM with Co-located PSTN GW/SBC and
Local Gateway
• Webex Calling routes all calls
that do not match Customer’s
Webex Calling destinations to
Cisco Webex the Local GW assigned to the
Calling site
• Includes PSTN destinations and
on-net calls towards CUCM
Internet internal extensions
5060
host <pstn ip address>
via URI
dial-peer voice 100 voip • Calls inbound from CUCM over 2
description Incoming dial-peer from PSTN
incoming uri via 100 trunks to distinguish b/w PSTN and
destination dpg 302 Webex Calling destinations. The via
Unified CM
URI match is done based on port
• Outgoing calls routed via DPG and
Server-groups
voice class dpg 302
dial-peer 305 preference 1 dial-peer voice 305 voip
description Outgoing dial-peer to CUCM for inbound from PSTN
voice class server-group 305 destination-pattern BAD.BAD
ipv4 <cucm-node-1> session server-group 305
ipv4 <cucm-node-2>
ipv4 <cucm-node-3>
ipv4 <cucm-node-4>
ipv4 <cucm-node-5>
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
2b. Local Gateway call routing to and from IP PBX
Local Gateway
5065
IP PSTN
pattern dtg=hussain2572.lgu
! pattern uniquely identifies a Local gateway site
Received: ! within an Enterprise, Trunk Group OTG/DTG from
! Control Hub
INVITE
sip:+16785551234@198.18.1.226:5061;transp
dial-peer voice 200 voip
ort=tls;dtg=hussain2572_lgu SIP/2.0 description Incoming dial-peer from WxC
Via: SIP/2.0/TLS Unified CM incoming uri request 200
199.59.70.30:8934;branch=z9hG4bK2hokad30 destination dpg 300
fg14d0358060.1
dial-peer voice 301 voip voice class dpg 300
description Outgoing dial-peer to CUCM for inbound from WxC dial-peer 301 preference 1
destination-pattern BAD.BAD
session server-group 301 voice class server-group 301
ipv4 <cucm-node-1> port 5065
ipv4 <cucm-node-2> port 5065
ipv4 <cucm-node-3> port 5065
ipv4 <cucm-node-4> port 5065
ipv4 <cucm-node-5> port 5065
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
2b. Local Gateway call routing to and from IP PBX
Local Gateway
IP PSTN
5060
dial-peer voice 101 voip
description Outgoing dial-peer to PSTN
destination-pattern BAD.BAD
session target ipv4:<pstn ip address>
IP PSTN
5065
dial-peer voice 201 voip
description Outgoing dial-peer to WxC
destination-pattern BAD.BAD
session-target sip-server
Unified CM
voice class dpg 200
voice class uri 300 sip
dial-peer 201 preference 1
pattern <cucm-nodes-ip-address and port-regex-for-WxC>
ex: pattern 10\.1\.2\..*:5065 matches 10.1.2.X:5065 range
dial-peer voice 300 voip
description Incoming dial-peer from CUCM for WxC
incoming uri via 300
destination dpg 200
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
2b. Local Gateway call routing to and from IP PBX
voice class uri 100 sip Local Gateway
host <pstn ip address>
5065
5060
! pattern uniquely identifies a Local gateway site within an
voice class dpg 100 ! Enterprise, Trunk Group OTG/DTG from Control Hub
dial-peer 101 preference 1
dial-peer voice 200 voip
description Incoming dial-peer from WxC
dial-peer voice 101 voip incoming uri request 200
description Outgoing dial-peer to PSTN destination dpg 300
destination-pattern BAD.BAD
session target ipv4:<pstn ip address> voice class dpg 200
dial-peer 201 preference 1
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 147
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
Thank you