Submit Search
Upload
BRKCOL-2125.pdf
•
0 likes
•
108 views
S
ssuser8b5015
Follow
Collaboration Cisco
Read less
Read more
Technology
Report
Share
Report
Share
1 of 125
Download now
Download to read offline
Recommended
Deploying SIP Trunks with Cisco Unified Border Element (CUBE/vCUBE) Enterprise
Deploying SIP Trunks with Cisco Unified Border Element (CUBE/vCUBE) Enterprise
abdoulr
Cisco Live! :: Deploying SIP Trunks with Cisco Unified Border Element (CUBE/v...
Cisco Live! :: Deploying SIP Trunks with Cisco Unified Border Element (CUBE/v...
Bruno Teixeira
Campus qo s design simplified (2014 san francisco)
Campus qo s design simplified (2014 san francisco)
slide_site
Brkarc 3454
Brkarc 3454
Nguyen Van Linh
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
kds850
BRKARC-3146_PoE_C3k.pdf
BRKARC-3146_PoE_C3k.pdf
AdrianaMitsova1
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Cisco Russia
Brkarc 3470 - cisco nexus 7000-7700 switch architecture (2016 las vegas) - 2 ...
Brkarc 3470 - cisco nexus 7000-7700 switch architecture (2016 las vegas) - 2 ...
kds850
Recommended
Deploying SIP Trunks with Cisco Unified Border Element (CUBE/vCUBE) Enterprise
Deploying SIP Trunks with Cisco Unified Border Element (CUBE/vCUBE) Enterprise
abdoulr
Cisco Live! :: Deploying SIP Trunks with Cisco Unified Border Element (CUBE/v...
Cisco Live! :: Deploying SIP Trunks with Cisco Unified Border Element (CUBE/v...
Bruno Teixeira
Campus qo s design simplified (2014 san francisco)
Campus qo s design simplified (2014 san francisco)
slide_site
Brkarc 3454
Brkarc 3454
Nguyen Van Linh
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
kds850
BRKARC-3146_PoE_C3k.pdf
BRKARC-3146_PoE_C3k.pdf
AdrianaMitsova1
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Cisco Russia
Brkarc 3470 - cisco nexus 7000-7700 switch architecture (2016 las vegas) - 2 ...
Brkarc 3470 - cisco nexus 7000-7700 switch architecture (2016 las vegas) - 2 ...
kds850
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PROIDEA
Cisco EuroMPI'13 vendor session presentation
Cisco EuroMPI'13 vendor session presentation
Jeff Squyres
2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANL
dgoodell
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PROIDEA
BRKSEC-3035.pdf
BRKSEC-3035.pdf
ssuser22253b
design__day_presentation.ppt
design__day_presentation.ppt
biruktesfaye27
Cisco DCACI
Cisco DCACI
abdelilahBoumendil
Comstor: Cisco BE6000
Comstor: Cisco BE6000
Veronika Mištová
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Cisco Russia
Introduction to Segment Routing
Introduction to Segment Routing
MyNOG
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
Bertrand Duvivier
BRKCRS-2110.pdf
BRKCRS-2110.pdf
Asif Qureshi
ACI Hands-on Lab
ACI Hands-on Lab
Cisco Canada
Cisco Live! Designing Multipoint WAN QoS
Cisco Live! Designing Multipoint WAN QoS
Eddie Kempe
4G_World_2012_CSFB.pdf
4G_World_2012_CSFB.pdf
KVOMC
Cisco UCS (Unified Computing System)
Cisco UCS (Unified Computing System)
NetWize
Brkarc 2035-cat-9 k
Brkarc 2035-cat-9 k
nasiapsi
BRKCRT-2601.pdf
BRKCRT-2601.pdf
PhongHong86
Data Centre Portfolio Update
Data Centre Portfolio Update
Cisco Canada
cisco-cpak-100ge-lr4=-datasheet.pdf
cisco-cpak-100ge-lr4=-datasheet.pdf
Hi-Network.com
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
More Related Content
Similar to BRKCOL-2125.pdf
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PROIDEA
Cisco EuroMPI'13 vendor session presentation
Cisco EuroMPI'13 vendor session presentation
Jeff Squyres
2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANL
dgoodell
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PROIDEA
BRKSEC-3035.pdf
BRKSEC-3035.pdf
ssuser22253b
design__day_presentation.ppt
design__day_presentation.ppt
biruktesfaye27
Cisco DCACI
Cisco DCACI
abdelilahBoumendil
Comstor: Cisco BE6000
Comstor: Cisco BE6000
Veronika Mištová
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Cisco Russia
Introduction to Segment Routing
Introduction to Segment Routing
MyNOG
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
Bertrand Duvivier
BRKCRS-2110.pdf
BRKCRS-2110.pdf
Asif Qureshi
ACI Hands-on Lab
ACI Hands-on Lab
Cisco Canada
Cisco Live! Designing Multipoint WAN QoS
Cisco Live! Designing Multipoint WAN QoS
Eddie Kempe
4G_World_2012_CSFB.pdf
4G_World_2012_CSFB.pdf
KVOMC
Cisco UCS (Unified Computing System)
Cisco UCS (Unified Computing System)
NetWize
Brkarc 2035-cat-9 k
Brkarc 2035-cat-9 k
nasiapsi
BRKCRT-2601.pdf
BRKCRT-2601.pdf
PhongHong86
Data Centre Portfolio Update
Data Centre Portfolio Update
Cisco Canada
cisco-cpak-100ge-lr4=-datasheet.pdf
cisco-cpak-100ge-lr4=-datasheet.pdf
Hi-Network.com
Similar to BRKCOL-2125.pdf
(20)
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
PLNOG14: Service orchestration in provider network, Tail-f - Przemysław Borek
Cisco EuroMPI'13 vendor session presentation
Cisco EuroMPI'13 vendor session presentation
2014/09/02 Cisco UCS HPC @ ANL
2014/09/02 Cisco UCS HPC @ ANL
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
PLNOG 7: Klaudiusz Staniek - MPLS a QoS - praktycznie
BRKSEC-3035.pdf
BRKSEC-3035.pdf
design__day_presentation.ppt
design__day_presentation.ppt
Cisco DCACI
Cisco DCACI
Comstor: Cisco BE6000
Comstor: Cisco BE6000
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Introduction to Segment Routing
Introduction to Segment Routing
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
BRKCRS-2110.pdf
BRKCRS-2110.pdf
ACI Hands-on Lab
ACI Hands-on Lab
Cisco Live! Designing Multipoint WAN QoS
Cisco Live! Designing Multipoint WAN QoS
4G_World_2012_CSFB.pdf
4G_World_2012_CSFB.pdf
Cisco UCS (Unified Computing System)
Cisco UCS (Unified Computing System)
Brkarc 2035-cat-9 k
Brkarc 2035-cat-9 k
BRKCRT-2601.pdf
BRKCRT-2601.pdf
Data Centre Portfolio Update
Data Centre Portfolio Update
cisco-cpak-100ge-lr4=-datasheet.pdf
cisco-cpak-100ge-lr4=-datasheet.pdf
Recently uploaded
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
null - The Open Security Community
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
Softradix Technologies
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
Neo4j
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
Recently uploaded
(20)
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BRKCOL-2125.pdf
1.
#CLUS
2.
#CLUS Hussain Ali, CCIE#
38068 (Voice, Collaboration) Technical Marketing Engineer Dilip Singh, CCIE# 16545 (Collaboration) Technical Leader SIP Trunking Design & Deployment for On-prem and Webex Calling(VAR Channel) BRKCOL-2125
3.
Questions? Use Cisco Webex
Teams to chat with the speaker after the session Find this session in the Cisco Live Mobile App Click “Join the Discussion” Install Webex Teams or go directly to the team space Enter messages/questions in the team space How Webex Teams will be moderated by the speaker until June 16, 2019. 1 2 3 4 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public #CLUS Cisco Webex Teams cs.co/ciscolivebot# 3 BRKCOL-2125
4.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Agenda • CUBE Overview, Deployments, and SIP Trunk Sizing • CUBE Licensing Updates • CUBE Architecture (Physical & Virtual) • Transitioning to SIP Trunking using CUBE • Advanced features on CUBE (Call Routing, Multi-Tenancy) • Call Recording & Intro to CUBE Media Proxy • Securing Collab deployments with CUBE • Webex Calling (VAR Channel) – Local Gateway (LGW) 4 BRKCOL-2125
5.
CUBE Overview, Deployments, and SIP
Trunk Sizing
6.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS On-Prem Collaboration Deployment TDM Backup (Not available in vCUBE) Unified CM CUBE SIP H.323 RTP PSTN Enterprise LAN ITSP WAN (SIP Provider) PSTN (PRI/FXO) DEMARC DEMARC Gig0/0 Gig0/1 10.10.1.20 66.77.37.2 128.107.214.195 10.10.1.21 6 BRKCOL-2125
7.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE (Enterprise) Product Portfolio 2900 Series ISR-G2 (2901, 2911, 2921, 2951) ASR 1004/6 RP2 Active Concurrent Voice Calls Capacity Calls Per Second <5 8-12 50-150 14-16K <50 500-600 900-1000 3900 Series ISR-G2 (3925, 3945) 17 3900E Series ISR-G2 (3925E, 3945E) 2000-2500 20-35 4 800 ISR 7000-10,000 50-100 12K-14K ASR 1002-X 4500-6000 ISR 4451-X ASR 1001-X 4000 ISR 4431 ISR-4K (4321, 4331) ISR 4351 Introducing CUBE on CSR vCUBE [Performance dependent on vCPU and memory] ASR 1006-X w/RP2 Starting IOS- XE 16.9 CUBE support for ISR1100 – IOS-XE 16.12.1 or later 7 BRKCOL-2125
8.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS ISR G2 ASR 1K / ISR-4K/vCUBE (CSR) CUBE Vers. 2900/ 3900 FCS CUBE Vers. IOS XE Release 16 2 FCS 11.5.2 15.6(3)M1 Dec 2016 11.5.23 16.3.2/16.4.13 Nov 2016 EOL EOL EOL 11.6.0 16.5.1 Mar 2017 EOL EOL EOL 12.0.0 16.6.1 July 2017 EOL EOL EOL 12.0.0 16.7.1 Nov 2017 EOL EOL EOL 12.1.0 16.8.1 Mar 2018 EOL EOL EOL 12.2.0 16.9.1 July 2018 EOL EOL EOL 12.5.0 16.10.1a Nov 2018 EOL EOL EOL 12.6.0 16.11.1 Mar 2019 EOL EOL EOL 12.7.0 16.12.1 July 2019 CUBE Software Release Mapping 2 IOS-XE 16 requires a minimum of ASR1001-X, 1002-X, 1004/1006 RP2, ESP20 (Embedded Service Processor, SIP40 (SPA Interface processor) 3 IOS-XE release 16.2.1 does not support CUBE functionality on the platforms. There is no CUBE version 11.5.1 for the XE based platforms. All CUBE features from 11.5.0 (IOS-XE 3.17) and earlier versions along with CUBE 11.5.1 (March 2016 release) on ISR G2 are included in CUBE release 11.5.2 for the IOS-XE based platforms, IOS-XE release 16.3.1 [July 2016 release] 8 BRKCOL-2125
9.
Sizing On-prem Enterprise CUBE deployments NOTE
: Sizing information is only intended as a guideline. Actual session count will vary based on the number of features turned on the ISR/ASR/CSR along with CUBE and the IOS-XE version being used.
10.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE Session Capacity Summary Platform CUBE SIP-SIP IPT Sessions (Audio) 1100 series Coming soon 2901 – 4321 100 2911 – 2921 200 – 400 4331 500 2951 600 3925 – 3945 800 – 950 4351 1000 3925E – 3945E 2100 – 2500 4431 3000 4451 6000 ASR1001-X 12000 ASR1002-X 14000 ASR1004/1006/1006-X RP2 16000 For Your Reference • Flow thru • RTP-RTP • IPT • 711-711 10
11.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE ENT on ISR 4K Series Audio Session Capacity with Additional Features: XE16.6 and later Platform (Memory4) CPS1 Total # of Flow-thru calls5 SW MTP3 CUBE + SW MTP3 (Estimates) CUBE + Xcoding2 Xcoded Calls w/ PVDM4-256 Simultaneous Non-Xcoded Calls 4321 (4GB) 4 100 250 71 100 CUBE FT sessions maxed 4331 (4GB) 8 500 600 250 128 372 4351 (4 GB) 10 1000 1000 500 128 872 4431 (8 GB - CP) 15 3000 1500 750 128 2872 4451 (8 GB - CP) 40 6000 3000 1500 128 5872 1. CPS and session counts listed are independently tested. Session capacities [Total # of Flow-thru calls] can be achieved at about half the CPS listed in the Calls Per Second (CPS) column. 2. Transcoding is limited by DSP capacity. ISR4K has one PVDM4 motherboard slot and 128 sessions is based on a single PVDM4-256. (G729r8-G711) 3. S/W MTP numbers are for standalone SW MTP sessions and CUBE+SWMTP numbers are for the maximum number of CUBE sessions supported with each session utilizing a SW MTP on the same platform 4. All tests were done with 4 GB of RAM with the exception of 4451/4431 where 8 GB was used [8GB CP and 2GB DP] 5. Total calls are derived with 180 seconds call hold time 11 BRKCOL-2125
12.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE Sizing Guidelines • All deployments for CUBE Ent must be done with 16GB of memory for ASR1K series, 8 GB (Control Plane memory) for ISR4400 series, 4 GB for ISR4300 series, and 2 GB for ISR G2 series • Session count (end to end calls through CUBE) is dependent on the amount of memory in the box. Numbers listed in the datasheet assume above memory requirements are being satisfied • CPS is dependent on the CPU of the platform • Complex call flows (Cisco UCCE) can reduce CUBE CPS and session count by upto 75% on ISR 4K/ASR1K series • Media forking for call recording can have a 50% impact on IPT session count regardless of the call type (IPT or UCCE) being recorded 12 BRKCOL-2125
13.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Sample ISR4K CUBE Sizing • An enterprise is looking for an SBC to support 800 IP telephony sessions and an additional 100 Cisco Contact Center agent calls. All CC calls must be recorded. G711 is used throughout but 50 remote agent phones will require G729r8. Additionally their CUCM will require 200 S/W MTP sessions. • 800 IP telephony sessions = +800 IPT calls • 100 Contact Center calls = +400 IPT calls • A call that needs to be recorded = an IPT call, +100 IPT calls (Call Recording) • PVDM4-128 for transcoding (From DSP Calculator) • 1 S/W MTP session ~ 1 CUBE IPT session, +200 IPT calls (S/W MTP sessions) Platform CPS CUBE Sessions 4321 4 100 4331 8 500 4351 10 1000 4431 15 3000 4451 40 6000 TOTAL = 1500 CUBE sessions But CPS expected is 20 Deploy a 4451 or two 4351s w/CUSP 13 BRKCOL-2125
14.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Agenda • CUBE Overview, Deployments, and SIP Trunk Sizing • CUBE Licensing Updates • CUBE Architecture (Physical & Virtual) • Transitioning to SIP Trunking using CUBE • Advanced features on CUBE (Call Routing, Multi-Tenancy) • Call Recording & Intro to CUBE Media Proxy • Securing Collab deployments with CUBE • Webex Calling (VAR Channel) – Local Gateway (LGW) 14 BRKCOL-2125
15.
CUBE Licensing Updates
16.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • Smart Licensing is a Cisco wide initiative that provides a License Inventory Management System which provides Customers, Cisco, and Selected Partners with information about License Ownership and Use • All licenses are delivered directly to your cloud based Cisco Smart Software Manager (CSSM) account allowing you to control where they are used and monitor how they are used. Not an enforcement tool • Smart Licenses do not require registration, so no more PAKs • Smart licenses entitle the CUSTOMER, not the product instance. Licenses are not node locked. • Licenses are pooled for flexible use by devices registered to the same account New Unified Border Element Licensing Offer What is Smart Licensing? BRKCOL-2125 16
17.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Cisco Unified Border Element (CUBE) SIP Trunking to a Provider • The Cisco Unified Border Element (CUBE) feature set delivers Session Border Control (SBC) functionality for Cisco IOS router platforms, enabling highly secure voice and video connectivity between an enterprise IP network and service provider trunk services. • CUBE performs four critical functions of an SBC: • Policy based session management • Security enforcement • Protocol and media interworking • Network demarcation BRKCOL-2125 17
18.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Note: Platform technology licenses are required to enable CUBE functionality. See later slide. Simplifying the CUBE Trunk Offer CUBE License – 5 Sessions (FL-CUBEE-5) CUBE License –5 Sessions Red (FL-CUBEE-5-RED) CUBE License – 25 Sessions (FL-CUBEE-25) CUBE License –25 Sessions Red (FL-CUBEE-25-RED) CUBE License –100 Sessions Red (FL-CUBEE-100-RED) CUBE License – 100 Sessions (FL-CUBEE-100) CUBE License–Cisco ONE (1 Session Red) (C1-CUBEE-RED) +SWSS CUBE License – Cisco ONE (1 Session) (C1-CUBEE-STD) +SWSS ------ CUBE License –ASR 100 Sessions Red (FLASR1-CE-100R) CUBE License –ASR 500 Sessions Red (FLASR1-CE-500R) CUBE License –ASR 1,000 Sessions Red (FLASR1-CE-1KR) CUBE License –ASR 4,000 Sessions Red (FLASR1-CE-4KR) CUBE License –ASR 16,000 Sessions Red (FLASR1-CE-16KR) CUBE License – C1 ASR 100 Sessions Red (C1-A-ASR1CUBEE100R) +SWSS CUBE License – C1 ASR 100 Sessions (C1-A-ASR1CUBEE100P) +SWSS CUBE License – C1 ASR xxxx Sessions xx (C1-A-ASR1CUBEE…) +SWSS ------ Current: 100+ PIDs Simplified: 2 options, 3 PIDs! CUBE session licenses are common across ISR, CSR and ASR platforms and can be pooled in a Smart Virtual Account CUBE Trunk Redundant License – 1 Session (CUBE-T-RED) CUBE Trunk Standard License – 1 Session (CUBE-T-STD) Upgrade to Trunk Redundant License – 1 Session (CUBE-T-RED-UP) +SWSS EoS 15 June 2019 +SWSS +SWSS As part of migration to Smart and SWSS enabled licensing for CUBE, all $0 licenses from router bundles will be removed by end of April 2019. Product Bulletin for the same can be accessed at https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-element/bulletin-c25-742073.html 18 BRKCOL-2125
19.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS New CUBE Offer with Smart Licensing CUBE Media Proxy License 1 Forked Session (CUBE-MP- RED) Cisco Unified Border Element (CUBE) Smart License Options Top Level “L-CUBE” +SWSS Trunk Lineside Media Proxy Simplified New Offer New Offer Cisco Software Support Service (SWSS) is required for a minimum of 12 months when purchasing CUBE session license(s). SWSS provides access to software maintenance, updates, upgrades, and technical support Note: Platform technology licenses are required to enable CUBE functionality. See later slide. CUBE Lineside License 1 Session (CUBE-L-STD) +SWSS CUBE Standard Trunk License 1 Session (CUBE-T-STD) +SWSS CUBE Redundant Trunk License 1 Session (CUBE-T-RED) +SWSS Upgrade to Redundant Trunk License 1 Session (CUBE-T-RED-UP) +SWSS 19 BRKCOL-2125
20.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • CUBE Lineside features compliment hosted call control solutions with: • SIP proxy registration of IP phones (Cisco MPP or 3rd party). • Service continuity should the hosted service become unavailable. Note: NanoCUBE RTU licenses will remain available for ISR800 series products only. Cisco Unified Border Element (CUBE) Lineside New Offer Third Party Call Control in SP Cloud BRKCOL-2125 20
21.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • Standalone application that extends CUBE trunk session forking to allow a call to be replicated up to five times for media recording redundancy & load balancing and call analytics. • Supports Mandatory and Optional recorder policy • Mandatory: Media proxy tries to fork to the mandatory recorder first. Forking to the remaining recorders will only happen after the connection to the first recorder is successful. • Optional: Default policy. Media proxy will establish connection to all recorders, even if any of the recorders fail. • Secured forking (SRTP – SRTP) • CUBE Media Proxy Call Scenarios: • External calls (inbound/outbound from/to ITSP, PSTN calls) • Internal calls (on-prem calls) • Contact center Cisco Unified Border Element (CUBE) Media Proxy CUBE SBC CUBE Media Proxy Customer Unified CM Recording Server 1 Recording Server 3 Recording Server 2 Employee New Offer BRKCOL-2125 21
22.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE Trunk Licensing – Transition Plan • July 2018 release (16.9.1) default is Classic Licensing mode (RTU) • Nov 2018 - CUBE version 12.5 or later: (IOS-XE 16.10), CUBE Trunk Licenses are Smart enabled, though CUBE feature use is still RTU (Right-to-Use). So even though the box will be registered to CSSM, it won't demand any CUBE licenses. It will however, request UCK9, SECK9 etc. • March ‘19 - IOS-XE Release 16.11 (CUBE 12.6)/ July ‘19 -16.12 (CUBE 12.7) – Trunk Licenses Smart Only (session usage is reported to CSSM based on mode border-element license capacity <session_count>. Lineside/CUBE Media Proxy remain RTU (not consumed in Smart accounts) till a future release • Future release (~ Nov’19) will report CUBE Trunk usage based on actual consumption • Effective June 15, 2019, ALL RTU Licenses go EoS 22 BRKCOL-2125
23.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE Trunk Licensing – Flow • Evaluation period (90 days, non-renewable) • Starts when the feature is enabled and counted in Unidentified or Unregistered state. • Must register with CSSM before Eval expiry to avoid service disruption. To Register with CSSM use CLI license smart register idtoken <token_id> • Auth requests • Successful : Results in either Authorized/In-Compliance or Out of compliance response - (renewed every 30 days) • Failure: Goes to Auth Expired state, retry for 90 days for successful Auth before service is disrupted. 23 BRKCOL-2125
24.
CUBE Version 12.x Deployment
Examples / Smart Licensing Scenarios
25.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 1a Separate Deployments: • Two activeCUBEs in separate locations • No Box to Box redundancy (Redundancy Group HA) • No load balancing • Each location processes up to 50 concurrent sessions. License Requirement: • 100 x CUBE-T-STD • CUBE platforms may registerto: • The same VirtualAccount holdinga common pool of 100 licenses • Different VirtualAccounts, each with 50 licenses Location 1 Location 2 Active 50 Calls Active 50 Calls 25 BRKCOL-2125
26.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Location 1 Customer Deployment Scenario 1b Separate Deployments: • Two activeCUBEs in the same location • No Box to Box redundancy (Redundancy Group HA) • No load balancing • Each CUBE processes up to 50 concurrent sessions. License Requirement: • 100 x CUBE-T-STD • CUBE platforms may registerto: • The same Virtual Account holding a common pool of 100 licenses • Different Virtual Accounts, each with 50 licenses Active 50 Calls Active 50 Calls 26 BRKCOL-2125
27.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 2a Geographic Load Balancing: • Two activeCUBEs in separate locations • No Box to Box redundancy (Redundancy Group HA) • Load balancing b/w locations providedby SP • Total call load across both locations up to 200 concurrent sessions. License Requirement: • 200 x CUBE-T-STD • CUBE platforms registerto the same VirtualAccount holding a common pool of licenses Location 1 Location 2 Active 200 Calls Active 27 BRKCOL-2125
28.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 2b Load Balancing withina location: • Two activeCUBEs in the same location • No Box to Box redundancy (Redundancy Group HA) • Load balancing between CUBEs providedby SP or with CUSP • Total call load across both CUBEs up to 200 concurrent sessions. License Requirement: • 200 x CUBE-T-STD • CUBE platforms registerto the same Virtual Account holding a common pool of licenses Active 200 Calls Active Location 1 28 BRKCOL-2125
29.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 3 Box to Box HighAvailability (HA) withCall Preservation: • Activeand Standby CUBEs in HARedundancy Group (RG) • Both CUBEs mustbe in the same layer 2 network • Total call load up to 250 concurrent sessions. License Requirement: • 250 x CUBE-T-RED • Both CUBE platforms register to the same Virtual Account holding a common pool of licenses Location 1 Active Standby 250 Calls Stateful 29 BRKCOL-2125
30.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 4a Box to Box High Availability withCall Preservation within a location and geographic load balancing across locations: • One pair of HighAvailability CUBEs in RG at each site • Geographic load balancing across locations provided by SP • Total call load up to 600 concurrent sessions across locations • If an active CUBE fails, stateful failover of local load to standby • If location 1 fails, all associated calls fail. Total load serviced by active CUBE at site 2 License Requirement: • 600 x CUBE-T-RED • All CUBE platforms register to the same Virtual Account holding a common pool of licenses Location 1 Active Standby Stateful Location 2 Active Standby Stateful 600 Calls HA Pair 1 HA Pair 2 30 BRKCOL-2125
31.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 4b Box to Box HighAvailability withCall Preservation and load balancing withina location: • Two pairs of HighAvailability CUBEs in separate RGs at the same site • Load balancing across HApairs provided by SP or with CUSP • Total call load for location up to 600 concurrent sessions • If an active CUBE fails, stateful failover of local load to standby • If HApair 1 fails, all associated calls fail. Total load serviced by active CUBE in HApair 2 License Requirement: • 600 x CUBE-T-RED • All CUBE platforms register to the same Virtual Account holding a common pool of licenses Location 1 Active Standby Stateful Active Standby Stateful 600 Calls HA Pair 1 HA Pair 2 31 BRKCOL-2125
32.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 5 Inbox Hardware or Software Redundancy: • Stateful Switchover (SSO):ASR1006 with dual route processors (control plane) and dual ESPs (forwarding plane) • Route Processor Redundancy (RPR):ASR1001/2/4 with software redundancy. • Both options provide stateful failover. • Required call volume up to 350 concurrent sessions. License Requirement: • 350 x CUBE-T-STD • Active route processor registers to Smart virtual account • Standby route processor takes over registration on failover ASR1006/1006-x Hardware Redundancy Dual Forwarding Plane Hardware Dual Control Plane Hardware ASR1001/2/4 Software Redundancy Active IOS Standby IOS 32 BRKCOL-2125
33.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 6 Lineside registrationproxy and survivability • Acustomerusing a cloud call control serviceuses CUBE for lineside optimization and survivability. • ACUBE platform is deployed at four customersites. • Each site has 25 handsets that registerto the cloud service. License Requirement: • 100 x CUBE-L-STD • All CUBE platforms register to the same Virtual Account holding a common pool of licenses Third Party Call Control in SP Cloud 33 BRKCOL-2125
34.
CUBE Version 12.x License
Migration Classic CUBE (RTU) to CUBE Smart Licenses
35.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Migration Overview • The following scenarios describe the valid migration paths to CUBE Session Smart Licenses for customers that have purchased Classic CUBE Right To Use (RTU) Session Licenses in the past. • Take the time to understand each CUBE licensing migration case to set expectations accordingly. 35 BRKCOL-2125
36.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE Migration Case A: Legacy Platforms with RTU Platform ISR G1, ISR G2, ASR1001, ASR1002 Licenses From: CUBE Classic Right To Use (RTU) Session Licenses To: CUBE Version 12 Smart Session Licenses with SWSS Migration • RTU licenses are node locked to the router for which they were purchased. • Session Licenses may be used perpetually while the customer continues to use their router, but have no residual value beyond this. • Customers wishing to migrate to a newer hardware platform must purchase new licenses using L-CUBE with a minimum of 12 months SWSS. Note • ISR G1 Hardware End of Support: 31 October 2016 • ISR G2 Hardware End of Support: 31 December 2022 • ASR1001/2 Hardware End of Support: 30 April 2021 36 BRKCOL-2125
37.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE Migration Case B: Current Platforms with RTU Platform ISR4000, ASR1001-X, ASR1002-X, ASR1004(RP2), ASR1006(RP2), CSR1000V Licenses From: CUBE Classic Right To Use (RTU) Session Licenses To: CUBE Version 12 Smart Session Licenses with SWSS Migration • RTU session licenses are intended to provide perpetual entitlement for the platform for which they were purchased. • Customers wishing to use IOS XE software beyond version 16.9 may apply to purchase replacement session licenses as follows: a) RTU session licenses must have been purchased after 1 October 2014. b) Sales Order details for RTU purchases must be provided. c) At least 12 months SWSS must be purchased for all new session licenses. A DSA for purchase of new licenses with up to 100% discount may be requested if conditions a, b and c are met. Notes If preferred, customers may continue to use CUBE 12.x (IOS XE 16.9.x software) with their RTU licenses. Net new licenses would be required when upgrading to CUBE 14 in 2020. 37 BRKCOL-2125
38.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE Migration Case C: Cisco ONE licenses Platform All Cisco ONE™ Compatible Platforms Licenses From: Cisco ONE Classic Right to Use (RTU) CUBE Session Licenses To: CUBE Version 12 Smart Session Licenses with SWSS Migration • Cisco ONE CUBE licenses provide RTU entitlement for their associated platform. • If covered by an active Cisco ONE SWSS contract, licenses may be transferred to any compatible Cisco ONE licensed platform. • Cisco ONE SWSS provides entitlement to router software upgrades. • With Active Cisco ONE SWSS Cover, customers: a) Migrate to Smart enabled L-CUBE licenses using the Product Update Tool b) Renew support with Collaboration SWSS for new licenses • Without Active Cisco ONE SWSS Cover, refer to Case A or B. Notes Customers with active Cisco ONE SWSS are encouraged to upgrade licenses as soon as possible and not wait for their contract to expire.
39.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Agenda • CUBE Overview, Deployments, and SIP Trunk Sizing • CUBE Licensing Updates • CUBE Architecture (Physical & Virtual) • Transitioning to SIP Trunking using CUBE • Advanced features on CUBE (Call Routing, Multi-Tenancy) • Call Recording & Intro to CUBE Media Proxy • Securing Collab deployments with CUBE • Webex Calling (VAR Channel) – Local Gateway (LGW) 39 BRKCOL-2125
40.
CUBE Architecture ISR G2
vs ASR1K vs ISR 4K vs vCUBE (CUBE on CSR1000v)
41.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • CSR (Cloud Services Router) 1000v runs on a Hypervisor – IOS XE without the router Console Mgmt ENET Ethernet NICs Flash / Disk Memory Virtual CPU RP (control plane) Chassis Mgr. Forwarding Mgr. IOS-XE Kernel (incl. utilities) ESP (data plane) Chassis Mgr. Forwarding Mgr. QFP Client / Driver FFP code Hypervisor Hardware vSwitch NIC GE GE … X86 Multi-Core CPU Memory Banks ESXi Container CUBE signaling CUBE media processing CSR 1000v (virtual IOS-XE) Virtual CUBE (CUBE on CSR 1000v) Architecture 41 BRKCOL-2125
42.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Virtual CUBE (CUBE on CSR 1000v) – Cont’d • CSR1000v is a virtual machine, running on x86 server (no specialized hardware) with physical resources are managed by hypervisor and shared among VMs • Requires APPX (No TLS/SRTP) or AX (All vCUBE features) CSR licensing package to access voice CLI and increase throughput from 100 kbps default. CUBE Licensing follows ASR1K SKUs and still trust based • No DSP based features (transcoding/inband-RFC2833 DTMF/ASP/NR) available • vCUBE tracks only the next vSwitch interface resulting in SSO of vCUBE-HA only due to software failures (active vCUBE crashing/reloading) • vCUBE Tested Reference Configurations [UCS base-M2-C460, C220-M3S, ESXi 5.1.0 & 5.5.0]. ESXi 6.0 supported with IOS-XE 16.3.1 or later
43.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Agenda • CUBE Overview, Deployments, and SIP Trunk Sizing • CUBE Licensing Updates • CUBE Architecture (Physical & Virtual) • Transitioning to SIP Trunking using CUBE • Advanced features on CUBE (Call Routing, Multi-Tenancy) • Call Recording & Intro to CUBE Media Proxy • Securing Collab deployments with CUBE • Webex Calling – Local Gateway (LGW) 43 BRKCOL-2125
44.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Step 1: Configure CUCM to route calls to the edge SBC SIP Trunk Pointing to CUBE Standby IP PSTN A TDM PBX SRST CME MPLS Enterprise Branch Offices Enterprise Campus CUBE with High Availability Active CUBE CUBE PSTN is now used only for emergency calls over FXO lines • Configure CUCM to route all PSTN calls (central and branch) to CUBE (Gig0/0 in our slides) via a SIP trunk • Make sure all different patterns of calls – local, long distance, international, emergency, informational etc.. are pointing to CUBE 44 BRKCOL-2125
45.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Step 2: Get details from SIP Trunk provider Item SIP Trunk service provider requirement Sample Response 1 SIP Trunk IP Address (Destination IP Address for INVITES) 66.77.37.2 or DNS 2 SIP Trunk Port number (Destination port number for INVITES) 5060 3 SIP Trunk Transport Layer (UDP or TCP) UDP 4 Codecs supported G711, G729 5 Fax protocol support T.38 6 DTMF signaling mechanism RFC2833 7 Does the provider require SDP information in initial INVITE (Early offer required) Yes 8 SBC’s external IP address that is required for the SP to accept/authenticate calls (Source IP Address for INVITES) 128.107.214.195 9 Does SP require SIP Trunk registration for each DID? If yes, what is the username & password No 10 Does SP require Digest Authentication? 408-944-7700 45 BRKCOL-2125
46.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Step 3: Enable CUBE Application on Cisco routers voice service voip mode border-element license capacity 20 Required for Smart Licensing allow-connections sip to sip By default IOS/IOS-XE voice devices do not allow an incoming VoIP leg to go out as VoIP 2. Configure any other global settings to meet SP’s requirements voice service voip media bulk-stats To increment Rx/Tx counters on IOS-XE based platforms. W/O this CLI, it will show 0/0 (CPU intensive CLI) sip early-offer forced 3. Create a trusted list of IP addresses to prevent toll-fraud voice service voip ip address trusted list Applications initiating signaling towards CUBE, e.g. CUCM, CVP, ipv4 66.77.37.2 ! ITSP SIP Trunk Service Provider’s SBC. IP Addresses from dial-peers with “session target ipv4 10.10.1.20 ! CUCM ip” or Server Group are trusted by default and need not be populated here sip silent-discard untrusted Default configuration starting XE 3.10.1 /15.3(3)M1 to mitigate TDoS Attack 1. Enable CUBE Application 46 BRKCOL-2125
47.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Step 4: Configure Call routing on CUBE • Dial-Peer – “static routing” table mapping phone numbers to interfaces or IP addresses • LAN Dial-Peers – Dial-peers that are facing towards the IP PBX for sending and receiving call legs to and from the PBX. Always bind LAN interface(s) on CUBE to LAN dial-peers, ensuring SIP/RTP is sourced from the intended LAN interfaces(s) • WAN Dial-Peers – Dial-peers that are facing towards the SIP Trunk provider for sending and receiving call legs to and from the ITSP. Always bind CUBE’s WAN interface(s) to WAN dial- peer(s). 10.10.1.21 128.107.214.195 66.77.37.2 10.10.1.20 47 BRKCOL-2125
48.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS SIP Normalization More information at http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/118825-technote-sip-00.html Incoming Outgoing INVITE sip:5551000@sip.com:5060 user=phone SIP/2.0 INVITE sip:5551000@sip.com:5060 SIP/2.0 voice class sip-profiles 100 request INVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0" request REINVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0" Add user=phone for INVITEs Modify a “sip:” URI to a “tel:” URI in INVITEs Incoming Outgoing INVITE tel:2222000020 SIP/2.0 INVITE sip:2222000020@9.13.24.6:5060 SIP/2.0 voice class sip-profiles 100 request INVITE sip-header SIP-Req-URI modify "sip:(.*)@[^ ]+" "tel:1" request INVITE sip-header From modify "<sip:(.*)@.*>" "<tel:1>" request INVITE sip-header To modify "<sip:(.*)@.*>" "<tel:1>" CUBE CUBE SIP profiles is a mechanism to normalise or customise SIP at the network border to provide interop between incompatible devices SIP incompatibilities arise due to: • A device rejecting an unknown header (value or parameter) instead of ignoring it • A device expecting an optional header value/parameter or can be implemented in multiple ways • A device sending a value/parameter that must be changed or suppressed (“normalised”) before it leaves/enters the enterprise to comply with policies • Variations in the SIP standards of how to achieve certain functions • With CUBE 10.0.1 SIP Profiles can be applied to inbound SIP messages as well 48 BRKCOL-2125
49.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS SIP Profile Configuration Example • For tagging the rules: voice class sip-profiles 1 rule 1 request INVITE sip-header Contact Modify “(.*)” “1;temp=xyz” rule 2 request INVITE sip-header Supported Add “Supported: ” • For inserting a rule between two rules using “before” option: rule before 2 request INVITE sip-header To Modify “(.*)” “1;temp=abc” voice class sip-profiles 1 rule 1 request INVITE sip-header Contact Modify “(.*)” “1;temp=xyz” rule 2 request INVITE sip-header To Modify “(.*)” “1;temp=abc” rule 3 request INVITE sip-header Supported Add “Supported: ” before option The new rule has been inserted between #1 and #3 49 BRKCOL-2125
50.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Agenda • CUBE Overview, Deployments, and SIP Trunk Sizing • CUBE Licensing Updates • CUBE Architecture (Physical & Virtual) • Transitioning to SIP Trunking using CUBE • Advanced features on CUBE (Call Routing, Multi-Tenancy) • Call Recording & Intro to CUBE Media Proxy • Securing Collab deployments with CUBE • Webex Calling (VAR Channel) – Local Gateway (LGW) 50 BRKCOL-2125
51.
CUBE Dial-Peers Advanced Call
Routing
52.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 52 dial-peer voice 100 voip description *Inbound LAN dial-peer. From CUCM to CUBE* session protocol sipv2 incoming called-number 8T voice-class sip bind control source-interface Gig0/0 voice-class sip bind media source-interface Gig0/0 dtmf-relay rtp-nte codec g711ulaw no vad CUCM SIP Trunk ITSP SIP Trunk CUBE A Outbound Calls Outbound WAN Dial-Peer Inbound LAN Dial-Peer Inbound WAN Dial-Peer Inbound Calls Outbound LAN Dial-Peer dial-peer voice 201 voip description *Outbound WAN dial-peer. From CUBE to SP* destination-pattern 81[2-9]..[2-9]......$ session protocol sipv2 session target ipv4:10.1.40.11 session transport udp voice-class sip bind control source-interface Gig0/1 voice-class sip bind media source-interface Gig0/1 dtmf-relay rtp-nte codec g711ulaw no vad 198.18.133.3 dial-peer voice 200 voip description *Inbound WAN dial-peer. From Provider to CUBE* session protocol sipv2 incoming uri via 200 voice-class sip bind control source-interface Gig0/1 voice-class sip bind media source-interface Gig0/1 dtmf-relay rtp-nte codec g711ulaw no vad voice class uri 200 sip host ipv4:10.1.40.11 dial-peer voice 101 voip description *Outbound LAN dial-peer. From CUBE to CUCM* translation-profile outgoing CUBE_to_CUCM destination-pattern +1408944....$ session protocol sipv2 session target ipv4:198.18.133.3 voice-class sip bind control source-interface Gig0/0 voice-class sip bind media source-interface Gig0/0 dtmf-relay rtp-nte codec g711ulaw no vad 10.1.40.11 G0/0 G0/1
53.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUCM SIP Trunk SP SIP Trunk CUBE A Inbound LAN Dial-Peer IP PSTN Inbound WAN Dial-Peer Inbound Calls Outbound Calls Match based on Called Number Match based on Calling number 1 Match Based on URI of an incoming INVITE message Default Dial-Peer = 0 Exact Pattern match Host Name/IP Address User portion of URI Phone-number of tel-uri Received: INVITE sip:654321@10.2.1.1 SIP/2.0 Via: SIP/2.0/UDP 10.1.1.1:5060;x-route- tag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0 From: "555" <sip:555@10.1.1.1:5060>;tag=1 To: ABC <sip:654321@10.2.1.1:5060> Call-ID: 1-23955@10.1.1.1 CSeq: 1 INVITE Contact: sip:555@10.1.1.1:5060 Supported: timer Max-Forwards: 70 Subject: BRKUCC-2934 Session Content-Type: application/sdp Content-Length: 226 ........ 2 3 4 Priority Understanding Inbound Dial-Peer Matching Techniques 53 BRKCOL-2125
54.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Outbound Dial-Peer Matching Criteria Summary Match based on Called Number CUCM SIP Trunk SP SIP Trunk CUBE A Outbound LAN Dial-Peer IP PSTN Outbound WAN Dial-Peer Inbound Calls Outbound Calls 1 2 Exact Pattern match Host Name/IP Address User portion of URI Phone-number of tel-uri Priority Match Based on URI of incoming INVITE message 0 Match Based on DPG, DPPP, COR/LPCOR if configured Received: INVITE sip:654321@10.2.1.1 SIP/2.0 Via: SIP/2.0/UDP 10.1.1.1:5060;x-route- tag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0 From: "555" <sip:555@10.1.1.1:5060>;tag=1 To: ABC <sip:654321@10.2.1.1:5060> Call-ID: 1-23955@10.1.1.1 CSeq: 1 INVITE Contact: sip:555@10.1.1.1:5060 Supported: timer Max-Forwards: 70 Subject: BRKUCC-2934 Session Content-Type: application/sdp Content-Length: 226 ........ 54 BRKCOL-2125
55.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Destination Server Group • Supports multiple destinations (session targets) be defined in a group and applied to a single outbound dial-peer • Once an outbound dial-peer is selected to route an outgoing call, multiple destinations within a server group will be sorted in either round robin or preference [default] order • This reduces the need to configure multiple dial-peers with the same capabilities but different destinations. E.g. Multiple subscribers in a cluster 55 voice class server-group 1 hunt-scheme {preference | round-robin} ipv4 1.1.1.1 preference 5 ipv4 2.2.2.2 ipv4 3.3.3.3 port 5065 preference 3 ipv6 2010:AB8:0:2::1 port 5065 preference 3 ipv6 2010:AB8:0:2::2 * DNS target not supported in server group dial-peer voice 100 voip description Outbound DP destination-pattern 1234 session protocol sipv2 codec g711ulaw dtmf-relay rtp-nte session server-group 1
56.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Multiple Number Patterns Under Same Incoming/Outgoing Dial-peer SIP Trunk SP SIP Trunk CUBE IP PSTN A (408)100-1010 (510)100-1010 (919)200-2010 2000 (510)100-1000 (408)100-1000 voice class e164-pattern-map 300 e164 200. e164 510100100. e164 408100100. dial-peer voice 1 voip description Inbound DP via Calling incoming calling e164-pattern-map 300 codec g729r8 voice class e164-pattern-map 400 url flash:e164-pattern-map.cfg dial-peer voice 2 voip description Outbound DP via Called destination e164-pattern-map 400 codec g711ulaw ! This is an example of the contents of E164 patterns text file stored in flash:e164-pattern-map.cfg 9192002010 5101001010 4081001010 <blank line> Site A Site B Site C Site A Site B Site C G729 Sites G711 Sites Up to 5000 entries in a text file 56 Up to 1000 entries in a pattern map
57.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Destination Dial-peer Group voice class dpg 10000 description Voice Class DPG for SJ dial-peer 1001 preference 1 dial-peer 1002 preference 2 dial-peer 1003 ! dial-peer voice 100 voip description Inbound DP incoming called-number 1341 destination dpg 10000 dial-peer voice 1001 voip destination-pattern BAD session protocol sipv2 session target ipv4:10.1.1.1 ! dial-peer voice 1002 voip destination-pattern BAD.BAD session protocol sipv2 session target ipv4:10.1.1.2 ! dial-peer voice 1003 voip destination-pattern BAD.BAD.BAD session protocol sipv2 session target ipv4:10.1.1.3 1. Incoming Dial-peer is first matched 2. Now the DPG associated with the INBOUND DP is selected Received: INVITE sip:1341@CUBE-IP-ADDRESS:5060 Sent: INVITE sip:1341@10.1.1.3:5060 57 BRKCOL-2125
58.
Multi-Tenancy
59.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Multiple Tenants on CUBE • Every Registrar/User Agent/ITSP connected to CUBE can be considered a Tenant to CUBE • Allows specific global configurations (CLI under sip-ua) for multiple tenants such as specific SIP Bind for REGISTER messages • Allows differentiated services for different tenants 59 BRKCOL-2125
60.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS “Voice class Tenant” Overview Prior to Multi Tenancy sip-ua registrar 1 ipv4:60.60.60.60:9051 expires 3600 registrar 2 ipv4:70.70.70.70:9052 expires 3600 credentials username aaaa password 7 06070E204D realm aaaa.com credentials username bbbb password 7 110B1B0715 realm bbbb.com voice service voip outbound-proxy ipv4:10.64.86.35:9057 bind control source-interface GigabitEthernet0/1 With Voice Class Tenant (Multi-Tenancy) voice class tenant 1 registrar 1 ipv4:60.60.60.60:9051 expires 3600 credentials username aaaa password 7 06070E204D realm aaaa.com outbound-proxy ipv4:10.64.86.35:9057 bind control source-interface GigabitEthernet0/0 voice class tenant 2 registrar 1 ipv4:70.70.70.70:9052 expires 3600 credentials username bbbb password 7 110B1B0715 realm bbbb.com outbound-proxy ipv4:10.64.86.40:9040 bind control source-interface GigabitEthernet0/1 E164 - aaaa E164 - bbbb Registrar - 1 Registrar - 2 E164 - aaaa E164 - bbbb Registrar - 1 Registrar - 1 OB Proxy 1 & Bind-1 OB Proxy 2 & Bind-2 • Most configs under “sip-ua” and “voice service voip” added in “voice class tenant <tag>”, e.g. Registrar and Credentials CLI under tenant using different bind and outbound proxy Global OB Proxy and Bind 60 BRKCOL-2125
61.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Configuring Voice Class Tenant • Configure voice class tenant voice class tenant 1 registrar 1 ipv4:10.64.86.35:9052 expires 3600 credentials username aaaa password 7 06070E204D realm aaaa.com credentials number bbbb username bbbb password 7 110B1B0715 realm bbbb.com bind control source-interface GigabitEthernet0/0 bind media source-interface GigabitEthernet0/0 copy-list 1 outbound-proxy ipv4:10.64.86.35:9055 early-offer forced • Apply tenant to the desired dial-peer dial-peer voice 1 voip destination-pattern 111 session protocol sipv2 session target ipv4:10.64.86.35:9051 session transport udp voice-class sip tenant 1 Apply Tenant to a Dial-peer Add new voice class tenant 61 BRKCOL-2125
62.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Agenda • CUBE Overview, Deployments, and SIP Trunk Sizing • CUBE Licensing Updates • CUBE Architecture (Physical & Virtual) • Transitioning to SIP Trunking using CUBE • Advanced features on CUBE (Call Routing, Multi-Tenancy) • Call Recording & Intro to CUBE Media Proxy • Securing Collab deployments with CUBE • Webex Calling (VAR Channel) – Local Gateway (LGW) 62 BRKCOL-2125
63.
External/PSTN Call Recording
64.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS External/PSTN Call Recording Options • CUBE Controlled (Dial-peer based SIPREC) • Based on SIPREC (RFC 6341, 7245, Metadata-draft-17, Protocol-draft-15), CUBE sends metadata in XML format • Dial-peer controlled, IP-PBX independent • Source of recorded media (RTP only) is always CUBE (External calls only). For SRTP-RTP calls, apply media forking CLI on the RTP leg only. • Records both audio and video calls and supported with CUBE HA (Inbox or box-2- box) • CUCM NBR (Network Based Recording) • CUCM Controlled, requires CUCM 10+ and UC Services API be enabled on CUBE • Recording triggered by CUCM and this mode records only Audio calls • Source of Recorded Media can be CUBE or Endpoint (BiB), CUBE as source desired for PSTN calls 64 BRKCOL-2125
65.
Introducing CUBE Media Proxy
66.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • Current recording architectures allow only one fork from each leg (in- leg/out-leg) to only one recorder • No support for forking secure RTP stream • MiFiD II Compliance requirements: • Support for more than one recorders • High Availability (Redundancy) • Secure forking • Call scenarios support • External calls (inbound/outbound from/to ITSP, PSTN calls) • Internal calls (on-prem calls) • Contact center • Common Metadata Existing Recording Architectures 66 BRKCOL-2125
67.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • Media proxy is based on CUBE architecture • Supports the same ISR 4Ks, ASR1Ks, CSR1K on which CUBE is supported today • Call Recording mechanism (triggers) is CUCM NBR based (GW based and Phone BiB) • Media proxy is designed to fork media to multiple recorders i.e. multiple forked legs, and supports up to 5 recorders • CUBE Media Proxy High Availability is also supported • CUSP (Optional) supports Media proxy with recorder redundancy and load balancing • Secured forking (SRTP – SRTP) CUBE Media Proxy: Overview 67 BRKCOL-2125
68.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS SIP SIP SP SIP CUBE RTP RTP Recorder1 CUCM NBR GW forking to Media Proxy Media Proxy Recorder2 Speech Analytics RTP CUCM NBR – GW based recording CUBE Media Proxy Prerequisites: • IOS-XE: 16.10.1a or later • Unified Communication Manager: 12.5+ • Validated with Verint recording solution 68 BRKCOL-2125
69.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS SIP SIP SP SIP CUBE RTP Recorder1 Phone BiB forking to CUBE Media Proxy Media Proxy Recorder2 Recorder3 RTP Phone BiB CUBE Media Proxy Prerequisites: • IOS-XE: 16.10.1a or later • Unified Communication Manager: 12.5+ • Validated with Verint recording solution 69 BRKCOL-2125
70.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • Video call Recording is not supported today • Secure media (SRTP) forking of non-secure calls is not supported • CUBE Media Proxy and CUBE cannot be co-located CUBE Media Proxy: Design requirements 70 BRKCOL-2125
71.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS CUBE Media Proxy: Capacity for Various Platforms 71 Platform Max CUBE Calls (CUBE Media Proxy Capacity) Number of Recorders One Two Three Four Five 4321 (4GB) 100 50 25 10 5 2 4331 (4GB) 500 250 125 60 30 15 4351 (4 GB) 1000 500 250 125 60 30 4431 (8 GB - CP) 3000 1500 750 375 185 90 4451 (8 GB - CP) 6000 3000 1500 750 375 185 1004/1006/ 1006-X RP2 (16 GB) 16000 4500 3500 2500 2100 1800 BRKCOL-2125
72.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 7 Media Proxy: • Amedia proxy platform used to fork calls to 3 recording servers. • Total concurrent call load is 50 calls. License Requirement: • 150 x CUBE-MP-RED • Only redundant licenses are available for Media Proxy Location 1 Active 50 Calls Media Proxy 150 Recordings 72 BRKCOL-2125
73.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 8 Media Proxy: • Active and Standby CUBE Media Proxies in HA Redundancy Group (RG) • Both Media Proxies must be in the same layer 2 network • Total call load for HApair 150 calls, each forked 3 times. • If active Media Proxy fails, stateful failover of all calls to standby License Requirement: • 450 x CUBE-MP-RED • Both Media Proxy platforms register to the same Virtual Account holding a common pool of licenses Location 1 Active Standby Stateful HA Pair 1 150 Calls Media Proxy Media Proxy 73 BRKCOL-2125
74.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Customer Deployment Scenario 9 Media Proxy: • Amedia proxy platform used to fork calls to 3 recording servers. • Total concurrent call load is 50 calls from CUBE triggered using CUCM NBR License Requirement: • 150 x CUBE-MP-RED for Media Proxy • 50 X CUBE-T-STD for PSTN calls through CUBE • Only redundant licenses are available for Media Proxy Location 1 Active 50 Calls Media Proxy CUBE 150 Recordings 74 BRKCOL-2125
75.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Agenda • CUBE Overview, Deployments, and SIP Trunk Sizing • CUBE Licensing Updates • CUBE Architecture (Physical & Virtual) • Transitioning to SIP Trunking using CUBE • Advanced features on CUBE (Call Routing, Multi-Tenancy) • Call Recording & Intro to CUBE Media Proxy • Securing Collab deployments with CUBE • Webex Calling (VAR Channel) – Local Gateway (LGW) 75 BRKCOL-2125
76.
Security Updates
77.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Secure SIP Trunks with CUBE CUBE Gig0/0/1 Gig0/0/0 SP IP Network LAN WAN TCP/UDP SRTP SIP TLS RTP • Interworking between all three transport types is supported : UDP/TCP/TLS • IOS-XE based platforms do not require DSPs for SRTP-RTP interworking • TLS Exclusivity can be configured with “transport tcp tls v1.2” • NGE Crypto supported for SRTP-SRTP (IOS-XE 16.5.2) [Crypto A – Crypto B], SRTP-RTP, SRTP pass-thru 77 BRKCOL-2125
78.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS IOS-XE 16.11.1 or later Security Readiness changes • For IOS-XE 16.11.1 or later, a master key must be pre-configured for passwords before it can used in authentication, credentials and/or shared-secret CLIs • Its mandatory to specify the encryption type for the password • Type 6 passwords are encrypted using AES cipher and user defined master key • Master key is never displayed in the configuration • If master key configuration is removed, Type 6 passwords can never by decrypted which may result in authentication failure 78 BRKCOL-2125
79.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS IOS-XE 16.11.1+ Security Configuration Requirement LocalGateway#conf t LocalGateway(config)#key config-key password-encrypt Password123 LocalGateway(config)#password encryption aes • If master key is not pre-configured, there will be an error shown when the password is configured LocalGateway(config-sip-ua)#authentication username ali password 0 hussain123 Failed type 6 encryption on password • If password type 0 is used, it will be stored as type 6 AES encrypted password in configuration LocalGateway#show run | include credentials credentials number Hussain6346_LGU username Hussain2572_LGU password 6 FbGXYVJVcPeMhMRFSFNINTIMZecQPD_Bbg realm BroadWorks 79 BRKCOL-2125
80.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS IOS-XE 16.11.1 Security Configuration Requirement • Dial-peer, SIP-UA, Tenants, and STUN authentication credentials/shared secrets will use the new Secure reversible encryption Type 6 AES format password LocalGateway(config-sip-ua)#authentication username ali password ? 0 Specifies an UNENCRYPTED password will follow 6 Specifies an ENCRYPTED password will follow 7 Specifies a HIDDEN password will follow • Type 6 only accepts password formats such as ” YXMOEfOePAJhNCKXbU^CYYAR^aJJ`Sa_S”. Hence recommendation is to use password type 0 which will be saved as type 6 in the configuration • The encryption type 7 is supported in IOS XE Release 16.11.1a, but will be deprecated in the later releases 80 BRKCOL-2125
81.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Agenda • CUBE Overview, Deployments, and SIP Trunk Sizing • CUBE Licensing Updates • CUBE Architecture (Physical & Virtual) • Transitioning to SIP Trunking using CUBE • Advanced features on CUBE (Call Routing, Multi-Tenancy) • Call Recording & Intro to CUBE Media Proxy • Securing Collab deployments with CUBE • Webex Calling (VAR Channel) – Local Gateway (LGW) 81 BRKCOL-2125
82.
Webex Calling (VAR Channel) Local
Gateway (LGW)
83.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS The Cisco Webex Calling Platform • Fully-featured cloud PBX powered by proven technology • Deployed in Geo-redundant Cisco Data Centers • Partner sells the service, owns customer relationship • Cisco owns and supports platform and service, can bring opportunities INTERNET Webex Calling Endpoints Customer 1 Webex Calling Endpoints Customer 2 83 Cisco Webex as the Platform previously called BroadCloud BRKCOL-2125
84.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS PSTN Options Service Provider PSTN • PSTN access through peering with the Webex Calling partner’s service (common to all customers for that partner) • PSTN service bundled with Webex Calling service by the partner INTERNET Peering Network Partner X’s PSTN Webex Calling Endpoints Customer 1 Webex Calling Endpoints Customer 2 Partner X’s Offer Webex Calling (SP) – previously BroadCloud Calling Webex Calling (VAR) 84 Cisco Webex Calling BRKCOL-2125
85.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS PSTN Options BYOPSTN with Local Gateway • PSTN access through a Local Gateway device at customer site and the customer’s PSTN service (SIP Trunk, PRI, …) • PSTN service decoupled from Webex Calling service Customer 1 PSTN Webex Calling Endpoints Access Network Partner X’s Offer (future) Webex Calling (SP) – previously BroadCloud Calling Webex Calling (VAR) – previously just Webex Calling 85 Cisco Webex Calling BRKCOL-2125
86.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Webex Calling PSTN Options BYOPSTN with Partner-Hosted Local Gateway Internet • Partner hosts and manages customer’s Local Gateway (e.g., vCUBE) in own Data Center, connected OTT to Webex Calling • Not recommended if on-premises PBX or SBC is present (requires VPN between Partner DC and customer network) PSTN Provider Z PSTN Provider Y Webex Calling Endpoints Customer 1 Webex Calling Endpoints Customer 2 Customer 2’s SIP Trunk Customer 1’s SIP Trunk Partner X’s Data Center Virtualized Local GW’s (future) Webex Calling (SP) Webex Calling (VAR) 86 Cisco Webex Calling BRKCOL-2125
87.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS PSTN Options BYOSIP (Future) Access Network • PSTN access through per-customer peering with SIP trunk providers (independent of Webex Calling partner) • PSTN service may be decoupled from Webex Calling service PSTN Provider Z PSTN Provider Y Peering Network Webex Calling Endpoints Customer 1 Webex Calling Endpoints Customer 2 Partner X’s Offer (future) Webex Calling (SP) (future) Webex Calling (VAR) Customer 1’s SIP Trunk Customer 2’s SIP Trunk 87 Cisco Webex Calling BRKCOL-2125
88.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • Enables BYoPSTN option for Webex Calling • Provides connectivity to a customer-owned PSTN service • May also provide connectivity to an on- premises IP PBX or dedicated SBC/PSTN GW • Endpoint registration is NOT proxied through Local Gateway, unlike CUBE Lineside. Endpoints directly register to BroadCloud over the Internet. • All communication between BroadCloud and endpoints/LGW is secured (SIP TLS/sRTP) Webex Calling (VAR Channel): Local Gateway Customer Site PSTN Local Gateway Webex Calling Endpoints Internet SBC or IP PBX Cisco Webex Platform (previously BroadCloud) BRKCOL-2125 88
89.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • Cisco CUBE (for IP-based connectivity) or Cisco IOS Gateway (for TDM-based connectivity) • Hardware and software requirements: • ISR 4321, 4331, 4351, 4431, 4451 (IOS XE 16.9(3) and 16.11.1 or later) • IOS-XE 16.10.x is not supported as Local Gateway for any platform • CSR 1000v (vCUBE) (IOS XE 16.9(3) and 16.11.1 or later) • ISR 1100 (July/August 2019 – IOS-XE 16.12.1 or later) • CUBE calling licenses included in Webex Calling Flex License Note: platform requirements driven by encryption/decryption needs (signaling/media to BroadCloud is always secure) Local Gateway Product Support in Phase 1 CUBE IOS-XE GW Local Gateway (LGW) BRKCOL-2125 89
90.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • Standard CUBE feature support (no need for dedicated hardware) • Numbers in the table assume dedicated Local GW • Standard platform sizing using sRTP-RTP concurrent session numbers (based on IOS-XE 16.9(3)) • Number of corresponding users depends on BHCA etc Local Gateway Feature Support and Platform Sizing Reference: https://cisco.box.com/CUBE-Enterprise Platform sRTP-RTP Sessions ISR4321 40 ISR4331 125 ISR4351 250 ISR4431 750 ISR4451 1500 CSR1000V (1 vCPU) 225 CSR1000V (4 vCPU) 800 ISR1100 Series future BRKCOL-2125 90
91.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Access Network Local Gateway Signaling, Media, and PSTN Connectivity Options Provisioning Layer Cisco BroadWorks Access SBC Peering SBC Load Balancers Network Functions Customer Site Webex Calling Endpoints On-premises SBC or IP PBX PSTN TDM PSTN IP PSTN Certificate 91 BRKCOL-2125
92.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Local Gateway Security and Authentication Provisioning Layer Cisco BroadWorks Access SBC Peering SBC Load Balancers Network Functions Access Network Customer Site Webex Calling Endpoints PSTN IP or TDM Download signed CA root bundle from Cisco PKI 1 Cisco Trusted Core Root Bundle (Public CA trust anchors) 1 2 Provision SIP digest credentials generated by BroadCloud on LGW 2 TLS connection: LGW validates SBC certificate using CA root bundle 3 BroadCloud authenticates LGW registration with SIP digest 4 3 4 Certificate SIP Digest Credentials (offline) 92 BRKCOL-2125
93.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Internet • In most cases, Local Gateway and endpoints can sit on internal customer network using private IP addresses with NAT (media latching in BroadCloud SBC) • Firewall needs to allow outbound traffic (SIP, RTP/UDP, HTTP) to specific IP addresses/ports (see BroadCloud firewall and network configuration guide) Local Gateway Firewall and NAT traversal Customer Site Webex Calling Endpoints Pinholes for outbound traffic (return traffic uses same flow) Customer Firewall BRKCOL-2125 93
94.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Local Gateway Firewall and NAT traversal – IP Addresses and Ports (North America) Customer Site Purpose Source IP Source ports Protocol Dest IP Dest ports SIP signaling LGW BroadCloud facing interface 8000-65535 TLS TCP 199.59.65.0/25 199.59.66.0/25 199.59.70.0/25 199.59.71.0/25 8934 RTP media LGW BroadCloud facing interface 8000-48000* UDP 199.59.65.0/25 199.59.66.0/25 199.59.70.0/25 199.59.71.0/25 19560-65535 LGW *: Default range. Can be reduced based on number of concurrent sessions (4 UDP ports per session) https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/broadcloud/webexcalling/customers/cisco -webex-calling-configuration- guide/cisco-webex-calling-configuration-guide_chapter_01101.html North America Region BRKCOL-2125 94
95.
Onboarding process
96.
Onboarding Local Gateway: Step 1. Control
Hub
97.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 1a. Log in to customer portal and navigate to Services 97
98.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 1b. Navigate to Locations under Call options BRKCOL-2125 98
99.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 1c. Local gateway configuration is on the footer of the site card BRKCOL-2125 99
100.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 1d. Can either create a new local gateway or select existing one BRKCOL-2125 100
101.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 1e. Once the customer has selected the desired local gateway, they can save the local gateway for the given site. Parameters on this display required for onboarding LGW in Step 2 101
102.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 1f. Local gateway has been assigned to the site 102 BRKCOL-2125
103.
Onboarding Local Gateway: Step 2. Control
Hub parameters into Cisco IOS-XE platform
104.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS voice class tenant 200 registrar dns:40462196.cisco-bcld.com scheme sips expires 240 refresh-ratio 50 tcp tls credentials number Hussain6346_LGU username Hussain2572_LGU password 0 meX7]~)VmF realm BroadWorks authentication username Hussain2572_LGU password 0 meX7]~)VmF realm BroadWorks authentication username Hussain2572_LGU password 0 meX7]~)VmF realm 40462196.cisco- bcld.com sip-server dns:40462196.cisco-bcld.com connection-reuse srtp-crypto 200 session transport tcp tls url sips error-passthru bind control source-interface GigabitEthernet0/0/1 bind media source-interface GigabitEthernet0/0/1 no pass-thru content custom-sdp sip-profiles 200 outbound-proxy dns:la01.sipconnect-us10.cisco-bcld.com … voice class sip-profiles 200 rule 1 request ANY sip-header SIP-Req-URI modify "sips:" "sip:" rule 10 request ANY sip-header To modify "<sips:" "<sip:" rule 11 request ANY sip-header From modify "<sips:" "<sip:" rule 12 request ANY sip-header Contact modify "<sips:(.*)>" "<sip:1;transport=tls>" rule 13 response ANY sip-header To modify "<sips:" "<sip:" rule 14 response ANY sip-header From modify "<sips:" "<sip:" rule 15 response ANY sip-header Contact modify "<sips:" "<sip:" rule 16 request ANY sip-header From modify ">" ";otg=hussain2572_lgu>" rule 17 request ANY sip-header P-Asserted-Identity modify "<sips:" "<sip:" Parameters from Step 1e LGW CLI Config 104
105.
Onboarding Local Gateway: Step 3. Call
Routing on Local Gateway
106.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS • IP based Call Routing on Local Gateway has three key considerations 1. All call routing is E.164 based 2. Whether the customer site(s) is also utilizing an on-prem IP PBX such as Cisco UCM and the SIP trunking from an ITSP is terminating on LGW itself or a dedicated SBC. 3. CUCM’s SIP Trunk towards LGW will utilize port 5065 to distinguish from SIP Trunks pointing to a PSTN GW/CUBE (port 5060), which may be co-resident with the Local Gateway itself Call Routing on Local Gateway BRKCOL-2125 106
107.
1. LGW Deployment Options w/o
an on-prem IP PBX
108.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Call Routing Single Local Gateway (can be shared across multiple sites) Customer A PSTN Local Gateway Webex Calling Endpoints (Existing PSTN GW) BroadCloud sends calls that do not match the customer’s BroadCloud destinations to the Local GW Local GW routes calls coming from BroadCloud to the PSTN (and vice versa) PSTN gateway may be dedicated or co-resident with Local GW 108 BRKCOL-2125
109.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS voice class uri 100 sip host <pstn ip address> ! Or existing SBC / PSTN GW dial-peer voice 100 voip description Incoming dial-peer from IP PSTN incoming uri via 100 destination dpg 200 voice class dpg 200 description Incoming IP PSTN(DP100) to BCLD(DP201) dial-peer 201 preference 1 dial-peer voice 101 voip description Outgoing dial-peer to IP PSTN destination-pattern BAD.BAD session target ipv4: <pstn ip address> voice class uri 200 sip pattern dtg=hussain2572.lgu ! pattern uniquely identifies a Local gateway site within an ! Enterprise Trunk Group OTG/DTG from Control Hub dial-peer voice 200 voip description Incoming dial-peer from BroadCloud incoming uri request 200 destination dpg 100 voice class dpg 100 description Incoming BCLD(DP200) to IP PSTN(DP101) dial-peer 101 preference 1 dial-peer voice 201 voip description Outgoing dial-peer to BroadCloud destination-pattern BAD.BAD session target sip-server Local Gateway Local Gateway call routing to dedicated PSTN GW/SBC or IP PSTN IP PSTN Existing SBC / PSTN GW 109
110.
2. LGW Deployment Options with
an IP PBX e.g. UCM
111.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Call Routing With an IP PBX/CUCM Customer Site PSTN Local GW Webex Calling Endpoints PSTN GW CUCM • BroadCloud sends calls that do not match the customer’s BroadCloud destinations to the Local GW • Includes PSTN numbers and CUCM internal extensions (unknown to BroadCloud) • CUCM routes incoming calls to local destinations or to the PSTN (per existing dial plan) • Add route/translation patterns to send calls for BroadCloud to Local GW (normalized as +E.164’s) Local GW routes calls coming from BroadCloud to CUCM (and vice versa) PSTN gateway may be dedicated or co-resident with Local GW 111 BRKCOL-2125
112.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 2a. Unified CM with Dedicated PSTN GW (Preferred Option) • BroadCloud routes all calls that do not match Customer’s BroadCloud destinations to the Local GW assigned to the site • Includes PSTN destinations and CUCM internal extensions • Local GW routes all calls coming from BroadCloud to CUCM (and vice versa) • CUCM routes calls to locally- registered phones or to the PSTN via a different SBC/GW • Also possible to use the same router as Local GW and PSTN gateway/SBC Customer Site PSTN Local GW Webex Calling Endpoints Existing SBC / PSTN GW CUCM BRKCOL-2125 112
113.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS voice class uri 300 sip pattern :5065 ! pattern matches the CUCM signaling via port for Webex ! Calling trunk to distinguish from PSTN SIP trunk at 5060 dial-peer voice 300 voip description Incoming dial-peer from CUCM to BCLD incoming uri via 300 destination dpg 200 voice class dpg 200 description Incoming CUCM (DP300) to BCLD(DP201) dial-peer 201 preference 1 dial-peer voice 301 voip description Outgoing dial-peer to CUCM destination-pattern BAD.BAD session server-group 301 voice class server-group 301 ipv4 <cucm-node-1> port 5065 ipv4 <cucm-node-5> port 5065 voice class uri 200 sip pattern dtg=hussain2572.lgu ! pattern uniquely identifies a Local gateway site within ! an Enterprise, Trunk Group OTG/DTG from Control Hub dial-peer voice 200 voip description Incoming dial-peer from BroadCloud incoming uri request 200 destination dpg 300 voice class dpg 300 description Incoming BCLD (DP200) to CUCM(DP301) dial-peer 301 preference 1 dial-peer voice 201 voip description Outgoing dial-peer to BroadCloud destination-pattern BAD.BAD session target sip-server Local Gateway 2a. Local Gateway call routing to/from CUCM w/Dedicated PSTN Unified CM Existing SBC / PSTN GW 5060 5065 BRKCOL-2125 113
114.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS 2b. Unified CM with Co-located PSTN GW/SBC and Local Gateway • BroadCloud routes all calls that do not match Customer’s BroadCloud destinations to the Local GW assigned to the site • Includes PSTN destinations and on-net calls towards CUCM internal extensions • Local GW routes all calls to Unified CM • Unified CM routes calls to locally-registered phones or to the PSTN back via the Local GW, which has PSTN/SBC functionality co-located PSTN Webex Calling Endpoints CUCM CUBE and LGW Customer Site BRKCOL-2125 114
115.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS voice class uri 100 sip host <pstn ip address> dial-peer voice 100 voip description Incoming dial-peer from PSTN incoming uri via 100 destination dpg 302 Local Gateway 2b. Local Gateway call routing to and from IP PBX dial-peer voice 305 voip description Outgoing dial-peer to CUCM for inbound from PSTN destination-pattern BAD.BAD session server-group 305 voice class dpg 302 dial-peer 305 preference 1 voice class server-group 305 ipv4 <cucm-node-1> ipv4 <cucm-node-2> ipv4 <cucm-node-3> ipv4 <cucm-node-4> ipv4 <cucm-node-5> • Incoming calls matched based on via URI • Calls inbound from CUCM over 2 trunks to distinguish b/w PSTN and BroadCloud destinations. The via URI match is done based on port • Outgoing calls routed via DPG and Server-groups IP PSTN Unified CM 5060 115
116.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Local Gateway 2b. Local Gateway call routing to and from IP PBX dial-peer voice 301 voip description Outgoing dial-peer to CUCM for inbound from Bcloud destination-pattern BAD.BAD session server-group 301 voice class dpg 300 dial-peer 301 preference 1 voice class server-group 301 ipv4 <cucm-node-1> port 5065 ipv4 <cucm-node-2> port 5065 ipv4 <cucm-node-3> port 5065 ipv4 <cucm-node-4> port 5065 ipv4 <cucm-node-5> port 5065 IP PSTN Unified CM voice class uri 200 sip pattern dtg=hussain2572.lgu ! pattern uniquely identifies a Local gateway site ! within an Enterprise, Trunk Group OTG/DTG from ! Control Hub dial-peer voice 200 voip description Incoming dial-peer from BroadCloud incoming uri request 200 destination dpg 300 5065 Received: INVITE sip:+16785551234@198.18.1.226:5061;transp ort=tls;dtg=hussain2572_lgu SIP/2.0 Via: SIP/2.0/TLS 199.59.70.30:8934;branch=z9hG4bK2hokad30 fg14d0358060.1 116
117.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS voice class uri 302 sip pattern <cucm-nodes-ip-address and port-regex-for-pstn> ex: pattern 10.1.2..*:5060 matches 10.1.2.X:5060 range dial-peer voice 101 voip description Outgoing dial-peer to PSTN destination-pattern BAD.BAD session target ipv4:<pstn ip address> voice class dpg 100 dial-peer 101 preference 1 Local Gateway 2b. Local Gateway call routing to and from IP PBX dial-peer voice 302 voip description Incoming dial-peer from CUCM for IP PSTN incoming uri via 302 destination dpg 100 IP PSTN Unified CM 5060 BRKCOL-2125 117
118.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Local Gateway 2b. Local Gateway call routing to and from IP PBX voice class uri 300 sip pattern <cucm-nodes-ip-address and port-regex-for-bcloud> ex: pattern 10.1.2..*:5065 matches 10.1.2.X:5065 range dial-peer voice 300 voip description Incoming dial-peer from CUCM for BCloud incoming uri via 300 destination dpg 200 IP PSTN Unified CM dial-peer voice 201 voip description Outgoing dial-peer to BroadCloud destination-pattern BAD.BAD session-target sip-server voice class dpg 200 dial-peer 201 preference 1 5065 BRKCOL-2125 118
119.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS voice class uri 302 sip pattern <cucm-nodes-ip-address and port-regex-for-pstn> ex: pattern 10.1.2..*:5060 matches 10.1.2.X:5060 range voice class uri 100 sip host <pstn ip address> dial-peer voice 100 voip description Incoming dial-peer from PSTN incoming uri via 100 destination dpg 302 voice class dpg 100 dial-peer 101 preference 1 dial-peer voice 101 voip description Outgoing dial-peer to PSTN destination-pattern BAD.BAD session target ipv4:<pstn ip address> Local Gateway 2b. Local Gateway call routing to and from IP PBX dial-peer voice 302 voip description Incoming dial-peer from CUCM for pstn incoming uri via 302 destination dpg 100 dial-peer voice 301 voip description Outgoing dial-peer to CUCM for inbound from BroadCloud destination-pattern BAD.BAD session server-group 301 dial-peer voice 305 voip description Outgoing dial-peer to CUCM for inbound from PSTN destination-pattern BAD.BAD session server-group 305 voice class dpg 300 dial-peer 301 preference 1 voice class server-group 301 ipv4 <cucm-node-1> port 5065 ipv4 <cucm-node-5> port 5065 voice class dpg 302 dial-peer 305 preference 1 … voice class server-group 305 ipv4 <cucm-node-1> ipv4 <cucm-node-5> voice class uri 300 sip pattern <cucm-nodes-ip-address and port-regex-for-bcloud> ex: pattern 10.1.2..*:5065 matches 10.1.2.X:5065 range dial-peer voice 300 voip description Incoming dial-peer from CUCM for bcloud incoming uri via 300 destination dpg 200 • Incoming calls matched based on via URI. • Calls inbound from CUCM over 2 trunks to distinguish b/w PSTN/BroadCloud. The via URI match is done based on port • Outgoing calls routed via DPG and Server- groups IP PSTN Unified CM voice class uri 200 sip pattern dtg=hussain2572.lgu ! pattern uniquely identifies a Local gateway site within an ! Enterprise, Trunk Group OTG/DTG from Control Hub dial-peer voice 200 voip description Incoming dial-peer from BroadCloud incoming uri request 200 destination dpg 300 voice class dpg 200 dial-peer 201 preference 1 dial-peer voice 201 voip description Outgoing dial-peer to BroadCloud destination-pattern BAD.BAD session-target sip-server 5065 5060
120.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Terminology – Summary (Reference) • Broadworks - Cloud PBX and UC application software from Broadsoft. Purchased, branded, and deployed by SPs primarily • Spark Call – Was also rebranded to Webex Calling about 2 years ago • BroadCloud – Broadworks hosted in Broadsoft DCs (now Cisco data centers). Rebranded to Cisco Webex as the Platform • BroadCloud Calling – Cloud calling service sold by SP channel along with PSTN service from the SP. Now known as Webex Calling (SP Channel) • Webex Calling powered by BroadCloud requires a Local gateway for PSTN. Now known as Webex Calling (VAR Channel) • Local Gateway (LGW) – Can be a CUBE or Voice GW (PRI-IP) 120 BRKCOL-2125
121.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Key Takeaways & Roadmap (subject to change) • Newer platforms support such as ISR1100 (July 2019), ISR4461, ASR RP3 • Fax detect on IOS-XE, Opus, Programmability (CUBE Yang model), mTLS • Enterprise SBC (Cisco Unified Border Element – CUBE, Local Gateway - LGW) are essential components of on-prem and Cloud-based Collaboration deployments • Over 37,000 Enterprise customers all over the Globe • Proven interoperability with 3rd party PBX vendors and different service providers around the world (more than 165 countries) • Email ASK-CUBE@EXTERNAL.CISCO.COM with your Box.com account id (email) for access to the Box.com links below. Free Box.com account is fine as well • Complete feature Presentations, Lab Guide, Hands-on Lab access & Application Notes https://cisco.box.com/CUBE-Enterprise https://cisco.box.com/WebexCalling 121
122.
Complete your online session evaluation •
Please complete your session survey after each session. Your feedback is very important. • Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live water bottle. • All surveys can be taken in the Cisco Live Mobile App or by logging in to the Session Catalog on ciscolive.cisco.com/us. Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com. © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public #CLUS BRKCOL-2125 122
123.
© 2019 Cisco
and/or its affiliates. All rights reserved. Cisco Public #CLUS Continue your education 123 BRKCOL-2125 Related sessions Walk-in labs Demos in the Cisco campus Meet the engineer 1:1 meetings
124.
Thank you #CLUS
125.
#CLUS
Download now