LTRUCC-2150 Cisco Unified CM SIP Trunking, Session Management, and Global Dial Plan Replication Paul Giralt - @PaulGiralt Markus Schneider - @Markus73
Agenda Objectives Technology Overview Unified CM Session Management Edition URI Dialing Intercluster Lookup Service (ILS) Global Dial Plan Replication (GDPR) Collaboration Edge Cisco Unified Border Element (CUBE) Expressway Business to Business (B2B) Video Collaboration Mobile & Remote Access (MRA) Lab Overview Topology Configuration Steps
Objectives Configure the Intercluster Lookup Service (ILS) and Global Dial Plan Replication (GDPR) features in Cisco Unified Communications Manager (Unified CM) to distribute dynamic dial plan information within an enterprise network. Configure Cisco Unified Border Element (CUBE) for SIP-based IP PSTN connectivity Configure Unified CM Session Management Edition (SME) to inter-cluster and off-net calling Configure Expressway for Mobile & Remote Access (MRA) LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Overview: Unified Communications Manager Session Management (SME)
Session Management: Why? Core Management Centralized Dial Plan Management Centralized Reporting Multi-Protocol Interworking (SIP, Q.SIG. H.323, MGCP,...) Core Tandem Routing Central Policy Enforcement Interconnect Communications Platforms Communications Manager Legacy PBX Systems (both IP and TDM-based) Application Integration Voicemail Conferencing Recording Mobility Centralized Trunking SIP Trunking TDM Inter-Company (Expressway) Mobile & Remote Access (MRA) A LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Unified CM SME, Summary Inside the Enterprise Transit deployment type of Unified Communications Manager B2BUA à Stateful, Mid-Call Features Broad protocol support Q.Sig, Q.931 (MGCP GW) SIP Trunk and ICT H.323 H.323 Annex M1 Q.Sig over SIP Many validated PBX integrations Applications Unity Connection Fax Server SIP and H.323 based video conferencing WebEx Expressway / MRA Unified CM features: RSVP Pre-Conditions ILS / GDPR A A LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Unified CM SME, Summary Powerful script-based Normalization and Transparency features Transparently pass through unknown SIP headers Modify any SIP header or contents of SDP body Scripts written in LUA Highly Scalable Beyond 150 cps with geographically distributed SME cluster Geographic Redundancy Up to 500 milliseconds of delay between SME cluster nodes A A LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Overview: ILS and GDPR
URIs and User Addressing Challenges in using URIs URIs cannot be summarized in the same way that Directory Number ranges can be summarized URIs are fully qualified and cannot be summarized within an Enterprise network (e.g. bob@cisco.com, jim@cisco.com), therefore, a dynamic mechanism must be used to discover URIs Unified CM 9.0 uses the Inter-cluster Lookup Service (ILS) as a dynamic URI discovery mechanism Unified CM 10.0 adds capabilities to ILS to advertise User Numbers and/or URIs Global Dial Plan Replication (GDPR) LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Inter-cluster Lookup Service (ILS) URI Replication ILS runs as a Unified CM service and distributes locally registered URIs to other clusters Cluster to cluster ILS connections can be hub and spoke, full mesh, or a combination URIs are associated with a cluster route string e.g. london.uk.eu URIs and their route string are stored locally. Replication is incremental. diane@cisco.com San Jose diane@cisco.com chris@cisco.com bob@cisco.com anne@cisco.com New York London helen@cisco.com greg@cisco.com fran@cisco.com eric@cisco.com helen@cisco.com chris@cisco.com bob@cisco.com San Jose San Jose diane@cisco.com chris@cisco.com bob@cisco.com anne@cisco.com New York lucy@cisco.com kevin@cisco.com jane@cisco.com ian@cisco.com London helen@cisco.com greg@cisco.com fran@cisco.com eric@cisco.com London greg@cisco.com fran@cisco.com anne@cisco.com New York lucy@cisco.com kevin@cisco.com jane@cisco.com ian@cisco.com eric@cisco.com LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Inter-cluster Lookup Service (ILS) Operation When a user dials a URI Unified CM checks to see if it is registered locally If not, Unified CM looks for the URI in it s ILS store a match returns the route string for the destination cluster associated with the dialed URI e.g. london.uk.eu This route string is used to match a SIP route pattern to onward route the call Diane calls helen@cisco.com San Jose Does Route String diane@cisco.com chris@cisco.com Is helen@cisco.com london.uk.eu a bob@cisco.com anne@cisco.com diane@cisco.com locally configured No Yes match an existing URI SIP Route Pattern? San Jose Can helen@cisco.com Return Yes Route String chris@cisco.com london.uk.eu be found in ILS for? URI helen@cisco.com bob@cisco.com anne@cisco.com London helen@cisco.com greg@cisco.com fran@cisco.com eric@cisco.com Route the URI call to New london.uk.eu York over the Route Pattern s SIP Trunk lucy@cisco.com kevin@cisco.com jane@cisco.com ian@cisco.com New York London helen@cisco.com greg@cisco.com fran@cisco.com eric@cisco.com INVITE sip:helen@cisco.com@10.1.1.1 New York lucy@cisco.com kevin@cisco.com jane@cisco.com ian@cisco.com London San Jose diane@cisco.com chris@cisco.com bob@cisco.com anne@cisco.com helen@cisco.com greg@cisco.com fran@cisco.com eric@cisco.com LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
ILS enhancements in Unified CM 10 adding Numbers In the Unified CM 10.0, ILS can be used for both Number and URI discovery across clusters Global Dial Plan Replication (GDPR) ILS allows for the distribution of Internal (Enterprise) Numbers, E.164 Numbers, Route Patterns and PSTN Failover numbers. PSTN Failover rules apply to both numeric and URI calls Benefits: Removes the requirement for a Route Pattern per Number range Users/numbers can be moved between clusters with few changes Numbers/URIs associated with 3 rd Party UC systems also supported LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Numeric routing with GDPR / ILS Internal numbers, E164 numbers and PSTN Failover numbers are advertised via ILS Learned numbers are imported into Digit Analysis in a configurable partition When a number is called, Unified CM performs closest match routing. If the pattern learned via ILS is the best match, look up the Route String and route based on route string. If the call fails, re-route the call via the PSTN (if configured) Diane calls +442088244567 diane@cisco.com +14089024567 bob@cisco.com San Jose diane@cisco.com Is Does ILS learned Route String pattern +14089024567 bob@cisco.com +442088244567 london.uk.eu best +14089021234 match an Yes Route the URI call to match? london.uk.eu existing SIP over Route Pattern San Jose the Route Pattern s Return SIP Route TrunkString london.uk.eu for DN +442088244567 New York London helen@cisco.com +442088244567 fran@cisco.com +4420882412345 INVITE sip:+442088244567@10.1.1.1 London helen@cisco.com +442088244567 fran@cisco.com +14089021234 London helen@cisco.com +442088244567 fran@cisco.com +4420882412345 New York lucy@cisco.com +12125541234 jane@cisco.com +12125541235 New York lucy@cisco.com +12125541234 jane@cisco.com +12125541235 San Jose diane@cisco.com +14089024567 bob@cisco.com +14089021234 +442088241234 LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Managing Route String Routing with ILS Route String based Routing in a non-hierarchical network Each route string represents a remote Unified CM cluster and its associated URIs in all branch sites One SIP URI-based Route Pattern and one SIP Trunk is needed to reach each remote cluster Number of trunks and patterns needed scales exponentially as you add clusters San Jose New York London Frankfurt Seoul Singapore LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Hierarchical Routing & Route String Summarization For URI calls - Each cluster does an ILS look up and makes a local routing decision to its next hop based on the returned ILS route string e.g. helen@cisco.com à london.uk.eu à SIP Trunk A Route string summarization allowed e.g. London.UK.EU à SIP Trunk A or *.*.EU à SIP Trunk A Routes to: *.*.EU *.*.ASIA San Jose.CA.US New York.NY.US Global Backbone Routes to: *.*.US *.*.EU Seoul.ASIA Singapore.ASIA US SME EU SME Asia SME San Jose New York London Frankfurt Seoul Singapore Route *.*.* to US SME LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Combining SME and GDPR PSTN +315557XXX 81111XXX ILS *88881XXXX Leaf Clusters Advertise local numbers/patterns to other clusters CUBE Advertize global (+E.164) Patterns Also advertise Enterprise Numbering Plan SME advertises prefixes of applications SME advertizes prefixes of attached 3 rd Party PBX or other Integrations A A A A Can also advertise an imported URI catalog +4969123XXX +4480123XXX +3360346XXX +3255678XXX 82229XXX 83334XXX 84443XXX 85552XXX LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Reference: Unified CM Routing Rules Is LHS Numeric? NO Does whole URI match a URI in the CSS and URI table? NO Does whole URI match one in ILS? NO Does RHS match a SIP Route Pattern? NO Block Call YES YES YES Offer Call Route using SIP route patterns based on route string for ILS entry NO MATCH YES Route based on RHS Is RHS the IP address or hostname of a cluster member? NO Does RHS match Cluster Fully Qualified DN (CFQDN)? NO Does RHS match Organization Top Level Domain (OTLD)? NO Does RHS match a SIP Route Pattern? Route or Block YES YES YES Analyze LHS Does LHS find a match? NO YES Route or Block Offer Call LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Cisco Collaboration Edge
Cisco Collaboration Edge Architecture Expressway-C Expressway-E Unified CM Unified Presence Unified Border Element Internet PSTN via SIP SP Includes all edge products to support: Mobile and teleworker collaboration Business-to-business and businessto-consumer collaboration IP PSTN and PSTN connectivity Intra-enterprise connectivity for legacy telephony or 3 rd party devices Cloud connectivity LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Cisco Unified Border Element
CUBE Enabling Unified CM SIP Trunking Enterprise Demarc H.323 or SIP CUBE SIP SBC SP VoIP Security demarcation via topology hiding and SIP signaling and media inspection Troubleshooting demarcation via B2BUA, i.e. SIP session termination and re-origination Call admission control (CAC) upon entry to network Meet SP UNI requirements via SIP Normalization DTMF interworking and transcoding Share a single SIP trunk across multiple Unified CM clusters Co-resident with TDM GW, SRST GW and/or MTP for failover and additional services LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
CUBE Basic Call Flow Originating Endpoint Received: INVITE sip:2000@10.1.3.4 SIP/2.0... Incoming SIP Call to 2000 Matches Inbound Dial-peer voice service voip allow-connections sip to sip Sent: INVITE sip:2000@10.2.3.4 SIP/2.0... Outgoing SIP Call to 2000 Matches Outbound Dial-peer Terminating Endpoint 1000 dial-peer voice 1 voip dial-peer voice 2 voip 2000 destination-pattern 1000 destination-pattern 2000 session protocol sipv2 session protocol sipv2 incoming called-number 2 session target ipv4:192.168.12.25 session target ipv4:192.168.10.50 codec g711ulaw codec g711ulaw 1. Incoming SIP setup message (INVITE) received from originating endpoint CUBE 2. Match inbound VoIP dial-peer using called number and assign codec, DTMF method, etc. 3. Match outbound dial-peer using called number and assign characteristics for that call leg 4. Outgoing VoIP setup message (SIP INVITE) sent LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
CUBE Typical Dial-peer Only one destination per dial-peer Result Many dial-peers Long configurations Difficult to support and administer dial-peer voice 1 voip session protocol sipv2 session target ipv4:192.168.10.50 destination-pattern +[2-9]T incoming codec g711ulaw called-number 392. session voice-class target sip ipv4:192.168.10.50 bind control codec source-interface g711ulaw GigabitEthernet1 voice-class sip bind control media source-interface GigabitEthernet1 Only one pattern for each Inbound/Outbound dial-peer Single, static codec LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
CUBE Advanced Dial-Peers dial-peer voice 1 voip session protocol sipv2 session target ipv4:192.168.10.50 destination-pattern +[2-9]T codec g711ulaw voice-class sip bind control source-interface GigabitEthernet1 voice-class sip bind media source-interface GigabitEthernet1 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
CUBE Advanced Dial-Peers voice class server-group 10 description Service Provider IPs ipv4 192.168.10.50 ipv4 192.168.10.51 dial-peer voice 1 voip session protocol sipv2 session server-group 10 destination-pattern +[2-9]T codec g711ulaw voice-class sip bind control source-interface GigabitEthernet1 voice-class sip bind media source-interface GigabitEthernet1 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
CUBE Advanced Dial-Peers voice class server-group 10 description Service Provider IPs ipv4 192.168.10.50 ipv4 192.168.10.51 dial-peer voice 1 voip session protocol sipv2 session server-group 10 destination e164-pattern-map 2 codec g711ulaw voice-class sip bind control source-interface GigabitEthernet1 voice-class sip bind media source-interface GigabitEthernet1 voice class e164-pattern-map 2 description PSTN +E.164 patterns e164 +[2-9]T e164 +1[2-9]..[2-9] 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
CUBE Advanced Dial-Peers voice class server-group 10 description Service Provider IPs ipv4 192.168.10.50 ipv4 192.168.10.51 voice class codec 1 description Codec list codec preference 1 g711ulaw codec preference 2 g729r8 dial-peer voice 1 voip session protocol sipv2 session server-group 10 destination e164-pattern-map 2 voice-class codec 1 voice-class sip bind control source-interface GigabitEthernet1 voice-class sip bind media source-interface GigabitEthernet1 voice class e164-pattern-map 2 description PSTN +E.164 patterns e164 +[2-9]T e164 +1[2-9]..[2-9] 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
CUBE Advanced Dial-Peers voice class server-group 10 description Service Provider IPs ipv4 192.168.10.50 ipv4 192.168.10.51 voice class codec 1 description Codec list codec preference 1 g711ulaw codec preference 2 g729r8 dial-peer voice 1 voip session protocol sipv2 session server-group 10 destination e164-pattern-map 1 voice-class codec 1 voice-class sip options-keepalive profile 1 voice-class sip bind control source-interface GigabitEthernet1 voice-class sip bind media source-interface GigabitEthernet1 voice class e164-pattern-map 2 description PSTN +E.164 patterns e164 +[2-9]T e164 +1[2-9]..[2-9] voice class sip-options-keepalive 1 description SIP OPTIONS timers transport udp 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Business to Business (B2B) Video Collaboration
Business-to-Business (B2B) Video Collaboration Inside firewall (Intranet) DMZ Outside firewall (Public Internet) Internet Unified CM Cluster(s) Expressway C Expressway E Provides secure communications with partners, customers & suppliers over the Internet Secure Firewall Traversal using VCS or Expressway Utilizes DNS-based URI dialing. No predefined peer-to-peer links required. LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Expressway Firewall Traversal Basics Enterprise Network DMZ Outside Network Unified CM Expressway-C Firewall Expressway-E Firewall Internet Signaling Media 1. Expressway-E is the traversal server installed in DMZ. Expressway-C is the traversal client installed inside the enterprise network. 2. Expressway-C initiates traversal connections outbound through the firewall to specific ports on Expressway-E with secure login credentials. 3. Once the connection has been established, Expressway-C sends keep-alive packets to Expressway-E to maintain the connection 4. When Expressway-E receives an incoming call, it issues an incoming call request to Expressway-C. 5. Expressway-C then routes the call to Unified CM to reach the called user or endpoint 6. The call is established and media traverses the firewall securely over an existing traversal connection LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Mobile and Remote Access (MRA)
Mobile and Remote Access (MRA) Outside firewall (Public Internet) DMZ Inside firewall (Intranet) Internet Unified CM with ILS Expressway E Expressway C Unified CM Cluster 1 Unified CM Cluster 2 Provides VPN-less Mobile and Fixed Endpoint registration, Audio and Video Sessions, IM & Presence Available on both VCS and Expressway product lines with X8.1 s/w No Cost with Unified CM version 9.1.2 or later and Virtual Edition Expressway Server Software LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Jabber Login for MRA crobbins@ robbins@cisco.com robbins@cisco.com Outside firewall (Public Internet) DNS SRV request: _collab-edge._tls.cisco.com _cisco-uds._tcp.cisco.com Internet Establish secure TLS session Not to Found Expressway-E FOUND: expwy1.cisco.com DMZ Expressway E Public DNS Inside firewall (Intranet) Expressway C Secure Firewall Traversal Unified CM Cluster 1 Unified CM with ILS UDS query: clusteruser?username=robbins Unified CM Cluster 2 <homecluster>cucm2.cisco.com</homecluster> 5. 1. User enters password <username>@<domain> 6. 2. HTTPS Jabber requests message DNS passed SRV securely _cisco-uds._tcp.<domain>. to Expressway-C Should ONLY work internally 7. Expressway-C sends UDS query to locate the user s home server Internally will resolve to UDS servers 8. Any UDS server in ILS network can respond with user s home cluster 9. 3. User Jabber is requests authenticated DNS against SRV _collab-edge._tls.<domain>. home CUCM server Should resolve to Expressway-E 10. 4. Configuration Connect to Expressway-E, download and verify registration certificate can and now establish occur secure TLS connection LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Lab Topology
Lab Topology Single SME Unified CM Two single-node Unified CM Leaf Clusters Redundant CUBEs running on the CSR1KV platform to connect to IP PSTN An Expressway-E and Expressway-C for external client access and Business to Business calling Two Jabber Endpoints Internal and External DNS servers (preconfigured) Certificate Authority (CA) for certificate generation Service Provider SBC (not managed by you) for: PSTN calling (inbound and outbound) B2B Video Conference bridge LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Lab Tips Make sure Pod number in browser matches Tent card All Passwords: c1sco123 Click-to-Call from Browser No Typing Required Just click, then paste. Can I get a copy of the lab for printing or review? Lab is at: http://siplab.ciscolive.com reachable from Internet Print button generates a PDF of the full lab LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Lab Materials http://siplab.ciscolive.com LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Complete Your Online Session Evaluation Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Cisco Spark Ask Questions, Get Answers, Continue the Experience Use Cisco Spark to communicate with the Speaker and fellow participants after the session Download the Cisco Spark app from itunes or Google Play 1. Go to the Cisco events Mobile app 2. Find this session 3. Click the Spark button under Speakers in the session description 4. Enter the space, space name = LTRUCC-2150 5. Join the conversation The Spark Room will be open for 2 weeks after Cisco Live BRKUCC-2932 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions LTRUCC-2150 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Thank You 43