SAF Service Advertisement Framework Jiří Rott SE Enterprise Finance jirott@cisco.com Sponsor Sponsor Sponsor Sponsor Logo Logo Logo Logo CIscoEXPO 1
Agenda 1. Introduction 2. SAF and CCD 3. SAF Components 4. SAF Forwarder 5. SAF with CME 6. CUCM SAF Client 7. Summary 2
SAF and Unified Communications Problem Statements Call control Services Presence Services Policy Services Unified Communications requires a large number of devices, services and applications Need to reduce complexity Need to simplify provisioning to accelerate absorption Gateway Services VM / UM Services Collaboration Services Need to simplify operations and reduce TCO Routing between call agents relies mainly on static configuration Location Services Conferencing Services Media Services Complexity, Operational Cost, Availability The Network 3
SAF and CCD (Call Control Discovery) 4
SAF and Unified Communications Limitations of Current UC Routing Approaches Configuration complexity, Speed of deployment High operational cost, TCO Availability, Business Continuity IP Network IP Network GK GK 5
SAF and Unified Communications The Call Control Discovery (CCD) Service Advertise Consume Service Type: Unified Communications Sub-service: Call Control Discovery SAF-enabled IP Network No full-mesh configurations Configuration for a set of DNs is only done on one cluster Call agents advertise Hosted DN ranges to the SAF network s subscribe to the Hosted DN service from the SAF network and dynamically learn other routes Dynamic failure detection is performed for both UCM clusters and the SAF network 6
Call Control Discovery Advertising DN Ranges Service Advertisement IP address: 10.1.1.1 Protocol: SIP DN Patterns: 8408XXXX [+1408555 /4], 8415XXXX [+1415777 /4], 8949XXXX [+1949222 /4] New York CME Routing Table DN Pattern to DID rule IP address Protocol 8408XXXX +1408555 /4 10.1.1.1 SIP 8415XXXX +1415777 /4 10.1.1.1 SIP 8949XXXX +1949222 /4 10.1.1.1 SIP 8408XXXX PSTN 8212XXXX San Jose 10.1.1.1 10.2.2.2 New York 8415XXXX 8949XXXX SAF-enabled IP Network San Francisco Irvine 7
Call Control Discovery Learning DN Ranges San Jose CUCM Routing Table DN Pattern to DID rule IP address Protocol 8212XXXX +1212444 /4 10.2.2.2 SIP Service Advertisement IP address: 10.1.1.1 Protocol: SIP DN Patterns: 8212XXXX [+1212444 /4] 8408XXXX PSTN 8212XXXX San Jose 10.1.1.1 10.2.2.2 New York 8415XXXX 8949XXXX SAF-enabled IP Network San Francisco Irvine 8
Call Control Discovery Dynamic Routing San Jose CUCM Routing Table DN Pattern to DID rule IP address Protocol 8212XXXX +1212444 /4 10.2.2.2 SIP 8442XXXX +442077111 /4 10.3.3.3 H.323 New York CME Routing Table DN Pattern to DID rule IP address Protocol 8408XXXX +1408555 /4 10.1.1.1 SIP 8415XXXX +1415777 /4 10.1.1.1 SIP 8949XXXX +1949222 /4 10.1.1.1 SIP 8442XXXX +442077111 /4 10.3.3.3 H.323 8408XXXX PSTN 8212XXXX San Jose 10.1.1.1 10.2.2.2 New York 8415XXXX 8949XXXX SAF-enabled IP Network 8442XXXX San Francisco Irvine Call 84421000 10.3.3.3 London 9
Call Control Discovery Automatic PSTN Failover San Jose CUCM Routing Table DN Pattern to DID rule IP address Protocol 8212XXXX +1212444 /4 10.2.2.2 SIP 8442XXXX +442077111 /4 10.3.3.3 H.323 New York CME Routing Table DN Pattern to DID rule IP address Protocol 8408XXXX +1408555 /4 10.1.1.1 SIP 8415XXXX +1415777 /4 10.1.1.1 SIP 8949XXXX +1949222 /4 10.1.1.1 SIP 8442XXXX +442077111 /4 10.3.3.3 H.323 8408XXXX Translate to +4420771111000 PSTN 8212XXXX San Jose 10.1.1.1 10.2.2.2 New York 8415XXXX 8949XXXX SAF-enabled IP Network 8442XXXX San Francisco Irvine Call 84421000 10.3.3.3 London 10
Call Control Discovery Automatic Rerouting for SRST SRST subscribes to CCD service but does not publish any patterns During WAN failures, SRST uses learned patterns to transparently re-route calls over the PSTN New York SRST Routing Table DN Pattern 8408XXXX 8415XXXX 8949XXXX to DID rule 4:+1408555 4:+1415777 4:+1949222 IP address 10.1.1.1 10.1.1.1 10.1.1.1 Protocol SIP SIP SIP 8408XXXX PSTN 8212XXXX San Jose 10.1.1.1 10.2.2.2 New York 8415XXXX 8949XXXX SAF-enabled IP Network Call 89491000 San Francisco Irvine 11
Call Control Discovery Legacy IP PBX Integration San Jose CUCM Routing Table DN Pattern to DID rule IP address Protocol 8442XXXX +442077111 /4 10.3.3.3 H.323 8312XXXX +1312888 /4 10.4.4.4 SIP 8408XXXX 10.1.1.1 San Jose Chicago CUBE Routing Table DN Pattern to DID rule IP address Protocol 8312XXXX +1312888 /4 10.4.4.8 SIP 8408XXXX +1408555 /4 10.1.1.1 SIP 8415XXXX +1415777 /4 10.1.1.1 SIP 8949XXXX +1949222 /4 10.1.1.1 SIP 8442XXXX +442077111 /4 10.3.3.3 H.323 PSTN 10.4.4.4 Chicago H. 3 2 3 SI P static route Legacy IP PBX 10.4.4.8 8312XXXX 8415XXXX 8949XXXX SAF-enabled IP Network Call 84156789 8442XXXX San Francisco Irvine 10.3.3.3 London 12
CCD Advertising Service Advertises pre-configured Hosted DN ranges, PSTN failover rules, and trunk info to the SAF network Advertises the same set of hosted DN ranges for each trunk Upon change(s), CCD Advertising Service will send a new advertisement to the SAF network CUCM Specific Specify up to two trunks, one SIP and/or one H323 Runs on the same nodes as SAF/CCD trunks 13
CCD Requesting Service Only one configuration per cluster Responsible for learning hosted DN routes from the SAF network Stores learned route info locally and registers it with CUCM Digit Analysis Performs load balancing for calls to learned routes If a call can t go through via the IP network, CCD Requesting Service will route the call via the PSTN Allows the administrator to block certain routes based on Learned Pattern Prefix, Learned Pattern, Remote Call Control Identity, and Remote IP 14
Call Control Discovery Business Benefits 1.Reduce deployment time, realize quicker ROI Dial plan configuration complexity reduced from N² to N Allows optimal dial plan to be implemented quickly (i.e., on-net numbering plan with automatic PSTN failover) 2.Reduce ongoing operational costs Complexity of adding/removing/changing a site drastically reduced No need to purchase, maintain and configure dedicated gatekeepers Reduced reliance on static back-up configuration 3.Improve business continuity Increased availability even during partial network failure thanks to dynamic awareness Implementable and maintainable mechanism for automatic PSTN rerouting Fast rerouting during failures 15
SAF Components SAF Forwarders and SAF Clients 16
SAF Components SAF Forwarder The part of the SAF-enabled network that shares call routing data among SAF clients Responsible for maintaining a call routing database Call routing information shared among all known neighbors SAF Clients Two types of SAF Clients: Internal and External Runs CCD services Devices that act as SAF Forwarders and advertise and receive call routing data into the SAF network are known as internal clients Devices that advertise and receive route data from a SAFenabled network are known as external clients 17
The SAF Client-Network Interface SAF Client Types SAF clients perform three functions: Register to the network Publish services Subscribe to services External Clients (Cisco Unified CM) Internal IOS Clients (CUCME, SRST, CUBE...) Internal API External clients communicate to a SAF forwarder via the SAF Client Protocol (SAF-CP) Internal Cisco IOS clients communicate to a co-located SAF forwarder via internal API SAF-CP SAF-FP SAF Network SAF-FP 18
The SAF Client-Network Interface The SAF Client Protocol (SAF-CP) Simple TCP-based binary TLV protocol based on STUN (RFC-3489) Assumes client knows IP address of the SAF forwarder Security: digest authentication based on shared secret (user+pwd) Client can publish and subscribe to multiple services Forwarder notifies client of services matching subscriptions Forwarder sends updates only when there are service changes Client sends periodic Register as a keepalive 19
The SAF Client-Network Interface Connecting External Clients to a Forwarder SAF-CP... router eigrp SAF-fwdr service-family ipv4 autonomous-system 1 topology-base external-client CUCM_NY external-client CUCM_NY basename username safuser password safpassword123 keepalive 3599999 Configure credentials for client authentication Multiple clients can share same credentials with basename keyword (e.g., nodes of the same Unified CM cluster) Up to 50 clients can connect to the same forwarder in the current release 20
SAF Forwarder 21
The SAF Network The SAF Forwarder Protocol (SAF-FP) Non-SAF Cloud First implementation of Service Routing Leverages EIGRP reliable transport (IP protocol 88) Uses DUAL algorithm to prevent loops Works on top of any IP routing protocol (OSPF, BGP, static,...) No periodic broadcasts Incremental updates only when changes occur e.g., Service publication, Service withdrawal, Service update, Connectivity loss, New forwarder comes online Supports IPv4 and IPv6* (no IPv6 clients yet) 22
The SAF Network Forwarder Configuration L2- Adjacent fwdr1 Eth0/0 Eth0/1 fwdr2 interface Ethernet0/0 ip address 1.1.1.1 255.255.255.0 router eigrp SAF-fwdr service-family ipv4 autonomous-system 1 topology-base interface Ethernet0/1 ip address 1.1.1.2 255.255.255.0 router eigrp SAF-fwdr service-family ipv4 autonomous-system 1 topology-base Non- Adjacent fwdr3 Loop0 Dark Net fwdr4 Loop1 interface Loopback0 ip address 3.3.3.1 255.255.255.0 router eigrp SAF-fwdr service-family ipv4 autonomous-system 1 neighbor 4.4.4.1 loopback0 remote 16 topology-base interface Loopback1 ip address 4.4.4.1 255.255.255.0 router eigrp SAF-fwdr service-family ipv4 autonomous-system 1 neighbor 3.3.3.1 loopback1 remote 16 topology-base 23
The SAF Network How Advertisements Propagate When a SAF forwarder receives an advertisement: 1) It stores it in memory 2) It sends it out through all the other SAF-enabled interfaces fwdr1 fwdr2 fwdr3 EIGRP-style metrics and the DUAL algorithm are used to avoid loops and to provide fast convergence fwdr1 fwdr3 fwdr2 fwdr4 fwdr5 24
The SAF Network??? Hub-and-spoke forwarder topology Forwarder 1 sends an advertisement to the HQ forwarder Q: Will the HQ forwarder propagate it to Forwarder 2 and Forwarder 3? router eigrp SAF-fwdr service-family ipv4 auton 1 sf-interface loopback0 no split-horizon topology-base neighbor...... Loop0 Dark Net HQ Fwdr A: Only if split horizon is disabled on the interface! Loop1 Fwdr1 Loop1 Fwdr2 Loop1 Fwdr3 25
The SAF Network SAF Forwarder Platform and Release Support ISR, ISR G2, 7200 Series IOS 15.0(1)M 7600 Series IOS Software Release 12.2(33)SRE ASR 1000 Series IOS 12.2XE 2.5.0 (RLS5) Catalyst 6500 Series Planned for 12.2(33)SXI4 Catalyst 4500 Series Planned Catalyst 3000 Series Under Consideration Nexus 7000 Series Under Consideration 26
SAF with CME Configuration and Troubleshooting 27
Call Control Discovery (CCD) Unified CME, SRST, CUBE, Gateway Support Details Starting with Cisco IOS 15.0(1)M, Unified CME, CUBE and IOS Gateways can advertise CCD service, or request, or both Unified CME Unified CME CUBE Unified CME Listen-only mode for SRST Transparent PSTN failover when destination is unreachable SAF Network Scalability: Up to 125 advertised DN patterns per CME/CUBE Up to 6,000 learned DN patterns per CME/CUBE/SRST (platform-dependant) Unified CME CUBE Unified CME Unified CME 28
Call Control Discovery (CCD) Unified CME or CUBE Configuration Example router eigrp SAF-fwdr service-family ipv4 autonomous-system 1 sf-interface Ethernet0/0 topology base voice service saf profile trunk-route 1 session protocol int Eth0/0 sip transport tcp port 5060 profile dn-block 1 pattern 1 extension 5xxx pattern 2 global 1408555xxx profile dn-block 2 alias 14085258 strip 4 pattern 3 extension 8123xxx profile callcontrol 2 dn-service dn-block 1 dn-block 2 trunk-route 1 site-code 8333 exit dn-service exit-profile channel 1 vrouter SAF-fwdr asystem 1 publish callcontrol 2 subscribe callcontrol wildcarded dial-peer voice 100 voip destination-pattern.t session target saf Co-resident SAF Forwarder Trunk route: signaling IP address, port, protocol DN blocks: patterns to be advertised and to DID transformation rules CCD instance: integrates DN blocks and trunk route SAF client: publish and/or subscribe to services Enable call agent to look up routes learned through SAF 29
Configure Voice SAF Client router eigrp VOICE_SERVICE! service-family ipv4 autonomous-system 200 sf-interface GigabitEthernet0/1! topology base exit-sf-topology exit-service-family router#sh voice saf client Voice SAF Client Information ======================================== Client Name - VOICE_SAF PID - 280 CHANNEL REGISTRATION STATISTICS ---------------------------------------- Success = 2 Errors = 0 Unregistrations = 1 PUBLICATION STATISTICS ----------------------------------------- Success = 2 Errors = 0 Withdrawals = 0 30
Configure Voice SAF Channel channel 1 vrouter VOICE_SERVICE asystem 200 subscribe callcontrol wildcarded publish callcontrol 1 router#sh voice saf channel 1 detail Channel ID : 1 AS : 200 Vrouter Name : VOICE_SERVICE Admin State : UP Oper State : UP No. of Published instances Call Control : 1 No. of notified instances Call Control : 2 31
Troubleshoot Guidelines: 1.Ensure EIGRP SAF neighbors are formed on CME subscriber, CME publisher and other call control entity like CUCM. 2.Ensure voice SAF client is in success mode. 3.Ensure voice SAF channel is in UP state. 4.Ensure the instances are published in the CME publisher or CUCM. 5.DN patterns with associated pstn alias number are not removed from voice saf database if aar timer does not expire. 6.The primary trunk route is changed to DOWN state when either CME sub, CME pub and CUCM initiates the client or network service withdraw. 7.Check voice SAF dialpeer is used for voice call routing using <sh voice call status> or <sh call active voice compact>. 32
CUCM SAF Client 33
IOS Configuration for SAF Forwarder This example shows a two-client, one SAF forwarder config Using the keyword basename in the external-client config allows multiple nodes from same cluster to register using same client label router eigrp SAFTEST! service-family ipv4 autonomous-system 1! sf-interface <default if-name> topology base external-client safclient1 external-client safclient2 exit-sf-topology exit-service-family service-family external-client listen ipv4 5050 external-client safclient1 basename username safuser password safpassword keepalive 200000! external-client safclient2 basename username safuser password safpassword keepalive 200000 34
CUCM SAF Configuration Steps 1. Configure SAF Security Profile 2. Configure SAF Forwarder 35
Sample CUCM SAF Configuration CUCM SAF Client IOS SAF Forwarder! external-client safclient1 username safuser password safpassword keepalive 100000! For Cluster-over-Wan, use the Advanced options to ensure each node in the cluster has a SAF Forwarder 36
Call Control Discovery Configuration SAF Trunk (SIP and/or H323 ICT) Hosted DN Group Hosted DN Patterns CCD Partition CCD Advertising Service CCD Requesting Service 37
SAF Trunk Configuration H.323 ICT 38
SAF Trunk Configuration - SIP 39
Hosted DN Group/Pattern Configuration Groups hold collections of patterns for advertising 40
CCD Advertising Service Configuration Each Hosted DN Group can associate with only one CCD Advertising Service SAF Trunks can be re-used by different CCD Advertising Services and CCD Requesting Services A SAF trunk s Unified CM group will determine where (CUCM node) this service is running 41
Adding CCD Route Partition CCD Route Partition is the partition where the CCD Requesting Service will deposit learned routes Not required, but recommended Need to add CCD Partition to a CSS to ensure phones can reach the learned routes 42
CCD Requesting Service Configuration 43
CUCM Configuration Tips If you do not assign a trunk when you configure the CCD requesting service, UCM will not subscribe to the hosted DN service from SAF network Each hosted DN pattern should be unique SAF Trunks can not be placed into Route Groups SAF can not be used on SIP trunks that use authenticated or encrypted security profiles All UCM clusters are limited to advertised or learned routes within the same autonomous system (AS) 44
Summary SAF dynamically shares call routing data between UC components SAF eliminates complex, full-mesh, and hub-and-spoke topologies SAF reduces administrative overhead needed to manage complex dial plans, lowering TCO In the future, SAF could be used to share more than call routing data 45
For More Information Solution Reference Network Design Cisco Unified Communications Solution Reference Network Design (SRND) for Cisco Unified Communications Manager release 8.x, available online at: www.cisco.com/go/srnd Cisco IOS SAF Configuration guide on Cisco.com: www.cisco.com/en/us/docs/ios/saf/configuration/guide/saf_cg.pdf 46
Q&A? 47
48