Wednesday, May 29, 2019

Marrying Cloud Video with On-Premises Calling 1/2

Cisco's current line of Video endpoints (Room Kit, Room Kit Plus, SX, DX, MX, and WebEx Board) can be registered to the WebEx Calling Cloud for signaling and SIP URI dialing. This allows a video endpoint to call another endpoint or call into a WebEx meeting using a URI.

(An URI looks like an email address. For example, I might set up a URI as dx80@joshualearn.com for folks to reach me on a Cisco DX-80. The URIs on WebEx are actually a bit longer. One might look more like dx80@joshualearn.rooms.webex.com on WebEx. Most of the time folks don't type out the URIs so that's not usually a concern.)

So what happens when you want to dial a PSTN telephone number?  How do we associate a PSTN telephone number to a video device?  Previously, the only option was to turn up a SIP trunk with a telco provider within the WebEx Control Hub.  Then one would order new DIDs, assign a DID, and assign an internal number to a video endpoint.   That process involves starting a service contract with a telco provider that has an established relationship with Cisco WebEx. Cisco has termed this type of company as a "Cisco Preferred Media Provider".

While that is still an option, some folks have asked how they can bring their own PSTN by integrating with their existing on-premises Cisco Collaboration investment.  Before there was not an option.  Now those folks are in luck.  Utilizing what's known as Cisco WebEx Hybrid Call Service the Cloud Video environment can be married to On-Premises Calling environment.

What's involved to make that work? I'll write a follow-up post with more detail.  In the meantime, here is a high-level list of what's under the hood.
  • Cisco WebEx Cloud registered video endpoints
  • Cisco Unified Communications Manager solution on-premises
  • On-premises PSTN connectivity via a Cisco Gateway or CUBE
  • Cisco Expressways
    • Cisco Expressway-C Services Host
    • Cisco Expressway-C Traversal Host
    • Cisco Expressway-E Traversal Host (with 2 NICs)
  • Firewalls
    • 2 firewalls are recommended, however, I have also seen it designed with 1.
    • Firewall policies
    • NAT
  • DNS
    • A records
    • SRV records
  • Certificates
    • Internal certificates are allowable however the WebEx Control Hub needs to trust the issuing CA chain.

Part 2 of this blog series will include more of the technical "how-to" information.

If you have tried this already, have thoughts about trying this, or just like to leave comments, please leave one below.

Sunday, April 14, 2019

SIP Bindings on CME with an authenticatied SIP Trunk

Let's say there is a Communications Manager Express and a PSTN SIP trunk to the telco that requires authentication.  How does CME bind SIP messaging to the telco from a Northbound interface (E.G. GigibitEthernet 0/0/0) while binding it's local SIP traffic to a loopback address?

I'll start with the second part of that.  If I want all SIP traffic bound to an interface I bind it globally under the "voice service voip" portion of the configuration.  The section below shows how one might bind SIP traffic to a loopback interface.

!
voice service voip
 allow-connections sip to sip
 sip
  bind control source-interface Loopback0
  bind media source-interface Loopback0

!

The example above works well for local SIP traffic that should be bound to the loopback address.  However, the registration to the Telco Provider would likely fail assuming that they are expecting the IP address of the Northbound interface of the CUBE.  (e.g. GigabitEthernet 0/0/0).

It's seems to me that the tenant feature in CUBE is helpful for sourcing the registration message to the telco from an interface and in fact overrides the global SIP binding.  Here is an example of what a tenant configuration might look like with the traffic bound to Gi0/0/0.

!        
voice class tenant 1
  registrar 1 dns:example.telcosbc.com expires 3600
  credentials username 5551212 password 0 5551212 realm example.telcosbc.com
  timers buffer-invite 5000
  bind control source-interface GigabitEthernet0/0/0
  no pass-thru content custom-sdp
  no outbound-proxy
!


The example above calls out the interface to bind the registration messages,  the registrar destination, the credentials and the realm.  In order for this work in production I had to duplicate the registrar configuration and add an authentication statement (that matched the credentials in the tenant) under the sip-ua section.  The following is an example of what that sip-ua section might look like.

!
sip-ua
 authentication
username 5551212 password 0 5551212 realm example.telcosbc.com retry invite 2
 retry bye 2
 retry cancel 2

 registrar 1 dns:example.telcosbc.com expires 3600
!

After entering that configuration we typically find that the "show sip register status" returns back a yes for the username.  In this case it would look something like.

cme-cube.example.com#show sip register status
--------------------- Registrar-Index  1 ---------------------

Line                             peer       expires(sec) reg survival P-Associ-URI
================================ ========== ============ === ======== ============
5551212                         -1         1663         yes normal


For whatever reason we have run into scenarios where we had to reboot the CME-CUBE before we received back a response from the telco SBC.

I won't go into the dial-peers in detail in this blog.  However, we did also have dial-peers with bindings on them.  Inbound and outbound calls use the bindings on the dial-peers as apposed to the global SIP binding or the tenant SIP binding.

(The following configuration example was from a Cisco ISR 4300 series ISR running Cisco IOS XE Software, Version 16.05.02)


Has anyone else tried this method or another method to bind the traffic to the telco SIP SBC from a specific interface?


Thursday, March 21, 2019

B-channel selection for PRIs in a trunk group.

Why doesn't the ISDN B-channel selection configuration work on my Cisco Voice Gateway?

I had the PRIs in a trunk group and had the IOS configuration setup to perform channel selection on the serial interfaces corresponding with our PRIs.  However, the PRIs ignored the channel selection commands.  How strange, I would have thought that the serial interface would be the most specific configuration option to define the hunting scheme.  Well wouldn't you know, all of the hunt scheme magic is performed at the trunk group level.  (I didn't know)  The commands bellow illustrate how to configure the PRIs to hunt in a descending order which is typically my preference as carriers usually hunt in an ascending order. 

router(config-trunk-group)#trunk group PRI
router(config-trunk-group)#hunt-scheme ?
  sequential    The interface with highest preference is selected

router(config-trunk-group)#hunt-scheme sequential ?
  both  Select from all available timeslots

router(config-trunk-group)#hunt-scheme sequential both ?
  down  Timeslots are selected in the descending order 

router(config-trunk-group)#hunt-scheme sequential both down





Monday, February 11, 2019

Why can't I enter any voice commands?

So you RMA'd your Cisco 4300 or 4400 ISR Voice Gateway and now it won't take any voice commands.  Here's how to get the voice licensing back on the replacement VG so you can load up your voice config and get back in production.

Update the boot licensing level to uck9 and reboot.
 license boot level uck9

Accept the EULA for SRST 
 license accept end user agreement

Update the srst license to right to use licensing.
 license right-to-use move cme-srst

Update the uck9 license to right to use licensing.
 license right-to-use move uck9

That's it.  Now you can apply you existing configuration back to the RMA replacement voice gateway and get it back in business.

Marrying Cloud Video with On-Premises Calling 1/2

Cisco's current line of Video endpoints (Room Kit, Room Kit Plus, SX, DX, MX, and WebEx Board) can be registered to the WebEx Calling Cl...