CUBE Management

Implementation & Management of
Cisco Unified Border Element

(CUBE) Enterprise
BRKUCC-2934
Hussain Ali, CCIE# 38068 (Voice)
John Vickroy
Technical Marketing Engineer
Product Manager
Agenda
SIP Trunking and CUBE Overview
SIP Trunking Design & Deployment Models
CUBE Architecture
Transitioning to SIP Trunking using CUBE
Advanced features on CUBE
CUBE Management & Troubleshooting

Futures & Key Takeaways
BRKUCC-2934
2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Why does an enterprise need an SBC ?

Enterprise 1
SIP
IP
IP
Enterprise 2
SIP
IP
CUBE
CUBE
Rich Media (Real time Voice, Video, Screenshare etc.. ) Rich Media
BRKUCC-2934
SESSION
CONTROL
SECURITY
INTERWORKING
DEMARCATION
Call Admissions
Control
Trunk Routing
Ensuring QoS
Statistics and Billing
Redundancy/
Scalability
Encryption
Authentication
Registration
SIP Protection
Voice Policy
Firewall Placement
Toll Fraud
SIP - SIP
H.323 - SIP
SIP Normalization
DTMF Interworking
Transcoding
Codec Filtering
Fault Isolation
Topology Hiding
Network Borders
L5/L7 Protocol
Demarcation
Cisco Public
Cisco Unified Border Element Router Integration

An Integrated Network Infrastructure Service
Cisco Unified Border Element
TDM Gateway
Address Hiding
PSTN Backup
H.323 and SIP interworking

DTMF interworking
SIP security
Voice Policy
Transcoding
CUBE
Note: An SBC appliance would

have only these features
IP Routing &
MPLS
WAN & LAN

Physical
Interfaces
Unified CM
Conferencing and
Transcoding
FW, IPS,
QoS
SRST
VXML
Note: Some features/components may require additional licensing
BRKUCC-2934
Cisco Public
CUBE (Enterprise) Product Portfolio

50-150
ASR 1004/6 RP2

ASR 1002-X
50-100
ASR 1001-X
ISR 4451-X
CPS
20-35
ISR 4431
3900E Series ISR-G2

(3925E, 3945E)
ISR 4351
17
3900 Series ISR-G2 (3925, 3945)
ISR-4K (4321, 4331)
8-12
Note: New platforms in this

release : Introducing ISR-4K
Series (IOS-XE 3.13.1+
recommended)
2900 Series
ISR-G2 (2901, 2911, 2921, 2951)
<5
800/1861 ISR
<50
500-600
900-1000
2000-2500
4000
4500-6000
7000-10,000
Active Concurrent Voice Calls Capacity

BRKUCC-2934
Cisco Public
12K-14K
14-16K
CUBE Session Capacity Summary

Platform
CUBE Sessions
NanoCUBE (8XX and SPIAD Platforms)
15 - 120
2901 4321
100
2911 2921
200 400
4331
500
2951
600
3925 3945
800 950
4351
1000
3925E 3945E
2100 2500
4431
3000
4451
6000
ASR1001-X
12000
ASR1002-X
14000
ASR1004/1006 RP2
16000
BRKUCC-2934
Cisco Public
For Your
Reference
CUBE Software Release Mapping

ISR G2
ASR / ISR4400*
CUBE
Vers.
2900/ 3900
FCS
CUBE Ent
ASR Parity
with ISR
8.9
15.2.2T
Nov 2011
>80%
1.4.4
3.6
15.2(2)S
Mar 2012
Mar 2012
>85%
9.0
3.7
15.2(4)S
July 2012
9.0
15.2.3T/
15.2.4M
CUBE
Vers.
IOS XE Release
FCS
9.0.1
15.3.1T
Oct 2012
>95%
9.0.1
3.8
15.3(1)S
Oct 2012
9.0.2
15.3(2)T
Mar 2013
>95%
9.0.2
3.9
15.3(2)S
Mar 2013
9.5.1
15.3(3)M1
Oct 2013
>95%
9.5.1
3.10.1
15.3(3)S1
Oct 2013
10.0.0
15.4(1)T
Nov 2013
>95%
10.0.0
3.11
15.4(1)S
Nov 2013
10.0.1
15.4(2)T
Mar 2014
>95%
10.0.1
3.12
15.4(2)S
Mar 2014
10.0.2
15.4(3)M
July 2014
>95%
10.0.2
3.13
15.4(3)S
July 2014
10.5.0
15.5(1)T
Nov 2014
>95%
10.5.0
3.14
15.5(1)S
Nov 2014
11.0.0
15.5(2)T
Mar 2015
>95%
11.0.0
3.15
15.5(2)S
Mar 2015
11.0.1
15.5(3)M
July 205
>95%
11.0.1
3.16
15.5(3)S
July 2015
* IOS-XE3.13.1 or later recommended for all ISR 4400 series

BRKUCC-2934
Cisco Public
For Your
Reference
CUBE ISR and ASR 1K Licensing

Platform
Cisco 881, 886, 887, 888, 892F, SPIAD
Cisco 2901, 2911, 2921 ISR G2
ISR 4321, 4331, 4351, 4431
Cisco 2951, 3925 ISR G2
Cisco 3945, 3925E, 3945E ISR G2

ISR 4451-X
Cisco ASR1000
Single-Use Licenses
FL-NANOCUBE
NEW
FL-CUBEE-5
FL-CUBEE-25
FL-CUBEE-100
FL-CUBEE-5
FL-CUBEE-25
FL-CUBEE-100
FL-CUBEE-500
FL-CUBEE-5
FL-CUBEE-25
FL-CUBEE-100
FL-CUBEE-500
FL-CUBEE-1000
FLASR1-CUBEE-100P
FLASR1-CUBEE-500P
FLASR1-CUBEE-1KP
FLASR1-CUBEE-4KP
FLASR1-CUBEE-16KP
Redundancy Licenses
( 1 SKU for Active/Standby Pair)
N/A
FL-CUBEE-5-RED
FL-CUBEE-25-RED
FL-CUBEE-100-RED
FL-CUBEE-5-RED
FL-CUBEE-25-RED
FL-CUBEE-100-RED
FL-CUBEE-500-RED
FL-CUBEE-5-RED
FL-CUBEE-25-RED
FL-CUBEE-100-RED
FL-CUBEE-500-RED
FL-CUBEE-1000-RED
FLASR1-CUBEE-100R
FLASR1-CUBEE-500R
FLASR1-CUBEE-1K-R
FLASR1-CUBEE-4K-R
FLASR1-CUBEE-16KR
http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-element/order_guide_c07_462222.html
BRKUCC-2934
Cisco Public
Agenda
CUBE Architecture

BRKUCC-2934
Cisco Public
SIP Trunking Design and Deployment

Models
Cisco Session Management & CUBE:

Essential Elements for Collaboration
CUBE provides session border control
between IP networks
Demarcation
Interworking
Session control
Security
SIP TRUNK TO CUBE
Cisco SME centralizes

network control
Video
3rd Party IP
PBX
Cisco Public
11
Cisco B2B
Cisco Session
Management
IM, Presence,
Voicemail
Centralizes dial plan

Centralized applications
Aggregates PBXs
BRKUCC-2934
CUBE
Mobile
TDM PBX
11
CUBE Deployment Scenarios

TDM
SIP Trunks
for PSTN
Access
SIP
SIP Trunk
H.323
SBC
SP VOIP
Services
CUBE
Standby
Networkbased
Media
Recording
Solution
Partner API
MediaSense
Extending to Video and

High Availability for Audio Calls
CUBE
SIP
SIP
RTP
CUBE
SBC
SP IP
Network
SBC
SP IP
Network
Active
IVR
Integration
for Contact
Centers
CVP
vXML Server
SIP
CUBE
Business to
Business
Telepresence
BRKUCC-2934
Media
Server
SIP
SBC
CUBE
Cisco Public
12
SIP
SP IP
Network
CUBE
NanoCUBE Deployment Scenarios

Service Provider
Call Control
NanoCUBE
Hosted
Service
Small
Business
SIP Trunking
Small
Business
CPE
NANOCUBE
8xx
SIP
SIP
SIP
IAD
8xx
CUBE
SIP
CUCM
SIP
PRI
TDM PBX
IP PBX
Enterprise
Hosted Service
Small Business
13
BRKUCC-2934
NANO
-CUBE
Cisco Public
SIP Trunking
Small Business
PRI To SIP
The Centralized Model

Characteristics of Centralized
Operational Benefits
Central Site is the only location with

SIP session connectivity to IP PSTN
Centralizes Physical
Operations
Voice services delivered to Branch

Offices over the Enterprise IP WAN
(usually MPLS)
Centralizes Dial-Peer
Management
Media traffic hairpins through

central site between SP and
branches
Centralizes SIP Trunk

Capacity
Challenges
Increased campus bandwidth, CAC,
latency; media optimization
HA in campus
Survivability at branch (PSTN
connection at the branch)
Emergency services
Legal/Regulatory
Centralized
IP PSTN
Enterprise
IP WAN
CUBE
Site-SP Media
BRKUCC-2934
Cisco Public
14
The Distributed Model

Characteristics of Distributed
Operational Benefits
Challenges
Each site has direct connection

for SIP sessions to SP
Leverages existing branch

routers
Distributed dial-peer
management
Takes advantage of SP session

pooling, if offered by SP
No media hair-pinning thru any

site
Distributed operational overhead
Media traffic goes direct from

each branch site to the SP
Lower latency on voice or video
IP addressing to Service Provider

from branch
Built-in Redundancy strategy
Distributed
Quickest transition from

IP PSTN
existing
TDM
Enterprise
IP WAN
CUBE
CUBE
BRKUCC-2934
Cisco Public
CUBE
15
CUBE
CUBE
Site-SP Media
.. and the Hybrid Model

Characteristics of Hybrid
Benefits
Connection to SP SIP service is determined on a site by

site basis to be either direct or routed through a regional
site.
Decision to route call direct or indirect based on various
criteria
Adaptable to site specific requirements
Optimizes BW use on Enterprise WAN

Adaptable to regional SP issues
Built-in redundancy strategy
Media traffic goes direct from site to SP or hairpins

through another site, depending on branch configuration.
Hybrid
IP PSTN
Enterprise
IP WAN
CUBE
CUBE
CUBE
BRKUCC-2934
Cisco Public
16
CUBE
CUBE
In-Depth Explanation of SIP Deployment Models

Educate your customer on SIP Deployment Models
New White Paper will be posted by the end of January at the following URL:
www.cisco.com/go/cube
BRKUCC-2934
Cisco Public
17
Agenda
CUBE Architecture

BRKUCC-2934
Cisco Public
18
CUBE Call Flow
CUBE Call Processing

Actively involved in the call treatment,
signaling and media streams
IP
SIP B2B User Agent
Signaling is terminated, interpreted and

re-originated
Provides full inspection of signaling, and

protection against malformed and malicious
packets
Media is handled in two different modes:
Media Flow-Through
Media Flow-Around
Media Flow-Through
Signaling and media terminated by the Cisco
Unified Border Element
Transcoding and complete IP address hiding
require this model
CUBE
IP
Digital Signal Processors (DSPs) are

required for transcoding (calls with
dissimilar codecs)
BRKUCC-2934
CUBE
Cisco Public
Media Flow-Around
Signaling and media terminated by the Cisco
Unified Border Element
Media bypasses the Cisco Unified Border
Element
Cisco Unified Border Element Basic Call Flow

Originating
Endpoint 1000
voice service voip

mode border-element
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
Incoming VoIP Call
Outgoing VoIP Call
Terminating
Endpoint
2000
CUBE
dial-peer voice 1 voip

incoming called-number 1000
session protocol sipv2
codec g711ulaw
no vad

destination-pattern 2000
session target ipv4:2.2.2.10
codec g711ulaw
1.
Incoming VoIP setup message from originating endpoint
2.
This matches inbound VoIP dial peer 1 for characteristics such as codec, VAD, DTMF method,
protocol, etc.
3.
Match the called number to outbound VoIP dial peer 2
4.
Outgoing VoIP setup message
BRKUCC-2934
Cisco Public
Understanding the Call flow

Incoming VoIP Call Leg
Matches an Incoming Dial-peer
10.10.10.10
1000
1.1.1.1
INVITE /w SDP
Outgoing VoIP Call Leg

Matches an Outbound Dial-peer
CUBE
20.20.20.20
INVITE /w SDP
c= 1.1.1.1
m=audio abc RTP/AVP 0
2000
2.2.2.2
c= 20.20.20.20
m=audio xxx RTP/AVP 0
100 TRYING
100 TRYING
180 RINGING
180 RINGING
200 OK
200 OK
c= 2.2.2.2
m=audio uvw RTP/AVP 0
c= 20.20.20.20
m=audio xyz RTP/AVP 0
ACK
1.1.1.1
BRKUCC-2934
ACK
RTP (Audio)
10.10.10.10
20.20.20.20
Cisco Public
2.2.2.2
Basic Show commands for Active Calls

CUBE# show call active voice brief
121A : 17 13:02:24.215 IST Mon Jun 27 2011.1 +2040 pid:2 Answer 2000 active
dur 00:00:14 tx:0/0 rx:0/0
IP 2.2.2.2:6001 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g729r8 TextRelay: off
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a
121A : 18 13:02:24.225 IST Mon Jun 27 2011.1 +2020 pid:1 Originate 1000 active
dur 00:00:14 tx:0/0 rx:0/0
IP 1.1.1.1:6000 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g729r8 TextRelay: off
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a
Telephony call-legs: 0
SIP call-legs: 2
H323 call-legs: 0
Call agent controlled call-legs: 0
SCCP call-legs: 0
Multicast call-legs: 0
Total call-legs: 2
CUBE# show voip rtp connections
VoIP RTP active connections :
No. CallId
dstCallId LocalRTP
1
17
18
17474
2
18
17
17476
RmtRTP
6000
6001
Found 2 active RTP connections

BRKUCC-2934
Cisco Public
LocalIP
10.10.10.10
20.20.20.20
RemoteIP
1.1.1.1
2.2.2.2
CUBE Architecture
ISR G2 vs ASR1K vs ISR 4400
ASR/4400 & ISR-G2 Architecture Comparison

ASR/4400 Architecture
ISR G2 Architecture
Control Plane
CPU
IOS
RP
Control
Plane
IOS
Kernel
Msg I/f
I/O
ESP
I/O
Signaling
Signaling
IOS
I/O
Media
Cisco Public
25
I/O
ISR: Pkt fwding and signaling are handled by the

same CPU
ASR: Pkt fwding and signaling are handled by

different CPUs
ESP must be programmed or instructed by the

control plane to do specific media functions
Performed by Forwarding Plane Interface (FPI)
Data (Forwarding) Plane
BRKUCC-2934
Data Plane
ASR & ISR-G2/4400 Feature Comparison

General SBC Features
ASR
ISR-G2
4400
High Availability Implementation
Redundancy-Group
Infrastructure
HSRP Based
Redundancy-Group
Infrastructure
TDM Trunk Failover/Co-existence
Not Available
Exists
Exists
Media Forking
XE3.8
(Thousands of calls)
15.2.1T
(Upto 1250 calls)
XE3.10
Software MTP registered to CUCM (Including

HA Support)
XE3.6
Exists
Exists
DSP Card
SPA-DSP
PVDM2/PVDM3
PVDM4
Transcoder registered to CUCM
Not Available
Exists via SCCP
Exists via SCCP (XE3.11)
Transcoder Implementation
Local Transcoder
Interface (LTI)
SCCP or LTI (starting IOS

15.2.3T)
SCCP and LTI
Embedded Packet Capture
Exists
Exists
Exists
Web-based UC API
XE3.8
15.2.2T
Exists
Noise Reduction & ASP
Exists
15.2.3T
Exists
Call Progress Analysis
XE3.9
15.3.2T
Exists
CME/SRST and CUBE co-existence
Not Available
Exists
XE3.11
SRTP-RTP Call flows
Exists (NO DSPs needed)
Exists (DSPs required)
Exists (NO DSPs needed)
BRKUCC-2934
Cisco Public
26
Agenda
CUBE Architecture

BRKUCC-2934
Cisco Public
27
Transitioning to SIP Trunking...

Re-purpose your existing Cisco voice gateways as Session Border Controllers
BEFORE
AFTER
SIP/H323/MGCP
Media
SIP Trunks
Media
Standby
Enterprise Campus
High-density Dedicated
Gateways
CUBE
IP PSTN
Active
CUBE
MPLS
MPLS
CUBE with High

Availability
PSTN is now
used only for
emergency
calls over FXO
lines
SRST
CME
SRST
CME
TDM PBX
Enterprise
Branch Offices
BRKUCC-2934
Enterprise
Branch Offices
Cisco Public
28
TDM PBX
Steps to transitioning...
SIP Trunk
Media
Step 1 Configure IP PBX to route

all calls (HQ and branch offices) to
the edge SBC
Standby
CUBE
IP PSTN
Active
Step 2 Get SIP Trunk details from

the provider
CUBE
Enterprise
Campus
CUBE with High

Availability
Step 3 Enable CUBE application

on Cisco routers
MPLS
PSTN is now
used only for
emergency
calls over FXO
lines
SRST
CME
TDM PBX
Cisco Public
Step 5 Normalize SIP messages

to meet SIP Trunk providers
requirements
Step 6 Execute the test plan
Enterprise Branch
Offices
BRKUCC-2934
Step 4 Configure call routing on

CUBE (Incoming & Outgoing dialpeers)
29
Also see BRKUCC-2006
Step 1: Configure CUCM to route calls to the edge SBC

SIP Trunk Pointing to CUBE
Standby
CUBE
IP PSTN
Active
CUBE
Enterprise
Campus
CUBE with High

Availability
MPLS
Configure CUCM to route all PSTN

PSTN is now
calls (central and branch) to CUBE via
used only for
a SIP trunk
SRST
emergency
calls over
calls
FXO lines
Make sure all different patterns of

local, long distance, international,
emergency,
informational etc.. are
CME
pointing to CUBE
TDM PBX
Enterprise
Branch Offices
BRKUCC-2934
Cisco Public
30
Step 2: Get details from SIP Trunk provider
BRKUCC-2934
Sample
Response
Item
SIP Trunk service provider requirement
SIP Trunk IP Address (Destination IP Address for INVITES)
20.1.1.2 or
DNS
SIP Trunk Port number (Destination port number for INVITES)
5060
SIP Trunk Transport Layer (UDP or TCP)
UDP
Codecs supported
G711, G729
Fax protocol support
T.38
DTMF signaling mechanism
RFC2833
Does the provider require SDP information in initial INVITE (Early offer
required)
Yes
SBCs external IP address that is required for the SP to accept/authenticate

calls (Source IP Address for INVITES)
20.1.1.1
Does SP require SIP Trunk registration for each DID? If yes, what is the
username & password
No
10
Does SP require Digest Authentication? If yes, what is the username &

password
No
Cisco Public
31
Step 3: Enable CUBE Application on Cisco routers

1. Enable CUBE Application
voice service voip
mode border-element license capacity 200
2. Configure any other global settings to meet SPs requirements

voice service voip
sip
early-offer forced
header-passing
error-passthru
3. Create a trusted list of IP addresses to prevent toll-fraud
BRKUCC-2934
voice service voip

ip address trusted list
ipv4 10.1.1.50
ipv4 20.20.20.20
sip
silent discard-untrusted Default configuration starting XE 3.10.1 /15.3(3)M1 to
mitigate
TDoS Attack
32
Cisco Public
Step 4: Configure Call routing on CUBE

Standby
CUBE with High

Availability
CUBE
Active
IP PSTN
CUBE
Enterprise
Campus
MPLS
LAN Dial-Peers
WAN Dial-Peers
Dial-Peer static routing table mapping phone numbers

SRST
PSTN is now
used only for
toemergency
interfaces
callsor
over FXO lines
IP addresses
LAN Dial-Peers Dial-peers that are facing towards the IP PBX for sending and receiving
calls to & from the PBX
CME
WAN Dial-Peers Dial-peers that are facing towards the SIP Trunk provider for sending & receiving
calls to & from the provider
TDM PBX
Enterprise Branch
Offices
BRKUCC-2934
Cisco Public
33
WAN Dial-Peer Configuration

Inbound Dial-Peer for calls from SP to CUBE
description *** Inbound WAN side dial-peer ***
incoming called-number [2-9].........
codec g711ulaw
dtmf-relay rtp-nte
Catch-all for
all inbound
PSTN calls
Outbound Dial-Peer for calls from CUBE to SP

description *** Outbound WAN side dial-peer ***
translation-profile outgoing Digitstrip
destination-pattern 9[2-9].........
voice-class sip bind control source gig0/1
voice-class sip bind media source gig0/1
session target ipv4:<SIP_Trunk_IP_Address>
codec g711ulaw
dtmf-relay rtp-nte
BRKUCC-2934
Cisco Public
34
Dial-peer for
making long
distance calls
to SP
Note: Separate outgoing DP to be created for Local, International,

Emergency, Informational calls etc.
LAN Dial-Peer Configuration

Inbound Dial-Peer for calls from CUCM to CUBE
description *** Inbound LAN side dial-peer ***
incoming called-number 9T
codec g711ulaw
dtmf-relay rtp-nte
CUCM sending 9
+ All digits dialed
Outbound Dial-Peer for calls from CUBE to CUCM

description *** Outbound LAN side dial-peer ***
destination-pattern [2-9].........
session target ipv4:<CUCM_Address>
codec g711ulaw
dtmf-relay rtp-nte
SP will be
sending 10 digits
inbound
Note: If more than 1 CUCM cluster exists, you will have to create multiple such LAN dial-peers with preference CLI for CUCM
redundancy/load balancing as the traditional way to accommodate multiple trunks
BRKUCC-2934
Cisco Public
35
Step 5: SIP Normalization

SIP profiles is a mechanism to normalize or customize SIP at the
network border to provide interop between incompatible devices
Add user=phone for INVITEs
SIP incompatibilities arise due to:
Incoming
A device rejecting an unknown header (value

or parameter) instead of ignoring it
INVITE
sip:5551000@sip.com:5060
SIP/2.0
A device expecting an optional header

value/parameter or can be implemented in
multiple ways
INVITE
sip:5551000@sip.com:5060
user=phone SIP/2.0
Modify a sip: URI to a tel: URI in INVITEs

Incoming
INVITE
sip:2222000020@9.13.24.6:5060
SIP/2.0
Variations in the SIP standards of how to

achieve certain functions
Outgoing
CUBE
INVITE
tel:2222000020
SIP/2.0
voice class sip-profiles 100

request INVITE sip-header SIP-Req-URI modify "sip:(.*)@[^ ]+" "tel:\1"
request INVITE sip-header From modify "<sip:(.*)@.*>" "<tel:\1>"
request INVITE sip-header To modify "<sip:(.*)@.*>" "<tel:\1>"
With CUBE 10.0.1 SIP Profiles

can be applied to inbound SIP
messages as well
CUBE

request INVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
request REINVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
A device sending a value/parameter that must

be changed or suppressed (normalized)
before it leaves/enters the enterprise to comply
with policies
BRKUCC-2934
Outgoing
Cisco Public
36
Normalize Outbound SIP Message (Example 1)

SIP Provider
Requirement
For Call Forward & Transfer scenarios back to PSTN, the Diversion
header should match the registered DID of your network
SIP INVITE that CUBE sends
SIP INVITE that Service Provider expects
Sent:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0
User-Agent: Cisco-SIPGateway/IOS-15.2.3.T
Diversion: <sip:3000@9.44.44.4>;privacy=off;
reason=unconditional;screen=yes
...
m=audio 6001 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
...
Sent:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0
.
User-Agent: Cisco-SIPGateway/IOS-15.2.3.T
.
Diversion: <sip:4085266855@sip.abc.com>;
privacy=off;reason=unconditional;screen=yes
.
m=audio 32278 RTP/AVP 18 8 101
..
Configure
SIP Profiles

request INVITE sip-header Diversion modify sip:(.*>) sip:4085266855@sip.abc.com>
request REINVITE sip-header Diversion modify sip:(.*>) sip:4085266855@sip.abc.com>
Apply to
Dial-peer or
Globally

description Incoming/outgoing SP
voice-class sip profiles 400
BRKUCC-2934
Cisco Public
voice service voip

sip
sip profiles 400
37
For Your
Reference
Normalize Inbound SIP Message (Example 2)

CUBE
Requirement
SIP Diversion header must include a user portion

SIP INVITE received by CUBE
SIP INVITE CUBE expects
Sent:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0
User-Agent: SP-SBC
Diversion: <sip:9.44.44.4>;privacy=off;
reason=unconditional;screen=yes
...
m=audio 6001 RTP/AVP 0 8 18 101
...
Enable Inbound SIP

Profile feature
Sent:
INVITE sip:2000@9.44.44.4:5060 SIP/2.0
.
User-Agent: SP-SBC
.
Diversion: <sip:1234@abc.com>;
privacy=off;reason=unconditional;screen=yes
.
m=audio 32278 RTP/AVP 18 8 101
..
voice service voip

sip
sip-profiles inbound
Configure Inbound
SIP Profile to add a
dummy user part

request INVITE sip-header Diversion modify sip: sip:1234@
Apply to Dial-peer
or Globally

description Incoming/outgoing SP
voice-class sip profiles 400 inbound
BRKUCC-2934
Cisco Public
38
voice service voip

sip
sip profiles 400 inbound
For Your
Reference
Step 6: Execute the Test Plan

Inbound and outbound Local, Long distance, International calls for G711 &
G729 codecs (if supported by provider)
Outbound calls to information and emergency services
Caller ID and Calling Name Presentation
Supplementary services like Call Hold, Resume, Call Forward & Transfer
DTMF Tests
Fax calls T.38 and fallback to pass-through (if option available)
BRKUCC-2934
Cisco Public
39
Agenda
CUBE Architecture

BRKUCC-2934
Cisco Public
40
CUBE Dial-Peers
Call Routing
Understanding Dial-Peer matching Techniques:

LAN & WAN Dial-Peers
LAN Dial-Peers Dial-peers that are facing towards the IP PBX for sending
and receiving calls to & from the PBX
WAN Dial-Peers Dial-peers that are facing towards the SIP Trunk provider for
sending & receiving calls to & from the provider
Inbound LAN Dial-Peer
Outbound Calls
SIP Trunk
Outbound WAN Dial-Peer
SP SIP Trunk
IP PSTN
CUBE
Inbound Calls
Inbound WAN Dial-Peer
Outbound LAN Dial-Peer

BRKUCC-2934
Cisco Public
42
Understanding Inbound Dial-Peer Matching Techniques

Priority
1
Exact Pattern
match
Match Based on URI of an

incoming INVITE message
Host Name/IP
Address
Match based on Called

Number
Phone-number of
tel-uri
Match based on Calling

number
IP PSTN
Cisco Public
Inbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";;branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
Default Dial-Peer = 0
BRKUCC-2934
SP SIP Trunk
SIP Trunk
CUBE
User portion of URI
Outbound Calls
43

Priority
A
voice class uri 2001 sip
host ipv4:10.2.1.1

incoming uri via 1001

incoming uri request 2001

incoming uri to 2001

incoming uri from 1001


answer-address 555

BRKUCC-2934
Outbound Calls

host ipv4:10.1.1.1
SP SIP Trunk
SIP Trunk
IP PSTN
CUBE
Inbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Cisco Public
44

Priority
A
host ipv4:10.2.1.1






answer-address 555

BRKUCC-2934
Outbound Calls

host ipv4:10.1.1.1
SP SIP Trunk
SIP Trunk
IP PSTN
CUBE
Inbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Cisco Public
45

Priority
A
host ipv4:10.2.1.1






answer-address 555

BRKUCC-2934
Outbound Calls

host ipv4:10.1.1.1
SP SIP Trunk
SIP Trunk
IP PSTN
CUBE
Inbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Cisco Public
46

Priority
A
host ipv4:10.2.1.1






answer-address 555

BRKUCC-2934
Outbound Calls

host ipv4:10.1.1.1
SP SIP Trunk
SIP Trunk
IP PSTN
CUBE
Inbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Cisco Public
47

Priority






answer-address 555

BRKUCC-2934
SP SIP Trunk
SIP Trunk
IP PSTN

host ipv4:10.2.1.1
Outbound Calls

host ipv4:10.1.1.1
CUBE
Inbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Cisco Public
48

Priority
A
host ipv4:10.2.1.1






answer-address 555

BRKUCC-2934
Outbound Calls

host ipv4:10.1.1.1
SP SIP Trunk
SIP Trunk
IP PSTN
CUBE
Inbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Cisco Public
49

Priority
A
host ipv4:10.2.1.1






answer-address 555

BRKUCC-2934
Outbound Calls

host ipv4:10.1.1.1
SP SIP Trunk
SIP Trunk
IP PSTN
CUBE
Inbound Calls
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Cisco Public
50
Understanding Outbound Dial-Peer Matching Techniques

Priority
1
Outbound Calls
Match Based on URI of

& carrier-id target
Exact Pattern
match
Host Name/IP
Address
Phone-number of
tel-uri
Host Name/IP
Address
User portion of URI
BRKUCC-2934

number
Phone-number of
tel-uri
Cisco Public
Inbound Calls
Exact Pattern
match
Match based on URI of an

IP PSTN
CUBE
User portion of URI

Number & carrier-id target
SP SIP Trunk
SIP Trunk
51
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........

Priority
1

Outbound Calls

host ipv4:10.2.1.1
SP SIP Trunk
SIP Trunk

destination uri 2001
carrier-id target orange
IP PSTN
CUBE
Inbound Calls

Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.1:5060;x-routetag="cid:orange@10.1.1.1";branch=z9hG4bK-23955-1-0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........

host ipv4:10.2.1.1
BRKUCC-2934


Cisco Public
52
52

Priority
1

Outbound Calls

host ipv4:10.2.1.1
SP SIP Trunk
SIP Trunk

IP PSTN
CUBE
Inbound Calls

Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........

host ipv4:10.2.1.1
BRKUCC-2934


Cisco Public
53
53

Priority
1

Outbound Calls

host ipv4:10.2.1.1
SP SIP Trunk
SIP Trunk

IP PSTN
CUBE
Inbound Calls

Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........

host ipv4:10.2.1.1
BRKUCC-2934


Cisco Public
54
54

Priority
1

Outbound Calls

host ipv4:10.2.1.1
SP SIP Trunk
SIP Trunk

IP PSTN
CUBE
Inbound Calls

Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........

host ipv4:10.2.1.1
BRKUCC-2934


Cisco Public
55
CUBE Advanced Call Routing

Priority
1
Outbound Calls
Match Based on URI of

& carrier-id target
Exact Pattern
match
Host Name/IP
Address
Phone-number of
tel-uri
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
Match based on URI of an

Host Name/IP
Address
User portion of URI
BRKUCC-2934
Inbound Calls
Exact Pattern
match
IP PSTN
CUBE
User portion of URI

Number & carrier-id target
SP SIP Trunk
SIP Trunk

number
Phone-number of
tel-uri
Cisco Public
57

From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Additional Headers for Outbound Dial-Peer Matching

Match Based on URI of incoming INVITE message with

or without carrier-id target
Outbound Calls
Match based on CALLED

carrier-id target
Number with or without
Match Based on TO Header of incoming INVITE

Match Based on VIA Header of incoming INVITE
Match based on DIVERSION Header of incoming
INVITE
Match based on REFERRED-BY Header of incoming
INVITE
BRKUCC-2934
IP PSTN
CUBE
Inbound Calls
Match Based on FROM Header of incoming INVITE
Match based on CALLING
SP SIP Trunk
SIP Trunk
Number
Cisco Public
58

Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
Supported: timer
Max-Forwards: 70
Content-Length: 226
........
Introducing Outbound Dial-peer Provision Policy

Flexibility to choose how outbound dial-peers are selected
Dynamically set the priority based on Inbound dial-peers
Additional Inbound Leg Headers for Outbound Dial-peer Matching
VIA
FROM
TO
DIVERSION
REFERRED-BY
Calling Number
User-defined outbound dial-peer provision policy on a per incoming call bases

1. A provision policy contains two rules to save the match attributes and its precedence
2. Up to two match attributes can be defined from each rule of a provision policy
3. A provision policy setup will be used to match outbound dial-peers once it is associated to an
incoming VoIP call.
Outbound dial-peer match attributes

destination uri-via
destination uri-diversion
destination e164-pattern-map
destination uri-to
destination uri-referred-by
destination uri
destination uri-from
destination calling
destination-pattern
BRKUCC-2934
Cisco Public
59
Dial-peer Provision Policy Configuration

1. Define Voice Class Dial-peer Provision Policy
CUBE(config)#voice class dial-peer provision-policy <tag>
CUBE(config-class)# description Match outbound dial-peer based on this Criteria
CUBE(config-class)#preference ?
<1-2> Preference order
CUBE(config-class)#preference 1 first-attribute second-attribute
called
Match called number
calling
Match calling number
carrier-id
Match carrier id
diversion Match diversion uri
from
Match from uri
to
Match to uri
uri
Match destination uri
via
Match via uri
referred-by
Match referred-by uri
voice class dial-peer provision-policy <tag>

description Match outbound dial-peer based on criteria defined here
preference 1 first-attribute second-attribute
preference 2 first-attribute second-attribute
BRKUCC-2934
Cisco Public
60
Dial-peer Provision Policy Configuration Contd

2. Associate Voice Class Provision Policy to an Incoming Dial-peer

description Inbound Dial-peer
destination provision-policy <tag>
3. Define Outbound Dial-peer with match patterns based on attributes in a policy
CUBE(config)#dial-peer voice 2 voip
CUBE(config-dial-peer)#description Outbound Dial-peer
CUBE(config-dial-peer)#destination ?
calling
Match destination calling number
e164-pattern-map
Configure voice class to match destination e164-pattern-map
uri
Configure voice class to match destination URI
uri-diversion
voice class uri to match sip diversion header
uri-from
voice class uri to match sip from header
uri-referred-by
voice class uri to match sip referred-by header
uri-to
voice class uri to match sip to header
uri-via
voice class uri to match sip via header
BRKUCC-2934
Cisco Public
61
Dial-peer Provision Policy Configuration

Contd
For Your
Reference
Configuring a match command for an outbound dial-peer according to the provision policy rule
attribute configured
Provision Policy Rule Attribute
Outbound Dial-peer Match command
Called
destination-pattern pattern
destination e164-pattern-map pattern-map-class-id
Calling
destination calling e164-pattern-map pattern-map-class-id
carrier-id
carrier-id target
Uri
destination uri uri-class-tag
Via
destination uri-via uri-class-tag
To
destination uri-to uri-class-tag
from
destination uri-from uri-class-tag
diversion
destination uri-diversion uri-class-tag
referred-by
destination uri-referred-by uri-class-tag
BRKUCC-2934
Cisco Public
62
Dial-peer Provision Policy Example Match on FROM

user-id 555

description "Outbound dialpeer based on FROM"
destination uri-from 10

host 10.2.1.1
description "Inbound dialpeer. Choose outbound based on DPP 10"
destination provision-policy 10

voice class dial-peer provision-policy 10
description "Match outbound dialpeer on both From AND To Headers"
preference 1 from to
!
description "Match outbound DP based on FROM first, if no match
select based on TO"
preference 1 from
preference 2 to
BRKUCC-2934
Cisco Public
63

description "Outbound dialpeer based on TO"
destination uri-to 20
description "Outbound dialpeer based on FROM and TO"
Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........

user-id 555


host 10.2.1.1



Received:

select based on TO"
preference 1 from
preference 2 to
From: "555" <sip:555@10.1.1.1:5060>;tag=1
BRKUCC-2934
Cisco Public
64
INVITE sip:654321@10.2.1.1 SIP/2.0

To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........


user-id 555
host 10.2.1.1


Received:

select based on TO"
From: "555" <sip:555@10.1.1.1:5060>;tag=1

To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
preference 1 from
preference 2 to
BRKUCC-2934
Cisco Public
INVITE sip:654321@10.2.1.1 SIP/2.0

65
Dial-peer Provision Policy Example Match on TO

user-id 555


host 10.2.1.1
shutdown

select based on TO"
preference 1 from
Cisco Public

Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>

Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
preference 2 to
BRKUCC-2934

66
Dial-peer Provision Policy Example Match on TO

user-id 555


host 10.2.1.1
shutdown

select based on TO"
preference 1 from
Cisco Public

Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>

Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
preference 2 to
BRKUCC-2934

67
Dial-peer Provision Policy Example Match on FROM & TO

user-id 555


host 10.2.1.1

select based on TO"
preference 1 from
preference 2 to
BRKUCC-2934
Cisco Public
68

Received:
INVITE sip:654321@10.2.1.1 SIP/2.0
From: "555" <sip:555@10.1.1.1:5060>;tag=1
To: ABC <sip:654321@10.2.1.1:5060>
Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
.....

user-id 555


host 10.2.1.1


Received:

select based on TO"
preference 1 from
preference 2 to
From: "555" <sip:555@10.1.1.1:5060>;tag=1

To: ABC <sip:654321@10.2.1.1:5060>
BRKUCC-2934
Cisco Public
INVITE sip:654321@10.2.1.1 SIP/2.0

Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
69


user-id 555
host 10.2.1.1


Received:

select based on TO"
preference 1 from
preference 2 to
From: "555" <sip:555@10.1.1.1:5060>;tag=1

To: ABC <sip:654321@10.2.1.1:5060>
BRKUCC-2934
Cisco Public
INVITE sip:654321@10.2.1.1 SIP/2.0

Call-ID: 1-23955@10.1.1.1
CSeq: 1 INVITE
Contact: sip:555@10.1.1.1:5060
........
70
Destination Server Group

Supports multiple destinations (session targets) be defined in a group and applied to a
single outbound dial-peer
Once an outbound dial-peer is selected to route an outgoing call, multiple destinations
within a server group will be sorted in either round robin or preference [default] order
This reduces the need to configure multiple dial-peers with the same capabilities but
different destinations. E.g. Multiple subscribers in a cluster
voice class server-group 1
hunt-scheme {preference | round-robin}
ipv4 1.1.1.1 preference 5
ipv4 2.2.2.2
ipv4 3.3.3.3 port 3333 preference 3
ipv6 2010:AB8:0:2::1 port 2323 preference 3
ipv6 2010:AB8:0:2::2 port 2222
* DNS target not supported in server group
BRKUCC-2934
Cisco Public
71

description Outbound DP
codec g711ulaw
dtmf-relay rtp-nte
session server-group 1
Multiple Destination-Patterns Under Same

Outbound Dial-Peer
Site A
(919)200-2000
Site B
(510)100-1000
Site C
(408)100-1000
G729 Sites
voice class e164-pattern-map 100

e164 919200200.
e164 510100100.
e164 408100100.
destination e164-pattern-map 100
codec g729r8
SIP Trunk
Provides the ability to combine multiple

destination-patterns targeted to the
same destination to be grouped into a
single dial-peer
SP SIP Trunk
IP PSTN
CUBE
Site A
(919)200-2010
Site B
(510)100-1010
Site C
(408)100-1010

url flash:e164-pattern-map.cfg
destination e164-pattern-map 200
codec g711ulaw
G711 Sites
BRKUCC-2934
Cisco Public
72
! This is an example of the contents

of E164 patterns text file
stored in flash:e164-patternmap.cfg
9192002010
5101001010
4081001010
Multiple Incoming Patterns Under Same

Incoming Dial-peer
Site A
(919)200-2000
Site B
(510)100-1000
Site C
(408)100-1000
G729 Sites

e164 919200200.
e164 510100100.
e164 408100100.
description Inbound DP via Calling
incoming calling e164-pattern-map 100
codec g729r8
SIP Trunk
Provides the ability to combine multiple

incoming called OR calling numbers on
a single inbound voip dial-peer, reducing
the total number of inbound voip dialpeers required with the same routing
capability
SP SIP Trunk
IP PSTN
CUBE
Site A
(919)200-2010
Site B
(510)100-1010
Site C
(408)100-1010

url flash:e164-pattern-map.cfg
description Inbound DP via Called
incoming called e164-pattern-map 200
codec g711ulaw
G711 Sites
BRKUCC-2934
Cisco Public
73
! This is an example of the contents

of E164 patterns text file
stored in flash:e164-patternmap.cfg
9192002010
5101001010
4081001010
URI Based Dialing Overview

INVITE sip:user@xyz.com
INVITE sip:user@xyz.com
SBC
CUBE
Enterprise
xyz.com
Enterprise
abc.com
Existing CUBE behavior:

In CUBE URI based routing (user@host), the user part must be present and must be an
E164 number
The outgoing SIP Request-URI and To header URI are always set to the session target
information of the outbound dial-peer
For Req-URIs with same user name e.g. hussain@cisco.com, hussain@google.com, two
different dial-peers are configured with the respective session targets
BRKUCC-2934
Cisco Public
74
URI Based Dialing Enhancement

URI Pass Through
INVITE sip:1234@cisco.com
For Your
Reference
CUBE
INVITE sip:1234@cisco.com

destination uri 1
voice-class sip call-route url

voice-class sip requri-passing
host cisco.com
By default, the host portion is replaced with the session target value of the matched
outbound dial-peer
Enhancement : Outgoing INVITE has same request URI as received in Incoming INVITE.
This can be achieved by configuring requri-passing in the outgoing dial-peer or
globally.
Allows for peer-to-peer calling between enterprises using URIs
BRKUCC-2934
Cisco Public
75

User portion non-E164 format
INVITE sip:hussain@cisco.com
For Your
Reference
CUBE
INVITE sip:hussain@10.1.1.1

destination uri 1

host cisco.com
By default, alphanumeric/non-E164 users were not allowed

Enhancement : User part in Incoming INVITE Req-URI can be of Non-E164 format. e.g.
sip:hussain@cisco.com. Outgoing INVITE will have user portion as it is received i.e.
hussain (unless SIP profiles are applied).
Useful for video calls
BRKUCC-2934
Cisco Public
76

User portion absent
INVITE sip:cisco.com
For Your
Reference
CUBE
INVITE sip:cisco.com

destination uri 1

voice-class sip requri-passing
By default, call is rejected with 400 Bad Request
host cisco.com
Enhancement : Incoming INVITE with no user portion (e.g. sip:cisco.com.) is supported. Dial-peer
matching will happen based on host portion. Outgoing INVITE Req-URI will not have any user portion in
this case (unless sip-profiles are applied).
If user portion is present in incoming INVITE To header, it is retained in outgoing INVITE To Header
If voice-class sip requri-passing is not configured, INVITE will go out as sip:10.1.1.1
REFER and 302, both consume and pass-through cases supported as well
BRKUCC-2934
Cisco Public
77

Deriving Target host from Incoming INVITE Req-URI
INVITE sip:hussain@cisco.com
CUBE
INVITE sip:hussain@10.1.1.1 Skype

destination uri 1
Facebook Video
session target sip-uri

user hussain
user .*
For different hosts with the same user, multiple outgoing dial-peers had to be configured
Enhancement : To support URIs with the same user portion but with different domains, only one
dial-peer per can be configured. Outgoing dial-peer needs to be configured with session
target sip-uri instead of regular session target configuration. This will trigger DNS
resolution of the domain of incoming INVITE Req-URI and dynamically determine the session
target IP.
BRKUCC-2934
Cisco Public
78
Destination Dial-peer Group

Allows grouping of outbound dial-peers based on an incoming dial-peer, reducing
existing outbound dial-peer provisioning requirements
Eliminates the need to configure extra outbound dial-peers that are sometimes
needed as workarounds to achieve desired call routing outcome
Multiple outbound dial-peers are saved under a new voice class dpg <tag>. The
new destination dpg <tag> command line of an inbound voip dial-peer
can be used to reference the new dpg (dial-peer group)
Once an incoming voip call is handled by an inbound voip dial-peer with an
active dpg, dial-peers of a dpg will then be used as outbound dial-peers for an
incoming call
The order of outgoing call setups will be the sorted list of dial-peers from a dpg
BRKUCC-2934
Cisco Public
79
Destination Dial-peer Group Configuration

voice class dpg 10000
description Voice Class DPG for DP Source SJ
dial-peer 1001 preference 1
dial-peer 1002 preference 2
dial-peer 1003
!
description DP Source SJ w/voice class dpg
destination dpg 10000
1. Incoming Dial-peer
is first matched
BRKUCC-2934

description DPG 10000
!
!
2. Now the
DPG associated
session
target ipv4:10.1.1.3
with the INBOUND DP is

selected
Cisco Public
80
Media Manipulation
Audio Transcoding and Transrating

iLBC, iSAC,
Speex
Enterprise
VoIP
SP VoIP
IP Phones:
G.711, G.729 20 ms,
G.722
CUBE
G.729 30 ms
Transcoding (12.4.20T)
One voice codec to any other codec E.g. iLBC-G.711 or iLBC-G.729
Support for H.323 and SIP
CUCM 7.1.5 or later supports universal Transcoding
Transrating (15.0.1M)
Different packetizations of the same codec
E.g. G.729 20ms to G.729 30ms

Support for SIP-SIP calls
No sRTP support with transrating
codec g729r8 bytes 30 fixed-bytes
BRKUCC-2934
!Call volume (gain/loss) adjustment

audio incoming level-adjustment x
audio outgoing level-adjustment y
Cisco Public
82
Transcoding: G.711, G.723.1, G.726, G.728,

G.729/a, iLBC, G.722
Transrating: G.729 20ms 30ms (AT&T)
Supported Codecs
Packetization
(ms)
G.711 a-law 64 Kbps
10, 20, 30
G.711 law 64 Kbps
10, 20, 30
G.723 5.3/6.3 Kbps
30, 60
G.729, G.729A, G.729B, 10, 20, 30, 40, 50,

G.729AB 8 Kbps
60
G.72264 Kbps
10, 20, 30
Configuration for SCCP based Transcoding

(ISR-G2/4400)
1. Enabling dspfarm services
under voice-card
3. sccp configuration
voice-card 1
dspfarm
dsp services dspfarm
sccp local GigabitEthernet0/0

sccp ccm <CUBE_internal_IP>
identifier 1 version 4.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 1 register CUBE-XCODE
2. telephony-service configuration
telephony-service
sdspfarm units 1
sdspfarm transcode sessions 128
sdspfarm tag 1 CUBE-XCODE
max-ephones 10
max-dn 10
ip source-address
<CUBE_internal_IP> port 2000
BRKUCC-2934
Cisco Public
4. dspfarm profile configuration

dspfarm profile 1 transcode
codec g711ulaw
codec g711alaw
codec g729r8
maximum sessions 10
associate application SCCP
83
For Your
Reference
Configuration for LTI based Transcoding

(ISR-G2/4400 & ASR)
1. Enabling dspfarm services
under voice-card
Feature Notes:
voice-card 0/1
dspfarm
dsp services dspfarm
This uses Local Transcoding Interface to

communicate between CUBE and DSPs
Also available on ISR-G2 starting IOS 15.2.3T
Can only be used if CUBE invokes the DSP
for media services
CUCM cannot invoke DSPs using this LTI
interface
2. dspfarm profile configuration

dspfarm profile 1 transcode
codec g711ulaw
codec g711alaw
codec g729abr8
codec g729ar8
codec ilbc
maximum sessions 100
associate application CUBE
BRKUCC-2934
Cisco Public
84
Call Recording
CUBE Controlled Recording Option Media Forking

Dial-peer based
CUBE sets up a stateful SIP session

with MediaSense server
Cisco Search/Play demo app

-orPartner Application
After SIP dialog established, CUBE

forks the RTP and sends it for
MediaSense to record
Cisco MediaSense
(authentication disabled w/o UCM)
MediaSense
With XE 3.10.1, Video calls

supported and CUBE HA for audio
calls
SIP
RTP
A
SIP
SIP
SP SIP
RTP
Call agent
independent
Configured on a per
Dial-peer level
BRKUCC-2934
CUBE
RTP
media class 1
recorder parameter
media-recording 20

description dial-peer pointing to MediaSense
Needs to
match

description dial-peer that needs to be forked

media-class 1
Cisco Public
86

session target ipv4:<Mediasense_IP>
Audio only Media Forking for an Audio/Video Call

CUBE Controlled Recording
MediaSense 10+ or any recording server can decline the video stream and choose to have only the audio
stream recorded by setting the video port as 0 in the SDP answer
CUBE can be configured to offer only audio streams to be recorded even if the call that is being recorded
is an audio/video call
MediaSense
Support for forwarding any 3rd
party IP PBX GUID to the
recording server
SIP
RTP
A
SIP
SIP
SP SIP
RTP
CUBE
RTP
media profile recorder 100

media-class 1
recorder profile 100
media-type audio
description dial-peer pointing to MediaSense
media-recording 20

session target ipv4:<Mediasense_IP>

description dial-peer that needs to be forked

media-class 1
BRKUCC-2934
Cisco Public
87
CUCM (10.X or later) Controlled Recording

UC Services API
3.
1. Enable HTTP on IOS
ip http server
http client persistent
Gateway/CUBE Recording
Enabled
2. Enable the API on IOS
4.
1.
2.
uc wsapi
source-address [IP_Address_of_CUBE]
3. Enable XMF service within the API
5.
provider xmf
remote-url 1 http://CUCM:8090/ucm_xmf
no shutdown
[1] [3]: An external call is answered by user with IP phone

[4] [5]: CUCM sends forking request over HTTP to CUBE,
which sends two media streams towards the Recording Server
Selective Recording
Mobile/SNR/MVA Calls
Recording Call Preservation
With XE3.13/IOS15.4(3)M, CUBE supports SRTP-SRTP, SRTP-RTP, RTP-SRTP recording. Feature on CUCM roadmap
BRKUCC-2934
Cisco Public
High Availability
CUBE High Availability Options

Inbox redundancy
ASR 1006
Stateful failover
Local redundancy
ASR(config)#redundancy
ASR-RP2(config-red)#mode sso
ASR-RP2(config-red)#end
L2 Box-to-Box redundancy
Active
ISR G2/4451-X (Stateful failover)

ASR 1001/2/4/6 (Stateful failover)
Local redundancy (Both routers must
be physically located on the same
Ethernet LAN)
Not supported across data centers
Only 1 RP and 1 ESP in ASR1006
CUBE
Virtual
IP
Virtual
IP
SIP SP
CUBE
Standby
Clustering with load balancing
BRKUCC-2934
All platforms
Load balancing by
SP call agent
Cisco Unified SIP Proxy
Local and geographical redundancy
Cisco Public
SIP SP
CUSP
90
CUSP
CUBE HA Design Considerations on ISR-G2 for Box-toBox Redundancy

CUBE-1
Gig0/0 10.10.1.11
Gig0/1 128.107.66.77
HSRP
Group 1
10.10.1.13
Keepalives
Gig0/1 10.10.1.12
LAN
Virtual IP
HSRP
Group 10
CUCM
CUBE
128.107.66.79
10.10.1.10
SP IP
Network
Y.Y.Y.Y
Gig0/1 128.107.66.78
WAN
Virtual IP
CUBE
CUBE-2
All signaling is sourced from/to the Virtual IP Address
Lower address for both the interfaces (Gig0/0 and Gig0/1) should be on the same platform, which is
used as a tie breaker for the HSRP Active state
HSRP Group number should be unique to a pair/interface combination on the same L2
Both interfaces of the same group have to be configured with the same priority
Multiple HSRP interfaces require preemption with interface tracking to be configured
No media-flow around, SDP-Passthru, or UC Services API support for CUBE HA
BRKUCC-2934
Cisco Public
91
CUBE HA Design Considerations on ISR-G2 for Box-toBox Redundancy Contd

CUBE-1
Gig0/0 10.10.1.11
Gig0/1 128.107.66.77
HSRP
Group 1
10.10.1.13
Keepalives
Gig0/1 10.10.1.12
LAN
Virtual IP
HSRP
Group 10
CUCM
CUBE
128.107.66.79
10.10.1.10
SP IP
Network
Y.Y.Y.Y
Gig0/1 128.107.66.78
WAN
Virtual IP
CUBE
CUBE-2
Both platforms must be connected via a Switch for CUBE HA to work. Cannot have WAN
terminated on CUBEs directly or Data HSRP on either side
TDM or VXML GW cannot be collocated with CUBE HA
Both the CUBEs must be running on the same type of platform and IOS version and identical
configuration. Loopback interfaces cannot be used as they are always up.
Some call flows requiring DSPs will be preserved in a future release [15.5(2)T] March 2015
Upon failover, the ACTIVE CUBE goes through a reload
BRKUCC-2934
Cisco Public
92
CUBE Configuration on ISR-G2 Box-to-Box Redundancy

CUBE-1
Gig0/0 10.10.1.11
Gig0/1 128.107.66.77
redundancy inter-device
scheme standby SB
HSRP
Group 1
10.10.1.13
LAN
Virtual IP
CUBE 1
Gig0/1 10.10.1.12
Gig0/1 128.107.66.78
CUBE
CUBE-2
Define Redundancy scheme: Creates
interdependency b/w CUBE redundancy & HSRP
voice service voip

mode border-element
redundancy
ipc zone default
association 1
no shutdown
protocol sctp
local-port 5000
local-ip 10.10.1.11
remote-port 5000
remote-ip 10.10.1.12
BRKUCC-2934
Keepalives
HSRP
Group 10
CUCM
CUBE
128.107.66.79
10.10.1.10
Turn on CUBE Redundancy
IPC configuration :
Allows the ACTIVE
CUBE to tell the
STANDBY about the
state of the calls
Cisco Public
93
SP IP
Network
Y.Y.Y.Y
WAN
Virtual IP
CUBE 2
redundancy inter-device
scheme standby SB
voice service voip
mode border-element
redundancy
ipc zone default
association 1
no shutdown
protocol sctp
local-port 5000
local-ip 10.10.1.12
remote-port 5000
remote-ip 10.10.1.11

CUBE-1
Gig0/0 10.10.1.11
Gig0/1 128.107.66.77
10.10.1.13
HSRP
Group 1
Gig0/1 10.10.1.12
LAN
Virtual IP
CUBE 1
interface GigabitEthernet0/0
ip address 10.10.1.11 255.255.255.0
standby version 2
standby 1 ip 10.10.1.13
standby delay minimum 30 reload 60
standby 1 name SB
standby 1 preempt
standby 1 track 2 decrement 10
standby 1 priority 50
ip address 128.107.60.71 255.255.255.0
standby version 2
standby 10 ip 128.107.60.73
standby 10 preempt
BRKUCC-2934
Keepalives
HSRP
Group 10
CUCM
CUBE
128.107.66.79
10.10.1.10
SP IP
Network
Y.Y.Y.Y
Gig0/1 128.107.66.78
WAN
Virtual IP
CUBE 2
CUBE
CUBE-2
Inside
interfaces:
HSRP group 0
ip address 10.10.1.12 255.255.255.0
standby version 2
standby 1 ip 10.10.1.13
standby 1 name SB
standby 1 preempt
Outside
interfaces:
HSRP group 10
ip address 128.107.60.72 255.255.255.0
standby version 2
standby 10 ip 128.107.60.73
standby 10 preempt
Cisco Public
94

Configuration on Active and Standby
description TO SERVICE PROVIDER
destination-pattern 9T
session target ipv4:y.y.y.y
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
!
description TO CUCM
destination-pattern 555.
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
!
ip rtcp report interval 3000
!
gateway
media-inactivity-criteria all
timer receive-rtcp 5
timer receive-rtp 86400
!
track 1 interface Gig0/0 line-protocol
track 2 interface Gig0/1 line-protocol
BRKUCC-2934
Cisco Public
95
Bind traffic destined to the outside (SP SIP trunk)

to the outside Physical interface.
This ensures that all RTP and SIP packets are
created with the virtual IP associated with the
respective physical interface.
CUBE HA does not work with loopback interfaces
as they are always up
Bind traffic destined to the inside (CUCM or IP
PBX) to the inside Physical interface.
This ensures that all RTP and SIP packets are
created with the virtual IP associated with the
respective physical interface.
Configure media inactivity feature to clean up any

calls that may not disconnect after a failover
Configure Interface Tracking
CUBE HA Design Considerations on ASR1K/4400 for

Box-to-Box Redundancy
CUBE-1
GE 0/0/0 10.10.1.1
GE 0/0/1 20.20.1.1
redundancy
rii 0
30.30.3.1
GE 0/0/2
30.30.3.2
20.20.1.3
redundancy
rii 2
CUBE
GE 0/0/2
Keepalives
10.10.1.3
10.10.1.10
SP IP
Network
CUCM
GE 0/0/0 10.10.1.2
LAN Virtual IP
CUBE
CUBE-2
GE 0/0/1 20.20.1.2
WAN Virtual IP
All signaling is sourced from/to the Virtual IP Address
Lower address for all the interfaces (Gig0/0/0, Gig0/0/1, and Gig0/0/2) should be on the same platform
Redundancy Interface Identifier, rii (HSRP Group number) should be unique to a pair/interface combination
on the same L2
Configuration on both the CUBEs must be identical including physical configuration and must be running on
the same type of platform and IOS version. Loopback interfaces cannot be used as they are always up.
Multiple HSRP interfaces require preemption with interface tracking to be configured
BRKUCC-2934
Cisco Public
96
CUBE HA Design Considerations on ASR1K/4400 for

Box-to-Box Redundancy CUBE-1
Contd
GE 0/0/0 10.10.1.1
GE 0/0/1 20.20.1.1
redundancy
rii 0
30.30.3.1
GE 0/0/2
30.30.3.2
20.20.1.3
redundancy
rii 2
CUBE
GE 0/0/2
Keepalives
10.10.1.3
10.10.1.10
SP IP
Network
CUCM
GE 0/0/0 10.10.1.2
LAN Virtual IP
CUBE
CUBE-2
GE 0/0/1 20.20.1.2
WAN Virtual IP
Some call flows requiring DSPs will be preserved in a future release (XE3.15) March 2015
Both platforms must be connected via a Switch for CUBE HA to work. Cannot have WAN terminated on CUBEs
directly or Data HSRP on either side
Upon failover, starting XE3.11, the ACTIVE CUBE can be moved to PROTECTED state to avoid reload
It is mandatory to use separate interface for redundancy (RG Control/data, Gig0/0/2). i.e interface used for traffic
cannot be used for HA keepalives and checkpointing.
CUBE B2B HA on ASR is not supported over a crossover cable connection for the RG-control/data link.
BRKUCC-2934
Cisco Public
97
ASR B2B Redundancy : PROTECTED MODE
Default failover redundancy behavior in a B2B HA pair is to reload the affected router to avoid out-of-sync
conditions/Split brain
Starting XE3.11, an ASR can be configured to transition into PROTECTED mode
In PROTECTED mode
o
o
Bulk sync request, Call checkpointing, and incoming call processing are disabled
The router in PROTECTED mode needs to be manually reloaded to come out of this state
The PROTECTED mode is enabled with the following CLI

voice service voip
no redundancy-reload ! Default is redundancy-reload
Track for the RG Control/data interface (GE0/0/2) with the same track <id> shutdown under redundancy
group needs to be added
track 1 interface GigabitEthernet0/0/0 line-protocol
track 2 interface GigabitEthernet0/0/1 line-protocol
track 3 interface GigabitEthernet0/0/2 line-protocol ! Track for RG Control/data interface
redundancy
application redundancy
group 1
track 1 shutdown
track 2 shutdown
track 3 shutdown
BRKUCC-2934
Cisco Public
98
CUBE SIP Trunk Monitoring with OOD Options message

A
SP SIP Trunk
CUCM SIP Trunk
SP
SIP
CUBE
OOD Options
INVITE
DP 100 =
ACTIVE
200 OK
Out-of-dialog OPTIONS message sent

to check the status of the SIP Trunk
INVITE
The dial-peer is busyout if it does

not receive a response within a
configurable time period
For an INVITE that matches a

busyout dial-peer, CUBE sends 503
Service Unavailable
If there is a secondary dial-peer

configured, the call will be re-routed
the secondary path
200 OK
200 OK
OOD Options
Timeout no
response
DP 100 = BUSYOUT
INVITE
OOD Options
503 Service Unavailable

OOD Options
BRKUCC-2934
Cisco Public
99
CUBE SIP Trunk Monitoring with OOD Options message

A
SP SIP Trunk
CUCM SIP Trunk
SP SIP
CUBE

voice-class sip options-keepalive
up-interval 20 down-interval 20 retry 3
OOD Options
200 OK
INVITE
DP 100 =
ACTIVE
Three timers that can be configured:

up-Interval: OPTIONS keepalive
timer interval for UP endpoint
down-interval: OPTIONS keepalive
timer interval for DOWN endpoint
retry: Retry count for OPTIONS
keepalive transmission
INVITE
200 OK
200 OK
OOD Options
Timeout no
response
DP 100 = BUSYOUT
INVITE
Warning:
Each dial-peer that has options
message configured sends out a
separate message.
EEM Script can be used to busyout
other dial-peers
OOD Options
503 Service Unavailable

OOD Options
BRKUCC-2934
Cisco Public
100
OOD OPTIONS Ping Keepalive Enhancement

A
SP SIP Trunk
CUCM SIP Trunk
SP SIP
CUBE
OOD Options (DP 100)

200 OK
Network bandwidth and process runtime are

wasted in CUBE and remote targets to sustain
duplicate OOD OPTIONS Ping heartbeat
keepalive connection
DP 100 : Session Target IPv4:1.1.1.1

INVITE
INVITE (DP 100)
200 OK
Each dial-peer that has OPTIONS message

configured sends out a separate message, even
if the session targets are same
200 OK
Consolidate SIP OOD Options Ping connections

by grouping SIP dial-peers with same OOD
Options Ping setup
200 OK
DP 200: Session Target IPv4:1.1.1.1
New CLI : voice class sip-keepaliveprofile <tag> is used to define OOD

OPTIONS Ping setup
200 OK
200 OK
Consolidated SIP OOD Options Ping connection

will then be established with a target for multiple
SIP dial-peers with the same target and OOD
Options Ping profile setup
BRKUCC-2934
Cisco Public
101
OOD OPTIONS Ping Keepalive Enhancement Configuration

voice class sip-options-keepalive 1
description UDP Options consolidation
down-interval 49
up-interval 180
retry 7
transport udp
voice-class sip options-keepalive profile 1
Sample Show command output

CUBE#sh voice class sip-options-keepalive 1
Voice class sip-options-keepalive: 1
Single OOD Option

Ping Group applied
to multiple dial-peers
with same session
targets
AdminStat: Up
Description: UDP Options consolidation

Transport: udp
Sip Profiles: 0
Interval(seconds) Up: 180
Down: 49
Retry: 7

voice-class sip options-keepalive profile 1
Peer Tag
Server Group
--------
------------
OOD SessID
OOD Stat
IfIndex
----------
--------
-------
Active
Active
10
OOD SessID: 4
OOD Stat: Active
Target: ipv4:10.104.45.253
Transport: udp
Sip Profiles: 0
With OOD Options Ping Keepalive group, an options ping keepalive connection is established on per remote target base as opposed an options
ping keepalive connection established per dial-peer basis
Up to 10,000 voice class sip-options-keepalive <tag> can be defined per system
Either legacy sip options-keepalive or the new sip options-keepalive profile <tag> can be configured on a dial-peer
BRKUCC-2934
Cisco Public
102
SIP Trunk to TDM PSTN Failover

Collocated Cisco Unified Border Element and TDM GW offers:
Alternate call routing path (upon congestion or SIP Trunk failure)
Easy SIP Trunking migration
SIP Trunk
(Primary)
SBC
IP
SP
VoIP
CUBE
TDM Trunk
(Secondary)
BRKUCC-2934

description Primary path to SIP Trunk provider
destination-pattern 91[2-9]..[2-9]......
Deployed in small to medium sized

enterprise networks
Deployed at branch locations for
PSTN calls during survivability
mode
Deployed at branch locations for
emergency services
dial-peer voice 20 pots

description Secondary path to PSTN
preference 2
port 0/0/0:23
Cisco Public
103
SIP Trunking to more than one service provider

SIP SP-1
Standby
(10.10.10.2)
CUBE
Active
SIP SP-2
(20.20.20.2)
CUBE
Enterprise
Campus
Large enterprises are deploying more

than one SIP Trunk provider for:
Alternate call routing
Load balancing
CUBE with High

Availability
MPLS
SIP SP-1s
network
interface loopback1
ip address 10.10.10.1 255.255.255.0
SIP SP-2s
network
SRST
interface loopback2
ip address 20.20.20.1 255.255.255.0

description Primary path to SIP SP-1
CME
TDM PBX
voice-class sip bind control source-interface loopback1
Enterprise
voice-class sip bind media source-interface loopback1
Branch Offices
BRKUCC-2934
Cisco Public
104

description Secondary path to SIP SP-2
preference 2
voice-class sip bind control source-interface loopback2
voice-class sip bind media source-interface loopback2
NOTE: Dual SPs can be used for outbound calls, but cannot
be utilized for inbound calls
Contact Center Features
Mid-call codec renegotiation

LTI based Xcoder Inserted/Dropped dynamically
G.711
3
CVP
Transcoder Inserted
G.711
Call Xfer (signaling only)
Provider supports only

G.729 codec
G.729 /
G.711
SP SIP
SIP
CUBE
4
G.729
BRKUCC-2934
G.729
Transcoder Dropped
Call arrives on G.729 SIP trunk
CVP connects call to speech recognition server that

requires G.711. Since provider does not support G711
CUBE inserts transcoder
CVP xfers call to a remote agent that uses G.729
CUBE drops xcoder and e2e call becomes G.729 again
Cisco Public
106
REFER Handling for Contact Centers

Enables CUBE to handle REFER messages more efficiently in contact center deployments
CUBE can operate in either consume mode or pass-through mode
REFER Consumption
A
3. INVITE
SIP SP
CUBE
2. INVITE
CVP
Based on Refer-To header,

CUBE does outbound dial-peer
match and sends out an INVITE
message
No supplementary-service sip refer
supplementary-service media-renegotiate
1. REFER
REFER Pass-through (Default mode)

A
SIP SP
CUBE
2. REFER
CVP
1. REFER
BRKUCC-2934
Cisco Public
107
CUBE will pass across the

Refer message as-is without
any modification
REFER Handling Enhancement

A new CLI, refer consume, has been added to the SIP dial peer.
The final decision to consume or pass-through REFER is determined based on this new
CLI option configured on the Refer-To dial-peer.
supplementary-service sip refer
refer consume
Configured globally or
at inbound dial-peer
Configured at dialpeer that matches

refer-To
Yes (default)
No (default)
REFER Pass-through
Yes (default)
Yes
REFER Consume
No
No (default)
REFER Consume
No
Yes
REFER Consume
BRKUCC-2934
Cisco Public
108
Outcome
Agenda
CUBE Architecture

BRKUCC-2934
Cisco Public
109
Monitoring
CUBE Monitoring
Some Network Management Tools:
Network Management Tools can be used to monitor key CUBE

statistics like SIP Trunk status, Trunk utilization, Call Arrival Rate, - Cisco Unified Operations Manager
Call Success/Failure count, voice quality metrics etc..
- Arcana Networks
Network Management Tools can send SNMP Queries to CUBE
CUBE responds to the SNMP queries with real time values
of the monitored objects
CUBE can also send SNMP Traps to alert the

network management tool of certain events like
SIP Trunk failure, link down, high CPU etc..
Network
Management
Tool
SNMP
Query
SNMP
Response
SIP
H.323 or SIP
BRKUCC-2934
CUBE
SBC
Cisco Public
111
SP IP
Network
Solarwinds
Cisco Prime Collaboration
For Your
Reference
CUBE Monitoring
Area
Information
Method
Router Health
CPU, Memory, I/f
CISCO-PROCESS-MIB, cpmCPUTotal5minRev
CISCO-MEMORY-POOL-MIB, ciscoMemoryPoolTable
IF-MIB, IfEntry
SIP Trunk Status
SIP Trunk Status
SIP OOD Options Ping, CLI dial-peer status
Trunk Utilization
Call Arrival Rate
CUBE 1.4: CISCO-VOICE-DIAL-CONTROL-MIB, cvCallRateMonitor
Call Success/Failure
DIAL-CONTROL-MIB, dialCtlPeerStatsSuccessCalls, dialCtlPeerStatsAcceptCalls,

dialCtlPeerStatsFailCalls, dialCtlPeerStatsRefuseCalls
CISCO-SIP-UA-MIB, cSipStatsErrClient, cSipStatsErrServer, cSipStatsGlobalFail
SIP retries
CISCO-SIP-UA-MIB, cSipStatsRetry
DSP Availability
CISCO-DSP-MGMT-MIB, cdspCardResourceUtilization, cdspDspfarmUtilObjects
Transcoding util.
CUBE 1.4: CISCO-DSP-MGMT-MIB, cdspTotAvailTranscodeSess, cdspTotUnusedTranscodeSess
MTP utilization
CUBE 1.4: CISCO-DSP-MGMT-MIB, cdspTotAvailMtpSess, cdspTotUnusedMtpSess
Loss, delay, jitter
CISCO-VOICE-DIAL-CONTROL-MIB, cvVoIPCallActiveTable
IP SLA
CISCO-RTTMON-RTP-MIB, rttMonJitterStatsTable , rttMonLatestJitterOperTable
Traffic Reports (Calls,

Sessions, Capacity Planning,
Errors)
Media Resources
(DSPs)
Voice Quality
CUBE 1.4: CISCO-VOICE-DIAL-CONTROL-MIB, cvCallVolume

Older CUBE: DIAL-CONTROL-MIB, callActive
CISCO-DIAL-CONTROL-MIB, cCallHistoryTable
CUBE 8.5: SIP RAI Trunk Utilization
More info in CUBE Management and Manageability Specification at:

http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps5640/white_paper_c11-613550.html
BRKUCC-2934
Cisco Public
112
Also see BRKNMS-2333

Prime Collaboration
Monitoring CUCM SIP Trunk Status

Capacity, Busy Hour Traffic, Average
Capacity
BRKUCC-2934
Cisco Public
Monitoring CUBE Status
CPU, DSP, Active Calls, etc.
113
Voice Quality Metrics
Voice Call Quality Monitoring on CUBE

Three mechanism exist to monitor call quality statistics
1. End of call statistics in BYE message
2. End of call CDR with 5 critical call parameters (MoSQe, Delay, Jitter, Loss, OoO)
3. Real time export of 30+ AQM via Flexible NetFlow
CDR Example or MIB file: CISCO-VOICE-DIAL-CONTROL-MIB
<MOS-Con>4.4072</MOS-Con>
<round-trip-delay>1 ms</round-trip-delay>
<receive-delay>64 ms</receive-delay>
<voice-quality-total-packet-loss>0.0000 %</ voice-quality-total-packet-loss>
< voice-quality-out-of-order>0.0000 %</ voice-quality-out-of-order>
CDR will be sent to Radius server at the end of a call if AAA accounting is
configured
BRKUCC-2934
Cisco Public
115
Audio Quality Monitor using Flexible NetFlow

AQM uses FNF to export up to 30 voice quality metrics measured by media monitoring CLI
To help the NetFlow collector to process the flow record, AQM also reports call related
information such as calling number, called number, call setup time, etc
Available on ASR starting XE3.14
Configuration to enable VQM Calculation

voice service voip
media monitoring [num] persist
The max number of channels used for monitoring
media statistics
Enable media statistics for VQM calculation
dial-peer voice [tag] voip

media monitoring
! Enable media monitoring on this dial-peer, every call leg matching this dial-peer will be monitored
BRKUCC-2934
Cisco Public
116
For Your
Reference
Viewing AQM
CUBE# show call active voice stats
DSP/TX: PK=0, SG=0, NS=0, DU=0, VO=0

DSP/RX: PK=34, SG=0, CF=1, RX=660, VO=660, BS=0, BP=0, LP=0, EP=0
DSP/PD: CU=69, MI=69, MA=69, CO=0, IJ=0.0000
DSP/PE: PC=0, IC=0, SC=0, RM=0, BO=0, EE=0
DSP/LE: TP=0, TX=0, RP=0, RM=0, BN=0, ER=0, AC=0
DSP/ER: RD=0, TD=0, RC=0, TC=0
DSP/IC: IC=0
DSP/EC: CI=g711alaw, FM=5, FP=1, VS=0, GT=1.0000, GR=1.0000, JD=adaptive, JN=60,
JM=40, JX=1000
DSP/KF: KF=0.0000, AV=0.0000, MI=0.0000, BS=0.0000, NB=0, FL=0, NW=0, VR=0.0
DSP/CS: CR=0.0000, AV=0.0000, MX=0.0000, CT=0, TT=0, OK=0, CS=0, SC=0, TS=50, DC=0
DSP/RF: ML=-1.0000, MC=-1.0000, R1=-1, R2=-1, IF=0, ID=0, IE=0, BL=25, R0=93, VR=2.0
DSP/UC: U1=0, U2=0, T1=0, T2=0
DSP/DL: RT=0, ED=0
BRKUCC-2934
Cisco Public
117
Introducing ManageExpress Border Manager

Simplified provisioning
and management
Uniform policies across all SBCs
Real time 911/211 alerting
and monitoring
Voice quality monitoring
Reduce operational costs
Available on the Cisco price list
BRKUCC-2934
Cisco Public
118
AQM viewing through ARCANAs MEBM
BRKUCC-2934
Cisco Public
119
AQM stats per network segment
BRKUCC-2934
Cisco Public
120
Incremental metrics are provided through out the call
BRKUCC-2934
Cisco Public
121
Troubleshooting
Troubleshooting of Calls
show cube status
Is CUBE Active ?
CUBE-Version : 9.0
SW-Version : 15.2.1T, Platform 2911
HA-Type : none
Licensed-Capacity : 200
debug voip ccapi inout

Oct 26 18:59:01.146: //-1/66A6B1BF8013/CCAPI
cc_api_call_setup_ind_common:
.................
Incoming Dial-peer=1, Progress Indication=NULL(0), Calling IE
Present=TRUE,
.................
Outgoing Dial-peer=100, Params=0x26E8574, Progress
Indication=NULL(0)
Is the call matching

right Dial-peers ?
Are we sending the

right SIP call to SP based
on their requirements ?
BRKUCC-2934
debug ccsip messages

Received:
INVITE sip:912025552000@14.128.101.24:5060 SIP/2.0
Date: Wed, 26 Oct 2011 18:59:01 GMT
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK,
UPDATE, REFER, SUBSCRIBE, NOTIFY
From: "Paul Hewson"
<sip:1500@10.88.156.166>;tag=90d94d92-6ee4-45aa-9f182d09025c1ee4-27352390
................
Cisco Public
123
CUBE Debugging
When debugging in IOS, configure logging buffered to a fairly large value
(based on available memory)
Disable logging to the console with command no logging console
Enable timestamps for debugs
Make sure router has NTP enabled
service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime
logging buffered 10000000
no logging console
clock timezone EST -5 0

clock summer-time EDT recurring
ntp server 10.14.1.1
BRKUCC-2934
Cisco Public
124
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
Via: SIP/2.0/UDP 20.1.1.1:5060;branch=z9hG4bK1216FC
Remote-Party-ID: <sip:2000@20.1.1.1>;party=calling;screen=no;privacy=off
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Call-ID: A2F9661D-9C0211E0-803289BC-624E6E32@9.44.44.71
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER,
SUBSCRIBE, NOTIFY, INFO, REGISTER
.........
.........
Cisco Public
External
Network
10.1.1.1
20.1.1.1
SIP SP
CUBE
B2B User
Agent
Outbound INVITE message

Sent with destination number as 1000 and IP address
20.1.1.2 on port 5060
Calling number is 2000 with source IP address of call is
20.1.1.1
Cisco-GUID uniquely identifies this call leg
c parameter identifies the IP address (20.1.1.1) that the

peer device should send the media to
m parameter identifies:
the type of call (audio)
port number for media (16950)
payload type for the 1st preferred codec (18 for G729)
dtmf (101 for RFC2833)
a parameter identifies all the codecs and other
descriptors for this call leg
v=0
o=CiscoSystemsSIP-GW-UserAgent 2026 314 IN IP4 9.44.44.71
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
m=audio 16950 RTP/AVP 18 101
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
BRKUCC-2934
Internal
Network
125
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
.........
.........
Internal
Network
External
Network
10.1.1.1
20.1.1.1
SIP SP
Sent:
INVITE
CUBE
B2B User
Agent

20.1.1.2 on port 5060
20.1.1.1

v=0
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
BRKUCC-2934
Cisco Public
126
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
.........
.........
Cisco Public
10.1.1.1
20.1.1.1
CUBE
B2B User
Agent

Sent with destination number
as 1000 and IP address
20.1.1.2 on port 5060
20.1.1.1
To: <sip:1000@20.1.1.2>
BRKUCC-2934
External
Network
SIP SP
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
v=0
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
Internal
Network
cwith
parameter
identifies the
IP address (20.1.1.1) that the
Sent
destination
number
as 1000
and IP address
20.1.1.2
5060
theon
typeport
of call
(audio)
127
SIP EO Debug
Example
Internal
Network
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
.........
.........
SIP SP
10.1.1.1
BRKUCC-2934
Cisco Public
CUBE
20.1.1.1
B2B User
Agent

20.1.1.2 on port 5060
Calling number is
2000 with source IP
address of call is 20.1.1.1
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
v=0
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
External
Network

m parameter
identifies:
Calling
number
is 2000
with
source
address
port
number IP
for media
(16950)of
st
type for the 1 preferred codec (18 for G729)
call payload
is 20.1.1.1
128
SIP EO Debug
Example
Internal
Network
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
.........
.........
External
Network
SIP SP
10.1.1.1
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
B2B User
v=0
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
BRKUCC-2934
Cisco Public
CUBE
20.1.1.1
Agent

20.1.1.2 on port 5060
Calling number is
2000 with source IP address of call is 20.1.1.1
Cisco-GUID uniquely
identifies this call leg

the type of
call (audio)
Cisco-GUID
uniquely
identifies
this
call
payload
type
for the 1st preferred codec (18 for G729)
129
SIP EO Debug
Example
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
.........
.........
Internal
Network
External
Network
10.1.1.1
20.1.1.1
SIP SP
CUBE
B2B User
Agent
c parameter
the IP
address
Sent withidentifies
destination number
as 1000
and IP address
20.1.1.2 on port 5060
(20.1.1.1)
that the peer device should
Calling number is
send the2000
media
to IP address of call is 20.1.1.1
with source
c=IN IP4 20.1.1.1
c parameter identifies the IP address

(20.1.1.1) that the peer device should
send the media to
v=0
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
c=IN IP4 20.1.1.1
BRKUCC-2934
Cisco Public
130
SIP EO Debug
Example
Internal
Network
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
.........
.........
v=0
m=audio
16950 RTP/AVP 18 101
SIP SP
10.1.1.1
CUBE
20.1.1.1
B2B User
Agent
Outbound INVITE
message
m parameter
identifies:
the type
ofoncall
20.1.1.2
port (audio)
5060
Calling
number
is
2000 with source IP address
of call is 20.1.1.1
payload
type uniquely
for theidentifies
1st preferred
Cisco-GUID
this call leg
codec (18 for G729)
dtmf (101
for RFC2833)
c parameter
identifies the IP address

s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
BRKUCC-2934
External
Network
Cisco Public
131

send the media to
payload type for the 1st preferred
codec (18 for G729)
SIP EO Debug
Example
Internal
Network
Sent:
INVITE sip:1000@20.1.1.2:5060 SIP/2.0
From: <sip:2000@20.1.1.1>;tag=48AE80-CD8
To: <sip:1000@20.1.1.2>
Date: Wed, 22 Jun 2011 12:33:15 GMT
Min-SE: 1800
Cisco-Guid: 2734093693-2617381344-2150402492-1649307186
.........
.........
External
Network
SIP SP
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
10.1.1.1
CUBE
20.1.1.1
B2B User
Agent

20.1.1.2 on port 5060
Calling number is
2000 with source IP address of call is 20.1.1.1
c parameter identifies the IP address

send the media to
a parameter
identifies
all the codecs
m parameter
identifies:
the type of call
and other descriptors
for(audio)
this call leg
a parameter identifies all the codecs
and other descriptors for this call leg
v=0
s=SIP Call
c=IN IP4 20.1.1.1
t=0 0
c=IN IP4 20.1.1.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=fmtp:101 0-15
BRKUCC-2934
Cisco Public
132
New CUBE Serviceability Features

Call Arrival Rate
Example:
show call history stats cps
Histogram for Call rate
Histogram for Concurrent calls
Histogram for Call duration
Histogram for SIP message rate
High/Low watermark for Call Rate
High/Low watermark for Concurrent calls
High/Low watermark for SIP message rate
1122222357676678753222211111122247545789774322213311112245654598843333222
10
9
*
*
8
*
**
***
7
* * ***
*
*****
*
##*
6
********
*
*****
** *##*
5
*########*
#* *####*
*######*
4
*########*
*#***####**
*########*
3
**########**
*#########**
**
*########*****
2
******#########*****
****##########**** **
***########********
1 *######################################################################*
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
0
5
0
5
0
5
0
5
0
5
0
5
0
Call switching rate / CPS (last 72 hours)
* = maximum calls/s
# = average calls/s
Histogram for Call Failure Rate

High/Low watermark for Call Failure Rate
BRKUCC-2934
Cisco Public
133
New CUBE Serviceability Features

Total Number of Active Calls
A single call can have multiple calllegs. To determine the total number
of active calls from call-legs is
challenging
CLI added to display the value of
current number of active
(connected) calls on CUBE
The table defines the relation
between call-legs and number of
active calls
BRKUCC-2934
Router# show call active total-calls

Total Number of Active Calls : 10
Call Flow
Call-legs
Connected
call
Basic call (audio/video)
Transferred call (Refer

handling)
Transcoded call (SCCP)
Calls after rotary/hunt
2+x
Forwarded calls (CUBE

handling)
Forked call (media forking)
Forked call (signaling forking)
Cisco Public
134
Avoiding Non-call-context Debug Logs

Many times SIP debugs contain unrelated debugs that are not useful in
debugging issues related to call failures
Starting CUBE 10.0.1, non-call-context debugs will not be printed when
debug ccsip is issued
If a message is not part of any call, that debug will not be printed
Affected messages: OPTIONS, REGISTER, SUBSCRIBE/NOTIFY
To see the above messages in debugs, issue the following command

debug ccsip non-call
BRKUCC-2934
Cisco Public
135
Debugging Made Easier

Categorize Debugs based on Functionality
Categorization based on
Functionality
1.
2.
3.
4.
5.
6.
7.
Audio/video/sdp/control
Configuration /sip-transport
CAC
DTMF/FAX/Line-side
Registration
Sdp - passthrough
Sip-profile/SRTP/transcoder
Router# debug ccsip feature < audio | cac |

config | control | dtmf | fax | line | misc |
misc-features | parse | registration | sdpnegotiation | sdp-passthrough | sip-profiles
| sip-transport | srtp | supplementaryservices | transcoder | video >
Example: enabling DTMF and audio debugs only with default log level is considered.
DTMF(32) debug code
CUBE#sh debugging
CCSIP SPI: SIP info debug tracing is enabled (filter is OFF)
CCSIP SPI: audio debugging for ccsip info is enabled (active)
CCSIP SPI: dtmf debugging for ccsip info is enabled (active)
Audio(2) debug code
May 21 17:54:53.377: //444/5FE632EB8479/SIP/Info/verbose/32/sipSPI_ipip_store_channel_info: dtmf negotiation done, storing

negotiated dtmf = 0,
May 21 17:54:53.377: //444/5FE632EB8479/SIP/Info/info/2/sipSPIUpdateCallEntry:
Call 444 set InfoType to SPEECH
BRKUCC-2934
Cisco Public
136
Debugging Made Easier

Categorize Debugs based on Functionality
|----------------------------------------------| show cube debug category codes values.
|----------------------------------------------| Indx | Debug Name
|
Value
|----------------------------------------------| 01 | SDP Debugs
|
1
| 02 | Audio Debugs
|
2
| 03 | Video Debugs
|
4
| 04 | Fax Debugs
|
8
| 05 | SRTP Debugs
|
16
| 06 | DTMF Debugs
|
32
| 07 | SIP Profiles Debugs |
64
| 08 | SDP Passthrough Deb |
128
| 09 | Transcoder Debugs
|
256
| 10 | SIP Transport Debugs |
512
| 11 | Parse Debugs
|
1024
| 12 | Config Debugs
|
2048
| 13 | Control Debugs
|
4096
| 14 | Mischellaneous Debugs|
8192
| 15 | Supp Service Debugs |
16384
| 16 | Misc Features Debugs|
32768
| 17 | SIP Line-side Debugs |
65536
| 18 | CAC Debugs
|
131072
| 19 | Registration Debugs |
262144
|-----------------------------------------------
CUBE# show cube debug category codes
This CLI is used to collect the

predefined debug features category
codes , which helps in analysis of
debugs manually.
BRKUCC-2934
Cisco Public
137
Agenda
CUBE Architecture

BRKUCC-2934
Cisco Public
138
CUBE Roadmap
CUBE 11.0.0 FCS March 2015

CUBE HA will preserve calls utilizing DSPs (Transcoder, VCC, DTMF, SRTPRTP [ISR G2])
CUBE HA support for REFER call flows upon SSO
SIP Profile tagging
Virtualized CUBE (vCUBE) on CSR platforms

CSR Resources http://wwwin.cisco.com/tech/srtg/rbs/csr1000v.shtml#tab1=0&tab=0
ICE-lite infrastructure on ASR/4451-X platforms to facilitate NAT traversal
Call Progress Analysis Enhancements

Ability to sort/sequence dial-peers
BRKUCC-2934
Cisco Public
Key Takeaways
It is a manageable transition from existing TDM based networks to SIP
networks using these network design techniques
Enterprise SBC (Cisco Unified Border Element - CUBE) is an essential
component of a UC solution providing;
Security, Session Management, Interworking, Demarcation
An unmatched set of features and functionality
Proven interoperability with 3rd party PBX vendors and different service providers
around the world (more than 160 countries)
Integrated & revolutionary platforms
Now is the time to deploy SIP Trunking in either a Centralized or a Distributed

solution to save money, simplify your topology and setup your infrastructure for
future services
BRKUCC-2934
Cisco Public
141
Recommended Reading
BRKUCC-2934
VoDs on CUBE
https://learningnetworkstore.cisco.com
Email dsladden@cisco.com
for Special Discount Code
Recommended e-Learning
Course on SIP
Buy My Book!
http://cisco.thesipschool.com
BRKUCC-2934
Cisco Public
142
Call to Action
Visit the World of Solutions for
Cisco Campus Collaboration Booth
Technical Solution Clinics
Meet the Engineer Tues 1-2pm, Wednesday 2-3pm

Lunch time Table Topics
DevNet zone related labs and sessions
Recommended Reading: for reading material and further resources for this
session, please visit www.pearson-books.com/CLMilan2015
BRKUCC-2934
Cisco Public
143
Complete Your Online Session Evaluation

Please complete your online session
evaluations after each session.
Complete 4 session evaluations
& the Overall Conference Evaluation
(available from Thursday)
to receive your Cisco Live T-shirt.
All surveys can be completed via
the Cisco Live Mobile App or the
Communication Stations
BRKUCC-2934
Cisco Public
144
Additional Slides
CUBE Licensing
Customer Deployment Scenario 1

Two active CUBEs, no redundancy (i.e.
NO call preservation on failure of box), no
load balancing
Expecting 500 sessions across each
Location
BRKUCC-2934
Licensing requirement : Two FL-CUBEE500
Cisco Public
14
9
Geographic Redundancy - Two active CUBEs, NO

call preservation on failure of box BUT load
balancing
Expecting 500 sessions across each Location, and in
case of one Location failing, expecting newer 500 calls
to failover to the other Location
Licensing requirement : Two FL-CUBEE-500-RED
If a box fails in this scenario, the calls on it are lost .

The load balancing algorithm ensures the next call is
sent to the non-failed site
You can also pool the CUBE licenses in this scenario,

one FL-CUBEE-1000-RED can be used.
BRKUCC-2934
Cisco Public

Layer 2 Box-to-Box Redundancy
with Call Preservation
Expecting 500 sessions across an active
CUBE
Licensing requirement : One FL-CUBEE500-RED
What if the standby CUBE was at a different

Location
BRKUCC-2934
Layer 2 Box-to-Box redundancy is not

supported across geographical data
centers. Typically, it is two boxes in the
same rack
Cisco Public
151

Box-to-Box and Redundancy (call preservation on failure within location) and load
balancing/redundancy across locations
Expecting 500 sessions per Location
Licensing requirement : Two FL-CUBEE-500-RED, one per Active/Standby pair. In total you will have 1000-RED .
Scenarios Covered
If R1 or R3 went down, R2 or R4 respectively will take over
If Location 1 (both R1 and R2) becomes unavailable, RED license allows newer calls to flow to Location 2. RED license
allows transfer not only within one redundant pair from Active to Standby, allowing call preservation, but also from one
pair to the other, that is from one Data Center to the other for new calls. In that case, Location 2 will handle 1000
sessions. This is called Dual Redundancy
BRKUCC-2934
Cisco Public
15
2

In-box Hardware and Software Redundancy
Licensing requirement : RED license is not required here, regular SingleUse CUBE license covers all In-box Redundancies
BRKUCC-2934
Cisco Public
15
3
CUBE Licensing FAQs

Is CUBE Licensing Enforced?
No, CUBE is a paper-based honor license (no file to install) that allows to run the CUBE RTU(Righ-toUse) feature set once you have the UCK9 license installed. More info on ordering here.
General information on IOS Software Activation (licensing) can be found here .
ISR G2s require UCK9 package for any of the UC features such as CUBE
http://www.cisco.com/en/US/prod/collateral/routers/ps10616/white_paper_c11_556985.html
Can CUBE Licenses be transferred?

No, CUBE licensing is not transferable between chassis at this time.
FL-CUBEE-XX licenses can be bought for any ISR G2 platform, but cannot be transferred between
platforms.
FL-CUBEE-XX licenses are only for ISR G2 (i.e. you buy FL-CUBEE-5, it applies to a single ISR G2 that
you buy it for, which could be a 2901, 2911, 3925, etc., but only a single platform.)
Are CUBE licenses incremental?

Yes, CUBE licenses can be added together to provide an aggregate session count. This way, a
customer can start with a smaller numbers of sessions and grow their system over time as call volume
increases. E.g. a customer may buy a FL-CUBEE-5 license to start with allowing a total of 5 sessions,
and later add 2 more FL-CUBE-5 licenses for a total of 15 sessions.
BRKUCC-2934
Cisco Public
154
CUBE Licensing FAQs Contd

What constitutes as a session?
A session is a single audio or a video call across the CUBE, regardless of call
legs. Some vendors consider one call as two sessions.
Does a call recording solution require additional licensing?

No, Sessions created between CUBE and the Call Recording server such as
MediaSense do not require additional licenses and are not counted against
the CUBE licensing limit. However, keep in mind the platform capacity numbers.
Can a customer migrate from a Single-Use to a RED license?

No, Currently there are no migration SKUs, that is, if the customer previously
purchased a Single-Use license, it cannot be converted into a RED license in
future. For further assistance, please reach out to the CUBE team.
BRKUCC-2934
Cisco Public
155
Call Admission Control
Call Admission Control at the edge...

CUBE provides various CAC mechanisms to safeguard your network from SIP based attacks and to enforce policies based on:
Total calls
Maximum connections per destination
CPU & Memory
Dial-peer or interface bandwidth
Call spike detection
Total Calls,
CPU, Memory
High Water Mark

Low Water Mark
CUBE
Call Spike
Detection
call spike call-number [steps

number-of-steps size milliseconds]
call spike 10 steps 5 size 200
CUBE
call threshold global [total/mem/cpu] calls low xx high yy

call treatment on
Max Calls per

Destination
Call #1
If a call spike is detected,

reject calls
Max Bandwidth
based
Call #3
Rejected by
CUBE
Call #1 80Kbps
Call #2 80 Kbps
Call #2
Call #3
Call #3 80 Kbps
CUBE

max-conn 2
BRKUCC-2934
Call #3 Rejected
by CUBE

max-bandwidth 160
Cisco Public
157
CUBE
Call Admission Control at the edge...

CUBE provides various CAC mechanisms to safeguard your network from SIP based attacks and to enforce policies based on:
Total calls
Maximum connections per destination
CPU & Memory
Dial-peer or interface bandwidth
Call spike detection
Total Calls,
CPU, Memory
High Water Mark

Low Water Mark
CUBE
Call Spike
Detection
call spike call-number [steps

number-of-steps size milliseconds]
call spike 10 steps 5 size 200
CUBE
call threshold global [total/mem/cpu] calls low xx high yy

call treatment on
Max Calls per

Destination
Call #1
If a call spike is detected,

reject calls
Max Bandwidth
based
Call #3
Rejected by
CUBE
Call #1 80Kbps
Call #2 80 Kbps
Call #2
Call #3
Call #3 80 Kbps
CUBE

max-conn 2
BRKUCC-2934
Call #3 Rejected
by CUBE

max-bandwidth 160
Cisco Public
158
CUBE
CUBE HA ASR 1K Configuration
CUBE Configuration on ASR Box-to-Box Redundancy

CUBE-1
GE 0/0/0 10.10.1.1
GE 0/0/1 20.20.1.1
redundancy
rii 0
30.30.3.1
GE 0/0/2
30.30.3.2
20.20.1.3
redundancy
rii 2
CUBE
GE 0/0/2
Keepalives
10.10.1.3
10.10.1.10
SP IP
Network
CUCM
GE 0/0/0 10.10.1.2
LAN Virtual IP
CUBE 1
redundancy
mode none
group 1
name voice-b2bha
priority 100 failover threshold 75
control GigabitEthernet 0/0/2 protocol 1
data GigabitEthernet 0/0/2
timers delay 30 reload 60
GE 0/0/1 20.20.1.2
CUBE-2
Disables software redundancy

For ASR1006: mode rpr
voice service voip

mode border-element
redundancy-group 1
BRKUCC-2934
CUBE
Configure RG
Group for use
with CUBE HA
Turn on CUBE
Redundancy
Cisco Public
160
WAN Virtual IP
CUBE 2
redundancy
mode none
group 1
name voice-b2bha
priority 100 failover threshold 75
control GigabitEthernet 0/0/2 protocol 1
data GigabitEthernet 0/0/2
timers delay 30 reload 60
voice service voip
mode border-element
redundancy-group 1

CUBE-1
GE 0/0/0 10.10.1.1
GE 0/0/1 20.20.1.1
10.10.1.3
30.30.3.1
GE 0/0/2
30.30.3.2
20.20.1.3
redundancy
rii 2
CUBE
GE 0/0/2
Keepalives
redundancy
rii 0
10.10.1.10
SP IP
Network
CUCM
GE 0/0/0 10.10.1.2
LAN Virtual IP
CUBE
CUBE-2
CUBE 1
track 1 interface GigabitEthernet 0/0/0
line-protocol
line-protocol
redundancy
group 1
track 1 shutdown
track 2 shutdown
BRKUCC-2934
GE 0/0/1 20.20.1.2
WAN Virtual IP
CUBE 2
Track interfaces
to trigger
switchover
Cisco Public
161

line-protocol
line-protocol
redundancy
group 1
track 1 shutdown
track 2 shutdown

CUBE-1
GE 0/0/0 10.10.1.1
GE 0/0/1 20.20.1.1
redundancy
rii 0
30.30.3.1
GE 0/0/2
30.30.3.2
20.20.1.3
redundancy
rii 2
CUBE
GE 0/0/2
Keepalives
10.10.1.3
10.10.1.10
SP IP
Network
CUCM
GE 0/0/0 10.10.1.2
CUBE
LAN Virtual IP
GE 0/0/1 20.20.1.2
CUBE-2
CUBE 1
WAN Virtual IP
CUBE 2
interface GigabitEthernet0/0/0
ip address 10.10.1.1 255.255.255.0
redundancy rii 0
redundancy group 1 ip 10.10.1.3 exclusive
bfd interval 50 min_rx 50 multiplier 3
Inside interfaces:
Redundancy Interface
Identifier 0
ip address 10.10.1.2 255.255.255.0
redundancy rii 0
redundancy group 1 ip 10.10.1.3 exclusive
ip address 20.20.1.1 255.255.255.0
redundancy rii 2
redundancy group 1 ip 20.20.1.3
Outside interfaces:
Redundancy Interface
Identifier 2
ip address 20.20.1.2 255.255.255.0
redundancy rii 2
redundancy group 1 ip 20.20.1.3
interface GigabitEthernet 0/0/2

ip address 30.30.3.1 255.255.255.0
Interface for control &

checkpoint data traffic
interface GigabitEthernet 0/0/2

ip address 30.30.3.2 255.255.255.0
BRKUCC-2934
Cisco Public
162

Configuration on Active and Standby
description to-SIP-SP
destination-pattern 9T
session target ipv4:y.y.y.y
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
!
description to-CUCM
destination-pattern 555.
voice-class sip bind control source-interface GigabitEthernet0/0/0
voice-class sip bind media source-interface GigabitEthernet0/0/0
!
ip rtcp report interval 3000
!
gateway
media-inactivity-criteria all
timer receive-rtcp 5
timer receive-rtp 86400
BRKUCC-2934
Cisco Public
163
Bind traffic destined to the outside (SP SIP

trunk) to the outside Physical interface to
make sure it uses the virtual IP address as
the source-IP for all calls
Bind traffic destined to the inside (CUCM or

IP-PBX) to the inside Physical interface
Configure media inactivity feature to

clean up any calls that may not
disconnect after a failover
Contact Center Features
Call Progress Analysis on SIP Trunks

Sent:
Received:
INVITE sip:2776677@9.41.35.205:5060
SIP/2.0
UPDATE
sip:sipp@9.42.30.151:7988;transport=UDP
SIP/2.0
Via: SIP/2.0/UDP
SIP/2.0/UDP 9.41.35.205:5060;branch=z9hG4bK6F26CF
9.42.30.151:7988;branch=z9hG4bK-16368-1-0
Via:
..
.
event=detected
--uniqueBoundary
status=Asm
Content-Type: application/x-cisco-cpa
pickupT=2140
Content-Disposition: signal;handling=optional
maxActGlitchT=70
numActGlitch=12
Events=FT,Asm,AsmT,Sit
valSpeechT=410
CPAMinSilencePeriod=608
maxPSSGlitchT=40
CPAAnalysisPeriod=2500
numPSSGlitch=1
CPAMaxTimeAnalysis=3000
silenceP=290
CPAMaxTermToneAnalysis=15000
termToneDetT=0
CPAMinValidSpeechTime=112
noiseTH=1000
actTh=32000
SIP Dialer
SIP SP
CVP
Contact Center
BRKUCC-2934
CUBE
Dialer will then instruct

CUBE on whether to
connect the call to an agent
or disconnect the call by
sending REFER, RE-INVTE,
BYE, CANCEL etc.
Cisco Public
CUBE detects fax tone
Transcoder Inserted
to detect tones
CUBE will then
connect/disconnect the
call appropriately
165
Configuration on CUBE:
voice service voip
cpa
dspfarm profile 1 transcode universal
call-progress analysis
MMoH
Multicast MoH to Unicast MoH Conversion- CUBE

Multicast MoH
Hold
Unicast MoH
CUBE
SP
SIP
Active Call
ccm-manager music-on-hold
ip multicast-routing distributed
ip pim dense-mode under interface
Extends the ability for enterprises to play Multicast MoH to Service Providers
CUBE converts Multicast MoH from the MoH server to unicast MoH streamed to
the service provider
Provides the ability to play Multicast MoH over the WAN from the MoH server at
the HQ to the CUBE at the remote branch (distributed architecture), saving WAN
bandwidth
BRKUCC-2934
Cisco Public
167
Prime Collaboration and CUBE
Prime Collaboration - Assurance

CUBE Features Benefits matrix
Features
Monitoring Cisco Unified
Border Element
(CUBE)
Benefits
Detecting SIP trunk Outage
Has built in knowledge to auto-discover the CUBE system.

It will also enable administrator to monitor CPU and DSP intensive tasks
like Transcoding and MTP session usage. Administrator will get notified
when usage crosses the configured threshold.
Accurate Option Ping Method based CUBE SIP Trunk outage detection
Pro-actively Monitoring
SIP trunk Utilization
Incoming or Outgoing Call stats to understand call traffic pattern

Incoming or Outgoing Utilization to understand trunk usage pattern
Detecting DSP failure
Call Performance metrics
Detects and notifies when a DSP chip/card fails that might potentially
cause service disruption such as call drop due to unavailability for
resources for transcoding.
Additional CUBE KPIs such as call stats for deeper monitoring
BRKUCC-2934
Cisco Public
Prime Collaboration
CUBE Performance metrics
BRKUCC-2934
Cisco Public
Prime Collaboration - Assurance

CUBE SIP Trunk Usage Monitoring
Monitors both individual SIP trunk
usage and Aggregated SIP Route
Group usage
Provides 7 days trend graph
BRKUCC-2934
Cisco Public
Prime Collaboration Assurance

CUBE Performance metrics
Monitors and provide 7 days of
historical report for various CUBE
performance metrics
BRKUCC-2934
Cisco Public
Prime Collaboration - Analytics

CUBE SIP Trunk Busy Hour Erlang Capacity Planning report
BRKUCC-2934
Cisco Public
Prime Collaboration - Analytics

CUBE SIP Trunk Capacity Planning report
Monitors both individual SIP trunk
usage and Aggregated SIP Route
Group usage
Provides up to 1 year trend graph
BRKUCC-2934
Cisco Public
IOS Embedded Packet capture on ISR-G2

Provides ability to do packet captures only for interested traffic from within IOS
Step 1. Configure capture profile

ip traffic-export profile BRKUCC2934 mode
capture
bidirectional
incoming access-list 123
outgoing access-list 123
Create profile with

name BRKUCC2934
Create access-lists to define interesting traffic
In this eg, only SIP Traffic (TCP/UDP port 5060) is
being captured
access-list 123 permit udp any any eq 5060

access-list 123 permit tcp any any eq 5060
Apply this profile to an

interface that this traffic
traverses
interface fa0/0
ip traffic-export apply BRKUCC2934 [size
<bytes>]
2. Capture traffic with these exec

(enable) level commands
Note: The exec cmds dont appear until a profile has been configured
router# traffic-export interface fa0/0 clear

router# traffic-export interface fa0/0 start
<capture the problem>
router# traffic-export interface fa0/0 stop
BRKUCC-2934
Cisco Public
175
Clear the buffer to remove

previous contents
Start the capture when ready
Stop after the problem is captured
IOS Embedded Packet capture (.. contd)

Step 3. Export the pcap file to a server
router# traffic-export interface fa0/0 copy
ftp://x.x.x.x/BRKUCC2934_capture.pcap
Export the contents of the

buffer to an external FTP
server as a PCAP file
Step 4. Display ladder diagram

(with Wireshark)
The PCAP file can be viewed
in Wireshark. It provides the
ability to filter based on
calling/called numbers and
create a flow graph as
shown
Debug Decoder: http://translatorx.cisco.com
IP Traffic Capture: http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html

BRKUCC-2934
Cisco Public
176
FNF Configuration for AQM

flow record type performance-monitor aqm
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect application voice number called
collect application voice number calling
collect application voice setup time
collect application voice call duration
collect application voice rx bad-packet
collect application voice rx out-of-sequence
collect application voice codec id
collect application voice play delay current
collect application voice play delay minimum
collect application voice play delay maximum
collect application voice sip call-id
collect application voice router global-call-id
collect application voice delay round-trip
collect application voice delay end-point
BRKUCC-2934
Cisco Public
For Your
Reference
collect application voice r-factor 1
collect application voice r-factor 2
collect application voice mos conversation
collect application voice mos listening
collect application voice concealment-ratio average
collect application voice jitter configured type
collect application voice jitter configured minimum
collect application voice jitter configured maximum
collect application voice jitter configured initial
collect application voice rx early-packet count
collect application voice rx late-packet count
collect application voice jitter buffer-overrun
collect application voice packet conceal-count
!
177
FNF Configuration for AQM Contd

flow exporter aqm-exporter
destination <IP addr>
source FastEthernet8
transport udp 2055
option application-attributes
!
flow monitor type performance-monitor aqm-mon
record aqm
exporter aqm-exporter
cache entries 1000
cache timeout synchronized 10
history size 60 timeout 5
BRKUCC-2934
Cisco Public
For Your
Reference
class-map match-all aqm-class

match application rtp
match application attribute media-type audio
!
policy-map type performance-monitor aqm-policy
class aqm-class
flow monitor aqm-mon
!
interface FastEthernet8
ip address 10.10.10.11 255.255.0.0
load-interval 30
duplex full
speed 100
service-policy type performance-monitor input aqm-policy
service-policy type performance-monitor output aqm-policy
178
CUBE Security
CUBE Voice Security Protection per Design Specs

One of only two SBCs Certified by DISA / DOD
DOS
B2BUA L7
Inspection
Call Volume/BW
Limiting (CAC)
Call Codec
Limiting
SIP Malformed
Inspection
SIP Listen Port
Configuration
RTP Malformed
Topology Hiding
Co-resident IOS:
ACLs, FW, IPS
Voice Application Code

L7 Protocol-independent memory structures holding call
state and attributes (CLID, Called #, Codec)
Dial-peer
Dial-peer
DTMF xlation
Codec Filtering
Xcoding Control
SIP/H.323
Protocol
Stack
RTP
Library
SIP/H.323
Protocol
Stack
RTP
Library
DSP API
DSP Hardware
TCP UDP TLS
TCP UDP TLS
Identity / Service Theft

SIP Digest Authentication
SIP Hostname Validation
SIP Trunk Register
CDR
Toll Fraud
Co-resident IOS: ACLs, COR
Privacy
SIP Header Manipulation
Authentication and
encryption (media) SRTP
Authentication and
encryption (signaling) TLS
Co-resident IOS: All VPN
features
IOS Infrastructure (ACLs, FW, IPS, VPN)

Ingress I/F
HW LAN/WAN Interfaces
Signaling
BRKUCC-2934
Cisco Public
180
Media
Egress I/F
Five Layers of Security in CUBE

EXTERNAL
SECURITY
Policy
APPLICATION LAYER
Dialpeer
Matching
Voice Trust
List
TCP & UDP

Mechanisms
NETWORK LAYER
Access
Control Lists
BRKUCC-2934
Cisco Public
Voice Security Attacks

CUBE Protection at Various Layers
SBC Threat /
Security
Requirement
Calls/Traffic from
untrusted sources
Network Layer (protects at entry point

in the network)
Access Control Lists (ACLs) to Allow/Deny
Explicit Sources of Calls
BRKUCC-2934
Toll Fraud prevention using

a. IP Trust Lists
b. Silent-discard CLI TDoS attack
mitigation
b. Only allow your enterprise call agent

(CUCM) to initiate traffic from internal
network side
c. Topology/Address Hiding for both

media and signaling
c. Modifiable port range
d. SIP Trunk Registration/Authentication

prevents session hijacking
Close unused ports
e. Option to change well known listening

ports
If within MPLS or Ipsec WAN, then may not be

needed
f. Explicit incoming/outgoing dial-peer

matching
NBAR protection against

signaling(SIP/H.323/SIP-TLS), UDP attacks on
open RTP ports, andCisco
crafted
packets
Public
Malformed Signaling
Packets
Protection built in the B2BUA layer
ACLs, NBAR, CoPP
a. Only allow service providers SBC to

initiate traffic from PSTN side
DoS/TDoS Attacks
Application Layer (CUBE)
Checks by SIP/H.323 Protocol stack

SBC Threat /
Security
Requirement
Large Rate of packet
arrival, flooding
Rogue RTP / RTCP

packets

in the network)

ACLs, NBAR, CoPP

Control Plane Policing (CoPP policy)
implemented with ACLs limits the rate of
packets and mitigates attacks from otherwise
Trustred Sources
Deep packet inspection with ACL and NBAR

Policing
NBAR Policing to classify them as invalid

Malformed RTP / RTCP
packets
BRKUCC-2934
Cisco Public
CAC mechanisms based on

CPU/memory/bandwidth utilization and
total number of calls
Call Spike monitors call arrival rate over a

moving window of time
UC Services API, External Voice Policy,

SecureLogix Solution (SIP Flooding)
Define media address and RTP port

ranges
Source filter - Filters out incoming

incorrect remote address/port RTP
Packets
Check on Call-ID, RTP sequence

numbers, and SSRC
RTP Library check in the IOS Voice code, DSP

check

SBC Threat /

in the network)
Security
Requirement
Encrypted signaling or
media

ACLs, NBAR, CoPP
Service Providers provide SIP trunks over

secure VPN
TLS signed INVITES / Digest

Authentication
IPSec for untrusted WAN segments, deploy

TLS/SRTP internally
TLS to non-TLS, SRTP Passthru,

SRTP/RTP interworking
Optional : Front end CUBE with an external

FW
SHA1-80, SHA1-128, SHA1-256 crypto

suite
Rogue BYEs
(ie Bye with Random
CallID)
Policed with ACLs and Control Plane Policing
Checks at signaling Protocol Stack, Call Leg

Transaction check
Eavesdropping
Encryption
SIP-TLS with sRTP, UC Services API, External

Voice Policy, SecureLogix Solution
BRKUCC-2934
Cisco Public

SBC Threat /
Security
Requirement
Service Theft

in the network)
ACLs, NBAR, CoPP
ACLs
IPSec
Privacy
BRKUCC-2934
VPN
1.
2.
Cisco Public
Class of Restriction
Toll Fraud prevention mechanisms listed
above
SIP Trunk Registration
(authentication/credentials CLI)
SIP Hostname Validation
Encryption (TLS with SRTP)
Monitor CDR from CUBE to scan for call
patterns and volumes that may indicate
unauthorized use
UC Services API, External Voice Policy,
SecureLogix Solution
TCL (blacklist/whitelist), PIN authorization
SIP Header Manipulation
PPI/PAI (if offered by SP)
2014 Surge of TDoS Attacks : Contact Centers &

PSAPs
2014 Public TDoS Attack Warnings Issued by:
FBI Federal Bureau of Investigations

DHS Department of Homeland Security
NENA 911 National Emergency Number Assoc.
APCO International Assoc. of Public-Safety
Communications Officials
Several U.S. state agencies
Dozens of TDoS attacks have targeted

administrative PSAP lines. The
perpetrators have launched high
volumes of calls against the target
network, tying up the system from
receiving legitimate calls.
BRKUCC-2934
Cisco Public
TDoS Articles during 2014 :

Dramatic Increase in Coverage
2014 coverage in over 50+ print/online
publications including:
Krebs on Security
CSO Magazine
Network World
InfoWorld
Security Week
Infosecurity Magazine
InfoWorld
CFO World
eWeek
Government Computer News
GovInfoSecurity
TechEye
InfoTech
SC Magazine, etc..
BRKUCC-2934
Cisco Public

CUBE Protection with an External Voice Policy
Threat / Use Case
Mitigation Action provided by CUBE w/ SecureLogix
IVR cycling with repeating DTMF tones in

WAVE files
Detect repeated DTMF tones that cause cycling, then take policy action
(disconnect, transfer)
Harassing Calls
Detect multiple phone calls from same phone # (or exchange), then take
policy action (disconnect, record)
Contact Center abuse
Detect unusual activity from specific phone # or exchange, then take

policy action (transfer, record)
Unauthorized Modem Usage
Detect Modem traffic, then take policy action (disconnect)
911 Notification
Detect 911 activity then take policy action (send alert)
Toll Fraud
Detect secondary dial tones then take policy action (disconnect)
Social Network Attacks
Detect call patterns from area codes or exchange then take policy
Unauthorized FAX usage
Limit time of day usage on FAX
Inappropriate use of phones
Detect phone calls to 900 area codes and disconnect
BRKUCC-2934
Cisco Public

CUBE Management

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CUBE Management

Încărcat de

Drepturi de autor:

Formate disponibile

Implementation & Management of

Cisco Unified Border Element

Hussain Ali, CCIE# 38068 (Voice)

Technical Marketing Engineer

CUBE Management & Troubleshooting

2014 Cisco and/or its affiliates. All rights reserved.

Why does an enterprise need an SBC ?

2015 Cisco and/or its affiliates. All rights reserved.

Cisco Unified Border Element Router Integration

H.323 and SIP interworking

Note: An SBC appliance would

WAN & LAN

2015 Cisco and/or its affiliates. All rights reserved.

CUBE (Enterprise) Product Portfolio

ASR 1004/6 RP2

3900E Series ISR-G2

Note: New platforms in this

Active Concurrent Voice Calls Capacity

2015 Cisco and/or its affiliates. All rights reserved.

CUBE Session Capacity Summary

NanoCUBE (8XX and SPIAD Platforms)

2015 Cisco and/or its affiliates. All rights reserved.

CUBE Software Release Mapping

* IOS-XE3.13.1 or later recommended for all ISR 4400 series

2015 Cisco and/or its affiliates. All rights reserved.

CUBE ISR and ASR 1K Licensing

Cisco 2951, 3925 ISR G2

Cisco 3945, 3925E, 3945E ISR G2

2015 Cisco and/or its affiliates. All rights reserved.

CUBE Management & Troubleshooting

2014 Cisco and/or its affiliates. All rights reserved.

SIP Trunking Design and Deployment

Cisco Session Management & CUBE:

SIP TRUNK TO CUBE

Cisco SME centralizes

2015 Cisco and/or its affiliates. All rights reserved.

Centralizes dial plan

CUBE Deployment Scenarios

Extending to Video and

2015 Cisco and/or its affiliates. All rights reserved.

NanoCUBE Deployment Scenarios

2015 Cisco and/or its affiliates. All rights reserved.

The Centralized Model

Central Site is the only location with

Voice services delivered to Branch

Media traffic hairpins through

Centralizes SIP Trunk

2015 Cisco and/or its affiliates. All rights reserved.

The Distributed Model

Each site has direct connection

Leverages existing branch

Takes advantage of SP session

No media hair-pinning thru any

Distributed operational overhead

Media traffic goes direct from

Lower latency on voice or video

IP addressing to Service Provider

Built-in Redundancy strategy

Quickest transition from

2015 Cisco and/or its affiliates. All rights reserved.

.. and the Hybrid Model

Connection to SP SIP service is determined on a site by

Adaptable to site specific requirements

Optimizes BW use on Enterprise WAN