designing and deploying managed voice/data services … · designing and deploying managed...
TRANSCRIPT
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
111© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
2© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Designing and Deploying Managed Voice/Data Services for Enterprise
and SMB SubscribersSession VVT-2021
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
333© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Agenda
• Managed Business Voice Services Overview
• Architecture Component Overview
• Routing Logic Example
• Scaling the Network
• Billing Considerations
• Security Considerations
• NAT/PAT
• NMS/OSS
• Supplementary Routing Logic
• Summary and Session Reference
444© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
SP Business Voice Services
• The SP Business Voice Solution enables Service Providers to offer a portfolio of voice services over a common framework, targeting SMB and enterprise customers
• The service menu consists of the following core services:Business Phone
Site-to-Site Voice/Data Connectivity
Centralized PSTN Access
Centralized Internet Access
Remote Network Operations
• Different customer types have different needsSmall business, single site
Medium/large business, multiple Sites
• Focused on business deployment, not residential
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
555© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
PSTN
Service Provider
Business(Single or Multi-Site)
MPLSMPLSClear IPClear IP IPSECIPSEC
IP/MPLS Converged Network
Common VoIP Connectivity Layer
Scalability
Security RegulatoryPSTN Connectivity
NMS/OSS
QoSCall
Control
Business Phone
Business Phone
InternetAccess InternetAccess
Centralized PSTN AccessCentralized
PSTN AccessDay 2
ManagementDay 2
ManagementSite to SiteSite to Site
CPECallManager
ClusterUnity
VM/UM
CCMCCM
CPE
ITSITS
CPE
PBX
VoIP GW
GW with Legacy PBXGW with Legacy PBX
SP Managed Services Layers
666© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Provider Offering:• Features
Dial-ToneDID AssignmentBasic Business Features
CCM—Full IP PBXITS—Keyswitch
• Optional FeaturesvXML Enhanced FeaturesCentralized VoicemailLocal PSTN Connectivity (backup or primary if no centralized offering)
Business Phone Service
CCM
Branch OfficeSupported CPE1. Cisco Call Manager (CCM)2. IOS Telephony System (ITS)3. GW w/ PBX (GW)
ITS
Target Customer Types: All
GW
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
777© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Provider Offering: • Features
Private Dial Plan (small scale can be done without centralized routing)QoS over WANConverged Data/VoiceSite-to-Site Toll Bypass
• Optional FeaturesSecure IP Transport (MPLS VPN or FW)Overlapping Dial Plans through route server (scaling—transparent to end user)
Site-to-Site Voice/Data Connectivity
Multiple Site Offices
Target Customer Types: Multi-Site/Multi-Branch
CCM
GW
ITS
IP Transport
Enterprise A:Site 1
Enterprise A:Site 2
Enterprise B:Site 1
888© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Provider Offering: • Features
Centralized PSTN Off-net connection through:
PSTN Hopoff GW/GK (VIA)Interconnect to VoIPWholesaler (VIA)
SS7 or Non-SS7
• Optional FeaturesCentralized PSTN On-Net2 Stage Dial On-Net
Centralized PSTN Access
Target Customer Types: All
Multiple or Single Site Offices
CCM
GW
ITS
IP Transport
PSTN
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
999© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Provider Offering:• Features
Centralized Internet Connection
• Optional FeaturesSecurity (FW/NAT)
Internet Access
Target Customer Types: All
Multiple or Single Site Offices
CCM
GW
ITS
IP Transport
Internet
101010© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Provider Offering:• Features
FaultConfigurationAccountingPerformance
Remote Network Management
Target Customer Types: All
Multiple Site Offices
CCM
GW
ITS
IP Transport
NMSPerformance,
Fault, Provisioning
Servers
BILLCAREAAA
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
111111© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Architectural Components
• Operations and Management
• Application and Services
BusinessTransit
• IP TransportSecurityQoS
• AccessT1/E1 Leased LineDSL, Dialup
• End Customer Deployments
EnterpriseSmall Medium Business
Access GKAccess GK
CCM
VGK
DGK
GK V
DGK
BTS/PGWBTS/PGW
GKGK
VPN GK
VPN GK
CPE
IP PhonesIP Phones
CPECallManager
Cluster
Unity VM/UMUnity VM/UM
CCMCCM
CPE
ITSITS
CPE
PBXPBX
VoIP GW
VoIP GW
GW with Legacy PBXGW with Legacy PBX
MPLS Clear IP
PSTNSS7
Long Distance Partner
Performance, Fault,
Provisioning Servers
Performance, Fault,
Provisioning Servers
BILLAAAAAA
CARENMS
12© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Layer 1: Customer Endpoint Deployments
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
131313© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Customer Deployment:Service Layer 1
• Service Layer 1 describes the CPE requirements for interfacing into the SP’s network for:Voice application
Dial planQoS requirements
Data applicationInternet accessSite-to-site data routingQoS Requirements
• 4 types of deployments1. CallManager (at business)2. CallManager with SRST (at service provider)3. Cisco IOS Gateway with PBX4. Cisco IOS Telephony Service on IOS Gateway
SAS Section 2.2.1
141414© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Customer DeploymentsFunctional Area: Cisco Call Manager
• Cisco CallManager offers Medium to Large Enterprise Customers an IP PBX Solution (**250 users and above)
• CallManager may reside on premise (distributed) or remain hosted in the Service Provider network (centralized)
• SCCP (Skinny) protocol for client signaling and control
• H.323 for RAS and trunk side signaling and control
• MGCP support for gateway signaling and control
• Can perform digit manipulation at endpoint
CallManager Cluster
CallManager Cluster
Unity VM/UM
CPE
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
151515© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Customer Deployment CCM at the Customer Premise
Cust A: Site 1
Cust B: Site 1
• Call Manager clusters are deployed at the customer premise
• Customer may choose to manage the devices, or outsource remote management to service provider
• Multi-site businesses can use a centralized deployment (ie. Branch IP phones to Corporate Call Manager cluster)
SP Transport
Access GK
Enterprise VPN GK
GK
CallManager Cluster
Service ProviderService Provider
CallManager Cluster
Cust A: Site 2
161616© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Remote IP Phones w/SRST
Remote IP Phones w/SRST
CPE/SRST
• A single CCM cluster is allotted for each customer
• Hosting in the Service Provider NOC eliminates CCM NMS access issues
-NMS has no awareness of MPLS tags to overlapping ipaddresses
• Requires backup mechanism in the event that WAN Transport link goes down
Access GK
AEnterprise VPN GK
GK
CallManager Cluster
Voice ApplicationVoice Application
Remote IP Phones w/SRST
Remote IP Phones w/SRST
Remote IP Phones w/SRST
Remote IP Phones w/SRST
CPE/SRST CPE/SRST
SP Transport
Customer Deployment CCM at the Service Provider
XX
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
171717© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Customer DeploymentsFunctional Area: Remote IP Phones (SRST)
• Capability in branch office routers for IP Telephony redundancy
• Provides backup Call Control to remote site in the event that CallManager connectivity is lost (i.e. WAN failure)
• Designed for centralized CallManager deployment
• CE Router can support SRST functionality on same platform
• Supports 24 to 480 users dependent based on platform performance and feature license
• Can perform digit manipulation at endpoint
CPE w/SRSTCPE w/SRST
IP PhonesIP Phones
Survivable Remote Site Telephony (SRST)
Survivable Remote Site Telephony (SRST)
181818© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Access GK
AEnterprise VPN GK
GK
CallManager Cluster
Voice ApplicationVoice Application
Remote IP Phones w/SRST
Remote IP Phones w/SRST
SP Transport
Customer Deployment Survivable Remote Site Telephony Backup
• IP Phones exchange keepalivemessages and Call Processing messages with centrally located Cisco CallManager (CCM)
• WAN Link fails—IP phones lose contact with CCM
• IP Phones register with local router as router of last resort
• Router queries phones for configuration and auto-configures itself
• Router provides call processing for duration of failure via PSTN
• Upon restoration of WAN, IP Phones revert back to CCM
XXCisco Router with
SRSTPSTN
Re-registerw/ SRST
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
19© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Introducing the ITS
202020© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
ITS
Customer DeploymentsFunctional Area: IOS Telephony Service (ITS)
• Software feature added to Cisco IOS CPE to provide call processing for IP phones using SCCP
• Performs local IP Telephony call control
• Offers IP Telephony for small offices (up to 48 users)
• End customer uses VoIP for internal, site-to-site, and PSTN off-net calling
• Supports trunk side H.323, SIP and MGCP
• Can perform digit manipulation at endpoint
CPE
IP Phones
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
212121© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
IOS Telephony Service (ITS) Architecture
• ITS sees IP Phones as emulated fxs phones or “e-fxs ports”
• To the GK, ITS appears as an analog GW
• Like analog GWs, ITS will register it’s individual dial peer destination patterns (E.164)
• GK should not use these E.164 addresses for routing. Turn off E.164 address registration
• Loopback address bindedto RTP and signaling using “bind” command
e-FXS e-FXS
SCCP SCCP
Voip stack
50/1/1
Loopbackinterface ITS
50/1/2
22© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
GW w/PBX
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
232323© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Customer DeploymentsFunctional Area: IOS Gateway with PBX
• Cisco IOS GW CPE front-ends a traditional PBX
• Enables migration of existing TDM PBX customer to IP data/voice convergence with minimal investment
• Branch offices use VoIP for PBX tie-line and PSTN off-net calling
• Customers may upgrade to IP Telephony (IP PBX) when ready
SAS Section 2.2.2.4
VoIP GWVoIP GW
24© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Layer 2: Access
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
252525© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Access Layer: Service Layer 2
• Types of Access methods:T1/E1
DSL
IPSEC VPN
Any
26© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Layer 3: IP Transport
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
272727© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
IP Transport: Service Layer 3
• Transport methods:
MPLS—MPLS VPNs provide security and QoS with shared/managed services model
IP “In the Clear”—Basic IP connectivity with security provided by Cisco IOS or PIX Firewall
272727© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
282828© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
CPE
Unity VM/UM
IP TransportFunctional Area: MPLS
• Provides the same level of security as a Layer 2 architecture• Allows for overlapping IP address spaces• Creates private and shared VPN architecture
Access GK
Enterprise VPN GKGK
CallManager Cluster
Voice ApplicationVoice Application
Cisco MPLS VPN Network
CPE w/SRST
PBX
VoIP GW
CPE
PE PEPE
CPE
P
PrivateVPN “A”PrivateVPN “A”
PrivateVPN “B”PrivateVPN “B”
VPN “Shared”
CPE
CallManager Cluster
Unity VM/UM
PE PE
PrivateVPN “A”PrivateVPN “A”
PrivateVPN “B”PrivateVPN “B”
IP Phones GW w/ PBX
CallManager Cluster
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
292929© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
MPLS/VPN: Supporting Shared Services
Internet PSTN
Shared Services for all VPNsInternetGatewayInternetGateway
VoIPGateway
VoIPGateway
VideoConference
VideoConference
GatekeeperGatekeeper
VPN “A” VPN “B”VPN “B”
VPN “A” VPN “B”VPN “B”
Service Provider
Cisco MPLS—VPN Network
292929© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
303030© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
CallManager Cluster
Unity VM/UMUnity
VM/UM
IP Transport Functional Area: IP “In the Clear”
• Connections may be dedicated access links directly into the service provider or over the Internet
• Typical method of interconnection for single-site small business
Access GKA
Enterprise VPN GK
GK
Voice ApplicationVoice ApplicationVPN
“Shared”
RouterIP Network
Some Customers May Connect over the InternetInternet
CallManager Cluster
Customer “C”Customer “C” Customer “D”Customer “D”Customer “A”Customer “A”Customer “A”Customer “A”
CPE w/SRST
CPE w/SRST IP
PhonesIP
Phones
CPECPE
PBXPBX
VoIP GW
VoIP GW
CPE
Customer “Customer “BB””
PBXPBX
VoIP GW
VoIP GW
CPE
PBXPBX
VoIP GW
VoIP GW
CPE
Customer Sites Connect over a Standard IP Network Directly to the SP; They Send Voice Traffic to the SP as Just as They Would External
Traffic to the Internet
Firewalls Needed to Protect against Access by Unwanted Parties (e.g. Non-SP Shared Resources or Internal Sites)
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
313131© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
MPLS based IP Transport: Private VPN per Customer
Cisco MPLS VPN Network
CE CE
A
CallManager Cluster
Unity VM/UM
Private VPN “A”
CE w/SRST
IP Phones
Private VPN “A”
A
CallManager Cluster
Unity VM/UM
Private VPN “B”
GW w/ PBX
PBX
VoIP GW
CE
Private VPN “B”
PE1
PE2 PE4
PE3
CE
P
Customers can retain private IP addresses that may overlap with
other subscribers
Private VPN RD: 800:10 Private VPN RD: 500:10
Assigns VPN RD = 800:10. Imports and exports these routes to other PEs via MP-
BGP
Assigns VPN RD = 500:10. Imports and exports these routes to other PEs via MP-
BGP
-Route Distinguisher (RD) = 800:10 -Prepended to the IPV4 route for customer isolation
eg. X.Y: a.b.c.d = 800.10:192.1.1.0
323232© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Private VPNs with MPLS Configuration
Hostname PE1!ip vrf customerA
rd 800:10route-target import 800:10route-target export 800:10
Hostname PE3!ip vrf customerB
rd 500:10route-target import 500:10route-target export 500:10
CE CE
A
CallManager Cluster
Unity VM/UM
Private VPN “A”
A
CallManager Cluster
Unity VM/UM
Private VPN “B”
PE1 PE3MPLS VPN
Private VPN RD: 800:10 Private VPN RD: 500:10
Private VPN “A”
Private VPN “B”
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
333333© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
MPLS based IP Transport Private and Shared VPN VRFs
Access GK
AEnterprise VPN GK
GK
CallManager Cluster
Voice Application
Cisco MPLS VPN Network
CPE CPE
A
CallManager Cluster
Unity VM/UM
Private VPN “A”
CPE w/SRST
IP Phones
Private VPN “A”
A
CallManager Cluster
Unity VM/UM
Private VPN “B”
GW w/ PBX
PBX
VoIP GW
CPE
Private VPN “B”
Export local shared VPN addresses and private addresses. Import shared voice application host
addresses and private addresses
PE
PE PE
PE
Export shared voice application host addresses. Import all customer shared addresses
Export only shared voice application host addresses
and private addresses. Import shared customer
voice application host addresses and private
addresses
Private VPN: 800:10Shared VPN: 10000:101
Private VPN: 500:10Shared VPN: 10000:102
Shared VPN: 10000:100
343434© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Private and Shared VPN VRF Configuration
hostname PE5!ip vrf VOICE
rd 10000:100export map SHARED-DEV route-target import 10000:100route-target export 10000:100route-target import 10000:101route-target import 10000:102
!route-map SHARED-DEV
match ip-access list 10set extcommunity rt 10000:100
!access-list 10 permit 22.22.22.15 0.0.0.0access-list 10 permit 22.22.22.50 0.0.0.0access-list 10 permit 22.22.22.51 0.0.0.0access-list 10 permit…. (etc)
hostname PE1 !ip vrf PRIVATE
rd 800:10route-target import 800:10route-target export 800:10route-target import 10000:100export route-map CPE-LOOP
!route-map CPE-LOOP
match ip-access list 10set extcommunity rt 10000:101 additive
!access-list 10 permit 171.68.1.1 0.0.0.0access-list 10 permit …. (etc)
Cisco MPLS VPN Network
CPECPE
A
CallManager Cluster
Unity VM/UM
Private VPN “A”
A
CallManager Cluster
Unity VM/UM
PE1 PE3
PE5
Private VPN “B”
Private VPN: 800:10Shared VPN: 10000:101
Shared VPN: 10000:100
Access GK
AEnterprise VPN GK
GK
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
35© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Service Layer 4: Application and Services
363636© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Architectural Components
• Operations and Management
• Application and Services
BusinessTransit
• IP TransportSecurityQoS
• AccessT1/E1 Leased LineDSL, Dialup
• End Customer Deployments
EnterpriseSmall Medium Business
Access GKAccess GK
CCM
VGK
DGK
GK V
DGK
BTS/PGWBTS/PGW
GKGK
VPN GK
VPN GK
CPE
IP PhonesIP Phones
CPECallManager
Cluster
Unity VM/UMUnity VM/UM
CCMCCM
CPE
ITSITS
CPE
PBXPBX
VoIP GW
VoIP GW
GW with Legacy PBXGW with Legacy PBX
MPLS Clear IP
PSTNSS7
Long Distance Partner
Performance, Fault,
Provisioning Servers
Performance, Fault,
Provisioning Servers
BILLAAAAAA
CARENMS
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
373737© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Multiservice Application
• Types of applications/functional areas:Voice—Utilize the Voice VPN Route Server
Data—Managed Internet access may be provided as a shared service
383838© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Multiservice Applications Functional Area: Voice Application
• Enables the voice service offering
• Performs inter-site routing and PSTN connectivity
• Shares resources amongst enterprise subscribers
• Utilizes Cisco VIA/Global Long Distance network solution architecture for PSTN terminating network
SAS Section 2.2.2.9
Long DistancePartner
PSTNGK Non-SS7 GW
Voice VPN GK
PSTN DGK
DGK
DGK
Access GK
PSTN
SS7 GW
SS7 Softswitch
GK
AGK AGK
PSTN GK
Centralized PSTN Offering
IP Phones
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
393939© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Voice VPN GK and Access GK• Voice VPN GK
Performs all off-premise enterprise call routing (e.g. Site-to-Site, PSTN)Voice VPN (Private Dial-Plan)Intelligent Call Routing (Least Cost, Time Of Day)Collects usage information for billing
• Access GK (optional)Performs final endpoint selection in routing processIncreases Scaling:
Offloads Endpoint Registration and maintenance from Voice VPN GKDirect signaling facilitates high call volumes
Increases Availability:Resource Availability Indicator (RAI)Call Admission Control
Increases Reliability:Dynamic Alternate GK FailoverStatic Alternate GK FailoverSequential-LRQ Failover
Voice VPN GK
Access GK
AGK
Access GK
AGK
404040© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
PSTN GK/DGK Hierarchical Design
• PSTN Directory GatekeeperPerforms call routing search at highest level (Example = country code distributions)Country codes among other DGKs forwards LRQ to partner DGK if call does not terminate in local SP DGK
• PSTN GatekeeperPerforms call routing search at intermediate level (Example = NPA-NXX)Provides GW resource management (Registrations, RAI, gw -priority…)
• PSTN GatewayActs as interface between PSTN and IPNormalizes numbers from PSTN before entering IP Normalizes numbers from IP before entering PSTNSends RAI to GK for increased availability
LRQ408 212
ARQARQARQARQ
DGKDGK
GK GK
408555 408666 212555
East RegionEast RegionWest RegionWest Region
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
414141© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Primary Functions Required to Enable Voice Services
• Call routingSupport all calling patternsSupport all numbering plansAccommodate scalingProvide fault toleranceEnable high availabilityEnforce call admission (BW) policies
• Call securityEndpoint integrityCall integrity
• BillingFlat rateDuration/destination sensitive
• Network managementProvisioningFaultPerformance
BILL NMS
Billing, NMS, AAA Security, TFTP
Billing, NMS, AAA Security, TFTP
OperationsOperations
Voice Application ResourcesVoice Application Resources
SS7
VIA Partner
PSTN
Non-SS7
Voice VPN GK
PSTN DGK
DGK
Access GK
DGK
DGK
DGK
DGK
DGK
414141© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
424242© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
4 Basic Call Routing Design Factors
• Accommodate multiple endpoint optionsCisco CallManagerCisco IOS GWS
Internet Telephony Service (ITS) routers
• Support end user dialing habitsEach enterprise has its own customsEach local region has its own customs
• Co-exist with shared resourcesSupport overlapping dial-plans between enterprisesUniquely identify enterprises
• Use standards-based interconnection mechanismsIncreases solution interoperabilityUses H.323 today
424242© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
434343© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Sample User Dialing Habits
• On-net user habitsStraight extension dialing (e.g. 2xxxx)Supplies indication digit (e.g. 8+extension)
• Off-net user habitsSupplies Indication Digit (e.g. 9+e.164)
• Forced on-net user habits (intra-enterprise)Dials as if off-net (e.g. 9+e.164) but call stays on IPAssumes IP data connectivity possible between sites
• PSTN-to-Enterprise accessVoIP SP owns DIDs (off-net to on-net)LEC owns DIDs (straight Into Enterprise—not much to do)
• CLID presentationUser sees CLID as the number to dial if call were to be returned(e.g. abbreviated extension for on-net or full E.164 for off-net)
These Are Assumptions to Guide Our Examples;
We Can Flexibly Accommodate
Derivatives as Customers Define Them
434343© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
444444© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
GW w/ PBX
Endpoint Call Routing Responsibilities
• Endpoints perform “number normalization”
Flexibly support varying end user habits
Present consistent call routing information to the routing engine independent of endpoint type (e.G. CM, GW, ITS)
Provide unique customer identification to support overlapping dialing plans
Insure meaningful CLID display (removal of inserted customer IDS)
• Customer ID =VPN ID + Site ID
Example: 99 + 1 = 991
99 + 2 = 992
PBXPBX
VoIP GWVoIP GW CPE
SS7
Long DistancePartner
PSTN
Non-SS7
Voice VPN GK
PSTN DGK
DGK
Access GK
DGK
DGKDGK
DGK
User Specific Habits
H.323
Number Normalization
Route on Normalized Numbers
DGK
444444© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
454545© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
GW w/ PBX
GW w/ PBX
GW w/ PBX
CustID: 991
CustID: 992
CustID: 881
Endpoint Number Normalization
• Remove Any Access Digits from User Dialed Number
International Access Prefixes
Onnet/Offnet Access Codes
calledNumber is Full E.164 for Offnet
calledNumber is Abbreviated Extension for Onnet (optional)
• Insert Customer Identifiers Before Sending to Network
Add CustID (assigned by SP) to callingNumber in ANI
callingNumber is Full E.164 for Offnet
callingNumber is Abbreviated Extension for Onnet (optional)
• Remove Customer Identifiers Received from Network
Enterprise VPN GK will modify DNIS to contain CustID + calledNumber
User Habits
DNIS: X or Y calledNumberANI: (CustID)+full-e.164
DNIS: X or Y calledNumber ANI: (CustID)+full-e.164
DNIS: X or Y calledNumberANI: (CustID)+full-e.164
EntA—N YX: OffnetY: Onnet011: Int’lNULL
EntA—ParisS: OffnetT: Onnet00: Int’lNULL
EntB—NYQ: OffnetR: Onnet011: Int’lNULL
454545© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
464646© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Enterprise VPN GK Routing on Normalized Numbers
• Determine source
GK uses customer ids in ANI to select separate routing tables for each enterprise
Routing tables may contain private or abbreviated numbering plans
Allows overlapping dial plans
• Determine destinationGK modifies outgoing signaling to contain destination customer IDS in DNIS
GK sends pure E.164 for off-net PSTN calls
Voice VPN GK
PSTN DGK
DGK
Customer EndpointsCustomer Endpoints
CustID: 881CustID: 991
DNIS: E.164ANI: E.164
DN
IS:
X o
r Y
ca
lled
Nu
mb
er
AN
I: (
Cu
stID
)+fu
ll-e
.164
DN
IS: (C
ustID
) + called#
AN
I: full e.1648
464646© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
If CustID = 88x Use Enterprise BRoute Table
If CustID = 99x Use Enterprise ARoute Table
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
474747© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Routing Logic Example
484848© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Routing Logic Example
Given:• Offer managed services
offering to enterprisesBusiness phone
Site-to-site
Centralized PSTN
• 2 Enterprises (2 branch offices each)
• 5 digit intra-enterprise dialing
• Full E.164 address on-net to off-net dialing
• Full E.164 address off-net to on-net dialing, full caller ID awareness
Network Design:• Number normalization
at endpoints (on-net to on-net)
Insert VPN and site ID to calling number
Strip destination VPN and site ID on incoming
• Use VPN GK to perform:Match and strip incoming VPN and site ID
Attach destination VPN and site ID
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
494949© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
EntASite 2EntA
Site 2CCM
EntASite 1EntA
Site 1PBX
CCMEntBSite 1EntB
Site 1
EntBSite 2EntB
Site 2 ITS
AGK2
GK
AGK1
GK
VPN GateKeeper
GLD Partner
GK
PSTN
DGK
PSTN
GKPSTN
Access GK
Topology
x61000
x21000
505050© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
EntASite 2EntA
Site 2CCM
EntASite 1EntA
Site 1PBX
CCMEntBSite 1EntB
Site 1
EntBSite 2EntB
Site 2 ITS
AGK2
GK
AGK1
GK
VPN GateKeeper
PSTN
GKPSTN
Access GK
On-Net Call Flow
x61000
x21000
11
1111
Sample Route TableVPNID 88
ext ID GK6.... 881 AGK12.... 882 AGK2
VPNID 99 (source match)ext ID GK6.... 991 AGK12.... 992 AGK2 (dest match)
Strips source ID from calling# and inserts destination ID into called#
Strips destination site ID (992) from called party number for all calls
Inserts source VPN and site ID to calling party number w/ full e.164
88 d: 8+21000s: 99114085261000
1212
d: 21000s: 61000
1010
99d: 99221000s: 14085261000
Sample Route Table992 EntA2882 EntB2ARQ hopoff zone <remote zone>
Sample Route Table991 EntA1881 EntB1ARQ hopoff zone <remote zone>Only needs local enterprise VPN/Site IDs configured.
77d: 8+21000s:99114085261000 IP: VPN GK
55IP: EntA2
66 IP: VPN GK
d: 8+21000s: 9911408526100022
d: 8+21000s: 9911408526100033
d: 99221000s: 1408526100044
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
515151© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
EntASite 1EntA
Site 1PBX
DGK
GLD Partner
GK
PSTN
DGK
PSTN
GKPSTN
Access GK
x61000
Off-Net Call Flow
Shared Voice Application
QoS-Enabled
11
12135551212
Inserts source VPN and site ID to calling party number w/ full e.164
d: 9+12135551212s: 99114085261000
22
33 5b5b 6b6b
5a5a
6a6a
1212
44
d: 12135551212s: 14085261000
1111d: 12135551212s: 14085261000
Sample Route Table991 EntA1881 EntB1ARQ hopoff zone <remote zone>
Sample Route Table1213 PSTN GK1213 PartnerLRQ sequential
1010
d: 9+12135551212s: 99114085261000
Sample Route TableEnt ID 99 (source match)
ext ID GK6.... 991 AGK12.... 992 AGK2* “offnet” (dest match)
“Offnet”1408526.... 991 AGK11919392.... 992 AGK21408446.... 881 AGK11212392.... 882 AGK2* DGK (offnet)
77IP: PSTN GW
88IP: VPN GK
d: 12135551212s: 14085261000
GK
99d: 9+12125551212s: 99114085261000IP: VPN GK
525252© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
EntASite 1EntA
Site 1PBX
PSTN
GK
QoS-Enabled
Incoming PSTN Call Flow
DGKPSTN
Directory GK
Service ProviderGK
140855512121a1a
LEC owns the DIDs. Calls enter through local GW (also used for backup outbound calls) or into PBX.
VoIP SP Owns the Enterprise DIDs
33
44
88
99
1010
1212
Sample Route Table1408526 DGK1408 PSTN GW
* DGKNotice that PSTN GKs Need to Configure Enterprise DIDs to Avoid Loops
Sample Route Table1408526 VPN GateKeeper1408 PSTN GK
DGK Route Table Needs Specific Entries of Enterprise DIDs
Sample Route Table1408526.... 991 AGK11408392.... 992 AGK2 1408446.... 881 AGK11212392.... 882 AGK2
VPN GateKeeper adds VPN/Site IDs to incoming called numbers and does not modify Full E.164. AGKs route based on VPN/Site ID located as part the destination number.
Sample Route Table991 EntA1881 EntB1ARQ hopoff zone <remote zone> 22 d: 14085261000
s: 14085551212
77d: 14085261000s: 14085551212IP: VPN GK
d: 14085261000s: 14085551212
1111
d: 99114085261000s: 14085551212
1313d: 14085261000s: 14085551212
PBX Accepts Both Abbreviated and Full e.164 Numbers to Reach End Station
Original Number!
14085261000
1b1b
66
IP: EntA1
Original Number!
55 d: 99114085261000s: 14085551212
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
53© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Scaling the Network
545454© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
GUPGUP
AGKAGK
AGKAGK
AGKAGK
AGKAGK
AGKAGK
Designing the Voice Application Increasing Scale with Access Gatekeepers
• Basic value of AGKOffloads endpoint maintenance tasks from voice VPN GKAllows voice VPN GK to focus on call routing and billing
• GK clusteringCluster is viewed as a single GK Entity to voice VPN GK
Load balances endpoints to support large numbers with high call rates
Uses Gateway Uptime Protocol (GUP)External entity needs to only send LRQ to one member of clusterLRQ load shared between elements of the cluster
Cluster may consist of up to 5 gatekeepers
Voice VPN GKLRQ/LCF
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
555555© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
GUPGUP
AGKAGK
AGKAGK
AGKAGK
AGKAGK
AGKAGK
Designing the Voice Application Increasing Reliability Access Gatekeepers
• Cisco IOS Gateways Register to a Primary AGK
Static primary AGK registration statement configured on GW
Lightweight RRQs sent from GW to GK as a Keepalive
• Static Alternate GK can be addedSecondary registration statement configured with lower priorityIf GK fails to send RCF Keepalive back to GW, GW registers to alternate GK
Alt GK is geographically independent
• Dynamic Alternate GK ListsClustered GKs pass back A List of AltGKs (members of the cluster) to GWsGWs give dynamically learned AltGKs priority over statically configured
Alternate GK FailoverAlternate GK Failover
12 RRQ/RCF
565656© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Designing the Voice Application Increasing Availability/Voice Quality Using Call Admission Control
• Cisco AGKs perform call admission control based on bandwidth
Maximum bandwidth requested on call admission request (ARQ)
GW updates bandwidth with BRQ once codec is selected
GK tracks bandwidth and can accept or deny based on configured thresholds
• Calls coming into enterprise can be blocked (and potentially rerouted to another destination) if bandwidth unavailable
• Calls placed by the enterprise can be blocked or locally rerouted to the PSTN if bandwidth unavailable PSTN
AGK
Voice VPN GK
AR
J
SAS section 4.6.2
Rotary PeerPSTN
Fallback
LR
J
Can Re-Originate Another LRQ
AR
Q/B
RQ
Is Incoming Call Request Going to Exceed the User’s
Threshold?
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
575757© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Billing Considerations
585858© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Billing Considerations
• Accurate collection of usage informationOwnership of CPE determines logical billing points Billing records must be collected at service provider owned devices
• Billing models for on-net vs. off-net callsOn-Net: Flat rate, or usage-based by collecting usage information through VPN GK (GKRCS)On-Net: Insert border proxy device (IPIPGW etc)Off-Net: Usage-based by collecting usage information at hop-off GW
• Integration with billing serverCentralized GKRCS vs. AAA from endpoints
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
595959© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Billing Records Generated from VPN GK
EntASite 1EntA
Site 1CCMCCM GLD Partner
GK
PSTN
DGK
EnterpriseAccess GK
EnterpriseAccess GK
PSTNAccess GK
Directory GK
VPN GKGK
GK
EntASite 2EntA
Site 2PBXPBX PSTN
GK
PSTN
GK
DGK
NMSBILL
606060© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Billing Records Generated from Cisco GW/GKs (not recommended)
CCMCCM GLD Partner
PSTN
EnterpriseAccess GK
EnterpriseAccess GK
PSTNAccess GK
Directory GK
VPN GKGK
GK
PSTN
GK
DGK
NMSBILL
GK
DGK
PSTN
GK
EntASite 1EntA
Site 1
EntASite 2EntA
Site 2PBXPBX AAA Billing off of PSTN
Gateways for Off-Net calls
AAA Billing off of Gatekeepers for On-Net Calls
CM Provides Call Duration in DRQ (CM 3.2)
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
616161© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Securing the Network
626262© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Security Overview
• H.323 SecurityEndpoint Registration (RRQ)
Admission per call (ARQ)
Interdomain/Intradomain Token (IZCT/CAT)
• NAT Traversal
• Firewall
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
636363© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
H.323 VoIP Security Overview
• IZCT(Inter-Zone Clear Token): The token used to validate calls from other networks; IZCT Token (+ CAT) travels in ARQ and LCF messages
• CAT (Cisco Access Token): The token passed between GKs in the LRQ message for GK “hop-to-hop” authentication
• Use IZCT and CAT to insure access control, secured connectivity, and minimum performance impact
• GWs and ITS support registration H.235 security, Call Manager does not
646464© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
GK to GK Security Using IZCT and CAT
Service ProviderNetwork
Service ProviderNetwork
GKGK
1. ARQ
2. LRQ (IZCT+ CAT)
6. ACF (IZCT)7. Setup (IZCT)
10. ACF
8. Setup (IZCT)
VPN GK
RTPRTP
3. LRQ (IZCT +CAT)
9. ARQ (IZCT)
GK Will Validate the IZCT Token
5. LCF (IZCT)
4. LCF(IZCT)
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
656565© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Software Requirements for Security in Cisco Networks
• IZCT: 12.2(2)XA for 26/3600, 7200 and AS5300; 12.2(4)T except AS5300 and AS5850; 12.2(2)XB1 for AS5850
• CAT: (LRQ authentication): Cisco IOS GK 12.2(11)T• Non-IOS GWs must have the ability to copy
ClearTokens returned in the ACF into the set-up message
• Call Manager does not support token passing today• Non-IOS GKs must have the ability to copy
ClearTokens returned in the LCF into the ACF• 12.2(15)T supports access-lists to allow
interconnection with non-token-enabled networks
666666© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
NAT/PAT and Firewall
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
676767© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
NAT/PAT + Firewall + Voice Protocols
• NATs work at Layer3
• NATs modify the source IP Address
• NATs don’t modify L4/L5/L6/L7 addresses, yet voice protocols (SCCP, H.323) embed IP Address at L4-L7
• Embedded L4-L7 addresses become non-routable, so applications will not work
• Application Layer Gateway (ALG) required on NAT device to “fixup” voice protocol
NAT/PAT +Firewall
CallManagercluster
H.323Gateway
H.323Gateway
IP PhoneSoftPhone
IP Phone
InsideInside OutsideOutside
686868© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
CallManager Cluster
Unity VM/UMUnity
VM/UM
NAT and FW Demarcation Points
• NAT/PAT is enabled at the CE device; CCM deployments require a separate CE router at customer edge; SRST, ITS and Cisco IOS GWs can be used as the CE edge device
• IP Phones typically use PAT for scaleability• For IP “in the clear”, CPE is ideal location for FW
Internet
PBX
VoIP GW
CPE
Access GK
A
Enterprise VPN GK
GK
Voice ApplicationVoice ApplicationVPN
“Shared”
CPE w/SRST
IP Phones
Router SRST
IP Network
ITSITS IOS GWIOS GW
Firewalls Needed to Protect against Access by Unwanted Parties (e.g. Non-SP Shared Resources or Internal Sites)
CE Device Performs the NAT/PAT Functionality
131.7.33.x
CE DeviceITS IOS GW
10.1.1.x
Call ManagerCall Manager Call ManagerCall Manager
CallManager Cluster
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
696969© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
CallManager Cluster
PSTN
NAT for CallManager Deployments (On-Site)
Site ASite A
10.1.1.110.1.1.210.1.1.3
Outside Public:172.16.1.1172.16.1.2172.16.1.3
172.16.1.10
10.1.1.254
Inside Private Addresses10.1.1.10–10.1.1.100
NAT for CCM:10.1.1.1 à 172.16.1.110.1.1.2 à 172.16.1.210.1.1.3 à 172.16.1.3
PAT for IP phones, Unity, GWs:10.1.1.10 through 10.1.1.100 à 172.16.1.10
707070© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
NAT for SP Hosted Cisco CallManager with SRST
Access GK
Enterprise VPN GKGK
PE1
PE2
PE5
P
CallManager Cluster
Unity VM/UM
CallManager Cluster
Unity VM/UM
These Devices Belong to Both the Private and Shared VPNs of the Customer; CCM Is Assigned
a Public Address; CCMs for Each Customer Appear on
Separate Sub-Interfaces on the PE To Be put into the Separate
Customer VPNsPrivate VPN: 800:10Shared VPN: 10000:101
Shared VPN: 10000:100 Private VPN: 500:10Shared VPN: 10000:102
Private VPN: 800:10Shared VPN: 10000:101
Private VPN “A”Private VPN “A” Private
VPN “B”Private VPN “B”
CE w/SRST
CE w/SRST
IP Phones
IP Phones
Private VPN “A”Private VPN “A”
Cisco MPLS VPN Network
PEs Group All Customer Public Addresses into the
Same Shared Customer VRFCE
w/SRSTCE
w/SRST
IP Phones
IP Phones
Private VPN “A”Private VPN “A”
All SCCP Signaling and Any Bearer Traffic Destined to
External Locations Undergo PAT on Local CE
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
717171© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
MPLS Customer Network:SRST / ITS / IOS Gateway
• Loopback interface on CPE is in the Public address space• IP phones are PATed to the Loopback interface• On-Net Bearer traffic remains within the customer’s VPN• Off-Net traffic is routed through the SP’s off-net infrastructure
Inside Private Addresses10.x.x.x
PAT for bearer traffic to IP phones. Public address assigned to
loopback interface for signaling with shared voice resources.
Inside Private Addresses10.x.x.x
Site A Site B
Access GK
Enterprise VPN GK
GK GK
Access GK
All calls between sites traverse through shared
resources and undergo PAT for bearer traffic on the CE.
CE w/SRST
IP Phones
CE w/SRST
IP Phones
Outside Public AddressesFor voice resources
727272© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
ITS Built in NAT/Proxy Functionality
• ITS has eFXS (emulated FXS ports)• ITS perceives the IP Phones behind it as FXS ports• Calls from the IP Phones are sourced from the interface
to which H.323 is bound• IP Phones speak skinny protocol to the ITS
Enterprise VPN GK
GKGK
Access GK
Access GK
VoIP Proxy Function
Public Address: Bearer, H.323
Private Address: Bearer, SCCP
ITS
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
737373© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
A
CallManager Cluster
CE
NAT Not Needed between Two Local Segments; MGCP and SCCP Pass Freely; PAT Used Only for Traffic Exchanged with
Shared Service Provider Resources
NAT on H.323
and Bearer
NAT Does Not Support MGCP (Yet)
• MGCP is currently not supported through CiscoNAT/PAT devices:
Therefore, devices controlled by MGCP from the CCM are only usable if there is no NAT device between them
• CCM Controlled MGCP gateways are “on-site” and if used are for “local” PSTN access
Private IP Address Segment(e.g., 10.x.x.x)
Public IP Address Segment(e.g., 172.16.100.x)
PSTN
SCCPSCCP
MGCP
747474© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
• If IPSec then check input access list
• Decryption—for CET or IPSec
• Check input access list
• Check input rate limits
• Input accounting
• NAT outside to inside (global to local translation)
• Policy routing
• Routing
• Redirect to web cache
• Crypto (check map and mark for encryption)
• Check output access list
• Inspect CBAC
• TCP intercept
• Encryption
• If IPSec then check input access list
• Decryption—for CET or IPSec
• Check input access list
• Check input rate limits
• Input accounting
• NAT outside to inside (global to local translation)
• Policy routing
• Routing
• Redirect to web cache
• Crypto (check map and mark for encryption)
• Check output access list
• Inspect CBAC
• TCP intercept
• Encryption
• If IPSec then check input access list decryption—for CET (Cisco Encryption Technology) or IPSec
• Check input access list
• Check input rate limits
• Input accounting
• Policy routing
• Routing
• Redirect to web cache
• NAT inside to outside (local to global translation)
• Crypto (check map and mark for encryption)
• Check output access list
• Inspect (Context-based Access Control [CBAC])
• TCP intercept
• Encryption
• If IPSec then check input access list decryption—for CET (Cisco Encryption Technology) or IPSec
• Check input access list
• Check input rate limits
• Input accounting
• Policy routing
• Routing
• Redirect to web cache
• NAT inside to outside (local to global translation)
• Crypto (check map and mark for encryption)
• Check output access list
• Inspect (Context-based Access Control [CBAC])
• TCP intercept
• Encryption
NAT Order of Operations
Outside-to-InsideOutside-to-InsideInside-to-OutsideInside-to-Outside
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
757575© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Managing the Network
767676© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
PSTN/SS7
Int’l
SCP
Carrier X
Cisco Network ServicesCisco Network Services
Performance ManagementApplication
Performance ManagementApplication
Fault ManagementApplication
Fault ManagementApplication
Infrastructure ConfigurationApplication
Infrastructure ConfigurationApplication
Unified Operator and OSS InterfaceUnified Operator and OSS Interface
Accounting Data
Application
Accounting Data
Application
OSSOSS
Security
Security
Cisco OSS for Managed Business Voice Internet OSS for VoIP
Subscriber/ Access Mgmt Application
Subscriber/ Access Mgmt Application
323323323323
323323323323
STP
STP
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
777777© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
-
Fault and Performance Management
SRST CCMITSCat
Switches IP Phones
AAARADIUS
AAARADIUS SYSLOGSNMP
SNMP
CNS Bus
CICCIC - Services- Applications
Fault Manager
C-NOTEPerf-Engine
Reports
ITEM/CW2k
NetIQ
PerformanceManager
CNS Bus
Reporting (partner)Reporting (partner)
CPE Router
IOS GW/GK
• Cisco Info Center (CIC)• Manager of Managers (MOM)• End to end view of network• Integrates with lower level collection apps
787878© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
-
Provisioning and Configuration Management
SRST CCMITSCat
Switches
CPE Router IP Phones
XML overHTTP
SSH Telnet SOAP AXL
PTCPTC
Conf-EngIE2100
Configuration Manager
IOS GW/GK
• Packet Telephony (PTC)• Domain Manager for Voice Network• End to End view• Configures the Dialplan - GW / GK / DGK• Provisions IOS
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
797979© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Supplementary Routing Logicusing the PGW2200
808080© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
On-net to On-net
• On-net to On-net
• On-net to Off-net
• Off-net to On-net
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
818181© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
On-net to On-net
CCGK1 CCGK2
EntASite 1
PBX V
Ext.: 51212Abbr.: 5....VPNID: 222SiteID: 111 EntA
Site 2PBX V
Ext.: 71212Abbr.: 7....VPNID: 222SiteID: 112
PGW VPN
VVHSI-1 (incoming) HSI-2 (outgoing)
S: 22211114085551212D: 871212
S: 14085551212D: 22211271212
Sent to PGW Out PGW after manipulation
H.225 RAS
H.2
25 R
AS
H.22
5 set
up
H.225 setup
828282© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
HSI 1 PGWCCGK-1 HSI-2AGK-1 CCGK-2 AGK-2
Alerting
ARQ LRQLCF
ACFSetup
E-ISUP:IAM(FS H. 245 IP/Port)
ARQLRQLCF
ACFSetup
A. ARQA. ACF
Proceeding
Proceeding
Alerting Connect
Connect
H.245 End Session
EISUP: NOT
E-ISUP: CPGE-ISUP: CPGE-ISUP: ANM
E-ISUP: ACM(H. 245 IP/Port)E-ISUP: ACM
(H. 245 IP/Port)
E-ISUP: ANM
Release Complete
DRQ
DCFE-ISUP: REL
E-ISUP: RLCRelease Complete E-ISUP: REL
E-ISUP: RLCDRQ
DCF
E-ISUP:IAM(FS H. 245 IP/Port)
RTP Stream
Begin H.245 OLC
EP-1 EP-2
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
838383© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
On-net to Off-net
• On-net to On-net
• On-net to Off-net
• Off-net to On-net
848484© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
On-net to Off-net
CCGK1 CCGK2
EntASite 1
PBX V
E.164.: 14085551212Abbr.: 5….VPNID: 222SiteID: 111
PGW VPN
VVHSI-1 (incoming) HSI-2 (outgoing)
S: 22211114085551212D: 919167771212
S: 14085551212D: 19167771212
Sent to PGW Out PGW after manipulation
H.2
25 R
AS
H.22
5 set
up
V V
PSTN
GK
PSTNAccess GK
19167771212
S: 14085551212D:19167771212
H.225 RAS
LRQ/LCF
H.225 setup
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
858585© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
HSI 1 PGWCCGK-1 HSI-2AGK-1 CCGK-2 PSTNGK PSTNGW
Alerting
ARQ LRQLCF
ACFSetup
E-ISUP:IAM(FS H. 245 IP/Port)
ARQLRQLCF
ACFSetup
A. ARQA. ACF
Proceeding
Proceeding
Alerting Connect
Connect
H.245 End Session
EISUP: NOT
E-ISUP: CPGE-ISUP: CPGE-ISUP: ANM
E-ISUP: ACM(H. 245 IP/Port)E-ISUP: ACM
(H. 245 IP/Port)
E-ISUP: ANM
Release Complete
DRQ
DCFE-ISUP: REL
E-ISUP: RLCRelease Complete E-ISUP: REL
E-ISUP: RLCDRQ
DCF
E-ISUP:IAM(FS H. 245 IP/Port)
RTP Stream
Begin H.245 OLC
EP-1
868686© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Off-net to On-net
• On-net to On-net
• On-net to Off-net
• Off-net to On-net
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
878787© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Off-net to On-net
CCGK1 CCGK2
EntASite 1
PBX V
E.164.: 14085551212Abbr.: 9….VPNID: 222SiteID: 111
PGW VPN
VVHSI-1 (incoming) HSI-2 (outgoing)
S: 19167771212D: 22211114085551212
S: 19167771212 D: 14085551212
Sent to PGWOut PGW after manipulation
H.2
25 R
AS
H.22
5 setu
p
V V
PSTN
GK
PSTNAccess GK
19167771212
S: 19167771212 D: 14085551212
H.225 RAS
H.225 setup
888888© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
HSI 1 PGWCCGK-1 HSI-2PSTNGKPSTNGW CCGK-2 AGK-1 EP-1
Alerting
ARQ LRQLCF
ACFSetup
E-ISUP:IAM(FS H. 245 IP/Port)
ARQLRQLCF
ACFSetup
A. ARQA. ACF
Proceeding
Proceeding
Alerting Connect
Connect
H.245 End Session
EISUP: NOT
E-ISUP: CPGE-ISUP: CPGE-ISUP: ANM
E-ISUP: ACM(H. 245 IP/Port)E-ISUP: ACM
(H. 245 IP/Port)
E-ISUP: ANM
Release Complete
DRQ
DCFE-ISUP: REL
E-ISUP: RLCRelease Complete E-ISUP: REL
E-ISUP: RLCDRQ
DCF
E-ISUP:IAM(FS H. 245 IP/Port)
RTP Stream
Begin H.245 OLC
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
898989© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Sample CCGK Config
EntASite 1
PBX V
Ext.: 51212Abbr.: 5....VPNID: 222SiteID: 111 EntA
Site 2PBX V
Ext.: 71212Abbr.: 7....VPNID: 222SiteID: 112
PGW VPN
VVHSI-1 (incoming) HSI-2 (outgoing)
gatekeeperzone local ccgk1 cisco.com 172.19.48.218zone prefix ccgk1 222111* gw-priority 10 RED-C1zone prefix ccgk1 222111* gw-default-priority 0zone prefix ccgk1 222112* gw-priority 10 RED-C2zone prefix ccgk1 222112* gw-default-priority 0zone prefix ccgk1 * gw-priority 10 hsi1zone prefix ccgk1 * gw-default-priority 0gw-type-prefix 1#* default-technologyno shutdown
CCGK1 Config CCGK2 ConfigCCGK1
gatekeeperzone local ccgk2 cisco.com 172.19.48.219zone remote ccgk1 cisco.com 172.19.48.218 1719zone remote pstngk cisco.com 172.19.48.210 1719zone prefix ccgk1 222*zone prefix pstngk *gw-type-prefix 1#* default-technologyno shutdown
CCGK2
GK
PSTNAccess GK
90© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Questions
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
91© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Thank You
92© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
References
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
939393© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Related Networkers Sessions
• VVT 2020 - Designing and Deploying IP Telephony Applications
• VVT 2010 - Designing Service Provider Hosted IP Telephony Networks
• VVT 2022 - Designing Voice Infrastructure and Applications for PSTN Interconnect
• RST 1061 - Deploying MPLS VPNs
• RST 3061 - Troubleshooting MPLS VPNs
• RST 2081 - Deploying Quality of Service for Converged Networks
949494© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Reference URLs
• Cisco Call Manager
http://www.cisco.com/
• IOS Telephony System (ITS) – Features
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_feature_guide09186a0080189132.html
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/index.html
• Cisco MSoVPNwebpage
http://www.cisco.com /
• MPLS Basics
http://www.cisco.com /
• NAT/PAT and Voice
http://www.cisco.com /
http://www.cisco.com/univercd/doc/product/access/sc/rel7/soln/wv_rel1/index.htm
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
95© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Designing and Deploying Managed Voice/Data Services for Enterprise
and SMB SubscribersSession VVT-2021
969696© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1
Please Complete Your Evaluation Form
Session VVT-2021
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr
979797© 2003, Cisco Systems, Inc. All rights reserved.VVT-20217990_05_2003_c1