Its been a while since I updated. We completed some work on MGCP, H323 and SIP, but I felt they were incomplete for use on the blog. I will get those up as soon as I get the rest of the info. I may also do it in a part 2, but for now lets talk about gatekeepers.
What are they?
In MMA they are refered to guys who can beat any other fighter in there weight class on any given night, but for some reason or another they can't muster up enough win's to get the title shot. O
Any other definition.
Well in the world of Voice/Video they can be used for a few task.
Address resolution
Admission Control
Bandwidth management
Zone Management
Call Authorization
Address Resolution
the number you dial has to be turned into a IP address so we can reach the distant endpoint, so it does "Resolution" kinda similar to DNS.
Admission Control.
You can't just make a call when a gatekeeper is in town. Gateways have to go out to the gatekeeper and request for a call to be placed
Bandwidth Management.
When we are using multiple clusters the location function doesn't work as we have different call managers around so the gatekeeper can provide CAC, by keeping track of the calls being made. This gets pretty funky with how G711 under uses the bandwidth and G729 over uses the bandwidth and we will cover this later on.
Zone Management.
Gatekeepers keep track of all the gateways in there zone through a registration process. Gateways just can't come online with talking to the gatekeeper 1st.
Call Authorization
Gatekeepers can control access to certain gateways. You can use a AAA server with Radius to get this to work.
Gatekeeper signalling
H323 uses a H225 setup messages before it send the H245 messages for capabilities. When using gatekeepers for signalling we still use H225, but we use a form called Ras. So H225 Ras is used for the signalling between gateways and gatekeepers. and there are several sub messages when using them. Stay tuned as we break down the gatekeeper signalling and call flow in the next post.
Monday, March 28, 2011
Thursday, March 17, 2011
Crappy side of the new IOS Voice SIP secuirty
As we all know, SIP has become a target of hackers as they are able to break into networks and steal resources. I've had the pleasure of working a few Toll Fraud cases in my years. Today I got a call that someone's inbound dialing had stopped working. Turned on some debugs and it showed my cell phone number was getting rejected. Thats weird. I made a call to the SIP provider and asked them to watch some inbound calls for me. They saw the same thing. I asked them if they had changed there IP recently and they said on Tuesday!!!!!!!!!!!!!!!. WTF. They sent out notifications, but my customer doesn't read the mail. This was a pretty quick and easy fix. The problem is with the new VOIP security in IOS it only accepts IP address at this time. Hopefully cisco will implement putting in domain names.
Wednesday, March 16, 2011
DHCP
Dynamic host Control Protocol
So in the typical world we use DHCP to get a IP address from a server. This allows us to have a server give out IP address to devices instead of them having staticlly assisgned. This also allows for easier troubelshooting.
For CUCM there is a DHCP server on the server. It just needs to be turned on. The helper address on routers needed to be configured so the Phones can get to the server. The other option is to configure DHCP on a IOS device. Key things to remember is to not give out sever address or router interfaces. The easy way to do this is to do a exclusion rule. Then the DHCP pool and key for VOIP is Option 150. Option 150 has the TFTP server that will be used give the phones there configs and other items from the call manager.
So for the config There is a order of operations according to cisco
1. Exclude the IP's you don't want to have given out.
IP dhcp excluded-address x.x.x.x(we can do a range if need be)
2. Create Pool
IP DHCP POOL VOICE site 1
3. Define network
Network 192.168.1.0/24(we can define the network with slash notation)
4. Default gateway
Default-Router 192.168.1.1
5. Option 150
Option 150 ip X.X.X.X (address of TFTP server)
I can't do screen caps of a call manager here, but once you configured the device on call manager we would need to add helper address
on the voice vlan add
ip helper-address X.X.X.X address of the call manager.
So in the typical world we use DHCP to get a IP address from a server. This allows us to have a server give out IP address to devices instead of them having staticlly assisgned. This also allows for easier troubelshooting.
For CUCM there is a DHCP server on the server. It just needs to be turned on. The helper address on routers needed to be configured so the Phones can get to the server. The other option is to configure DHCP on a IOS device. Key things to remember is to not give out sever address or router interfaces. The easy way to do this is to do a exclusion rule. Then the DHCP pool and key for VOIP is Option 150. Option 150 has the TFTP server that will be used give the phones there configs and other items from the call manager.
So for the config There is a order of operations according to cisco
1. Exclude the IP's you don't want to have given out.
IP dhcp excluded-address x.x.x.x(we can do a range if need be)
2. Create Pool
IP DHCP POOL VOICE site 1
3. Define network
Network 192.168.1.0/24(we can define the network with slash notation)
4. Default gateway
Default-Router 192.168.1.1
5. Option 150
Option 150 ip X.X.X.X (address of TFTP server)
I can't do screen caps of a call manager here, but once you configured the device on call manager we would need to add helper address
on the voice vlan add
ip helper-address X.X.X.X address of the call manager.
Tuesday, March 15, 2011
Network Time Protocol
How do we keep time? and why is it so important
When Troubleshooting having the correct time on the phones is very important to gather accurate data. Some of us who also work in Large networks or for service providers need a way to gather billing.
We can use a router or some other device on the network to get time. Routers can be a server or a client.
The routers can send out either a Unicast of BCST messages to give out the time. Authentication can also be performed on the routers.
Call Manger will use a NTP reference which points to the devices. In the newer versions of call manager the PUB will synch all the other CUCM servers.
Configuration on IOS based Devices is pretty easy
ntp server 192.168.2.2
When Troubleshooting having the correct time on the phones is very important to gather accurate data. Some of us who also work in Large networks or for service providers need a way to gather billing.
We can use a router or some other device on the network to get time. Routers can be a server or a client.
The routers can send out either a Unicast of BCST messages to give out the time. Authentication can also be performed on the routers.
Call Manger will use a NTP reference which points to the devices. In the newer versions of call manager the PUB will synch all the other CUCM servers.
Configuration on IOS based Devices is pretty easy
ntp server 192.168.2.2
Monday, March 14, 2011
Voice Vlans
Voice Vlans
Why do we have them?
We use them to Separate Voice traffic from the data traffic. When you can add QOS and monitor the Traffic separately. Its signaled to the IP PHONE from CDP. There are a few options to get the VLAN's going
Combined Voice and Data Vlan. We do this with Soft phones. The Switch port is set to Access Mode and the Data and Voice share that Vlan
Separate Voice and Data Vlans
2 Vlans on 1 switch port. Data frames are left untagged, The voice frames are Tagged. This allows us to identify which packets are which is will need QOS and so on.
Trunks with Voice Vlan.
Set the port as a trunk instead of a access port. Data will go as the Native Vlan and the Voice will go as the Voice Vlan. We still get QOS features with the separate Vlans.
With IP precedence and COS(layer 2 QOS) set, by default this is 5, but it55 can be changed and will be changed as we move forward into setting up VLAN.
The IP phone itself is a swich and on the Switch Port we can setup the Voice and Data Vlan on how to tag traffic.
The IP phone can
Tag voice VLAN TRAFFIC with Layer 2(COS)
Untaged with no COS
With the Data we can send it through the IP phone trusted where its not checked. Untrusted where we tag it with COS of our choice.
Config examples
Single Vlan
interface FastEthernet0/1/0
Switchport mode access
switchport access vlan 101
switchport voice vlan dot1p
spanning-tree portfast
Multi Vlan
Switchport mode access
switchport access vlan 101
switchport voice vlan 100
spanning-tree portfast
Remember to have your voice vlans in lower vlan numbers if possible so spanning tree can re converge.
Why do we have them?
We use them to Separate Voice traffic from the data traffic. When you can add QOS and monitor the Traffic separately. Its signaled to the IP PHONE from CDP. There are a few options to get the VLAN's going
Combined Voice and Data Vlan. We do this with Soft phones. The Switch port is set to Access Mode and the Data and Voice share that Vlan
Separate Voice and Data Vlans
2 Vlans on 1 switch port. Data frames are left untagged, The voice frames are Tagged. This allows us to identify which packets are which is will need QOS and so on.
Trunks with Voice Vlan.
Set the port as a trunk instead of a access port. Data will go as the Native Vlan and the Voice will go as the Voice Vlan. We still get QOS features with the separate Vlans.
With IP precedence and COS(layer 2 QOS) set, by default this is 5, but it55 can be changed and will be changed as we move forward into setting up VLAN.
The IP phone itself is a swich and on the Switch Port we can setup the Voice and Data Vlan on how to tag traffic.
The IP phone can
Tag voice VLAN TRAFFIC with Layer 2(COS)
Untaged with no COS
With the Data we can send it through the IP phone trusted where its not checked. Untrusted where we tag it with COS of our choice.
Config examples
Single Vlan
interface FastEthernet0/1/0
Switchport mode access
switchport access vlan 101
switchport voice vlan dot1p
spanning-tree portfast
Multi Vlan
Switchport mode access
switchport access vlan 101
switchport voice vlan 100
spanning-tree portfast
Remember to have your voice vlans in lower vlan numbers if possible so spanning tree can re converge.
Sunday, March 13, 2011
What is H323
H323 is a suite of protocols which are used to control Voice and Video over IP based networks. Under H323 we have the following
H225- Set's up the call setup and Teardown between Dvices.
H225(RAS) Protocol between the endpoints and the gatekeer
H235- Specified Security for messages between the gateway and gatekeeper
H245- Controls Traffic flow, Performs DTMF, limits the media, Capability exchange.
H261/263- Video Conferencing
H.450 Supplementary services between H323 devices.
H323 components
Gateways, Gatekeepers, Terminals, and MCU's(multipoint control unit)
Gateways
These contain the connection between a IP based network, and the TDM network(PSTN) We configuring our dial-peers here, these can register with the Gatekeepers, These are usually are routers in most deployments. They can also handle phones being registered with them VS the call manager.
Gatekeepers.
Centralized point in a VOIP deployment. Gatekeepers can perform CAC(call admission control), and perform address Translation. H323 Can get messy with Dial-Peers configured to point to all devices. With a Gatekeeper(s) you can configure your entire dial-plan here and save on T/S hours as gateways will all have the same info.
Terminals
IP phones, Video phones and so on. They perform 2 way communication in the IP network. They have to support H245 for channel and capability control. They sent RTP streams from there devices to the other terminal.
MCU
Allow several participants in a conference.
How does H323 Work
The gateways exchange H225 Call setup Massages bewteen each other, then a H245 message is sent with Capability exchange. The IP address of the devices are sent and if it all works RTP packets start to flow.
H323 Fast Start/Fast Connect
When you are using this one of the setup messages will have fast start encluded which has the list of capabilities and list of codec options. The other end will reply with a fast start of its own with the same info. This allows the call to start right away without the delay that we hear sometimes when a call is setting up.
So how do we configure all of this.
Stay tuned its coming in future Post as we get closer to the written and need to start getting ready for labbing.
H225- Set's up the call setup and Teardown between Dvices.
H225(RAS) Protocol between the endpoints and the gatekeer
H235- Specified Security for messages between the gateway and gatekeeper
H245- Controls Traffic flow, Performs DTMF, limits the media, Capability exchange.
H261/263- Video Conferencing
H.450 Supplementary services between H323 devices.
H323 components
Gateways, Gatekeepers, Terminals, and MCU's(multipoint control unit)
Gateways
These contain the connection between a IP based network, and the TDM network(PSTN) We configuring our dial-peers here, these can register with the Gatekeepers, These are usually are routers in most deployments. They can also handle phones being registered with them VS the call manager.
Gatekeepers.
Centralized point in a VOIP deployment. Gatekeepers can perform CAC(call admission control), and perform address Translation. H323 Can get messy with Dial-Peers configured to point to all devices. With a Gatekeeper(s) you can configure your entire dial-plan here and save on T/S hours as gateways will all have the same info.
Terminals
IP phones, Video phones and so on. They perform 2 way communication in the IP network. They have to support H245 for channel and capability control. They sent RTP streams from there devices to the other terminal.
MCU
Allow several participants in a conference.
How does H323 Work
The gateways exchange H225 Call setup Massages bewteen each other, then a H245 message is sent with Capability exchange. The IP address of the devices are sent and if it all works RTP packets start to flow.
H323 Fast Start/Fast Connect
When you are using this one of the setup messages will have fast start encluded which has the list of capabilities and list of codec options. The other end will reply with a fast start of its own with the same info. This allows the call to start right away without the delay that we hear sometimes when a call is setting up.
So how do we configure all of this.
Stay tuned its coming in future Post as we get closer to the written and need to start getting ready for labbing.
Can you hear me? One way Audio!!!!!!
When you make a call you expect to be able to hear the person on the other side? Thats a pretty simple request. In the world of communications most calls are actually not just one stream that is shared. Its 2 streams going in the opposite directions. In the IP world sometimes the packets take different directions, other times firewalls get in the way and numerous other issues that can make you have a less than pleasant call. So I had a customer that I have been dealing with who was experiencing this issue on international calls. Real quick troubleshooting pointed to the SIP provider as all other calls were working which took PRI circuits to the PSTN. Now this is here this gets interesting. We have a provider that can only troubleshoot through packet capture. They could take the debugs showing that we were packets only coming one way. This router was in a situation where we can't get packet captures so we can do traffic export. This feature is new in IOS 12.3 So its been around for quite so time.
Config t
ip traffic-export profile audio mode capture
bidirectional
exit
!apply to an interface
interface g0/0<------interface you want to capture from ip traffic-export apply audio [size ]
Then you can use these exec (enable) level commands:
traffic-export interface g0/0 clear
traffic-export interface g0/0 start
traffic-export interface g0/0 stop
traffic-export interface g0/0 copy ftp://username:password@x.x.x.x/capture.pcap
Pretty easy to do. Then we sent them off to the provider. They adjusted some routes and my problem was solved. In the end of day make sure you understand all the tools available so you can effectively troubleshoot.
Config t
ip traffic-export profile audio mode capture
bidirectional
exit
!apply to an interface
interface g0/0<------interface you want to capture from ip traffic-export apply audio [size
Then you can use these exec (enable) level commands:
traffic-export interface g0/0 clear
traffic-export interface g0/0 start
traffic-export interface g0/0 stop
traffic-export interface g0/0 copy ftp://username:password@x.x.x.x/capture.pcap
Pretty easy to do. Then we sent them off to the provider. They adjusted some routes and my problem was solved. In the end of day make sure you understand all the tools available so you can effectively troubleshoot.
SIP Basics
What is SIP
Sip is a peer to Peer App layer(7) protocol used for signaling and setting up sessions. It's independent of the underlying transport so it can be TCP,UDP, MPLS, ATM and so on. Sip is also text based so its easier for us to read. Sip runs usually on port 5060 for connection to SIP severs and endpoints. We use SIP to setup and Tear Down Voice, Video, or any application that requires a session. The actually communication is done over a different transport which is usually RTP in the case for VOIP.
Why do we use SIP?
SIP is here for us to provide PSTN like features in a IP based world. Sip provides the call setup and signaling for this to happen. So when you pick up your phone to call someone, when you dial a number, when you hear ring, back and busy signals.
SIP components
SIP has 5 parts that play a role in getting it up and running
USER Agent
VOIP phone, Cell Phone, Video Terminal. These devices can setup and Terminate sessions when they exchange the correct message. Subsets of these include User agent Clients which can send SIP request, and User agent Servers which will act as a "proxy" and acts on the behalf of the user
Proxy Server
This acts as a server and client for making request. The request can be send on to external devices or acted upon internally.
Redirect Server
They take SIP request, Give it a address and returns them to the client.
Registrar.
Server takes request for updated the database.
B2BUA
Back to Back User agent.
Operate both endpoints of a phone call, Acts as a user agent server and client and generates request and responds.
Other things to know:
Sip functions just like HTTP in how it was made. As I said above its Human Readable text.
SIP Messages
2 types that we have
Request and Responses
Request are sent from the client to the server, and responses are sent in the opposite direction.
Sip request messages
"INVITE" which tells you someone is trying to setup a call with you.
"ACK" A final Response to a "INVITE"
"BYE" Ends a call
"CANCEL" Just like it says cancels a search
"OPTIONS" Queries capabilities
"REGISTER" Registers the User Agent with the Registrar
SIP also Has response messages which are like the usual HTTP errors we see like the 404 that we get when browsing
SIP address
Fully Qualified Domain names, E164 Address or mixed address
So how would we configure such a think on our gateway and Call Manager?
Stayed Tuned
There is a lot of flexibility so in the future we are going to cover setting up SIP to a ITSP, Setting up SIP for functionality in CUPS, CUE and possibly some SIP 3rd party phones.
Sip is a peer to Peer App layer(7) protocol used for signaling and setting up sessions. It's independent of the underlying transport so it can be TCP,UDP, MPLS, ATM and so on. Sip is also text based so its easier for us to read. Sip runs usually on port 5060 for connection to SIP severs and endpoints. We use SIP to setup and Tear Down Voice, Video, or any application that requires a session. The actually communication is done over a different transport which is usually RTP in the case for VOIP.
Why do we use SIP?
SIP is here for us to provide PSTN like features in a IP based world. Sip provides the call setup and signaling for this to happen. So when you pick up your phone to call someone, when you dial a number, when you hear ring, back and busy signals.
SIP components
SIP has 5 parts that play a role in getting it up and running
USER Agent
VOIP phone, Cell Phone, Video Terminal. These devices can setup and Terminate sessions when they exchange the correct message. Subsets of these include User agent Clients which can send SIP request, and User agent Servers which will act as a "proxy" and acts on the behalf of the user
Proxy Server
This acts as a server and client for making request. The request can be send on to external devices or acted upon internally.
Redirect Server
They take SIP request, Give it a address and returns them to the client.
Registrar.
Server takes request for updated the database.
B2BUA
Back to Back User agent.
Operate both endpoints of a phone call, Acts as a user agent server and client and generates request and responds.
Other things to know:
Sip functions just like HTTP in how it was made. As I said above its Human Readable text.
SIP Messages
2 types that we have
Request and Responses
Request are sent from the client to the server, and responses are sent in the opposite direction.
Sip request messages
"INVITE" which tells you someone is trying to setup a call with you.
"ACK" A final Response to a "INVITE"
"BYE" Ends a call
"CANCEL" Just like it says cancels a search
"OPTIONS" Queries capabilities
"REGISTER" Registers the User Agent with the Registrar
SIP also Has response messages which are like the usual HTTP errors we see like the 404 that we get when browsing
SIP address
Fully Qualified Domain names, E164 Address or mixed address
So how would we configure such a think on our gateway and Call Manager?
Stayed Tuned
There is a lot of flexibility so in the future we are going to cover setting up SIP to a ITSP, Setting up SIP for functionality in CUPS, CUE and possibly some SIP 3rd party phones.
Monday, March 7, 2011
Do any Pro's use Hyper Terminal?????
Most of the time if we see a guy using hyper terminal its the sign of a a amateur in the world of who use the CLI for day to day task. Once a guy at work said "well if that's there's all to use/and its free" still told me in my head "amateur". We didn't' even use hyper terminal in Cisco Academy, and that was some years ago. So the question I ask today is "who still uses Hyper Terminal" is it even included with the current version of windows? The answer to that is a big fat no.
http://windows.microsoft.com/en-US/windows-vista/What-happened-to-HyperTerminal
http://windows.microsoft.com/en-US/windows-vista/What-happened-to-HyperTerminal
Wednesday, March 2, 2011
CCIE Voice Writen Break down
Over the next few weeks I will be working my way though the CCIE Voice Written exam. I have purchased CCbootcamps Voice Book. I will also be using SRND for CUCM and UCCX and some other documentation that I have pulled from cisco's website regarding the Voice written exam. The goal of the post are to find a place to document my notes as I work my way through the exam topics. I have a few hurdles at work coming up so this won't be a ready aim fire at the exam. STAY TUNED.
Subscribe to:
Posts (Atom)