Collaboration Tutorial :: Special Edition :: NAT Voice/Video Nightmare

Hi guys, when you are studying for CCNA , NAT seems just this passing by topic that you playing around.

you play the little game of changing ip address, that FUN.

but WAIT , until you get into Collaboration world, it becoms a nightmare.

Disclamer : to be able to follow you will need a basic undrestanfin about what NAT do.

a quick review of what NAT do , fo those who skipped NAT classes

you have a packet in : Packet_1 ={@IP_1 : Port_1} and when it traverse a NAT Device we have a packet out with Packet_2 = { @IP_2 : Port_2}

now lets ask this question , what is the layer (refering to the OSI ) is NAT.

well NAT plays with to information, IP and Port which makes it a L3/L4 Porotocol.

Now knowing this is the very basics of why NAT is a nightmare for collaboration.

Well for Collaboration we play around with :

• Media using RTP/RTCP protocols
• whos controls this media , well its the SIG using commonly H.323 & SIP

Now H.323 & SIP are L5 Protocol

what does H.323 & SIP do? well they instruct endpoint how to make calls voice/video between them

and for H.323 & SIP they know about this endpoint via IP Addresse and Ports.

So the nightmare here is when a H.323/SIP packets traverses a NAT device, the NAT only see the L3/L4 portion of that packet and changes the information, but it keeps the L5 information intact this leads into a packet is inconsistent addressing and voice/video will not be able to route correclty.


This issue causes generally sometime a one-way audio or one-way video.


Want to hear about other nightmares, stay tuned

Cheers,

CIPTV 1 : Special Topic : LDAP Intergration with UCM

Hello welcome back guys, i know ive missing lately m hell i havent finished some article in the Media topics and MCU, but i said , i go with what im working on and i will definity go hit them so i can finish them.

with that been said will kickoff the section , now comonin

LDAP integration this mean we will integrate our UCM with a directory management server.

in UCM we have two method of intergration:

• Synchronization
• Authentication

Now what we are integrating?

we will integrate user information from a server to UCM.

now in the UCM we have two types of users in UCM:

• End-Users
• Application Users

End-users are users with interactive login and  that available in the corporate directory and its the main focus of our topic in thie section

Application Users are users for application and non-interactive and CANNOT BE INTEGRATED LDAP.

so that why we will focus only in End-Users.

before we start we will segmented the End-users information into subset

• Subset 1 : Personal / Enterprise information
• Subset 2 : PASSWORD
• Subset 3 : UCM specific information

determening the method of integration is how we will import the subste of the information.

• Synchronization: is when we import the Subset 1 from the LDAP server
• Authentication : is when we import the Subset 1 + Subset 2
• NOTE : SUBSET 3 is never imported from the LDAP

LDAP Attribute Mapping 

who to map the standard LDAP variable to the UCM user variable.

Cisco Unified Communications User Fields	LDAP Attribute
User ID	sAMAccountName
Middle Name	middleName
Manager ID	Manager
Phone Number	telephoneNumber
Title	Title
Mobile Number	mobile
Direcotory URI	msRTCSIP-primartaddress
First Name	givenName
Last Name	sn
Departement	depart
Mail ID	mail
Home Number	homephone

write memory!

CIPTV 1 - Media Ressources

Writing about it :)

here is a quick look

CIPTV 1 - Configure Conferencing Device - Configuring Cisco Telepresence MCU

    Hi guys welcome back again, i hope your are enjoying my posts , im doing my best to keep up a good level,

Now today we will going trought the configration of the Cisco Telepresence MCU, we will see about tow differenet section:

• Deploying MCU with VCS
• Deploying MCU with CUCM

Presection:

whe you start off m first thing first you need to powrup your MCU, by default MCU uses DHCP to learn about it TCP/IP informations , 

1. disable dhcp
2. configure a specifi port
3. configure default route 

MCU:> ethertype A auto //set Port A negociation to auto MCU:> ethertype A 100 full //set port A speed to 100 Mbps and duplex to full-duplex mode MCU:> static A 10.13.208.2 255.255.255.0 10.13.208.1   // set ip address + mask + default gateway

now we are ready to login to the MCU web interface using https://@IP_ADRESSS/

• username : admin
• password :blank

• after login in , first thing you want to do is set a password (in the Users Menu)
• DNS configuration

in the DNS configuration page you will set major parametres which are :

• Hostname - System name : this i will also appear in TMS
• Name Server : he DNS name server IP address
• domain name : the domain of th MCU ( ex: collabtut.com )
• Don't forget the Update button to sage the configuration 9 

• Service Activation 

depending on you topology , scenario and your enviroment you will need MCU service up and running , ensure that all the services you intedn to use are enabled by checking the box beside the port number and also ensure that the port numbe used matched the one used on your network.

once you completed thes task, your ares now set to the next section : MCU via VCS

Section 1 : Deploying MCU with VCS

MCU is like any other dvice it going to need a Call control server in this section the call control server is the VCS.

MCU will register to the VCS.

MCU registration:

• Protocles : SIP and/or H.323
• Parametres : 
• Registration Prefix : its used to id the MCU when registaring to VCS so it will not overlap with other divces
•  Service Prefixe :  service prefix identify the service offered by MCU and it should do with a broader range and allow any dialed alias that macthed the SP to be routed to MCU.

a special parametrs to configure when the user dials an unknow alas for a conference , better not to drop the caller is to allow the conference to be adhocaly created. ( inveted the name) using the 'incoming calls to unknow conference or auto attendants ----setto--> Creats new adhoc conference '


to be more specifice about the protocole configuration here is the follwing table:

Protocole H.323	Protocole SIP
Gatekeeper Enabled	SIP Enabled Registrar
Gatekeeper IP Adress : VCS IP ADDRESS	SIP Domain : better to be the same domain of VCS
Port Association : is the one confired in the presection	Standard SIP
H.323 Alias to be register with : MCU@domain.com	Username : MCU alias “MCUCONF”
Prefix Registration	SIP Proxy IP address : VCS IP ADDRESS
Service Prefix
Check Allow Numerid Reg

*: need to look deep into SIP-based conference

Section 2 : Deploying MCU with CUCM

With CUCM MCU can be used only for rendez-vous and adhoc confeernce, no more scheduled conference

When MCU uses Media port reservation 

CIPTV 1 - Configure Conferencing Device - Select the optimal device - Part 1

Welcome back folks, today we are going to talk mainly about TelePresence solution , specifically Cisco Multipoint Telepresence Solutions.

Well cisco provide us with three major confering device actually more than three if we count CUCM-building soft conferecing bridge and also IOS gateway, which makes a total of 5.

In this particular post will talk in the first part about MCU & Telepresence.

As MCU come only on a hardware , we have in the other hand TS comes in both shapes appliance and software ( virtuliazed baby). when i say hard i mean both appliance and blade option.

Now when it comes to deployement options we have to connect our conferincg device to a call control device. now hold on!!!! so you know where we at take a look to the teleprecense artchitecure overview

the MCU/TS are part of a group device that give us confercing capabilitis in the collaboration network, its doens not accept endpoint regestration thus needing a call control agent 

we can you use two type of call controls :

• VCS-C using SIP / H.323
• CUCM using MRGL

BANGER : the main difference in terms of confercing resides in endpoint, MCU works for non-immerisce endpoint as for TS workd for nonimmersive and immersive.

MCU Family:

• 4500  -Entry Leve
• 5300   -Mid Level
• MSE 8000 Blade -High Level via 8510 MSE

Teleprence is bad ass type MCU if you wanna support more video and a larger set of endpoint like the IX & TX

Cisco TS Family:

• MSE 8000 via 8710
• Standalon 7010
• Vmware ESXI on UCS
• TS 310 & 320

Comparaison in conferencing check image below:

                  <--------------------------------------image here="" loading-------------------="">
Multipoint : technologie that makes multiple three or more endpoint in a call
Multisite : is the name cisco gives to the option key that enables endpint to host muliôin calls
Miltway : is call escalation from point-to-point call to a multipoint call using Cisco Telepresence Multiway

Multisite Call	Limited as the endpoint is mergin the media of all the endpoints in the conference, not very scalable
Multiway call	Scable and uses the VCS-MCU couple power to host call via the multiway URI

Adhoc conference : are is considered to be a on the fly non scheduled conference.

in the comment give me scenarios of a adhoc conference.

note : a call between 2 user is considered a adhoc conference.

Thank you.

CIPTV 1 - Configure an IOS Gateway - CUBE fonctions / CUBE Video

Helle back guys, will take over a new topic, a topic which give me the goosebumps to be honest with you.

CUBE is hard as a RUBIK CUBE puzzle, i'm not kidding. And we better get started.

CUBE stands for Cisco Unified Border Element, this evil guy is placed in the border of your collaboration network.

what's beyond the border, well one thing for sure that is the ISP ( Internet Service Provider ) , and so as you know a very ISP , because don't give normal ISP access but rather SIP (commonly) access service into its VOIP network.


before we start a brief intro of the infamous CUBE, some of CUBE foncionalites are :

• CUBE interworking VoIP networks ( against the concept of a usual Voice gateway)
• Also called Session Border Controller ot IP-to-IP gateway
• it runs on Cisco  IOS router
• Ability to connect a voip dialpeer to another vop dialpeer
• interworking scenarios
• H.323 to SIP
• SIP to H.323
• SIP to SIP and H.323 to H.323

Here a general like topology when deploying CUBE:

now let's get to why you are here, i like to call this section the WhyTF CUBE?

Why we in hell in need CUBE?

• Reason 1 : Session Mgt , as it goes also by the name of Session Border Controller , ut provide real time session management , statistics , CAC, etc.
• Reason 2 : Interworking is far most an important functionalities of CUBE as it enbaled us to connect different IP network, transcoding and codec filtering is part of CUBE'S ...
• Demarcation : wee you can say it in another simple word as ISOLATION , it provide isolation for you private from the ISP'S, which increase security , enables topology hiding
• Security : Encrypted communication and authorized registration to prevent toll-fraud

CUBE provide low cost architecture and flexil usage which makes it a very cost-effective solution
another key point about CUBE is scalability think of how many connection of Ethernet port can a CUBE have against a Cisco IOS Gateway with 4EHWIC limited by the number of port / card.

ease of deployment can be a pros and a con depending on the level of implementation.


NEW : classic way to connecto to ISP is via PRI /BRI connection that are not very scable vs connecting via SIP Trunks whihc requiers in L2 only ethernet

CUBE Call Flow:

calls as they flows trought the CUBE can be categorized into two types:

• Media flow-trought : in this type both Media and signalling is passed trought the CUBE
• Media flow-around : in this type only signaling is passed trought CUBE, as for the media is been transmit directly or not between the endpoint, no CUBE interaction with the media.

CUBE Design :

when designing a CUBE solution for voice there is some parameters to watch out for:

• CPS Call Per Second
• Active call ( media trought or media around)
• Transcoding resource

as we saw CUBE can intercat with the media , a caracteris of it the codec , CUBE has the ability to change the codec of a media stream using transcoding ressource as well as been transparent, we can say that the CUBE operate into mode:

• non-transparent codec negotiation
• transparent négociation

somethimg to note about CUBE is also now listen very carefully , its also can transpoarent for SDP messages , this is called pass-thru sdp, this means that CUBE will not interfer in the negotiation via SIP/SDP messages and this will directly between the endpoints.


BASIC / DESIGN CONFIGURATION


CUBE SIP PROFILE
now will talk a very cool gadget up the sleves of CISCO IOS gateway with uck9 license pack meaning they supprot Voice features.

what is a SIP profile?
a SIP profile is like a transaltion pattern, --many concepts in the CISCO UC collab technoligies is used over and over but in the difference place and bit of modification --

just like a transaltion rule or transaltino pattern , the SIP profile is used to match a string in a SIP/SDP message and then apply operation on it, this operation in contrast with TR & TP , SIP profile gave more operation then them as it not only do a MATCH-REPLACE operation it can do MATCH-ADD or MATCH-MODIFY or MATCH-REMOVE

very cool tool in CISCO IOS when working in a SIP enviroment, i invite you to check it in more fine details.

CUBE VIDEO
CUBE is also used in voice calls as for video calls.

check a blog of ipexpert.com on CUBE video calls its very helpfull (http://blog.ipexpert.com/cube-video-calling/)

you get hold of a concepet of the CUBE rtp payload negociation and a little bit of configuration that need to be done for CUBE Video Caalling



Cheers, Oussama