DGTL-BRKCOL-2125
DGTL-BRKCOL-2125
DGTL-BRKCOL-2125
#CiscoLive
Agenda
• CUBE Overview, Deployments, and SIP Trunk Sizing
• CUBE Licensing Updates
• CUBE Architecture (Physical & Virtual)
• Transitioning to SIP Trunking using CUBE
• Advanced features on CUBE (Call Routing, Multi-Tenancy)
• Call Recording & Intro to CUBE Media Proxy
• Securing Collab deployments with CUBE
• Futures & Key Takeaways
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
CUBE Overview and
Deployments
On-Prem Collaboration Deployment (CUBE-T-STD)
DEMARC
Enterprise LAN ITSP WAN (SIP Provider)
PSTN (PRI/FXO)
Unified CM
TDM Backup
(Not available in
10.10.1.20
10.10.1.21 vCUBE)
66.77.37.2
Gig0/0
PSTN
Gig0/1
CUBE 128.107.214.195
SIP
DEMARC
H.323
RTP
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
CUBE LineSide (previously NanoCUBE) Deployment
Scenarios (CUBE-L-STD)
Service Provider
Call Control
Small Business
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Branch CUBE Deployment with SRST Provisioned (CUBE-T-STD)
Branch with Unified SRST Provisioned
on the same platform as CUBE
Unified CM LAN Dial-Peers WAN Dial-Peers
CUBE
Gig0/0
PSTN
Enterprise Gig0/1
Data IP WAN
Center RTP
SIP - Trunkside
SIP - Lineside
SIP Endpoints
Enterprise LAN ITSP WAN (SIP Provider)
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Enabling compliance recording
w/CUBE Media Proxy (CUBE-MP-RED)
Recorder1
6
CUCM 12.5+ RTP
Recorder2
Media Proxy
RTP
5
Speech Analytics
1 SIP
CUBE RTP
2 0. CUCM registers to CUBE as an external XMF Application (using UC GW services API – CUCM NBR)
1,2. Initial call setups via CUBE-Ent
3. CUCM sets up SIP (recording) session with CUBE Media Proxy (offer/answer) with dummy port
4. MP destination IP/port obtained in Step-3 relayed by CUCM to CUBE via XMF API interface (HTTP)
5. CUBE-Ent starts to fork media streams to the MP (target ip/port received in Step-4). MP accepts RTP because of Media latching in the
inbound leg from CUCM
6. MP sets up SIP recording sessions with the 3 Recorders for multi-fork.
The ingress media stream from CUBE-Ent is then multi-forked by MP towards the 3 recorders simultaneously using the destination
ip/ports as negotiated in the SIP offer/answer
#CiscoLive b/w MP and the Recorders. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
DGTL-BRKCOL-2125 8
Webex Calling - Local Gateway Deployment
• Enables BYoPSTN option for Webex Calling
• Provides connectivity to a customer-owned PSTN
service
• May also provide connectivity to an on-premises
Cisco Webex Calling IP PBX or dedicated SBC/PSTN GW
• Endpoint registration is NOT proxied through
Local Gateway, unlike CUBE Lineside. Endpoints
Internet directly register to Webex Calling over the
PSTN Internet eliminating the need for endpoint
survivability.
Customer Site
Local • All communication between Webex Calling and
Gateway
endpoints/LGW is secured (SIP TLS/sRTP)
SBC or
IP PBX Webex Calling Endpoints • IOS-XE 16.10.x not supported.
Latest IOS-XE 16.12 or 16.9 release recommended
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Deploying Cisco Webex Edge Audio w/CUBE
High level overview
Webex Edge
1. On-premises telephone dials the Webex
Cisco Audio meeting number or gets a call back from
Unified CM Meeting the Webex meeting to get connected by
Z
audio into the meeting.
CUBE
2. Signaling is routed via the on-premises
call control device (Unified CM) through
the CUBE to Webex Meetings audio
IP Phone
service.
3. Audio media (the sound) is routed from
Customer Signaling the Webex meeting to CUBE and then to
Premises Media Path the on-premises phone for callback and
the reverse for call in.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Cisco UCM Cloud
PSTN interconnect via customer premises/Local Gateway
Cisco
• Customer/partner provides dual
UCM Cloud
connections to Equinix for redundancy
• Cisco® UCM Cloud has a redundant Signaling Equinix
provider
• SIP trunks are connected to the UCM
Cloud service from the customer’s
PSTN
local gateway
Customer Premises
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
CUBE High Availability as Local Gateway
Layer 2 box-to-box redundancy
CUBE-1
=
GE0/0/0 – GE0/0/1 –
10.10.1.10 Cisco Webex Calling
redundancy
redundancy
10.10.1.3 CUBE
20.20.1.3
GE0/0/2 – 40462196.cisco-bcld.com
rii 2
rii 1
Keepalives Internet
GE0/0/2 –
WAN Edge
IP PSTN
CUCM LAN GE0/0/0 –
WAN
GE0/0/1 – Y.Y.Y.Y
Virtual IP CUBE Virtual IP
CUBE-2
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Microsoft Teams Direct Routing – Solution Overview
Microsoft Provided
Internet
SIP TLS sRTP
PSTN
SIP UDP/RTP Teams Client Teams Client
ASR 1002-X
ASR 1001-X ASR 1006-X
50-100 w/RP3 +
ESP40/ESP100
ISR 4451-X Starting IOS-XE 16.6
20-35 Introducing CUBE
on ISR4461
IOS-XE 17.2.1r IOS-XE 17.x does not
15-20
support ESP 20
CUBE on CSR
ISR 4431
8-12
vCUBE
ISR 4351
ISR1100s
IOS-XE 16.12.1+
4 <50 500-600 900-1000 2000-2500 4000 4500-6000 7000-10,000 12K-14K 14-16K
DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Testing Methodology
Testing Benchmark guidelines
• Collab Calls – Refers to basic IP telephony calls, e.g., IP Phone registered to UCM making
a PSTN call via a SIP trunk to CUBE
• Contact Center (UCCE) Calls – Inbound PSTN calls on CUBE (ingress CUBE) for CVP
treatment
• Platform is tested with a linear/constant call presentation rate - the presented CPS value
- with one type of call flow. Call Hold Time (CHT) is set for 180 seconds
• CPS is the maximum sustainable average presentation rate. Higher instantaneous
presentation rates are possible, but this is not tested.
• Tests focus on the number of successful simultaneous or concurrent active call handling
at around 70% CPU and memory utilization. Buffer allows for other features that might
be configured / required in IOS-XE
• All CUBE platforms are tested with static IP routing configured for the next hop
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
General Guidelines
CUBE Sizing Guidelines
• All deployments for CUBE must be done with the following memory:
• 16GB of memory for ASR1K series – 8 GB (Control Plane memory) for ISR4400 series
• 4 GB for ISR4300 series – 2 GB for ISR G2 series
• Session count (end to end calls through CUBE) is dependent on the amount of memory
in the box. Numbers listed in the datasheet are based on above memory requirements
being satisfied
• CUBE Media Proxy cannot be co-located with CUBE Enterprise
• CUBE HA has less than 5% impact on number of sessions under full load
• CUBE + IOS based S/W MTP co-location: 1 S/W MTP session on the platform = 1 CUBE
IPT session, when specific data tables are not available, and not to exceed total CUBE
Collab numbers combined
• Complex call flows (Cisco UCCE) can reduce CPS and session count. With IOS-XE
16.12+, there is significant performance gain for UCCE call flows
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
CUBE Sizing Guidelines
• SRTP with SIP TLS : Numbers will vary based on crypto algorithm and codec
used
• SRTP pass-thru session count and CPS same as RTP-RTP call flows
• SIP Header manipulation through SIP profiles has less than 5% impact on
number of sessions. Impact of SDP manipulation will be slightly higher
compared to SIP headers. For example, 6% for changing the codec order in
the m-lines
• Media forking for call recording can have a 50% impact on IPT session count
regardless of the call type (IPT or UCCE) being recorded on CUBE Enterprise.
This includes SIPREC, CUBE ORA with Cisco MediaSense, and CUCM NBR.
• Performance numbers will be published for long lived (July) releases. [16.9,
16.12, 17.3, etc]
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Call Admission Control (CAC)
• Call processing capacity for any CUBE instance will be influenced by several
considerations, including software version, features configured and the platform
itself
• To ensure that calls continue to be processed reliably, configure Call Admission
Control as follows to reject calls when use of system resources exceeds 80%. Refer
to the CUBE Configuration Guide for further details
enable
conf t
call threshold global cpu-avg low 75 high 80
call threshold global total-mem low 75 high 80
call treatment on
end
Platform
Encrypted video calls Encrypted Video calls
1CSR1Kv - Based on tests using Cisco UCS ® C240 host with Intel ® Xeon ®
w/GCM256 CPS SHA1_80 – GCM128 CPS
6132 2.60GHz processors running VMware ESXi 6.0.
sRTP(G711)-RTP(G711) sRTP(G711) - sRTP(G711)
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
CUBE Licensing
Platform Licensing prior to enabling CUBE
• Before CUBE can be configured and licensed, platform technology and
throughput licensing is required.
• Ensure appropriate license for using TLS on the platform is enabled
• For Cisco ISR 1000 and Cisco ISR4000 series, UCK9 and SecurityK9 are required
license boot level uck9
license boot level securityk9
• For Cisco Cloud Services Router 1000 series virtual routers, configure both the
feature and required throughput levels. Example below displays CLI required for
1Gbps throughput, how to increase memory configuration, and enabling AX
package (all licensed options)
license boot level ax
platform hardware throughput level MB 1000
platform memory add 4000
• For Cisco ASR1000 series routers, Advanced IP services is required
license boot level advipservices
license boot level adventerprise
#CiscoLive DGTL-BRKCOL-2112 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
CUBE Licensing Offer
What is Smart Licensing?
• Smart Licensing is a Cisco wide initiative that provides a License Inventory Management
System which provides Customers, Cisco, and Selected Partners with information about
License Ownership and Use
• All licenses are delivered directly to your cloud based Cisco Smart Software Manager (CSSM)
account allowing you to control where they are used and monitor how they are used.
• Smart Licenses do not require registration, so no more PAKs
• Smart licenses entitle the CUSTOMER, not the product instance. Licenses are not node
locked.
• Licenses are pooled for flexible use by devices registered to the same account
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Cisco Unified Border Element (CUBE)
SIP Trunking to a Provider
• The Cisco Unified Border Element (CUBE)
feature set delivers Session Border Control
(SBC) functionality for Cisco IOS router
platforms, enabling highly secure voice and
PE-SBC
video connectivity between an enterprise IP
network and service provider trunk services.
MPLS, VPN, • CUBE performs four critical functions of an
Internet SBC:
SIP Service
Connection Certified
• Policy based session management
demarcation • Security enforcement
• Protocol and media interworking
IP-PBX
Premise-based
Call control • Network demarcation
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Simplifying the CUBE Trunk Offer
Current: EoS
15 June
Simplified:
100+ PIDs 2019 2 options, 3 PIDs!
CUBE License – 5 Sessions CUBE License –ASR 100 Sessions Red
(FL-CUBEE-5) (FLASR1-CE-100R)
CUBE License –5 Sessions Red CUBE License –ASR 500 Sessions Red CUBE Trunk Standard License
(FL-CUBEE-5-RED) (FLASR1-CE-500R) – 1 Session
CUBE License – 25 Sessions CUBE License –ASR 1,000 Sessions Red (CUBE-T-STD) +SWSS
(FL-CUBEE-25) (FLASR1-CE-1KR)
CUBE License –25 Sessions Red CUBE License –ASR 4,000 Sessions Red
CUBE Trunk Redundant License
(FL-CUBEE-25-RED) (FLASR1-CE-4KR) – 1 Session
CUBE License – 100 Sessions CUBE License –ASR 16,000 Sessions Red (CUBE-T-RED) +SWSS
(FL-CUBEE-100) (FLASR1-CE-16KR)
CUBE License –100 Sessions Red CUBE License – C1 ASR 100 Sessions
Upgrade to Trunk Redundant
(FL-CUBEE-100-RED) (C1-A-ASR1CUBEE100P) +SWSS License – 1 Session
CUBE License – Cisco ONE (1 Session)
+SWSS
CUBE License – C1 ASR 100 Sessions Red
+SWSS
(CUBE-T-RED-UP) +SWSS
(C1-CUBEE-STD) (C1-A-ASR1CUBEE100R)
CUBE License–Cisco ONE (1 Session Red) CUBE License – C1 ASR xxxx Sessions xx CUBE session licenses are common
(C1-CUBEE-RED) +SWSS (C1-A-ASR CUBEE…) +SWSS
across ISR, CSR and ASR platforms and
------ ------ can be pooled in a Smart Virtual Account
Note: Platform technology licenses are required to enable CUBE functionality. See later slide.
As part of migration to Smart and SWSS enabled licensing for CUBE, all $0 licenses from router bundles will be removed by end of April 2019. Product Bulletin for
the same can be accessed at https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-element/bulletin-c25-742073.html
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
What’s included in a Trunk License?
One Inbound leg Secure Media Multiple media sessions per call
Any protocol, any media Encrypt, decrypt, Re-encrypt
One Outbound leg Media Transcoding, Transrating Call handling policy via XCC API
Any protocol, any media & DTMF Interworking
One SIP Forked leg Advanced header manipulation Stateful High Availability*
Local or API controlled
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
CUBE Offers with Smart Licensing
Cisco Unified Border Element (CUBE) Smart License Options
Top Level “L-CUBE”
Simplified New New
Trunk Offer Lineside Offer Media Proxy
CUBE Standard Trunk License
+SWSS CUBE Lineside License +SWSS CUBE Media Proxy License +SWSS
1 Session (CUBE-T-STD)
1 Session (CUBE-L-STD) 1 Forked Session (CUBE-MP-
CUBE Redundant Trunk License
1 Session (CUBE-T-RED)
+SWSS RED)
Upgrade to Redundant Trunk License
+SWSS
1 Session (CUBE-T-RED-UP)
Cisco Software Support Service (SWSS) is required for a minimum of 12 months when purchasing
CUBE session license(s).
SWSS provides access to software maintenance, updates, upgrades, and technical support
Note: Platform technology licenses are required to enable CUBE functionality. See later slide.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Cisco Unified Border Element (CUBE)
Lineside
Third Party Call Control • CUBE Lineside features compliment
in SP Cloud hosted call control solutions with:
New
Offer • SIP proxy registration of IP phones
(Cisco MPP or 3rd party).
PE-SBC
• Service continuity should the hosted
service become unavailable.
Business
Internet
Lineside Note: Lineside licenses do not entitle use of
Connection Certified
demarcation
trunk features.
CUBE Lineside
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Cisco Unified Border Element (CUBE)
Media Proxy
• Standalone application that extends CUBE trunk session
forking to allow a call to be replicated up to five times
New
for media recording redundancy & load balancing and Offer
call analytics.
• Supports Mandatory and Optional recorder policy
• Mandatory: Media proxy tries to fork to the mandatory Recording
recorder first. Forking to the remaining recorders will only Server 1
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
The Road To Smart Licensing
IOS XE IOS XE IOS XE IOS XE
16.6 to 16.9 16.10 16.11 to 17.1 17.2 to 17.3
• *From IOS XE 16.11 Smart License offers are required for all CUBE features.
Trunk license usage only is reported to CSSM at this time.
• CSR1000v (Virtual Router running vCUBE)#CiscoLive
requires Smart Licensing
DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
License Reporting
• License consumption reporting in IOS XE releases 16.11, 16.12 and 17.1 are manually
configured using the mode border-element license capacity
command.
• With these releases, license capacity reporting is both static and optional
• CUBE platforms must be registered to the Smart Licensing server, even if license
capacity is not configured. Call processing will be shut down if a device is not
registered and the evaluation period has expired.
• Call processing will not be limited if the number of sessions exceeds the license
capacity configuration, nor if the license request is ‘out of compliance’.
• Some of the scenarios in the following slides describe license pooling. To ensure that
the correct number of licenses are consumed from the virtual account, it is suggested
that the average number of licenses required is configured on each device. The
“Configured for” information provides guidance on how to configure this.
• Starting IOS XE release 17.2.1, license use is calculated dynamically and the license
capacity option has been deprecated.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
CUBE Version 12.x
Deployment Examples / Smart
Licensing Scenarios
Session quantities in the following example scenarios
are provided for illustration purposes only.
Refer to CUBE performance documentation when
selecting an appropriate platform to meet required
call processing loads.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Customer Deployment Scenario 1a
Separate Deployments
• Two active CUBEs in separate locations Location 1
• No Box to Box redundancy (Redundancy Group HA)
Configured for
50 licenses
Active
• No load balancing 50 Calls
• Each location processes up to 50 sessions at any time.
License Requirement:
• 100 x CUBE-T-STD Location 2
Configured for
• CUBE platforms may register to:
50 licenses
Active
• The same Virtual Account holding a common pool of 100 licenses 50 Calls
• Different Virtual Accounts, each with 50 licenses
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Customer Deployment Scenario 1b
Separate Deployments Location 1
• Two active CUBEs in the same location
• No Box to Box redundancy (Redundancy Group HA)
Configured for
50 licenses
Active
• No load balancing 50 Calls
• Each CUBE processes up to 50 sessions at any time.
License Requirement:
• 100 x CUBE-T-STD
Configured for
• CUBE platforms may register to:
50 licenses
Active
• The same Virtual Account holding a common pool of 100 licenses 50 Calls
• Different Virtual Accounts, each with 50 licenses
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Customer Deployment Scenario 2a
Geographic (Active-Active) Load Balancing
• Two active CUBEs in separate locations Location 1
• No Box to Box redundancy (Redundancy Group HA)
Configured for
100 licenses
• Load balancing provided by SP or with CUSP
• Total call load across both locations up to 200 Active
Configured for
• 200 x CUBE-T-STD
100 licenses
• CUBE platforms register to the same Virtual Account
holding a common pool of licenses Active
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Customer Deployment Scenario 2b
Active-Active Load Balancing within a location Location 1
• Two active CUBEs in the same location
Configured for
100 licenses
• No Box to Box redundancy (Redundancy Group HA)
• Load balancing provided by SP or with CUSP
Active
• Total call load across both CUBEs up to 200
concurrent sessions. 200 Calls
License Requirement:
Configured for
100 licenses
• 200 x CUBE-T-STD
• CUBE platforms register to the same Virtual Account
holding a common pool of licenses Active
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Customer Deployment Scenario 3
Box to Box High Availability (HA) with Call
Location 1
Preservation
• Active and Standby CUBEs in HA Redundancy Group
Configured for
250 licenses
(RG)
• Both CUBEs must be in the same layer 2 network 250 Calls
Active
• Total call load up to 250 concurrent sessions.
Stateful
License Requirement:
Standby
• 250 x CUBE-T-RED
Configured for
250 licenses
• Both CUBE platforms register to the same Virtual
Account holding a common pool of licenses
• Only the active CUBE reports license usage
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Customer Deployment Scenario 4a Location 1
Configured for
300 licenses
Box to Box High Availability with Call Preservation within a
location and geographic load balancing across locations
Active
• One pair of High Availability CUBEs in RG at each site
Stateful
HA Pair 1
• Geographic load balancing provided by SP or with CUSP Standby
• Total call load up to 600 concurrent sessions across locations
Configured for
300 licenses
• If an active CUBE fails, stateful failover of local load to
standby
• If location 1 fails, all associated calls fail. Total load serviced 600 Calls Location 2
by active CUBE at site 2
Configured for
300 licenses
License Requirement:
• 600 x CUBE-T-RED Active
Stateful
• All CUBE platforms register to the same Virtual Account HA Pair 1
holding a common pool of licenses Standby
Configured for
300 licenses
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Customer Deployment Scenario 4b Location 1
Configured for
300 licenses
Box to Box High Availability with Call Preservation and
load balancing within a location
Active
• Two pairs of High Availability CUBEs in separate RGs at
Stateful
HA Pair 1
the same site
Standby
• Load balancing across HA pairs provided by SP or with
Configured for
300 licenses
CUSP
• Total call load for location up to 600 concurrent sessions
• If an active CUBE fails, stateful failover of local load to 600 Calls
standby
Configured for
300 licenses
• If HA pair 1 fails, all associated calls fail. Total load
serviced by active CUBE in HA pair 2
Active
Stateful
License Requirement: HA Pair 1
• 600 x CUBE-T-RED Standby
• All CUBE platforms register to the same Virtual Account
Configured for
300 licenses
holding a common pool of licenses
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Customer Deployment Scenario 4c Primary Site
Configured for
250 licenses
location with load transfer to minimal, virtualized DR site
• One pair of High Availability CUBEs in RG at primary site processing all Active
Stateful
calls during normal operation HA Pair 1
• If the active CUBE fails, stateful failover of load to standby at primary site
500 Calls Standby
• Traffic rerouted to Disaster Recovery site by SP on complete failure of
Configured for
250 licenses
primary site
• Total call load up to 500 concurrent sessions
License Requirement: DR Site
• 500 x CUBE-T-RED
Configured for
250 licenses
• All CUBE platforms register to the same Virtual Account holding a
common pool of licenses
Active
• Active CUBEs report license usage
• Redundant licenses cover standard license requirement from DR site.
Smart Account will show license borrowing of 250 STD licenses from the
RED pool.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Customer Deployment Scenario 5
ASR1006/1006-x
Inbox Hardware or Software Redundancy
Hardware Redundancy
• Stateful Switchover (SSO): ASR1006 with dual route
processors (control plane) and dual ESPs (forwarding plane)
• Route Processor Redundancy (RPR): ASR1001/2/4 with
software redundancy Dual Forwarding Plane Hardware
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Customer Deployment Scenario 6
Lineside registration proxy and survivability Third Party Call Control in SP Hosted
Cloud
SIP
• A customer using a cloud call control service uses Service
CUBE for lineside optimization and survivability. Cloud-based
PE-SBC call control
• A CUBE platform is deployed at four customer sites.
• Each site has 25 handsets that register to the cloud Business
service. Internet
License Requirement:
A Lineside CUBE at each of the 4 locations
• 100 x CUBE-L-STD
• All CUBE platforms register to the same Virtual
Account holding a common pool of licenses
25 handsets at each of the 4 locations
• Note: CUBE line side license use is not currently
reported to CSSM.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
CUBE Version 12.x
License Migration
Classic CUBE (RTU) to CUBE Smart
Licenses
Migration Overview
• The following scenarios describe the valid migration paths to CUBE Session
Smart Licenses for customers that have purchased Classic CUBE Right To
Use (RTU) Session Licenses in the past.
• Take the time to understand each CUBE licensing migration case to set
expectations accordingly.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
CUBE Migration Case A:
Legacy Platforms with Classic RTU Licenses
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
CUBE Migration Case B:
Current Platforms with Classic RTU Licenses
Platform ISR4000, ASR1001-X, ASR1002-X, ASR1004(RP2), ASR1006(RP2), CSR1000V
Licenses From: CUBE Classic Right To Use (RTU) Session Licenses
To: CUBE Version 12 Smart Session Licenses with SWSS
Migration • Classic RTU session licenses are intended to provide perpetual entitlement for the
hardware platform for which they were purchased.
• Customers wishing to use software beyond IOS-XE version 16.9.x may apply to purchase
replacement CUBE version 12 session licenses as follows:
a) The same or more RTU session licenses must have been purchased since 1 Oct
2014.
b) Sales Order details for RTU purchases must be provided.
c) At least 12 months SWSS must be purchased at standard customer discount for all
CUBE session licenses ordered.
A discount of up to 100% on CUBE license PIDs will be supported through a DSA if
conditions a, b and c are met and documented in the deal request.
Notes The migration offer detailed above will remain available until the End of Sale of CUBE Version 12
licenses (early 2021). Thereafter, standard discounts will apply for the purchase of all CUBE licenses and
support. Customers may continue to use#CiscoLive
CUBE 12.1DGTL-BRKCOL-2125
(IOS XE 16.9.x) ©with Classic RTU session licenses.
2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
CUBE Migration Case C:
Cisco ONE RTU licenses
Platform All Cisco ONE™ Compatible Platforms
Licenses From: Cisco ONE Classic Right to Use (RTU) CUBE Session Licenses
To: CUBE Version 12 Smart Session Licenses with SWSS
Migration • Cisco ONE CUBE session licenses (C1-CUBE*) provide RTU entitlement for their
associated platform.
• If covered by an active Cisco ONE SWSS contract, licenses may be transferred to any
compatible Cisco ONE licensed platform.
• Cisco ONE SWSS provides entitlement to router software upgrades.
• With Active Cisco ONE SWSS Contract Coverage, customers:
a) Migrate to Smart enabled CUBE Version 12 session licenses (MIG-CUBE-C1-STD
& MIG-CUBE-C1-RED) using My Cisco Enhancements (MCE)
b) Renew support with Collaboration SWSS for CUBE session licenses
• Without Active Cisco ONE SWSS Contract Coverage, refer to Case A or B. This
includes all ‘free’ CUBE licenses included with C1 bundles.
Notes Customers with an active Cisco ONE SWSS contract are encouraged to update their CUBE Cisco ONE
RTU licenses to Smart as soon as possible and not wait for their contract to expire.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Migration Offers for CUBE Licenses
CiscoONE CiscoONE RTU RTU
Licenses Licenses Licenses Licenses
without with SWSS and EoS and
SWSS Platform Current
Platform
No migration
No migration No Migration
Use PUT to 100% license
New licenses New licenses
purchase $0 discount when
required with required with
migration SKUs purchased with
SWSS SWSS
SWSS
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
CUBE Architecture
Physical vs Virtual
Virtual CUBE (CUBE on CSR 1000v)
Architecture
• CSR (Cloud Services Router) 1000v runs on a Hypervisor – IOS XE without
the router
ESXi Container
Virtual CPU Memory Flash / Disk Console Mgmt ENET Ethernet NICs
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Applicable Roadmap [Subject to Change]
• March 2021– IOS-XE 17.5.1
• CUBE support in AWS / Azure
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Agenda
• CUBE Overview, Deployments, and SIP Trunk Sizing
• CUBE Licensing Updates
• CUBE Architecture (Physical & Virtual)
• Transitioning to SIP Trunking using CUBE
• Advanced features on CUBE (Call Routing, Multi-Tenancy)
• Call Recording & Intro to CUBE Media Proxy
• Securing Collab deployments with CUBE
• Futures & Key Takeaways
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Step 1:
Configure CUCM to route calls to the edge SBC
SIP Trunk Pointing to CUBE
Standby
CUBE
A
Active IP PSTN
CUBE
Enterprise CUBE with High
Campus Availability
MPLS
• Configure CUCM to route all PSTN calls
PSTN is now
(central and branch) to CUBE (Gig0/0 in
used only for
ourSRST
slides) via a SIP trunk emergency
calls over
FXO lines
• Make sure all different patterns of calls –
local, long
CME distance, international,
10.10.1.20
66.77.37.2
10.10.1.21 128.107.214.195
• LAN Dial-Peers – Dial-peers that are facing towards the IP PBX for sending and receiving call legs
to and from the PBX. Always bind LAN interface(s) on CUBE to LAN dial-peers, ensuring SIP/RTP is
sourced from the intended LAN interfaces(s)
• WAN Dial-Peers – Dial-peers that are facing towards the SIP Trunk provider for sending and
receiving call legs to and from the ITSP. Always bind CUBE’s WAN interface(s) to WAN dial-peer(s).
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
OPUS codec support on CUBE
OPUS codec support on CUBE [IOS-XE 17.3.1]
• Opus Codec is supported for both secure and non-secure calls
• RTP-to-RTP, SRTP-to-SRTP, SRTP-to-RTP, and RTP-to-SRTP.
• Opus codec defines the optional media format (fmtp) parameters in a call under
codec profile:
• maxaveragebitrate
• maxplaybackrate
• Stereo
• sprop-maxcapturerate
• sprop-stereo
• Usedtx
• useinbandfec
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
OPUS codec considerations
• Transcoding and Transrating with OPUS is not supported on CUBE
• If the received SDP has multiple fmtp lines, then only the first fmtp line is passed in the
outbound INVITE.
• Media recording isn’t supported with Extended Media Forking (XMF) [CUCM Network
based recording Gateway Preferred]
• SIPREC is supported
• RTP payload-type [opus number] — under dial-peer configuration mode to support OPUS
as supported codec.
• From IOS-XE 17.3.1, the default payload type for opus is reserved to 114. Previously 114 was
reserved for cisco-codec-aacld, which has now been moved to 112. Beginning IOS-XE 17.3.1, default
payload type for cisco-codec-aacld is 112
• Codec profile configuration is not mandatory unless in a DO-EO call. Since CUBE is the
offeror in a DO-EO call, it will make use of FMTP parameters from the profile.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
OPUS Configurations
Dial-peer level configuration:
CUBE(config)#dial-peer voice 786 voip
CUBE(config-dial-peer)#codec opus profile 2
CUBE(config-dial-peer)#rtp payload-type opus 114 (default value is 114)
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Applicable Roadmap [Subject to Change]
• Nov 2020 – IOS-XE 17.4.1
• Codec Reordering with Voice class codec priority list, i.e.,
rewrite codec list for EO-EO sessions according to VCC priority
list, ignoring incoming SDP’s codec order
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
SIP Normalization
SIP profiles is a mechanism to normalize or customize SIP at the
network border to provide interop between incompatible devices
SIP incompatibilities arise due to: Add user=phone for INVITEs
• A device rejecting an unknown header (value or Incoming Outgoing
parameter) instead of ignoring it CUBE
INVITE INVITE
sip:[email protected]:5060 sip:[email protected]:5060
• A device expecting an optional header SIP/2.0 user=phone SIP/2.0
value/parameter or can be implemented in multiple
voice class sip-profiles 100
ways rule 1 request INVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
rule 2 request REINVITE sip-header SIP-Req-URI modify "; SIP/2.0" ";user=phone SIP/2.0"
• A device sending a value/parameter that must be
changed or suppressed (“normalised”) before it Modify a “sip:” URI to a “tel:” URI in INVITEs
leaves/enters the enterprise to comply with policies
Incoming Outgoing
• Variations in the SIP standards of how to achieve CUBE
INVITE INVITE
certain functions sip:[email protected]:5060 tel:2222000020
SIP/2.0 SIP/2.0
• With CUBE 10.0.1 SIP Profiles can be voice class sip-profiles 100
rule 10 request INVITE sip-header SIP-Req-URI modify "sip:(.*)@[^ ]+" "tel:\1"
applied to inbound SIP messages as rule 20 request INVITE sip-header From modify "<sip:(.*)@.*>" "<tel:\1>"
rule 30 request INVITE sip-header To modify "<sip:(.*)@.*>" "<tel:\1>"
well
More information at http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-border-element/118825-technote-sip-00.html
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Applicable Roadmap [Subject to Change]
• Nov 2020 – IOS-XE 17.4.1
• Conditional SIP Header modification, i.e. apply SIP profile if a
certain condition(s) is/are met. E.g., remove diversion header if
content in diversion header contains 41 but NOT no-answer
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Agenda
• CUBE Overview, Deployments, and SIP Trunk Sizing
• CUBE Licensing Updates
• CUBE Architecture (Physical & Virtual)
• Transitioning to SIP Trunking using CUBE
• Advanced features on CUBE (Call Routing, Multi-Tenancy)
• Call Recording & Intro to CUBE Media Proxy
• Securing Collab deployments with CUBE
• Futures & Key Takeaways
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
CUBE Dial-Peers
Advanced Call Routing
dial-peer voice 100 voip dial-peer voice 201 voip
description *Inbound LAN dial-peer. From CUCM to CUBE* description *Outbound WAN dial-peer. From CUBE to SP*
session protocol sipv2 destination-pattern 81[2-9]..[2-9]......$
incoming called-number 8T session protocol sipv2
voice-class sip bind control source-interface Gig0/0 session target ipv4:10.1.40.11
voice-class sip bind media source-interface Gig0/0 session transport udp
dtmf-relay rtp-nte voice-class sip bind control source-interface Gig0/1
codec g711ulaw voice-class sip bind media source-interface Gig0/1
no vad dtmf-relay rtp-nte
codec g711ulaw
no vad
Inbound LAN Dial-Peer Outbound WAN Dial-Peer
Outbound Calls
A
CUCM SIP Trunk ITSP SIP Trunk
G0/0 CUBE G0/1
198.18.133.3 10.1.40.11
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Pre IOS-XE 17.3.1 behavior output
• Live-bind of interface at dial-peer level: Interface has live calls using a different
dial-peer and trying to bind the same interface on a new dial-peer
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
IOS-XE 17.3.1 behavior output
• Live-bind of interface at dial-peer level: Interface has live calls using a
different dial-peer and trying to bind the same interface on a new dial-
peer
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Bind all CLI at the dial-peer level
• Bind all CLI was present only at the Global and the Tenant levels
Prior to IOS-XE 17.3.1
CUBE(config-dial-peer)#voice-class sip bind ?
control bind only SIP control packets
media bind only SIP media packets
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Understanding Inbound Dial-Peer Matching Techniques
Priority
Inbound LAN Dial-Peer Outbound Calls
Exact Pattern
Match Based on URI match A CUCM SIP Trunk SP SIP Trunk
IP
1 of an incoming PSTN
Host Name/IP CUBE
INVITE message Address Inbound Calls
Inbound WAN Dial-Peer
User portion of
2 Match based on URI Received:
Called Number Phone-number of INVITE sip:[email protected] SIP/2.0
tel-uri Via: SIP/2.0/UDP 10.1.1.1:5060;x-route-
3 Match based on tag="cid:[email protected]";;branch=z9hG4bK-23955-1-0
From: "555" <sip:[email protected]:5060>;tag=1
Calling number To: ABC <sip:[email protected]:5060>
Call-ID: [email protected]
4 Default Dial-Peer 0 CSeq: 1 INVITE
Contact: sip:[email protected]:5060
Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Outbound Dial-Peer Matching Criteria Summary
Priority Outbound WAN Dial-Peer
Outbound Calls
Match Based on DPG,
0 DPPP, COR/LPCOR if A CUCM SIP Trunk SP SIP Trunk
IP
configured CUBE PSTN
Exact Pattern match Outbound LAN Inbound Calls
Dial-Peer
Match Based on URI Host Name/IP Received:
of incoming INVITE Address
INVITE sip:[email protected] SIP/2.0
1 Via: SIP/2.0/UDP 10.1.1.1:5060;x-route-
message User portion of URI tag="cid:[email protected]";;branch=z9hG4bK-23955-1-0
From: "555" <sip:[email protected]:5060>;tag=1
Phone-number of To: ABC <sip:[email protected]:5060>
tel-uri Call-ID: [email protected]
CSeq: 1 INVITE
Match based on Contact: sip:[email protected]:5060
2 Called Number Supported: timer
Max-Forwards: 70
Subject: BRKUCC-2934 Session
Content-Type: application/sdp
Content-Length: 226
........
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Destination Server Group
• Supports multiple destinations (session targets) be defined in a group and
applied to a single outbound dial-peer
• Once an outbound dial-peer is selected to route an outgoing call, multiple
destinations within a server group will be sorted in either round robin or
preference [default] order
• This reduces the need to configure multiple dial-peers with the same
capabilities but different destinations. E.g. Multiple subscribers in a cluster
voice class server-group 1 dial-peer voice 100 voip
hunt-scheme {preference | round-robin} description Outbound DP
ipv4 1.1.1.1 preference 5 destination-pattern 1234
ipv4 2.2.2.2 session protocol sipv2
ipv4 3.3.3.3 port 5065 preference 3 codec g711ulaw
ipv6 2010:AB8:0:2::1 port 5065 preference 3 dtmf-relay rtp-nte
ipv6 2010:AB8:0:2::2
session server-group 1
* DNS target not supported in server group #CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Applicable Roadmap [Subject to Change]
• July 2020 – IOS-XE 17.3.1
• Server Groups will offer huntstop based on configurable SIP
response codes (e.g. 404) to prevent hunting to the next entry
within the server group along with the dial-peer
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Multiple Number Patterns Under Same
Incoming/Outgoing Dial-peer
voice class e164-pattern-map 300
e164 200. Up to 1000 entries in
e164 510100100. a pattern map
Site A 2000
e164 408100100.
Site B (510)100-1000 dial-peer voice 1 voip
description Inbound DP via Calling
Site C (408)100-1000 incoming calling e164-pattern-map 300
codec g729r8
G729 Sites
A SIP Trunk SP SIP Trunk IP PSTN
CUBE
Up to 5000 entries in a text file
Site A (919)200-2010 voice class e164-pattern-map 400 ! This is an example of the contents of
E164 patterns text file stored in
url flash:e164-pattern-map.cfg flash:e164-pattern-map.cfg
Site B (510)100-1010
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
External/PSTN Call
Recording
External/PSTN Call Recording Options
• CUBE Controlled (Dial-peer based SIPREC)
• SIPREC based, CUBE sends metadata in XML format
• Dial-peer controlled, IP-PBX independent
• Source of recorded media (RTP only) is always CUBE (External calls only).
• Records both audio and video calls and supported with CUBE HA
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
CUBE Media Proxy
Existing Recording Architectures
• Current recording architectures allow only one fork from each leg (in-
leg/out-leg) to only one recorder
• No support for forking secure RTP stream
• MiFiD II Compliance requirements:
• Support for more than one recorders
• High Availability (Redundancy)
• Secure forking
• Call scenarios support
• External calls (inbound/outbound from/to ITSP, PSTN calls)
• Internal calls (on-prem calls)
• Contact center
• Common Metadata
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
CUBE Media Proxy: Overview
• Media proxy is based on CUBE architecture
• Supports the same ISR 4Ks, ASR1Ks, CSR1K on which CUBE is supported today
• Call Recording mechanism (triggers) is CUCM NBR based (GW based and Phone
BiB)
• Media proxy is designed to fork media to multiple recorders i.e. multiple forked
legs, and supports up to 5 recorders
• CUBE Media Proxy High Availability is also supported
• CUSP (Optional) supports Media proxy with recorder redundancy and load
balancing
• Secured forking (SRTP – SRTP) for Phone Based (BiB) recording
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
CUCM NBR GW forking to Media Proxy
Recorder1
6
RTP
Recorder2
Media Proxy
RTP
5
Speech Analytics
1 SIP
CUBE RTP
2 0. CUCM registers to CUBE as an external XMF Application (using UC GW services API – CUCM NBR)
1,2. Initial call setups via CUBE-Ent
3. CUCM sets up SIP (recording) session with CUBE Media Proxy (offer/answer) with dummy port
4. MP destination IP/port obtained in Step-3 relayed by CUCM to CUBE via XMF API interface (HTTP)
5. CUBE-Ent starts to fork media streams to the MP (target ip/port received in Step-4). MP accepts RTP because of Media latching in
the inbound leg from CUCM
6. MP sets up SIP recording sessions with the 3 Recorders for multi-fork.
The ingress media stream from CUBE-Ent is then multi-forked by MP towards the 3 recorders simultaneously using the destination
ip/ports as negotiated in the SIP offer/answer
#CiscoLive b/w MP and the Recorders. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
DGTL-BRKCOL-2125 113
CUBE Media Proxy: Design requirements
• Video call Recording is not supported today
• Secure media (SRTP) forking of non-secure calls is not supported
• CUBE Media Proxy and CUBE cannot be co-located
• Mid-call signaling updates from Recorders are not supported
• Early offer from CUCM to Media Proxy is required
• No support for SRTP fallback
• Media Proxy sends metadata to the recorders (FROM header)
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
SIPREC Based Media Proxy
Recorder1
RTP
Media Proxy Recorder2
XML Metadata
RTP 3
SIP
Speech Analytics
1 SIP
CUBE RTP
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
CUBE Media Proxy
Capacities and Licensing
Media Proxy: Capacity for Various Platforms (IOS-XE 16.12+)
Platform Max IPT (CUBE Media Proxy Capacity)
Calls Number of Recorders
One Two Three Four Five
1100 (Default DRAM) / 4321 (4GB) 500 350
4331 (4GB) 1000 700
4351 (4 GB) 2000 900
4431 (8 GB - CP) 3000 1000
4451 (8 GB - CP) 6000 3000
4461 (8 GB – CP) [IOS 17.2.1] 10000 4000
CSR1Kv – 1 vCPU1 (4 GB) 1000 90
CSR1Kv - 2 vCPU1 (4 GB) 3000 1100
CSR1Kv - 4 vCPU1 (8 GB) 6000 TBD
1002-X (16 GB) 14000 4500
1004/6/6-X RP2/ESP40 (16 GB) 16000 4500
#CiscoLive BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Customer Deployment Scenario 7
Media Proxy:
• A media proxy platform used to fork calls to 3 Location 1
recording servers.
150 Recordings
• Total concurrent call load is 50 calls.
License Requirement:
• 150 x CUBE-MP-RED Media Proxy
Active
• Only redundant licenses are available for 50 Calls
Media Proxy
• Note: Media Proxy license use is not currently
reported to CSSM.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Customer Deployment Scenario 8
Media Proxy:
• Active and Standby CUBE Media Proxies in HA
Redundancy Group (RG)
• Both Media Proxies must be in the same layer 2 Location 1
network
450 Recordings
• Total call load for HA pair 150 calls, each forked 3
times. Media Proxy
Stateful
Active
HA Pair 1
calls to standby
Standby
License Requirement:
• 450 x CUBE-MP-RED 150 Calls
Media Proxy
• Both Media Proxy platforms register to the same
Virtual Account holding a common pool of
licenses
• Note: Media Proxy license use is not currently
reported to CSSM.
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Customer Deployment Scenario 9
Media Proxy:
• A media proxy platform used to fork calls to 3
recording servers. Location 1
• Total concurrent call load is 50 calls from CUBE
150 Recordings
triggered using CUCM NBR
License Requirement:
• 150 x CUBE-MP-RED for Media Proxy Media Proxy
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Securing Collab
deployments with CUBE
Secure SIP Trunks with CUBE
LAN WAN
Gig0/0/0 Gig0/0/1
SIP TLS TCP/UDP SP IP
RTP Network
SRTP CUBE
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
IOS-XE 16.11.1 or later Security Readiness changes
• For IOS-XE 16.11.1 or later, a master key must be pre-configured for passwords
before it can used in authentication, credentials and/or shared-secret CLIs
• Type 6 passwords are encrypted using AES cipher and user defined master key
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
IOS-XE 16.11.1+ Security Configuration Requirement
LocalGateway#conf t
LocalGateway(config)#key
config-key password-encrypt Password123
LocalGateway(config)#password encryption aes
• If master key is not pre-configured, there will be an error shown when the password is
configured
LocalGateway(config-sip-ua)#authentication username ali password 0 hussain123
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
IOS-XE 16.11.1 Security Configuration Requirement
• Dial-peer, SIP-UA, Tenants, and STUN authentication credentials/shared secrets will use
the new Secure reversible encryption Type 6 AES format password
• The encryption type 7 is supported in IOS XE Release 16.11.1a, but will be deprecated in
the later releases
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Agenda
• CUBE Overview, Deployments, and SIP Trunk Sizing
• CUBE Licensing Updates
• CUBE Architecture (Physical & Virtual)
• Transitioning to SIP Trunking using CUBE
• Advanced features on CUBE (Call Routing, Multi-Tenancy)
• Call Recording & Intro to CUBE Media Proxy
• Securing Collab deployments with CUBE
• Futures & Key Takeaways
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
CUBE Resources
CUBE Resources
▪ CUBE is now a Microsoft certified SBC for Direct Routing along with E911 solution partners
https://docs.microsoft.com/en-us/microsoftteams/direct-routing-border-controllers
▪ Configuration application note avalable at
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/interoperability-portal/direct-
routing-with-cube.pdf
▪ CUBE Box
o https://cisco.box.com/CUBE-Enterprise (requires requesting access via ask-
[email protected], include your box.com account’s email ID)
▪ Webex Calling LGW Box – https://cisco.box.com/WebexCalling
▪ CUBE Performance and Sizing
▪ Webex Calling Deployment Guide – https://help.webex.com
▪ Dcloud Labs
o Enabling Webex Calling
o SIP Trunking with CUBE
o Microsoft Teams Direct Routing with CUBE (future)
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
CUBE Roadmap
CUBE Roadmap [Subject to Change]
• Starting IOS-XE 17.3.1, 100 VRFs are now supported on CUBE vs 54 in prior releases
• DNS Aware Trust list [CY2021]
• Microsoft Teams Direct Routing with Media Bypass enabled [2H CY2020]
• Microsoft Teams Direct Routing to UCM [2H CY2020]
• Programmability (CUBE Yang modelling) [CY2021]
• vCUBE Support in AWS/Azure [1H CY2021]
• Webex Contact Center integration [2H CY2020]
• Integration with Cloud Speech services (Voicea, Google Answers, etc) [CY2021]
• Cloud Connected UC integration [CY2021]
• H.323 deprecation for CUBE [CY 2021]
#CiscoLive DGTL-BRKCOL-2125 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
Thank you
#CiscoLive
#CiscoLive