Chapter 3. Initial Configuration Settings on the Cisco Expressway
This chapter covers the following topics:
H.323 Settings: This topic will explain the H.323 settings for the Cisco Expressway.
SIP and Domain Settings: This topic will explain how to apply required SIP and Domain settings for the Cisco Expressway.
Describe Protocol Interworking on the Cisco Expressway: This topic will focus on interworking of H.323 and SIP signaling protocols via the Cisco Expressway.
Verifying Registration on Cisco Expressway: This topic will spotlight the registration process and verification of registration to the Cisco Expressway.
This chapter covers the following objectives from the Implementing Cisco Collaboration Cloud and Edge Solutions (CLCEI) exam 300-820:
1.4 Describe protocol interworking on the Expressway
1.4.a SIP < > H.323
1.4.b IPv4 and IPv6
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 3-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”
Table 3-1 ”Do I Know This Already?” Section-to-Question Mapping
Caution
The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.
1. Registration, Admission and Status (RAS), which is used between an H.323 endpoint and a Gatekeeper to provide address resolution and admission control services, uses which ITU-T recommendation?
a. H.320
b. H.225
c. H.245
d. H.264
2. Which of the following is considered a SIP URI? (Choose Three.)
a. username@domain
b. 123username
c. username @domain.com
d. 8088675309
e. +18088675309
3. Which of the following is NOT an interworking mode on the Cisco Expressway?
a. Off
b. On
c. Registered only
d. Gateway
4. Calls that utilize the interworking functionality, are considered what type of call?
a. Registered
b. Rich Media Sessions (RMS)
c. B2B
d. Audio-only
5. When registering an endpoint to the Cisco Expressway, what functions are the devices registering to? (Choose two.)
a. SIP Registrar
b. SIP AOR
c. H.323 Gateway
d. H.323 Gatekeeper
e. H.320 Gatekeeper
6. Which of the following alias is able to register to the Cisco Expressway (Choose three.)?
a. H.323 ID
b. SIP ZRTP
c. E.164 Number
d. SIP URI
e. H.320 URI
Foundation Topics
H.323 Settings
As we move into the essential functions of the Cisco Expressway, we begin with the multimedia communications over the packet-based network. Deriving from the ITU Telecommunication Standardization Sector (ITU-T) H.320 that was utilized over ISDN based networks, H.323 was published by the ITU in November 1996 with an emphasis of enabling videoconferencing capabilities over a local area network (LAN), but was quickly adopted by the industry as a means of transmitting voice communication over a variety of IP networks, including WANs and the Internet. H.323 also provides a framework that uses others to describe the actual protocol:
H.225.0 - Registration, Admission and Status (RAS), which is used between an H.323 endpoint and a Gatekeeper to provide address resolution and admission control services
H.225.0 - Call Signaling, which is used between any two H.323 entities in order to establish communication based on Q.931
H.245 - control protocol for multimedia communication, describes the messages and procedures used for capability exchange, opening and closing logical channels for audio, video and data, control and indications
RTP/RTCP - sending or receiving multimedia information (voice, video, or text) between any two entities
The Cisco Expressway supports the H.323 protocol and it is also an H.323 gatekeeper. As an H.323 gatekeeper, the Expressway accepts registrations from H.323 endpoints and provides call control functions such as address translation and admission control. For an endpoint to use the Expressway as its H.323 gatekeeper or SIP registrar, the endpoint must first register with the Expressway.
To enable the Expressway as an H.323 gatekeeper, ensure that H.323 mode is set to On (Configuration > Protocols > H.323) as seen in Figure 3-1. This is a powerful selection that will enable or disable functionality of the Cisco Expressway as a H.323 gatekeeper.
Figure 3-1 H.323 mode
There are two ways an H.323 endpoint can locate an Expressway with which to register: manually or automatically. The option is configured on the endpoint itself under the Gatekeeper Discovery setting
If the mode is set to automatic, the endpoint will try to register with any Expressway it can find. It does this by sending out a Gatekeeper Discovery Request, to which eligible Expressways will respond.
If the mode is set to manual, you must specify the IP address or the FQDN of the Expressway with which you want your endpoint to register, and the endpoint will attempt to register with that Expressway only.
You can prevent H.323 endpoints being able to register automatically with the Expressway by disabling Auto Discovery on the Expressway (Configuration > Protocols > H.323).
While we are on the Configuration > Protocols > H.323 page, we can also configure the H.323 settings on the Expressway to fit your organization by utilizing Table 3-2 as reference.
Table 3-2 H.323 Settings
SIP and Domain Settings
Session Initiation Protocol (SIP) is an ASCII-based, application-layer control protocol that can be used to establish, maintain, and terminate calls between two or more endpoints. SIP is an alternative protocol developed by the Internet Engineering Task Force (IETF) for multimedia conferencing over IP. SIP features are compliant with IETF RFC 2543, SIP: Session Initiation Protocol, published in March 1999. The Cisco SIP implementation enables supported Cisco platforms to signal the setup of voice and multimedia calls over IP networks. SIP can be carried by several transport layer protocols including Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). SIP clients typically use TCP or UDP on port numbers 5060 or 5061 for SIP traffic to servers and other endpoints. Port 5060 is commonly used for non-encrypted signaling traffic whereas port 5061 is typically used for traffic encrypted with Transport Layer Security (TLS). Normally SIP over UDP is not recommended because SIP messages for video systems are too large to be carried on a packet based (rather than stream based) transport.
Like other VoIP protocols, SIP is designed to address the functions of signaling and session management within a packet telephony network. Signaling allows call information to be carried across network boundaries. Session management provides the ability to control the attributes of an end-to-end call.
The Cisco Expressway supports the SIP protocol. It can act as a SIP registrar, SIP proxy and as a SIP Presence Server. Expressway can also provide interworking between SIP and H.323, translating between the two protocols to enable endpoints that only support one of the protocols to call each other.
To support SIP:
SIP mode must be enabled.
At least one of the SIP transport protocols (UDP, TCP or TLS) must be active. Note that the use of UDP is not recommended for video as SIP message sizes are frequently larger than a single UDP packet.
For a SIP endpoint to be contactable via its alias, it must register its Address of Record (AOR) and its location with a SIP registrar. The SIP registrar maintains a record of the endpoint’s details against the endpoint’s AOR. The AOR is the alias through which the endpoint can be contacted; it is a SIP URI and always takes the form username@domain.
When a call is received for that AOR, the SIP registrar refers to the record to find its corresponding endpoint. (Note that the same AOR can be used by more than one SIP endpoint at the same time, although to ensure that all endpoints are found they must all register with the same Expressway or Expressway cluster.)
A SIP registrar only accepts registrations for domains for which it is authoritative. The Expressway can act as a SIP registrar for up to 200 domains. To make the Expressway act as a SIP registrar, you must configure it with the SIP domains for which it will be authoritative. It will then handle registration requests for any endpoints attempting to register against that domain. Note that the Expressway will also accept registration requests where the domain portion of the AOR is either the FQDN or the IP address of the Expressway. Whether or not the Expressway accepts a registration request depends on its registration control settings.
In a Unified Communications deployment, endpoint registration for SIP devices may be provided by Cisco Unified Communication Manager (UCM). In this scenario, the Expressway provides secure firewall traversal and line-side support for Unified CM registrations. When configuring a domain, you can select whether Cisco Unified Communications Manager or Expressway provides registration and provisioning services for the domain.
There are two ways a SIP endpoint can locate a registrar with which to register: manually or automatically. The option is configured on the endpoint itself under the SIP Server Discovery option (consult your endpoint user guide for how to access this setting; it may also be referred to as Proxy Discovery).
If the Server Discovery mode is set to automatic, the endpoint will send a REGISTER message to the SIP server that is authoritative for the domain with which the endpoint is attempting to register. For example, if an endpoint is attempting to register with a URI of [email protected], the request will be sent to the registrar authoritative for the domain example.com. The endpoint can discover the appropriate server through a variety of methods including DHCP, DNS or provisioning, depending upon how the video communications network has been implemented.
If the Server Discovery mode is set to manual, the user must specify the IP address or FQDN of the registrar (Expressway or Expressway cluster) with which they want to register, and the endpoint will attempt to register with that registrar only.
The Expressway is a SIP Server and a SIP registrar:
If an endpoint is registered to the Expressway, the Expressway will be able to forward inbound calls to that endpoint.
If the Expressway is not configured with any SIP domains, the Expressway will act as a SIP server. It may proxy registration requests to another registrar, depending upon the SIP registration proxy mode setting.
The Expressway acts as a SIP proxy server when SIP mode is enabled. The role of a proxy server is to forward requests (such as REGISTER and INVITE) from endpoints or other proxy servers on to further proxy servers or to the destination endpoint. If the Expressway receives a registration request for a domain for which it is not acting as a Registrar (the Expressway does not have that SIP domain configured), then the Expressway may proxy the registration request onwards. This depends on the SIP registration proxy mode setting, as follows:
Off: The Expressway does not proxy any registration requests. They are rejected with a “403 Forbidden” message.
Proxy to known only: The Expressway proxies the request in accordance with existing call processing rules, but only to known neighbor, traversal client and traversal server zones.
Proxy to any: This is the same as Proxy to known only but for all zone types i.e. it also includes ENUM and DNS zones.
If the Expressway receives a proxied registration request, in addition to the Expressway’s standard registration controls, you can also control whether the Expressway accepts the registration depending upon the zone through which the request was received. You do this through the Accept proxied registrations setting when configuring a zone. Proxied registrations are classified as belonging to the zone they were last proxied from. This is different from non-proxied registration requests which are assigned to a subzone within the Expressway.
The Expressway, as a SIP Presence Server, supports the SIP-based SIMPLE protocol. It can act as a Presence Server and Presence User Agent for any of the SIP domains for which it is authoritative. The Presence Server can manage the presence information for locally registered endpoints whose information has been received via a SIP proxy (such as another Expressway).
The SIP page (Configuration > Protocols > SIP) is used to configure SIP settings on the Expressway, including:
SIP functionality and SIP-specific transport modes and ports.
Certificate revocation checking modes for TLS connections.
Registration controls for standard and outbound registrations.
Table 3-3 contains the configurable settings for enabling SIP functionality and for configuring the various SIP-specific transport modes and ports:
Table 3-3 SIP Settings
The Domains page (Configuration > Domains) lists the SIP domains managed by this Expressway. A domain name can comprise multiple levels. Each level’s name can only contain letters, digits and hyphens, with each level separated by a period (dot). A level name cannot start or end with a hyphen, and the final level name must start with a letter. An example valid domain name is 100.example-name.com. You can configure up to 200 domains. (Note that you cannot configure domains on an Expressway-E.)
When the Expressway-C has been enabled for Unified Communications mobile and remote access, you must select the services that each domain will support. The options are:
SIP registrations and provisioning on Expressway: The Expressway is authoritative for this SIP domain. The Expressway acts as a SIP registrar for the domain (and Presence Server in the case of VCS systems) and accepts registration requests for any SIP endpoints attempting to register with an alias that includes this domain. The default is On.
SIP registrations and provisioning on Unified CM: Endpoint registration, call control and provisioning for this SIP domain is serviced by Unified CM. The Expressway acts as a Unified Communications gateway to provide secure firewall traversal and line-side support for Unified CM registrations. The default is Off.
IM and Presence Service: Instant messaging and presence services for this SIP domain are provided by the Unified CM IM and Presence service. The default is Off.
XMPP federation: Enables XMPP federation between this domain and partner domains. The default is Off.
Deployment: Associates the domain with the selected deployment, if there are multiple deployments. This setting is absent if there is only one deployment (there is always at least one).
Any domain configuration changes, when one or more existing domains are configured for IM and Presence services on Unified CM or XMPP Federation will result in an automatic restart of the XCP router on both Expressway-C and Expressway-E.
Describe Protocol Interworking on the Cisco Expressway
The Interworking page (Configuration > Protocols > Interworking) lets you configure whether or not the Expressway acts as a gateway between SIP and H.323 calls. The translation of calls from one protocol to the other is known as “interworking”.
By default, the Expressway acts as a SIP–H.323 and H.323–SIP gateway but only if at least one of the endpoints that are involved in the call is locally registered. You can change this setting so that the Expressway acts as a SIP–H.323 gateway regardless of whether the endpoints involved are locally registered. You also have the option to disable interworking completely.
The options for the H.323 <-> SIP interworking mode are:
Off: The Expressway does not act as a SIP–H.323 gateway.
Registered only: The Expressway acts as a SIP–H.323 gateway but only if at least one of the endpoints is locally registered.
On: The Expressway acts as a SIP–H.323 gateway regardless of whether the endpoints are locally registered.
We recommend that you leave this setting as Registered only. Unless your network is correctly configured, setting it to On (where all calls can be interworked) may result in unnecessary interworking, for example where a call between two H.323 endpoints is made over SIP, or vice versa.
Calls for which the Expressway acts as a SIP to H.323 gateway are Rich Media Session (RMS) calls. The Expressway always takes the media for SIP–H.323 interworked calls so that it can independently negotiate payload types on the SIP and H.323 sides and Expressway will re-write these as the media passes. Also, in a SIP SDP negotiation, multiple codec capabilities can be agreed (more than one video codec can be accepted) and the SIP device is at liberty to change the codec it uses at any time within the call. If this happens, because Expressway is in the media path it will close and open logical channels to the H.323 device as the media changes (as required) so that media is passed correctly.
When searching a zone, the Expressway first performs the search using the protocol of the incoming call. If the search is unsuccessful the Expressway may then search the zone again using the alternative protocol, depending on where the search came from and the Interworking mode. Note that the zone must also be configured with the relevant protocols enabled (SIP and H.323 are enabled on a zone by default).
If the request has come from a neighboring system and Interworking mode is set to Registered only, the Expressway searches the Local Zone using both protocols, and all other zones using the native protocol only (because it will interwork the call only if one of the endpoints is locally registered).
If Interworking mode is set to On, or the request has come from a locally registered endpoint, the Expressway searches the Local Zone and all external zones using both protocols.
SIP endpoints can only make calls in the form of URIs — such as name@domain. If the caller does not specify a domain when placing the call, the SIP endpoint automatically appends its own domain to the number that is dialed. If you dial 123 from a SIP endpoint, the search will be placed for 123@domain. If the H.323 endpoint being dialed is just registered as 123, the Expressway will not be able to locate the alias 123@domain and the call will fail. The solutions are to either:
Ensure all your endpoints, both H.323 and SIP, register with an alias in the form name@domain.
Create a pre-search transform on the Expressway that strips the @domain portion of the alias for those URIs that are in the form of number@domain.
We will dive into pre-search transforms in the upcoming Chapter 7 for more depth to accomplish this.
For SIP calls, the Expressway implements RFC 2833 for Dual-tone multi-frequency (DTMF) signaling in RTP payloads. For H.323 calls, the Expressway implements H.245 UserInputIndication for DTMF signaling. dtmf is the only supported UserInputCapability. Expressway does not support any other H.245 user input capabilities (eg. basicString, generalString). When the Expressway is interworking a call between SIP and H.323, it also interworks the DTMF signaling, but only between RFC 2833 DTMF, and the H.245 user input indicators “dtmf” and “basicString”.
The Expressway can also act as a gateway for calls between IPv4 and IPv6 devices. To enable this feature, select an IP protocol, under the IP page (System > Network interfaces > IP) of Both. Calls for which the Expressway is acting as an IPv4 to IPv6 gateway are traversal calls and require a Rich Media Session license.
Verifying Registration on the Cisco Expressway
For an endpoint to use the Expressway as its H.323 gatekeeper or SIP registrar, the endpoint must first register with the Expressway. The Expressway can be configured to control which devices are allowed to register with it by using the following mechanisms:
A device authentication process based on the username and password supplied by the endpoint
A registration restriction policy that uses either Allow Lists or Deny Lists or an external policy service to specify which aliases can and cannot register with the Expressway
Restrictions based on IP addresses and subnet ranges through the specification of subzone membership rules and subzone registration policies
You can use these mechanisms together. For example, you can use authentication to verify an endpoint’s identity from a corporate directory, and registration restriction to control which of those authenticated endpoints may register with a particular Expressway. You can also control some protocol-specific behavior, including:
The Registration conflict mode and Auto discover settings for H.323 registrations
The SIP registration proxy mode for SIP registrations
In a Cisco UCM deployment, endpoint registration for SIP devices may be provided by Unified CM. In this scenario, the Expressway provides secure firewall traversal and line-side support for Unified CM registrations. When configuring a domain, you can select whether Cisco Unified Communications Manager or Expressway provides registration and provisioning services for the domain.
H.323 systems such as gateways, Multipoint Control Units (MCUs) and Content Servers can also register with an Expressway. They are known as locally registered services. These systems are configured with their own prefix, which they provide to the Expressway when registering. The Expressway will then know to route all calls that begin with that prefix to the gateway, MCU or Content Server as appropriate. These prefixes can also be used to control registrations. SIP devices cannot register prefixes. If your dial plan dictates that a SIP device should be reached via a particular prefix, then you should add the device as a neighbor zone with an associated search rule using a pattern match equal to the prefix to be used.
When registering, the H.323 endpoint presents the Expressway with one or more of the following:
one or more H.323 IDs
one or more E.164 aliases
one or more URIs
Users of other registered endpoints can then call the endpoint by dialing any of these aliases.
You are recommended to register your H.323 endpoints using a URI. This facilitates interworking between SIP and H.323, as SIP endpoints register using a URI as standard.
You are recommended to not use aliases that reveal sensitive information. Due to the nature of H.323, call setup information is exchanged in an unencrypted form.
When registering, the SIP endpoint presents the Expressway with its contact address (IP address) and logical address (Address of Record). The logical address is considered to be its alias, and will generally be in the form of a URI.
An endpoint may attempt to register with the Expressway using an alias that is already registered to the system. How this is managed depends on how the Expressway is configured and whether the endpoint is SIP or H.323.
H.323: A H.323 endpoint may attempt to register with the Expressway using an alias that has already been registered on the Expressway from another IP address. You can control how the Expressway behaves in this situation by configuring the Registration conflict mode, on the H.323 page (Configuration > Protocols > H.323).
SIP: A SIP endpoint will always be allowed to register using an alias that is already in use from another IP address. When a call is received for this alias, all endpoints registered using that alias will be called simultaneously. This SIP feature is known as “forking”.
All endpoints must periodically re-register with the Expressway in order to keep their registration active. If you do not manually delete the registration, the registration could be removed when the endpoint attempts to re-register, but this depends on the protocol being used by the endpoint:
H.323 endpoints may use “light” re-registrations which do not contain all the aliases presented in the initial registration, so the re-registration may not get filtered by the restriction policy. If this is the case, the registration will not expire at the end of the registration timeout period and must be removed manually.
SIP re-registrations contain the same information as the initial registrations so will be filtered by the restriction policy. This means that, after the list has been activated, all SIP registrations will disappear at the end of their registration timeout period.
The frequency of re-registrations is determined by the Registration controls setting for SIP (Configuration > Protocols > SIP) and the Time to live setting for H.323 (Configuration > Protocols > H.323).
Check that all endpoints which are expected to be registered are actually registered to the relevant Expressway. And that they are registering the expected aliases. All successfully registered endpoints are listed on Status > Registrations > By device. If the expected endpoints are not registered, review the following items:
The endpoint’s registration configuration. Is it configured to register with the Expressway-E if located on the external network / internet, and to register with the Expressway-C if located on the internal network?
The SIP domains
Any registration restriction configuration applied to the Expressway.
In some cases, home endpoints may fail to register when using SRV records. This can happen if the endpoint uses the home router for its DNS server, and the router’s DNS server software doesn’t support SRV records lookup. (Also applies to the DNS server being used by a PC when Jabber Video is running on it.) If registration failure occurs, do either of the following:
Change the DNS server on the endpoint to use a publicly available DNS server which can resolve SRV record lookups. For example, Google - 8.8.8.8
Change the SIP server address on the endpoint to use the FQDN of a node in the Expressway cluster and not the cluster SRV record. So that the device performs an AAAA or A record lookup.
Exam Preparation Tasks
As mentioned in the section “How to Use This Book” in the Introduction, you have a couple of choices for exam preparation: the exercises here, Chapter 22, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep Software Online.
Review All Key Topics
Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 3-4 lists a reference of these key topics and the page numbers on which each is found.
Table 3-4 Key Topics for Chapter 3
Complete Tables and Lists from Memory
There are no Memory Lists of Tables for this chapter.
Define Key Terms
Define the following key terms from this chapter and check your answers in the glossary:
Cisco Unified Communications Manager (CUCM)
Dual-tone Multi-Frequency (DTMF)
Fully Qualified Domain Name (FQDN)
Instant Messaging and Presence (IMP)
Integrated Services Digital Network (ISDN)
International Telecommunications Union (ITU)
Registration, Admission, Status (RAS)
Real-time Transport Control Protocol (RTCP)
Real-time Transport Protocol (RTP)
Session Initiation Protocol (SIP)
Transmission Communication Protocol (TCP)
Transport Layer Security (TLS)
Uniform Resource Indicator (URI)
Extensible Messaging and Presence Protocol (XMPP)
Q&A
The answers to these questions appear in Appendix A. For more practice with exam format questions, use the Pearson Test Prep Software Online.
1. Define the ITU-T H.323 standard and its core protocols.
2. What are the option modes of interworking on the Cisco Expressway and what do they imply?
Answers
1. H.323 is a system specification that describes the use of several ITU-T and IETF protocols. The protocols that comprise the core of almost any H.323 system are:
H.225.0 - Registration, Admission and Status (RAS), which is used between an H.323 endpoint and a Gatekeeper to provide address resolution and admission control services
H.225.0 - Call Signaling, which is used between any two H.323 entities in order to establish communication based on Q.931
H.245 - control protocol for multimedia communication, describes the messages and procedures used for capability exchange, opening and closing logical channels for audio, video and data, control and indications
RTP/RTCP - sending or receiving multimedia information (voice, video, or text) between any two entities
2. The options for the H.323 <> SIP interworking mode are:
Off: The Expressway does not act as a SIP–H.323 gateway.
Registered only: The Expressway acts as a SIP–H.323 gateway but only if at least one of the endpoints is locally registered.
On: The Expressway acts as a SIP–H.323 gateway regardless of whether the endpoints are locally registered.