Monthly Archives: December 2015

Implementing Loop Prevention on CUBE

We work quite a lot with a single ITSP in our smaller deployments, but keep hitting a problem with number porting.  We’re repeatedly facing a problem whereby the number porting is done up front, and often in the case of BE6K installations includes numerous number ranges, BRI’s, analog extensions etc.  Often at the time of porting we need to account for 20+ different patterns across 5 or so sites.

The problem crops up when asking for all these ported patterns/ranges in a single list to place on the CUBE.  Quickly it appears that different people requested it, the porting requests were done piecemeal, etc – long story getting all the numbers up front can become a bit tricky.  Not that there is a good reason from it.  It’s a bit of a joke.  But this is what happens.

Come to porting, and we miss a pattern or five.  Now (my favourite part), the upstream provider for our ITSP starts crying because (and wait for it)… we have brought down their network.  They can’t seem to implement loop prevention, and somehow the looping that results from an inbound INVITE only matching the intended outbound dial-peers bombs the providers Media Server – but my little 2RU 2921 stands firm.  I kid you not. 🙂

So, after laughing for about 5min, let’s implement Loop Prevention on our side.  This can be done with COR Lists (vomit), but I prefer to use the newer features in IOS 15.4+, and stick to whats prescribed in the CVD BE6K Edge document.

Here’s the dial plan config that’s pretty much completely scalable – implemented with only 2 dial peers!

 

!
voice class uri 1 sip
host ipv4:<cucm-ip-sub-primary>
host ipv4:<cucm-ip-sub-secondary>
!
voice class uri 2 sip
host ipv4:<itsp-ip>
!
voice class e164-pattern-map 1
description *** To CUCM ***
e164 <internal-dn-range1>
e164 <internal-dn-range2>
e164 <internal-dn-range3>
!
voice class e164-pattern-map 2
description *** To ITSP ***
e164 .T
!
voice class dpg 1
dial-peer 100
!
voice class dpg 2
dial-peer 200
!
voice class server-group 1
ipv4 <cucm-ip-sub-primary>
ipv4 <cucm-ip-sub-secondary> pref 1
description *** CUCM ***
!
voice class server-group 2
ipv4 <itsp-ip>
description *** ITSP ***
!
dial-peer voice 100 voip
description *** CUCM ***
session protocol sipv2
session server-group 1
destination dpg 2
destination e164-pattern-map 1
incoming uri via 1
voice-class codec 1
dtmf-relay rtp-nte sip-kpml
no vad
!
dial-peer voice 200 voip
description *** ITSP ***
session protocol sipv2
session server-group 2
destination dpg 1
destination e164-pattern-map 2
incoming uri via 2
voice-class codec 1
voice-class sip bind control source-interface <external-interface>
voice-class sip bind media source-interface <external-interface>
no vad
dtmf-relay rtp-nte sip-kpml
!

 

Some Notes:

  • The loop prevention hinges on the face that you exclude dial peers using dial-peer groups.  An absolutely fantastic feature.
  • Outbound destinations are serviced by server groups – another brilliant addition.
  • Inbound matching is done using the URI Enhancements provided in 15.x and up
  • I tend to prefer to localize E.164 in CUCM for a Central Breakout Design.  I just like the extensible nature of Called and Calling Transformations.  I believe that this is more in line with the CVD/SRND – could be debated though.

 

A possible modification could drop the server groups (the limitation is that these only support IP), and instead route using DNS SRVs.  I like this approach a lot, and try and implement as such whenever possible.

What’s lovely about this is that the skeleton never changes – I get my patterns added to the e164 pattern map, adjust my IP’s and I’m good to go.

 

Voila!  CUBE implemented in under 5min.  Hope this helps some of you out there.

 

Tagged , , , , ,

Unity Call Extended for Recording Fails

While implementing an Auto Attendent today, we faced a challenge as the client did not want to pay for professional recordings, and needed to implement quickly.

If you’ve done the odd AA, you’ll know that this is a pretty common requirement.  Link to the docs is here.

However, when I did this in the usual way, I faced a call failure, with Error Code 5:

error5.png

 

A pretty useless error code then!  At this point I’m pretty convinced that my CUC config is good, so really it’s time to gather SDL traces and review…

I get an immediate hit in response to the SIP INVITE:

SIP/2.0 433 Anonymity Disallowed
Via: SIP/2.0/TCP 192.168.5.6:5060;branch=z9hG4bK14fda803a44a4d418c4f8301d3fec2b5
From: sip:192.168.5.5;tag=3387e2bbf6114e90b27738f525f251d6
To: sip:0255667787@192.168.5.5;tag=331164~0d10edf8-0553-4009-a728-c065d8394e46-24136465
Date: Mon, 07 Dec 2015 08:38:09 GMT
Call-ID: fedb03ec6b74449ab2dcc8031eb18dc0@192.168.5.5
CSeq: 200 INVITE
Allow-Events: presence
Server: Cisco-CUCM11.0
Session-ID: 00000000000000000000000000000000;remote=22bfe535e32fa04bbd9367a0ab331164
Reason: Q.850; cause=21
Content-Length: 0

 

Now if you’re experienced with SIP, you’ll know that cause=21 means a call rejection – so all call routing root causes are OUT.  CUCM had the ability to route the call, and chose not to.

If we inspect this SIP message (don’t even need to go the INVITE to analyze this one), we see that head From header done not include a user portion – host only!  Something is configured on CUCM to reject the anonymous calls.  Since this is dialling to a device – the first port of call is the DN, which showed this up immediately:

css.png

 

Removing the Reject Anonymous Calls checkbox resolved this immediately.  Silly me – had this set in my User Line Template used for Self-Provisioning! 🙂

 

However… this is not really an eloquent solution.  What if we MUST have the anon rejection in place?  Also – not very useful solution on a large cluster!

The better solution lies on CUC at the source – Setting the Contact Line Name on the Port Group.

 

When this was done, I noted that this correctly updated Contact, From and privacy headers as well.

 

#dontcalltac

 

Tagged , , , ,

Lua Script Solves Call Forward Masking

Had to implement an Auto Attendant in Unity today.  The client had a requirement to send after-hours calls out to the PSTN, but had to be routed in to their Call Centre, which had it’s own IVR which matched on calling number, that needed to be the switchboard number for their site.

Call Flow was as follows:

  1. Inbound call from PSTN
  2. CTI RP re-direct to Unity
  3. Unity Call Handler, with Close and Holiday transfer to 2nd Call Handler
  4. After-Hours Call Handler transfers back to After-Hours CTI RP
  5. After-Hours CTI RP as Call Forward to a PSTN number

 

The behavior that we see is controlled by SIP Trunk Calling Party Selection parameter, which is set to “Originator” by default:

pic1

 

The SIP INVITE sent to the CUBE looked like this:

INVITE sip:0112223344@mygateway.mydomain.com:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.5.5:5060;branch=z9hG4bK55cd222ad94e
From: <sip:0255667787@myhostname.mydomain.com>;tag=336868~0d10edf8-0553-4009-a728-c065d8394e46-24136542
To: <sip:0112223344@mygateway.mydomain.com>
Date: Mon, 07 Dec 2015 10:38:00 GMT
Call-ID: 94dfb980-66516188-5120-247410ac@192.168.5.5
Supported: 100rel,timer,resource-priority,replaces
Min-SE: 1800
User-Agent: Cisco-CUCM11.0
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY
CSeq: 101 INVITE
Expires: 180
Allow-Events: presence, kpml
Supported: X-cisco-srtp-fallback
Supported: Geolocation
Call-Info: <sip:192.168.5.5:5060>;method=”NOTIFY;Event=telephone-event;Duration=500″
Call-Info: <urn:x-cisco-remotecc:callinfo>;x-cisco-video-traffic-class=DESKTOP
Session-ID: 97632eb36d62419cbdc5fe71aa336867;remote=00000000000000000000000000000000
Cisco-Guid: 2497689984-0000065536-0000000110-0611586220
Session-Expires: 1800
Diversion: “After-Hours Re-Direct” <sip:**999@mydomain.com>;reason=unconditional;privacy=off;screen=yes
P-Asserted-Identity: <sip:0255667787@myhostname.mydomain.com>
Remote-Party-ID: <sip:0255667787@myhostname.mydomain.com>;party=calling;screen=yes;privacy=off
Contact: <sip:0255667787@192.168.5.5:5060>
Max-Forwards: 69
Content-Type: application/sdp
Content-Length: 227

v=0
o=CiscoSystemsCCM-SIP 336868 1 IN IP4 192.168.5.5
s=SIP Call
c=IN IP4 172.16.115.23
b=TIAS:8000
b=AS:8
t=0 0
m=audio 26842 RTP/AVP 18 101
a=rtpmap:18 G729/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

 

  • In this case the calling party is sent out at 0255667787.  We want this sent out as 0255667000 to me the client’s requirement.
  • To do this, we need to correct the From, PAI, RPID, and Contact headers
  • The Diversion Header contains the Internal DN of the CTI RP – not very pretty, and something that our ITSP may bark at!  We must change it.
  • The headers MUST ONLY be modified when the call is forwarded FROM THIS CTI RP – my “hook” here will be the offending Diversion header.

 

I opted for a Lua script.  I find complex SIP Profiles unwieldly, which could have been another option.  Vomit.

 

So, here’s the script that achieved it.  Pretty simple in fact:

M = {}

trace.enable()

function M.outbound_INVITE(msg)

— Input for script
local ctirpdn = scriptParameters.getValue(“ctirpdn”)
local mainnumber = scriptParameters.getValue(“mainnumber”)
local rdnis = scriptParameters.getValue(“rdnis”)

— Get Diversion header
local diversion = msg:getHeader(“Diversion”)

— Check if Diversion Header exists and if the CTI RP DN is matched
if diversion and diversion:find(ctirpdn) then
trace.format(“Successful match on diversion – applying masking”)

trace.format(“CTI RP DN is : %s”, ctirpdn)
trace.format(“Main Number is : %s”, mainnumber)

— Apply masking to affected headers – From, PAI, RPID, Contact
msg:applyNumberMask(“From”, mainnumber)
msg:applyNumberMask(“P-Asserted-Identity”, mainnumber)
msg:applyNumberMask(“Remote-Party-ID”, mainnumber)
msg:applyNumberMask(“Contact”, mainnumber)
— Apply masking to Diversion to mask internal CTI RP DN
msg:applyNumberMask(“Diversion”, rdnis)

end
end

return M

The bold script params were applied on the SIP Trunk.  I decided to use Unity as the forwarding station, as set this as the “rdnis”.  The key is the IF STATEMENT, that only applied changes if the CTI RP DN is matched in the header.  Otherwise, the script is skipped.

 

Now, for testing… Let’s open up RTMT and trace this in SDL:

 

 

03149762.001 |13:00:37.979 |AppInfo |//SIP/SIPUdp/wait_SdlSPISignal: Outgoing SIP UDP message to 192.168.1.3:[5060]:
[990360,NET]
INVITE sip:0112223344@mygateway.@mydomain.com:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.5.5:5060;branch=z9hG4bK5634188efa43
From: <sip:0255667000@myhostname.@mydomain.com>;tag=337995~0d10edf8-0553-4009-a728-c065d8394e46-24136584
To: <sip:0112223344@mygateway.@mydomain.com>
Date: Mon, 07 Dec 2015 11:00:37 GMT
Call-ID: bdb57e00-665166d5-516d-247410ac@192.168.5.5
Supported: 100rel,timer,resource-priority,replaces
Min-SE: 1800
User-Agent: Cisco-CUCM11.0
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY
CSeq: 101 INVITE
Expires: 180
Allow-Events: presence, kpml
Supported: X-cisco-srtp-fallback
Supported: Geolocation
Call-Info: <sip:192.168.5.5:5060>;method=”NOTIFY;Event=telephone-event;Duration=500″
Call-Info: <urn:x-cisco-remotecc:callinfo>;x-cisco-video-traffic-class=DESKTOP
Session-ID: 97632eb36d62419cbdc5fe71aa337994;remote=00000000000000000000000000000000
Cisco-Guid: 3182788096-0000065536-0000000119-0611586220
Session-Expires: 1800
Diversion: “After-Hours Re-Direct” <sip:0255667800@@mydomain.com>;reason=unconditional;privacy=off;screen=yes
P-Asserted-Identity: <sip:0255667000@myhostname.@mydomain.com>
Remote-Party-ID: <sip:0255667000@myhostname.@mydomain.com>;party=calling;screen=yes;privacy=off
Contact: <sip:0255667000@192.168.5.5:5060>
Max-Forwards: 69
Content-Type: application/sdp
Content-Length: 227

v=0
o=CiscoSystemsCCM-SIP 337995 1 IN IP4 192.168.5.5
s=SIP Call
c=IN IP4 172.16.115.23
b=TIAS:8000
b=AS:8
t=0 0
m=audio 22640 RTP/AVP 18 101
a=rtpmap:18 G729/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

 

Working perfectly! 🙂

 

#dontcalltac

 

 

 

 

Tagged , , , , , ,
Collaboration Engineer

All things Collaboration - Posts to save for when you need them

Gerry Keleghan's Blog

A Blog about Cisco Unified Communications

ccieme

my personal journey to ccie collaboration

Striving for greatness

Thoughts on emerging tech, open source, and life

Network Experts Blog

“Knowledge comes by eyes always open and working hands.”

SIP Adventures

A unified communications blog by Andrew Prokop

The Cloverhound Blog

Cloverhound Employees Talk Unified Communications and Contact Center

Warcop

Fog navigator. Get out of the clouds. Down to earth solutions. @Warcop

Cisco Collab Engineering Tips

Michael White - CCIE #26626

Darkroomstory

Photography by Manos,

afterthenumber

Thoughts and experiences of a Cisco Collaboration engineer after clearing the CCIE lab...

Longreads

The best longform stories on the web

The Daily Post

The Art and Craft of Blogging

The WordPress.com Blog

The latest news on WordPress.com and the WordPress community.