This chapter discusses the gateway protocols that Cisco CallManager uses to communicate with Cisco gateway and trunk devices.
The primary purpose of station devices is to provide telephony services to individuals, and the primary purpose of gateway devices is to connect telephony networks to each other. CallManager uses gateway devices to allow IP telephony users to connect to non-IP-enabled telephony networks such as the Public Switched Telephone Network (PSTN) or on legacy circuit-switched Private Branch Exchanges (PBX).
CallManager also uses IP-to-IP trunking to connect members in one CallManager cluster to other voice over IP (VoIP) networks. In addition, IP trunking is used to connect one CallManager cluster to another CallManager cluster when an enterprise deploys multiple clusters for scalability, geographical, or administrative reasons.
Because CallManager supports a variety of circuit-switched and VoIP protocols, one function it can serve in your network is as a protocol translator, to connect gateways that support different call signaling protocols.
This chapter includes the following sections:
“Architectural Overview of Trunk Devices” presents the general structure whereby CallManager supports voice gateways and IP trunks.
“Overview of Circuit-Switched Interfaces” discusses the analog and digital protocols that traditional telephony networks use to communicate with gateways associated with CallManager. This section also discusses a variant of Q.931 called QSIG, which is designed to foster feature transparency between PBXs.
“VoIP Gateway Security” briefly addresses the techniques you can use to provide for authenticated, authorized, and private communication from Cisco gateways.
“H.323 Gateways” discusses CallManager’s use of the H.323 ITU-T protocol for control of gateways. It describes the basic components of an H.323 network, the individual protocols that comprise H.323, and the use of CallManager intercluster trunks, which run a variant of H.323, to connect CallManager clusters together, either directly or via an H.323 gatekeeper. This section also provides a detailed breakdown of the fields in H.323 messages that CallManager supports.
“MGCP Gateways” discusses CallManager’s use of MGCP for control of VoIP-to-circuit-switched gateways.
“SIP” discusses CallManager’s support for the Session Initiation Protocol (SIP), which currently permits CallManager to connect in a basic way to SIP networks.
Appendix C, “Protocol Details,” provides detailed information for H.323, QSIG, and SIP signaling protocols. After reviewing this chapter, refer to Appendix C for additional, related information.
Figure 4-1 shows the block structure of CallManager. CallManager contains several signaling layers, each of which has distinct functions. For example, the Call Control Layer handles the call signaling that controls call setup, teardown, and call routing.
The software in the Media Control Layer coordinates all media connections that CallManager makes between devices. It can insert other media processing devices into a call and create appropriate streaming connections to those devices. As indicated in Chapter 1, “Cisco CallManager Architecture,” in the Cisco VoIP solution, the actual media always streams directly between the end devices involved in a call. However, CallManager can also insert other media processing devices into a call, such as audio transcoding and conference bridge resources, depending on the media requirements needed for each call. Chapter 5, “Media Processing,” contains more information about CallManager’s handling of media devices.
The Protocol and Aggregator Layers handle all protocol-specific signaling required for specific devices. These blocks serve to translate protocol-specific signaling into the internal signaling used to communicate with the Call Control and Media Control Layers.
Figure 4-1 indicates with shading the software layers and blocks within CallManager that this chapter describes. In particular, CallManager implements logic in the Protocol Layer to communicate with gateways via native VoIP signaling protocols such as H.225, MGCP, and SIP and logic in the Media Control Layer to handle H.245 media.
Figure 4-2 shows how gateway devices enable communication between CallManager and circuit-switched networks such as the PSTN. From a control point of view, Cisco VoIP gateways act very much like IP phones. They are VoIP endpoints that happen to mediate between the packet- and circuit-switched worlds.
Like IP phones, CallManager controls Cisco VoIP gateways using signaling control protocols (which in an Alice-to-Bob call answers the question “Does Bob want to talk to Alice?”) and media control protocols (which answers the question “How should Alice and Bob talk?”).
In the case of IP phones, the endpoint always terminates both the signaling and the media protocols. On the other hand, VoIP gateways, although they always terminate the media control protocol, sometimes simply pass through the signaling control protocol used by the circuit-switched network. This process is called backhauling.
To understand how a particular gateway interacts with CallManager, therefore, you need to concentrate mainly in two areas:
What protocol the gateway is using to connect to the circuit-switched network
What protocol the gateway is using to connect to CallManager
For connectivity between the gateway and the circuit-switched network, Cisco voice gateways support a range of traditional analog and digital interfaces.
The following section, “Overview of Circuit-Switched Interfaces,” discusses the analog and digital protocols that traditional telephony networks use to communicate with Cisco voice gateways.
For connectivity between CallManager and the VoIP gateway, CallManager supports four protocols:
Skinny Gateway Control Protocol (SGCP)—. The analogous protocol to Skinny Client Control Protocol (SCCP), which CallManager uses to provide signaling and media control functions for Cisco IP Phones. Cisco no longer sells any VoIP gateways that run SGCP, so this book doesn’t discuss this protocol in detail.
H.323—. An ITU-T recommendation that uses the ITU-T recommendations H.225 for signaling; H.245 for media control; and the Registration, Admission, and Status (RAS) protocol for registration and call admission. The section “H.323 Gateways” goes into detail about this protocol.
Media Gateway Control Protocol (MGCP)—. An IETF standard protocol, defined in RFCs 2705 and 3435 among others, that uses a text-based protocol to permit a Media Gateway Controller (MGC)—a function that CallManager fulfills—to establish and tear down calls. MGCP messages provide good media control messages and some rudimentary signaling messages. The section “MGCP Gateways” describes this protocol.
Session Initiation Protocol (SIP)—. An IETF standard related to Hypertext Transfer Protocol (HTTP) that uses a text-based protocol for both signaling and, via Session Description Protocol (SDP) bodies, media control. The section “SIP” describes this protocol.
Interfaces to the PSTN come in two flavors—analog and digital.
In analog interfaces, a microphone directly converts voice energy into electrical energy on a wire, while a speaker on the far end of the wire converts the electrical signal back into voice energy. The underlying voice technology does not differ significantly from that used since the beginning of the twentieth century.
In digital interfaces, voice energy from the speaker is sampled by the phone and converted into a sequence of binary numbers (a process called analog-to-digital conversion [ADC]). The bits in these binary numbers are then encoded on to the wire in sequence, with zeroes representing one voltage level and ones representing a different voltage level. A digital-to-analog converter (DAC) in the receiving device can then convert the numbers back into a close approximation of the original voice energy.
Because the voice information is first being encoded, digital systems can interleave nonvoice information in the information stream sent to the other end of the wire. This interleaving allows digital interfaces to support signaling protocols (which allow the phone system to deal with a wider variety of call scenarios than traditional analog techniques) and signaling information (such as reasons for call clearing, calling name and number, and called name and number).
Analog interfaces come in three flavors:
Foreign Exchange Station (FXS)
Foreign Exchange Office (FXO)
Ear and Mouth (E&M)
The sections that follow describe these interfaces in more detail.
FXS/FXO signaling is the most common type of signaling used by residential phones. FXS/FXO signaling can also be used for trunk connections between two PBXs or between a PBX and a central office switch. When connecting analog devices using these interfaces, always pair an FXO device on one end to an FXS device on the other end; two FXS or FXO devices cannot directly communicate. In a residence, the RJ-11 wall jack provides an FXO interface to the analog phone, and in the switching office (or concentrator), a corresponding FXS interface exists to connect the switch to the phone.
FXS/FXO signaling is carried over a pair of wires, twisted to permit the signal to carry over a longer distance. The pair of wires comprises a single circuit, which is always connected in the switch (which provides electricity to the circuit via a battery or electrical ground connection) and which is only connected in the phone when the phone is off-hook.
Signaling occurs via making and breaking the circuit. Two major signaling schemes exist: loop-start signaling and ground-start signaling.
In loop-start signaling, which is the kind most commonly used in residential service, when the phone goes off-hook, the circuit is closed, and the central office detects the change in current. The central office then inserts tone detectors to collect the digits, which are sent as tones on the wire. When offering calls, the switch applies ring voltage to the line and, when voltage changes when the user answers and completes the circuit, connects the user through to the caller.
All the preceding discussion talks about phones, even though this is the trunks chapter. What gives?
In a CallManager cluster, when you deploy gateways running loop-start FXO signaling, CallManager essentially emulates a standard home phone. So, when a user places a call to the PSTN from a Cisco 79xx series IP Phone, when the gateway receives the call, it simply takes the FXO interface off-hook. Similarly, when the IP Phone user hangs up, the analog gateway simply goes back on-hook.
In a residential environment, the central office always leaves its part of the loop-start circuit connected. Only the phone side of the circuit actually hangs up on a call by breaking the circuit; in effect, the central office has no way to hang up on the phone side. The loop-start signaling scheme, thus, relies on a user’s physical presence at the phone to recognize that the far end has hung up (a valediction such as “goodbye,” silence on the line, impatience, or other purely human reasons) and to disconnect the circuit. In other words, an FXO loop-start interface lacks disconnect supervision, because the FXS interface can’t hang up (discounting more recent techniques such as power denial and battery reversal, which certain analog devices, by convention, can interpret as a disconnection by the far end).
As a result, when a machine, such as a packet- to circuit-switched gateway is playing the part of the user, scenarios arise in which the gateway doesn’t realize that the far end has hung up and therefore leaves the call connected. In extreme cases, such as when an incoming FXO call is transferred back out another FXO gateway, the circuits can be taken permanently out of service (and potentially a large phone bill rung up).
Cisco gateways provide a variety of ways to deal with the lack of disconnect supervision on FXO loop-start trunks. The Cisco Press book Troubleshooting Cisco IP Telephony goes into more detail about the sorts of problems that can arise with the lack of disconnect supervision and possible solutions.
Unlike loop-start signaling, ground-start signaling does not suffer from the lack of disconnect supervision. In ground-start signaling, the gateway on the FXO interface can detect changes in the current, and the FXS side of the connection changes its behavior to indicate disconnection.
Table 4-1 indicates the Cisco gateways that offer FXS and FXO interfaces.
Table 4-1. Cisco Gateways/VICs That Offer FXS/FXO Interfaces
Gateway Model | Gateway Control Protocol |
|---|---|
Cisco IOS Integrated Routers | |
Cisco 1750 | MGCP, H.323, SIP |
Cisco 1751 | MGCP, H.323, SIP |
Cisco 1760 | MGCP, H.323, SIP |
Cisco 1800 series | MGCP, H.323, SIP |
Cisco 2600 series | MGCP, H.323, SIP |
Cisco 2800 series | MGCP, H.323, SIP |
Cisco 3600 series | MGCP, H.323, SIP |
Cisco 3700 series | MGCP, H.323, SIP |
Cisco 3800 series | MGCP, H.323, SIP |
Cisco Standalone Voice Gateways | |
Cisco Voice Gateway 200 (VG200) | MGCP, H.323, SIP |
Cisco Access Analog Trunk Gateway (AT-2, AT-4, AT-8) | Skinny Gateway Control Protocol |
Cisco Access Analog Station Gateway (AS-2, AS-4, AS-8) | Skinny Gateway Control Protocol |
Cisco VG224 Analog Phone Gateway | Skinny Client Control Protocol |
Cisco VG248 Analog Phone Gateway | Skinny Client Control Protocol |
Cisco IAD2420 | MGCP |
Cisco Catalyst Voice Gateway Modules | |
Cisco Catalyst 4000 Access Gateway Module (WS-X4604-GWY) | MGCP, H.323, SIP |
Cisco Catalyst 4224 Voice Gateway Switch | MGCP, H.323, SIP |
Cisco Catalyst 6000 24-Port FXS Analog Interface Module (WS-X6624-FXS) | MGCP |
Cisco Communication Media Module (WS-X6600-24FXS) | MGCP |
E&M interfaces are most commonly used on PBXs. Unlike FXO/FXS interfaces, E&M trunks rely on a four-wire, six-wire, or eight-wire circuit.
In E&M signaling, two of these wires—E and M—are used to communicate signaling information. From a practical standpoint, this means that E&M trunks don’t suffer from the disconnect supervision issues that can trouble FXS/FXO deployments and that a condition called glare can occur. Glare occurs when both sides of the wire simultaneously go off-hook on the interface. Glare avoidance allows one or the other side to back down gracefully.
Table 4-2 lists Cisco gateways/VICs that support E&M interfaces.
Table 4-2. Cisco Gateways That Offer E&M Interfaces
Gateway Model | Gateway Control Protocol |
|---|---|
Cisco IOS Integrated Routers | |
Cisco 1751 | MGCP, H.323, SIP |
Cisco 1760 | MGCP, H.323, SIP |
Cisco 1800 series | MGCP, H.323, SIP |
Cisco 2600 series | MGCP, H.323, SIP |
Cisco 3600 series | MGCP, H.323, SIP |
Cisco 3700 series | MGCP, H.323, SIP |
Cisco 3800 series | MGCP, H.323, SIP |
Cisco Standalone Voice Gateways | |
Cisco Voice Gateway 200 (VG200) | MGCP, H.323, SIP |
Cisco Catalyst Voice Gateway Modules | |
Cisco Catalyst 4000 Access Gateway Module (WS-X4604-GWY) | MGCP, H.323, SIP |
Cisco Catalyst 4224 Voice Gateway Switch | MGCP, H.323, SIP |
Digital interfaces come in three basic flavors:
Channel Associated Signaling (CAS) trunks
Basic Rate Interface (BRI) trunks
Primary Rate Interface (PRI) trunks
In addition, PRI trunks can run a protocol called QSIG, which fosters feature interoperability between PBXs.
What is the common characteristic of these interfaces? They’re based on the concepts of time-division multiplexing (TDM) and pulse code modulation (PCM).
Using analog technologies, if you want to support 24 simultaneous active calls, you must pull 24 sets of wires from your service provider into your enterprise.
Reducing the number of wires required to manage multiple conversations necessarily means that somehow these conversations need to be able to learn how to share the capacity of a single wire. In the 1960s, Bell System introduced the T-carrier system, which defines exactly how this task can be done. A different system, the E-carrier system, is used in Europe.
The T-carrier system depends on TDM. In TDM, the idea is each user of a particular facility must “take turns” communicating.
Figure 4-3 captures the essence of the stratagem.
Assume that Alice and Bob are conversing and Carol and Dave are conversing. Alice and Carol must share the same communications facility. They both want to encode a sentence to send to their respective partners.
If Alice were to say her entire sentence before Carol could start to say her sentence, the conversations would be full of long pauses. Instead of encoding full sentences, however, the communication could be broken into smaller bits; then Alice and Carol could communicate simultaneously. This process of breaking communications into a small piece is the process of sampling.
Assume that Alice and Carol, in the space of one second, say exactly a single word and that the system is breaking the communications into one-second samples. Each sample, therefore, contains a single word.
Also assume that the communications facility between the women and the men is capable of transmitting two samples every second.
To prevent Alice’s and Carol’s conversations from becoming hopelessly entangled, Alice and Carol can take turns putting their samples into the communication facility.
If by prior arrangement Alice places her samples into the communications facility in odd-numbered turns and Carol places her samples into the communications facility in even-numbered turns, all the information can be encoded into the same stream in the jumbled yet orderly fashion depicted.
Then, if also via the prior arrangement, Alice’s partner Bob agrees to listen to the communications facility only on odd-numbered turns and Carol’s partner Dave agrees to listen to the communications facility only on even-numbered turns, Bob and Dave can extract the original utterance.
In the encoding scheme listed in Figure 4-3, the single facility shared by Alice and Carol is effectively divided into two independent virtualized circuits or channels. Furthermore, in any given second, two samples of information are being communicated—Alice’s during the first half-second and Carol’s during the second half-second. When Alice and Carol have both taken a turn, the words they transmitted—one from Alice and one from Carol—are called a frame.
According to a theory called Nyquist’s theorem, to accurately encode an analog audio signal into a digital system and then accurately resynthesize the analog version, the frequency with which you must sample the signal must be at least twice the highest frequency present in the original analog signal. The spoken voice’s highest frequency is around 3500 cycles per second. Rounding to 4000 cycles per second for good measure (and friendly math) and then doubling the sample rate for digital encoding yields 8000 samples per second.
Chapter 1 introduced codecs, which are different encoding schemes for converting analog speech into digital information. One of these codecs, G.711, uses PCM encoding. For each sample in a block of 8000 samples, PCM converts the analog frequency to a value between 0 and 255—in binary, this is an 8-bit number in the range 00000000 to 11111111. Therefore, one second’s worth of encoded audio contains 64,000 bits of information.
The original T-carrier system was therefore designed around units of 64,000 bits per second. The base unit, called a DS0, has a rate of transmission sufficient to carry a single PCM-encoded audio stream in real time; other interfaces are named in ascending order and correspondingly carry multiple DS0s worth of traffic. Table 4-3 presents the T-carrier classifications.
T-carrier classifications align with the DS classifications, so a T1 is also called a DS1.
E-carrier classifications don’t line up directly with the DS system. Table 4-4 presents the number of DS0s provided by the different E-carrier classifications.
To recap, one second of speech encoded as PCM requires 64,000 bits of data, and each DS0 provides a transmission rate of 64,000 bits per second. The higher grade the interface, the more active channels it supports. So why exactly can one trunk interface support more channels than another?
Well, when a digital interface is transmitting a bit of information, what is really happening is that the interface is changing the voltage level on the line. This voltage change is transmitted down the line at light speed and detectors on the other side are monitoring the voltage changes. It’s like a message being transmitted via Morse code, in which dots represent one voltage level (or levels) and dashes represent another voltage level. The faster the voltage levels change, the more sophisticated the equipment needs to be in order to make sure that no bits are “skipped.”
The need to avoid “skipping bits” has another effect on the transmission of digital information. More information than just the sampled voice data is transmitted across the pipe. As mentioned in Figure 4-3, Bob and Dave can recover Alice’s and Carol’s conversation by agreeing, respectively, to listen to the first and second channels within a given frame. But by peeking at the wire, how is Bob to know which is the first frame and which is the second frame?
Bob drives his decision as to which channels are which by looking at his watch. In a perfect world, Alice is putting her sample on the communications facility during the first half of every second and Bob should be pulling his off in the first half of every second. But if Bob’s watch is just a smidgen fast or slow, pretty soon he’ll be pulling samples off of the communications facility at the end, not the beginning, of every second.
Therefore, digital trunks always reserve some of the bandwidth to encode framing bits, whose purpose is specifically to synchronize the clocks of the transmitter and receiver.
Finally, given that control information such as call signaling, caller ID, and called number information can also be encoded as a series of bits, digital trunks usually have a way of encoding information in addition to the voice samples being communicated.
So, to summarize, over a digital trunk
Every 1/8000 of a second, Alice’s, Carol’s, and, on a T1, 22 of their friends’ voices are sampled and encoded using PCM into an 8-bit number.
Each sample is interleaved on the wire at a specific moment in times, a process called TDM.
When all the samples have been transmitted, the system adds a framing bit, the purpose of which (among other things) is to eliminate clock slippage.
CAS is a digital protocol that can emulate loop-start, ground-start, or E&M trunks. In CAS signaling, call events are signaled directly in the same channels that the voice bearer data uses.
Figure 4-4 presents a sample T1 frame. T1 interfaces support 24 channels of information, each capable of carrying 8 bits of information at a time. Thus, each T1 frame can carry one 1/8000 second PCM sample for up to 24 speakers.
Adding a framing bit yields the following:
8 × 24 + 1 = 193 bits per frame
In order not to “fall behind” the sampler, each second, a T1 must be able to serialize 8000 samples for 24 speakers. In other words, a T1 can serialize 8000 193-bit frames per second. This capacity amounts to 1,544,000 bits per second for a T1, which is more commonly written as a rate of 1.544 kbps.
CAS trunks group frames into yet larger groups called superframes. One framing strategy called Superframe (SF) formatting groups frames into groups of 12; a framing strategy called Extended Superframe (ESF) formatting groups frames into groups of 24.
Each frame in the superframe still has its framing bit. In SF formatting, this means that every superframe contains 12 bits of information that can be used to communicate information outside of the actual sampled audio, while in ESF formatting, every extended superframe contains 24 bits of information that can be used to communicate information outside of the sampled audio. At 8000 frames per second on T1, 666 SF superframes or 333 ESF superframes can be sent.
With 24 channels, signaling events might need to be communicated for any of 24 current calls. So CAS uses bits from the bearer channels to flag the system when a particular channel has a signaling event to communicate. Instead of using the eighth bit of any given sample to communicate actual audio information, the eighth bit of specific samples is used to communicate a signaling event.
In SF formatting, the low-order bits of each sample in the sixth frame is called the A bit, and the low-order bits of each sample in the twelfth frame is called the B bit. ESF formatting uses these bits as well as the low-order bits in the eighteenth frame (the C bit) and the low-order bits in the twenty-fourth frame (the D bit).
This robbed bit has little effect on an audio call. In any given 8-bit sample, the eighth bit is the least-significant bit. For example, if the 8-bit value 01010100 (decimal 40) were changed to 01010101 (decimal 41), the human ear would be unlikely to notice a difference. For circuit-switched data, however, even a difference of 1 bit could corrupt a file.
Therefore, when circuit-switched data is sent over T1 CAS interfaces, the eighth bit in a channel cannot be meaningfully used to carry information. As a result, T1-CAS supports at most a transfer rate of 56 kbps for circuit-switched data connections.
Table 4-5 presents the gateways/VICs that support CAS interfaces.
Table 4-5. Cisco Gateways That Offer CAS Interfaces
Gateway Model | Gateway Control Protocol |
|---|---|
Cisco IOS Integrated Routers | |
Cisco 1800 series | H.323, MGCP, SIP |
Cisco 2600 series | MGCP, H.323, SIP |
Cisco 2800 series | MGCP, H.323, SIP |
Cisco 3600 series | MGCP, H.323, SIP |
Cisco 3700 series | MGCP, H.323, SIP |
Cisco 3800 series | MGCP, H.323, SIP |
Cisco 7200 | H.323 |
Cisco 7500 | H.323 |
Cisco AS5300 | H.323 |
Cisco AS5350 | H.323 |
Cisco AS5400 | H.323 |
Cisco AS5850 | H.323 |
Cisco Standalone Voice Gateways | |
Cisco Voice Gateway 200 (VG200) | MGCP, H.323, SIP |
Cisco Access Digital Trunk Gateway DT-24+ | MGCP |
Cisco IAD2420 | MGCP |
Cisco Catalyst Voice Gateway Modules | |
Cisco Catalyst 4000 Access Gateway Module (WS-X4604-GWY) | MGCP, H.323, SIP |
Cisco Catalyst 4224 Voice Gateway Switch | MGCP, H.323, SIP |
Cisco Catalyst 6000 8-Port Voice T1/E1 and Services Module (WS-X6608-T1) | MGCP |
Cisco Communication Media Module (WS-X6600-6T1) | MGCP |
Both BRI and PRI are digital protocols based on the ITU-T specifications Q.921 and Q.931, which form the basis for the Integrated Services Digital Network (ISDN). ISDN is an end-to-end digital network capable of supporting voice and data connections.
Strictly speaking, this end-to-end connection is rarely provided solely via BRI and PRI. BRI and PRI are interfaces that the specifications implicitly assume operate only at the edge of a carrier network. In other words, BRI and PRI simply handle the last mile of connectivity from your service provider to your equipment. Q.931 defines two roles, network and user, to participants in a Q.931 signaling exchange, and service providers invariably take on the role of the network. The user and network roles effectively correspond to the roles of client and server.
However, in enterprise telephony deployments, ISDN connections are often used to connect premise equipment not only to the PSTN but also to other equipment owned by the enterprise. In such cases, the enterprise must denote one side of the interface as the user side and the other as the network side, although in practice the relationship between the switches is usually more peer to peer in nature.
For any digital protocol to be successful, it is mandatory that signals encoded by one end of a signaling link be transmitted reliably to the other end of the link. In ISDN, Q.921 fulfills this role.
Q.931 is the protocol that fulfills the requirements of both the signaling and media control phases of a call. That is, in a call from Alice to Bob, it answers the questions “Does Bob want to talk to Alice?” and “How should Bob talk to Alice?”
Unlike analog protocols, digital protocols foster the exchange of out-of-band information about a particular communication session. For example, in traditional analog caller ID, to get the identity of the caller to display on a residential phone, the information isn’t sent directly within the FXO signaling itself, which is really only capable of managing off-hook and on-hook events. Rather, traditional caller ID is sent by the PSTN in between the first and the second rings of the phone using a modem signal. That is, caller ID-capable phones incorporate a special-purpose modem to decode the provided name and number and display it.
Inherently digital interfaces such as BRI and PRI don’t need to go to such lengths. Rather, ISDN encodes information such as calling number, calling name, codec type, clearing causes, and tone information directly in the Q.931 signaling.
Figure 4-5 depicts the Q.931 signaling sent when a user (with directory number 1000) connected to a switch via an ISDN connection dials 2000, a number associated with another user connected via an ISDN to a different switch. (The protocol used to connect the switches to each other.)
Unlike CAS, BRI and PRI use Common Channel Signaling (CCS). With CCS, one of the 24 channels (or, for E1-PRI, 32 channels) is reserved specifically for signaling.
Each ISDN span supports different combination of channels. D channels have a rate of 64 kbps (16 kbps for BRI) and carry the signaling required to set up calls (Q.921 and Q.931). B channels have a rate of 64 kbps and carry the actual circuit-switched voice or data.
BRI is designed for residential users and supports two B and one D channels. The flow depicted in Figure 4-5 is consistent with a BRI connection, because it demonstrates the caller’s switch collecting dialed digits one at a time from the caller.
PRI, on the other hand, is enterprise oriented. It’s less about connecting individual user devices to a network and more about connecting switches to each other. PRI comes in two main formats, T1 and E1.
In North America, PRI is deployed over T1 trunks and supports 23 B and 1 D channels; however, in Europe, PRI is deployed over E1 trunks and supports 30 B and 1 D channel (sometimes with a backup D channel).
Note
Using a technique called non-facility associated signaling (NFAS), multiple digital circuits can be grouped so that all share the D channel of one member of the group. This technique frees up the D channels of the trunks in the other groups for voice traffic. Cisco gateways support this technique when running H.323 or SIP, but CallManager does not yet support it for MGCP.
For the most part, BRI and PRI provide a signaling interface that is sufficient to handle basic calls. The Q.932 standard adds extensions that permit ISDN switches to provide PBX features to the digital phones they serve. However, although Q.932 permits an ISDN user to invoke features, Q.932 doesn’t ensure that the feature operates transparently when the users involved in the feature are served by different switches. For instance, if Alice calls Bob, and Bob transfers Alice to Charlie, in many cases, Alice’s display won’t reflect that she is now talking with Charlie.
A PRI variant called QSIG provides a sophisticated infrastructure that allows features to interoperate transparently. CallManager supports the QSIG protocol both across MGCP gateways and from cluster to cluster using H.323 tunneling of QSIG. The section “QSIG” later in the chapter provides more details.
Table 4-6 lists the Cisco gateways that support PRI interfaces.
Table 4-6. Cisco Gateways That Offer BRI and PRI
Gateway Model | Gateway Control Protocol |
|---|---|
Cisco IOS Integrated Routers | |
Cisco 1760 | MGCP, H.323, SIP |
Cisco 2600 series | MGCP, H.323, SIP |
Cisco 2800 series | MGCP, H.323, SIP |
Cisco 3600 series | MGCP, H.323, SIP |
Cisco 3700 series | MGCP, H.323, SIP |
Cisco 3800 series | MGCP, H.323, SIP |
Cisco 7200 | H.323 |
Cisco 7500 | H.323 |
Cisco AS5300 | H.323 |
Cisco AS5350 | H.323 |
Cisco AS5400 | H.323 |
Cisco AS5850 | H.323 |
Cisco Standalone Voice Gateways | |
Cisco Voice Gateway 200 (VG200) | MGCP, H.323, SIP |
Cisco Access Digital Trunk Gateway DE-30+ | MGCP |
Cisco Access Digital Trunk Gateway DT-24+ | MGCP |
Cisco Catalyst Voice Gateway Modules | |
Cisco Catalyst 4000 Access Gateway Module (WS-X4604-GWY) | MGCP, H.323, SIP |
Cisco Catalyst 4224 Voice Gateway Switch | MGCP, H.323, SIP |
Cisco Catalyst 6000 8-Port Voice T1/E1 and Services Module (WS-X6608-T1) (WS-X6608-E1) | MGCP |
Cisco Communication Media Module (WS-X6600-6T1) (WS-X6600-6E1) | MGCP |
Layer 3 timers permit CallManager to recover from errors in the Q.931 interface. This section describes the ISDN Q.931 timers that CallManager uses. In MGCP gateways, CallManager terminates the Layer 3 signaling; however, H.323 gateways terminate the Layer 3 signaling from the attached circuit-switched network, so these timers have no effect there. Instead, H.323 gateways use H.225 timers to achieve the same results, because H.323 emulates Q.931 messages over the H.225 protocol.
Table 4-7 shows the configurable timers that CallManager uses for gateway Layer 3 Q.931 processing. The table provides default values for each parameter, but parameters are user-configurable.
Table 4-7. Layer 3 Timers
Parameter | Default Time (in Seconds) | Timer Description |
|---|---|---|
TimerT301 | 180 | Starts when CallManager receives a ringing indication from a terminal (or network) to which it has offered a call; stops when it receives an answer indication. |
TimerT302 | 10 | Starts when CallManager receives a dialed digit (INFO) from a calling terminal; stops when CallManager has collected enough digits to route the call. |
TimerT303 | 10 | Starts when CallManager sends a call setup request (SETUP) to a terminal; stops when it receives any message in response (PROCEED, ALERTING, PROGRESS, CONNECT). |
TimerT304 | 20 | Starts when CallManager forwards digits from a caller to another network in an overlap dialing scenario (INFO); stops when CallManager receives an indication that the attached network has received enough digits to route (PROCEED). |
TimerT305 | 30 | Starts when CallManager initiates clearing to a terminal with DISCONNECT; stops when it receives a clearing acknowledgement (RELEASE). |
TimerT306 | 30 | Starts when CallManager initiates clearing to a terminal with a DISCONNECT containing a progress indicator; stops when it receives a clearing acknowledgement (RELEASE). |
TimerT308 | 4 | Starts when CallManager issues a release message to a terminal (RELEASE); stops when it receives a final clearing acknowledgement (RELEASE CONFIRM). |
TimerT309 | 90 | Starts when CallManager detects a problem with the data link; stops when the data link recovers. |
TimerT310 | 20 | Starts when CallManager receives an indication that an attached network can route the provided digits (PROCEED); stops when the called device rings or answers (ALERTING, PROGRESS, or CONNECT). |
TimerT313 | 4 | Starts when CallManager answers a call (CONNECT); stops when the interface acknowledges the connection (CONNECT ACK). |
TimerT316 | 120 | Starts when CallManager issues a RESTART on an ISDN facility; stops upon receiving an acknowledgement (RESTART ACK). |
TimerT317 | 300 | Starts when CallManager receives a RESTART; stops when associated interface has been purged. |
TimerT321 | 30 | Starts when CallManager detects a link issue; stops upon restoration of the link. |
TimerT322 | 4 | Starts when CallManager issues a STATUS ENQUIRY to discover the state of the connected channel; stops upon receipt of a response (STATUS). |
QSIG is an ISDN-based protocol that has its roots in standards originally defined by the European Computer Manufacturing Association (ECMA). ECMA submitted the drafts for QSIG to the International Standards Organization (ISO) for standardization.
QSIG defines a framework by which different vendor call agents (called a PINX [Private Integrated Services Network Exchange] in QSIG) can provide feature transparency among each other in a privately owned network (called a PISN [Private Integrated Services Network] in QSIG).
What is feature transparency? Basically, it comes down to the ability, from a feature point of view, to make multiple call agents appear as a single call agent. So if a transfer is performed on one PINX in the PISN, the newly connected party information shows up on the display of the transferred party, even if the transferred party is served by a different PINX in the PISN. Feature transparency also allows PINXs to remove hairpins from transferred and forwarded calls and to monitor the state of endpoints served by different PINXs in the PISN.
But QSIG isn’t really just a collection of definitions of feature flows that vendors agree to adhere to for interoperability. Okay, it is that, but it’s also a framework for providing the transparency.
Digital protocols such as PRI and BRI are based on Q.931. Although Q.931 is an excellent protocol for establishing basic calls, it isn’t designed for end-to-end feature operation. Its purpose is the establishment of end-to-end connections.
Early versions of Q.931 did try to put actual support for features in the protocol. For instance, early versions of Q.931 supported a TRANSFER message, and Q.932 provides messages for HOLD and RETRIEVE and a method of passing feature button presses to the serving switch. But it quickly became clear that, although it was possible for vendors to agree on ways that basic calls should be processed, every vendor’s feature set was quite different and quite extensive and having to revisit and extend the definition of the protocol that was simply designed to manage placing basic calls would ultimately be unworkable. For example, should Q.931 have implemented a CALLBACK message? A CALL PICKUP message? A GROUP CALL PICKUP message?
QSIG, therefore, although it defines a specific basic call message flow, is notable in that its basic call messaging provides for information to be passed in basic call messages that the protocol logic is meant to be specifically ignorant of.
QSIG relies on some of the same principles underlying the IP infrastructure that makes up the Internet. Figure 4-6 demonstrates a simple IP network.
In the world of IP communications, the function of the network is to permit applications to talk to each other. To oversimplify dramatically, the world can be divided into applications and routers. Both applications and routers are assigned IP addresses, but the only IP addresses of consequence are the IP addresses associated with the applications. The router’s IP addresses are simply the glue that connects application to application.
In the world of IP, applications must often communicate data across a long distance, perhaps as a part of a client/server relationship. The Internet works because it provides a framework by which the applications don’t really care how that data gets from the client to the server and by which the routers don’t care what data is actually communicated from end to end.
IP does this by providing a system for encapsulating opaque data. Application data is broken into chunks and then “stuffed” into “envelopes” on which the address of the terminating address is “written.” When delivering a packet thus addressed, the routers simply look at the address on the packet without having to decode any of the information it contains. The packet contents are strictly for the applications themselves to understand.
The feature model in a QSIG network is very much like a client/server model for applications in an IP network. Before the creation of the QSIG feature framework, features were self-contained within a particular PBX. For instance, Figure 4-7 demonstrates a traditional call forward operation in a non-QSIG framework.
In Figure 4-7, if Alice on PBX 1 were to call Bob on PBX 2 and Bob were to forward his call to Charlie on PBX 1, the feature operation would typically occur wholly within PBX 2—PBX 2 would simply extend a new call back to PBX 1. PBX 1 would be unlikely to realize that Alice’s outbound call had been forwarded, and it would be unlikely to realize that the inbound leg from PBX 2 to Charlie was actually the same call as Alice’s outbound call.
Even though, before QSIG, PBX vendors needed to solve the problem of “How should Charlie’s phone display that the call is from Alice and was originally to Bob?” these solutions typically involved adding vendor-specific fields to the Q.931 signaling. That is, features were transparent if all the vendor equipment was identical, but, when mixing equipment, phone displays didn’t update after feature invocations. And, note that, even if the display information could be communicated from PBX 1 to PBX 2, the method of extending call legs in the forward direction to effect features means that the call signaling and (in a circuit-switched network) media hairpins. Thus two circuits are used in a call that ultimately would have required no circuits at all.
QSIG changes this feature model considerably. QSIG looks at the problem of communicating information between switches as the problem of communication information between actual applications that happen to be running on the call agent. For instance, in a message waiting scenario in which a voice mail system attached to one call agent needs to light a lamp on a phone connected to another call agent, QSIG wonders “What if there were a message waiting client feature on the switch that is hosting the voice mail whose job is, when asked by the voice mail system, to issue a message waiting application message to a message waiting server feature on another call agent, which, in turn, could actually light the lamp on the phone?” Figure 4-8 illustrates this model.
Figure 4-8 depicts a PISN of PBXs. It depicts two message waiting indicator (MWI) features, a client and a server. Although the picture illustrates these features as outside of the PBXs, in practice PBXs contain these features. When the message waiting feature client receives a lamp-on command from the voice mail system for extension 1212, it wants to communicate this command to the MWI feature “server” in the node in the PISN that actually controls extension 1212.
To accomplish this, the MWI client encodes the command to activate the message waiting indicator and then asks the call control component—the part of the call processing software that handles basic call setup, typically using an ISDN protocol such as Q.931—to wrap the MWI activation command in an envelope and deliver it to the PINX that serves extension 1212.
Then, using the same call routing logic that would operate when routing a basic call to the node controlling 1212, the call agent network layer routes the call containing the application payload. When the node controlling 1212 is reached, the Call Control Layer in that node detects that a payload exists (but not the full nature of the payload) and routes the payload to the MWI “server” within that node.
Hence, in a fundamental way, feature-to-feature communication in a QSIG network parallels client-to-server communication in an IP network. In both systems, an application wants to communicate information to another application. In both systems, the applications have network addresses—IP addresses in the case of data networks, numeric directory numbers in the case of QSIG. In both systems, applications stuff their information into envelopes on which the network address of the peer application is written. And in both networks, the underlying network layer in each network looks at the destination address specified and routes the information independent of the payload. As in the data network depicted in Figure 4-6, the applications don’t care how information gets from end to end, and the routers don’t care what application information is in the envelope. In Figure 4-8, the PINXs hosting the MWI client and server don’t really care how the information gets through the PISN, and the PINX in the middle doesn’t really care what application information the message contains. While in an IP network there are many pure applications that don’t perform routing functions, in QSIG the PINXs typically have both application and routing roles, although these roles can be thought of as distinct. Figure 4-9 shows an abstraction of a TCP packet and a QSIG “packet.”
Although there’s a philosophical similarity between IP networks and QSIG networks, there are also several significant differences. In an IP network, connection establishment is normally done as a completely independent step. After the connection has been established, peer applications can exchange information.
In QSIG, many features occur while the connection itself is being established. For instance, in a forwarded call, the recipient of the call wants to know the caller information and the original destination of the call while the call is being offered, not when the call is answered. As a result, application information is typically not present in an IP network on the messages that establish an end-to-end data connection (via TCP, for instance). In QSIG, however, application information, or application protocol data units (APDU), can be present on the Q.931 messages that establish (SETUP) and tear down (DISCONNECT) connections, as well as many that happen in between (ALERTING, CONNECT).
When QSIG needs to communicate information on an already existing connection, it uses a specially defined message called FACILITY, whose sole purpose is for the communication of application-to-application information.
In an IP network, the predominant models for application interactions are client/server or peer to peer. In QSIG, there tends to be at least one feature agent per participant in a feature interaction. So, while message waiting features are client/server, a call transfer relates a transferee, a transferor, and a transfer destination. Therefore, the QSIG flow involves communication between three agents, each of which represents one participant in a call.
In an IP network, most connections are purely data related.
In QSIG, most connections occur for the purpose of voice communications between the endpoints involved. For example, when a transfer completes, users have the expectation not only that they can see who they are talking to (the data information of the call) but also that they can converse over media channels reserved as part of call establishment.
Therefore, QSIG supports a few models for delivery of APDUs:
Connectionless—. Sort of the QSIG analog to UDP, this method uses the FACILITY message to deliver information from one PINX to another PINX without actually establishing a connection. APDUs delivery is not guaranteed end to end. Almost no QSIG features use this type of delivery mechanism.
Connection-oriented, call independent—. The method used by the MWI example earlier—after all, the voice mail system doesn’t actually want to stream information to a listener. This method doesn’t actually set up any media channels between the sending and receiving PINX. Rather, the connection that exists between the PINXs is signaling-only, and communication is over the D channel between the PINXs.
Connection-oriented, call dependent—. The method used by the majority of PINX features, this method provides for delivery of both data relating to a call while setting up the media channels for the conversation.
Because QSIG relies on feature agents to accomplish feature operations, it permits a feature model that the traditional method of effecting features does not.
Figure 4-7 illustrated a traditional call forwarding scenario across an inter-PINX trunk. In the scenario, a call from a user on one PINX to a second user on another PINX that forwards to a third user on the first PINX causes a signaling and media hairpin.
With QSIG, it’s possible for a feature agent on the redirecting node (either the transferor or forwarder) to instead of extending a new leg in the forward direction to ask the feature agent that represents the redirected call (either the transferee or forwarded caller) to place the call to the destination directly. This pattern of redirection allows the redirected call to be established according to the most efficient path. For some features, QSIG offers one variant that relies on redirection to remove hairpins and refresh phone displays and another variant that simply guarantees display refreshes but does not perform the more complex hairpin removal. For instance, the call forwarding rerouting variant removes circuit hairpins, but the call forwarding switch variant does not.
In a circuit-switched network, it minimizes the number of circuits that must be used to handle redirected calls. In a packet-switched network, media tends to flow directly from end to end. However, even VoIP call agents sometimes introduce devices that intercept and forward media (for example, MTPs, which Chapter 5 describes). QSIG features that use rerouting can eliminate redundant MTPs from the media path.
This rerouting pattern introduces routing complexity. For instance, in Figure 4-7, if Bob is used to dialing Charlie’s number differently from the way Alice does, when Alice’s PINX is asked to reroute the call, the call might misroute. Chapter 2 covers such routing scenarios in more detail.
CallManager supports the QSIG protocol (both the ISO and ECMA 2 variants) over gateways that run MGCP. In addition, CallManager supports QSIG between CallManager clusters using a technology called QSIG tunneling, which H.323 defines in Annex M1.
Table 4-8 lists the QSIG features that CallManager supports, the type of QSIG connections used (connectionless, connection-oriented call dependent, connection-oriented call independent), and whether the feature incorporates rerouting.
Table 4-8. Supported QSIG Features
Feature | Connection Type | Reroute? | Function |
|---|---|---|---|
Path replacement | COCD | Yes | Eliminate signaling and media hairpins after a call forward (switch variant) or call transfer occurs. |
Call transfer | COCD | No | Communicate new connected party information after a call transfer occurs. |
Call forward (switch variant) | COCD | No | Communicate new connected party information after a call forward occurs. |
Call forward (rerouting variant) | COCD | Yes | Effect a call forward by asking the originating PINX to place a call to the destination on behalf of the forwarded party. This feature only kicks in if CallManager determines that the destination party is on another node and if you enable the service parameter Forward By Reroute. |
Message waiting indicator | CICD | No | Allows voice mail systems to deliver message waiting for indications to devices connected to different PINXs from the voice mail system. CallManager allows systems to activate or deactivate the message waiting indicator but not to query the existing setting (a feature called interrogation). |
Call completion on busy Call completion on no reply | CICD and COCD | Yes | Allows a user on one PINX who receives a busy signal or no answer from a user on another PINX to monitor the status of the called user and get prompted to place a call to the called user when he or she becomes available. |
Calling line presentation and restriction Calling name presentation and restriction Alerting name presentation and restriction Connected line presentation and restriction Connected name presentation and restriction | COCD | No | Present the name and number of the caller and ringing/connected party, while honoring privacy settings on the caller and called party. |
Appendix C provides detailed information about the APDUs for each feature.
Speaking in the most general terms, securing your VoIP traffic consists of setting up policies that ensure that the endpoints involved in communication are authenticated and authorized and that the information streams are kept private.
Authentication is the process whereby one network component (for instance, CallManager) validates the identity of another, such as a gateway or IP phone. Authentication can simply be one-way, in which case one component can trust the identity of the other but not vice versa. Authentication can also be two-way, in which case both components can be confident as to the identities of each other.
Authentication is quite important because it prevents issues that can arise when a network interloper impersonates an otherwise valid user. For instance, if Cisco IP Phones don’t authenticate CallManager or other network services, it is possible that they could be provided with the IP addresses of an interloper’s hacked CallManager. Calls from valid users could be routed via the compromised CallManager and maliciously redirected, or information relating to the numbers that valid users dial could be logged. On the other hand, if CallManager doesn’t authenticate the devices, an interloper could introduce his own device on to the network and steal phone service or, worse, impersonate a valid user and wreak mischief in the valid user’s name.
Authorization is the process whereby a network component defines what types of services that an authenticated component can access. For example, you can configure CallManager routing to provide long distance calls for certain valid users but not for other valid users.
Privacy is the process whereby communications between network components is secured from the scrutiny of unauthorized intruders. It prevents intruders from eavesdropping on conversations or capturing information such as dialed numbers from call attempts.
A secure network requires that authentication, authorization, and privacy be implemented at many layers in the network. Although Cisco IP Phones and gateways are IP devices that support various voice and video protocols, they are also fundamentally network devices. Therefore, in addition to the authentication, authorization, and privacy techniques that ensure that these devices are valid, authorized VoIP devices, for full security you must also implement security policies that allow you to secure the link layer of your network. Therefore, techniques such as 802.1x authentication allow you to ensure you admit only valid Ethernet devices to your Ethernet network, and techniques such as LEAP or 802.11i ensure that you admit only valid wireless devices to your 802.11 wireless LAN. This book, however, describes security only insofar as it relates to a device’s characteristics as a VoIP device, and, furthermore, it simply provides an overview of the techniques—implementing a secure network is a topic that can easily merit a book of its own.
As Chapter 1 indicates, any VoIP session consists of three phases. The call signaling and media control phases allow a caller to initiate a call with a called party and for both parties in the communication to exchange the information (IP address, IP ports, and media capabilities, among others). The media exchange phase consists of the actual exchange of encoded voice or video packets using Real-Time Transport Protocol (RTP). In a Cisco IP Communications network, CallManager manages the call signaling and media control connections from devices in the network, but media exchange is directly from device to device.
For connections to Cisco gateways, CallManager relies on IPSec, regardless of the VoIP protocol (H.323, MGCP, SIP) that CallManager uses to communicate with the gateway. IPSec is a set of protocols developed by the IETF to support the secure exchange of IP packets. IPSec both allows CallManager and the Cisco gateway to mutually authenticate each other and to ensure the privacy of the signaling stream via Data Encryption Standard (DES). You can find detailed instructions on how to configure IPSec between CallManager and Cisco Voice Gateways at the following link or search Cisco.com for “Configuring IPSec between a server and device”:
http://www.cisco.com/warp/customer/707/2000.html
CallManager provides authorization primarily through the policies that you administer in CallManager Administration. When CallManager can establish the identity of a device, it can associate the device with the network policies that you have specified for that device. For instance, calling search spaces enable you to define a routing policy on a device-by-device basis.
VoIP endpoints send media to each other using RTP as defined in IETF RFC 1889. The IETF standard RFC 3711 defines a set of extensions to this protocol that provides for sender authentication and media privacy.
CallManager 4.1 can help negotiate SRTP sessions only for some of its devices. Of the IP phones that CallManager 4.1 supports as of September 2005, only Cisco IP Phones 7940, 7941, 7960, 7961, 7970, and 7971 support the sending and reception of SRTP streams. Of the gateway devices, CallManager can help negotiate the SRTP stream only for gateways running MGCP. The IOS command mgcp package-capability srtp-package enables you to enable SRTP on a supported MGCP gateway.
SRTP currently works with CallManager 4.1 and gateways running Cisco IOS Software Release 12.3.11. The supported IOS gateways are as follows:
Cisco 2600XM
Cisco 2691
Cisco 2800
Cisco 3640A
Cisco 3660
Cisco 3700
Cisco 3800
Cisco VG224
Cisco network modules supported are as follows:
SRTP provides for privacy because it encrypts the payload using the Advanced Encryption Standard Counter Mode (AES-CM) encryption algorithm and signs the payload using the secure hash algorithm HMAC-SHA1.
The H.323 recommendation from the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) is an umbrella specification that defines how terminals, gateways, and gatekeepers provide communication services over packet-based networks. The specification is called an umbrella specification because it references other specifications for the call control, media control, and media coding and decoding specifications.
The protocols of interest in this chapter are as follows:
RAS
H.225
H.245
Audio codecs G.711, G.722, G.723, G.728, G.729a, and GSM
Video codecs H.261, H.263, and H.264
The call signaling phase of an H.323 call uses RAS and H.225. The function of the call signaling phase is to coordinate the offering and answering of a call between two parties. In addition to its functions related to call signaling, RAS provides messages to allow H.323 endpoints to associate themselves with network elements that can help with call routing and call admission control (which can prevent VoIP calls from overutilizing network bandwidth and degrading the voice quality of all calls). H.225 handles the basic call setup and teardown.
The media control phase of an H.323 call uses H.245. The function of the media control phase is to provide the endpoints with the information they need to send and receive properly encoded media streams to and from each other.
The media exchange phase of an H.323 call allows the speakers on either end of a call to exchange information. G.711, G.723, G.729a, and GSM are codecs that encode audio information, while H.263 allows an endpoint to encode and decode video information.
H.323 defines several network elements and several models for controlling calls. The most important of the network elements are endpoints and gatekeepers.
H.323 endpoints are the entities that place and receive calls, and the protocols are therefore designed for the establishment of sessions in between these endpoints. However, endpoints need not necessarily be user devices, but instead can serve as gateways from one type of network to another or even as just a protocol suite to another protocol suite.
H.323 gatekeepers are centralized points that fulfill an administrative role. They can aggregate endpoint registrations, provide a centralized call routing function for endpoints, and manage network resources to ensure that network bandwidth is not oversubscribed.
Figure 4-10 demonstrates three main control models for H.323 calls.
Note
This chapter doesn’t discuss two other models—one in which a direct-mode gatekeeper handles RAS but routes media through a proxy, and one in which the gatekeeper routes H.225, H.245, and the media through a proxy. Neither of these are common CallManager deployment models.
The peer-to-peer model includes no gatekeeper at all. Endpoints communicate directly with each other, first via H.225 to coordinate the establishment of a call and then with H.245 to establish the media flow between the two endpoints. The other models include a gatekeeper. Using a gatekeeper necessitates the use of RAS, which permits endpoints to locate gatekeepers to serve them, register with those gatekeepers, and, when calls are placed, to ask for permission to admit calls into the network. In the direct signaling model, endpoints communicate with the gatekeeper using only RAS for call admissions and, when it admits calls, the gatekeeper provides enough information to the endpoints for them to negotiate H.225 call signaling and H.245 media control signaling with each other. In the gatekeeper-routed call, endpoints communicate not only RAS but also H.225 and H.245 signaling to the gatekeeper. Certain gatekeepers may also route the actual media flow through themselves by controlling the H.245 addresses.
CallManager fits into the H.323 model as follows:
CallManager acts as an H.323 endpoint—. As previously mentioned, H.323 endpoints need not simply be user devices. Cisco IOS H.323 gateways, for instance, operate using VoIP protocols on their network interfaces and translate this signaling to activity on a circuit. Similarly, CallManager acts as an IP-to-IP call signaling and media control gateway to permit H.323 devices to communicate with non-H.323 devices such as SCCP endpoints. (Unlike Cisco IOS H.323 gateways, however, CallManager doesn’t terminate the media path.) Figure 4-11 shows the similar roles that Cisco IOS H.323 gateways and CallManager have.
In H.323, in many respects, H.323 endpoints are completely autonomous entities. For example, if one endpoint in a call is supporting a variety of circuit-switched interfaces, the other endpoint doesn’t see those interfaces. To it, the other endpoint acts as a black box.
From a configuration standpoint, this means that H.323 endpoints that act as gateways are call agents in their own right. In practice, this means that if you deploy Cisco IOS H.323 or other H.323 gateways, you must often configure call routing settings directly on both CallManager and the H.323 gateways that connect to it.
CallManager acts according to the peer-to-peer and direct signaling models—. In H.323, endpoints either signal each other directly or, via an H.323 gatekeeper, indirectly. Using CallManager Administration, you can configure static associations between CallManager H.323 trunks and other CallManagers and H.323 gateways—the peer-to-peer model—or you can configure CallManager H.323 trunks to allow a gatekeeper to provide routing and call admission control via RAS—the direct signaling model.
When the other end of an H.323 trunk is CallManager or a set of CallManagers, the connection is given the special term intercluster trunk. But, in fact, except for a few wrinkles in the media negotiation when CallManagers are connected via H.323 trunk, CallManager relates to other CallManagers as if they were H.323 gateways. (In the peer-to-peer model, you provision CallManager-to-CallManager trunks explicitly, so CallManager adjusts for the slightly different media signaling. In the gatekeeper models, CallManager automatically detects whether the other side is a CallManager and adjusts its signaling accordingly.)
One other distinction between intercluster trunks and IP trunks to gateways is that CallManager supports H.323 Annex M, which permits the tunneling of the QSIG protocol over H.323 connections. CallManager uses QSIG tunneling to provide better feature transparency between clusters. The subsection “QSIG” goes into more detail about QSIG.
Figure 4-11 and Figure 4-12 show CallManager using the peer-to-peer and direct signaling models to access both H.323 gateways and other CallManagers.
This section goes into more detail about the actual signaling exchanges that occur in RAS, H.225, and H.245, and describes the ways in which CallManager uses these protocols.
H.323 endpoints use the Registration, Admission, and Status (RAS) protocol to interact with H.323 gatekeepers. RAS provides the following functions for endpoints:
Gatekeeper location, provided via the GRQ, GCF, and GRJ messages
Endpoint registration and KeepAlive, provided via the IRQ, IRR, RAI, RAC, RRQ, RCF, RRJ, URQ, UCF, and URJ messages
Call routing, call admissions, and call clearing, provided with the ARQ, ACF, ARJ, DRQ, DCF, DRJ, LRQ, and LCF messages
Mid-call bandwidth adjustments, provided via the BRQ, BCF, and BRJ messages
The sections that follow describe each of these functions in more detail. Each section first describes the standards-supported methods and then describes how these standards are implemented in CallManager.
At the end of this section, “RAS Messaging Details” provides a detailed breakout of the RAS messages CallManager sends and receives.
Endpoints that need to be controlled via H.323 must first locate a gatekeeper with which to register. H.323 provides two methods by which H.323 endpoints can find a gatekeeper: manual discovery and automatic discovery.
In manual discovery, the H.323 is statically configured with the address of the gatekeeper that serves it.
In automatic discovery, an H.323 endpoint broadcasts the GRQ (Gatekeeper Request) message on multicast address 224.0.1.41. Gatekeepers in the network listening for such requests examine the specified address of the requestor (which can be either an alphanumeric alias or an E.164) and decide whether they want to serve the requesting endpoint. Gatekeepers that do want to be considered return a GCF (Gatekeeper Confirm) message; those that do not return a GRJ (Gatekeeper Reject) message or send no reply at all. Figure 4-13 depicts this procedure.
CallManager does not support automatic gatekeeper discovery. Instead, when you add a gatekeeper-controlled H.323 gateway or gatekeeper-controlled intercluster trunk, CallManager Administration allows you to specify the address of a primary gatekeeper that CallManager’s H.323 interface should register with.
When a gatekeeper-controlled H.323 endpoint learns which gatekeepers are available to control it, it chooses to register with one of them.
To register, an H.323 endpoint issues an RRQ (Register Request) message, which the gatekeeper responds to with an RCF (Register Confirm) message if it wants to accept the registration and an RRJ (Register Reject) message if it wants to deny the registration. The RRQ contains information that the gatekeeper uses to authorize inbound and outbound calls to and from the endpoint. For instance, a registration contains the IP and port information that callers should use when they attempt to establish an H.225 session with the registering endpoint.
RAS is a protocol that operates over UDP. Unlike TCP, UDP does not establish and maintain connections. As a result, it is possible for an endpoint to register with a gatekeeper and then disappear from the network. The gatekeeper needs some way of knowing when this event occurs.
When you configure CallManager with the address of your gatekeeper, you specify a few values. One of these values is a gatekeeper refresh timeout, which defaults to 60 seconds (Registration Request Time To Live field on the Gatekeeper Configuration page). To keep the gatekeeper informed that CallManager is still operating, CallManager periodically sends a lightweight RRQ as a registration keepalive. If the H.323 gatekeeper doesn’t receive a periodic refresh of the registration, it expires the registration of the endpoint.
Several other fields configured on the Trunk Configuration page in CallManager Administration come into play during registration:
Zone settings
Technology prefix settings
Device pool settings
The zone setting helps gatekeepers determine which H.323 endpoints they control. Cisco IOS gatekeepers only accept registrations for endpoints that register with zone information that the gatekeeper’s configuration has defined as local to it. If you are using a gatekeeper, you should assign each CallManager cluster in your enterprise its own unique zone.
The technology prefix is a routing-related setting that allows a gatekeeper to differentiate between groups of endpoints in the same zone. When an endpoint registers, it communicates both its zone information and its technology prefix, and the gatekeeper associates these values. The section “Admitting Calls” describes how zones and technology prefixes relate when a gatekeeper admits calls on to the network.
Like other CallManager devices, you assign device pools to H.323 trunk devices. Device pools, which contain CallManager group lists, normally control which CallManager nodes a physical device such as an IP phone attempt to connect to during registration. But CallManager’s H.323 trunks are built directly in to the software and therefore cannot possibly lose their connection to CallManager. What’s going on?
Like with physical IP devices, the CallManager list for H.323 trunks relates to redundancy. If, when you created an H.323 trunk, you created it only a single CallManager and statically associated it with either a gateway or a single CallManager in another cluster, calls between endpoints in your enterprise connected via the H.323 trunk will fail if a particular CallManager crashes. For example, in Figure 4-14, if either CallManager 1B or 2E fails, IP phones in cluster 1 cannot call IP phones in cluster 2.
Therefore, when a CallManager cluster comes online, each CallManager starts one instance of the H.323 trunk on each configured H.323 trunk that includes the CallManager in its device pool. This behavior provides redundancy, but in a different way depending on whether the trunk is peer to peer or gatekeeper controlled.
When the trunk is peer to peer, in addition to configuring a device pool, you also configure a specific list of up to three IP addresses to which the H.323 trunk should connect. Because CallManager creates one H.323 trunk instance per CallManager in the CallManager list and the trunk is configured with up to three IP addresses to connect to in another cluster, this creates a 3×3 meshed connection between the clusters, as depicted in Figure 4-15.
When a user in one cluster calls a user in the other cluster over a peer-to-peer H.323 trunk, two load-sharing strategies occur.
The first load-sharing algorithm relates to which internal trunk device the CallManager cluster selects for placing the outbound call to the other cluster.
When CallManager attempts to place a call on behalf of a user, CallManager may create the call on any node in the cluster (although it typically creates the call on the same node as the caller). If CallManager detects that an H.323 trunk to the caller’s destination trunk exists on the same node as the call, CallManager uses that local instance. If no such local instance exists, CallManager chooses randomly from the H.323 trunk instances selected by the call. Assuming callers are evenly distributed around the active nodes in a cluster, this strategy can provide an even load across the H.323 trunk instances that the CallManager nodes create.
After a given H.323 trunk instance has been given the opportunity to extend the call to the other cluster, a round-robin approach takes over. For each subsequent call, the H.323 trunk instance selects the next IP address in its list of remote CallManager nodes. This process tends to spread out the burden of incoming peer-to-peer H.323 calls. It’s important that H.323 trunks in the receiving cluster be configured on the appropriate CallManagers to ensure the outbound call is accepted.
When an H.323 trunk is configured as gatekeeper controlled, the device pool provides a similar load-sharing mechanism via a different method.
When, in a given CallManager, an H.323 gatekeeper-controlled trunk comes online, it looks to see whether the other H.323 trunks in its device list have come online. When registering with the H.323 gatekeeper, CallManager specifies each other online H.323 trunk in its device pool as an alternate endpoint.
When resolving a dialed address, the H.323 gatekeeper, instead of specifying just a single H.323 call signaling address in the admission response, specifies all addresses sent in the original registration, including the alternate endpoints. In conjunction with the load-sharing mechanism whereby CallManager selects either a local or a random outbound trunk, this allows an H.323 trunk to attempt to route a call to alternate destinations if the attempt to contact the primary CallManager fails.
With gatekeeper-controlled H.323 trunks, the gatekeeper is also a component that is subject to failure. Therefore, just as endpoints can specify alternate endpoints when registering (via RRQ), when an endpoint registers, an H.323 gatekeeper can specify alternate gatekeepers when accepting a registration (via RCF). If, when an H.323 trunk attempts to place an outbound call, it cannot contact its gatekeeper, it can contact one of the alternate gatekeepers provided on the original registration.
When confirming the registration and providing a list of such alternate gatekeepers, the H.323 gatekeeper can specify the requiresRegistration field. When this field is set, an H.323 trunk issuing a call must actually register with one of the alternate gatekeepers before asking the alternate gatekeeper to admit the call.
When a gatekeeper-enabled endpoint wants to place or receive a call, it first asks for permission from the gatekeeper via the ARQ (Admissions Request) message. Although the ARQ includes information about the calling party and the called party, this information is only indirectly related to the actual call establishment. Rather, the sending of the ARQ is primarily related to policy enforcement.
When deploying an H.323 gatekeeper with CallManager, admissions requests hinge primarily on two factors. First, H.323 gatekeepers permit you to configure a multiple-cluster route plan in a centralized place. Without a gatekeeper, if your deployment exceeds two clusters, configuring a route plan to route calls in between clusters requires quite a bit of redundant configuration, because you must manually provision routes from cluster to cluster.
Figure 4-16 demonstrates the redundancy when you use the peer-to-peer model in a network requiring three or more clusters. In this figure, directory numbers are scattered around the enterprise with no use of number blocks to help algorithmically route the call. As a result, when a directory number is added to one cluster, specific routes must be provisioned in the other two clusters to route the call. Although it’s certainly possible to manage such a deployment, the configuration isn’t ideal.
If you use a gatekeeper-routed model instead, you can configure routing so that all calls that a given cluster doesn’t know how to route locally query the gatekeeper, which has a centralized configuration containing all routable addresses for the enterprise. This configuration scales much better because instead of having to configure a given address once in CallManager and once each in every other CallManager cluster, you just need to configure the address twice, no matter how many clusters you have. Figure 4-17 demonstrates this technique.
As the section “Registering with a Gatekeeper” mentioned, zones also allow H.323 gatekeepers to set up policies related to endpoints grouped in a zone.
In particular, with IOS gateways, you can associate a certain amount of bandwidth that is available for calls to and from the zone. When you use gatekeeper-based call admission control, the gatekeeper tracks all gatekeeper-assisted H.323 calls and deducts a codec-based amount of bandwidth for each call placed between zones. When the bandwidth is exhausted, the gatekeeper permits no calls into or out of the depleted zone until one of the calls in the zone releases.
When an endpoint places a call, it provides the dialed address to the gatekeeper. The Cisco IOS gatekeeper compares these digits to the DN ranges assigned to each zone. For instance, assume cluster A manages directory number range 40000 to 49999, and cluster B manages directory number range 50000 to 59999. The following gatekeeper configuration allows the gatekeeper to understand the different numbering ranges:
zone local cluster-A cisco.com zone prefix cluster-A 4.... zone local cluster-B cisco.com zone prefix cluster-B 5....
If a caller dials 45555, CallManager’s gatekeeper-controlled H.323 trunk provides these digits to the gatekeeper. By comparing the dialed digits to the zone prefixes, the gatekeeper identifies the dialed address as being related to cluster A.
Upon identifying the zone, the Cisco gatekeeper looks for specifically registered endpoints in that zone. For instance, one could deploy a bunch of non-CallManager-controlled H.323 endpoints that specifically register their addresses with the Cisco gatekeeper.
When CallManager registers with a gatekeeper, it provides its zone information, but it does not provide any information related to specific endpoints; that is, CallManager does not register specific contacts for its SCCP phones, MGCP and H.323 gateways, route patterns, translation patterns, and so on. Instead, CallManager relies on a feature of the Cisco gatekeeper called the default technology prefix.
Normally, if the gatekeeper locates no specific registered contact, it rejects the call. But if you configure a default technology prefix with
gw-type-prefix 1# default-technology
then when no specific match is found, the Cisco gatekeeper looks for endpoints that have registered with the specified technology prefix (in this case, 1#) and chooses one of these endpoints to route the call to. In the example, the dialed digits 45555 would first bind to zone cluster A, then the gatekeeper would find no specifically registered alias, the gatekeeper would find its default technology prefix of 1#, and then the gatekeeper would offer the call to the H.323 trunks that registered in the cluster A zone with technology prefix 1#.
As a result, for intercluster routing, you’d configure the zone of cluster A’s H.323 trunks as cluster-A and its technology prefix as 1# and the zone of cluster B’s H.323 trunks as cluster-B and its technology prefix as 1#.
When users conversing over an admitted call finish their conversation, each H.323 endpoint notifies the gatekeeper of call termination via the DRQ (Disengage Request) message, which the gatekeeper accepts by sending a DCF (Disengage Confirm) message (and rejects by sending a DRJ [Disengage Reject] message, although it’s hard to conceive of a case in which a gatekeeper would do this in practice).
When configuring a gatekeeper with zone information, you can specify a maximum amount of bandwidth available for calls to and from that zone. When an H.323 endpoint asks the gatekeeper to admit the call to the network, it provides an amount of bandwidth that it wants the gatekeeper to grant. If the zone has been provisioned with a bandwidth limit, the gatekeeper compares the highest-bandwidth codec in the list of capabilities against the bandwidth available for the zone. If enough bandwidth is available, the gatekeeper admits the call.
Sometimes during a call, the codecs used by endpoints in a conversation can change. RAS includes the BRQ (Bandwidth Request) message to handle this event. If the gatekeeper wants to approve the bandwidth request, it issues a BCF (Bandwidth Confirm) message; if not, it returns a BRJ (Bandwidth Reject) message. If the bandwidth request is not granted, CallManager clears the affected call.
If the required bandwidth for an H.323 call changes during the call—for instance, if a phone in one region places the call on hold, and a phone in a different region retrieves the call—CallManager notifies the gatekeeper of the new information so that the gatekeeper can properly track the amount of network bandwidth available. Because an attempt to change bandwidth might get rejected and cause calls to drop, you must specifically enable bandwidth adjustment using CallManager service parameters.
Gatekeepers can also request that endpoints adjust bandwidth. If CallManager receives a BRQ, it responds with a BRJ.
The RAS message support provided by CallManager is the H.225 version 2 protocol. Refer to Appendix C for detailed information about specific fields in H.225 RAS messages.
H.225 is the protocol used in H.323 to actually offer a call to a destination. Unlike RAS, which is always supported over UDP, H.225 can run over UDP or TCP. CallManager supports H.225 over TCP but not UDP.
The default port for H.225 call signaling is well-known port 1720, although CallManager allows you to configure this per each H.323 device.
If multiple H.323 devices are configured with the same port, it would seem logical that CallManager could not reconcile messages from different H.323 endpoints. However, when accepting inbound H.225 messages from a given IP address, CallManager examines the source IP address to determine to which inbound trunk the message is inbound. CallManager delivers the inbound H.225 message to the H.323 trunk you’ve configured that specifies the sender’s IP address as its peer. However, this limitation does prevent you from specifying two different peer-to-peer H.323 trunks to the same IP address, which you might want to do if you want to take advantage of trunk-level policy settings such as calling search space or CallManager locations.
CallManager gatekeeper-controlled H.323 trunks act differently. When CallManager instantiates these trunks, it dynamically selects a port for receiving inbound messages and, when registering the trunk with the gatekeeper, provides the gatekeeper with this trunk value. As a result, with gatekeeper-controlled trunks, you can set up multiple H.323 trunks to apply different CallManager policy settings for different inbound calls. Similarly, when CallManager attempts to have a call admitted on to the network, one of the values that the gatekeeper specifies in the ACF message is the IP address and port to which CallManager should send the outbound call offering message.
When using gatekeeper-controlled trunks, you can specify one H.323 trunk that listens on port 1720. The service parameter Device Name of GK-controlled Trunk That Will Use Port 1720 enables you to specify the name of the gatekeeper-controlled H.323 trunk that listens on the well-known port. This can guarantee that H.323 endpoints on the other side of firewalls can still communicate with CallManager, because using dynamic ports might require that a firewall administrator unsecure more ports than are needed for processing H.323 calls.
Figure 4-18 presents the steps involved in call establishment via RAS and H.225.
In Figure 4-18, a non-H.323 caller composes the address of a called party and provides the information to CallManager, whose routing tables indicate that the call should be offered out an H.323 trunk.
If the trunk is gatekeeper-enabled, CallManager first asks for permission from the gatekeeper to place the call. The gatekeeper examines the dialed address (possibly transformed by CallManager), possibly checks to see whether there is enough bandwidth to admit the call based on the caller’s specified codec, and then admits the call, providing CallManager the IP address and port to which it must issue the call request.
After the gatekeeper (if one exists) grants permission, CallManager issues a call setup request to the selected gateway on the appropriate IP address and port. In some cases, this setup includes information about the media addresses of the caller, a process called fast start. H.245 describes the media processes related to fast start more extensively.
If the receiving H.323 gateway or CallManager is gatekeeper-controlled, it also queries the gatekeeper, this time to ask permission to receive a call. If such permission is granted, the receiving H.323 endpoint can present the caller to the called user. In the case of the trunk devices this chapter describes, the gateway is likely to issue a call setup request of its own to the connected network.
Assuming the receiving endpoint considers the address complete, it notifies CallManager with a PROCEED message. In many cases, this first backward message contains information about the receiving endpoint’s media information to enable CallManager to begin setting up media channels for conversation. This approach, called early media, helps ensure that after the called party answers none of her speech is dropped or “clipped” because no end-to-end media path has yet been established.
When the terminating network offers the call to the called party, it sends some sort of alerting indication (which varies according to the nature of the terminating network) to the receiving endpoint, which sends an H.225 ALERTING message to CallManager. This message allows CallManager to instruct the related gateway to provide ringback to the caller.
When the called party answers, the terminating network sends some sort of answer indication (which varies according to the nature of the terminating network) to the receiving gateway, which sends an H.225 CONNECT message. If media is not yet established between the caller and called party, the CONNECT message causes CallManager to issue the H.245 control messages needed to establish media.
After all media information has been exchanged, the two parties can converse. When one hangs up—in this case, the called party—the receiving gateway receives disconnection information, and issues an H.225 RELEASE COMPLETE message to CallManager. If the receiving endpoint and CallManager are gatekeeper-controlled, they issue DRQ messages to the gatekeeper to notify it of call termination.
Upon receiving RELEASE COMPLETE, CallManager starts tearing down the media channels between caller and called party, and the call concludes.
The call signaling protocol that is supported in the H.323 protocol umbrella is H.225. H.225 includes the call signaling messages and the RAS messages. This section covers the specific details of the call signaling messages.
H.225 messages follow the ITU-T Q.931. In H.225, the user-user information element (UUIE) conveys the H.225-related information. The H.323 user information protocol data unit (PDU) is ASN.1-encoded. The ASN.1 is encoded using the basic aligned variant of the packed encoding rules as specified in X.691. The ASN.1 structure begins with H323-UserInformation.
Tables in Appendix C list each H.225 message and provide the specific fields of the H.225 call signaling messages that CallManager exchanges with an H.323 gateway or CallManager H.323 trunk (GW in table). See Appendix C for more information.
H.245 is the protocol used in H.323 to allow endpoints to coordinate their media.
Originally, in H.323, H.225 controlled just the actual mechanics of call offer and answer, and then H.245 took over to permit the exchange of media information. This approach sometimes led to clipped speech, so a procedure called fast start was defined.
Before learning about fast start, you need to understand the purer H.245 flows.
Like H.225, H.245 signaling occurs over a TCP session. Four major types of events occur over an H.245 session:
Determination of which side of the H.245 is the master and which is the slave—. This assignment of roles allows the protocol to deal with glare conditions within the protocol and doesn’t directly relate to the media session itself.
Exchange of capabilities—. This event permits the endpoints in the conversation to choose a media encoding method that they can be confident that the other side supports. Although CallManager can be configured to insert special devices called “transcoders” (discussed in Chapter 5) into a conversation between two parties that don’t otherwise share a common codec, direct end-to-end media streams are preferable.
Exchange of streaming IP address and port—. This event tells the endpoints where to send their encoded media stream.
Mid-call button presses for interaction with connected services—. Connected services include services such as voice mail and interactive voice response (IVR) units.
One of the functions of RAS in the gatekeeper-controlled model was to provide to the calling H.323 endpoint the IP address and port with which it should attempt to establish the H.225 session (TCP or UDP).
Similarly, one of the functions of the H.225 session is to provide the endpoints, both calling and called, with the IP address and port to which the H.245 session (TCP) should be established. In H.225, the caller generally provides the address to which the called party should send H.245 control messages on the SETUP message; the called party provides the address to which the calling party should send H.245 control messages on one of the following backward messages:
PROCEED
ALERTING
CONNECT (or PROGRESS)
In the backward direction, the earlier this information is communicated, the earlier the end-to-end media connection can be established.
Finally, one of the functions of the H.245 session is to provide the endpoints with the IP address and port to which the actual encoded media should be sent (Real-Time Transport Protocol [RTP] headers, wrapped in UDP packets).
Because CallManager wants to be involved in the signaling session and the media control session but not the exchange of media, CallManager constructs the messages so that the signaling and media transport addresses point to it but the actual media addresses are those of the endpoints. Figure 4-19 demonstrates this progression.
Figure 4-20 illustrates a full H.245 message exchange between two H.323 endpoints.
Because H.323 decouples the media control signaling from the call signaling, it provides a way for endpoints to change bandwidth mid-call, to add new channels of information to an existing call (such as video or application collaboration), or to renegotiate codecs mid-call.
The ITU specification H.450 defines a framework by which H.323 endpoints can provide call-related features such as transfer, call completion, call forwarding, and others. CallManager does not support this standard. Nevertheless, H.323 endpoints can participate in features in three ways:
CallManager supports the carriage of hookflash and dialed digits through the H.245 userInfoIndication field. This allows H.323 endpoints to interact with IVRs, voice mail systems, and so on.
Many CallManager features operate solely through the use of established calls. Although an H.323 endpoint cannot park a call, because the version of H.323 CallManager supports does not give CallManager a way to detect that the H.323 endpoint wants to invoke a feature, an H.323 endpoint can retrieve a parked call, because this operation requires only that an endpoint be able to offer a call containing the address of the park code.
H.323 endpoints can passively participate in features invoked via Cisco IP Phones via support for mid-call renegotiation of capabilities. H.323 requires that endpoints suspend sending media when they receive a mid-call request to select a new codec from an empty list of codecs. This capability is termed empty capability set support. What it means is that although an H.323 endpoint doesn’t have a way to initiate a transfer or hold or other mid-call feature, if an IP phone that the H.323 gateway is talking with initiates such a feature, the gateway’s media stream can be temporarily suspended while CallManager acts on the IP phone’s feature request. CallManager uses this capability to effect features such as hold and transfer.
Figure 4-21 demonstrates how CallManager uses the empty capability set to effect a call park and call park retrieval.
In Figure 4-21, 2000 parks a call from an H.323 gateway. CallManager tells the gateway that 2000 supports no codecs, which the gateway interprets as a requirement to suspend sending media to 2000. (As part of the park operation, CallManager also tells 1000 to cease sending media to the gateway.)
When 1000 dials the park code to retrieve the call, CallManager begins another H.245 media control session with the gateway. The H.323 gateway and 1000 exchange codecs via CallManager and, as part of the coordination of the media streams, CallManager provides the gateway the IP address and port to which it should send media and vice versa.
Not all H.323 endpoints support the receipt of empty capability sets. When configuring CallManager to support one of these gateways, you must configure the H.323 trunk to use a media termination point (MTP). The MTP is a device that CallManager can insert into a call to insulate endpoints from incompatibilities between each other’s media control processing, to provide dual-tone multifrequency (DTMF) relay, and to provide call progress tones. Chapter 5 goes into more details about MTPs.
One charge levied against H.323 is that it can cause clipping—the loss of the first few seconds of a voice conversation (often the important first words “Hello?”) because media negotiation occurs in a completely separate phase from the actual call establishment.
With the use of fast connect (also called fast start), H.323 allows endpoints to embed information about the IP address, port, and codecs that they want to use for a particular conversation in the H.225 messages actually used to place the call. CallManager can respond to and forward fast start requests that it receives.
Fast start can speed the establishment of a conversation and avoid clipping. However, because mid-call feature invocations don’t generate H.225 events, the full H.245 media renegotiation of necessity must occur. As a result, although the media channels related to initial call setup can occur quickly, media resumption can sometimes take longer when calls are transferred, retrieved from hold, retrieved from park, or the calls are the subject of other mid-call features. Normally, this isn’t an issue. When receiving calls, users are conditioned to immediately answer with a “Hello,” but users generally have fewer ingrained expectations when a mid-call feature is invoked.
MGCP was defined by the IETF in RFC 2705. Many companies, including Cisco, have chosen to support the IETF draft and have interoperability among products.
MGCP is a text-based protocol, which means that, given the raw data used to encode an MGCP message, if your computer were asked to print it, you could read the message. In contrast, H.323 is binary-based, so printing raw Q.931 messages results in a string of gobbledy-gook punctuated with entertaining beeps.
Unlike H.323, which is a peer-to-peer protocol, MGCP is more like a client/server protocol. MGCP is based on the concept of a Media Gateway Controller (MGC). The MGC serves as the call signaling and media control signaling intelligence for gateway devices (termed “endpoints,” as in H.323) that are essentially slaves to the MGC. Gateway devices terminate circuit-switched signaling interfaces and, via MGCP, provide a set of primitives whereby the MGC can establish, modify, and tear down media, as well as receive rudimentary call-related signaling and feature invocations.
Therefore, MGCP is quite different in philosophy from H.323. While H.323 defines a protocol by which quite intelligent, self-contained endpoints can communicate, MGCP provides a protocol that pushes many call-related decisions to the MGC. On one hand, this reduces the amount of duplicate configuration needed—with an MGCP gateway, CallManager provides the call routing intelligence, while with a Cisco H.323 gateway, you must configure dial peers to handle the routing of circuit-switched calls to the packet side and vice versa.
On the other hand, MGCP gateways are like every other VoIP device that CallManager controls. While each CallManager endpoint supports a variety of call signaling (SCCP, MGCP, H.225, SIP, SGCP) and media control (SCCP, MGCP, H.245, SDP, SGCP) protocols, when the call is finally established, endpoints encapsulate the media using RTP.
MGCP commands are the interface whereby CallManager receives basic signaling notifications from MGCP gateways and directs the gateway to establish, modify, and tear down media connections.
The gateway communicates these notifications and CallManager sends these commands using User Datagram Protocol (UDP).
Table 4-9 summarizes these commands, which fall into three classes:
Event triggers and notifications enable CallManager and the MGCP gateway to communicate call signaling events. The events communicated are sufficient to support such analog interfaces such as FXO and FXS, but not digital interfaces.
Media establishment, modification, and teardown commands enable CallManager to manage connections on the gateway’s IP interfaces to establish VoIP calls between the gateway and other VoIP devices.
Restart- and failover-related messages enable CallManager to manage the gateway during registration and determine the state of existing calls when the gateway has lost its connection to a primary CallManager.
Table 4-9. MGCP Command Summary
Command Code | Command | Description |
|---|---|---|
Event Triggers and Notifications | ||
RQNT request | Requests gateway to send notifications of specified events such as off-hook events and digit keypresses. | |
NTFY | Notify | Allows a gateway to report the occurrence of the requested events. |
Media Establishment, Modification, and Teardown Commands | ||
CRCX connection | Requests the gateway to create a connection to another endpoint. | |
MDCX | Modify connection | Modifies the characteristic of an existing gateway connection. |
DLCX | Delete connection | Deletes a gateway connection. |
Restart- and Failover-Related Messages | ||
AUEP of an endpoint, including connection state, codecs, and so on. | ||
AUCX | Audit connection | Audits a connection to get the call ID. |
EPCF | Endpoint configuration | Specifies the encoding of the signals an endpoint receives. For example, in certain international telephony configurations, some calls carry μ-law-encoded audio signals and others use A-law. |
RSIP | Restart in progress | Allows a gateway to notify CallManager that a restart has occurred. |
MGCP is designed primarily for managing media. The word, after all, is part of the protocol’s name. The signaling primitives aren’t inherently powerful enough to communicate the information that circuit-oriented digital protocols such as Q.931 provide.
As a result, Cisco MGCP gateways running circuit-switched digital protocols such as PRI rely on a practice called backhauling. Although MGCP gateways that support digital interfaces do terminate the ITU-T Q.921 protocol (which ensures message integrity over the trunk itself), rather than terminate the call signaling protocol these gateways simply pass the Q.931 messages to CallManager for processing.
Figure 4-22 compares the practice of backhauling in MGCP versus the architecture of H.323. In H.323, the H.323 endpoint serves as a gateway for the media, for the media control signaling, and for the call signaling. In Cisco MGCP gateways, however, the gateway serves as a gateway for just the media (RTP on one side/circuit-switched media on the other) and the media control (MGCP on one side/Q.931 bearer negotiation on the other), but not for the call signaling, which is negotiated directly from the MGC to the circuit-switched network. (In contrast to the Layer 3 signaling, the gateway does terminate the Layer 2 signaling.)
Figure 4-23 demonstrates the signaling that occurs when CallManager receives a call from an MGCP FXS/FXO gateway. In this diagram, all messages are MGCP. All MGCP messages have acknowledgement messages. This message flow diagram eliminates acknowledgement messages in the interest of brevity, with the exception of one: the arrow labeled “200 c = IN IP4 10.83.129.8 m = audio 16396” indicates the successful receipt by the gateway of the CallManager’s command to create a connection and provides the IP address and port to be used for the media.
Figure 4-24 demonstrates the signaling that occurs when CallManager receives a call from an MGCP PRI gateway. This diagram contains a mixture of MGCP and PRI signaling and omits most MGCP acknowledgement messages. Backhauled signaling passes through the gateway either from or to the right side of the figure.
MGCP gateways register with CallManager based on their gateway configuration information. Once the gateway determines the IP address of CallManager, it establishes a TCP connection with CallManager for the purpose of sending backhauled Q.931 messages and sends a registration request.
If an MGCP gateway loses its connection to CallManager, there might be several calls in progress on the gateway. CallManager supports a feature called call preservation, which allows users on established calls to continue conversing. Though gateways and other endpoints must have connectivity to CallManager to establish calls, once the call has been answered, the signaling and media control channels are not actively used. By default, call preservation is available only for Cisco MGCP gateways, because the H.323 standards require existing calls to clear if the H.225 or H.245 connection is lost. However, you can override this behavior in Cisco IOS gateways using the no h225 timeout keepalive command.
Cisco MGCP gateways backhaul their Q.931 signaling, but not their Q.921 signaling. As a result, if the connection from the gateway to CallManager drops, the circuit-switched side of the call need not be aware. Because, in VoIP, media streams directly from one endpoint to another, if an MGCP gateway loses its connection to CallManager for an already-active call, rather than clear the circuit-switched connection it can leave its connection up and continue to send and receive media on the IP side. When the circuit-switched side hangs up, or when the gateway begins receiving ICMP “destination unreachable” or “port unreachable” message on its IP media connection(s), the gateway can free up the circuit resource. When an MGCP gateway loses its connection to CallManager, the gateway automatically clears calls that have not yet reached an active state.
Until the gateway reregisters, unused channels on the gateway are unavailable to place or receive calls, because MGCP relies on a VoIP signaling connection to CallManager. Conversely, if the gateway immediately reregisters, it must have some way to inform its new CallManager which channels are in use; otherwise, CallManager might attempt to offer a new call to one of the circuits already in use.
So when an MGCP gateway loses its connection, it sends the Restart in Progress (RSIP) message to its backup CallManager. If the MGCP gateway is supporting an FXS/FXO or T1-CAS interface, CallManager responds with a Notification Request (RQNT), requesting to be notified of off-hook events from each configured endpoint on the MGCP gateway. CallManager then sends Audit Endpoint (AUEP) messages to each channel the gateway manages, and the gateway responds with the idle, busy, and out-of-service status of each endpoint. Once initialized, the MGCP gateway maintains existing calls and starts the initialization sequence with the tertiary CallManager node in the case of a failure of the secondary while simultaneously monitoring the connection to the primary CallManager so it can reregister should it become available again. After the gateway sends the registration to CallManager, CallManager creates a device process to handle the gateway communication and then informs the device manager process of the gateway registration. The device manager propagates the device registration information to all CallManager servers in the cluster so that the route list information is accurate for all CallManagers in the cluster. The gateway is available to place and receive calls again.
Session Initiation Protocol (SIP) is a text-based protocol used for multimedia communications over IP networks. SIP provides a framework for establishing voice and video point-to-point communications, conferencing, and text messaging. CallManager currently supports SIP to other call agents over its SIP IP trunk interface.
SIP is defined in IETF RFCs. RFC 3261 defines the basic set of rules that SIP entities must conform to. However, a host of other RFCs and drafts exist, and SIP entities generally implement some combination of the drafts listed in Table 4-10.
Table 4-10. Partial List of SIP-Related Protocols
RFC | Description |
|---|---|
2327 | Session Description Protocol |
2543bis4 | Original definition of SIP, superseded by RFC 3261 |
2833 | RTP Payload for DTMF Digits, Telephony Tones, and Telephony Signals |
3261 | Session Initiation Protocol |
3262 | Reliable Provisional Responses |
3264 | Offer/Answer Model for the Session Description Protocol (SDP) |
3265 | SIP-specific event notification (SUBSCRIBE/NOTIFY) |
3311 | SIP UPDATE method |
3515 | SIP REFER method |
SIP shares a familial resemblance to both Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP), which are both fundamental protocols used on the Internet—the former for World Wide Web communications and the latter for e-mail.
HTTP, SMTP, and SIP messages all consist of two major parts:
A header section—. Contains many individual header fields that web servers, e-mail servers, and SIP entities use to fulfill the requirements of their respective protocols
A body section—. Contains the payload information that HTTP, SMTP, and SIP endpoints actually attempt to render for the user
In the case of HTTP, the payload is most often HTML, the basis for web pages. In the case of SMTP, the payload is generally text-based e-mail, although graphical and audio content can also be provided via Multipurpose Internet Mail Extensions (MIME). In the case of SIP, the payload is generally Session Description Protocol (SDP), which, as should be familiar now, allows VoIP endpoints to negotiate IP addresses and ports for media communications using specific codecs.
SIP request and response messages are detailed in Appendix C.
SIP divides the functions required for establishing sessions among several different types of elements. SIP strives to adhere to the end-to-end principle of the Internet, in which core elements serve the role in routing messages on behalf of smart elements at the edge of the network.
SIP defines the following entities:
User agents (UA) are the edge elements that participate in sessions. IP phones, IP-to-circuit-switched gateways, and conferencing servers are all examples of SIP UAs.
A SIP UA actually consists of two independent components—a user agent client (UAC) and a user agent server (UAS). Using SIP methods such as INVITE or SUBSCRIBE, UACs initiate sessions with SIP UASs, which issue responses to these messages. In the case of VoIP, because most devices both place and receive calls, VoIP endpoints provide both a UAS and UAC function.
Registrars serve as repositories for SIP addresses and provide a lookup function that the SIP core can use to locate SIP UAs. SIP uses Internet-style Uniform Resource Identifier (URI) addressing, in which addresses can appear in the form user@domain or user@IP address (a sip: or sips: URI) or as a more traditional number (a tel: URI).
Redirect servers are core elements that provide address translation services. When contacted by a UAC, redirect servers rewrite the address that the UAC is trying to contact and ask the UAC to contact this alternate destination (or destinations).
Proxy servers are core elements that provide routing services. Although proxies can modify the SIP requests that they handle, they must do so according to rigorous rules defined in RFC 3261 (among others).
CallManager’s SIP IP trunk serves as a signaling and media control interface to non-SIP–based devices such as SCCP IP phones, H.323 gateways, and MGCP gateways. As a result, CallManager is a SIP UA with both UAC and UAS functions.
Many call agents, CallManager included, can receive calls via one SIP interface and route calls out a different SIP interface. Unlike a SIP proxy, however, whose role primarily relies on transparent routing of SIP methods from endpoint to endpoint and whose function is to establish a single end-to-end session between the originator and its target, such call agents maintain two independent sessions, one from the originator to the call agent and one from the call agent to the target. This type of function is called a back-to-back user agent (B2BUA), and, when routing a call from one SIP interface to another, CallManager also fulfills this role.
SIP is a transactional protocol. UACs issue certain methods that UASs issue responses to. Some responses are provisional and simply indicate that a given transaction is in the process of being handled. One provisional response is “180,” for example, which simply indicates that the session target is being alerted. Other responses are final and terminate the transaction, typically either because the session was established (via a “200” message) or because the session could not be established.
SIP methods are not simply calls. For example, although an INVITE method might establish a voice call, it could also establish a data collaboration session. A SUBSCRIBE method doesn’t establish a user-to-user communication session at all, but rather allows one UA to receive periodic notifications about the activities of another UA (or UAs). These notifications can relate to whether the target UA is establishing sessions of its own, whether the user of that UA is prepared to converse, or for several other purposes.
Table 4-11 indicates several different methods defined in SIP, the RFCs that define them, and a short description of their function.
Table 4-11. SIP Methods
Method | RFC | Description |
|---|---|---|
INVITE | 3261 | Establishes a session (typically voice) between the UAC and UAS. |
ACK | 3261 | Confirms establishment of a session between a UAC and UAS. |
BYE | 3261 | Terminates an established session between a UAC and a UAS. |
REGISTER | 3261 | Informs a registrar of a UA’s contact addresses. |
OPTIONS | 3261 | Allows a SIP element to find out the capabilities of another SIP element. |
CANCEL | 3261 | When an INVITE is forking to multiple called parties (due to find-me-follow-me or shared line appearances) allows the UAC or intervening SIP proxy to “un-offer” the call. |
PRACK | 3262 | Allows a UAC to confirm receipt of a provisional response. |
SUBSCRIBE | 3265 | Allows a UAC to receive periodic state notification from a UAS. |
NOTIFY | 3265 | Notifies a subscribed UAC of the state changes of a particular UA. |
UPDATE | 3311 | Allows mid-session changes to the session’s profile. |
REFER | 3515 | Allows a UA in an established session to redirect the session to another UA, typically as part of a call transfer operation. |
Currently CallManager supports only the following methods:
This list of methods permits CallManager to place basic calls but does not support call transfers initiated by SIP UAs contacted via the SIP trunk, to process MWI notifications delivered by SIP voice mail servers, or to process for general subscriptions (for presence or for call creation information) sent by SIP applications. Figure 4-25 illustrates a typical call flow between a UAC and a UAS.
In Figure 4-25, the caller issues an INVITE method to the target UAS. The INVITE method includes, in the body section of the message, a description of the type of session that the caller wants to establish, encoded in Session Description Protocol (SDP). The SDP indicates the IP address, IP port, and codecs that the caller wants to use for the destination. By specifying different SDPs, the caller can select different codec types (for voice or video or data collaboration), and by changing the body type to something entirely different, the caller can, in theory, establish a completely different type of session. The UAS of the SDP must accept at least one codec offered by the UAC, although it may also include additional codecs that it supports.
The target UAS receives the INVITE and wants to process it, so it first sends a “100 Trying” message, followed by a “180 Alerting” message when it rings the user and a “200 OK” message when the user answers. The “200 OK” doesn’t actually map directly to an answer message like CONNECT in Q.931, but instead indicates that the target has decided to establish the session requested by the initial method, in this case an INVITE. The “200 OK” message contains the SDP for the target. Having exchanged media information, the UAC and UAS can begin sending media to each other.
The ACK method informs the UAS that its “200 OK” message was received, and conversation begins. At this point, and unlike other voice protocols, any proxy servers that have previously routed the call need not maintain any more state information. The transaction that was started with the INVITE method has completed.
When the caller hangs up, the UAC purges the call by beginning another transaction. The BYE method allows a UAC to clear an existing session. The target UAS sends a “200 OK” message to confirm the session termination.
The call flow in Figure 4-25 represents a pure peer-to-peer SIP flow, but CallManager usually processes the call a little differently for three main reasons:
Mid-call button presses
Mid-call features
Mid-call tones
Users often need to press keypad digits during a call to interact with telephony devices such as voice mail and IVRs. In the analog world, handling such events was reasonably straightforward. Terminal equipment converted the pressed button into a pair of pure tones that were simply played simultaneously directly into the voice channel. This encoding scheme is called dual-tone multifrequency (DTMF), and it is simply the tones that you might associate with touchpad dialing.
In the analog world, vendors placed tone detectors in the media path that listened for such tones and converted them into the appropriate menu selection.
In the digital world, things are more complicated. Several signaling paths exist that were not strictly available in the analog world. ISDN provides the capability for end equipment to place mid-call keypad presses in the signaling channel—thus bypassing the actual media channel entirely. H.323 provides a channel in the H.245 media control channel. Furthermore, with SIP, the encoding scheme comes almost full circle in that tones are encoded in the media channel—not as a traditional media payload itself, mind you, but as a special payload that communicates a signaled event. This encoding scheme is defined in RFC 2833.
Historically, Cisco IP Phones provide for tones encoded in the signaling channels but not via RTP. As a result, when CallManager needs to interwork Cisco IP Phones with SIP UAs that expect AVT tones, some conversion is required. However, CallManager is not part of the media path.
Furthermore, as the section “H.323” mentions, mid-call media breaks and media makes caused by features can be confusing to some VoIP endpoints. In the case of H.323, the introduction of an MTP allows endpoints that might not otherwise be capable of receiving an empty capability set to passively participate in features.
Finally, features such as transfer might require that a previously connected UA needs to revert to listening to some mid-call tone. For instance, if Alice calls Bob, Bob might choose to initiate a transfer. If Bob calls Charlie and completes the transfer while Charlie is ringing, Alice needs to hear ringback. After the call has been connected, however, most SIP UAs only allow you to change the characteristics of the media session. They don’t necessarily allow you to suspend media and play some local tone. Therefore, if Charlie doesn’t have the capability to play inband ringing, then Alice might listen to dead air until Charlie answers.
In all three cases, CallManager uses an MTP to work around the problem. CallManager allows you to configure a SIP trunk to use an MTP. As a result, a typical SIP call placed through CallManager looks as described by Figure 4-26.
In Figure 4-26, CallManager provides not the IP port and address of the originator, but instead provides the IP address and port of a selected MTP. The MTP performs the necessary interworking of the following:
Empty capability set for mid-call feature invocations by the Cisco IP Phone
DTMF for RFC 2833 to signaling-band tones
Call progress tones when a Cisco IP Phone invokes mid-call features
Although the insertion of an MTP allows Cisco SCCP IP Phones to fully access all CallManager features, the limited set of methods supported by the SIP IP trunk prevents SIP UAs from invoking many features. However, such UAs can still access the following features:
Hold and resume
Call forwarding
Presentation and restriction of calling line, calling name, connected line, and connected name
The sections that follow detail these features.
In SIP, the hold and resume features are media-level events. An endpoint that initiates a hold request asks the far end to suspend streaming media to it while suspending streaming media to the far end, and an endpoint that initiates a resume request asks the far end to resume streaming media.
SIP carries the media characteristics of the session in the body section of SIP messages, encoded in SDP. On an established session, a SIP UA that wants to initiate hold issues a new INVITE containing the dialog identifier for the existing session. The method of issuing a new INVITE on an existing session is termed a reINVITE. This reINVITE specifies one of three values in the SDP:
An a-line that indicates that the UA wants to set the mode of the conversation to inactive (while retaining the existing IP address and port information for the RTP).
An a-line that indicates that the UA wants to set the mode of the conversation to sendOnly while retaining the existing IP address and port information for the RTP. Setting the mode to sendOnly allows the holding UA to potentially stream music on hold to the held party.
A c-line that temporarily sets the IP address and port information for the communications session to 0.0.0.0.
The resume operation is a nearly identical operation, except that instead of changing the mode to inactive or sendOnly or zeroing out the IP address, the retrieving UA restores the original media information.
MTPs enable UAs to invoke hold and retrieve. (The MTP also insulates SIP UAs from hold and retrieve operations from Cisco SCCP IP Phones.) When processing hold from a SIP UA, CallManager suspends only the SIP UA-to-MTP stream while retaining the media stream between the held party and the MTP. CallManager does not introduce music on hold in these situations.
SIP UAs can provide call forwarding functionality via the 3xx series of provisional responses. When receiving an INVITE, if a SIP UA wants to divert the call, it can send a “302 Moved Temporarily” message. The originating UA is expected to issue INVITEs to the destination or destinations specified in the response.
CallManager’s SIP trunk supports 302 and other 3xx messages. However, the processing for these messages occurs solely at the trunk itself—CallManager does not compare the redirection target against any provisioned phones, translation patterns, or route patterns. Instead, the SIP trunk consults DNS and issues the INVITE to the resulting IP address.
For a fairly long, awkward feature name, this set of features is really quite straightforward. It’s nothing more or less than caller ID and connected ID and your ability to decide whether the caller or called party gets to see the name, the number, neither, or both.
Calling and connected name describe the presentation of the name of the appropriate party, and calling and connected line relate to the phone number of the appropriate party.
SIP uses addresses in the form of user@domain, but just as in e-mail, the headers that contain this information provide you with the ability to indicate a display name. Therefore, if Alice is calling from 1000 in the cisco.com domain, the From: header of a SIP method might look like this:
From: "Alice" <[email protected]>
SIP addresses can occur in any number of SIP header fields, but for line and name ID services with CallManager, only three are relevant:
The From: header indicates the originator of a SIP transaction. This field is a basic RFC 3261 header. All SIP UAs support it. When receiving a call, some UAs will render the information in this header as the caller ID.
The To: header indicates the target of a SIP transaction. This field is a basic RFC 3261 header. All SIP UAs support it. When receiving a call, some UAs will render the information in this header as the caller ID.
The Remote-Party-Id header is defined in an expired IETF draft that will never become a standard. This draft defines a new header whose purpose is specifically for calling and connected line and name ID. Unlike the From: and To: headers, this header takes into account the privacy of the caller and called parties by defining URI tags to indicate how the destination UA should or should not render the information. Although this header is not a formal standard, it is a de facto standard in the industry and no fully baked standardized approach to calling and called party ID services currently exists.
As Chapter 2 describes, call restriction settings exist on route patterns, translation patterns, and the device pages. The accepted values of these presentation fields are Allowed, Restricted, and Default. If the gateway setting is Allowed or Restricted, this value takes precedence. If set to Default, the gateway level uses the setting on the route or translation pattern. (If the value on the route or translation pattern is also Default, the resulting value is whatever the caller provided.)
When encoding a line number in for caller or connected ID purposes, CallManager places the number in the user portion of the user@domain URI. CallManager encodes name information in the accompanying text description section.
The Remote-Party-Id header provides URI tags that allow a UA to indicate whether the name or number privacy should be honored. When the name is restricted but not the number, CallManager sets the privacy tag to name; when the number is restricted but not the name, CallManager sets the privacy tag to uri; and when both are restricted, CallManager sets the privacy tag to full.
Because the From: header permits no such tags, when the name is restricted, CallManager encodes it as “Anonymous”, and, when the number is restricted, CallManager doesn’t encode a user part at all.
Table 4-12 illustrates the possible encoding values from the From: and Remote-Party-Id headers.
Table 4-12. SIP Calling ID Restriction
Restrictions | Header Encoding |
|---|---|
Name allowed, number allowed | From: “Alice” <sip:[email protected]> Remote-Party-Id: “Alice” <sip:[email protected]>; party=calling;screening=none;privacy=none |
Name allowed, number restricted | From: “Alice” <sip: 10.1.1.1> Remote-Party-Id: “Alice” <sip:[email protected]>; party=calling;screening=none;privacy=none |
Name restricted, number allowed | From: “Anonymous” <sip:[email protected]> Remote-Party-Id: “Alice” <sip:[email protected]>; party=calling;screening=none;privacy=name |
Name and number restricted | From: “Anonymous” <sip: 10.1.1.1> Remote-Party-Id: “Alice” <sip:[email protected]>; party=calling;screening=none;privacy=full |
CallManager’s SIP trunk operates over UDP, which is an inherently unreliable method of delivering IP messages. As a result, SIP incorporates timers and retries so that it can retransmit messages that have not been acknowledged under the assumption that those messages might have been lost.
CallManager enables you to configure the values for SIP timers and the number of retries in service parameters. Tables 4-13 and 4-14 present the service parameters, their default values, and a short description of the appropriate settings.
Table 4-13. SIP Timer Service Parameters
Parameter | Default | Description |
|---|---|---|
SIP Trying Timer | 500 ms | The amount of time CallManager should wait for a called UA to issue a 100 Trying after CallManager issues an INVITE. |
SIP Connect Timer | 500 ms | The amount of time CallManager should wait for a called UA to issue a 200 OK after CallManager issues an ACK. |
SIP Disconnect Timer | 500 ms | The amount of time CallManager should wait for a called UA to issue a 200 OK after CallManager issues a BYE. |
SIP Expires Timer | 180 s | The amount of time that CallManager can leave an unconfirmed INVITE outstanding; the call must be answered within this duration or CallManager clears the call. |
SIP Rel1XX Timer | 500 ms | The amount of time CallManager should wait before retransmitting a reliable 1XX response that has not been PRACKed. |
SIP PRACK Timer | 500 ms | The amount of time CallManager should wait for a called UA to issue a 200 OK after CallManager issues a PRACK. |
Table 4-14. SIP Retry Count Service Parameters
Parameter | Default | Description |
|---|---|---|
Retry Count for SIP BYE | 10 | When running UDP, the number of times CallManager should retransmit a BYE that has not received a 200 OK. |
Retry Count for SIP CANCEL | 10 | When running UDP, the number of times CallManager should retransmit a CANCEL that has not received a 200 OK. |
Retry Count for SIP INVITE | 5 | When running UDP, the number of times CallManager should retransmit an INVITE that has not received a 200 OK. |
Retry Count for SIP PRACK | 6 | When running UDP, the number of times CallManager should retransmit a PRACK that has not received a 200 OK. |
Retry Count for SIP Rel1XX | 10 | The maximum number of times CallManager retransmits an unacknowledged reliable 1XX response. |
Retry Count for SIP Response | 6 | The maximum number of times CallManager retransmits an unacknowledged 1XX response. |
This chapter examined the role of gateways in the CallManager architecture. Gateways bridge the gap between the packet-switched network and the circuit-switched network. This chapter described the circuit-switch technologies Cisco gateways support and the VoIP protocols H.323, MGCP, and SIP, which CallManager uses to talk to gateways and to other CallManagers. In addition, this chapter detailed the role of the gatekeeper and RAS, the H.323 gatekeeper communication protocol.