cisco spark hybrid call services architecture and · cisco spark hybrid call services architecture...

Cisco Spark Hybrid Call Services Architecture and Design

Luca Pellegrini Technical Marketing Engineer

BRKCOL-2202

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKCOL-2202

• Introduction

• Call Service Aware and Connect

• CSC Global Reachability

• CSC Call Anchoring

• Certificates

• DNS Service Discovery

• Dial Plan

• Identity Theft and Toll Fraud Prevention

• Shared Expressway for Hybrid and B2B

• Deployment Models

• Multiple Clusters

• SME Architecture

• HCS Deployment

Agenda


Cisco®

Spark Control

HubCisco Spark Services*

Cisco SparkMeetings

Cisco SparkMessaging

Cisco Spark Care

Cisco Spark Rooms

Cisco Spark Board

Cisco SparkHybrid Calling

Cisco Spark Services SuiteA complete business collaboration service from the Cisco cloud that enables customers to message, meet, or callanyone, anywhere, and anytime.

*Cisco Spark is hosted and operated by Cisco, and sold by partners

BRKCOL-2202 5


Pla

tfo

rm

Ed

ge

Win

dow

s

*Includes Business Edition or HCS

WebEx

Messenger

Integrating Premises and Cloud

Directory Calendar Media KMS

Microsoft ADExchange /Office 365

Hybrid Media

Hybrid Data Security

Call Future

FutureCisco UCM *

?

BRKCOL-2202 6

?


Pla

tfo

rm

Ed

ge

Win

dow

s


WebEx

Messenger




Hybrid Media


Call Future

FutureCisco UCM *

?

BRKCOL-2202 7

?


Pla

tfo

rm

Ed

ge

Win

dow

s


WebEx

Messenger




Hybrid Media


Call Future

FutureCisco UCM *

?

BRKCOL-2202 8

?


Pla

tfo

rm

Ed

ge

Win

dow

s


WebEx

Messenger




Hybrid Media


Call Future

FutureCisco UCM *

?

BRKCOL-2202 9

?


Pla

tfo

rm

Ed

ge

Win

dow

s


WebEx

Messenger




Hybrid Media


Call Future

FutureCisco UCM *

?

BRKCOL-2202 10

?


Pla

tfo

rm

Ed

ge

Win

dow

s


WebEx

Messenger




Hybrid Media


Call Future

FutureCisco UCM *

?

BRKCOL-2202 11

?


Internet

Expressway-EExpressway-CCisco Unified CM

Active Directory

SIP signaling and media

Internal FW DMZ FW

MicrosoftExchange

BRKCOL-2202 12

HTTP Proxy

Hybrid Service Architecture


Internet


Active Directory


Internal FW DMZ FW

MicrosoftExchange

BRKCOL-2202 13

HTTP Proxy



Internet


Active Directory Directory Connector


Internal FW DMZ FW

MicrosoftExchange

BRKCOL-2202 14

HTTP Proxy



Internet




Internal FW DMZ FW

Directory Connector

MicrosoftExchange

BRKCOL-2202 15

HTTP Proxy



Internet


Expressway-C

Connector Host



Internal FW DMZ FW

Directory Connector

MicrosoftExchange

BRKCOL-2202 16

HTTP Proxy



Internet


Expressway-C

Connector Host



Internal FW DMZ FW

Management Connector

Directory Connector


MicrosoftExchange

BRKCOL-2202 17

HTTP Proxy



Internet


Expressway-C

Connector Host

Calendar Connector



Internal FW DMZ FW


Calendar Connector

Directory Connector


MicrosoftExchange

BRKCOL-2202 18

HTTP Proxy



Internet


Expressway-C

Connector Host

Calendar Connector



Internal FW DMZ FW


Calendar Connector

Directory Connector


MicrosoftExchange

AXL CTI-QBE

BRKCOL-2202 19

HTTP Proxy



Internet


Expressway-C

Connector Host

Calendar Connector



Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector


Call Connector

MicrosoftExchange

AXL CTI-QBE

BRKCOL-2202 20

HTTP Proxy



Internet


Expressway-C

Connector Host

Calendar Connector



Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector


Call Connector

MicrosoftExchange

AXL CTI-QBE

BRKCOL-2202 21

HTTP Proxy

Hybrid Signaling for Directory, Calendar and Call over HTTPS



Internet


Expressway-C

Connector Host

Calendar Connector



Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector


Call Connector

Firewall traversal architecture with Expressways for hybrid call signaling and media

MicrosoftExchange

AXL CTI-QBE

BRKCOL-2202 22

HTTP Proxy

Hybrid Signaling for Directory, Calendar and Call over HTTPS



Internet


Calendar Connector



Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector

Call Service Architecture


Call Connector

MicrosoftExchange

AXL CTI-QBE

BRKCOL-2202 23

HTTP Proxy

Expressway-C

Connector Host


Internet


Calendar Connector



Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector



Call Connector

MicrosoftExchange

AXL CTI-QBE

BRKCOL-2202 24

Hybrid Signaling (AXL, CTI-QBE over HTTPS)

HTTP Proxy

Expressway-C

Connector Host


Internet


Calendar Connector



Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector



Call Connector

SIP signaling and SRTP media

MicrosoftExchange

AXL CTI-QBE

BRKCOL-2202 25

Hybrid Signaling (AXL, CTI-QBE over HTTPS)

HTTP Proxy

Expressway-C

Connector Host

Call Service Aware and Connect


Call Service Aware

Enables Cisco Spark users

to share their screen using Spark

Complements, and is aware, of Cisco UC

calls and allows for Desktop Sharing

Call Service Connect

Depends on Call Service Aware.

Allows Cisco Spark users to call Cisco UC

registered devices, as well as be called by

Cisco UC users.

Together with Call Service Aware, enables

users to manage a unified Spark and UC

call history from the Cisco Spark calls tab

Call Service Aware & Call Service Connect

27BRKCOL-2202


Call Service Aware/Connect Addressing

28BRKCOL-2202

Cisco Unified CM

[email protected]

Aaron [email protected]

Aaron Goodman

Expressway-C

Connector Host

Spark RD

RD

Shared Line

Cisco Spark Control Hub

Cisco UCM Interface

+14085551234

+14085551234

+14085551234

mailto:[email protected]



Spark RD Provisioning Through Expressway-C Connector Host

Spark RD provisioned automatically using single Device Pool, Location, Calling Search Space, Rerouting CSS

BRKCOL-2202 29

• Each UCM cluster needs to be provisioned on Call Connector

• UCM needs User an application user with:• Standard AXL API Access

• Standard CTI Allow Control of All Devices

• Standard CTI Enabled

• Standard CTI Allow Control of Phones supporting Connected Xfer and conf

• Standard CTI Allow Control of Phones supporting Rollover Mode

• Every end-user must have a directory URI

• CFQDN has to be set to a unique value

• Manual or Automatic Provisioning of Spark RD

• Remote Destinations always provisioned through the Connector

Call Service Connect Global Reachability


Spark RD

RD

Internet

Expressway-EExpressway-C

Cisco Unified CM

Expressway-C

with Connectors

1

2

3

Dial [email protected] or

+14085551234

[email protected]

Bob

[email protected]

[email protected]

2 3

3

UCM to UCM call

Alice

BRKCOL-2202 31

UCM Releases where Spark RD is supported

12.0(1) 12.0.1.10000-10

11.5(1) SU3 11.5.1.13900-52

11.0(1a) SU3 11.0.1.23900-5

10.5(2) SU5 10.5.2.15900-8



Spark RD

RD

Internet


1

[email protected]

+14085551235

Alice

2

[email protected]

[email protected]

2

[email protected]

4 4

3 3 4

Cisco Unified CM

[email protected]

[email protected]

Alice calls Bob

Spark to Spark Call

cancelled

Calling Called

[email protected] [email protected]

Bob

BRKCOL-2202 32


Call Service Connect Call Anchoring


Call Anchoring and Calling ID PreservationSingle UCM cluster

[email protected]

[email protected]

Spark RD

RD

Alice

Alice’s CSS: Internal and Local calls

Bob

[email protected]

BRKCOL-2202 34



[email protected]

[email protected]

Spark RD

RD

Calling Called


Alice


1

Bob

[email protected]

BRKCOL-2202 35



[email protected]

[email protected]

Spark RD

RD

Calling Called


Alice


1

2Bob

[email protected]

BRKCOL-2202 36



[email protected]

[email protected]

Spark RD

RD

Calling Called


Alice


1

2Bob

Call from:

Alice

+14085551235

[email protected]

[email protected]

BRKCOL-2202 37


Call Anchoring and CSS PreservationCall Anchoring based on calling ID==RD

[email protected]

[email protected]

Spark RD

RD

Spark RD

RD

Calling ID Called ID

[email protected] +390212345678

Alice

Alice’s CSS: Internal

and Local calls

Bob’s CSS: All Calls

1

PSTN

Calling Called


[email protected]

2

2

Bob

BRKCOL-2202 38


Spark RD

RD

Internet


Alice

1

22

[email protected]

3 4

Cisco Unified CM

[email protected] ID Calling ID

+390212345678 [email protected]

5

PSTN audio or video GW

Called ID Calling ID

+390212345678 +14085551234

[email protected]


+390212345678 [email protected]

.ciscospark.com


+390212345678 +14085551234

PSTN Call Flow

Line CSS: allow international calls

BRKCOL-2202 39


Spark RD

RD

Internet


Alice

2

2

[email protected]

3 4

Cisco Unified CM

[email protected]



5

[email protected]





.ciscospark.com



B2B Call Flow

Dial: [email protected]

1

6

BRKCOL-2202 40

Certificates for Authentication and Encryption


Identity Verification

• Expressway-E and the Cloud need to trust each other

• Public certificates are the preferred way to trust the remote peer’s identity

• Public CAs release certificates after the identity verification is successful

• CN and SAN in the certificate are used to check the identity of the remote peer

• A certificate that has been released for Cisco can’t be released to another organization because it must prove that it owns the domain

BRKCOL-2202 42


TLS Handshake with Mutual Authentication

• Expressway-E checks the Cloud certificate for both inbound and outbound calls

• callservice.ciscospark.com must be included in the certificate presented by the Cloud

Client hello

Server hellofollowed by certificate

Certificate Request

Expressway-E

BRKCOL-2202 43


Cloud Certificate used in Spark Hybrid Scenarios

Common name: l2sip-cfa-01.ciscospark.com

SANs: l2sip-cfa-01.ciscospark.com, l2sip-cfa-01.wbx2.com, l2sip-cfa-01-web.wbx2.com, l2sip-

cfa-web.wbx2.com, callservice.ciscospark.com

.......................................................

Organization: Cisco Systems, Inc.

Location: San Jose, CA, US

Valid from November 16, 2016 to November 16, 2018

Serial Number: 08bd6c90982db954a25830361d7dcb4b441b719b

Signature Algorithm: sha256WithRSAEncryption

Issuer: HydrantID SSL ICA G2

BRKCOL-2202 44


Authenticating the Cloud: Inbound Calls Example

<Public Key>

ExpE Cert

expe.example.com

expe.example.com

Client hello

1

3

DNS Zone (trunk to Cloud)

Expressway-E

<Public Key>

Cloud Cert

callservice.ciscospark.com

2

BRKCOL-2202 45


Certificates and certification authorities

• Recommended option: the Cloud will trust certificates signed by specific certification authorities by default

• https://help.webex.com/docs/DOC-4302

• The Cloud can be configured to trust (through manual upload):

• certificate signed by a private certification authority

• self-signed certificate

• certificate signed by a public CA that is not in the trusted list of the Cloud

• The Cloud will trust any of the above if:

• The CN or SAN includes the Expressway-E DNS name

• the CRL (if present) is publicly reachable from the Internet

BRKCOL-2202 46

https://help.webex.com/docs/DOC-4302

Call Service Connect Service Discovery


TLS vs dedicated MTLS port on Expressway

• Any incoming TCP connection on port 5061 will use TLS. For B2B communications.

• Any incoming TCP connection on port 5062 will trigger the TLS handshake with Mutual Authentication. For Spark Hybrid Comunications

BRKCOL-2202 48


Standard SRV Records for SIPSRV record format for SIP

• TLS and MTLS are part of the same specification (RFC 5246)

• It doesn’t exist a separate record for MTLS

_sips._tcp.example.com 5061 TLS

_sips._tcp.mtls.example.com 5062 TLS with Mutual

Authentication

_sip._tcp.example.com 5060 TCP

_sip._udp.domain 5060 UDP

Used in Spark Hybrid Services and MTLS

BRKCOL-2202 49

Used for B2B – TLS only


Enterprise Service Discovery for Spark Hybrid

Exp-C

Alice calls Bob

1

2

3

4

Exp-E

DNS SRV Use A-record IP Address/port

_sips._tcp.example.com B2B with TLS expe.example.com <public IP>:5061

_sips._tcp.mtls.example.com MTLS expe.example.com <public IP>:5062

CUCM

[email protected]

5

6

7

InternetCorporate Network

CFQDN: cucm.example.com

BRKCOL-2202 50



Verified Domains

• SIP domains must be verified to prevent someone else to use that domain and mitigate impersonation theft

• SIP domains must be publicly routable (no internal.local as Directory URI domain)

BRKCOL-2202 51


Verification token

12

3

Get the tokenCreate the TXT record

Test the TXT record Cisco recommends to use the prefix

cisco-ci-domain-verification=

Followed by the token, i.e.

cisco-ci-domain-

verification=123456789abcdef123456789abcdef123456

789abcdef123456789abcdef

BRKCOL-2202 52


Inbound Calls: Authenticated vs Unauthenticated TrafficTLS with Mutual Authentication and Certificates on Expressway with DNS Zone

expe.example.com Default zone

Inbound trunk from any unknown

destination

Non-authenticated Traffic

Certificate is NOT requested

Spark DNS Zone

Trunk to Spark Hybrid

Authenticated Traffic

Certificate Requested

CN/SAN=callservice.ciscospark.com

Internet

Dedicated box to Hybrid Services: Block calls from Default Zone

Shared box: apply rules to non-authenticated traffic to filter calls

BRKCOL-2202 53

Dial Plan


Route Header and Request URI

• The Cloud populates forked calls with CFQDN

• Route Header takes the precedence over the Request URI

• CFQDN: Enterprise parameter used in SIP routing decisions

• CFQDN must be different than Expressway system name, domain or DNS name

• Can’t contain wildcards

• If wildcards are needed, you can add two entries, first of which won’t contain wildcards:

CQFDN: us-cm-pub.example.com *.example.com

BRKCOL-2202 55


INVITE

Request URI sip:[email protected]

Route header sip:us-cucm-pub.example.com


US Cluster

Expressway-C

with Connectors

Call Connector

us-cucm-pub.example.com

[email protected]

Directory URI Destination in Route Header

[email protected] emea-cucm-pub.example.com

[email protected] us-cucm.pub.example.com

[email protected]

EMEA Cluster

emea-cucm-pub.example.com

Alice’s Cisco Spark Client

Calls Bob 1

2

Home Cluster Routing: Route Headers and Request URIsCluster Fully Qualified Domain Name

Cluster Fully Qualified Domain Name

BRKCOL-2202 56

3

4


Spark Dial Plan with multiple UCM clusters

Expressway-C

Expressway-E

CUCM_US

Priority Rule Name Protocol Source Mode Target

50 Spark inbound US Any Any Prefix:

us-cm-pub.example.com

UCM_US

50 Spark inbound EMEA Any Any Prefix:

emea-cm-pub.example.com

UCM_EMEA

60 Spark outbound Any Any Regex:

.*@example\.call.\ciscospark\.com Spark Traversal Server

Spark Traversal Zone

Priority Rule Name Protocol Source Mode Target

50 Spark inbound Any Spark DNS Zone Any alias Spark Traversal Server

60 Spark outbound Any Spark Traversal Server Any alias Spark DNS Zone

CUCM_EMEA

From Spark to UCM

From UCM to Spark

BRKCOL-2202 57

Identity Theft and Toll Fraud Prevention


Simulating a Spark Hybrid identity through a B2B connection

• 1. Hacker simulates Bob’s SIP Spark Address with Spark SIP address and dials to Alice, or to PSTN

• Because he can’t use the cloud certificate, the call will enter into the Default Zone

Internet


Cisco Unified CM

[email protected]

Spark-RD

[email protected]

Hacker simulating Alice with calling ID:[email protected]

dials:[email protected]

1

2

3

Call from

Alice

Bob

BRKCOL-2202 59



PSTN Call Allowed Based on Alice's CSS

Internet


Cisco Unified

CM

[email protected]

Spark-RD

[email protected]

Hacker simulating Alice with calling ID:[email protected]

dials:9393357454076

1

2

3Alice

PSTN

Alice Office

+1(408)5551234

BRKCOL-2202 60



Expressway – Mitigating Toll Fraud

• Zone authentication policy sets authenticated (P-Asserted Identity trusted in the Spark DNS Zone) or unauthenticated traffic (PAI removed from calls hitting the Default Zone)

• Call policy rules applied to the source zone or to unauthenticated traffic

BRKCOL-2202 61

B2B

Spark DNS ZoneTraversal Server Zone

Authenticated

Authenticated


Checking the calling alias

• Any call with a Call ID containing example.call.ciscospark.com will enter into the Default Zone

From

Address

Rule Applies To Source Pattern Destination

Pattern

Action

Unauthenticated (.*)@example\.call\.ciscospark\.com.* .* Reject

BRKCOL-2202 62


2nd Line of Defense: Trusted Identity on UCM

• Traversal client, server and UCM neighbor zone will preserve PAI if Authentication policy is set to “check credentials” or “treat as authenticated”

• Trunk on UCM 12 set to “Trust PAI Only”: UCM will trust the identity and anchor the call only if it has PAI.

• For calls with PAI, CSS of the line will be used to route the call

• For calls without PAI, CSS of the trunk will be used to route the call

63

Expressway-C Expressway-ECUCM

B2B

SIP messages PAI

SIP messages

SIP messages PAI

BRKCOL-2202

Deployment Models


Expressway Cluster Capacity

• Expressway-C and Expressway-E used for media can clustered following Expressway clustering guidelines

• Up to 6 servers in the same cluster in 2:1 redundancy

• All servers active

• Cluster capacity: 4 times the capacity of the single box due to 2:1 redundancy model

• Expressway-C Connector Host

• 1:1 redundancy for Calendar and Call Connect

• All servers active

BRKCOL-2202 66


Internet


Cisco Unified CM

Active Directory

Directory Connector


Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector

MicrosoftExchange

Expressway-C

Connector Host

Connectors and Media on a Shared Expressway-C

BRKCOL-2202 67


Internet


Cisco Unified CM

Active Directory

Directory Connector


Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector

MicrosoftExchange

Expressway-C

Connector Host


BRKCOL-2202 68


Internet


Cisco Unified CM

Active Directory

Directory Connector


Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector


MicrosoftExchange

Expressway-C

Connector Host

BRKCOL-2202 69


Internet


Cisco Unified CM

Active Directory

Directory Connector


Internal FW DMZ FW


Call Connector

Calendar Connector

Directory Connector


MicrosoftExchange

BRKCOL-2202 70

• Connector Host services and SIP Signaling and Media for Hybrid Services only

• Scalability for MRA and B2B together with Connector is not tested


Capacity for Expressway-C Connector Host

BRKCOL-2202 71

• Expressway-C dedicated to Connector Hosting:

• 5000 users with medium OVA per server

• 15000 users with medium OVA per 6-peer cluster

• Testing in progress!

• Expressway-C shared together with SIP signaling and media for Hybrid Services (no MRA, B2B)

• 500 users with small OVA

• 2000 users with medium OVA and 2 servers cluster

• Testing in progress!


BE6000H Example Configuration for 500 Users with Shared Connector Host

Unity

ConnectionExpy-C

Small OVA

Unified CM

1000 Users OVAExpy-E

Small OVA

Prime

BE6000H Primary

BE6000H Secondary

Directory

Connector(1)

(1) Directory Connector can be deployed with HA

BRKCOL-2202 72


BE7000 Example Configuration for 2,000 users and Shared Connector Host

Unity

Connectionsub1

Prime

BE7000H Primary

pub

sub2 tftp2

tftp1

CER

Exp-C

Medium OVAExp-E

Medium OVA

Directory

Connector

BE7000H Secondary

BE7000H Tertiary

UCM Cluster

2500 Users OVA

BRKCOL-2202 73


Architecture for 10,000 Users

BRKCOL-2202 74

Expressway-C

Large OVA Clusters

Publisher

Call Control

Cisco Unified CM Cluster

7500 Users OVA

TFTP

Expressway-E

Large OVA Clusters

Directory Connector

Expressway-C

Connector Host

Medium OVA

Multiple Clusters


Expressway-C

Connector Host

Dual Clusters Outbound Calls

Signaling

Media

CUCM

Expressway-E

Expressway-CExpressway-C

Expressway-E

Expressway-C

Connector Host

BRKCOL-2202 76


Inbound Calls with Two Datacenters

• Call can be sent in one of the two datacenters; this is achieved through the use of DNS SRV with equal weight and priority for all Expressway-E servers in both datacenters

• Route Header contains the information of the calling user’s home cluster

• Every Expressway-E is configured to send the call to the associated Expressway-C or to the remote Expressway-E based on the Route Header

BRKCOL-2202 77


US Site

emea-expe.example.com

us-expe.example.com

Inbound Calls: Called and Calling on Same ClusterDNS Configuration

EMEA Site

Calls are sent to EMEA cluster

BRKCOL-2202 78

DNS SRV Target Priority Weight

_sips._tcp.mtls.example.com emea-expe.example.com 10 10

CUCM EMEA

CUCM US


EMEA Site


[email protected]

[email protected]



1. Alice calls Bob

2. INVITE to Expressway:

Route Header: us-cm-pub.example.com

INVITE sip: [email protected]

From: [email protected]

US Site

Rule Target

emea-cm-pub.example.com Expressway-C EMEA

us-cm-pub.example.com Expressway-E US

Rule Target

us-cm-pub.example.com Expressway-C US

emea-cm-pub.example.com Expressway-E EMEA


us-expe.example.com

2. Route to US Expressway

3. Route to

home cluster

4. Route to

destination

Inbound Calls: Called and Calling on Same ClusterSignaling

Bob

Alice

BRKCOL-2202 79




EMEA Site


[email protected]

[email protected]



US Site


us-expe.example.com

Inbound Calls: Called and Calling on Same ClusterMedia

Rule Target

emea-cm-pub.example.com Expressway-C EMEA

us-cm-pub.example.com Expressway-E US

Rule Target

us-cm-pub.example.com Expressway-C US

emea-cm-pub.example.com Expressway-E EMEA

BRKCOL-2202 80

Bob

Alice


Internet

Directory Expressway Architecture for N > 3 Sites

Dir Expe

Expc1

Expc3 Expc4

Expe1

Expc2

Expe2

Expe3 Expe4

UCM1 UCM2

UCM3UCM4

Corporate Network

BRKCOL-2202 81

media

Rule Target

cm1.example.com expe1.example.com




Call with Route Headercm3.example.com

signaling


Multiple Cluster Depoyment Models

Expressway-E Expressway-C

Region 1

UCM


Region 2

UCM


UCM

cluster1

Expressway-C

Connector Host

Expressway-C

Connector Host

Expressway-C

Connector Host

UCM

cluster2

UCM

cluster3


Region 1

UCM


Region 2

UCM

Expressway-C

Connector Host

Multiple UCM, Single Expressways and Connector HostRegional UCM Expressways and Connector Hosts

Regional UCM, Single Connector Host and Multiple Expressways

Rule of Thumb:

Connector Host clusters = Expressway clusters used for SIP Signaling and Media

BRKCOL-2202 82

SME Architecture With UCM 12 and Above


Internet

SME Architecture for N >=3 Sites

SME 12.X

UCM EMEA

UCM APJC

UCM US

Expressway-C

Expressway-E

BRKCOL-2202 84

Expressway-C Connector Host



CFQDN of UCM Clusters/SIP

Route Patterns

Destination

us-cm-pub.example.com UCM_US

emea-cm-pub.example.com UCM_EMEA

apjc-cm-pub.example.com UCM_APJC


Call Flow: Signaling

SME

UCM EMEA

UCM APJC

UCM US

Expressway-C


CTI/AXL

SIP

Alice

Bob

1. INVITE from Expressway-E:

Route Header: us-cm-pub.example.com

INVITE sip: [email protected]

From: [email protected]

BRKCOL-2202 85





HCS Deployment


Partner DMZ

Cisco

Collaboration

Cloud

(Spark)

Spark

clients

Customer 1 On-PremCustomer 1 VRF

Customer 2 On-PremCustomer 2 VRF

Internet Partner Data Center Customer Prem

SIP CallsConnector HTTP

Connector HTTPP

r o x

yP

r o x

y

Shared Expressway-E

Cluster

HCS Architecture with Multitenant Expressway-E

SIP Calls

Expressway-C

Directory Connector

Expressway-C

Directory Connector

BRKCOL-2202 87


Partner DMZ

20000 Users with

6xLarge OVA

Cisco

Collaboration

Cloud

(Spark)

Spark

clients

Customer 1

On-PremCustomer 2 VRF – 500 users with 2xSmall OVA on

BE6K

Customer 2

On-Prem

Customer 3 VRF – 300 users with 2xSmall OVA

Internet Partner Data CenterCustomer

Prem

SIP Calls

SIP Calls

Connector HTTP

Connector HTTPP

r o x

yP

r o x

y

Mid-Size Customers: Setup for 20,000 HCS Users

Customer 1

On-PremCustomer 1 VRF – 1000 users with 2xMedium

OVA

P r o

x y

50 tenants per Expressway-E Cluster

BRKCOL-2202 88


Partner DMZ

Cisco

Collaboration

Cloud

(Spark)

Spark

clients

Customer 1


BE6K

Customer 2

On-Prem

Customer 3 VRF – 100 users with 1xSmall OVA

Internet Partner Data CenterCustomer

Prem

SIP Calls

SIP Calls

Connector HTTP

Connector HTTPP

r o x

yP

r o x

y

Users with 6xMedium

OVA

Small-Size Customers: Setup for 5,000 HCS Users

Customer 1


a BE6K

P r o

x y

SIP Calls

50 tenants per Expressway-E Cluster

BRKCOL-2202 89

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 90BRKCOL-2202

Summary

• Call Service Connect Focus

• Security, Authentication and Toll Fraud/Identity Theft Prevention

• Architecture


Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

1. Find this session in the Cisco Live Mobile App

2. Click “Join the Discussion”

3. Install Spark or go directly to the space

4. Enter messages/questions in the space

How

cs.co/ciscolivebot#BRKCOL-2202


• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Complete Your Online Session Evaluation

http://ciscolive.com/Online

http://www.ciscolive.com/global/on-demand-library/


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Tech Circle

• Meet the Engineer 1:1 meetings

• Related sessions

93BRKCOL-2202

Thank you

DNS SRV Tutorial


DNS SRV Records RefresherSRV record format for SIP

Name of the

service

Protocol and

domain name

(TCP, UDP...)

DNS Time-To-Live: how much

time the server caches the

record before it flushes the

cache

DNS Class.

Always “IN”

Priority: Lowest

priority means

“preferred”.

Weight: load-

balances records

with same

priority

Port: TCP or

UDP port for

the service

Target: hostname or

IP Address for the host

Providing the service

_sips. _tcp.example.com 86400 IN 10 60 5062 expe.example.comSRV

BRKCOL-2202 97


Service Discovery

Bigbox

Smallbox

Backupbox

_sips._tcp.example.com. 86400 IN SRV 10 60 5062 bigbox.example.com.

_sips._tcp.example.com. 86400 IN SRV 10 40 5062 smallbox.example.com.

_sips._tcp.example.com. 86400 IN SRV 20 0 5062 backupbox.example.com.

Dial:

[email protected]

BRKCOL-2202 98


Service Discovery

Bigbox

Smallbox

_sips._tcp.example.com?

Backupbox




Dial:

[email protected]

BRKCOL-2202 99


Service Discovery

Bigbox

Smallbox

Backupbox




Dial:

[email protected]

BRKCOL-2202 100


Service Discovery

Bigbox

Smallbox

60%

40%

Backupbox




Dial:

[email protected]

BRKCOL-2202 101


60%

40%

Bigbox

Backupbox

Dial:

[email protected]

Smallbox

Service Discovery _sips._tcp.example.com. 86400 IN SRV 10 60 5062 bigbox.example.com.



BRKCOL-2202 102


60%

40%

Bigbox

Backupbox

Dial:

[email protected]

Smallbox




BRKCOL-2202 103


Bigbox

Backupbox

Dial:

[email protected]

Smallbox




BRKCOL-2202 104


33%

33%

expe1.example.com

Dial:

[email protected]

Real Scenario_sips._tcp.example.com. 86400 IN SRV 10 10 5062 expe1.example.com.

_sips._tcp.example.com. 86400 IN SRV 10 10 5062 expe2.example.com.

_sips._tcp.example.com. 86400 IN SRV 10 10 5062 expe3.example.com.

expe2.example.com

expe3.example.com

33%

BRKCOL-2202 105


Enterprise Service discovery for B2B

Exp-C

Call: [email protected]

1

2

3

4

Exp-E

DNS SRV Use A-record IP Address/port

_sips._tcp.example.com B2B with TLS expe.example.com <public IP>:5061

_sips._tcp.mtls.example.com MTLS expe.example.com <public IP>:5062

CUCM

[email protected]

5

6

7

InternetCorporate Network

3° party Edge

BRKCOL-2202 106


Spark Hybrid Cloud Service Discovery

[email protected]

Exp-C

Alice calls Bob

1

2

3

4

Exp-E

DNS SRV A-record IP Address/port

_sips._tcp.callservice.ciscospark.com l2sip.ciscocloudexample.com A.B.C.D:5062

CUCM

[email protected]

5

6

Bob

2

7

BRKCOL-2202 107

cisco spark hybrid call services architecture and · cisco spark hybrid call services architecture...

Documents