SIP.edu Logo   Cookbook Internet2  
MIT  

Contents

Introduction

Getting Started

DNS

Proxies

Gateways

User Agents

Directory Considerations

Security Considerations

Deployments

Glossary


Contacts

Related Links

SIP.edu and Configuring Cisco 2620XM PSTN Gatewaysa Proxy Server (draft)

Steve Blair <blairs@isc.upenn.edu> (May 2005(November 2004)

Overview

Cisco Systems manufactures several  products  which can  be used to provide connectivity between  traditional TDM based  telephony systems and LAN/Internet Protocol (IP) based voice-over-ip (VoIP)  systems. This document  describes one possible way to configure  such  a gateway, the 2620XM, with a T1/PRI connection.


The 2620XM is an IOS based multi-protocol modular router. If you deploy this router you must purchase it with, or upgrade memory to,  128MB of  DRAM to accommodate modern (12.3.x) versions of IOS. As of this writing IOS version c2600-ipvoice-mz.123-11.T3.bin is recommended. A VWIC interface is also required. We are using a VWIC 1MFT-T1.

I. Architecture

In order to map email addresses to PBX extensions, a call that comes in to the Avaya SIP proxy will first attempt to deliver it to a registered station (check- is it trying to deliver it to a registered or a recorded (but offline) station?).  If the call cannot be delivered via the Avaya proxy it is handed off to the Avaya gateway connected by PRI to our legacy 5ESS PBX.

Challenges  (may not be necessary to include all of this)

 

Some of the Avaya user documentation is out of date and use of this cookbook as a guide is recommended.  The hardest part was getting console access and an administrative interface.  There were several required passwords missing or wrong.



I. The Basics


First configure the 2620XM's IP address, mask and default gateway. To this configuration add authentication statements per your site's authentication policy. IP routing must be enabled on voice gateways but a routing protocol is not required. A default gateway is suffice. Logging parameters may also need to be defined.

Here is an example configuration with  FastEthernet interface 0/0 configured to connect to the IP network through which your SIP proxy is reachable.

                interface FastEthernet0/0

                 description SIP-PSTN gateway

                 ip address <site-specific-ip-address> <site-specific-subnet-mask>

                 no ip mroute-cache

                 speed 100

                 full-duplex

                 no cdp enable


                ip default-gateway <site-specific-gateway-ip-address>

                ip route 0.0.0.0 0.0.0.0 <site-specific-gateway-ip-address>


Notice that we have disabled the Cisco Discovery Protocol (CDP). This is a site specific configuration option. Check with your Networking support staff to determine how this parameter should be set for your institution.

A commonly accepted practice is to define a loopback address in order to create a consistent identity for this router. This is especially useful when modeling the router in a Network Management System.

                interface Loopback0

                 ip address <site-specific-ip-address> <site-specific-subnet-mask>

                 no snmp trap link-status



Defining codecs


Some sites may use a single codec while others may find it advantageous to define a list of available codecs in the order in which they should be tried during call setup. If you choose to implement a list you accomplish this task using the voice class codec command. Note that this only defines the list of available codecs. Once defined the list must be applied each applicable dial-peer using the voice-class codec command. Dial-peer commands will be described later in this document.

                voice class codec 1  

                 codec preference 1 g711ulaw

                 codec preference 2 g729r8 bytes 40

                 codec preference 3 g723r63 bytes 96

                 codec preference 4 g726r16 bytes 80

                 codec preference 5 gsmfr bytes 132



Thoughts on digit manipulation


The service (e.g. a local PBX) or Service Provider (e.g. Verizon) to which the router WAN interface is connected will pass a fixed number of digits in the calling and called party numbers. Your provider will expect a certain number of digits when the call originates from the VoIP environment. Digit manipulation can change the called party or calling party number into a format usable by the service but  be careful to insure that in the end the manipulated number matches the appropriate dial-peer statements.

Digit manipulation can be accomplished using the number-expansion and voice translation-rule commands. Note: Number expansion is performed before dial-peer matching. This behavior is helpful when performing wholesale changes on inbound numbers but can completely destroy your dial plan if not implemented properly.

If your Service Provider delivers the same number of digits as your proxy server is configured to see, you do not need number expansion. For discussion purposes letís assume our proxy uses a ten digit number for the username and our SP sends only 5 digits. To convert from the five to ten digit called party number we would add the following statements to the router.


                 num-exp 68... 2157468...
                 num-exp 85... 2158985...


The "." character is a wildcard that matches one and only one digit. If a call arrives for the user assigned to extension 68123 the router will expand 68123 into 2157468123. A dial-peer statement matching
2157468123 would have to exist for a match and the call to proceed. See Cisco Systems web site for more information on number expansion rules.

Translation rules are another number string conversion method  Translation rules are called from dial-peers, so the conversion occurs after dial-peer matching. This means the previous caution regarding number expansion does not apply.


In our environment translation rules are used to convert the five digit calling party number into a ten digit number to insure that an off campus recipient of a call can
recognize the caller id and redial the number in their call history display. To accomplish this we define a translation rule that maps each five digit oncampus extension range into the corresponding ten digit range. In this example the number 3 is an arbitrary number used to uniquely identify this rule.


                voice translation-rule 3

                 rule 1 /^6\(....\)/ /215746\1/

                 rule 2 /^3\(....\)/ /215573\1/

                 rule 3 /^8\(....\)/ /215898\1/

                 rule 4 /^7\(....\)/ /215417\1/


The translation-rule shown above can be used to manipulate digits. If you wish greater control, such as the ability to specify to which number the rule should be applied then translation-profiles are also needed.

Returning to our example, we define translation-rules to insure that the recipient of an IP phone call has the correct number to return the call or apply caller-id screening. To use the translation-rule for this purpose we define a translation-profile that will be applied to all appropriate dial-peer statements. In the following example the name "prefix" is an arbitrary string used to identify the profile.

                voice translation-profile Prefix

                 translate calling 3

 

Hopefully this example gives you an idea of the power of translation rules. Review the Cisco documentation and IOS online help to see other options available under translation-rules and translation-profiles.

II. Configuring the WAN interface


This section is highly site specific. It is quite possible that the examples shown here will not apply to your site. Your mileage may vary. No laundry returned without ticket.  Routers configured incorrectly will be towed by Ted & Bob's hauling.

At the time of this writing we were using a T1/PRI circuit terminated in a VWIC 1MFT-T1 interface for connectivity to a Verizon DMS100 Central Office switch. To configure a WAN circuit in this environment requires three steps. First define the physical layer (T1 specific) parameters. These should be self explanatory. If not check with your site Networking representative for help.

                controller T1 1/0

                 framing esf

                 linecode b8zs

                 cablelength short 133

                 pri-group timeslots 1-24

                 description T1/PRI trunk to Verizon Centrex


Next define an ISDN PRI serial interface. The switch-type parameter may need to be changed depending upon the type of switch in use. Likewise the address plan and type command is also site/carrier specific and will most likely need to be changed. Finally note that here again we disable Cisco's CDP. This is a local decision that may or may not apply to your site. Check with your Networking department if you are uncertain about this setting.

                interface Serial1/0:23

                 description Service Provider Circuit ID: <it is a good idea to put the circuit id  here for documentation>

                 no ip address

                 no logging event link-status

                 isdn switch-type primary-dms100

                 isdn incoming-voice voice

                 isdn map address . plan isdn type national

                 isdn send-alerting

                 isdn outgoing ie redirecting-number

                 isdn outgoing ie high-layer-compat

                 isdn outgoing ie user-user

                 no cdp enable


Finally define the voice specific port and map it to the serial interface defined above. The voice port will be referenced by dial-peer statements. It is through this port that calls will be received and sent. The actual parameters you apply to this port again will vary.

                voice-port 1/0:23

                 output attenuation 2

                 echo-cancel coverage 32

                 playout-delay nominal 70

                 playout-delay minimum low

                 playout-delay mode fixed

                 no comfort-noise


III. Configuring dial-peers



The dial-peer is where forwarding decisions are made based upon destination-pattern pattern matching. If more than one peer is matched the preference parameter determines the order in which the peers are tried. The dial-peer statement is also where translation-rules and codec decisions are made.

Continuing with our example installation suppose we have the following dial-peers defined.  We know that our Service Provider will deliver five digits in the called party number so we match based on five digit numeric values. The following dial-peer will be matched whenever the called party number is a value between 68001 and 68009. Notice how a range can be specified in the destination-pattern match to simplify configuration.

In this example we also see that this peer has preference value 2 which means only matching peers with a preference value of 1 will override this peer. We also see that the list of supported codecs is specified in the voice-class codec statement and point to codec list #2 described above. 

A new item is the session target sip-server command. This command identifies the sip-ua through which this call will be forwarded. This is a UA that is internal to the Cisco box and is described below.

Note: Remeber that number expansion is performed before dial-peer matching. This behavior is helpful when performing wholesale changes on inbound numbers but can completely destroy your dial plan if not implemented properly.

                dial-peer voice 680010 voip
                description Only peer for inbound to SIP Proxy 215-746-8001:8009 extensions
                huntstop
                preference 2

                destination-pattern 6800[1-9]

                progress_ind setup enable 3

                voice-class codec 1

                session protocol sipv2

                session target sip-server

                dtmf-relay rtp-nte

                no vad



If instead of a range of extensions we wish to only match a single extension then the following sample dial-peer would be used. In this example the destination-pattern is a full five digit string. Given that the pattern matching happens on a longest string match no other perr will match this same extension therefore the call will be sent to the session target identified in the peer.


                dial-peer voice 89386 voip

                 description Only peer for inbound to SIP Proxy 215-898-9386 extension

                 huntstop

                 preference 2

                 destination-pattern 89386

                 progress_ind setup enable 3

                 voice-class codec 1

                 session protocol sipv2

                 session target sip-server

                 dtmf-relay rtp-nte

                 no vad



These examples are pretty straight forward and describe what the router should do when presented with a call destined for a point on the VoIP network but what if the call is from the VoIP network and destined for the Public Switched Telephone Network (PSTN)? This case is shown in the following example.

Remember back in the WAN interface section we setup a voice-port? Well here is where that port is used. In this case we have an IP phone user who wishes to call an on-campus analog telephone using five digit dialing. The prefix statement has been added in order to present a full ten digit calling party number.

                dial-peer voice 61 pots
               
description Only peer for outbound 5-digit 746 campus calls

            translation-profile outgoing Prefix
                
preference 3

                
destination-pattern 6....

                 direct-inward-dial
                 port 1/0:23
                
                 prefix 215746
           

VI. Configuring the SIP UA


In a SIP environment each entity the originates or receives SIP messages is called a user agent (UA). UAs are comprised of two components a user agent client (UAC) and user agent server (UAS). The UAC is configured using the sip-ua command. In our example we have the sip-ua configured as follows.


                sip-ua
                 retry invite 3
                 retry response 3
                 retry bye 3
                 retry cancel 3
                 timers expires 300000
                 sip-server dns:upenn.edu


In the above example the sip-server is the most interesting. The command sip-server dns:upenn.edu tells the router to use DNS to resolve the name upenn.edu into a usable address. In this case upenn.edu is the domain name in a SRV record. The domain name in our example resolves into two A records each with their own weight and priority. This is part of the failover mechanism used in our environment.


V. What is missing


This is just a sample configuration. Most likely your configuration will be different. You may want to add access control lists to restrict access to/from the proxy server and any associated hosts. A commonly accepted  set of ACLs  follow. Keep in mind this is just a sample list. You application and installation may require additional list entires.

                access-list 104 permit ip host <proxy-server ip> host <pstn gwy ip>
                access-list 104 permit ip host <proxy-server ip> host <pstn gwy ip>
                access-list 104 deny   tcp any host <pstn gwy ip> eq 5060
                access-list 104 deny   udp any host <pstn gwy ip> eq 5060
                access-list 104 permit ip any any


This configuration does not configuration options which are not related to SIP. For example we do not discuss SNMP configuration. If you wish to enable SNMP monitoring and traps you will most likely want to consider the following:


                    snmp-server enable traps envmon
                    snmp-server enable traps isdn layer2

                    snmp-server enable traps isdn chan-not-avail

                    snmp-server enable traps isdn ietf

                    snmp-server enable traps voice poor-qov


I've found that these trap messages are a bit generic and not very helpful. An alternative is to use RADIUS accounting messages however you will need to decide which approach works best for your institution.

VI. Putting it all together


                    isdn switch-type primary-dms100


                    voice class codec 1

                     codec preference 1 g711ulaw

                     codec preference 2 g729r8 bytes 40

                     codec preference 3 g723r63 bytes 96

                     codec preference 4 g726r16 bytes 80

                     codec preference 5 gsmfr bytes 132

                    !

                    voice translation-rule 3

                     rule 1 /^6\(....\)/ /215746\1/

                     rule 2 /^3\(....\)/ /215573\1/

                     rule 3 /^8\(....\)/ /215898\1/

                     rule 4 /^7\(....\)/ /215417\1/

                    !

                    voice translation-profile prefix

                     translate calling 3

                    !

                    controller T1 1/0

                     framing esf

                     linecode b8zs

                     cablelength short 133

                     pri-group timeslots 1-24

                     description T1/PRI trunk to  Service Provider


                    interface Loopback0

                     ip address <site-specific-ip-address> <site-specific-subnet-mask>

                     no snmp trap link-status


                    !
                   
interface FastEthernet0/0

                     description SIP-PSTN gateway

                     ip address <site-specific-ip-address> <site-specific-subnet-mask>

                     no ip mroute-cache

                     speed 100

                     full-duplex

                     no cdp enable

                    !

                    interface Serial1/0:23

                     description Circuit ID: <it is a good idea to put the circuit id  here for documentation>

                     no ip address

                     no logging event link-status

                     isdn switch-type primary-dms100

                     isdn incoming-voice voice

                    isdn map address . plan isdn type national
                     isdn send-alerting
                     isdn outgoing ie redirecting-number
                     no cdp enable

                    !

                    access-list 104 permit ip host <proxy-server ip> host <pstn gwy ip>
                    access-list 104 permit ip host <proxy-server ip> host <pstn gwy ip>
                    access-list 104 deny   tcp any host <pstn gwy ip> eq 5060
                    access-list 104 deny   udp any host <pstn gwy ip> eq 5060
                    access-list 104 permit ip any any

                    ip default-gateway <site-specific-gateway-ip-address>

                    ip route 0.0.0.0 0.0.0.0 <site-specific-gateway-ip-address>

                    !
 
                   ! Note: The following snmp info is incomplete. This section is for reference only.
                    !
                    snmp-server location <My Site Server Room>

                    snmp-server contact <Me, Myself and I>

                    snmp-server chassis-id <2620XM SIP-PSTN Gateway>

                    snmp-server enable traps tty

                    snmp-server enable traps envmon

                    snmp-server enable traps isdn layer2

                    snmp-server enable traps isdn chan-not-avail

                    snmp-server enable traps isdn ietf

                    snmp-server enable traps voice poor-qov

                    no cdp run

                    !

                    voice-port 1/0:23

                     output attenuation 2

                     echo-cancel coverage 32

                     playout-delay nominal 70

                     playout-delay minimum low

                     playout-delay mode fixed

                     no comfort-noise

                    !

                    dial-peer voice 680010 voip

                     description Only peer for inbound to SIP Proxy 215-746-8001:8009 extensions

                     huntstop

                     preference 2

                     destination-pattern 6800[1-9]

                     progress_ind setup enable 3

                     voice-class codec 2

                     session protocol sipv2

                     session target sip-server

                     dtmf-relay rtp-nte

                     no vad

                    !

                    dial-peer voice 89386 voip

                     description Only peer for inbound to SIP Proxy 215-898-9386 extension

                     huntstop

                     preference 2

                     destination-pattern 89386

                     progress_ind setup enable 3

                     voice-class codec 2

                     session protocol sipv2

                     session target sip-server

                     dtmf-relay rtp-nte

                     no vad

                    !

                    dial-peer voice 61 pots

                     description Only peer for outbound 5-digit 746 campus calls

                     translation-profile outgoing Prefix

                     preference 3

                     destination-pattern 6....

                     direct-inward-dial

                     port 1/0:23

                     prefix 215746

                    !

                    dial-peer voice 90 pots

                     description Test peer for outbound calls to PSTN

                     preference 1

                     destination-pattern .T

                     direct-inward-dial

                     port 1/0:23

                    !

                    sip-ua

                     retry invite 3

                     retry response 3

                     retry bye 3

                     retry cancel 3

                     timers expires 300000

                     sip-server dns:upenn.edu

                    !