The Internet Working Program

Published Date: 02 Nov 2017

The Internetworking Program may make available or authorise others to make available individual photo/microfilm or soft copies of this report without restrictions after 7th March 2013.

The author attests that permission has been obtained for the use of any copyrighted material appearing in this report (other than brief excerpts requiring only proper acknowledgement in scholarly writing) and that all such use is clearly acknowledged.

Full Name of Author: Nirmal Kumar Murugesan

Signature of Author: _________________________

Date: 7th March 2013

Contents

List Of Figures

Acknowledgement

I would like to thank Dr. Bill Robertson for giving me an opportunity to do the Internetworking seminar.

Cisco CallManager Express

Introduction

This report is on Cisco CallManager Express, Cisco`s IOS based Telephony services. It is designed to give you an overview of the Cisco CallManager Express solution, the technologies involved and the benefit of using the Cisco CallManager Express solution in small and medium business.

The CallManager is a call processing system developed by Cisco Systems which is software based. It tracks all active VoIP network components; these include phones, gateways, conference bridges, resources transcoding, and voicemail among others.

The Cisco CallManager Express system of voice and IP communications products and applications helps the organizations to communicate more effectively which in turn allows them to streamline businesses, get to the right resource the first time.

Overview

We will first look at the dynamics and trends in the industry, and explain why IP Communications is becoming a compelling solution for small and medium businesses. Next, we will discuss the converged applications which are possible over an integrated voice and data network. We will then discuss the technical aspects of Cisco’s CallManager Express solution, explain some key features and review a few typical deployment scenarios.

The Cisco CME is the leading unified network telephony solution that helps organizations to increase productivity and reduce the costs with maintaining separate voice and data networks. The ability to perform many different tasks and complicated efficiency functionality of the Cisco IP network provides the backbone that allows fast implementation of upcoming software such as desktop Cisco IP Telephony, messaging, video telephony, desktop integration, global software convergence with IP phone displays, and collective IP contact centers. These soft wares enhance productivity and help increase enterprise revenues.

What is Cisco CallManager Express?

CallManager Express is a cost-effective IP Communications solution for small

Businesses or branch offices. It is an optional IOS software license that extends the capabilities of the most popular Cisco Full Service Access Routers to simultaneously manage standard routing, VPN, IOS Firewall, and now local IP Communications.

Call processing is integrated within the IOS software to provide the core set of

Telephony features that customers require for their everyday business needs.

CallManager Express supports up to 120 users making it ideal for small businesses or branch office deployments. An intuitive, easy-to-use Graphical User Interface is included to set-up user preferences and facilitate system administration.

Quality of Service

Voice, as a group of IP network traffic, has hard requirements with regards to packet loss, delay, and the variation in the delay which is also known as jitter. To get to these conditions for voice traffic, the Cisco CME IP Telephony solution has the Quality of Service (QoS) features which includes classification, queuing, shaping the traffic, and Transmission Control Protocol (TCP) header compression.

The QoS features of the Cisco CME IP Telephony solution are delivered through the dense management of the IP traffic, queueing, and shaping requirements of the Cisco CME IP network. Main conditions of this network that make QoS for IP telephony include:

•Call admission control

•Compressed RTP (cRTP)

•Enhanced queuing services

•Link efficiency

•Link fragmentation and interleaving (LFI)

•Low-latency queuing (LLQ)

•Traffic marking

•Traffic shaping

Security

The Cisco CME has many security features. But the main one that are considered are discussed below:

• The physical security that restricts any kid of physical access to any important servers and network components.

•Network access security that prevents any kind of hostile attacks or login attacks.

•Security measures that has to be followed on routers that run Cisco CME

•Mechanisms for define for each user their calling privileges.

•Careful network design and management to step up the security of the network.

Network Infrastructure

The network infrastructure has the public switched telephone network (PSTN) gateways, analog phone support, and digital signal processor (DSP) farms. The infrastructure can have many kind of client types such as hardware phones, software phones, and video devices. It also has the interfaces and features that are required to integrate legacy PBX, voicemail, and directory systems. Usual products that are needed to build the network include Cisco voice gateways, Cisco IOS software and Catalyst switches, and Cisco routers.

Figure CCME Network InfrastructureC:\Users\Nirmal\Downloads\ccme1.jpg

Network Components

In an CallManager Express-based IP Communications network, IP phones are connected to a voice-enabled Ethernet LAN switch, which is connected to an

CallManager Express-enabled router. The CallManager Express software on the Cisco router manages call processing, call control and feature control. This router also functions as a gateway to connect remote sites over either a private or public network, or to communicate with external callers.

In other words, IP-based Communications uses the same LAN as the data network. The Ethernet switch also provides inline power to the IP Phone. A desktop PC LAN connection can be connected in daisy-chain to the IP phone. In this way, one single cable from the switch takes care of power and network connectivity to the IP phone and the PC next to it, bringing significant cost savings.

The router with CallManager Express functionality acts as one single platform for Integrated Voice and Data. It leverages Cisco’s technology leadership in packet infrastructure and Voice-over-IP, to deliver high quality voice, and allows for simple deployment and management.

Network Services

A network service is hosted on a computer network. These services are also known as service protocol since they help the users the in the network to achieve some functionality. These services are provided by servers that are on a Local area network to ensure user friendly operation and security. There are a lot of network services that are used in a network we will look at some of those services.

Domain Name System (DNS)

DNS makes it possible the tracking of host names to IP addresses within a network. DNS server implemented in a network has a database that maps hostnames to IP addresses. Individuals on the network can ask the DNS server and get IP addresses for the devices which do not have an IP address in the network, thereby easing communication inbetween network devices.

Being dependent on DNS, however, can be troublesome. If the DNS server is not available and a network device depends on that server which is not online to get a hostname to IP-address mapping, communication will fail. This is why, we do not rely on DNS for communication between Cisco CME and the IP telephony endpoints.

Dynamic Host Configuration Protocol (DHCP)

Devices on the infrastructure use DHCP to get basic configuration information, including IP address, subnet mask, default gateway, and TFTP server. The administrative hard work of manually configuring each host with an IP address and other information is made easy by DHCP. DHCP also automatically reconfigures the network when a device in the network has been removed or moved. When a client sends a request to the DHCP it responds by sending the configuration from a DHCP server in the network.

Trivial File Transfer Protocol (TFTP)

Inside a Cisco Unified CME system, endpoints depends on a TFTP based measure to get configuration information. A request is sent by the endpoints which has a name based on its MAC address. The version of software that the phone must run and a list of Cisco CME servers that the phone should register with is contained in the configuration information.

If the phone gets a configuration file which asks the phone to run a file that is not the one which is currently being used the phone will then request for the new version of the software from the TFTP server. The phone will do this every time it is rebooted or turned on and before registering itself.

Centralized call processing deployments require remote phones to download configuration files and phone software through the branch's WAN link. When scheduled maintenance involves the downloading of new software, download times are a function of the number of phones requiring upgrades, the file size, and the WAN link's bandwidth and traffic utilization.

Network Time Protocol (NTP)

NTP lets the devices in the network to synchronize their clocks to the time in a network server. NTP is important for making sure that all the devices in the network have the same time. It important to make sure that the devices have the same time when managing or troubleshooting a telephony network since only then the time stamps in all error and security logs, traces, and system reports on devices will be the same throughout the network. This synchronization makes it possible for the administrators to create again network activities and behaviors based on a common timeline.

Standalone Network Infrastructure Overview

Cisco CallManager Express makes it a lot easier to manage a single site. It would require a lot of work to have maintained a standalone office before IP telephony since that office would require an onsite router which will be used only for data services and also needs a separate key system which will be used for voice services. Now the router can be made to provide an integrated and converged voice and data services to the standalone office. Though it has been converged it can be managed just like before by a VAR or SI or by an ISP. The advantages being both the service provider and business saving space, cost and management.

Cisco CME can be implemented in just wiring of a new office making it a lot more cost effective. The phone and computers are Ethernet based so it is enough if the office has Ethernet based wiring. Moreover, it is enough if a desktop has one Ethernet wire and a jack. Computer devices can be inserted into the back of the phone, and virtual LAN technology makes it possible to get virtual separation (and therefore security) of voice from data traffic.

XML services which are the Leading edge productivity features, which also improve the customer service applications based on IP, can also be implemented easily over this unified infrastructure.

Figure Standalone Office Network Topologyhttp://www.cisco.com/en/US/i/100001-200000/140001-150000/149001-150000/149941.jpg

Multisite Network Infrastructure Overview

Cisco CME there are less than 200 users (which can allow growth) and when a centralized provisioning model is not required. It starts to make sense to have a centralized Cisco CME based on the following factors.

•The individual business

•Its management style

•How well the QoS is ready for the network between sites

•The cost for the intersite connectivity

•How much each site needs the other one during a normal productive day.

A PSTN based network for voice access is actually good for an environment with a network which is based on the loosely coupled operational model and interconnected with only a less required data network (bandwidth of less than 64 kbps and no QoS deployment). This network is essentially the same as the standalone model which has be discussed earlier. Because the sites have only PSTN calling between look like a standalone entity (from a voice traffic perspective). In contrast, a multisite enterprise model that is more tightly coupled (with access to inexpensive QoS) of VoIP connectivity between the sites to gain toll savings and other efficiency advantages.

Figure Multisite Distributed Cisco Unified CME Network Topologyhttp://www.cisco.com/en/US/i/100001-200000/140001-150000/149001-150000/149942.jpg

LAN Infrastructure

LAN design is extremely important for proper IP telephony operation on a converged network. Proper LAN requires following configuration and design best practices for deploying a highly available network., proper LAN requires deploying end-to-end QoS on the network.

LAN Design For High Availability

Properly requires building a robust and redundant network from the top down. By structuring the LAN properly and developing the LAN infrastructure one step of the model at a time, you can highly available, fault tolerant, and redundant network. Once these layers have been can add network services such as DHCP and TFTP network functionality.

Power Over Ethernet (PoE)

PoE (or inline provided over standard Ethernet unshielded twisted-pair (UTP) cable. Instead of using wall power, IP phones and other inline powered devices (PDs) such Points can receive power provided by inline power-capable Catalyst Ethernet switches or power source equipment (PSE). Inline power is enabled by switches.

Deploying to receive power during power failure situations. Provided the rest of the telephony network is available during these periods of power failure, then IP phones continue making and receiving calls. You should deploy inline power-capable switches at access layer within wiring closets to provide inline-powered Ethernet ports for IP phones the need for wall power.

LAN Quality of Service (QoS)

Quality of issue in the enterprise campus because of the asynchronous nature of data traffic and the ability of network ate buffer overflow and packet loss. with new applications such as voice and video, which are sensitive to packet loss and delay, buffers and not are the key QoS issue in the enterprise campus.

Figure Data Traffic Oversubscription in the LANhttp://www.cisco.com/en/US/i/100001-200000/140001-150000/149001-150000/149933.jpg

This oversubscription, coupled with individual traffic volumes and the cumulative effects of multiple independent traffic sources, can result in the egress interface buffers to enter the egress buffer. The fact that campus switches use hardware-based buffers, which compared to the interface speed are much smaller than those found on WAN buffer overflow and dropped packets.

For applications such as voice, this packet loss and delay results in severe voice quality, QoS tools are required to manage and to minimize packet loss, delay, and delay variation (jitter).

types of QoS tools are needed from end to end on the network to manage traffic and ensure voice quality:

•Traffic classification

Classification involves of packets with a specific priority denoting a requirement for class of service (CoS network. The point at which these packet markings are trusted or not trusted is considered the trust. typically extended to devices (phones) and not to data devices (PCs).

•Queuing or scheduling

Interface queuing or involves assigning packets to one of several based on classification for expedited treatment the network.

•Bandwidth provisioning

Provisioning involves calculating the required bandwidth for all applications plus element.

WAN Infrastructure

WAN design is important for proper IP telephony operation on a converged network with two or more Cisco Unified CME systems or Cisco Unified CME systems along with Cisco Unified CallManager systems. If VoIP calls are exchanged between sites, WAN are important.

Proper infrastructure design requires following basic configuration and design best practices for deploying a WAN that is as available as possible and that provides throughput. proper WAN infrastructure design requires deploying end-to-end QoS on links.

WAN Design and Configuration Best Practices

Properly designing a WAN requires building fault-tolerant network links and planning for the possibility that these links might become unavailable. By carefully choosing WAN topologies, provisioning the required bandwidth, and approaching the WAN infrastructure as another layer in the network topology, you can build a fault-tolerant and redundant network.

Deployment Considerations

WAN deployments for voice networks must follow a hub-and-spoke topology, with a central hub site and multiple remote spoke sites connected into the central hub site.

WAN links should, when possible, be made redundant to provide higher levels of fault-tolerance. Redundant WAN links provided by different service providers or located in different physical ingress/egress points within the network can ensure backup bandwidth and connectivity in the event that a single link fails.

Voice and data should remain converged at the WAN, just as they are converged at the LAN. QoS provisioning and queuing mechanisms are typically available in a WAN environment to ensure that voice and data can interoperate on the same WAN links.

When deploying voice in a WAN environment, we recommend that you use the lower-bandwidth G.729 codec for any voice calls that will traverse WAN links because this practice will provide bandwidth savings on these lower-speed links.

Finally, recommendation G.114 of the International Telecommunication Union (ITU) states that the one-way delay in a voice network should be less than or equal to 150 milliseconds.

Guaranteed Bandwidth

Because voice is typically deemed a critical network application, it is imperative that bearer and signaling voice traffic always reaches its destination. For this reason, it is important to choose a WAN topology and link type that can provide guaranteed dedicated bandwidth. The following WAN link technologies can provide guaranteed dedicated bandwidth:

•Leased Lines

•Frame Relay

•Asynchronous Transfer Mode (ATM)

•ATM-to-Frame Relay Service Interworking

•Multiprotocol Label Switching (MPLS)

•Cisco Voice and Video Enabled IP Security VPN (IP Sec V3PN)

Best Effort Bandwidth

There are some WAN topologies that are unable to provide guaranteed dedicated bandwidth to ensure that network traffic will reach its destination, even when that traffic is critical. These topologies are extremely problematic for voice traffic, not only because they provide no mechanisms to provision guaranteed network throughput, but also because they provide no traffic shaping, packet fragmentation and interleaving, queuing mechanisms, or end-to-end QoS to ensure that critical traffic such as voice will be given preferential treatment.

The following WAN network topologies and link types are examples of best-effort bandwidth technology:

•The Internet

•DSL

•Cable

•Satellite

•Wireless

WAN Quality Of Service (QoS)

Before placing voice and video traffic on a network, it is important to ensure that there is adequate bandwidth for all required applications. After this bandwidth has been provisioned, voice priority queuing must be performed on all interfaces. This queuing is required to reduce jitter and possible packet loss if a burst of traffic oversubscribes a buffer. This queuing requirement is similar to the one for the LAN infrastructure.

Next, the WAN typically requires additional mechanisms such as traffic shaping to ensure that WAN links are not sent more traffic than they can handle, which could cause dropped packets.

The following sections highlight some of the most important features and techniques to consider when designing a WAN to support both voice and data traffic:

•Bandwidth Provisioning

•Traffic Prioritization

•Link Efficiency Techniques

•Traffic Shaping

Cisco CallManager Express Security Best Practices

Cisco CallManager Express (Cisco CME) provides integrated IP communications on Cisco IOS routers. Therefore, the same security best practices recommended for all Cisco IOS voice-enabled routers also apply to Cisco Unified CME. In addition, we should implement Cisco Unified CME system-specific security practices to provide additional security protection.

Here we discuss about how to set up the Cisco Unified CME using the CLI to prevent users from intentionally or accidentally gaining system-level control from the GUI and local or remote CLI access.

Securing GUI Access

A Cisco IOS router authenticates an administrator CLI login against the enable password only, and the default setting for HTTP access is ip http authentication enable. If the system administrator, customer administrator, or phone user has the same password as the router’s enable password, he or she can gain level 15 EXEC privilege access to Cisco IOS software by HTTP. A normal IP phone user can then accidentally change the Cisco Unified CME configuration, erase Flash, or reload the router when logging on to this URL:

http://cme-ip-address/

We should configure the following commands for Cisco Unified CME to use AAA or local authentication to prevent a normal user from gaining access to the enable password and therefore having access to the system administrator page:

ip http authentication aaa

or

ip http authentication local

Configuring Basic Cisco Unified CME Access Security

This section summarizes the measures available to ensure only authorized users and systems can access Cisco Unified CME system-based resources.

•Setting Local and Remote System Access

•Restricting Access to tty

•Configuring SSH Access

•Using ACLs for SNMP Access

•Disabling Cisco Discovery Protocol

•Configuring COR for Incoming and Outgoing Calls

•Restricting Outgoing Calling Patterns

Cisco CallManager Express Security for Telephony

There are a lot of security measures that can be taken to protect the telephony services in an office. Some of the security best practices concerned with IP telephony that can be implemented are:

•IP Phone Registration Control

•Monitoring IP Phone Registration

•Call Activity Monitoring and Call History Logging

•COR for Incoming/Outgoing Calls to Prevent Toll Fraud

•After-hours Blocking to Restrict Outgoing Calling Pattern-Toll Fraud

Cisco CallManager Express with NAT and Firewall

There are security services that can be implemented in the Network Address Translator and the Firewall which help keep the whole network secure thus providing security to IP telephony as well.

Managing and Monitoring Cisco CME Systems

There are many ways one can monitor and manage the Cisco CME systems. We will discuss some of the most used and efficient ways to configure a network to be monitored which in turn allows us to manage it more efficiently and effortlessly.

Configuring and Monitoring via Network Management Systems using Cisco CME AXL/SOAP Interface

You can integrate Cisco Unified CME with network management applications by using the Cisco Unified CME XML Layer (AXL) application programming interface (API). The AXL API provides a mechanism for inserting, retrieving, updating, and removing data from the Cisco Unified CallManager database using an XML SOAP interface. The AXL API allows programmatic access to Cisco Unified CallManager data in XML form instead of using a binary library or a Dynamic Link Library (DLL). The AXL API methods, or requests, are performed using a combination of HTTP and SOAP. The HTTP payload is encapsulated in SOAP, which is essentially an XML remote procedure call protocol. User requests send XML data to the Cisco Unified CallManager server, which returns an AXL response encapsulated in a SOAP message.

The Cisco CME AXL/SOAP Interface

The Cisco Unified CME AXL/SOAP APIs provide many capabilities for monitoring and configuring IP phones and extensions.

For monitoring, Cisco Unified CME AXL/SOAP APIs support the following:

•Getting static information

–ISgetGlobal—Gets global information

–ISgetDevice—Gets device information

–ISgetExtension—Gets extension information

•Getting dynamic information

–ISgetEvtCounts—Gets the number of events recorded in the buffer

–ISgetDevEvts—Gets device events if IP phones are in the register, unregister, or decease state

–ISgetExtEvts—Gets extension events (the virtual voice port is up or down)

•Setting information (configuring) and executing CLI

–ISsetKeyPhones—Sets the "key" phone

Testing the Cisco CME AXL/SOAP Interface

You might use the test page (xml-test.html) that is available with the Cisco Unified CME GUI files to verify that the Cisco Unified CME router is set up correctly to respond to AXL/SOAP requests. The following are the steps to set up and run the test page:

Step 1 Load xml-test.html into Flash.

Step 2 Configure the following on the Cisco Unified CME router:

Router(config)# ip http server

Router(config)# ip http path:flash

Router(config)# telephony-service mode

Router(config)# log password abcd

Router(config)# xmltest

Step 3 Enter the following URL in the browser:

http://ip-address of router/ISApi/AXL/V1/soapisapi.is

Step 4 When the Login window opens, log on as follows:

Username: any non-empty string

Password: abcd

Step 5 In the test page, input content into the form. The XML request is written to the form at the bottom. Go to the bottom of the page and click Submit.

Step 6 Try the preceding steps on your system. If you receive any errors, the following debugs on the router might help:

Router# debug ip http appinout

Router# debug ip http appdetail

Cisco CME 4.0 XML Configuration example

The following is an example Cisco Unified CME 4.0 XML configuration:

ip http server

! Enables http server

ixi transport http

no shutdown

! Assigns http as the transport method of IXI

ixi application cme

no shutdown

! Enables IXI’s CME application

telephony-service

xml user admin password cisco 15

! Configures privilege for CME XML interface

Managing Cisco CME Systems

There are again many ways that can be used to manage Cisco CME systems which are used by many network administrators. It depends on the network environment to decide on the best method that can be followed to manage the network. Here we will be discussing about the simple ways of managing a more generic network.

Managing a Standalone Cisco CME system

The network model that is used here shows a Cisco CME system branch office that connects to a SP VoIP network.

Figure Managing a Standalone Cisco Unified CME Systemhttp://www.cisco.com/en/US/i/100001-200000/140001-150000/149001-150000/149587.jpg

To manage a standalone Cisco Unified CME system, we recommend that we provision or configure the system by using the Cisco Unified CME Quick Configuration Tool (QCT) 3.0 to setup your system with basic functionality. we can, as option, use the CLI, the Cisco Unified CME setup utility, or the Cisco Unified CME GUI. This is sufficient for simple moves, adds, changes to the phones, and basic configuration changes for a standalone or single-site deployment.

Managing a Multisite Cisco CME Networks

Figure Managing a Multisite Cisco Unified CME NetworkCisco CME can also be deployed in a large-scale enterprise networks or in managed-services network. The network that is used here shows multiple small scale and medium businesses or enterprise branch office that uses Cisco CME and is connected to the SP VoIP network.http://www.cisco.com/en/US/i/100001-200000/150001-160000/158001-159000/158019.jpg

When deploying Cisco Unified CME systems in a multisite environment, provisioning, configuring, and managing only one Cisco Unified CME system at a time is insufficient.

Integrated Research Prognosis

Integrated Research Prognosis is a Cisco Partner tool that can be used for monitoring Cisco Unified CME and Cisco Unity Express. Prognosis provides the following monitoring functions:

•Call quality monitoring—Monitors latency, packet loss, jitter and MOS scoring

•Availability monitoring —Monitors dash board view of phone, device and call availability; monitors percentage of phones and devices up and down

•Call detail metrics—Monitors call types and route patterns, origin and duration of calls

•Key phone metrics—Monitors offhook, registration, mac-address data

•Configuration metrics—Monitors phone, h323 gateway, dial-peer, telephony-service, software/hardware inventory

•Systems and protocol monitoring—Monitors CPU and process memory, software version, application/voice traffic

Summary

Cisco CallManager Express delivers telephony features required by business users to meet the requirements of the small office or branch location. The Cisco Integrated Services Router offers high reliability and advanced applications including; IP telephony, VPN, firewall, encryption, dial access, Ethernet switching with Power over Ethernet, and content networking, within a single all in one platform, that is easy to deploy and maintain, resulting in a lower total cost of ownership (TCO).

As the business expands Cisco Unified CallManager Express can be easily migrated to a Cisco Unified CallManager large-scale IP telephony solution. All hardware and software used by this solution is fully compatible with Cisco CallManager Express and Cisco Unified Survivable Remote Site Telephony (SRST), giving the customers investment protection.

References

Reference 1

www.cisco.com

Reference 2

http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps4625/product_data_sheet0900aecd8041c303.html

Reference 3

https://learningnetwork.cisco.com/servlet/JiveServlet/previewBody/6346-102-1-20737/CCNA-Voice%20VoIP.pdf

Reference 4

http://www.cisco.com/en/US/docs/voice_ip_comm/unity_exp/rel2_1/ccm_gui/cmeguigd.html