Trusted Relay Point configuration

The Cisco Unified Communications system can be deployed in a network virtualization environment. Cisco Unified Communications Manager enables the insertion of trusted relay points (TRPs). The insertion of TRPs into the media path constitutes a first step toward VoIP deployment within a virtual network.

The underlying network infrastructure comprises one of the key shared assets in an overall network design. A number of customer use cases require support for network infrastructure virtualization, such as the following examples:

-Guest internet access

-Partner access

-Departmental or divisional separation

-Subsidiaries/mergers and acquisitions

-Application segregation (data/voice)

All these applications include a requirement to maintain traffic separation on the network device as well as between network devices.

Traffic separation translates into concepts such as Virtual Routing and Forwarding (VRF). VRF allows multiple instances of a routing table to co-exist within the same router at the same time. In a virtualized network, these different routing domains, or VRFs, typically cannot communicate directly without transiting through the data center.

This situation challenges applications such as Cisco Unified Communications, where devices in the data VRF domain, such as software endpoints running on PCs, need to communicate directly with hard phones in the voice VRF domain without hairpinning media in the data center and without directly exposing the voice and data VRFs to each other.

Below a sample configuration off TRP.  This sample setup will force softclient RTP streams (voice or video) through the MTP control point in the router. In this router you might want to add additional security settings (FW, ACL, QOS,…). We will focus here on the basic TRP configuration in the  Cisco callmanager and  ISRG2 router.

Basic Principle:

Setup:

As you can see in this setup we make a direct call between a Cisco EX90 and the CUPC client. Both devices are registered to the Callmanager 8.6.

 

Configurations: 

ISRG2 Configuration:

!

voice-card 0

dspfarm

dsp services dspfarm

!

interface Loopback0

ip address 12.0.0.1 255.255.255.0

no ip redirects

!

interface GigabitEthernet0/0

ip address 10.0.0.10 255.255.255.0

no ip redirects

no ip unreachables

duplex auto

speed auto

no mop enabled

hold-queue 1024 in

!

interface GigabitEthernet0/1

ip address 11.0.0.1 255.255.255.0

duplex auto

speed auto

!

ip route 0.0.0.0 255.255.255.255 10.0.0.11

!

sccp local Loopback0

sccp ccm 10.0.0.3 identifier 1 version 7.0

sccp

!

sccp ccm group 1

description register to callmanager 10.0.0.3

bind interface Loopback0

associate ccm 1 priority 1

associate profile 1 register MTP00254530ab00

keepalive retries 20

!

dspfarm profile 1 mtp

codec g711ulaw

codec pass-through

maximum sessions software 50

associate application SCCP

Cisco CallManager Configuration:

First remark do not forget to look at the following parameter depending on the policy you want to follow:

Cisco Unified Communications Manager uses the following service parameter with trusted relay points:

•Fail Call If Trusted Relay Point Allocation Fails

This service parameter, which is found in the Clusterwide Parameters (System – General) section, determines whether a call that requires a Trusted Relay Point (TRP) is allowed to proceed if no TRP resource is available. Valid values specify True (the call fails if no TRP resource is available) or False (the call proceeds regardless even if a TRP resource is not available).

Step 1: Configure the MTP resource (residing in the ISRG2 router).

Remark that below the MTP definition corresponds with the

associate profile 1 register MTP00254530ab00 line in the Cisco Router.

Step 2:  Add the MTP resources to your media resource group and add it to to the media resource group list , so you can activate the resource later on to your soft client definition.

Step 3:

Configure your client device and make sure to activate TRP (on) & add the previously defined media resource group list.

In our case device jderidde3.

Monitoring:

To verify what is happening in the network can use the following IOS commands on the ISRG2:

Start with sho dspfarm profile

It will give you the view wether the MTP resource is associated with the callmanager.

Dspfarm Profile Configuration

Profile ID = 1, Service = MTP, Resource ID = 1

Profile Description :

Profile Service Mode : Non Secure

Profile Admin State : UP

Profile Operation State : ACTIVE

Application : SCCP   Status : ASSOCIATED

Resource Provider : NONE   Status : NONE

Number of Resource Configured : 50

Number of Resource Available : 50

Hardware Configured Resources : 0

Hardware Available Resources : 0

Software Resources : 50

Codec Configuration: num_of_codecs:2

Codec : g711ulaw, Maximum Packetization Period : 30

Codec : pass-through, Maximum Packetization Period : 0

Note that MTP resource supports sRTP as well, so you might want to activate this to make your TRP even more secure.

For the full statistics output use: show sccp output

You will see in the stats the RTP ports both voice & video streams pass (EX90 – CUPC):

ef sess_id    conn_id      stype mode     codec   sport rport ripaddr conn_id_tx

16778249   16777372     mtp   sendrecv pass_th 31820 16646 10.0.0.16

16778249   16777371     mtp   sendrecv pass_th 28694 16644 10.0.0.16

16778249   16777370     mtp   sendrecv pass_th 22942 32596 11.0.0.2

16778249   16777369     mtp   sendrecv pass_th 29008 16790 11.0.0.2

Have fun!

About these ads
Follow

Get every new post delivered to your Inbox.

Join 25 other followers

%d bloggers like this: