Aug
07

Having passed the CCIE Voice 10 years ago, and having taught on the technologies surrounding both Voice and Collaboration ever since, one might think that the exam would be easy to pass. I can assure you that no matter how much you know, no CCIE exam is easy to pass. Cisco doesn't allow them to be. Every CCIE track requires hard work and preparation, even if it may, at first glance, seem somewhat of a repeat of things you already know. You may ask since I had the CCIE Voice already, why I didn't simply take the Collaboration Written exam and convert my cert to a CCIE Collaboration? The answer I think is pretty straightforward - it's the challenge!! Seeing if you still have it 10 years later. Seeing if what you've been teaching your students for 10 years is still up to par and still relevant. To take you back to when I passed CCIE Voice ten years ago, the track was literally brand new that year, and Cisco was testing on CallManager version 3.3, SIP wasn't anywhere to be found, and creating a hunt group meant tweaking Attendant Console to make it do things it shouldn't ever be expected to do (like work). I'm quite happy to find that I may still have 'it' and that my content is right on par and not only relevant on all accounts, but as always goes well above and beyond the minimum of what you need to know to pass the exam, and takes you into the deep inner-workings of the technologies and answers the all of the "why" questions. Bear in mind that we never create content with the singular goal of simply getting you "past" the lab exam (the people that can only barely pass the lab can't make it past a technical interview in the real world), but rather our focus is making you a true expert whereby, as a byproduct, you do pass the lab exam and quite handily at that. Over the past 10 years I've had the pleasure of helping over 1,500 people do just this, and it's been so enriching in my life to see their professional and personal lives bettered for it. So what took me so long to getting around to sitting for this new exam? Simply put - my schedule. As some of you may know, I've been teaching a lot of 2-week CCIE Data Center courses and 2-week CCIE Collaboration courses, as well as working on building all of the Collaboration racks and self-paced learning content, and quite frankly just hadn't found time in my schedule to get around to preparing to sit for and take the actual new lab exam until just a few weeks ago. So onto more of what you need to know and what it takes to be ready.

It's quite possible that I may be one of the only people besides Frog that possesses 3 or more CCIE's, where one of them is not Routing and Switching.

Firstly, what it's not. As I mentioned in a previous post, there isn't a whole lot of Cisco's "Collaboration" portfolio in the CCIE Collaboration written or lab exam blueprint. No TelePresence or DX/EX/MX/TX/SX or Codec endpoints (which differ vastly from simple 9971 phones), no MCUs, no WebEx, VCS-C / VCS-E Expressway (now Collab Edge), TMS or TPS in the exam. (Note: VCS/TMS are present in the backbone only – and all the hard work is on the VCS & TMS and out of the control of the student - you simply need to provide interop dialing with it.) This is much more of a Voice exam with a heavy video ephasis and a little bit of Jabber (8% of total score).

What do you need to know to be ready to sit for the exam? Since the new policy is now in effect that if you fail the exam twice that you have to wait 3 months before you're allowed to sit for it again, it is more important than ever to be 100% ready before you go sit for your first attempt, and that you pass on your first or second attempt before your momentum is severely interrupted by that 3 month stint. This is only one of the reasons that Brian, Brian, Petr and I have always recommended that you be able to do all of the CLI portion of your lab (whichever track) ... in Notepad. With no internet connection, no router tab-completion or ? context-sensitive help. And while you may misspell one or two things or occasionally forget an argument, that when you go to paste what you did in notepad, into your Cisco device, that 95% of it is syntactically correct, and that your logic is flawless. And as for your UCM web page configuration - that will obviously take up most of your time. While it's impossible to know what you will need to accomplish before you arrive, you need to be able to digest what they give you for tasks and visualize the entire call flow and any features, and go execute the configuration in UCM with no hesitation. As much as you may not like it - the CCIE exam remains an exam where not only accuracy, but also speed, are key. There is a lot to accomplish in 8 hours. An awful lot.

As I've been advocating heavily for over the past 5 years, you must be absolutely proficient with Globalized dial plans. With the likelihood of more than one cluster, configuring them must be second nature and not even something you think much about - rather something that you simply execute quickly using muscle-memory with absolute knowledge that what you are configuring will work cold. This may take a good deal of practice for some of you that still implement more traditional dial plans on a regular basis in your day jobs. Thankfully we have loads of content to prepare you for this critical key component of the exam. Not only have I just re-recorded the complete dial plan section (videos 83-105 including globalized dial plans as well as dynamic dial plans related to ILS/GDPR and CCD/SAF and Session Management Edition), but we also have loads of labs with heavy emphasis on globalized dialing in our CCIE Voice v3.5 workbooks, with new ones specifically aimed at the Collaboration track coming out very soon. The recent SRNDs as well as a number of Cisco Live can provide a lot of guidance as well. With that very core topic covered, it's on to SIP signaling and video, the other two topics that you will need to know cold. The good news about video is that you don't have to memorize how every endpoint treats video and what CUBE needs to do to pass it, but just a few endpoints - namely the Cisco 9971 phone and the Jabber for Windows client. It's no secret that the industry has heavily gravitated toward SIP trunks over the past 5 years, and that in any production environment today, you are working heavily with SIP and therefore also with CUBE or some flavor of Session Border Controller, and both the CCIE Collaboration written and lab exam reflect those very well. You should be able to read and completely deconstruct every SIP message that you come across in very quick fashion. We prepare you well for this. Video calling and video conferencing is the other bit that you will need to know cold. This guide contains complete samples for video conferencing configurations as well as good info specifically about 9971 phones and their RTP payload type and how it differs from platform to platform (CUCM vs CME). CUBE, Cisco's SBC is something that is heavily used in real-world deployments, is on the blueprint, and should be taken seriously. There is a ton you can do with CUBE, and you should know it well. Read and know this guide inside and out. I will be hosting a live class on CUBE the week of Sept 1-5, and that content will get added to the CCIE Collaboration ATC playlist. Beyond that there are of course the usual topics: Codec Preference and Region control, CME, Unity Connection, Unity Express and Contact Center Express - all of which are important but shouldn't take you very long to think about and configure at all, with the exception of CME - that can be a bit tedious in taking a while to key in all of the CLI configuration with both SIP and SCCP phones to consider, as well as dial plan with Voice Translation Rules.

Speaking earlier of building the new Collaboration racks, I'd like to provide some guidance on a few different options for either building your own racks that will contain everything you will need to completely prepare you for your exam or else building differing stages of a partial rack coupled with supplementing your own rack practice with rental sessions from INE to give you access to the more expensive bits of the rack that you needn't bother with purchasing. Of course there is always the option to rent all of your rack time from us, however this option doesn't obviate the need for roughly $1,000 USD in hardware, as you simply cannot adequately prepare for this exam without having 3x 9971 and 3x 7962 Cisco IP phones physically in front of you (to dial/hear-audio/see-video/hear-audible-results-from-dtmf-key-presses/etc), connected by Layer 2 back to our racks (This is still far less expensive than the $20,000 price tag that it costs to build a full rack). Remotely controlling phones was something you -to some degree- could get away with on the previous version of the CCIE Voice exam, but it is simply not an option with this new version of Collaboration*.

Here is the list of what Cisco has in the actual lab exam and we have mirrored our racks around this build list. Here is a complete list of our hardware and server builds, and throughout that same guide you can find everything you need to know to connect to and use our Collaboration racks.

Option 1 - Complete Rack Rental
This option will provide you with the easiest option in terms of time to get up and running. With this option you should plan to rent roughly 700-1000 hours of rack time.

What you will need:

  • 1x Cisco router for EzVPN and L2TPv3
  • 1x Cisco switch for QinQ tunneling and L2VPN
  • 3x 9971 IP phones with CP-CAM USB backpack
  • 3x 7962 IP phones

Full details for this option in terms of hardware, software and configurations can be found beginning on this page of our Collaborations Rack Rental Guide.

Option 2 - Fully Virtualized Solution Augmented with Lots of Rack Time
This option will provide you with a very inexpensive way to get started in your studies and be able to practice maybe around 25% of the necessary tasks - including globalized dial plans but with all SIP trunking. You will definitely need to rent plenty of rack time to augment your studies with this solution, but this will get you started. I would estimate that you would still need to rent roughly 500-700 hours of rack time with this option.

What you will need:

Cisco uses a UCS C-Series server for their hardware, but this is not necessary as you have no access to the UCSM in the lab exam, so any server will do. A server like this can typically be found online used for around $300-$500 USD.
Access to the Cisco NFR bundle is something that only Partners have access to and only costs around $300 for everything you need, but if you are not a partner, you will not be able to purchase this software. If you have a proper service contract, you may be able to download the software from Cisco.com and register for the 6-month demo license, but I don't believe you will be able to get another 6-month license after the first has expired. You will then need to revert to having to rebuild all of the servers every 60 days. Without either, this will make it impossible to build your own servers without purchasing full licenses - which is an incredibly expensive option.

Option 3 - Entry Level Full Rack (no ISR-G2s) Augmented with Rack Time
This option will provide you with a semi-inexpensive way to get started in your studies and be able to practice approximately 65-70% of the necessary tasks - including all phone features except for Video conferencing. You will still need to rent a decent amount of rack time to augment your studies for video conferencing and full-lab practice sessions with this solution, but this is a great, (comparatively) inexpensive option. I would estimate that you would still need to rent roughly 200-250 hours of rack time with this option.

What you will need:

  • All of Option 2 (Server/software)
  • 4x 2811 ISR (Gen1) routers with PVDM2s and VWIC2-1MFT-T1/E1s for site and PSTN PRI gateways and audio-only transcoding and conferencing
  • All of Option 1 hardware for augmented rack rental sessions

This rack should cost you somewhere close to $5,000 USD to build.

Option 4 - Near Complete Full Rack (1 ISR-G2) Augmented with Rack Time
This option will provide you with a way to practice approximately 95-99% of the necessary tasks - including Video conferencing and the latest CUBE features. You may still wish to rent some rack time simply to have a few full-lab practice sessions with all routers running 15.2(4)M code and the possibility of having multiple video conference bridges and/or video transcoding devices, but you also may find this unnecessary as you can just move around your tasks to accommodate everything on your single ISR-G2.

What you will need:

  • All of Option 2 (Server/software)
  • 1x 2911 ISR-G2 router with 1x PVDM3-32 (or 2x PVDM3-16) and 1x VWIC3-1MFT-T1/E1s for HQ
  • 3x 2811 ISR (Gen1) routers with PVDM2s and VWIC2-1MFT-T1/E1s for Site B/C and PSTN PRI gateways and audio-only transcoding and conferencing
  • SRE-710 for Unity Express

This rack may cost you somewhere close to $12,000 USD to build. There is an embedded demo license with Cisco Unity Express on the SRE module that simply needs to be activated, however it should be noted that it will only last you 60 days, at which time you will need to re-install the software completely to get any sort of extension to this demo period.

Of course you can also always build an entire rack with everything we have listed (all 2911s) in our Rack Rental Guide, but this will cost you probably around $20,000 in hardware alone, before any licensing costs.

*As a side note from above, we do provide a single 7961 phone at each site physically connected to our racks that renters may remotely control, but we do this as a mere courtesy for those that cannot afford to purchase their own right away and simply need to test a few basic dial plan and softkey functions, and we do not intend for this to be a complete replacement to having your own phones connected to us via L2VPN. If you chooe this option initially, just know that at some point during your studies you will in fact need to have them in front of you connected to us with our L2VPN option. Also, we don’t provide 9971 because the remote control is next to impossible (it is impossible to predict a reliable response, and many times the phone simply won’t respond at all). Also, while on our racks, you can practice 2-way and 3-way video with the Jabber for Windows clients we provide at the HQ, Site B and PSTN/Backbone sites. They all have cameras attached and will allow you to practice point-to-point video as well as video conferencing with the PVDM3 video conference bridge that you can build at any of the sites.

Also, for connecting back to our racks via L2VPN, I recommend the Cisco 1841 router and the Catalyst WS-C3560-8PC wwitch since it's an 8-port PoE that is fanless (read quiet), however if you're on a super-tight budget, you can get away with 2611XM (must be XM) router and a Catalyst 3550 switch with PWR-CUBE-4 (note the 3550 Inline Power won't adequately power the 9971 phones). Again guidance for all of this can be found in our Rack Rental Guide.

I hope this has provided some good insight and help for those that are working toward accomplishing the CCIE Collaboration, and please comment below on anything you can think that might be useful to add to this article for yourself or others studying, and I will be happy to update it.

Aug
20

Many businesses globally - large and small alike - have been converting calls from routing over traditional PSTN carrier trunks - such as E1 & T1 PRI or CAS - to much lower cost, yet still high performance, SIP ITSP (Internet Telephony Service Provider) trunks for years now. INE is no different than your business with regard to this - we have been using SIP trunks in lieu some traditional PSTN calling for years now as well. In fact, in response to a US Federal Communications Commission sub-commitee's exploration on "PSTN Evolution" in December 2009, a representative from the US carrier AT&T described the traditional circuit-switched PSTN as "relics of a by-gone era", and said that "Due to technological advances, changes in consumer preference, and market forces, the question is when, not if, POTS service and the PSTN over which it is provided will become obsolete" - source: Reuters [emphasis mine].

The challenge however, becomes that every SIP ITSP carrier has a slightly different way of implementing these sorts of trunks, and each has different provider network equipment that you, the customer, must connect to, and interoperate (properly) with. If you are a large national or multinational business, you may for instance sometimes even connect to two or three different types of provider network equipment, between possibly having multiple contracts with multiple carriers, and even sometimes having to deal with different provider equipment within a single carrier's network.

Now while you both speak the same agreed upon language (namely SIP), it seems more often than not that you don't always seem to speak exactly the same dialect of that language. This presents a major challenge in that calls and supplementary services (such as Hold, Resume, Blind Transfer, Semi-Attended Transfer, Fully-Attended Transfer, Forwarding, Faxing, etc) don't behave as expected, or worse, that some functions don't work at all.

It is not that SIP isn't fully mature yet (it will turn 15 years old next year and has been widely used for over 10 years now), or that it is fully standardized and therefore governed by those IETF standards and working groups, it is simply that - as every one of us in the field for any respectable amount of time now knows - not every equipment vendor chooses to implement every single extension and option defined in every IETF RFC for SIP. I mean, have you ever actually looked at how many RFCs there are that deal with not just the core functions, but describe every option and extension to the SIP protocol? There are well over 100 RFCs! Therein lies the problem.

So what are we to do? Cisco Unified Border Element to the rescue! Today we will cover just a few of CUBE's ability to perform SIP Normalization to allow optimum interoperability with many various SIP ITSPs.

At its base, CUBE consists of allowing both inbound and outbound call legs to be of the type VoIP. Here we first explore a very basic configuration where we have 2 Inbound/Outbound Dial-Peers (depending on which direction the call originates from) To/From the CUCMs in the cluster, and 2 Inbound/Outbound Dial-Peers To/From a fictional AT&T SIP ITSP trunk. We are allowing a codec negotiation and also possibly a DTMF relay internetworking between CUBE  and the CUCMs on Dial-Peer's 101 & 102 (we needed both of these for another utility on this router using the SIP stack), while allowing for the codec of G.729 Annex B on the AT&T carrier side in Dial-Peers 1001 & 1002. We are also load balancing calls between both of the CUCM Subscriber servers and also between both of the SBCs on AT&T's side that they have given us to peer with. We see this here:

!
ip domain retry 0
ip domain timeout 2
ip domain name ine.com
ip name-server 177.1.100.110
!
voice service voip
address-hiding
allow-connections sip to sip
redirect ip2ip
sip
bind control source-interface Loopback0
bind media source-interface Loopback0
header-passing error-passthru
midcall-signaling passthru
g729 annexb-all
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
dial-peer voice 101 voip
description ** TO/FROM CUCM SUBSCRIBER 1 **
destination-pattern 2065011...$
voice-class codec 1
session protocol sipv2
session target ipv4:177.1.10.20
incoming called-number .
dtmf-relay sip-kpml rtp-nte
!
dial-peer voice 102 voip
description ** TO/FROM CUCM SUBSCRIBER 2 **
destination-pattern 2065011...$
voice-class codec 1
session protocol sipv2
session target ipv4:177.1.10.25
dtmf-relay sip-kpml rtp-nte
!
dial-peer voice 1001 voip
description ** TO/FROM SIP ITSP - AT&T SBC 1 **
destination-pattern +T
voice-class sip localhost dns:corphqr1.ine.com
session protocol sipv2
session target dns:sip1.att.com
incoming called-number 2065011...$
dtmf-relay rtp-nte
codec g729br8
!
dial-peer voice 1002 voip
description ** TO/FROM SIP ITSP - AT&T SBC 2 **
destination-pattern +T
voice-class sip localhost dns:corphqr1.ine.com
session protocol sipv2
session target dns:sip2.att.com
incoming called-number 2065011...$
dtmf-relay rtp-nte
codec g729br8
!
dial-peer hunt 1
!
!
voice service voip
allow-connections sip to sip
sip
bind control source-interface Loopback0
bind media source-interface Loopback0
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
!
!
dial-peer voice 101 voip
description ** TO/FROM CUCM SUBSCRIBER **
destination-pattern 2065011...$
voice-class codec 1
session protocol sipv2
session target ipv4:177.1.10.20
incoming called-number .
dtmf-relay frtp-nte
!
dial-peer voice 102 voip
description ** TO/FROM CUCM PUBLISHER **
preference 1
destination-pattern 2065011...$
voice-class codec 1
session protocol sipv2
session target ipv4:177.1.10.10
dtmf-relay rtp-nte
!
dial-peer voice 1001 voip
description ** TO/FROM SIP ITSP - AT&T SBC 1 **
destination-pattern +T
voice-class sip localhost dns:corphqr1.ine.com
session protocol sipv2
session target dns:sip1.att.com
incoming called-number 2065011...$
dtmf-relay rtp-nte
!
dial-peer voice 1002 voip
description ** TO/FROM SIP ITSP - AT&T SBC 1 **
destination-pattern +T
voice-class sip localhost dns:corphqr1.ine.com
session protocol sipv2
session target dns:sip2.att.com
incoming called-number 2065011...$
dtmf-relay rtp-nte
!
dial-peer hunt 1

Now what if we have a carrier who wants to see our specific domain name (ine.com) after the @ in the Contact header of a SIP INVITE request message (so 2065011001@ine.com   vs.   2065011001@177.1.254.1), possibly for something like compliance with SIP Asserted-Identity? Let's look at what the SIP INVITE might look like prior to any modification to the above configuration:

Sent:
INVITE sip:+12065015111@sip2.att.com:5060 SIP/2.0
Via: SIP/2.0/UDP 177.1.254.1:5060;branch=z9hG4bK2BAFFD
Remote-Party-ID: "Jack Shepherd" <sip:2065011001@corphqr1.ine.com>;party=calling;screen=yes;privacy=off
From: "Jack Shepherd" <sip:2065011001@corphqr1.ine.com>;tag=8074E2B0-20E7
To: <sip:+12065015111@sip2.att.com>
Date: Fri, 20 Aug 2010 02:34:27 GMT
Call-ID: 9FE12628-A81511DF-8700FC78-AA8D9DEB@corphqr1.ine.com
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2682052728-2819953119-2264595576-2861407723
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Timestamp: 1281926067
Contact: <sip:2065011001@177.1.254.1:5060>
Expires: 180
Allow-Events: telephone-event
Max-Forwards: 69
Session-Expires: 1800
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 292

v=0
o=CiscoSystemsSIP-GW-UserAgent 5117 3857 IN IP4 177.1.254.1
s=SIP Call
c=IN IP4 177.1.254.1
t=0 0
m=audio 16532 RTP/AVP 18 100 19
c=IN IP4 177.1.254.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:100 telephone-event/8000
a=fmtp:100 0-15
a=rtpmap:19 CN/8000
a=ptime:20

So what can CUBE do about this? CUBE can alter the contents of any header in any SIP or SDL header of any request or response (SDL or "Session Description Language" is where things like media, DTMF relay, etc are negotiated - you see a SDL sub-component of the above SIP INVITE  message - which is known as a "SIP Early Offer"). So let's tell CUBE to alter that Contact header of that particular INVITE message, but only out to AT&T. As a preface to our configuration example, it is worth noting that SIP Profiles allow for pattern matching and replacement in a similar (but not exact) method to that of Voice Translation Rules, and like them, are based (loosely) on the GNU SED stream editor. We will use this to match and replace a few possible dynamic values of the string. Like Voice Translation Rules, reference "sets" of matched information in the replacement string with \1 which calls Set 1 from the matched pattern to the replacement pattern. Also like Voice Translation Rules, any part of the string (beginning or end) that we don't match, passes through to the replacement pattern, unaltered.
!
voice class sip-profiles 1
request INVITE sip-header Contact modify "<sip:(.*)@(.*):5060>" "<sip:\1@ine.com:5060>"
!
dial-peer voice 1001 voip
voice-class sip profiles 1
!
dial-peer voice 1002 voip
voice-class sip profiles 1
!

Now let's take a look at what that did to the contents of our Contact header in a new call, and thus a new SIP INVITE message that we send out to AT&T:

Sent:
INVITE sip:+12065015111@sip2.att.com:5060 SIP/2.0
Via: SIP/2.0/UDP 177.1.254.1:5060;branch=z9hG4bK2BAFFD
Remote-Party-ID: "Jack Shepherd" <sip:2065011001@corphqr1.ine.com>;party=calling;screen=yes;privacy=off
From: "Jack Shepherd" <sip:2065011001@corphqr1.ine.com>;tag=8074E2B0-20E7
To: <sip:+12065015111@sip2.att.com>
Date: Fri, 20 Aug 2010 02:34:27 GMT
Call-ID: 9FE12628-A81511DF-8700FC78-AA8D9DEB@corphqr1.ine.com
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2682052728-2819953119-2264595576-2861407723
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Timestamp: 1281926067
Contact: <sip:2065011001@ine.com:5060>
Expires: 180
Allow-Events: telephone-event
Max-Forwards: 69
Session-Expires: 1800
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 292

v=0
o=CiscoSystemsSIP-GW-UserAgent 5117 3857 IN IP4 177.1.254.1
s=SIP Call
c=IN IP4 177.1.254.1
t=0 0
m=audio 16532 RTP/AVP 18 100 19
c=IN IP4 177.1.254.1
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:100 telephone-event/8000
a=fmtp:100 0-15
a=rtpmap:19 CN/8000
a=ptime:20

Excellent! It did exactly what we asked it to!

There are many other things that the Cisco's UBE can do for us, and we have only covered one small one here in this article. For a lot more great information on this product check out INE's Class-on-Demand CCIE Voice Deep Dive for CUBE. By the way, Cisco's implementation of what others in the industry might label a "SBC" (Session Border Controller), goes far beyond what other industry SBCs are able to offer in terms of both features and scalability (CUBE hardware support ranges from ISRs for SMBs, up through ISR-G2s and ASRs for Enterprises, up to the 12000 series routers for SPs). I will cover many more of the offered features of the CUBE in follow-up postings, so stay tuned!

I will leave you with a great Cisco article describing some basic functionality of CUBE and SIP Normalization, and also a lot of great Cisco configuration examples from live SIP ITSP trunks that Cisco has installed and tested with in their RTP labs, as well as live PBX integrations that they have performed, and subsequently written up these "recommended practice" documents.

Subscribe to INE Blog Updates

New Blog Posts!