WIXLIB

Oracle Enterprise Session Border Controllerand Cisco Jabber and Phoneswith Cisco Call Manager(SIP/TCP and voice-only)Technical Application Note

DisclaimerThe following is intended to outline our general product direction. It is intended for information purposes only, and may not beincorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be reliedupon in making purchasing decisions. The development, release, and timing of any features or functionality described forOracle’s products remains at the sole discretion of Oracle.2

Table of Contents1.Intended Audience . 41.1.2.Document Overview. 4Introduction . 52.1.2.2.2.3.Audience. 5Requirements . 5Lab Configuration . 53.Configuring the Cisco Call Manager (CUCM) . 64.Configuring the Cisco Unity Connection (CUC) Server for Jabber . 75.Configuring the Jabber Clients. 86.Configuring the Cisco Phones . 97.SIP Messaging Capacity Considerations with Jabber . 108.Configuring Outside (Access Side) DNS . 139.Configuring the Oracle Enterprise SBC . 149.1.9.2.9.3.9.4.9.5.In Scope . 14Out of Scope . 14What will you need . 14Configuring the SBC . 15SIP/TCP and RTP Configuration . 1710.Test Plan Executed – Jabber . 3611.Test Plan Executed – Cisco Phones . 3712.Troubleshooting Tools . 3813.Appendix A. 40

1. Intended AudienceThis document is intended for use by Oracle Systems Engineers, third party Systems Integrators, and end users of theOracle Enterprise Session Border Controller (E-SBC). It assumes that the reader is familiar with basic operations of theOracle Enterprise Session Border Controller.1.1. Document OverviewCisco Jabber clients, phones and Cisco Call Manager (CUCM) offer the ability to utilize Unified Communications (UC) andVoice over IP (VoIP) over the enterprise network. This reduces the cost and complexity of offering voice services withinthe enterprise. Oracle Enterprise Session Border Controllers (E-SBCs) play an important role in SIP access environmentsto protect the core call controller (CUCM) from rogue endpoints and denial of service attacks.This application note has been prepared as a means of ensuring that SIP access between Cisco Call Manager,Oracle E-SBCs, Cisco Jabber clients, and Cisco phones are configured in the optimal manner.It should be noted that the E-SBC configuration provided in this guide focuses strictly on the Cisco Jabber, phone, andCUCM associated parameters. Many E-SBC users may have additional configuration requirements that are specific toother applications. These configuration items are not covered in this guide. Please contact your Oracle representativewith any questions pertaining to this topic.TheFor additional information on Cisco Jabber and CUCM, please visit land er/index.html.

2. Introduction2.1. AudienceThis is a technical document intended for telecommunications engineers with the purpose of configuring the OracleEnterprise Session Border Controller, the Cisco Jabber client, Cisco phones, and Cisco Call Manager (CUCM). There willbe steps that require navigating CUCM as well as the Oracle E-SBC Command Line Interface (CLI). Understanding thebasic concepts of TCP/UDP, IP/Routing, and SIP/RTP are also necessary to complete the configuration and fortroubleshooting, if necessary.2.2. Requirements Fully functioning CUCM deployment, including DNS on the outside (access side) and inside (core side) of the SBC CUCM version 10.5.2.10000-5 Cisco Jabber client version 10.6.0 and/or Cisco Phones (Cisco 7975, 8961, and 9971 were tested) Oracle Enterprise Session Border Controller running nnECZ730p2.2.3. Lab ConfigurationThe following diagram illustrates the lab environment created to facilitate testing.10.232.50.86Cisco 9971 (User C) 1.732.216.270910.232.40.86Cisco 9971 (User D)C I S C O IP P H O N E7941 S E R IE SC IS C O I P P H O N E7941 S E R I E SCisco 8961 1.732.216.2715C IS C O I P P H O N E7941 S E R I E S14GHI5JKL6MN O8TUV9W XYZ0O PER## DNSOracle SBC 12ABCCisco UnityConnectionVoicemail Server10.232.50.1033D EF?4GHI5JKL6MN O8TUV9W XYZ0O PER#7PQ R S* CoreNetworkAccessNetworkC IS C O I P P H O N E7941 S E R I E S2ABC6MNO9W XYZ3D EF-*13D EF5JKL8TUV0O PER-*2ABC?7PQ R SCisco 7975 1.732.216.27162ABC?4GHI7PQ R S1DNS3D EF?4GHI5JKL6MN O8TUV9W XYZ0O PER#7PQ R S* 10.232.40.1010.232.50.10Cisco CallManager10.232.50.89Jabber User B 1.732.216.2711Jabber User A 1.732.216.2714

3. Configuring the Cisco Call Manager (CUCM)The only special configuration required on CUCM to interoperate with the Oracle SBC is ensuring a hostname is used inthe configuration instead of an IP address.The hostname sent to the Jabber clients and phones in their config files is set in the Cisco Unified CM Administrationpage under System Server. This needs to be a hostname, not an IP address. The Jabber client will do a DNS SRVquery on“ cisco-uds. tcp.customer.com”, where “customer.com” is the domain-suffix defined on the Jabber PC, which will returnan A-record, such as“CUCM-Cisco.customer.com”. The Jabber client will then do a DNS query on“CUCM-Cisco.customer.com”, which should resolve to the SBC’s access-side IP address, or 10.232.40.10 in thisdocument. The client will then download its config file from CUCM via the SBC, and the config file will have “CUCMCisco” as the Call Manager name. Here is an excerpt from the Jabber and phone config files: member priority "0" callManager name CUCM-Cisco /name description CUCM-Cisco /description The phones use DHCP to determine where to download their config files from, with DHCP option 150 specifying theSBC’s access side IP address. The phones will then do a DNS query on “CUCM-Cisco.customer.com” which will alsoresolve to the SBC’s access-side IP.WARNING: changing this hostname value may impact CUCM and should be done with caution and in strictaccordance with Cisco documentation.

4. Configuring the Cisco Unity Connection (CUC) Server forJabberThere is an issue with the default Cisco Unity Connection (CUC) voicemail server settings as they are not compatiblewith Jabber. To correct this, login to CUC, select Users, then click on the individual Jabber user, then select Edit Password Settings, then select Web Application from the drop-down box, and uncheck “User Must Change at NextSign-In”.

5. Configuring the Jabber ClientsThere is no special configuration required on the Jabber clients. The Advanced Settings should be their defaults:

To configure the user’s voicemail username and password, select File, then Options, then Accounts:6. Configuring the Cisco PhonesThere is no special configuration required on the Cisco phones. They should be configured to use DHCP.

7. SIP Messaging Capacity Considerations with JabberThe following diagram (two pages) depicts a typical call with video enabled on both endpoints. Even though user B did not have acamera on their laptop, it still resulted in a large number of REFER and 202 Accepted messages related to video. Disabling videoon CUCM for these users cut down from 38 REFERs/202s to 16, significantly reducing the number of SIP messages per callbetween Jabber users, with the total number of messages decreasing from 52 messages down to 34, or 17 messages per user percall. This is still 10 more messages than a typical VoIP call (INVITE, 100 Trying, 180 Ringing, 200 OK, ACK, BYE, 200 OK).To disable video for each user in CUCM, go to Device Phone, then click on the Device Name (Line). Under the Product SpecificConfiguration Layout section, set Video Calling to Disabled. Note that this also disables screen sharing capabilities.

Jabber User AJabber User BOracle SBCCisco Call ManagerINVITE100 TryingINVITE100 TryingINVITE100 TryingINVITE100 Trying180 RingingREFER180 RingingREFERREFER180 RingingREFERREFER202 Accepted202 Accepted202 AcceptedREFER202 Accepted180 RingingREFERREFERREFERREFERREFER202 Accepted202 Accepted202 AcceptedREFER202 Accepted202 Accepted202 Accepted200 OK200 OKACK200 OKACK200 OKACKACKREFERREFER202 Accepted202 AcceptedREFERREFER202 AcceptedContinued on next page

Jabber User AJabber User BOracle SBCCisco Call Manager202 AcceptedREFERREFER202 Accepted202 AcceptedREFERREFERREFER202 Accepted202 AcceptedREFERREFERREFER202 Accepted202 Accepted202 Accepted202 AcceptedREFERREFER202 Accepted202 AcceptedREFERREFER202 Accepted202 AcceptedREFERREFER202 Accepted202 AcceptedBYEBYEBYEBYE200 OK200 OKNOTIFYNOTIFY200 OK200 OKREFERREFER202 Accepted202 AcceptedREFERREFER202 Accepted202 AcceptedREFERREFER202 Accepted202 AcceptedREFERREFER202 Accepted200 OK202 Accepted200 OK

8. Configuring Outside (Access Side) DNSThe following entries are required in the outside (access side) DNS server, accessible to the Jabber clients and phones.SRV record 1 (required only for Jabber)Domain: customer.com (change this to be your customer’s domain)Service: cisco-udsProtocol: tcpPriority: 0Weight: 0Port Number: 8443Host offering service: CUCM-Cisco (change this to be CUCM’s hostname)A record 1 (required for Jabber and phones)FQDN: CUCM-Cisco.customer.com (change this to be your customer’s FQDN)IP address: 10.232.40.10 (the SBC’s outside/access side IP)DNS records in the Oracle lab DNS zone file (Linux DNS server):CUCM-Ciscocisco-uds. tcpININASRV010.232.40.1008443CUCM-Cisco

9. Configuring the Oracle Enterprise SBCIn this section we describe the steps for configuring an Oracle Enterprise SBC, formally known as an Acme Packet Net-Net SessionDirector (“SBC”), for use with the Cisco Jabber client, Cisco phones, and Call Manager (CUCM) server.9.1. In ScopeThe following guide configuring the Oracle SBC assumes that this is a newly deployed device dedicated to a single customer.Please see the ACLI Configuration Guide on http://docs.oracle.com/cd/E61547 01/index.htmfor a better understanding of the Command Line Interface (CLI).Note that Oracle offers several models of the SBC. This document covers the setup for the 1100, 3820, 4500, 4600, and 6300platforms running OS E-CZ730p2. If instructions are needed for other Oracle SBC models, please contact your Oraclerepresentative.9.2. Out of Scope Configuration of Network management including SNMP and RADIUS.Configuration of Distributed Denial of Service (DDoS) protection parameters as these are based on individual customerrequirements.Configuration of High Availability (HA).SIP/TLS and SRTP are not currently supported by the Oracle SBC with Cisco Jabber, phones, and CUCM.9.3. What will you need RJ45/DB9 serial adapter provided with the SBC, along with a straight-through Ethernet cable to go from the adapter to theSBC’s console port on the front of the SBC. Terminal emulation application such as PuTTY or HyperTerm Passwords for the User and Superuser modes on the Oracle SBC IP address to be assigned to management interface (eth0, labeled Mgmt0 on the SBC chassis) of the SBC - the eth0management interface must be connected and configured to a management network separate from the serviceinterfaces. Otherwise the SBC is subject to ARP overlap issues, loss of system access when the network is down, andcompromising DDoS protection. Oracle does not support SBC configurations with management and media/serviceinterfaces on the same subnet. IP addresses of the Cisco Call Manager (CUCM) and Cisco Unity Connection (CUC) servers IP addresses to be used for the SBC internal and external facing ports (Service Interfaces)