from:"Ryan Huff"

Re: [cisco-voip] e911

2018-03-07 Thread Ryan Huff

Legal language aside, I see this as a HUGE area for VARs to get into civil 
torts with customers.

Ideally the end customer is the true owner and stakeholder of the MLTS however; 
when levied with a government fine (presumably how it would be handled), due to 
e911 malfeasance, who was the last one to touch it?

Document everything, get sign off on everything and proceed with caution :) 
brothers and sisters.

Sent from my iPhone

On Mar 7, 2018, at 22:10, Anthony Holloway 
<avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote:

I'd be cautious with this one.

1) You penalize actual emergency calls from connecting as quickly as possible.  
Do you really want to be the person responsible for that?

2) You penalize the entire cluster by changing a global parameter, for the 
occasional accidental 911 call.

I think a better solution is to solve the human problem.  Just like we wouldn't 
tolerate our children playing on land lines or cell phones calling 911 (even my 
son has done it), we shouldn't tolerate adults doing it either.

Failing that, switch your PSTN trunk access code to another digit.  8 seems to 
be a popular second choice.

On Wed, Mar 7, 2018 at 3:41 PM NateCCIE 
<natec...@gmail.com<mailto:natec...@gmail.com>> wrote:
This might be a good time to talk about my favorite way to enable 911.

Set the interdigit timeout to a small value, like 3-5 seconds.  Then create a 
911 route pattern, and a 911! Pattern, that does not route to 911.  If the user 
dials 911 and stops, the call connects.  If they keep dialing which usually 
what happens on a miss-dial, they get whatever your 911! Pattern is configured 
to do, usually I like block this pattern.

-Nate

From: Bill Talley <btal...@gmail.com<mailto:btal...@gmail.com>>
Sent: Wednesday, March 7, 2018 2:22 PM
To: Matthew Loraditch 
<mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>>
Cc: NateCCIE <natec...@gmail.com<mailto:natec...@gmail.com>>; Ryan Huff 
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>>; 
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] e911

Seems like there's two key aspects we need to be concerned with.  1) As I think 
Matthew is pointing out, notifications are only required if notifications are a 
native feature available "without improvement", i.e. add-on components.  2)  We 
now MUST configure direct 911 access without regard to customer complaints or 
PSAP complaints about accidental 911 calls.

To answer your question Matthew, I have only ever used CER and Singlewire for 
notifications, sorry I can't provide more feedback.

On Wed, Mar 7, 2018 at 3:06 PM, Matthew Loraditch 
<mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>> 
wrote:
As far as I know that feature doesn’t notify anyone internally.
The part of the law I’m referring to is this:

“A person engaged in the business of installing, managing, or operating 
multi-line telephone systems shall, in installing, managing, or operating such 
a system for use in the United States, configure the system to provide a 
notification to a central location at the facility where the system is 
installed or to another person or organization regardless of location, if the 
system is able to be configured to provide the notification without an 
improvement to the hardware or software of the system.”





Matthew Loraditch

Sr. Network Engineer


p: 443.541.1518



w: www.heliontechnologies.com<http://www.heliontechnologies.com/>

 |

e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>





<https://facebook.com/heliontech>



<https://twitter.com/heliontech>



<https://www.linkedin.com/company/helion-technologies>








From: NateCCIE [mailto:natec...@gmail.com<mailto:natec...@gmail.com>]
Sent: Wednesday, March 7, 2018 3:58 PM
To: Matthew Loraditch 
<mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>>; 
'Ryan Huff' <ryanh...@outlook.com<mailto:ryanh...@outlook.com>>; 
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: RE: [cisco-voip] e911

Um, I thought it did.

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200452-Usage-of-Native-Emergency-Call-Routing-F.html


From: cisco-voip 
<cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Matthew Loraditch
Sent: Wednesday, March 7, 2018 1:36 PM
To: Ryan Huff <ryanh...@outlook.com<mailto:ryanh...@outlook.com>>; 
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] e911

To piggy back on this, while Cisco doesn’t have emergency notifications built 
in, as the law mentions, and thus they are not required, does anyone know of 
option

Re: [cisco-voip] e911

2018-03-07 Thread Ryan Huff

If this is to apply to multi line telephone systems at large, is the Spark 
Cloud not a MLTS?

Sent from my iPhone

On Mar 7, 2018, at 22:12, Anthony Holloway 
<avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote:

Can you not call 911 from Spark?  Or did I miss what "this" is in your context?

On Wed, Mar 7, 2018 at 2:11 PM Ryan Huff 
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:
I wonder how cloud-based phone system like Cisco spark will answer this?


https://www.linkedin.com/pulse/karis-law-you-compliant-edgar-salazar

Sent from my iPhone
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] e911

2018-03-08 Thread Ryan Huff

It would be the PSTN carrier the Spark customer is using, that would ultimately
provide the PSAP routing.

https://www.cisco.com/c/en/us/solutions/collateral/unified-communications/hosted-collaboration-solution-hcs/datasheet-c78-736823.html

My thought is, what if anything, will this change for Spark. The data sheet
seems to suggest (although I have no experience with it) that Spark does have
an ELAN service.

I just see this as the catalyst to a licensing model change. Who knows I
suppose.

Thanks,

Ryan

On Mar 7, 2018, at 22:26, Anthony Holloway
<avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote:

Oh I see. Yeah, government ignorance aside, I would say it is.

So, Spark does support 911 calls today?

If so, what's there to change? The law seems to be written such that, as long
as the system is configured for direct 911 access, before being "installed,"
you're fine. The "installed" word might be confusing for some, but I read that
as being the same as "in production." Then of course you have to define "in
production," which, does that include training room phones, pilot users, beta
testers, etc.

On Wed, Mar 7, 2018 at 9:17 PM Ryan Huff
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:
If this is to apply to multi line telephone systems at large, is the Spark
Cloud not a MLTS?

Sent from my iPhone

On Mar 7, 2018, at 22:12, Anthony Holloway
<avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote:

Can you not call 911 from Spark? Or did I miss what "this" is in your context?

On Wed, Mar 7, 2018 at 2:11 PM Ryan Huff
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:
I wonder how cloud-based phone system like Cisco spark will answer this?

https://www.linkedin.com/pulse/karis-law-you-compliant-edgar-salazar

Sent from my iPhone
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] SFTP backups stop

2018-04-20 Thread Ryan Huff

Sounds like CUCM isn’t trusting the new cert. Older (but recent) versions CUCM 
are still using weaker ciphers that OpenSSH and others have deprecated (Ex. 
CBC-Blowfish).

Look at the logs on the SFTP server; I bet you it’s showing a connection 
attempt from CUCM but saying it can’t agree on a cipher.

Sent from my iPhone

On Apr 20, 2018, at 19:37, Jason Aarons (Americas) 
> wrote:



Anyone seen where you changed/regenerated the Globalscape SFTP key and backups 
stopped? Or maybe it was something else.

I’m stumped. Filezilla client to SFTP with same username/password works fine, 
log files in GlobalScape show CUCM connection and a dir list returned fine and 
then in CCM I see failure.

Restarted DRS master/local, rebooted PUB etc.

I deleted schedule and device, recreated devices, same problem.

CUCM 11.5 SU2 and latest GlobalScape EFT.

Was working fine,  then I regenerated key pair on GlobalScape.


This email and all contents are subject to the following disclaimer:
"http://www.dimensiondata.com/emaildisclaimer;
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Robo Call DoS

2018-04-16 Thread Ryan Huff

Is it the same CALLED number? While this is service impacting, if the customer 
can live without the number for a few hours here is what has worked for me ...

Take the number and run it to an IVR (Unity Connections or UCCX are common 
Cisco options). The IVR simply plays the SIT (special information tone) for a 
busy circuit which can be downloaded here: http://www.yourhomenow.com/sit.html 
and dumps the call.

True robo dialer bots are autonomous and usually listen for SIT; when they hear 
“circuit busy” (the three bings of death that play at a particular frequency) 
they usually blacklist the called number on their index so they don’t keep 
burning cycles and are more effective for the bot owner.

I’ve also used a 30 second sample of Rick Astley’s, “Never gonna give you up” 
in place of SIT, when I feel like “Rick Rolling” the bot  a little way to 
vent frustration on a bot :). Rick rolling isn’t something you can usually do 
with customer facing numbers though :(; circuit busy SIT is easier to explain 
away.

You can try legal and carrier options but generally you just want it to stop in 
the quickest way possible and this has done it for me several times before.

Thanks,

Ryan

On Apr 16, 2018, at 11:42, Bill Talley 
> wrote:

I’m sure you’ve already considered this, but I wonder, with everything being 
back-hauled over IP these days, if their telco would be able to identify the 
IXC who is handing off the call to them, based on the logs for the original 
calling party number they blocked, and blacklist that address.  Sure that 
sounds extreme (voice is more critical them SMTP), but you’re also talking 
about criminal activity.

Sent from an iOS device with very tiny touchscreen input keys.  Please excude 
my typtos.

On Apr 16, 2018, at 10:23 AM, Anthony Holloway 
> wrote:

Technically or legally?

How does one stop a DoS attack on a network?  Or on anything for that matter?  
Say you were attending a protest, and someone is blowing an air horn in your 
ear?  What can you do?

Technically, you could front end the whole thing with a captcha style gate, so 
you could ask to push a single button, button combination, or solve a simple 
addition problem resulting in two digits.  granted, just like on the web, a 
captcha is burdensome to the user, but generally, it's preferable over the site 
being down, or disrupted.

CUC and UCCX both could handle this task, though it would be easier in UCCX.

On Mon, Apr 16, 2018 at 9:49 AM Matthew Loraditch 
> 
wrote:
So this is a curiosity question, we had a prospective client call us who is 
essentially getting robocalled to oblivion. Some scammer has robo dialers setup 
and is flooding all of their trunks. He got a ransom, stopped and then started 
again. He was originally using one number and then when the telco blocked that 
switching to random sources.
Are there are any legitimate defenses to this sort of thing?

Matthew Loraditch
Sr. Network Engineer

p: 443.541.1518

w: www.heliontechnologies.com|  
e: mloradi...@heliontechnologies.com

[cid:image164818.png@93BA584B.3B5FAD34]

[Facebook]

[Twitter]

[LinkedIn]

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Bye Bye Cisco Spark, Hello Webex Teams

2018-04-19 Thread Ryan Huff

If we’re being honest? I always thought “board” wasn’t near sexy enough. 
“Surface” is functionally descriptive, but it’s smooth and not a boring word.

I’m a fan of “slate”.

WebEx Slate? Spark Slate? Functionally descriptive, intriguing, contemporary 
and not boring.

Then you take that ole’ Acano “board” (that is the Genesis of what we now know 
as Spark Board) and since Cisco and Apple are friendzies nowadays you call up 
Tim and ask him if Johnny Ive can come over and wrap it in some of that sexy 
aluminum and Gorilla Glass that Steve got from the aliens back in 2007.

That’s how I would’ve played it.

- Ryan -

On Apr 19, 2018, at 10:43, Ben Amick 
<bam...@humanarc.com<mailto:bam...@humanarc.com>> wrote:


My thoughts were similar but opposite - as in the case of tissues, those 
tissues are in fact the name of the product prior to branding. Whereas "Teams" 
in relations to chat software wasn't a generic term. Checking trademark 
listings, it looks like the Trademark is for "Microsoft Teams" and not just 
"Teams" so I'm guessing Microsoft came to the same conclusion about common 
phrases. It'll make for some really nice confusing material for third-party VC 
software compatibility. "We're compatible with Teams" - "Which one?"


That said, all these corporate chat softwares that M$ and Cisco are putting out 
are entertaining in how they aren't really useful as a recognizable product 
name but great for incorporating into sentences.

"I'll send you a Lync"
"I'll Jab you that information"

"I'll post it in the Team"


I just never saw the brand appeal of Spark, especially when they tried to push 
way too hard on the Spark branding. Yeah, the "Spark Board" sounds fancier, but 
"Webex Board" probably would've moved more units.


From: Ryan Huff <ryanh...@outlook.com<mailto:ryanh...@outlook.com>>
Sent: Thursday, April 19, 2018 10:31:53 AM
To: Matthew Loraditch
Cc: Ben Amick; Lamont, Joshua; cisco-voip voyp list
Subject: Re: [cisco-voip] Bye Bye Cisco Spark, Hello Webex Teams


Security Notice: This is an EXTERNAL email. Please exercise caution and DO NOT 
open attachments or click links from unknown or unexpected senders.

Common words and phrases can be trademarked if the person or company seeking 
the trademark candemonstrate that the phrase has acquired a distinctive 
secondary meaning apart from its original meaning. That secondary meaning must 
be one that identifies the phrase with a particular good or service.

https://www.uspto.gov/sites/default/files/documents/BasicFacts.pdf

I don’t think “teams” would qualify; I couldn’t imagine saying “teams” to 
anyone and them automatically thinking, “Oh, that Microsoft thing”.

If the users won’t come to Spark, I guess you bring Spark to the users and put 
a little dressing on it (to distance the platform from those early on scale 
based outages ;).

It’s a pretty creative way get valuation for the product if you think about. 
Tap into a well known and loved branding message with a massive pre existing 
user base with a high adoption to churn ratio. It’s all about fiduciary 
responsibility ;).

- Ryan -

On Apr 19, 2018, at 10:19, Matthew Loraditch 
<mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>> 
wrote:


I can’t imagine they didn’t thoroughly vet it before doing this. Also teams has 
a very generic meaning. It’s Like saying Kleenex Tissues or Puffs Tissues. Both 
providing the same service. That’s my mostly uninformed two cents.




Matthew Loraditch
Sr. Network Engineer

p: 443.541.1518


w: www.heliontechnologies.com<http://www.heliontechnologies.com/>|  
e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>



<https://facebook.com/heliontech>

<https://twitter.com/heliontech>

<https://www.linkedin.com/company/helion-technologies>



<https://heliontechnologies.com/events/14th-annual-automotive-cx-summit-hosted-thought-leadership-summits/>




From: cisco-voip 
<cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Ben Amick
Sent: Thursday, April 19, 2018 10:09 AM
To: Lamont, Joshua <joshua_lam...@brown.edu<mailto:joshua_lam...@brown.edu>>; 
cisco-voip voyp list 
<cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Bye Bye Cisco Spark, Hello Webex Teams



Smells like a lawsuit from Microsoft waiting to happen.



From: cisco-voip 
<cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Lamont, Joshua 
<joshua_lam...@brown.edu<mailto:joshua_lam...@brown.edu>>
Sent: Wednesday, April 18, 2018 9:54:43 AM
To: cisco-voip voyp list
Subject: [cisco-voip] Bye Bye Cisco Spark, Hello Webex T

Re: [cisco-voip] CUCM Pre-Upgrade Checklist

2018-04-24 Thread Ryan Huff

It was the 1GB max per transaction file size, but was then fixed. I don’t think
they’ve restricted their cipher suites either, so I think it still works with
CBC-Blowfish and other older/weaker suites which is why folks like it on
CUCM; might not be the most secure but it just works.

Sent from my iPhone

On Apr 24, 2018, at 15:06, Ryan Ratliff (rratliff)
> wrote:

I vaguely recall something changing with FreeFTPd that specifically broke our
DRS and that’s why it’s no longer supported.
i don’t know if it was a max file size or something else.

-Ryan

On Apr 24, 2018, at 12:33 PM, Anthony Holloway
> wrote:

I just noticed Cisco now supports freeFTPd, but they stopped supporting my
favorite SFTP product "free FTDP." :(

"Cisco does not support using the SFTP product free FTDP."

Source: same document

On Sat, Mar 31, 2018 at 10:38 PM Anthony Holloway
>
wrote:
Has anyone seen this lately? This thing is nuts. I've been doing upgrades for
like 10 years now, and this seems a little over the top.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/upgrade/11_5_1/cucm_b_upgrade-guide-cucm-115/cucm_b_upgrade-guide-cucm-115_chapter_010001.html

Some Highlights:

"If you have custom ringtones or background images in the TFTP directory, you
need to create a separate backup for these files. They are not included in the
Disaster Recovery System (DRS) backup file."

Good to know. I must admit that I didn't know that.

"Record the following login and password information: all application users
credentials, such as DRS, AXL, and accounts for other third-party integration"

What? Why? What do you plan on doing with my configuration?

"Record the settings for Enterprise Parameters on both [CM] nodes and [IM]
nodes. [T]he settings that are configured on Unified Communications Manager
nodes overwrite the settings configured on IM and Presence Service nodes during
the upgrade process."

Well that's some lazy software engineering right there folks.

"Export user records using the Bulk Administration Tool (BAT)."

That's a nice list of users you got there. It would be a shame if this upgrade
deleted all of them.

And the list just goes on, and on, and on. The pre-upgrade is as long as the
upgrade. Who legitimately is already doing 100% of these things?
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUCM Pre-Upgrade Checklist

2018-04-24 Thread Ryan Huff

While I understand the purpose and intention of a temporary DRS target; I’d be
hesitant to use the ESXi server itself.

All things temporary become permanent, especially in the SMB space :).

Though, I will admit it’s an awfully convenient Linux server in a pinch ;).

-Ryan-

On Apr 24, 2018, at 19:22, Charles Goldsmith
<wo...@justfamily.org<mailto:wo...@justfamily.org>> wrote:

Nothing better than having a pair of linux VM's to backup to, in geographically
diverse locations :)

For a temporary backup or COP source, enable ssh on the esxi host or I use my
macbook as the sftp server.

On Tue, Apr 24, 2018 at 6:51 PM Anthony Holloway
<avholloway+cisco-v...@gmail.com<mailto:avholloway%2bcisco-v...@gmail.com>>
wrote:
I was mostly making fun of the "free FTDP" when it should have been "freeFTPd."
However, I appreciate you breathing new life into this.

On Tue, Apr 24, 2018 at 2:34 PM Ryan Ratliff (rratliff)
<rratl...@cisco.com<mailto:rratl...@cisco.com>> wrote:
Just filed CSCvj14739 to see if they will update the docs. Given the last
release of FreeFTPd was a number of years ago there’s no guarantee it will
happen, but that doesn’t mean it won’t work any longer.

-Ryan

On Apr 24, 2018, at 3:10 PM, Ryan Huff
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:

Sent from my iPhone

On Apr 24, 2018, at 15:06, Ryan Ratliff (rratliff)
<rratl...@cisco.com<mailto:rratl...@cisco.com>> wrote:

I vaguely recall something changing with FreeFTPd that specifically broke our
DRS and that’s why it’s no longer supported.
i don’t know if it was a max file size or something else.

-Ryan

On Apr 24, 2018, at 12:33 PM, Anthony Holloway
<avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote:

I just noticed Cisco now supports freeFTPd, but they stopped supporting my
favorite SFTP product "free FTDP." :(

"Cisco does not support using the SFTP product free FTDP."

Source: same document

On Sat, Mar 31, 2018 at 10:38 PM Anthony Holloway
<avholloway+cisco-v...@gmail.com<mailto:avholloway%2bcisco-v...@gmail.com>>
wrote:
Has anyone seen this lately? This thing is nuts. I've been doing upgrades for
like 10 years now, and this seems a little over the top.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/upgrade/11_5_1/cucm_b_upgrade-guide-cucm-115/cucm_b_upgrade-guide-cucm-115_chapter_010001.html

Some Highlights:

Good to know. I must admit that I didn't know that.

"Record the following login and password information: all application users
credentials, such as DRS, AXL, and accounts for other third-party integration"

What? Why? What do you plan on doing with my configuration?

Well that's some lazy software engineering right there folks.

"Export user records using the Bulk Administration Tool (BAT)."

That's a nice list of users you got there. It would be a shame if this upgrade
deleted all of them.

And the list just goes on, and on, and on. The pre-upgrade is as long as the
upgrade. Who legitimately is already doing 100% of these things?
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] on boarding new employees

2018-04-25 Thread Ryan Huff

BAT Phone templates could save you some time here (if you’re not already using 
them).

If it’s just 1 or 2 users here and there BAT imports will take more time than 
hand entering them. If it’s a large user on boarding, I’d insert the devices 
with a CSV against the phone template.

-Ryan-

> On Apr 25, 2018, at 13:22, Scott Voll  wrote:
> 
> Does anyone have a good solution for on boarding new employees?
> 
> we have to:
> 
> create a 7961 EM profile
> create a 8861 EM profile
> Create a IP Communicator EM Profile
> create an IP communicator device
> associate the user EM profiles to the AD account
> create an Unity connection VM box
> set the zero out option.
> 
> and if they are on the contact center there is some other stuff to.
> 
> I know that through API's I could do something but I don't have that kind 
> of time to create something. .
> 
> What are options these days?
> 
> UC products are all 11.x
> 
> TIA
> 
> Scott
> 
> 
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUCM Pre-Upgrade Checklist

2018-04-02 Thread Ryan Huff

These pre upgrade tasks have been the same for awhile I think. Here is the 10.5 
guide that shows these.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/upgrade/10_5_1/cucm_b_upgrade-and-migration-guide-105/cucm_b_upgrade-and-migration-guide-105_chapter_01010.html

Sent from my iPhone

On Apr 2, 2018, at 14:56, Winstrand, Kenneth 
> wrote:

Some of these are probably CYA’s…  but you might as well do them in case you’re 
the one guy in 10,000 affected by a bug.

From: cisco-voip 
> 
On Behalf Of Anthony Holloway
Sent: Saturday, March 31, 2018 11:39 PM
To: Cisco VoIP Group 
>
Subject: [cisco-voip] CUCM Pre-Upgrade Checklist

Has anyone seen this lately?  This thing is nuts.  I've been doing upgrades for 
like 10 years now, and this seems a little over the top.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/upgrade/11_5_1/cucm_b_upgrade-guide-cucm-115/cucm_b_upgrade-guide-cucm-115_chapter_010001.html

Some Highlights:

"If you have custom ringtones or background images in the TFTP directory, you 
need to create a separate backup for these files. They are not included in the 
Disaster Recovery System (DRS) backup file."

Good to know.  I must admit that I didn't know that.

"Record the following login and password information: all application users 
credentials, such as DRS, AXL, and accounts for other third-party integration"

What?  Why?  What do you plan on doing with my configuration?

"Record the settings for Enterprise Parameters on both [CM] nodes and [IM] 
nodes. [T]he settings that are configured on Unified Communications Manager 
nodes overwrite the settings configured on IM and Presence Service nodes during 
the upgrade process."

Well that's some lazy software engineering right there folks.

"Export user records using the Bulk Administration Tool (BAT)."

That's a nice list of users you got there.  It would be a shame if this upgrade 
deleted all of them.

And the list just goes on, and on, and on.  The pre-upgrade is as long as the 
upgrade.  Who legitimately is already doing 100% of these things?
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUCM and cube sending weird packets?

2018-03-21 Thread Ryan Huff

Correct, that is how I understand CMG to work too and yes, very likely a bug or 
a reset that didn’t apply (or was needed) ... etc.

Sent from my iPhone

On Mar 21, 2018, at 14:00, Anthony Holloway 
<avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote:

"Run on all nodes" does two things for you:

1) It creates an instance of that object on all CPEs, such that any one of them 
can answer the request, or generate a request.

2) It causes a thing to happen called, route local, which attempts to keep 
outbound requests on the same CPE where the inbound request was seen.  This is 
to alleviate ICCS traffic by involving multiple CPEs in a single call flow 
where not necessary.

If you've seen behavior where "run on all nodes" has caused you to adjust your 
CMG, then I suspect it was either not working (E.g., A reset of the device did 
not work), or you were hitting a defect.

On Wed, Mar 21, 2018 at 12:52 PM Ryan Huff 
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:
This comes from empirical experience here but I have most definitely hit odd 
issues with “Run on all CM nodes” and the originator not being in the CMG of 
the SIP trunk.

Sent from my iPhone

On Mar 21, 2018, at 13:43, Anthony Holloway 
<avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote:

Typo? If its enabled, then CMG doesn't matter.

On Wed, Mar 21, 2018 at 12:30 PM Ryan Huff 
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:

Do you have “Run on all nodes” checked on the CUCM trunk? If so, please verify 
all CM nodes running the call manager service are in the CM Group specified in 
the device pool bring used by the CUCM sip trunk.

Sent from my iPhone

On Mar 21, 2018, at 13:24, Ryan Huff 
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:

Looks like your DTMF methods are changing between the good and bad calls and 
possibly why Century is disregarding?

Also seems like the ccm originator is different in the good and bad SDP.

“Every fifth time” seems to predictable to be a random issue; seems more like 
CUCM cycling through a list or something

Do you have “Run on all nodes” checked on the CUCM trunk? If so, please verify 
all CM nodes running the call manager service are in the CM Group specified in 
the device pool used by the CUCM.

Are you having the issue in both directions?

What DTMF method do you have set on the CUCM trunk, “No Preference”?

What version of CUCM?

Sent from my iPhone

On Mar 21, 2018, at 12:37, Jonatan Quezada 
<jonatan.quez...@chemeketa.edu<mailto:jonatan.quez...@chemeketa.edu>> wrote:



On Mon, Mar 19, 2018 at 8:33 AM, Jonatan Quezada 
<jonatan.quez...@chemeketa.edu<mailto:jonatan.quez...@chemeketa.edu>> wrote:
What would change this this packet 20 percent of the time? We are trouble 
shooting the last ghost issue after SIP cutover.  I was on the horn with the 
provider and CiscoTAC and we see this for good and bad calls: any reason why 
centuryLink's stuff would not recognize this update from us, or possibly the 
(Cube,CUCM) sending last wierd packet of update one in five times which causes 
the call to drop

Bad calls the last invite has m=audio 20674 RTP/AVP 0 a=X-cisco-media:umoh 
a=ptime:20
a=rtpmap:0 PCMU/8000 and no RTP from the cusotmer PBX

and good calls has m=audio 20650 RTP/AVP 0 101 a=ptime:20 a=rtpmap:0 PCMU/8000 
and good RTP from the PBX


Last invite on good call from the customer

INVITE 
sip:3033191795<tel:(303)%20319-1795>@67.14.92.87<http://67.14.92.87>:5100;transport=udp
 SIP/2.0
Via: SIP/2.0/UDP 65.152.176.94:5060;branch=z9hG4bK43843FB
P-Asserted-Identity: "3300 CCBI Mailbox"
From: "5033995181<tel:(503)%20399-5181> 
5033995181<tel:(503)%20399-5181>";tag=6F13621-138F
To: "STEVEN UPCHURCH";tag=1960181175-1521299570039
-
Date: Sat, 17 Mar 2018 08:13:17 PST
Call-ID: 
BW101250039170318-1114511220@10.73.16.89<mailto:BW101250039170318-1114511220@10.73.16.89>
Supported: rel100,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2155609728-0690754024-2718484947-3801912337
User-Agent: Cisco-SIPGateway/IOS-15.5.3.S6b
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, 
NOTIFY, INFO, REGISTER
CSeq: 108 INVITE
Max-Forwards: 70
Timestamp: 1521299597
Contact:
Expires: 300
Allow-Events: telephone-event
Authorization: Digest 
username="263015-9717185172",realm="voip.centurylink.com<http://voip.centurylink.com/>",uri="sip:303319179
5@67.14.92.87<mailto:5@67.14.92.87>:5100;transport=udp",response="1fe4a6632f960305157b16ff3dd05944",nonce="BroadWorksXje
vihnztT47s3bhBW",cnonce="",qop=auth,algorithm=MD5,nc=0007
Session-Expires: 1800;refresher=uac
Content-Type: application/sdp
Content-Length: 247
v=0
o=CiscoSystemsCCM-SIP 2058187 5 IN IP4 10.200.1.11

Re: [cisco-voip] CUCM and cube sending weird packets?

2018-03-21 Thread Ryan Huff

This comes from empirical experience here but I have most definitely hit odd 
issues with “Run on all CM nodes” and the originator not being in the CMG of 
the SIP trunk.

Sent from my iPhone

On Mar 21, 2018, at 13:43, Anthony Holloway 
<avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote:

Typo? If its enabled, then CMG doesn't matter.

On Wed, Mar 21, 2018 at 12:30 PM Ryan Huff 
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:

Do you have “Run on all nodes” checked on the CUCM trunk? If so, please verify 
all CM nodes running the call manager service are in the CM Group specified in 
the device pool bring used by the CUCM sip trunk.

Sent from my iPhone

On Mar 21, 2018, at 13:24, Ryan Huff 
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:

Looks like your DTMF methods are changing between the good and bad calls and 
possibly why Century is disregarding?

Also seems like the ccm originator is different in the good and bad SDP.

“Every fifth time” seems to predictable to be a random issue; seems more like 
CUCM cycling through a list or something

Do you have “Run on all nodes” checked on the CUCM trunk? If so, please verify 
all CM nodes running the call manager service are in the CM Group specified in 
the device pool used by the CUCM.

Are you having the issue in both directions?

What DTMF method do you have set on the CUCM trunk, “No Preference”?

What version of CUCM?

Sent from my iPhone

On Mar 21, 2018, at 12:37, Jonatan Quezada 
<jonatan.quez...@chemeketa.edu<mailto:jonatan.quez...@chemeketa.edu>> wrote:



On Mon, Mar 19, 2018 at 8:33 AM, Jonatan Quezada 
<jonatan.quez...@chemeketa.edu<mailto:jonatan.quez...@chemeketa.edu>> wrote:
What would change this this packet 20 percent of the time? We are trouble 
shooting the last ghost issue after SIP cutover.  I was on the horn with the 
provider and CiscoTAC and we see this for good and bad calls: any reason why 
centuryLink's stuff would not recognize this update from us, or possibly the 
(Cube,CUCM) sending last wierd packet of update one in five times which causes 
the call to drop

Bad calls the last invite has m=audio 20674 RTP/AVP 0 a=X-cisco-media:umoh 
a=ptime:20
a=rtpmap:0 PCMU/8000 and no RTP from the cusotmer PBX

and good calls has m=audio 20650 RTP/AVP 0 101 a=ptime:20 a=rtpmap:0 PCMU/8000 
and good RTP from the PBX


Last invite on good call from the customer

INVITE 
sip:3033191795<tel:(303)%20319-1795>@67.14.92.87<http://67.14.92.87>:5100;transport=udp
 SIP/2.0
Via: SIP/2.0/UDP 65.152.176.94:5060;branch=z9hG4bK43843FB
P-Asserted-Identity: "3300 CCBI Mailbox"
From: "5033995181<tel:(503)%20399-5181> 
5033995181<tel:(503)%20399-5181>";tag=6F13621-138F
To: "STEVEN UPCHURCH";tag=1960181175-1521299570039
-
Date: Sat, 17 Mar 2018 08:13:17 PST
Call-ID: 
BW101250039170318-1114511220@10.73.16.89<mailto:BW101250039170318-1114511220@10.73.16.89>
Supported: rel100,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2155609728-0690754024-2718484947-3801912337
User-Agent: Cisco-SIPGateway/IOS-15.5.3.S6b
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, 
NOTIFY, INFO, REGISTER
CSeq: 108 INVITE
Max-Forwards: 70
Timestamp: 1521299597
Contact:
Expires: 300
Allow-Events: telephone-event
Authorization: Digest 
username="263015-9717185172",realm="voip.centurylink.com<http://voip.centurylink.com/>",uri="sip:303319179
5@67.14.92.87<mailto:5@67.14.92.87>:5100;transport=udp",response="1fe4a6632f960305157b16ff3dd05944",nonce="BroadWorksXje
vihnztT47s3bhBW",cnonce="",qop=auth,algorithm=MD5,nc=0007
Session-Expires: 1800;refresher=uac
Content-Type: application/sdp
Content-Length: 247
v=0
o=CiscoSystemsCCM-SIP 2058187 5 IN IP4 10.200.1.11
s=SIP Call
c=IN IP4 OurEndOf SIpTrunk
b=TIAS:64000
b=CT:64
b=AS:64
t=0 0
m=audio 20650 RTP/AVP 0 101
a=ptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15



bad call


INVITE 
sip:3033191795<tel:(303)%20319-1795>@67.14.92.84<http://67.14.92.84>:5100;transport=udp
 SIP/2.0
Via: SIP/2.0/UDP 65.152.176.94:5060;branch=z9hG4bK43B6CCD
P-Asserted-Identity: "3300 CCBI Mailbox"
From: "5033995181<tel:(503)%20399-5181> 
5033995181<tel:(503)%20399-5181>";tag=706CB6F-176F
To: "STEVEN UPCHURCH";tag=790178935-1521300984448-
Date: Sat, 17 Mar 2018 08:36:48 PST
Call-ID: 
BW103624448170318-1333973217@10.73.16.89<mailto:BW103624448170318-1333973217@10.73.16.89>
Supported: rel100,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 3415568030-0690950632-2724317651-3801912337
User-Agent: Cisco-SIPGateway/IOS-15.5.3.S6b
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, 
NOTIFY, INFO, REGISTER
CSeq: 106 INVITE
Max-Forwards: 70
Tim

Re: [cisco-voip] CUCM and cube sending weird packets?

2018-03-21 Thread Ryan Huff


Do you have “Run on all nodes” checked on the CUCM trunk? If so, please verify 
all CM nodes running the call manager service are in the CM Group specified in 
the device pool bring used by the CUCM sip trunk.

Sent from my iPhone

On Mar 21, 2018, at 13:24, Ryan Huff 
<ryanh...@outlook.com<mailto:ryanh...@outlook.com>> wrote:

Looks like your DTMF methods are changing between the good and bad calls and 
possibly why Century is disregarding?

Also seems like the ccm originator is different in the good and bad SDP.

“Every fifth time” seems to predictable to be a random issue; seems more like 
CUCM cycling through a list or something

Do you have “Run on all nodes” checked on the CUCM trunk? If so, please verify 
all CM nodes running the call manager service are in the CM Group specified in 
the device pool used by the CUCM.

Are you having the issue in both directions?

What DTMF method do you have set on the CUCM trunk, “No Preference”?

What version of CUCM?

Sent from my iPhone

On Mar 21, 2018, at 12:37, Jonatan Quezada 
<jonatan.quez...@chemeketa.edu<mailto:jonatan.quez...@chemeketa.edu>> wrote:



On Mon, Mar 19, 2018 at 8:33 AM, Jonatan Quezada 
<jonatan.quez...@chemeketa.edu<mailto:jonatan.quez...@chemeketa.edu>> wrote:
What would change this this packet 20 percent of the time? We are trouble 
shooting the last ghost issue after SIP cutover.  I was on the horn with the 
provider and CiscoTAC and we see this for good and bad calls: any reason why 
centuryLink's stuff would not recognize this update from us, or possibly the 
(Cube,CUCM) sending last wierd packet of update one in five times which causes 
the call to drop

Bad calls the last invite has m=audio 20674 RTP/AVP 0 a=X-cisco-media:umoh 
a=ptime:20
a=rtpmap:0 PCMU/8000 and no RTP from the cusotmer PBX

and good calls has m=audio 20650 RTP/AVP 0 101 a=ptime:20 a=rtpmap:0 PCMU/8000 
and good RTP from the PBX


Last invite on good call from the customer

INVITE 
sip:3033191795<tel:(303)%20319-1795>@67.14.92.87<http://67.14.92.87>:5100;transport=udp
 SIP/2.0
Via: SIP/2.0/UDP 65.152.176.94:5060;branch=z9hG4bK43843FB
P-Asserted-Identity: "3300 CCBI Mailbox"
From: "5033995181<tel:(503)%20399-5181> 
5033995181<tel:(503)%20399-5181>";tag=6F13621-138F
To: "STEVEN UPCHURCH";tag=1960181175-1521299570039
-
Date: Sat, 17 Mar 2018 08:13:17 PST
Call-ID: 
BW101250039170318-1114511220@10.73.16.89<mailto:BW101250039170318-1114511220@10.73.16.89>
Supported: rel100,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2155609728-0690754024-2718484947-3801912337
User-Agent: Cisco-SIPGateway/IOS-15.5.3.S6b
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, 
NOTIFY, INFO, REGISTER
CSeq: 108 INVITE
Max-Forwards: 70
Timestamp: 1521299597
Contact:
Expires: 300
Allow-Events: telephone-event
Authorization: Digest 
username="263015-9717185172",realm="voip.centurylink.com<http://voip.centurylink.com/>",uri="sip:303319179
5@67.14.92.87<mailto:5@67.14.92.87>:5100;transport=udp",response="1fe4a6632f960305157b16ff3dd05944",nonce="BroadWorksXje
vihnztT47s3bhBW",cnonce="",qop=auth,algorithm=MD5,nc=0007
Session-Expires: 1800;refresher=uac
Content-Type: application/sdp
Content-Length: 247
v=0
o=CiscoSystemsCCM-SIP 2058187 5 IN IP4 10.200.1.11
s=SIP Call
c=IN IP4 OurEndOf SIpTrunk
b=TIAS:64000
b=CT:64
b=AS:64
t=0 0
m=audio 20650 RTP/AVP 0 101
a=ptime:20
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15



bad call


INVITE 
sip:3033191795<tel:(303)%20319-1795>@67.14.92.84<http://67.14.92.84>:5100;transport=udp
 SIP/2.0
Via: SIP/2.0/UDP 65.152.176.94:5060;branch=z9hG4bK43B6CCD
P-Asserted-Identity: "3300 CCBI Mailbox"
From: "5033995181<tel:(503)%20399-5181> 
5033995181<tel:(503)%20399-5181>";tag=706CB6F-176F
To: "STEVEN UPCHURCH";tag=790178935-1521300984448-
Date: Sat, 17 Mar 2018 08:36:48 PST
Call-ID: 
BW103624448170318-1333973217@10.73.16.89<mailto:BW103624448170318-1333973217@10.73.16.89>
Supported: rel100,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 3415568030-0690950632-2724317651-3801912337
User-Agent: Cisco-SIPGateway/IOS-15.5.3.S6b
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, 
NOTIFY, INFO, REGISTER
CSeq: 106 INVITE
Max-Forwards: 70
Timestamp: 1521301008
Contact:
Expires: 300
Allow-Events: telephone-event
Authorization: Digest 
username="sipUserCreds",realm="voip.centurylink.com<http://voip.centurylink.com/>",uri="sip:303319179
5@x.x.x.x<mailto:5@x.x.x.x>:5100;transport=udp",response="afdfcac6b618eca813909e53f7a6ed2e",nonce="BroadWorksXje
vjbx40Tz7f6gcBW",cnonce="",qop=auth,algorithm=MD5,nc=0005
Content-Type: application/sdp
Content-Length:

Re: [cisco-voip] Fax !!! at my wits end!!!

2018-03-23 Thread Ryan Huff

Based on this (regarding the MTP), and the previous SDP audio header; it’s very 
clear something is changing the DTMF method (which is why MTP is “fixing” it). 
Non negotiable DTMF can absolutely cause a call to fail, especially faxing 
(because the other side effectively won’t “hear” the handshake).

In your “bad call” SDP, there was no DTMF method listed, whereas your “good 
call” SDP listed 101 (rtp-nte). In both cases, the codec remained the same 
(PCMU/8000)

I would get a SIP message log from every joint in the call leg and look for 
where DTMF is changing and verify every piece in the call leg (and associated 
node’s/HA’s of said pieces) all support and agree to the same DTMF method (also 
verify you’re supporting at least one OOB DTMF method).

On Mar 23, 2018, at 12:36, Jonatan Quezada 
> wrote:

is anyone using the century Link configuration guide for the SIP IQ private on 
a 4431, . I finally have calls 100 percent of the time but I had to do MTP on 
the trunk for the CUCM

my call flow is very simple

centLiunk---IQ private Cube-CUCM,uccx,Unity,

trying like mad for fax pass through,

I have tried multiple combinationsof these:

voice class codec 1  ---this one is pretty static, I havent changed it
 codec preference 1 g711ulaw
 codec preference 2 g729r8

sip profile
request ANY sdp-header Audio-Attribute modify "a=X-cisco-media:umoh" ""
!
voice service voip
 no supplementary-service sip moved-temporarily
 redirect ip2ip
 fax protocol pass-through g711ulaw

sip
  midcall-signaling passthru media-change
  early-offer forced
  privacy-policy passthru
  pass-thru subscribe-notify-events all
  pass-thru content unsupp
  pass-thru content sdp


I thinking about picking apart my config all together and going strictly off of 
config example. I had our vendor engineer do ours and its been nothing but head 
aches. a couple of the huge differences are the DPG references and huge header 
modification, What do you guys suggest?



Johnny Q
Voice Technology Analyst - TelNet
Chemeketa Community College
johnn...@chemeketa.edu
Building 22 Room 131
Work 5033995294
Mobile 9712182110
SIP 5035406686
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] session target dns

2018-03-06 Thread Ryan Huff

Good morning Ed,

Just thought I’d toss this out there to be aware of; 
CsCuy96398
 (DNS query delay). While your 16.3.5 version is not listed as a known affected 
release, its also not specifically listed as a known fixed release. The good 
news is that 16.3.1 is listed as a known fixed release, so your 16.3.5 likely 
has the fix baked in (but who really knows when it comes to IOS bugs). I’d just 
keep it in the back of your mind if you have to tshoot .

Here is the bug condition:

Upon start-up/reboot the DNS process doesn't initiate a query till around 18 
minutes after the boot up. This long delay results in hostname configured 
features (ex:NTP servers) not being used till this process is complete. Even 
when doing this time the DNS server is reachable.

Thanks,

Ryan
From: Ed Leatherman
Sent: Tuesday, March 6, 2018 7:31 AM
To: Anthony Holloway
Cc: Cisco VOIP
Subject: Re: [cisco-voip] session target dns

Thanks Anthony, That was spot on what I was trying to figure out. I've been 
using server-groups up until now (and will continue on the CUCM facing side), 
the service provider is forcing the change on the side facing them.

Loren: That's an interesting idea to lock in the host resolution on the CUBE 
itself, but in this case I think it might set me up for an outage if the 
service provider changes their IP Addressing. Maybe I can get them to commit to 
telling me before they change those..

On Mon, Mar 5, 2018 at 2:31 PM, Anthony Holloway 
> wrote:
Loren,

Just out of curiosity, why didn't you just use session server groups?  Based on 
the config you shared, it looks like it would achieve the same thing, but with 
less config, and not adding in the DNS stack within IOS.

Ed,

*Note, you cannot use DNS in server groups, so it's one or the other.

I also think it's important to know that the IOS code is written such that it 
will look for SRV records first, and then fallback to looking for an A (host) 
record once the DNS timeouts.

E.g.,

You enter "session target dns:collab.domain.com"

IOS looks for _sip._udp.collab.domain.com SRV 
record first, timesout, then looks for 
collab.domain.com host record second.

*Note that the outgoing session transport on IOS is UDP by default, unless you 
change it to TCP with the command "session transport tcp" at the "voice service 
voip" level, or at the dial-peer level.  So, having a _sip._tcp SRV record on 
your CUBE would create a confusing scenario.  Contrast this with the incoming 
connection, which can be either.  However, SRV records, like Loren is showing, 
are for outbound connection establishments.

I have not done an extensive amount of testing here, but I would be curious to 
know if IOS handles the TTL for the DNS record correctly, or if it queries DNS 
for every setup like how that one defect was hitting CUCM SIP trunks for a 
while there.  I looked for "TTL" in the CVP Config guide, but it didn't say.

On Mon, Mar 5, 2018 at 11:19 AM Loren Hillukka 
> wrote:
You can have your gw query your DNS server, and you have to add SRV records to 
your central DNS server (like with the jabber entries required to get jabber 
sign-in to work).
Here’s the example of doing local DNS to static entries on the gateway itself, 
from the CVP 10 config guide.  CVP is where I first started doing dns srv on 
the local gateway, as I preferred breaking the call center myself instead of 
having the AD/DNS teams do it for me without me knowing ;-)
===
You can also configure the Gateway statically instead of using DNS. The 
following example shows how both the A and SRV type records could be configured:
ip host cvp4cc2.cisco.com 10.4.33.132
ip host cvp4cc3.cisco.com 10.4.33.133
ip host cvp4cc1.cisco.com 10.4.33.131
For SIP/TCP:
ip host _sip._tcp.cvp.cisco.com srv 50 50 
5060cvp4cc3.cisco.com
ip host _sip._tcp.cvp.cisco.com srv 50 50 
5060cvp4cc2.cisco.com
ip host _sip._tcp.cvp.cisco.com srv 50 50 
5060cvp4cc1.cisco.com
For SIP/UDP:
ip host _sip._udp.cvp.cisco.com srv 50 50 
5060cvp4cc3.cisco.com
ip host _sip._udp.cvp.cisco.com srv 50 50 
5060cvp4cc2.cisco.com
ip host _sip._udp.cvp.cisco.com srv 50 50

Re: [cisco-voip] PUT Broken Today?

2018-04-26 Thread Ryan Huff

Bruh  how much did the US Government spend on 
healthcare.gov? Remember that s**t show? Like $1T or 
something stupid like that and it still had scale issues in the beginning.

Just goes to show you that money doesn’t fix sloppy programming.

Sent from my iPhone

On Apr 26, 2018, at 16:35, Anthony Holloway 
> wrote:

Huh.  You would think with $50,000,000,000.00 in annual revenue, their website 
would just work.  Then again, they've already got your SmartNet/UCSS money, so 
why would they care?

Thanks for the tip on the email alias.  I'll let you know if that route works 
for me.

On Thu, Apr 26, 2018 at 2:09 PM Matthew Loraditch 
> 
wrote:
This happens to me half the time when I use it.

I just have to try and try again. I’m guessing you could try emailing 
mp-upgra...@cisco.com That use to be an alias for 
manual PUT orders.

Matthew Loraditch
Sr. Network Engineer

p: 443.541.1518

w: www.heliontechnologies.com|  
e: mloradi...@heliontechnologies.com

[cid:image335928.png@4621A588.7A51FF2E]

[Facebook]

[Twitter]

[LinkedIn]

[Helion joins Automotive CX 
Summit]

From: cisco-voip 
> 
On Behalf Of Anthony Holloway
Sent: Thursday, April 26, 2018 3:04 PM
To: Cisco VoIP Group 
>
Subject: [cisco-voip] PUT Broken Today?

Can anyone confirm if PUT is acting up for them today?  Or any other day, for 
that matter.  Perhaps this is a common occurrence with PUT, as I'm not in there 
very much.

I have been trying all morning to order an upgrade for a customer, and I'm 
being taken back to the starting page, as I progress through various stages of 
the process.

E.g.,

I might get to the Accept license agreement page, and then I'm taken back to 
the beginning to enter my contract number again.
Or, I might enter the contract number right at the start, click next, and the 
page just reloads.

I'm using the latest Cisco Chrome browser, though I've tried other browsers as 
well.

Outside of submitting feedback through the web site, how could I get immediate 
help with PUT?  FWIW, I'm ordering a simple CUCM/CUC 10.x to 11.x upgrade.

Thanks.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CNAM database update service

2018-09-27 Thread Ryan Huff

In the US, the far end’s carrier is generally responsible for the lookup/dip in 
the CNAM DB. The calling party’s carrier is generally responsible for the 
updates.

Sent from my iPhone

On Sep 27, 2018, at 12:07, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


Has anyone had any recent success stories on CNAM database updates?

I’ve tried looking at a few, but many say they don’t offer help on non-U.S. 
numbers for some reason. But the data is there since it’s showing up on 
people’s phones.



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook



___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C8a46398e3b0740d1a12208d6249341ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636736612210697484sdata=lDjlwwNcVI6wLFEJ3t62seE%2FwDxdysRU%2FclF6wKTmMg%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUCM 11.5.1SU5 from Pub go to Serviceablity and subscriber error?

2018-10-05 Thread Ryan Huff

Jason, this is usually due to the viewed server not trusting the ipsec cert of
the viewing server, but I’d make sure tomcat is legit too because whatever
stopped the ipsec cert from transferring probably stopped the others to (Ex. a
subscriber was powered off while a new subscriber was added ... etc).

Sent from my iPhone

On Oct 5, 2018, at 15:53, Evgeny Izetov
mailto:eize...@gmail.com>> wrote:

Just built SU5 in a lab a couple of days ago and noticed the same error
initially. In my case the error went away after enabling feature services on
the subscriber. Not sure what that was about.

On Fri, Oct 5, 2018, 2:03 PM Jason Aarons (Americas)
mailto:jason.aar...@dimensiondata.com>> wrote:

Any pointers on when Serviceability can't show services status on another sub
etc? Is that tomcat-trust or ipsec-trust etc?

Seen it on a couple clusters running 11.5.1SU5. Perhaps a known bug.

Db replication status is happy.

Get Outlook for
Android

This email and all contents are subject to the following disclaimer:
"http://www.dimensiondata.com/emaildisclaimer;
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Ce3eb3dac6e8348b5dbbc08d62afc3b05%7C84df9e7fe9f640afb435%7C1%7C0%7C636743660151913547sdata=7M3xFsiBVjETLJRsp4Fj%2Bf7N4xXAhGZ0QFjVnyySGFo%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] HELP

2018-11-01 Thread Ryan Huff

In general? Or with something specific? Aside from Cisco Voice, I’m a pretty 
good carpenter and a decent auto mechanic.

Sent from my iPhone

On Nov 1, 2018, at 09:28, Fry, John 
mailto:john@illinois.gov>> wrote:

help



State of Illinois - CONFIDENTIALITY NOTICE: The information contained in this 
communication is confidential, may be attorney-client privileged or attorney 
work product, may constitute inside information or internal deliberative staff 
communication, and is intended only for the use of the addressee. Unauthorized 
use, disclosure or copying of this communication or any part thereof is 
strictly prohibited and may be unlawful. If you have received this 
communication in error, please notify the sender immediately by return e-mail 
and destroy this communication and all copies thereof, including all 
attachments. Receipt by an unintended recipient does not waive attorney-client 
privilege, attorney work product privilege, or any other exemption from 
disclosure.

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C57316feacdef43d550a108d63ffddc40%7C84df9e7fe9f640afb435%7C1%7C0%7C636766756879501818sdata=5cno5Xbb84KJGmeHHCyaplEtFRdpNj6xrVM%2FXiENBSc%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] jabber for mac with ADFS, credentials repeatedly prompt?

2018-10-30 Thread Ryan Huff

Is forced UPN discovery getting picked up I wonder? Not sure if that’s a thing 
on Mac Jabber ...

In Windows, you’d install the client with the following CLI switches: CLEAR=1 
UPN_DISCOVERY_ENABLED=false CLICK2X=DISABLE



Sent from my iPhone

On Oct 30, 2018, at 15:57, Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>> 
wrote:

Setting up a mac for our marketing person. Jabber keeps saying login is failing 
and keeps prompting my adfs sign-in. I can sign into ucmuser fine, login works 
ok on Windows.
The mac is on the domain if that matters.

Any ideas? We have very few macs in our entire client base and have not seen 
this before.

Matthew Loraditch
Sr. Network Engineer

p: 443.541.1518


w: 
www.heliontechnologies.com
 |  e: 
mloradi...@heliontechnologies.com















___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C3656b4f1a4e24db04b1d08d63ea1ecb1%7C84df9e7fe9f640afb435%7C1%7C0%7C636765262506655890sdata=zbkneKYCbGo3YZ%2FN51ZxFgAzBY5uht4MvzePlduXwIg%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] connected party information while calling webex

2018-11-02 Thread Ryan Huff

UDS services referenced by FQDN or IP?

Sent from my iPhone

On Nov 2, 2018, at 13:55, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


I’ve migrated my development cluster configuration to my production cluster 
configuration and have compared them as best as possible, but I seem to be 
missing connected party information when calling webex from Jabber.

On the development cluster, when I dial 
coy...@acme.webex.com from Jabber and am 
connected, the connected party information at the top of Jabber remains 
coy...@acme.webex.com, however, when I dial the 
same from production, it changes to 
coyote@mailto:coyote@%3cipaddr.of.cucm.sub>>

I’ve reviewed the SIP trunk and dependencies as much as I could and they all 
seem the same. I did some comparison of enterprise parameters and ccm service 
parameters and they too look the same.

I can’t imagine anything expresway or within webex site config would cause this.

Thoughts? Pointers?

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook



___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C562fab46bf0d42e667d308d640ec54b0%7C84df9e7fe9f640afb435%7C1%7C0%7C636767781103601084sdata=YJE317AfF9SoJ6%2BkPwj2UzimeauGWR91KiD295rmcDg%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] WAN Delays > 80ms for CUCM cluster?

2018-11-06 Thread Ryan Huff

You are able to correlate the out-of-band RTT to only when the dbreplication 
stat command is ran, or are there other times the RTT is OOB that isn't related 
to querying the replication status?


Thanks,

-R

From: cisco-voip  on behalf of Nick Barnett 

Sent: Tuesday, November 6, 2018 11:57 AM
To: Cisco VoIP Group
Subject: [cisco-voip] WAN Delays > 80ms for CUCM cluster?

We all know the max latency is 80ms, but ours occasionally goes over. I'm 
trying to track down why but the network team cannot find an issue. We are able 
to reproduce the issue repeatedly by running "utils dbreplication 
runtimestate." Whether this is causing the issue (I doubt it) or that command 
just takes long enough to run that it will eventually find a time that is > 
80ms (my guess Is yes)... I'm not 100% sure.

We opened a case with TAC to find out what that command is actually doing, but 
they won't divulge the info that our network team needs.

My theory is that it's actually calling some shell script in redhat under the 
CLI appliance layer. Has anyone investigated that? Do we know what this command 
is actually doing? Specifically, i want to know where it's getting those ping 
times... is it running a generic ping with generic datagram data? Is it sending 
a 1497 packet of 0x and then 0x? Basically, I'm trying to give the 
network team something to go on because they are saying it's not them. (Of 
course they could run a packet capture and tell me (mostly) what it's doing, 
but it's hard to get their attention when they don't think it's on their end).

Thanks,
Nick

P.S.  We have frequent DB replication issues... at least a few times per 
quarter. This is so annoying and I'm pretty sure it's due to this latency, but 
I can't get anyone to pay attention.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] WAN Delays > 80ms for CUCM cluster?

2018-11-06 Thread Ryan Huff

Nick,

Having network roots, I imagine you’ve tried / evaluate all of this already, 
but still worth mentioning.

1.) From the latent node, traceroute to all the other cluster nodes (since 
dbrep is more of a mesh nowadays). Is it taking the path you expect and/or the 
most optimal if more than one path exists?

2.) High NTP distance to a reference clock or can also cause really weird 
behavior in CCM, as it correlates to dbreplication.

Sent from my iPhone

On Nov 6, 2018, at 15:54, Wes Sisk (wsisk) 
mailto:ws...@cisco.com>> wrote:

Nick,

The features you describe are propagated by both SDL signaling and with a 
dependence on database replication.

At casual observation it sounds like database traffic between nodes may not 
prioritized and may be delayed or dropped.

The 80 msec is especially important for near real-time convergence of the 
distributed processes. Concurrently database replication plays a critical role 
as every process reads its local database.

Very casually:
node1: "Hey node 2, RouteList5 changed”
node2: “okay, let me read the changes from my local database”
node2: I don’t see any changes….

In the mean time database replication is held up in the network….

-Wes


On Nov 6, 2018, at 3:31 PM, Nick Barnett 
mailto:nicksbarn...@gmail.com>> wrote:

We think it is happening frequently WITHOUT this command being ran. Weird stuff 
happens... like deleting a speed dial and it never goes away... or changing the 
distribution order on a route list that auotmatically reverts back after a few 
seconds... or maybe the GUI shows it never reverted back however it is clearly 
not performing the correct algo. I can duplicate the RTT issue by raising the 
packet size to 1200 and doing a repeat 100 packets. it WILL give me times over 
80ms. BUT, the SDL traffic is supposed to be QOS in a certain way and I'm sure 
that the pings I'm doing are NOT being classified and queued properly. It is 
very frustrating that I know what I'm talking (enough to discuss with them, but 
it has been 7 years since I was 100% router jockey) about and can't get them to 
pay attention to a probable network issue.

I have an IP SLA running that shows average latency in the 20ms range. IP SLA 
is a fake red herring if you ask me... it only looks at an AVERAGE every 5 
minutes and if there are no issues, of course it will look great.

Thanks,
Nick

On Tue, Nov 6, 2018 at 12:42 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
You are able to correlate the out-of-band RTT to only when the dbreplication 
stat command is ran, or are there other times the RTT is OOB that isn't related 
to querying the replication status?

Thanks,

-R

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Nick Barnett 
mailto:nicksbarn...@gmail.com>>
Sent: Tuesday, November 6, 2018 11:57 AM
To: Cisco VoIP Group
Subject: [cisco-voip] WAN Delays > 80ms for CUCM cluster?

We all know the max latency is 80ms, but ours occasionally goes over. I'm 
trying to track down why but the network team cannot find an issue. We are able 
to reproduce the issue repeatedly by running "utils dbreplication 
runtimestate." Whether this is causing the issue (I doubt it) or that command 
just takes long enough to run that it will eventually find a time that is > 
80ms (my guess Is yes)... I'm not 100% sure.

We opened a case with TAC to find out what that command is actually doing, but 
they won't divulge the info that our network team needs.

My theory is that it's actually calling some shell script in redhat under the 
CLI appliance layer. Has anyone investigated that? Do we know what this command 
is actually doing? Specifically, i want to know where it's getting those ping 
times... is it running a generic ping with generic datagram data? Is it sending 
a 1497 packet of 0x and then 0x? Basically, I'm trying to give the 
network team something to go on because they are saying it's not them. (Of 
course they could run a packet capture and tell me (mostly) what it's doing, 
but it's hard to get their attention when they don't think it's on their end).

Thanks,
Nick

P.S.  We have frequent DB replication issues... at least a few times per 
quarter. This is so annoying and I'm pretty sure it's due to this latency, but 
I can't get anyone to pay attention.
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] connected party information while calling webex

2018-11-02 Thread Ryan Huff

I meant UC, Siri assumed I meant UDS. How about the CM server references, all 
FQDN as well?

Sent from my iPhone

On Nov 2, 2018, at 14:15, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

What is this UDS thoust speak of?

But seriously, referenced where?

I checked my UC Services, all of those are FQDN. I checked my Service Profile, 
and that just has a “Use UDS for Contact Resolution” option that I’ve checked 
off in both systems.

What would UDS have to do with replacing @acme.webex.com with 
@ though? Curious. I was leaning towards connected party 
information setup.



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7Cf48450122e37408b53a108d640ef23b6%7C84df9e7fe9f640afb435%7C1%7C0%7C636767793166374006=a4EpH0KCC20YVS5XyW5ZrB4e5CimYikE3T0HqB7lr5g%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook



From: Ryan Huff mailto:ryanh...@outlook.com>>
Sent: Friday, November 2, 2018 1:58 PM
To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>
Cc: voyp list, cisco-voip 
(cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>) 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] connected party information while calling webex

UDS services referenced by FQDN or IP?
Sent from my iPhone

On Nov 2, 2018, at 13:55, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’ve migrated my development cluster configuration to my production cluster 
configuration and have compared them as best as possible, but I seem to be 
missing connected party information when calling webex from Jabber.

On the development cluster, when I dial 
coy...@acme.webex.com<mailto:coy...@acme.webex.com> from Jabber and am 
connected, the connected party information at the top of Jabber remains 
coy...@acme.webex.com<mailto:coy...@acme.webex.com>, however, when I dial the 
same from production, it changes to 
coyote@mailto:coyote@%3cipaddr.of.cucm.sub>>

I’ve reviewed the SIP trunk and dependencies as much as I could and they all 
seem the same. I did some comparison of enterprise parameters and ccm service 
parameters and they too look the same.

I can’t imagine anything expresway or within webex site config would cause this.

Thoughts? Pointers?

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7Cf48450122e37408b53a108d640ef23b6%7C84df9e7fe9f640afb435%7C1%7C0%7C636767793166374006=a4EpH0KCC20YVS5XyW5ZrB4e5CimYikE3T0HqB7lr5g%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook



___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C562fab46bf0d42e667d308d640ec54b0%7C84df9e7fe9f640afb435%7C1%7C0%7C636767781103601084sdata=YJE317AfF9SoJ6%2BkPwj2UzimeauGWR91KiD295rmcDg%3Dreserved=0<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7Cf48450122e37408b53a108d640ef23b6%7C84df9e7fe9f640afb435%7C1%7C0%7C636767793166530272=SVv1UgvBQ%2Bc24oveufySuPG4gw93FfnnDLPqf5uZSrM%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CCIEv2

2018-09-28 Thread Ryan Huff

Don’t discount dcloud.cisco.com either; not a full 
featured a la carte lab but is a way to get hands on with some equipment, for 
free.

Sent from my iPhone

On Sep 28, 2018, at 18:58, Benjamin Turner 
mailto:benmtur...@hotmail.com>> wrote:

Thanks Anthony, I get you, but its damn near murder to get the ova and iso’s 
than it is I to get the hardware. Also, my lab has come in handy not just for 
the labs but for customer testing. I will look into a training partner like Vik 
(collab). Just find it frustrating, almost like as if they are setting you up 
for failure.




Sent from 
Mail
 for Windows 10


From: Anthony Holloway mailto:avhollo...@gmail.com>>
Sent: Friday, September 28, 2018 6:00:42 PM
To: Benjamin Turner
Cc: Cisco VoIP Group
Subject: Re: [cisco-voip] CCIEv2

I feel your frustration, but this journey is not free, nor cheap. Get ready to 
sacrifice some shit, if you really want it.

Also, I'm against building home labs for this specific journey. Just sign on 
with a training partner, and they'll have you covered.

That's just my opinion.

On Fri, Sep 28, 2018, 4:24 PM Benjamin Turner 
mailto:benmtur...@hotmail.com>> wrote:
Off topic. Gearing up for my ccie v2 lab.

Why is it that I have to search and pay for useless ova’s and iso’s that don’t 
work for this test lab unless I have a Cisco customer contract? Demo licenses 
are free but CUCM Pub/SUB ova are not unless you have a contract.



Dang,
Ben


Sent from 
Mail
 for Windows 10


___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C1d2a10a968a042c4fd6908d62595e00c%7C84df9e7fe9f640afb435%7C1%7C0%7C636737722975726138sdata=maTterV41Kd63FoFYvDLH6kl1FFCFo9HyqLFRLQEZqY%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CCIEv2

2018-09-28 Thread Ryan Huff

Speaking as someone who does have his own lab, (4351, c220, 2x3560-24ps) ... it 
really isn’t all that’s cracked up to be.

I feel like “Owning the lab” is one of those myths people chase and only want 
it until they have it (like owning a boat or in ground swimming pool). It 
sounds nice, till you realize the PITA it is to maintain.

I find my self troubleshooting / changing “my lab” more than I use it.

For the purposes of passing something like the CCIE, I would, as Anthony 
suggests, get a training partner that already has the equipment and is 
reasonably setup in a similar fashion to the lad. That way all you have to do 
is practice.

Sent from my iPhone

On Sep 28, 2018, at 19:07, Benjamin Turner 
mailto:benmtur...@hotmail.com>> wrote:

Thanks Ryan, I will look into that too, but you got to admit… nothing like 
having your own lab.




Sent from 
Mail<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986=02%7C01%7C%7C743d0b387e2d40b6654808d625971afe%7C84df9e7fe9f640afb435%7C1%7C0%7C636737728248235310=tVz57%2B2dzHHVCMCQYiNWlsVCr%2BruvfUHRgcNO67hqtg%3D=0>
 for Windows 10

____
From: Ryan Huff mailto:ryanh...@outlook.com>>
Sent: Friday, September 28, 2018 7:04:35 PM
To: Benjamin Turner
Cc: Anthony Holloway; Cisco VoIP Group
Subject: Re: [cisco-voip] CCIEv2

Don’t discount 
dcloud.cisco.com<https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdcloud.cisco.com=02%7C01%7C%7C743d0b387e2d40b6654808d625971afe%7C84df9e7fe9f640afb435%7C1%7C0%7C636737728248235310=adgLUwNegr0zALa%2BoRRFL8HTnUlV%2FucSYIe85ps%2BRmY%3D=0>
 either; not a full featured a la carte lab but is a way to get hands on with 
some equipment, for free.

Sent from my iPhone

On Sep 28, 2018, at 18:58, Benjamin Turner 
mailto:benmtur...@hotmail.com>> wrote:

Thanks Anthony, I get you, but its damn near murder to get the ova and iso’s 
than it is I to get the hardware. Also, my lab has come in handy not just for 
the labs but for customer testing. I will look into a training partner like Vik 
(collab). Just find it frustrating, almost like as if they are setting you up 
for failure.




Sent from 
Mail<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986=02%7C01%7C%7C1d2a10a968a042c4fd6908d62595e00c%7C84df9e7fe9f640afb435%7C1%7C0%7C636737722975569883=eVx%2FOW2Rr5sDRDAPVmV9tquL7rhiMRXoEaAPFWV7ASU%3D=0>
 for Windows 10


From: Anthony Holloway mailto:avhollo...@gmail.com>>
Sent: Friday, September 28, 2018 6:00:42 PM
To: Benjamin Turner
Cc: Cisco VoIP Group
Subject: Re: [cisco-voip] CCIEv2

I feel your frustration, but this journey is not free, nor cheap. Get ready to 
sacrifice some shit, if you really want it.

Also, I'm against building home labs for this specific journey. Just sign on 
with a training partner, and they'll have you covered.

That's just my opinion.

On Fri, Sep 28, 2018, 4:24 PM Benjamin Turner 
mailto:benmtur...@hotmail.com>> wrote:
Off topic. Gearing up for my ccie v2 lab.

Why is it that I have to search and pay for useless ova’s and iso’s that don’t 
work for this test lab unless I have a Cisco customer contract? Demo licenses 
are free but CUCM Pub/SUB ova are not unless you have a contract.



Dang,
Ben


Sent from 
Mail<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986=02%7C01%7C%7C1d2a10a968a042c4fd6908d62595e00c%7C84df9e7fe9f640afb435%7C1%7C0%7C636737722975569883=eVx%2FOW2Rr5sDRDAPVmV9tquL7rhiMRXoEaAPFWV7ASU%3D=0>
 for Windows 10


___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C1d2a10a968a042c4fd6908d62595e00c%7C84df9e7fe9f640afb435%7C1%7C0%7C636737722975569883=%2BdEMNP2twY9bdmZSWOIj8fqU38dpr8uzlN2dNeUVS44%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C1d2a10a968a042c4fd6908d62595e00c%7C84df9e7fe9f640afb435%7C1%7C0%7C636737722975726138sdata=maTterV41Kd63FoFYvDLH6kl1FFCFo9HyqLFRLQEZqY%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Roomkit only dials SIP uri from phonebook :(

2018-09-29 Thread Ryan Huff

Wow ... that’s a pretty egregious, “forget”.

On Sep 29, 2018, at 12:18, Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

Finally got phonebook working within my roomkit. Turned out, the partner forgot
to disable the “8.0” enterprise parameter after our migration and TVS
certificate wasn’t making its way to the unit.

Anyways, when I select a search result, my only option is to dial the SIP uri
(email address in our case) and no option to select the telephone number entry.
On the sx20 running tc software, at least I can drill down and select the
telephone number.

Anyone find a way around this? I mean, other than manually adding SIP Uris to
every DN?

-sent from mobile device-

www.uoguelph.ca/ccs
| @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C6955e315842b49311bd108d626272a5f%7C84df9e7fe9f640afb435%7C1%7C0%7C636738346979733023sdata=dKUDq4gSDWWdlS4jR3ot2OlmqcNwycd7%2BDl1yAafPbo%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Webex Teams Down

2018-09-25 Thread Ryan Huff

I my 17 years doing this, I have never once caused or suffered a seemingly 
unexplained and unexpected 10+ hour outage of all service to an 
environment/application.

That’s the difference, control.

Sent from my iPhone

On Sep 25, 2018, at 11:05, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

In my mind, this is no different than an on prem migration/upgrade/change/etc 
going south.  The fact that the impacted service is in the cloud, is not 
important.  Even if the Internet connection itself went down, that's no 
different than a private MPLS outage.

From an end user's perspective, whether cloud or on prem, the service is simply 
unavailable.  From a CIO perspective, someone else screwed up, and someone else 
is working on it.  I don't see why this is different or interesting.

What is it that do I not get?

On Tue, Sep 25, 2018 at 9:11 AM Palmer, Brian 
mailto:brian.pal...@bcbsfl.com>> wrote:
This sure is rather wild that it has been down for so long.  We only have a few 
boards, but I do hope that every business user is reviewing the word “cloud” 
and how great it really is within this context.


From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Matthew Loraditch
Sent: Tuesday, September 25, 2018 9:43 AM
To: Ryan Huff mailto:ryanh...@outlook.com>>; Matt 
Jacobson mailto:m4ttjacob...@gmail.com>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Webex Teams Down

The RFO for this one is going to be a doozy. On meetings they are migrating all 
users who had been upgraded to Video Platform 2.0 back to 1.0. I have no idea 
of the scope but that seems like a pretty big undertaking and a tiny insight 
into how screwed up whatever happened is.



Matthew Loraditch

Sr. Network Engineer


p: 443.541.1518



w: 
http://defang.bcbsfl.com/defang.php?url=www.heliontechnologies.com<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdefang.bcbsfl.com%2Fdefang.php%3Furl%3Dhttp%3A%2F%2Fwww.heliontechnologies.com%2F=02%7C01%7C%7Ca10d1791a9b34c9b0c2408d622f86156%7C84df9e7fe9f640afb435%7C1%7C0%7C636734847507934813=uXL7JSJPsyEqfh0fIe5bhiCd5WEmW1bwIFBkQ8INuzE%3D=0>

 |

e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>


[cid:image001.png@01D454B8.19DE9440]


[Facebook]<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdefang.bcbsfl.com%2Fdefang.php%3Furl%3Dhttps%3A%2F%2Ffacebook.com%2Fheliontech=02%7C01%7C%7Ca10d1791a9b34c9b0c2408d622f86156%7C84df9e7fe9f640afb435%7C1%7C0%7C636734847507934813=1FsLL1I5tlE18UfoHFAghLVkvL%2B0rx5BtjMcX69hNio%3D=0>



[Twitter]<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fheliontech=02%7C01%7C%7Ca10d1791a9b34c9b0c2408d622f86156%7C84df9e7fe9f640afb435%7C1%7C0%7C636734847507934813=75BhR77OcbhxO9VttwTqWUCG6NGYPs7MCI9NdHbDFKQ%3D=0>


[LinkedIn]<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdefang.bcbsfl.com%2Fdefang.php%3Furl%3Dhttps%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fhelion-technologies=02%7C01%7C%7Ca10d1791a9b34c9b0c2408d622f86156%7C84df9e7fe9f640afb435%7C1%7C0%7C636734847507934813=rH9O9Mlp1AEDp9Amd1U52g58MvW%2B%2FMapbe3zZZfkIDE%3D=0>







From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Ryan Huff
Sent: Tuesday, September 25, 2018 9:36 AM
To: Matt Jacobson mailto:m4ttjacob...@gmail.com>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Webex Teams Down

Who wants to go in with me on creating an on-prem DR application for individual 
WebEx Teams domains? Lol ... the cloud ... yup, let’s do that ...

The cloud is a little like networking before segmentation  anything impacts 
everything 樂
The only things I can think of that could possibly take this long would be like 
having to restore things from backup or waiting on uber large database indices 
to rebuild or reindex . hope things get restored soon!

On Sep 25, 2018, at 07:22, Matt Jacobson 
mailto:m4ttjacob...@gmail.com>> wrote:
Webex meetings is still working, but you can’t dial in with video endpoints.

On Tue, Sep 25, 2018 at 15:10 Bernhard Albler 
mailto:bernhard.alb...@gmail.com>> wrote:
yeah, crazy outage, basically the full working day for us here in Europe
it also impacts CMR for customers on Video Platform v2 ( which should be most)

On Tue 25. Sep 2018 at 12:39, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
I haven't seen one this long this since the early days of Spark ... been down 
since 9:22PM eastern on 9-24-18 ... wow 

 
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
http://defang.bcbsfl.com/defang.php?url=https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam01.safelinks.protection.outlook.co

Re: [cisco-voip] Webex Teams Down

2018-09-25 Thread Ryan Huff

That’s the value prop of the cloud though; “we take away the risk of your 
on-prem infrastructure, but you have to pay for that in control of your 
service, experience and ability to troubleshoot”.

I tell folks all the time risk mitigation paid for by giving up control is 
never a good idea.

- Ryan

On Sep 25, 2018, at 11:30, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


I know that for my maintenance activities I evaluate the risk vs potential 
impact vs backout requirements to understand how much effort I put in to 
preparing things. One time I scavenged our e-waste pile for compatible HP 
hardware and purchased old CPUs for an upgrade to ensure that I had at most a 
90minute backout (plugging wires and turning up servers x 9). Restoring from 
backup was just too long in this case.

I don’t begin to fathom the complexity of the webex backend service, but I find 
it hard to believe there were not options available to ensure a quick and 
orderly backout plan – not simply restoring from backup. Would it be expensive? 
Sure, but define “expensive” relative to the impact this has caused.






---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C2402c8f43c8c4758269808d622fbc66c%7C84df9e7fe9f640afb435%7C1%7C0%7C636734862088992900=wmNZlQ1OIZdMxkQo%2FZR%2BpvyIG0uGwIJPIUPkyTMzgM4%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook



From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Ryan Huff
Sent: Tuesday, September 25, 2018 11:20 AM
To: Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>>
Cc: Cisco VoIP Group 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Webex Teams Down

I my 17 years doing this, I have never once caused or suffered a seemingly 
unexplained and unexpected 10+ hour outage of all service to an 
environment/application.

That’s the difference, control.

Sent from my iPhone

On Sep 25, 2018, at 11:05, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:
In my mind, this is no different than an on prem migration/upgrade/change/etc 
going south.  The fact that the impacted service is in the cloud, is not 
important.  Even if the Internet connection itself went down, that's no 
different than a private MPLS outage.

From an end user's perspective, whether cloud or on prem, the service is simply 
unavailable.  From a CIO perspective, someone else screwed up, and someone else 
is working on it.  I don't see why this is different or interesting.

What is it that do I not get?

On Tue, Sep 25, 2018 at 9:11 AM Palmer, Brian 
mailto:brian.pal...@bcbsfl.com>> wrote:
This sure is rather wild that it has been down for so long.  We only have a few 
boards, but I do hope that every business user is reviewing the word “cloud” 
and how great it really is within this context.


From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Matthew Loraditch
Sent: Tuesday, September 25, 2018 9:43 AM
To: Ryan Huff mailto:ryanh...@outlook.com>>; Matt 
Jacobson mailto:m4ttjacob...@gmail.com>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Webex Teams Down

The RFO for this one is going to be a doozy. On meetings they are migrating all 
users who had been upgraded to Video Platform 2.0 back to 1.0. I have no idea 
of the scope but that seems like a pretty big undertaking and a tiny insight 
into how screwed up whatever happened is.



Matthew Loraditch

Sr. Network Engineer


p: 443.541.1518



w: 
http://defang.bcbsfl.com/defang.php?url=www.heliontechnologies.com<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdefang.bcbsfl.com%2Fdefang.php%3Furl%3Dhttp%3A%2F%2Fwww.heliontechnologies.com%2F=02%7C01%7C%7C2402c8f43c8c4758269808d622fbc66c%7C84df9e7fe9f640afb435%7C1%7C0%7C636734862088992900=ErnApJU4sVTVGvv4VOZS%2BfIgi4NgwQrjgKi4C1zA7%2F8%3D=0>

 |

e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>


[cid:image001.png@01D454B8.19DE9440]


[Facebook]<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdefang.bcbsfl.com%2Fdefang.php%3Furl%3Dhttps%3A%2F%2Ffacebook.com%2Fheliontech=02%7C01%7C%7C2402c8f43c8c4758269808d622fbc66c%7C84df9e7fe9f640afb435%7C1%7C0%7C636734862088992900=hTymIht3fd6eTaa3cazbZtFsoIz7TiVVvdbnktGrOl8%3D=0>



[Twitter]<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fheliontech=02%7C01%7C%7C2402c8f43c8c4758269808d622fbc66c%7C84df9e7fe9f640afb435%7C1%7C0%7C636734862088992900=PKWIWg7BUBTL3tCoLnN5LTGLF0%2F0wwFccKqTlVtBFRk%3D=0

Re: [cisco-voip] Auto Attendant setup

2018-12-31 Thread Ryan Huff

Are you using SIP (on the dial peer and CUC ports)? If not, I’d use SIP as it 
tends to work better in my experience. Additionally, make sure the dial peer’s 
DTMF method supports RTP-NTE (dtmf-relay rtp-nte). Make sure you have codecs in 
the dial peer matched for whatever you have set in CUC (G711ulaw should work by 
way of default settings in CUC).

Also, verify the VGW is specifying a MWI server (mwi-server xx.xx.xx.xx 
unsolicited).

Thanks,

Ryan

On Dec 31, 2018, at 08:24, Ahmed Abd EL-Rahman 
mailto:ahmed.rah...@bmbgroup.com>> wrote:

Dear Gents,

I have a CUCM 11.5 setup with central and remote sites, each remote site has a 
local Unity connection providing Auto Attendant functionality and everything is 
working just fine except for one point which is during WAN outage the SRST on 
the site voice gateway router is hosting phones and phones can call each others 
and place outside PSTN calls successfully, but incoming calls to the site 
through PSTN lines is not hunting in the AA on the local CUC although I have a 
dial peer for the pilot pointing to the CUC IP address and the IP address of 
the VGW is added to the list of servers in the ports configurations on CUC.

So I do appreciate if anyone have a working configuration example of such 
scenario which makes the AA on local CUC works during SRST situation (WAN 
outage) or at least highlight the needed configurations.


Thanks.



Best Regards

Ahmed Abd EL-Rahman
Senior Network Engineer

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C1ef617cd8f37496b125f08d66f234e4b%7C84df9e7fe9f640afb435%7C1%7C0%7C636818594759467802sdata=DDe02gfJB5RYvJbfyOmqrnlfeBdIwafwB7JzlZZiOXc%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Shenanigans

2019-01-02 Thread Ryan Huff

He announced he was leaving (but not where) shortly before, “the great Webex 
outage of 2018”.

Sent from my iPhone

On Jan 2, 2019, at 17:27, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


Geez. I had no idea RT had left Cisco.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7Cb481047c5b3e41bec34108d671018451%7C84df9e7fe9f640afb435%7C1%7C0%7C636820648663287095=8hfoN6P2a6M%2Fj1EiANdzVjZmwzW6mYfes%2FntXHBK73s%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jan 2, 2019, at 5:21 PM, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

Y’all see where JD just landed? This is starting to get interesting..



-Ryan
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7Cb481047c5b3e41bec34108d671018451%7C84df9e7fe9f640afb435%7C1%7C0%7C636820648663287095=zVQGEJGusp8eRBatDww%2FffUgWEH7b2l48%2FjcAF7Zxik%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] PCI DSS compliance for Cisco IPT/UCCX

2019-01-22 Thread Ryan Huff

At a high level I’d think you’ll need to look into SRTP (aka voice encryption) 
enabled system-wide, no call recording (which you can’t do with SRTP anyway) 
and possibly no call monitoring too (at least on the PII calls).

Then adhere to all the physical access rules for servers that store or transmit 
PII (personally identifiable information).

You may need to research database storage requirements as it relates to PCI. 
I’m assuming the UCCX environment is what will be dealing with the PII; while 
UCCX doesn’t have the capacity to outright store CC info, it may be possible 
that some of that info is captured in logs, depending on how your environment 
is set up.

You’d have to do a lot of dry runs in the UCCX environment and run all the 
calling scenarios that interact with PII to ensure traces of it do not get 
logged.

Obviously nothing can be done to the UCCX database outside of what Cisco 
supports, like encrypt table values that aren’t encrypted.. etc

Sent from my iPhone

> On Jan 22, 2019, at 01:23, Ki Wi  wrote:
> 
> Hi Group,
> I have a customer who is querying on how can we make their existing Cisco IPT 
> (with UCCX) PCI DSS compliance since the new upcoming site we are planning to 
> deploy will handle sensitive data such as credit cards information.
> 
> Any folks out there have experience doing this?
> 
> Do we need voice encryption? Turn on TLS v1.1 ? etc? 
> 
> -- 
> Regards,
> Ki Wi
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Cb9218ac35b024bba75db08d680321fbe%7C84df9e7fe9f640afb435%7C1%7C0%7C636837350098382558sdata=%2Fb%2BfDpOqy2BHdBZ%2F%2F%2B%2BYB7FyBrE4lznDiRI1dlwChC4%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] Expressway cluster algorithm

2019-01-23 Thread Ryan Huff

Can anyone explain or cite the documents that define the algorithm used to 
determine which Expressway node in a given cluster is selected to process a 
call.

You can influence the selection with DNS SRV priority and weight, but does not 
appear to guarantee which cluster node is selected each time.

Thanks,

Ryan
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] [EXT] Expressway cluster algorithm

2019-01-23 Thread Ryan Huff



> On Jan 23, 2019, at 15:29, Ryan Huff  wrote:
> 
> Thanks for responding!
> 
> “Lowest resource usage” is the most specific info I’ve ever found. Is that 
> just CPU, or Mem or IOPS or any combo? And which of the “resource” metrics 
> take priority in the decision?
> 
> Thanks,
> 
> Ryan
> 
>> On Jan 23, 2019, at 15:24, Jeffrey McHugh  wrote:
>> 
>> From exp clustering guide: 
>> 
>> Neighboring Between Expressway Clusters
>> You can neighbor your local Expressway (or Expressway cluster) to a remote 
>> Expressway cluster; this remote cluster could be a neighbor, traversal 
>> client, or traversal server to your local Expressway. In this case, when a 
>> call is received on your local Expressway and is passed via the relevant 
>> zone to the remote cluster, it will be routed to whichever peer in that 
>> neighboring cluster has the lowest resource usage. That peer will then 
>> forward the call as appropriate to one of its:
>> ■
>> locally registered endpoints (if the endpoint is registered to that peer)
>> ■
>> peers (if the endpoint is registered to another peer in that cluster)
>> ■
>> external zones (if the endpoint has been located elsewhere)
>> For Expressway: Lowest resource usage is determined by comparing the number 
>> of available media sessions (maximum - current use) on the peers, and 
>> choosing the peer with the highest number. Peers that are in maintenance 
>> mode are not considered
>> 
>> 
>> Jeffrey McHugh | Sr. Collaboration Consulting Engineer 
>> 
>> Fidelus Technologies, LLC
>> Named Best UC Provider in the USA
>> 240 West 35th Street, 6th Floor, New York, NY 10001
>> +1-212-616-7801 office | +1-212-616-7850 fax | 
>> https://nam01.safelinks.protection.outlook.com/?url=www.fidelus.comdata=02%7C01%7C%7Ca2cd61d7048d4afb98d608d68170cfe5%7C84df9e7fe9f640afb435%7C1%7C0%7C636838718849178018sdata=IxL%2FSJK83B2mQG545Le3qssuCOftt83%2F0QQolzc8r4A%3Dreserved=0
>> 
>> Disclaimer - This email and any files transmitted with it are confidential 
>> and intended solely for the person(s) addressed to. If you are not the named 
>> addressee you should not disseminate, distribute, copy or alter this email. 
>> Any views or opinions presented in this email are solely those of the author 
>> and might not represent those of Fidelus Technologies, LLC. Warning: 
>> Although Fidelus Technologies, LLC has taken reasonable precautions to 
>> ensure no viruses are present in this email, the company cannot accept 
>> responsibility for any loss or damage arising from the use of this email or 
>> attachments.
>> -Original Message-
>> From: cisco-voip  On Behalf Of Ryan Huff
>> Sent: Wednesday, January 23, 2019 3:19 PM
>> To: cisco-voip@puck.nether.net
>> Subject: [EXT] [cisco-voip] Expressway cluster algorithm
>> 
>> Can anyone explain or cite the documents that define the algorithm used to 
>> determine which Expressway node in a given cluster is selected to process a 
>> call.
>> 
>> You can influence the selection with DNS SRV priority and weight, but does 
>> not appear to guarantee which cluster node is selected each time.
>> 
>> Thanks,
>> 
>> Ryan
>> ___
>> cisco-voip mailing list
>> cisco-voip@puck.nether.net
>> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Ca2cd61d7048d4afb98d608d68170cfe5%7C84df9e7fe9f640afb435%7C1%7C0%7C636838718849178018sdata=8TCE6Oe71Y8smfXAbH8%2B47evW%2BKbM%2B2uYltLn1cuxFM%3Dreserved=0
>> 
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] [EXT] Expressway cluster algorithm

2019-01-23 Thread Ryan Huff



Sent from my iPhone

> On Jan 23, 2019, at 15:34, Ryan Huff  wrote:
> 
> Or, rather than fixed machine resources, could it be application resource 
> logic (node with the most recent, least amount of calls.. etc)?
> 
> Sent from my iPhone
> 
>> On Jan 23, 2019, at 15:29, Ryan Huff  wrote:
>> 
>> Thanks for responding!
>> 
>> “Lowest resource usage” is the most specific info I’ve ever found. Is that 
>> just CPU, or Mem or IOPS or any combo? And which of the “resource” metrics 
>> take priority in the decision?
>> 
>> Thanks,
>> 
>> Ryan
>> 
>>> On Jan 23, 2019, at 15:24, Jeffrey McHugh  wrote:
>>> 
>>> From exp clustering guide: 
>>> 
>>> Neighboring Between Expressway Clusters
>>> You can neighbor your local Expressway (or Expressway cluster) to a remote 
>>> Expressway cluster; this remote cluster could be a neighbor, traversal 
>>> client, or traversal server to your local Expressway. In this case, when a 
>>> call is received on your local Expressway and is passed via the relevant 
>>> zone to the remote cluster, it will be routed to whichever peer in that 
>>> neighboring cluster has the lowest resource usage. That peer will then 
>>> forward the call as appropriate to one of its:
>>> ■
>>> locally registered endpoints (if the endpoint is registered to that peer)
>>> ■
>>> peers (if the endpoint is registered to another peer in that cluster)
>>> ■
>>> external zones (if the endpoint has been located elsewhere)
>>> For Expressway: Lowest resource usage is determined by comparing the number 
>>> of available media sessions (maximum - current use) on the peers, and 
>>> choosing the peer with the highest number. Peers that are in maintenance 
>>> mode are not considered
>>> 
>>> 
>>> Jeffrey McHugh | Sr. Collaboration Consulting Engineer 
>>> 
>>> Fidelus Technologies, LLC
>>> Named Best UC Provider in the USA
>>> 240 West 35th Street, 6th Floor, New York, NY 10001
>>> +1-212-616-7801 office | +1-212-616-7850 fax | 
>>> https://nam01.safelinks.protection.outlook.com/?url=www.fidelus.comdata=02%7C01%7C%7Ca2cd61d7048d4afb98d608d68170cfe5%7C84df9e7fe9f640afb435%7C1%7C0%7C636838718849178018sdata=IxL%2FSJK83B2mQG545Le3qssuCOftt83%2F0QQolzc8r4A%3Dreserved=0
>>> 
>>> Disclaimer - This email and any files transmitted with it are confidential 
>>> and intended solely for the person(s) addressed to. If you are not the 
>>> named addressee you should not disseminate, distribute, copy or alter this 
>>> email. Any views or opinions presented in this email are solely those of 
>>> the author and might not represent those of Fidelus Technologies, LLC. 
>>> Warning: Although Fidelus Technologies, LLC has taken reasonable 
>>> precautions to ensure no viruses are present in this email, the company 
>>> cannot accept responsibility for any loss or damage arising from the use of 
>>> this email or attachments.
>>> -Original Message-
>>> From: cisco-voip  On Behalf Of Ryan Huff
>>> Sent: Wednesday, January 23, 2019 3:19 PM
>>> To: cisco-voip@puck.nether.net
>>> Subject: [EXT] [cisco-voip] Expressway cluster algorithm
>>> 
>>> Can anyone explain or cite the documents that define the algorithm used to 
>>> determine which Expressway node in a given cluster is selected to process a 
>>> call.
>>> 
>>> You can influence the selection with DNS SRV priority and weight, but does 
>>> not appear to guarantee which cluster node is selected each time.
>>> 
>>> Thanks,
>>> 
>>> Ryan
>>> ___
>>> cisco-voip mailing list
>>> cisco-voip@puck.nether.net
>>> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Ca2cd61d7048d4afb98d608d68170cfe5%7C84df9e7fe9f640afb435%7C1%7C0%7C636838718849178018sdata=8TCE6Oe71Y8smfXAbH8%2B47evW%2BKbM%2B2uYltLn1cuxFM%3Dreserved=0
>>> 
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Expressway cluster algorithm

2019-01-23 Thread Ryan Huff

I’m trying to guarantee an active/passive use case; so maintenance mode would 
achieve that (or shutting one side down), but would require manual 
intervention, and be as clunky of a work-a-round as it gets for a runtime 
solution.

-Ryan

On Jan 23, 2019, at 16:00, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’m going to read the responses, but when I opened a TAC case, the engineer 
explained that there were at least two selection processes in play, which C (or 
E) to pick, then which neighbour to pick for the traversal.

She said, if you want to be 100% sure during troubleshooting, that you are 
testing a particular path, you want to put the nodes you don’t want to use into 
maintenance mode.

Made sense to me at the time.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C0cb24a03bff74800270c08d68175ce68%7C84df9e7fe9f640afb435%7C1%7C0%7C636838740301717401=ixteprRLq580fRH9n5Vdp56wsISGhi1HDpffXABFEaM%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jan 23, 2019, at 3:19 PM, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

Can anyone explain or cite the documents that define the algorithm used to 
determine which Expressway node in a given cluster is selected to process a 
call.

You can influence the selection with DNS SRV priority and weight, but does not 
appear to guarantee which cluster node is selected each time.

Thanks,

Ryan
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C0cb24a03bff74800270c08d68175ce68%7C84df9e7fe9f640afb435%7C1%7C0%7C636838740301717401=2mmMZhO1t3Vhh%2BG79v4suvzjEh1igrmBc3j2LMXU4ug%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Expressway cluster algorithm

2019-01-23 Thread Ryan Huff

Well, ideally each inbound caller’s endpoint uses the same implementation of 
DNS SRV as defined in RFC2782 and respects priorities and weights (my SIP SRV 
targets the edge cluster FQDN).

And to your point, I can reliably control the edge that accepts the initial 
inbound INVITE with SRV manipulation, but cannot reliably predict which control 
peer is used (though you can usually make a good guess).

Ideally, I am trying to guarantee an active/passive use case in all scenarios, 
ingress and egress.

Sent from my iPhone

On Jan 23, 2019, at 16:32, Brian Meade 
mailto:bmead...@vt.edu>> wrote:

Is this for inbound B2B or for MRA?

If inbound B2B, it's more up to the caller's implementation of DNS.  If the 
caller is Webex, their may be some documented behavior out there somewhere.

On Wed, Jan 23, 2019 at 4:17 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
I’m trying to guarantee an active/passive use case; so maintenance mode would 
achieve that (or shutting one side down), but would require manual 
intervention, and be as clunky of a work-a-round as it gets for a runtime 
solution.

-Ryan

On Jan 23, 2019, at 16:00, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’m going to read the responses, but when I opened a TAC case, the engineer 
explained that there were at least two selection processes in play, which C (or 
E) to pick, then which neighbour to pick for the traversal.

She said, if you want to be 100% sure during troubleshooting, that you are 
testing a particular path, you want to put the nodes you don’t want to use into 
maintenance mode.

Made sense to me at the time.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C4952beb33b064065817608d6817a4fd3%7C84df9e7fe9f640afb435%7C1%7C0%7C636838759650501266=1%2Br2cLteB5DSYaYHM%2FK0FKD7uTK%2B1HxiY%2FQB0oSIJ8c%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jan 23, 2019, at 3:19 PM, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

Can anyone explain or cite the documents that define the algorithm used to 
determine which Expressway node in a given cluster is selected to process a 
call.

You can influence the selection with DNS SRV priority and weight, but does not 
appear to guarantee which cluster node is selected each time.

Thanks,

Ryan
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C4952beb33b064065817608d6817a4fd3%7C84df9e7fe9f640afb435%7C1%7C0%7C636838759650501266=pIdjV%2F45m%2Fq0IH45cl8WNOWTJ46jM30ktTe3znSCWIY%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C4952beb33b064065817608d6817a4fd3%7C84df9e7fe9f640afb435%7C1%7C0%7C636838759650501266=pIdjV%2F45m%2Fq0IH45cl8WNOWTJ46jM30ktTe3znSCWIY%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Expressway cluster algorithm

2019-01-23 Thread Ryan Huff

SRV weights and priorities do influence the selection, but do not guarantee. 
The accepting peer can pass to the other peer if the other peer is less 
utilized.

Sent from my iPhone

On Jan 23, 2019, at 16:35, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

Gotcha. IIRC, you can’t put weight on traversal neighbours.

So you can use dns srv record weights to pick the C out or the E in, but once 
inside the cluster picking the next hop E (or C) is round robin.

Interested to hear comments.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C40d50e2f043942d852fb08d6817aa3b9%7C84df9e7fe9f640afb435%7C1%7C0%7C636838761063159095=MvKoUVer%2B6g0ybMCWVyTM14y7jEm7F%2BxekLAaxh6uxU%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jan 23, 2019, at 4:17 PM, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

I’m trying to guarantee an active/passive use case; so maintenance mode would 
achieve that (or shutting one side down), but would require manual 
intervention, and be as clunky of a work-a-round as it gets for a runtime 
solution.

-Ryan

On Jan 23, 2019, at 16:00, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’m going to read the responses, but when I opened a TAC case, the engineer 
explained that there were at least two selection processes in play, which C (or 
E) to pick, then which neighbour to pick for the traversal.

She said, if you want to be 100% sure during troubleshooting, that you are 
testing a particular path, you want to put the nodes you don’t want to use into 
maintenance mode.

Made sense to me at the time.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C40d50e2f043942d852fb08d6817aa3b9%7C84df9e7fe9f640afb435%7C1%7C0%7C636838761063159095=MvKoUVer%2B6g0ybMCWVyTM14y7jEm7F%2BxekLAaxh6uxU%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jan 23, 2019, at 3:19 PM, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

Can anyone explain or cite the documents that define the algorithm used to 
determine which Expressway node in a given cluster is selected to process a 
call.

You can influence the selection with DNS SRV priority and weight, but does not 
appear to guarantee which cluster node is selected each time.

Thanks,

Ryan
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C40d50e2f043942d852fb08d6817aa3b9%7C84df9e7fe9f640afb435%7C1%7C0%7C636838761063159095=uAue74Lpq8SLo3YtsIe7A190%2BvTUcZf2g1cazqdmUEE%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

A SIP ping is really just a SIP OPTIONS message (and a resulting far end ACK), 
designed to advertise capabilities and available options, but more often used 
as a method to validate the existence of a SIP path.

Sent from my iPhone

On Dec 20, 2018, at 14:14, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


I’ll be honest. I didn’t know there was a difference.

I’m guessing a SIP trunk to a third party app that is reported as down due to 
to sip option ping really is down and not some silly networking issue where an 
icmp ping was failing.

This is good to know.

And the last thing I will learn this year. ;)



-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C038a1b1d9b1542f2e34508d666af51fa%7C84df9e7fe9f640afb435%7C1%7C0%7C636809300508883617=2vz8v5U4SXwGr2pu%2FvitHMPF4%2FYL%2FXiv4TzxWp%2Fh%2B4U%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Dec 20, 2018, at 1:01 PM, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Erik,

That's an interesting insight.  It kind of sounds like you think ICMP Ping and 
SIP OPTIONS Ping are related, but they are completely different.

Just because you cannot ICMP Ping the SIP Peer at L3, doesn't mean you cannot 
OPTIONs them.

Am I understanding your thought process correctly?

On Thu, Dec 20, 2018 at 11:53 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:


Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional

____
From: Ryan Huff mailto:ryanh...@outlook.com>>
Sent: Thursday, December 20, 2018 12:46 PM
To: Erik Anderson
Subject: Re: [cisco-voip] SIP Fail over

Not sure what kind of code you're working with but if its modern, you could try 
server groups. Here is a snippet from one of mine (using AT admitidly), 
sanitized for the NSA ...

voice class server-group 100
 ipv4 12.x.x.x preference 1
 ipv4 12.x.x.x preference 2
 ipv4 12.x.x.x preference 3
 ipv4 12.x.x.x preference 1
 description PSTN SIGNALING PEERS
!
voice class server-group 200
 ipv4 10.x.x.x preference 3
 ipv4 10.x.x.x preference 1
 ipv4 10.x.x.x preference 2
 description CUCM SIGNALING PEERS
!
voice class sip-options-keepalive 100
 description PSTN HEARTBEAT
!
voice class sip-options-keepalive 200
 description CCM HEARTBEAT
!
{ .. other config .. }

dial-peer voice 100 voip
 description INGRESS/EGRESS WITH PSTN
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 100
 destination dpg 200
 incoming uri via PSTN
 voice-class codec 1
 voice-class sip options-ping 60
 voice-class sip profiles 100
 voice-class sip options-keepalive profile 100
 voice-class sip bind control source-interface 
 voice-class sip bind media source-interface 
 dtmf-relay rtp-nte sip-notify
 no vad
!
dial-peer voice 200 voip
 description INGRESS/EGRESS WITH CUCM
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 200
 destination dpg 100
 incoming uri via CUCM
 voice-class codec 1
 voice-class sip profiles 200
 voice-class sip options-keepalive profile 200
 voice-class sip bind control source-interface 
 voice-class sip bind media source-interface 
 dtmf-relay rtp-nte sip-notify
 no vad
!

Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional


From: Erik Anderson 
mailto:erik.anderson...@gmail.com>>
Sent: Thursday, December 20, 2018 12:37 PM
To: Ryan Huff
Subject: Re: [cisco-voip] SIP Fail over

Ryan,

Level 3 does not support options ping. If i try to ping the call control IP it 
will always fail. There is a separate pingable address, but I didnt think i 
could configure the options ping to use any address other than the target.

On Thu, Dec 20, 2018 at 11:34 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Couldn't you just use voice class sip options/keepalives to mark when the ITSP 
is down, so CUCM marks the trunk out of service and fails to the next route 
group member immediately (ideally, your secondary CUBE)? Seems like thats a 
more natural way of doing it versus using IP SLAs...

Thanks,

- Ryan

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Erik Anderson 
mailto:erik.anderson...@gmail.com>>
Sent: Thursday, December 20, 2018 12:03 PM
To: cisco-voip voyp list
Subject: [cisco-voip] SIP Fail over

Morning Folks,


We have implemented a new SIP solution with Level 3 and found that we have 
outboun

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

Not sure what kind of code you're working with but if its modern, you could try 
server groups. Here is a snippet from one of mine (using AT admitidly), 
sanitized for the NSA ...

voice class server-group 100
 ipv4 12.x.x.x preference 1
 ipv4 12.x.x.x preference 2
 ipv4 12.x.x.x preference 3
 ipv4 12.x.x.x preference 1
 description PSTN SIGNALING PEERS
!
voice class server-group 200
 ipv4 10.x.x.x preference 3
 ipv4 10.x.x.x preference 1
 ipv4 10.x.x.x preference 2
 description CUCM SIGNALING PEERS
!
voice class sip-options-keepalive 100
 description PSTN HEARTBEAT
!
voice class sip-options-keepalive 200
 description CCM HEARTBEAT
!
{ .. other config .. }

dial-peer voice 100 voip
 description INGRESS/EGRESS WITH PSTN
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 100
 destination dpg 200
 incoming uri via PSTN
 voice-class codec 1
 voice-class sip options-ping 60
 voice-class sip profiles 100
 voice-class sip options-keepalive profile 100
 voice-class sip bind control source-interface 
 voice-class sip bind media source-interface 
 dtmf-relay rtp-nte sip-notify
 no vad
!
dial-peer voice 200 voip
 description INGRESS/EGRESS WITH CUCM
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 200
 destination dpg 100
 incoming uri via CUCM
 voice-class codec 1
 voice-class sip profiles 200
 voice-class sip options-keepalive profile 200
 voice-class sip bind control source-interface 
 voice-class sip bind media source-interface 
 dtmf-relay rtp-nte sip-notify
 no vad
!


Thanks,

Ryan


From: Anthony Holloway 
Sent: Thursday, December 20, 2018 12:46 PM
To: NateCCIE
Cc: Ryan Huff; Erik Anderson; cisco-voip voyp list
Subject: Re: [cisco-voip] SIP Fail over

Agreed, but it would be terrible if they stated they don't support it, you 
bother them with OPTIONS, and then they black list you.  Just be careful and 
get written approval, is all I'm saying.

On Thu, Dec 20, 2018 at 11:44 AM NateCCIE 
mailto:natec...@gmail.com>> wrote:

When you say level3 does not support options ping, do you mean they won’t ping 
you for failover, or they don’t allow you to send it to them?  Only two 
messages and the lack of any response will busy the endpoint, anything else if 
good enough for CUBE.



[cid:167ccb998e34cff311]



From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Ryan Huff
Sent: Thursday, December 20, 2018 10:35 AM
To: Erik Anderson 
mailto:erik.anderson...@gmail.com>>; cisco-voip 
voyp list mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] SIP Fail over



Couldn't you just use voice class sip options/keepalives to mark when the ITSP 
is down, so CUCM marks the trunk out of service and fails to the next route 
group member immediately (ideally, your secondary CUBE)? Seems like thats a 
more natural way of doing it versus using IP SLAs...



Thanks,



- Ryan



From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Erik Anderson 
mailto:erik.anderson...@gmail.com>>
Sent: Thursday, December 20, 2018 12:03 PM
To: cisco-voip voyp list
Subject: [cisco-voip] SIP Fail over



Morning Folks,


We have implemented a new SIP solution with Level 3 and found that we have 
outbound calling failover issues. When a CUBE loses its ability to talk to its 
Level 3 Peer, but can still talk to CUCM outbound calls will still connect to 
the CUBE, but fail connecting to Level 3. In turn CUCM still thinks the call is 
connected since the CUCM SIP trunk remains up to the CUBE.



Architecture Notes:



4 Locations with 1 CUBE Each

4 CUCM SIP Trunks with each connecting to one of the 4 CUBEs

4 CUCM Route Groups with Various CUBE/SIP Trunks assigned a Distribution 
Algorithm of Top Down

Each CUBE has 2 SIP Peers

Each CUBE can only talk to its respective SIP peer via its local Level 3 
Transport to reduce call control latency by not allowing it to use the DMVPN 
backup network

Level 3 does not support SIP Options Ping

CUCM Trunks have SIP Options Ping enabled



Call Flows:



Working Flow:



Phone > SLRG > Route Group Member #1 > CUBE SIP TRUNK > CUBE 
> Level 3 Transport > Level 3 SIP Peer #1/#2 > Call Completes





CUBE Failure:



Phone > SLRG >

 Route Group Member #1 > CUBE SIP TRUNK --X--> CUBE (CUCM Cant 
Reach CUBE)



CUCM Routes Call to Next Route Group Member



  Route Group Member #2 > CUBE SIP TRUNK > 
CUBE > Level 3 Transport > Level 3 SIP Peer #1/#2 > Call Completes



Level 3 Transport Failure/SIP Server Failure:



Phone > SLRG >

 Route Group Member #1 > CUBE SIP TRUNK > CUBE --X--> Level 3 
Transport (CUBE Cant Reach L

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

Couldn't you just use voice class sip options/keepalives to mark when the ITSP 
is down, so CUCM marks the trunk out of service and fails to the next route 
group member immediately (ideally, your secondary CUBE)? Seems like thats a 
more natural way of doing it versus using IP SLAs...

Thanks,

- Ryan

From: cisco-voip  on behalf of Erik 
Anderson 
Sent: Thursday, December 20, 2018 12:03 PM
To: cisco-voip voyp list
Subject: [cisco-voip] SIP Fail over

Morning Folks,


We have implemented a new SIP solution with Level 3 and found that we have 
outbound calling failover issues. When a CUBE loses its ability to talk to its 
Level 3 Peer, but can still talk to CUCM outbound calls will still connect to 
the CUBE, but fail connecting to Level 3. In turn CUCM still thinks the call is 
connected since the CUCM SIP trunk remains up to the CUBE.



Architecture Notes:



4 Locations with 1 CUBE Each

4 CUCM SIP Trunks with each connecting to one of the 4 CUBEs

4 CUCM Route Groups with Various CUBE/SIP Trunks assigned a Distribution 
Algorithm of Top Down

Each CUBE has 2 SIP Peers

Each CUBE can only talk to its respective SIP peer via its local Level 3 
Transport to reduce call control latency by not allowing it to use the DMVPN 
backup network

Level 3 does not support SIP Options Ping

CUCM Trunks have SIP Options Ping enabled



Call Flows:



Working Flow:



Phone > SLRG > Route Group Member #1 > CUBE SIP TRUNK > CUBE 
> Level 3 Transport > Level 3 SIP Peer #1/#2 > Call Completes





CUBE Failure:



Phone > SLRG >

 Route Group Member #1 > CUBE SIP TRUNK --X--> CUBE (CUCM Cant 
Reach CUBE)



CUCM Routes Call to Next Route Group Member



  Route Group Member #2 > CUBE SIP TRUNK > 
CUBE > Level 3 Transport > Level 3 SIP Peer #1/#2 > Call Completes



Level 3 Transport Failure/SIP Server Failure:



Phone > SLRG >

 Route Group Member #1 > CUBE SIP TRUNK > CUBE --X--> Level 3 
Transport (CUBE Cant Reach Level 3 SIP Server)



CUCM Thinks Call Connects since the CUBE accepts the call, Phone gets 
dead air, never tries the next RG Member





My idea to fix this is to use an IPSLA to ping the pingable address on the 
Level 3 SIP Servers. If both address are unreachable then shutdown the CUCM 
Dial-Peers. This doesn’t sounds like the best way of fixing it, but it should 
work.



If any has any other better ideas please let me know.

--
Erik Anderson
Telecom Manager
Some Random Corp.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff



Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional


From: Ryan Huff 
Sent: Thursday, December 20, 2018 12:46 PM
To: Erik Anderson
Subject: Re: [cisco-voip] SIP Fail over

Not sure what kind of code you're working with but if its modern, you could try 
server groups. Here is a snippet from one of mine (using AT admitidly), 
sanitized for the NSA ...

voice class server-group 100
 ipv4 12.x.x.x preference 1
 ipv4 12.x.x.x preference 2
 ipv4 12.x.x.x preference 3
 ipv4 12.x.x.x preference 1
 description PSTN SIGNALING PEERS
!
voice class server-group 200
 ipv4 10.x.x.x preference 3
 ipv4 10.x.x.x preference 1
 ipv4 10.x.x.x preference 2
 description CUCM SIGNALING PEERS
!
voice class sip-options-keepalive 100
 description PSTN HEARTBEAT
!
voice class sip-options-keepalive 200
 description CCM HEARTBEAT
!
{ .. other config .. }

dial-peer voice 100 voip
 description INGRESS/EGRESS WITH PSTN
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 100
 destination dpg 200
 incoming uri via PSTN
 voice-class codec 1
 voice-class sip options-ping 60
 voice-class sip profiles 100
 voice-class sip options-keepalive profile 100
 voice-class sip bind control source-interface 
 voice-class sip bind media source-interface 
 dtmf-relay rtp-nte sip-notify
 no vad
!
dial-peer voice 200 voip
 description INGRESS/EGRESS WITH CUCM
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 200
 destination dpg 100
 incoming uri via CUCM
 voice-class codec 1
 voice-class sip profiles 200
 voice-class sip options-keepalive profile 200
 voice-class sip bind control source-interface 
 voice-class sip bind media source-interface 
 dtmf-relay rtp-nte sip-notify
 no vad
!

Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional


From: Erik Anderson 
Sent: Thursday, December 20, 2018 12:37 PM
To: Ryan Huff
Subject: Re: [cisco-voip] SIP Fail over

Ryan,

Level 3 does not support options ping. If i try to ping the call control IP it 
will always fail. There is a separate pingable address, but I didnt think i 
could configure the options ping to use any address other than the target.

On Thu, Dec 20, 2018 at 11:34 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Couldn't you just use voice class sip options/keepalives to mark when the ITSP 
is down, so CUCM marks the trunk out of service and fails to the next route 
group member immediately (ideally, your secondary CUBE)? Seems like thats a 
more natural way of doing it versus using IP SLAs...

Thanks,

- Ryan

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Erik Anderson 
mailto:erik.anderson...@gmail.com>>
Sent: Thursday, December 20, 2018 12:03 PM
To: cisco-voip voyp list
Subject: [cisco-voip] SIP Fail over

Morning Folks,


We have implemented a new SIP solution with Level 3 and found that we have 
outbound calling failover issues. When a CUBE loses its ability to talk to its 
Level 3 Peer, but can still talk to CUCM outbound calls will still connect to 
the CUBE, but fail connecting to Level 3. In turn CUCM still thinks the call is 
connected since the CUCM SIP trunk remains up to the CUBE.



Architecture Notes:



4 Locations with 1 CUBE Each

4 CUCM SIP Trunks with each connecting to one of the 4 CUBEs

4 CUCM Route Groups with Various CUBE/SIP Trunks assigned a Distribution 
Algorithm of Top Down

Each CUBE has 2 SIP Peers

Each CUBE can only talk to its respective SIP peer via its local Level 3 
Transport to reduce call control latency by not allowing it to use the DMVPN 
backup network

Level 3 does not support SIP Options Ping

CUCM Trunks have SIP Options Ping enabled



Call Flows:



Working Flow:



Phone > SLRG > Route Group Member #1 > CUBE SIP TRUNK > CUBE 
> Level 3 Transport > Level 3 SIP Peer #1/#2 > Call Completes





CUBE Failure:



Phone > SLRG >

 Route Group Member #1 > CUBE SIP TRUNK --X--> CUBE (CUCM Cant 
Reach CUBE)



CUCM Routes Call to Next Route Group Member



  Route Group Member #2 > CUBE SIP TRUNK > 
CUBE > Level 3 Transport > Level 3 SIP Peer #1/#2 > Call Completes



Level 3 Transport Failure/SIP Server Failure:



Phone > SLRG >

 Route Group Member #1 > CUBE SIP TRUNK > CUBE --X--> Level 3 
Transport (CUBE Cant Reach Level 3 SIP Server)



CUCM Thinks Call Connects since the CUBE accepts the call, Phone gets 
dead air, never tries the next RG Member





My idea to fix this is to use an IPSLA to ping the pingable address on the 
Level 3 SIP Servers. If both address are unreachable then shutdown the CUCM 
Di

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

Yep, I missed that line ... apologies...

Thanks,

Ryan

From: Anthony Holloway 
Sent: Thursday, December 20, 2018 12:37 PM
To: Ryan Huff
Cc: Erik Anderson; cisco-voip voyp list
Subject: Re: [cisco-voip] SIP Fail over

He did mention that L3 does not support OPTIONS.  But yes, OPTIONs is the 
better solution.

On Thu, Dec 20, 2018 at 11:36 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Couldn't you just use voice class sip options/keepalives to mark when the ITSP 
is down, so CUCM marks the trunk out of service and fails to the next route 
group member immediately (ideally, your secondary CUBE)? Seems like thats a 
more natural way of doing it versus using IP SLAs...

Thanks,

- Ryan

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Erik Anderson 
mailto:erik.anderson...@gmail.com>>
Sent: Thursday, December 20, 2018 12:03 PM
To: cisco-voip voyp list
Subject: [cisco-voip] SIP Fail over

Morning Folks,

We have implemented a new SIP solution with Level 3 and found that we have 
outbound calling failover issues. When a CUBE loses its ability to talk to its 
Level 3 Peer, but can still talk to CUCM outbound calls will still connect to 
the CUBE, but fail connecting to Level 3. In turn CUCM still thinks the call is 
connected since the CUCM SIP trunk remains up to the CUBE.

Architecture Notes:

4 Locations with 1 CUBE Each

4 CUCM SIP Trunks with each connecting to one of the 4 CUBEs

4 CUCM Route Groups with Various CUBE/SIP Trunks assigned a Distribution 
Algorithm of Top Down

Each CUBE has 2 SIP Peers

Each CUBE can only talk to its respective SIP peer via its local Level 3 
Transport to reduce call control latency by not allowing it to use the DMVPN 
backup network

Level 3 does not support SIP Options Ping

CUCM Trunks have SIP Options Ping enabled

Call Flows:

Working Flow:

Phone > SLRG > Route Group Member #1 > CUBE SIP TRUNK > CUBE 
> Level 3 Transport > Level 3 SIP Peer #1/#2 > Call Completes

CUBE Failure:

Phone > SLRG >

 Route Group Member #1 > CUBE SIP TRUNK --X--> CUBE (CUCM Cant 
Reach CUBE)

CUCM Routes Call to Next Route Group Member

  Route Group Member #2 > CUBE SIP TRUNK > 
CUBE > Level 3 Transport > Level 3 SIP Peer #1/#2 > Call Completes

Level 3 Transport Failure/SIP Server Failure:

Phone > SLRG >

 Route Group Member #1 > CUBE SIP TRUNK > CUBE --X--> Level 3 
Transport (CUBE Cant Reach Level 3 SIP Server)

CUCM Thinks Call Connects since the CUBE accepts the call, Phone gets 
dead air, never tries the next RG Member

My idea to fix this is to use an IPSLA to ping the pingable address on the 
Level 3 SIP Servers. If both address are unreachable then shutdown the CUCM 
Dial-Peers. This doesn’t sounds like the best way of fixing it, but it should 
work.

If any has any other better ideas please let me know.

--
Erik Anderson
Telecom Manager
Some Random Corp.
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7Cd7aa791c102f4c926aec08d666a1e9f2%7C84df9e7fe9f640afb435%7C1%7C0%7C636809242925194768=gtrVayMVIGO6Ov%2ByD7TJYxhX4RT7EqzDfT0df84s54k%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

CCM syncs to a local ntp master set at 2 just fine; yields the CCM pub at S3
and cluster subs at S3...

Alternatively, if your router syncs to an S1, and CCM Pub subsequently sync’ed
to said router, you’ll find the CCM pub happily at S2 and the cluster subs then
at an S3. Works great actually.

Sent from my iPhone

On Dec 20, 2018, at 18:05, Anthony Holloway
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Nate,

Good point. Might be hard to finesse a fake stratum into the master command,
without accidentally messing with the selection process. Stratum number isn't
the only criteria, and the process seems to be pretty complex.

Looks like we might not be able to have our cake and eat it too.

You must be referring to the following sentence from the CUCM
SRND<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2Fcucm%2Fsrnd%2Fcollab12%2Fcollab12%2Fnetstruc.html%23pgfId-1497943=02%7C01%7C%7C5e8677a191d94d1bce6f08d666cfb1c5%7C84df9e7fe9f640afb435%7C1%7C0%7C636809439553495449=J42WNMq8Q8hA1KH28asEQpw2Qjt0rHjiXUJ61Ahhu9U%3D=0>:

"Cisco highly recommends configuring the publisher to point to a Stratum-1,
Stratum-2, or Stratum-3 NTP server to ensure that the cluster time is
synchronized with an external time source."

On Thu, Dec 20, 2018 at 4:46 PM NateCCIE
mailto:natec...@gmail.com>> wrote:
I think the lowest cucm will use is a 3?

Sent from my iPhone

On Dec 20, 2018, at 3:35 PM, Anthony Holloway
mailto:avholloway+cisco-v...@gmail.com>> wrote:

I have never seen that done before. I like it!

Just be careful hard coding your stratum to a value of 2 all the time. Instead
it should be a relative value, higher than your reference clock. Or if you do
want a one-size-fits-all stratum, 14
maybe<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.ntp.org%2Fbin%2Fview%2FSupport%2FSelectingOffsiteNTPServers%23Section_5.3.5.=02%7C01%7C%7C5e8677a191d94d1bce6f08d666cfb1c5%7C84df9e7fe9f640afb435%7C1%7C0%7C636809439553495449=JEd%2BRZotzTeLqrXcEx6rEzCjH1SKJhQkTfLzrS%2BEEPc%3D=0>?

Thanks for sharing that tip Ryan!

On Thu, Dec 20, 2018 at 3:52 PM Ryan Huff
mailto:ryanh...@outlook.com>> wrote:
I like ntp master 2 as a fallback, to allow synchronization with the local
device clock in a DR/Outage scenario where I fail sync to the actual reference
clock

Sent from my iPhone

On Dec 20, 2018, at 14:51, Anthony Holloway
mailto:avholloway+cisco-v...@gmail.com>> wrote:

It's very interesting to me the kinds of things people take for granted and go
a long time without ever being corrected, simply because the people who know
these things, think it's common knowledge.

For example, I had a conversation with a senior collab person once, who didn't
know that region bit rate settings were a ceiling, and that a lower bit rate
could be negotiated.

And as another example, Engineers who put ntp master on a router because they
think this makes the router an NTP server.

And as one last example, Engineers who use the ^ symbol at the beginning of a
Dial Peer destination pattern, not knowing that destination patterns are left
justified implicitly. Or alternatively, don't use the $ at the end,
effectively creating a "begins with" clause, when an "is exactly" clause is
desired.

Someone should start a thread titled: What is something you found out that you
were wrong about for a long time?

On Thu, Dec 20, 2018 at 1:14 PM Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

I’ll be honest. I didn’t know there was a difference.

I’m guessing a SIP trunk to a third party app that is reported as down due to
to sip option ping really is down and not some silly networking issue where an
icmp ping was failing.

This is good to know.

And the last thing I will learn this year. ;)

-sent from mobile device-

www.uoguelph.ca/ccs<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C5e8677a191d94d1bce6f08d666cfb1c5%7C84df9e7fe9f640afb435%7C1%7C0%7C636809439553495449=bRO8hJZou38mNuKyBtfDmkGP7bbak34a5%2FKkRw6Oinc%3D=0>
| @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Dec 20, 2018, at 1:01 PM, Anthony Holloway
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Erik,

That's an interesting insight. It kind of sounds like you think ICMP Ping and
SIP OPTIONS Ping are related, but they are completely different.

Just because you cannot ICMP Ping the SIP Peer at L3, doesn't mean you cannot
OPTIONs them.

Am I understanding your thought

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

Additionally, I’m not suggesting that ntp master x, is a valid way to serve NTP
to UCOS in a production sense, because as Anthony stated, the local clock
really isn’t a true NTPv4 server.

What I am saying is that in a DR/outage scenario, can be used to keep cluster
communications ... etc in sync, until you can sync to real NTP severs again.

Ideally, you are monitoring “things” in the network and are aware of the NTP
sync outage, or other event that caused the NTP sync outage (carrier failure
... etc).

However, as Anthony also mentioned, you must do the due diligence to make sure
the local clock remains a fallback, and is only promoted from association to
synchronization, if needed.

Sent from my iPhone

On Dec 20, 2018, at 18:17, Ryan Huff
mailto:ryanh...@outlook.com>> wrote:

Corrected sentence:

“CCM syncs to a local ntp master set at 2 just fine; yields the CCM pub at S3
and cluster subs at S4...”

Sent from my iPhone

On Dec 20, 2018, at 18:12, Ryan Huff
mailto:ryanh...@outlook.com>> wrote:

CCM syncs to a local ntp master set at 2 just fine; yields the CCM pub at S3
and cluster subs at S3...

Alternatively, if your router syncs to an S1, and CCM Pub subsequently sync’ed
to said router, you’ll find the CCM pub happily at S2 and the cluster subs then
at an S3. Works great actually.

Sent from my iPhone

On Dec 20, 2018, at 18:05, Anthony Holloway
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Nate,

Looks like we might not be able to have our cake and eat it too.

You must be referring to the following sentence from the CUCM
SRND<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2Fcucm%2Fsrnd%2Fcollab12%2Fcollab12%2Fnetstruc.html%23pgfId-1497943=02%7C01%7C%7Cd0b99f8e3a39490987a408d666d156bf%7C84df9e7fe9f640afb435%7C1%7C0%7C636809446622332644=4Nt3sjTKA9i8C%2BUldasGaflyWel8I0Xe%2Brb30wQadoY%3D=0>:

"Cisco highly recommends configuring the publisher to point to a Stratum-1,
Stratum-2, or Stratum-3 NTP server to ensure that the cluster time is
synchronized with an external time source."

On Thu, Dec 20, 2018 at 4:46 PM NateCCIE
mailto:natec...@gmail.com>> wrote:
I think the lowest cucm will use is a 3?

Sent from my iPhone

On Dec 20, 2018, at 3:35 PM, Anthony Holloway
mailto:avholloway+cisco-v...@gmail.com>> wrote:

I have never seen that done before. I like it!

Just be careful hard coding your stratum to a value of 2 all the time. Instead
it should be a relative value, higher than your reference clock. Or if you do
want a one-size-fits-all stratum, 14
maybe<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.ntp.org%2Fbin%2Fview%2FSupport%2FSelectingOffsiteNTPServers%23Section_5.3.5.=02%7C01%7C%7Cd0b99f8e3a39490987a408d666d156bf%7C84df9e7fe9f640afb435%7C1%7C0%7C636809446622332644=FXaGwkKPhFdDTU%2FKbP4nrrJrlJF6tNbF7ejvbrfogBI%3D=0>?

Thanks for sharing that tip Ryan!

Sent from my iPhone

On Dec 20, 2018, at 14:51, Anthony Holloway
mailto:avholloway+cisco-v...@gmail.com>> wrote:

It's very interesting to me the kinds of things people take for granted and go
a long time without ever being corrected, simply because the people who know
these things, think it's common knowledge.

For example, I had a conversation with a senior collab person once, who didn't
know that region bit rate settings were a ceiling, and that a lower bit rate
could be negotiated.

And as another example, Engineers who put ntp master on a router because they
think this makes the router an NTP server.

Someone should start a thread titled: What is something you found out that you
were wrong about for a long time?

On Thu, Dec 20, 2018 at 1:14 PM Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

I’ll be honest. I didn’t know there was a difference.

I’m guessing a SIP trunk to a third party app that is reported as down due to
to sip option ping really is down and not some silly networking issue where an
icmp ping was failing.

This is good to know.

And the last thing I will learn this year. ;)

-sent from m

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

I like ntp master 2 as a fallback, to allow synchronization with the local 
device clock in a DR/Outage scenario where I fail sync to the actual reference 
clock

Sent from my iPhone

On Dec 20, 2018, at 14:51, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

It's very interesting to me the kinds of things people take for granted and go 
a long time without ever being corrected, simply because the people who know 
these things, think it's common knowledge.

For example, I had a conversation with a senior collab person once, who didn't 
know that region bit rate settings were a ceiling, and that a lower bit rate 
could be negotiated.

And as another example, Engineers who put ntp master on a router because they 
think this makes the router an NTP server.

And as one last example, Engineers who use the ^ symbol at the beginning of a 
Dial Peer destination pattern, not knowing that destination patterns are left 
justified implicitly.  Or alternatively, don't use the $ at the end, 
effectively creating a "begins with" clause, when an "is exactly" clause is 
desired.

Someone should start a thread titled: What is something you found out that you 
were wrong about for a long time?

On Thu, Dec 20, 2018 at 1:14 PM Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’ll be honest. I didn’t know there was a difference.

I’m guessing a SIP trunk to a third party app that is reported as down due to 
to sip option ping really is down and not some silly networking issue where an 
icmp ping was failing.

This is good to know.

And the last thing I will learn this year. ;)



-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C10a7704d902d47a4bb2b08d666b49661%7C84df9e7fe9f640afb435%7C1%7C0%7C636809323128783040=GxQXEHhlPK1yANdvpNcSsoGGyv%2FCvHq5MUsKEzfp44w%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Dec 20, 2018, at 1:01 PM, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Erik,

That's an interesting insight.  It kind of sounds like you think ICMP Ping and 
SIP OPTIONS Ping are related, but they are completely different.

Just because you cannot ICMP Ping the SIP Peer at L3, doesn't mean you cannot 
OPTIONs them.

Am I understanding your thought process correctly?

On Thu, Dec 20, 2018 at 11:53 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:


Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional


From: Ryan Huff mailto:ryanh...@outlook.com>>
Sent: Thursday, December 20, 2018 12:46 PM
To: Erik Anderson
Subject: Re: [cisco-voip] SIP Fail over

Not sure what kind of code you're working with but if its modern, you could try 
server groups. Here is a snippet from one of mine (using AT admitidly), 
sanitized for the NSA ...

voice class server-group 100
 ipv4 12.x.x.x preference 1
 ipv4 12.x.x.x preference 2
 ipv4 12.x.x.x preference 3
 ipv4 12.x.x.x preference 1
 description PSTN SIGNALING PEERS
!
voice class server-group 200
 ipv4 10.x.x.x preference 3
 ipv4 10.x.x.x preference 1
 ipv4 10.x.x.x preference 2
 description CUCM SIGNALING PEERS
!
voice class sip-options-keepalive 100
 description PSTN HEARTBEAT
!
voice class sip-options-keepalive 200
 description CCM HEARTBEAT
!
{ .. other config .. }

dial-peer voice 100 voip
 description INGRESS/EGRESS WITH PSTN
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 100
 destination dpg 200
 incoming uri via PSTN
 voice-class codec 1
 voice-class sip options-ping 60
 voice-class sip profiles 100
 voice-class sip options-keepalive profile 100
 voice-class sip bind control source-interface 
 voice-class sip bind media source-interface 
 dtmf-relay rtp-nte sip-notify
 no vad
!
dial-peer voice 200 voip
 description INGRESS/EGRESS WITH CUCM
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 200
 destination dpg 100
 incoming uri via CUCM
 voice-class codec 1
 voice-class sip profiles 200
 voice-class sip options-keepalive profile 200
 voice-class sip bind control source-interface 
 voice-class sip bind media source-interface 
 dtmf-relay rtp-nte sip-notify
 no vad
!

Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional


From: Erik Anderson 
mailto:erik.anderson...@gmail.com>>
Sent: Thursday, December 20, 2018 12:37 PM
To: Ryan Huff
Subject: Re: [cisco-voip] SIP Fail over

Ryan,

Lev

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

I usually use 2, because I try to always sync  the router/device.. directly to 
a cesium clock, so 2 is less in that case, by one hop. However, you are correct 
in that the static stratum should be higher, so it doesn’t take priority :).

Sent from my iPhone

On Dec 20, 2018, at 17:35, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

I have never seen that done before.  I like it!

Just be careful hard coding your stratum to a value of 2 all the time.  Instead 
it should be a relative value, higher than your reference clock.  Or if you do 
want a one-size-fits-all stratum, 14 
maybe<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.ntp.org%2Fbin%2Fview%2FSupport%2FSelectingOffsiteNTPServers%23Section_5.3.5.=02%7C01%7C%7Ca0d22743c06d4dcc4c2108d666cb756e%7C84df9e7fe9f640afb435%7C1%7C0%7C636809421360392254=IaSfIWajhlaZcSn0wrAj0E6%2Fo6ZrQmWh9slkL%2Bf%2BAnE%3D=0>?

Thanks for sharing that tip Ryan!



On Thu, Dec 20, 2018 at 3:52 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
I like ntp master 2 as a fallback, to allow synchronization with the local 
device clock in a DR/Outage scenario where I fail sync to the actual reference 
clock

Sent from my iPhone

On Dec 20, 2018, at 14:51, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

It's very interesting to me the kinds of things people take for granted and go 
a long time without ever being corrected, simply because the people who know 
these things, think it's common knowledge.

For example, I had a conversation with a senior collab person once, who didn't 
know that region bit rate settings were a ceiling, and that a lower bit rate 
could be negotiated.

And as another example, Engineers who put ntp master on a router because they 
think this makes the router an NTP server.

And as one last example, Engineers who use the ^ symbol at the beginning of a 
Dial Peer destination pattern, not knowing that destination patterns are left 
justified implicitly.  Or alternatively, don't use the $ at the end, 
effectively creating a "begins with" clause, when an "is exactly" clause is 
desired.

Someone should start a thread titled: What is something you found out that you 
were wrong about for a long time?

On Thu, Dec 20, 2018 at 1:14 PM Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’ll be honest. I didn’t know there was a difference.

I’m guessing a SIP trunk to a third party app that is reported as down due to 
to sip option ping really is down and not some silly networking issue where an 
icmp ping was failing.

This is good to know.

And the last thing I will learn this year. ;)



-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7Ca0d22743c06d4dcc4c2108d666cb756e%7C84df9e7fe9f640afb435%7C1%7C0%7C636809421360392254=litLOUF4pv3RqP6%2FlQcsKVx6XlAoOvzUYG1oN2v%2F81k%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Dec 20, 2018, at 1:01 PM, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Erik,

That's an interesting insight.  It kind of sounds like you think ICMP Ping and 
SIP OPTIONS Ping are related, but they are completely different.

Just because you cannot ICMP Ping the SIP Peer at L3, doesn't mean you cannot 
OPTIONs them.

Am I understanding your thought process correctly?

On Thu, Dec 20, 2018 at 11:53 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:


Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional


From: Ryan Huff mailto:ryanh...@outlook.com>>
Sent: Thursday, December 20, 2018 12:46 PM
To: Erik Anderson
Subject: Re: [cisco-voip] SIP Fail over

Not sure what kind of code you're working with but if its modern, you could try 
server groups. Here is a snippet from one of mine (using AT admitidly), 
sanitized for the NSA ...

voice class server-group 100
 ipv4 12.x.x.x preference 1
 ipv4 12.x.x.x preference 2
 ipv4 12.x.x.x preference 3
 ipv4 12.x.x.x preference 1
 description PSTN SIGNALING PEERS
!
voice class server-group 200
 ipv4 10.x.x.x preference 3
 ipv4 10.x.x.x preference 1
 ipv4 10.x.x.x preference 2
 description CUCM SIGNALING PEERS
!
voice class sip-options-keepalive 100
 description PSTN HEARTBEAT
!
voice class sip-options-keepalive 200
 description CCM HEARTBEAT
!
{ .. other config .. }

dial-peer voice 100 voip
 description INGRESS/EGRESS WITH PSTN
 translation-profile outgoing PLUS1_STRIP
 huntstop
 destination-pattern A
 session protocol sipv2
 session server-group 100
 destination

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

Corrected sentence:

“CCM syncs to a local ntp master set at 2 just fine; yields the CCM pub at S3 
and cluster subs at S4...”

Sent from my iPhone

On Dec 20, 2018, at 18:12, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

CCM syncs to a local ntp master set at 2 just fine; yields the CCM pub at S3 
and cluster subs at S3...

Alternatively, if your router syncs to an S1, and CCM Pub subsequently sync’ed 
to said router, you’ll find the CCM pub happily at S2 and the cluster subs then 
at an S3. Works great actually.

Sent from my iPhone

On Dec 20, 2018, at 18:05, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Nate,

Good point.  Might be hard to finesse a fake stratum into the master command, 
without accidentally messing with the selection process.  Stratum number isn't 
the only criteria, and the process seems to be pretty complex.

Looks like we might not be able to have our cake and eat it too.

You must be referring to the following sentence from the CUCM 
SRND<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2Fcucm%2Fsrnd%2Fcollab12%2Fcollab12%2Fnetstruc.html%23pgfId-1497943=02%7C01%7C%7C5e8677a191d94d1bce6f08d666cfb1c5%7C84df9e7fe9f640afb435%7C1%7C0%7C636809439553495449=J42WNMq8Q8hA1KH28asEQpw2Qjt0rHjiXUJ61Ahhu9U%3D=0>:

"Cisco highly recommends configuring the publisher to point to a Stratum-1, 
Stratum-2, or Stratum-3 NTP server to ensure that the cluster time is 
synchronized with an external time source."







On Thu, Dec 20, 2018 at 4:46 PM NateCCIE 
mailto:natec...@gmail.com>> wrote:
I think the lowest cucm will use is a 3?

Sent from my iPhone

On Dec 20, 2018, at 3:35 PM, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

I have never seen that done before.  I like it!

Just be careful hard coding your stratum to a value of 2 all the time.  Instead 
it should be a relative value, higher than your reference clock.  Or if you do 
want a one-size-fits-all stratum, 14 
maybe<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.ntp.org%2Fbin%2Fview%2FSupport%2FSelectingOffsiteNTPServers%23Section_5.3.5.=02%7C01%7C%7C5e8677a191d94d1bce6f08d666cfb1c5%7C84df9e7fe9f640afb435%7C1%7C0%7C636809439553495449=JEd%2BRZotzTeLqrXcEx6rEzCjH1SKJhQkTfLzrS%2BEEPc%3D=0>?

Thanks for sharing that tip Ryan!



On Thu, Dec 20, 2018 at 3:52 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
I like ntp master 2 as a fallback, to allow synchronization with the local 
device clock in a DR/Outage scenario where I fail sync to the actual reference 
clock

Sent from my iPhone

On Dec 20, 2018, at 14:51, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

It's very interesting to me the kinds of things people take for granted and go 
a long time without ever being corrected, simply because the people who know 
these things, think it's common knowledge.

For example, I had a conversation with a senior collab person once, who didn't 
know that region bit rate settings were a ceiling, and that a lower bit rate 
could be negotiated.

And as another example, Engineers who put ntp master on a router because they 
think this makes the router an NTP server.

And as one last example, Engineers who use the ^ symbol at the beginning of a 
Dial Peer destination pattern, not knowing that destination patterns are left 
justified implicitly.  Or alternatively, don't use the $ at the end, 
effectively creating a "begins with" clause, when an "is exactly" clause is 
desired.

Someone should start a thread titled: What is something you found out that you 
were wrong about for a long time?

On Thu, Dec 20, 2018 at 1:14 PM Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’ll be honest. I didn’t know there was a difference.

I’m guessing a SIP trunk to a third party app that is reported as down due to 
to sip option ping really is down and not some silly networking issue where an 
icmp ping was failing.

This is good to know.

And the last thing I will learn this year. ;)



-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C5e8677a191d94d1bce6f08d666cfb1c5%7C84df9e7fe9f640afb435%7C1%7C0%7C636809439553495449=bRO8hJZou38mNuKyBtfDmkGP7bbak34a5%2FKkRw6Oinc%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Dec 20, 2018, at 1:01 PM, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Erik,

That's an interesting insight.  It kind of s

Re: [cisco-voip] SIP Fail over

2018-12-20 Thread Ryan Huff

I have got to stop sending these damn things from my phone ... "CCM pub happily 
at S3 and the cluster subs then at an S4. Works great actually." Now you can 
dump an S1 server right on CCM to get an S2 to CCM, but I'd never recommend 
doing that for a variety of reasons.

Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional


From: cisco-voip  on behalf of Ryan Huff 

Sent: Thursday, December 20, 2018 6:40 PM
To: Anthony Holloway
Cc: voyp list, cisco-voip
Subject: Re: [cisco-voip] SIP Fail over

Additionally, I’m not suggesting that ntp master x, is a valid way to serve NTP 
to UCOS in a production sense, because as Anthony stated, the local clock 
really isn’t a true NTPv4 server.

What I am saying is that in a DR/outage scenario, can be used to keep cluster 
communications ... etc in sync, until you can sync to real NTP severs again.

Ideally, you are monitoring “things” in the network and are aware of the NTP 
sync outage, or other event that caused the NTP sync outage (carrier failure 
... etc).

However, as Anthony also mentioned, you must do the due diligence to make sure 
the local clock remains a fallback, and is only promoted from association to 
synchronization, if needed.

Sent from my iPhone

On Dec 20, 2018, at 18:17, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

Corrected sentence:

“CCM syncs to a local ntp master set at 2 just fine; yields the CCM pub at S3 
and cluster subs at S4...”

Sent from my iPhone

On Dec 20, 2018, at 18:12, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

CCM syncs to a local ntp master set at 2 just fine; yields the CCM pub at S3 
and cluster subs at S3...

Alternatively, if your router syncs to an S1, and CCM Pub subsequently sync’ed 
to said router, you’ll find the CCM pub happily at S2 and the cluster subs then 
at an S3. Works great actually.

Sent from my iPhone

On Dec 20, 2018, at 18:05, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Nate,

Good point.  Might be hard to finesse a fake stratum into the master command, 
without accidentally messing with the selection process.  Stratum number isn't 
the only criteria, and the process seems to be pretty complex.

Looks like we might not be able to have our cake and eat it too.

You must be referring to the following sentence from the CUCM 
SRND<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2Fcucm%2Fsrnd%2Fcollab12%2Fcollab12%2Fnetstruc.html%23pgfId-1497943=02%7C01%7C%7C985c610b6d8f4ff34e8308d666d4a826%7C84df9e7fe9f640afb435%7C1%7C0%7C636809460872576811=XRyO%2Bgvxdz7QE1D1epZC1WvnltvqOMr3h9Q5wl7tcXw%3D=0>:

"Cisco highly recommends configuring the publisher to point to a Stratum-1, 
Stratum-2, or Stratum-3 NTP server to ensure that the cluster time is 
synchronized with an external time source."







On Thu, Dec 20, 2018 at 4:46 PM NateCCIE 
mailto:natec...@gmail.com>> wrote:
I think the lowest cucm will use is a 3?

Sent from my iPhone

On Dec 20, 2018, at 3:35 PM, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

I have never seen that done before.  I like it!

Just be careful hard coding your stratum to a value of 2 all the time.  Instead 
it should be a relative value, higher than your reference clock.  Or if you do 
want a one-size-fits-all stratum, 14 
maybe<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.ntp.org%2Fbin%2Fview%2FSupport%2FSelectingOffsiteNTPServers%23Section_5.3.5.=02%7C01%7C%7C985c610b6d8f4ff34e8308d666d4a826%7C84df9e7fe9f640afb435%7C1%7C0%7C636809460872576811=o1xXKg8B%2FW4fx3FdML3i77WU1mGaXs%2BnnasyEXVXbnA%3D=0>?

Thanks for sharing that tip Ryan!



On Thu, Dec 20, 2018 at 3:52 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
I like ntp master 2 as a fallback, to allow synchronization with the local 
device clock in a DR/Outage scenario where I fail sync to the actual reference 
clock

Sent from my iPhone

On Dec 20, 2018, at 14:51, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

It's very interesting to me the kinds of things people take for granted and go 
a long time without ever being corrected, simply because the people who know 
these things, think it's common knowledge.

For example, I had a conversation with a senior collab person once, who didn't 
know that region bit rate settings were a ceiling, and that a lower bit rate 
could be negotiated.

And as another example, Engineers who put ntp master on a router because they 
think this makes the router an NTP server.

And as one last example, Engineers who use the ^ symbol at the beginning of a 
Dial Peer destination pattern, not knowing that destination patterns are left 
justified implicitly.  Or alternatively, don't use the $ at the end, 
effectively creating a "begins with" clause, when an "is

Re: [cisco-voip] Recovering UCOS Passwords - Round 281

2018-12-05 Thread Ryan Huff

Send me the details Pete. I can test.

Sent from my iPhone

On Dec 5, 2018, at 13:33, Pete Brown mailto:j...@chykn.com>> 
wrote:

I'm sure some of you noticed, but earlier this year Cisco started releasing 
patches to kill off the last sanctioned method of getting to 
platformConfig.xml.  When you run "utils create report platform" on recent 
versions, it's no longer in the report.  Someone in Boxborough really knows how 
to put the "cus(s)" in "customers"!

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvh62145

I'm testing a new version of the UCOS Password Decrypter that acquires the file 
for you.  To use this feature, you enable remote support on your UCOS host then 
plug in the UCOS host IP, remote support user and remote support passphrase.  
The app decodes the passphrase, pulls the file via SSH and displays the 
passwords.

Need a few volunteers to test before I update the tools page.  If you're 
interested, let me know.  Would post a temp link here but I don't want yet 
another dead link floating around.

-Pete
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Cc6591add38944e8fed8a08d65ae02d7e%7C84df9e7fe9f640afb435%7C1%7C0%7C636796316207695746sdata=aFINnEM8VXBNwBku4hlmmr2Q8ofBceYG06jexG40fDU%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Application Dial Rules equivalent for SIP URI dialing devices?

2018-11-22 Thread Ryan Huff

SIP Route patterns come to mind; you’d have to get creative with RegEx to
create more specific matches for the shortened numbers though and it won’t
scale well.

If you’re looking for true SIP transformation behaviors, you’ll probably need
the assistance of a SIP proxy; VCS comes to mind. Send the dial up to VCS,
match & transform and then match the transformed dial to the CUCM neighbor.
This is the same way you’d do an internal video call between two clusters using
VCS, except in this case your calling and called cluster is the same.

I believe that technique requires a non-traversal license for each call and a
think it used to be free on VCS, though I must say I have not tried it recently
and that may no longer be the case.

Sent from my iPhone

On Nov 22, 2018, at 19:41, Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

OK – more CE 9.4 fun.

We have a legacy issue that we use Application Dial Rules to get around when
using Jabber, but it seems that V/C units that dial a full URI regardless of DN
entered don’t use these rules.

For example, the directory lookup shows lelio’s telephone number as
+1-519-824-4120 x56354. The Application Dial rule finds and strips out
everything before my extension and it works. Wow!

But my SX20 dials the whole string
+1519824412056...@acme.com

I want to be able to strip out the beginning and dial just
56...@acme.com

What options do I have?

www.uoguelph.ca/ccs
| @UofGCCS on Instagram, Twitter and Facebook

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C2e30a1d14d13474b582e08d650dc65a4%7C84df9e7fe9f640afb435%7C1%7C0%7C636785304855591186sdata=RznavzplOSeXOogU2YEObEo8YB7CSUWHpqBFLatN5SQ%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Best Practice or Way to bulk update Caller ID

2018-11-26 Thread Ryan Huff

Hi Sam,


I'm assuming (since you said Caller ID), that you are referring to "Display 
(Caller ID)" and the older, "ASCII Display (Caller ID)" fields. You can bulk 
update these fields by first, exporting the phones through, "Bulk 
Administration > Phones > Export Phones > All Details". After selecting that 
menu navigation, you'll have the familiar GUI based query tool that will allow 
you to specify search limit and qualifier clauses, for the number of phones you 
wish to export.


Once you have the resulting export file downloaded, I would typically use MS 
Excel (or some other type of comma deliminated parser) to open the file. Once 
opened, find the Display (Caller ID) field and adjust as desired for each 
phone. If you wish to concatenate the the FN and LN of the user into this 
field, you'll need to use some "script magic" (Python, PHP, Perl, Bash ... etc) 
or good old fashioned copy/paste elbow grease to compile this info from 
elsewhere in the spreadsheet; assuming such data exists for the line on another 
column within the same row; phone description, line description ... etc.


All this to bring me to a closing thought, which is to verify your 
understanding that this would only affect internal (onnet) Caller ID and not 
what is presented to a called party over the PSTN. Caller ID (ANI) presented on 
the PSTN is the job of a), your carrier to enter the correct data into the ANI 
ALI database and B), the called party's carrier to perform the appropriate CNAM 
dip into the ANI ALI database and ultimately present the characters to the 
called party's device in the appropriate facility / contact header.


Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional



From: cisco-voip  on behalf of Sam Jones 

Sent: Monday, November 26, 2018 5:08 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Best Practice or Way to bulk update Caller ID


I am looking for the fastest way to update the Caller ID across all our 
directory numbers with the first and last name of users synchronized from 
Active Directory.
I cannot find a how to do this:
automagically with a synchronization from Active Directory
Or
through Bulk Administration

Any guidance to how I can accomplish this is appreciated.


Sam Jones
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Exchange Hybrid - presence gateway

2019-01-08 Thread Ryan Huff

Dose your scenario fit any of the following:

A.) The mailbox for the user could not be found because the email address is 
not correct (spelled wrong.. etc)?

B.) The email address is for a distribution group, which is not a true mailbox?

C.) The mailbox is configured to use an Exchange Online profile but the user's 
mailbox is located in Exchange on-premises?

A is correctable, but o365 unified messaging in Unity Connection with B or C 
won’t work.

-Ryan

> On Jan 8, 2019, at 17:37, Erick Wellnitz  wrote:
> 
> The SMTP address has no mailbox associated with it.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUBE setup to Centurylink SIP Trunk

2018-09-12 Thread Ryan Huff

While functionally, yes, you are correct; the media address does not need to be 
in the SIP ACL. However, and this is mostly from my experience, that in doing 
so, adds a measure of resiliency without a significant security or performance 
risk should something change.

This experience mostly comes from dealing with small regional CLECs that tend 
to, "do whatever the hell they want" and may switch signaling/media ..etc. 
Granted, a bigger carrier like CenturyLink is highly unlikely to do something 
like that or at least without a decent amount of notification.

Thanks,

Ryan

From: NateCCIE 
Sent: Wednesday, September 12, 2018 9:54 PM
To: 'Ryan Huff'; 'Jason Aarons (Americas)'; 'cisco-voip'
Subject: RE: [cisco-voip] CUBE setup to Centurylink SIP Trunk


I don’t see any reason to include the media address in the trusted list.  That 
would be like including all IP phones in the trusted list.



A lot of the time I only route specific IPs to the outside next hop, as a 
security measure.  If they didn’t indicate where the media was coming from, it 
would be easy to miss that and get one way audio.



And centurylink has many SIP plaforms, the registration one with multi-tennant 
configs for dual registration is the Broadsoft platform, the sonos platform 
isn’t adding new customers, and then there is the IP TollFree/LD, that one is 
still current and doesn’t require registration.  There also are at least two 
Level3 platforms that are now “centurylink”



Thanks,

-Nate



From: cisco-voip  On Behalf Of Ryan Huff
Sent: Wednesday, September 12, 2018 7:31 PM
To: Jason Aarons (Americas) ; cisco-voip 
(cisco-voip@puck.nether.net) 
Subject: Re: [cisco-voip] CUBE setup to Centurylink SIP Trunk



Target the signaling address in your dial peers, the media address will be 
advertised in the SDP. Make sure to include both in your IP Trusted List ACL 
(under the voice service voip configuration) as well as any CUCM signaling 
nodes that are not directly targeted by a dial-peer (but I typically add all 
the nodes in regardless, just as a measure of safety).



Thanks,



Ryan



From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Jason Aarons (Americas) 
mailto:jason.aar...@dimensiondata.com>>
Sent: Wednesday, September 12, 2018 8:37 PM
To: cisco-voip (cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>)
Subject: [cisco-voip] CUBE setup to Centurylink SIP Trunk





I have a new CenturyLink SIP Service.  CenturyLink said it is new and doesn't 
match the Cisco guides.  (No more of the funky registrar and fixup headers via 
SIP profiles!)



In short in CUBE they want me to send calls to them per these settings;

SIP Signaling IP 6.6.156.245:5060

RTP IP 6.6.156.244

I'm just drawing a blank on how to setup CUBE to send SIP signaling requests to 
CenturyLink with different Signaling and RTP destination addresses.  Don't I 
just send session target ipv4:X.X.156.245:5060 and the SDP takes care of the 
RTP negotiation part?  Do I really care in my CUBE what their RTP address is?





-jason




This email and all contents are subject to the following disclaimer:
"http://www.dimensiondata.com/emaildisclaimer;<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Feur04.safelinks.protection.outlook.com%2F%3Furl%3Dhttp%253A%252F%252Fwww.dimensiondata.com%252FGlobal%252FPolicies%252FPages%252FEmail-Disclaimer.aspx%26data%3D02%257C01%257C%257Cce21fa3547064a9bd8a008d619112c06%257C84df9e7fe9f640afb435%257C1%257C0%257C636723958879576925%26sdata%3D2PDRGixdvFatDGAD1sCQrYgXUKSWNBa3LSzCbk7wYJQ%253D%26reserved%3D0=02%7C01%7C%7Cc2c08ca28d6a4d39cff208d6191bca6f%7C84df9e7fe9f640afb435%7C1%7C0%7C636724004485171057=wWlL90U9dsyW%2FQEbY1aKfwn33Cc6Z7J8feMe7zykNso%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUBE setup to Centurylink SIP Trunk

2018-09-12 Thread Ryan Huff

Target the signaling address in your dial peers, the media address will be 
advertised in the SDP. Make sure to include both in your IP Trusted List ACL 
(under the voice service voip configuration) as well as any CUCM signaling 
nodes that are not directly targeted by a dial-peer (but I typically add all 
the nodes in regardless, just as a measure of safety).

Thanks,

Ryan

From: cisco-voip  on behalf of Jason Aarons 
(Americas) 
Sent: Wednesday, September 12, 2018 8:37 PM
To: cisco-voip (cisco-voip@puck.nether.net)
Subject: [cisco-voip] CUBE setup to Centurylink SIP Trunk




I have a new CenturyLink SIP Service.  CenturyLink said it is new and doesn't 
match the Cisco guides.  (No more of the funky registrar and fixup headers via 
SIP profiles!)



In short in CUBE they want me to send calls to them per these settings;

SIP Signaling IP 6.6.156.245:5060

RTP IP 6.6.156.244

I'm just drawing a blank on how to setup CUBE to send SIP signaling requests to 
CenturyLink with different Signaling and RTP destination addresses.  Don't I 
just send session target ipv4:X.X.156.245:5060 and the SDP takes care of the 
RTP negotiation part?  Do I really care in my CUBE what their RTP address is?





-jason




This email and all contents are subject to the following disclaimer:
"http://www.dimensiondata.com/emaildisclaimer;
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Cisco ATA Devices need reset

2018-09-19 Thread Ryan Huff

Back in they day with the older 186 & 187s, there was this issue where the ATA 
would lose registration if the second/other port was not configured with a DN.

If that is the case, try and configure the other port and see if that improves 
your experience.

It looks like someone has reported a similar ATA issue for the ATA190, but not 
much detail included with this bug report: 
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk29369/?rfs=iqvred

Also, and I can’t recall the bug kit number, there used to be this issue with 
ATAs using the default Common Phone Profile setting; if you changed it to 
anything but whatever the default was, it improved the condition.

Thanks,

Ryan

On Sep 19, 2018, at 04:38, Gary Parker 
mailto:g.j.par...@lboro.ac.uk>> wrote:



On 18 Sep 2018, at 20:27, Lisa Notarianni 
mailto:lisa.notaria...@scranton.edu>> wrote:

Does anyone else out there ever have to do a hard reset on Cisco ATA devices 
because all of a sudden the ports are not registered in Call Manager?  We have 
a few buildings this happens often in.  We have to walk to the device and reset 
it.  This happens for any type of ATA we use; 186, 187 or 190.

Yup, we’re running 186s and 187s and had this constantly until I put a 
scheduled job on on the callmanager to restart all of them every Sunday morning 
at 3am. The weekly restart sorted the problem.

---
/-Gary Parker--f--\
| Unified Communications Service Manager  |
n  Loughborough University, IT Services   |
| tel:+441509635635 sip:g...@lboro.ac.uk  o
|
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.osx.ninja%2Fpubkey.txtdata=02%7C01%7C%7C90cd93946e1a4a80ad4408d61e0b4186%7C84df9e7fe9f640afb435%7C1%7C0%7C636729431018180903sdata=SkkPb4INXXst72pj5pzQp%2FeQkwuAJhuxtHkUa1a%2BBvk%3Dreserved=0
 |
\r--d-/

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C90cd93946e1a4a80ad4408d61e0b4186%7C84df9e7fe9f640afb435%7C1%7C0%7C636729431018180903sdata=C8uQuX%2FMX%2Bk1aZ%2F7floI7dn9eVzE6yTE3wgxhWsKPAM%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Expressway Search Rules - Source:Any -or- Source-Named Zone

2018-09-13 Thread Ryan Huff

Pardon ... “the E’s search rule” ... I said traversal zone. Email needs a 
delete like WebEx Teams ...

Sent from my iPhone

On Sep 13, 2018, at 11:53, Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

The source for the E’s traversal zone only needs to be ‘ANY’, if it truly needs 
to be. I’ve deployed several scenarios where the business only wanted to 
receive B2B calls from other things on it’s own domain (or a few domains strung 
together in Regex).

Also, using the Call Policy engine (under the Configuration menu) or the more 
in depth CPL (Call Processing Language) is a great way to block obviously 
fraudulent dials by source, target or zone (Ex. source URI: deny 
cl...@nose.com<mailto:cl...@nose.com>).

I prefer to use the standard Call Policy rules in the GUI  which is more 
akin to a prioritized Allow / Deny ACL.

CPL on the other hand (located in the same GUI menu section) is a more robust 
way of using call policies and is really only needed for advanced Call handling.

Call Processing Language is referenced on page 324: 
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-11.pdf<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2Fexpressway%2Fadmin_guide%2FCisco-Expressway-Administrator-Guide-X8-11.pdf=02%7C01%7C%7C3f8b4ba419f64dbbdc0e08d619910237%7C84df9e7fe9f640afb435%7C1%7C0%7C636724507923515580=NeldWVTphyDQ9YlAwTUf1uxQgZZ0Ce80X6G0pssBf4Y%3D=0>

Call Policy is referenced on page 168: 
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-11.pdf<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2Fexpressway%2Fadmin_guide%2FCisco-Expressway-Administrator-Guide-X8-11.pdf=02%7C01%7C%7C3f8b4ba419f64dbbdc0e08d619910237%7C84df9e7fe9f640afb435%7C1%7C0%7C636724507923515580=NeldWVTphyDQ9YlAwTUf1uxQgZZ0Ce80X6G0pssBf4Y%3D=0>

The Firewall rules are useful for only allowing  administrative services to a 
particular subnet (System / Protection / Firewall Rules) if you need to leave 
HTTPS and SSH exposed to a non secure network (this is less about toll fraud 
than it is general security).

The firewall rules are referenced on page 28: 
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-11.pdf<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2Fexpressway%2Fadmin_guide%2FCisco-Expressway-Administrator-Guide-X8-11.pdf=02%7C01%7C%7C3f8b4ba419f64dbbdc0e08d619910237%7C84df9e7fe9f640afb435%7C1%7C0%7C636724507923515580=NeldWVTphyDQ9YlAwTUf1uxQgZZ0Ce80X6G0pssBf4Y%3D=0>

As with any system exposed to the Internet, turn off any services and protocols 
not in use (Ex. Turn off UDP support if you’re not using it ... etc).

Thanks,

Ryan

On Sep 13, 2018, at 11:12, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


Curious – what are people doing with their search rules? I’ve got a search rule 
for calls coming from the ‘net into E and then to C all good, but just 
wondering, I know the search rule on E has to be source:ANY because it’s coming 
from the net, but what about the search rule on C? Shouldn’t it be source:named 
zone (and pick C-to-E traversal zone) to be sure that nothing else hits it?

Same goes for say rules that I use to send calls all the way from CUCM to C to 
E to DNS Zone. Shouldn’t my rules be as specifically configured as possible? 
Including the source zone?

I understand that if I start registering devices on either the C or E I will 
need to create additional rules, but I’m fine with that, that way I know 
exactly what’s going to hit.

What are others doing? What’s the best practice?


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C308d306aa7304a99862d08d6198b5f80%7C84df9e7fe9f640afb435%7C1%7C0%7C636724483721747900=PcG0pzWOqlGi%2FZSWYRBV75zlCq0aXpYiJdoLn62bqrI%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook



___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C308d306aa7304a99862d08d6198b5f80%7C84df9e7fe9f640afb435%7C1%7C0%7C636724483721747900sdata=xBfVzgyQ2V610hNW94%2BivvkD7BWXVdzEElfonKucDaU%3Dreserved=0

Re: [cisco-voip] Expressway Search Rules - Source:Any -or- Source-Named Zone

2018-09-13 Thread Ryan Huff

The source for the E’s traversal zone only needs to be ‘ANY’, if it truly needs
to be. I’ve deployed several scenarios where the business only wanted to
receive B2B calls from other things on it’s own domain (or a few domains strung
together in Regex).

Also, using the Call Policy engine (under the Configuration menu) or the more
in depth CPL (Call Processing Language) is a great way to block obviously
fraudulent dials by source, target or zone (Ex. source URI: deny
cl...@nose.com).

I prefer to use the standard Call Policy rules in the GUI which is more
akin to a prioritized Allow / Deny ACL.

CPL on the other hand (located in the same GUI menu section) is a more robust
way of using call policies and is really only needed for advanced Call handling.

Call Processing Language is referenced on page 324:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-11.pdf

Call Policy is referenced on page 168:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-11.pdf

The Firewall rules are useful for only allowing administrative services to a
particular subnet (System / Protection / Firewall Rules) if you need to leave
HTTPS and SSH exposed to a non secure network (this is less about toll fraud
than it is general security).

The firewall rules are referenced on page 28:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-11.pdf

As with any system exposed to the Internet, turn off any services and protocols
not in use (Ex. Turn off UDP support if you’re not using it ... etc).

Thanks,

Ryan

On Sep 13, 2018, at 11:12, Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

Curious – what are people doing with their search rules? I’ve got a search rule
for calls coming from the ‘net into E and then to C all good, but just
wondering, I know the search rule on E has to be source:ANY because it’s coming
from the net, but what about the search rule on C? Shouldn’t it be source:named
zone (and pick C-to-E traversal zone) to be sure that nothing else hits it?

Same goes for say rules that I use to send calls all the way from CUCM to C to
E to DNS Zone. Shouldn’t my rules be as specifically configured as possible?
Including the source zone?

I understand that if I start registering devices on either the C or E I will
need to create additional rules, but I’m fine with that, that way I know
exactly what’s going to hit.

What are others doing? What’s the best practice?

www.uoguelph.ca/ccs
| @UofGCCS on Instagram, Twitter and Facebook

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C308d306aa7304a99862d08d6198b5f80%7C84df9e7fe9f640afb435%7C1%7C0%7C636724483721747900sdata=xBfVzgyQ2V610hNW94%2BivvkD7BWXVdzEElfonKucDaU%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] A plugin for those using Observium to monitor UC gear..

2019-02-26 Thread Ryan Huff

Yup, I have Observium way too finely tuned to this customer’s network to even 
consider a change, lol. It is running Netflow collectors,  SLA responders... 
all sorts of crazy things :)

I have Liberated NMS running for another customer and it works well too!

Libre and Observium do not, in my opinion, have any significant differences 
over the other (a nod to Observium’s paid support package). If anything, I’d 
say Libre installs quicker, but I’d look to Observium for anything 
“enterprise-level”.

Sent from my iPhone

> On Feb 26, 2019, at 22:25, James Andrewartha  
> wrote:
> 
> LibreNMS (a fork of the last GPL version of Observium) has native
> alerting support for Cisco Spark, which I assume the API still works for
> Webex Teams - 
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.librenms.org%2FAlerting%2FTransports%2F%23cisco-sparkdata=02%7C01%7C%7C434180b73dc140f13d2a08d69c6329f4%7C84df9e7fe9f640afb435%7C1%7C0%7C636868347047202983sdata=7x8kStOxIHPabVZvSY4SjX9o%2F5KaLGkvdC9xeJCK0Fs%3Dreserved=0
> 
>> On 27/02/19 03:54, Ryan Huff wrote:
>> Hey folks, thought I'd share with the community as I recently had a need
>> that build the tool for, and thought others might benefit too. If you
>> use Observium 
>> (https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fobservium.orgdata=02%7C01%7C%7C434180b73dc140f13d2a08d69c6329f4%7C84df9e7fe9f640afb435%7C1%7C0%7C636868347047213000sdata=eNcD0hTDGEab1rES7q78aiTMZDvfbtFTa0%2BVgocYOaQ%3Dreserved=0)
>>  as an NMS to monitor UC/Network
>> gear, you may find this to be interesting:
>> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fryanthuff%2FObservium_Webex_Notifierdata=02%7C01%7C%7C434180b73dc140f13d2a08d69c6329f4%7C84df9e7fe9f640afb435%7C1%7C0%7C636868347047213000sdata=zC8K7WW04GIWa4zzD84hzrDbCgHmo28Cktkf6NXjhLA%3Dreserved=0
>> 
>> Its a script that an Observium webhook contact can make JSON post to,
>> and then in turn, make a JSON post of the alert details to a Cisco Webex
>> Teams space. The instructions are pretty clear and found in the
>> README.md. I just run the script on-box in the Observium web path
>> (.../html/...) somewhere, then just use that URL for the OBS contact
>> Webhook. I have been using for awhile and it works really well thus far.
> -- 
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C434180b73dc140f13d2a08d69c6329f4%7C84df9e7fe9f640afb435%7C1%7C0%7C636868347047213000sdata=6gt5YknzI2djW1VLGzTGHR6tNmI1nVAjgnSn6GbS%2FI4%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] A plugin for those using Observium to monitor UC gear..

2019-02-26 Thread Ryan Huff

Hey folks, thought I'd share with the community as I recently had a need that 
build the tool for, and thought others might benefit too. If you use Observium 
(http://observium.org) as an NMS to monitor UC/Network gear, you may find this 
to be interesting: https://github.com/ryanthuff/Observium_Webex_Notifier

Its a script that an Observium webhook contact can make JSON post to, and then 
in turn, make a JSON post of the alert details to a Cisco Webex Teams space. 
The instructions are pretty clear and found in the README.md. I just run the 
script on-box in the Observium web path (.../html/...) somewhere, then just use 
that URL for the OBS contact Webhook. I have been using for awhile and it works 
really well thus far.

Thanks,

Ryan

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Persistent Chat

2019-02-11 Thread Ryan Huff

Erick,

Here is a web front end I wrote for the compliance dB.

If you’re handy with PHP, you could add a delete / prune function fairly easy. 
Or perhaps the easier thing in your case, is to just reverse engineer the 
script and grab the queries and pass those along to your customer’s SQL admin..

https://github.com/ryanthuff/cpimdb

Thanks,

Ryan

On Feb 11, 2019, at 12:12, Erick Wellnitz 
mailto:ewellnitzv...@gmail.com>> wrote:

All,

With the introduction of WebEx Teams the request for persistent chat isn't so 
common anymore.

I have a client asking about it and how we can limit how long messages are kept 
in persistent chat.

I can't find a native way to do that but was thinking if IM doesn't 
index the database independently an SQL admin could write a procedure to remove 
entries older than x days.

Any thoughts?
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C2b67cd6f5d7645b6c0b708d690441c0d%7C84df9e7fe9f640afb435%7C1%7C0%7C636855019531078048sdata=WrSYf4cMpHsD58ply1flv97JYCmOpZxW2uwkWDmfffY%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] 12.5(1) dropped

2019-01-25 Thread Ryan Huff

For lab purposes, you can make your own bootable image. That’s what I did for 
my 12.5 lab that I built. I deployed 11.5, then upgraded to 12.5 to observe any 
issues that I encountered.

Sent from my iPhone

On Jan 25, 2019, at 07:33, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


CCO has 12.5(1) non-bootable iso upgrade from 12.0 available as of Jan 22.

I was reading that PUT access for bootable and upgrade from v11(?) is delayed 
but will be available soon.




-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Cc58eb463070044c0d22708d682c14555%7C84df9e7fe9f640afb435%7C1%7C0%7C636840163931929820sdata=OSRMjiGoidwSTRKG83sUBoElb7I67KmJoMRigP3Xd9A%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] One of the silliest bugs ever

2019-04-15 Thread Ryan Huff

This is just crazy...

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh72242

-Ryan
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] PUT Tool Bootables - what version?

2019-05-15 Thread Ryan Huff

The checksum is written to the OS. I’ve heard tell from the old country of a 
TAC agent using it as a way out of an otherwise entitled case.

If you inject a boot table from a RedHat image into a Redhat image, there isn’t 
any functional difference.

I would not inject a boot table from a RedHat into a CentOS based image though  
;).

-Ryan

On May 15, 2019, at 17:26, Charles Goldsmith 
mailto:wo...@justfamily.org>> wrote:

I don't know how true this is, but years ago I was told that when you do an 
install, that the md5sum of the iso is written out in the install, so that TAC 
can tell if it's a legit image that is used to do the installation.

However, at least once on a TAC supplied iso that I've gotten a failure on the 
"check installation media" portion of the install.  When I asked TAC about it, 
they told me to ignore and proceed with the install.  My guess is that the 
particular ISO I had didn't have the correct md5 on it.

Others have installed just fine that I've received from them.

Take that for what it's worth.

Btw, you don't need to use Ultra ISO to make an iso bootable, linux tools can 
do the same thing.  Doesn't cost an Ultra ISO license and you don't have to 
download the ISO to your desktop and then upload it.  Not always feasible when 
doing things remotely.  Not that I've ever made an ISO for a customer, just 
saying :)


On Wed, May 15, 2019 at 3:01 PM Evgeny Izetov 
mailto:eize...@gmail.com>> wrote:
I wonder if TAC also gave up - UltraISO'd it themselves and forgot to add 
Bootable_ :-)

On Wed, May 15, 2019 at 3:46 PM Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:
I remember when it used to as simple as “format /s”

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On May 15, 2019, at 3:22 PM, Charles Goldsmith 
mailto:wo...@justfamily.org>> wrote:

It's not.  And just in case they changed things, I went and downloaded the 
latest 12.0 and 12.5 of both CUCM and CUC and none of them have the bootable 
part of the ISO.

Simply renaming a file doesn't make it bootable :)


On Wed, May 15, 2019 at 1:36 PM Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>> 
wrote:
That.  Can't.  Be.  True.  Right?  If so, Brian Meade has been wasting his time 
with UltraISO.

On Wed, May 15, 2019 at 1:26 PM Evgeny Izetov 
mailto:eize...@gmail.com>> wrote:
That's good to know. Was it 12.x or 11.x?

On Wed, May 15, 2019 at 2:19 PM Haas, Neal 
mailto:nh...@fresnocountyca.gov>> wrote:
I had a TAC Call last week, they told me to add BOOTABLE to the name (in front) 
and that was it. They said all ISO’s are now bootable with the name change…..







From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Evgeny Izetov
Sent: Wednesday, May 15, 2019 11:17 AM
To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>
Cc: voyp list, cisco-voip 
(cisco-voip@puck.nether.net) 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] PUT Tool Bootables - what version?

Yeah, CUPS has always been bootable.. CUCM/CUC/CER are still not

So, what is the proper way to obtaining bootable iso's now? Let's say a CUCM 
11.5 SU6 needs to be reinstalled, and there's no bootable because it was 
upgraded from an earlier SU. PUT does not have bootable SU6 and neither does 
Enterprise Agreement. Is TAC the only way to get the bootable for a specific 
SU? I believe there used to be a time when everyone was advised that TAC is not 
able to provide bootables?

On Wed, May 15, 2019 at 12:18 PM Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

Same with CUPS if I’m not mistaken.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook



From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Charles Goldsmith
Sent: Wednesday, May 15, 2019 12:09 PM
To: Evgeny Izetov mailto:eize...@gmail.com>>
Cc: voyp list, cisco-voip

Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via local PSTN

2019-05-15 Thread Ryan Huff

You’ll need a specific Webex DNS zone and the traversal trunk really just needs
to support pre-loaded route headers and SIP parameter preservation (those are
the most significant differences over the traversal / neighbor zone you might
have setup for B2B).

It’s a simple enough configuration, but there are a few more moving parts than
what the marketing may lead one to believe. Here is the configuration
documentation:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/callservices/cmgt_b_ciscospark-hybrid-call-service-config-guide.html

Oh and don’t forget to enable MTLS on the edge and also be aware the ControlHub
now requires CCM 11.5.1SU3 or better (it detects CCM version via call connector
on Exp-C). It wouldn’t allow you to enable hybrid calling on cloud registered
devices otherwise.

You can technically still get away using Expressway 8.11.4, but that’ll soon be
a deprecated version for hybrid calling (you’ll get an alarm about it), so
might as well go to 12.5.2 and be done with it.

BTW, if you try to upgrade an 8.x Expressway to 12.5.x, you will interact with
GLO for the 12.x release key (can’t do it from the self service portal because
the existing 8.x virtual license is already associated to a PAK and GLO has to
invalidate that relationship first, then hash your new keys to 12.5.x).

Good Luck!

- Ryan

On May 15, 2019, at 18:42, Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

Very good question. From what I understand, there’s a special traversal link
built and it’s all “built-in” and uses the CSS of the remote destination or
something like that.

I’ve read absolutely zero docs about this. This is all based on a quick convo I
had. I had the same worries and if I recall correctly, my worries were somewhat
alleviated.

However, that being said, there is only one template in control hub, so if your
user needs a different setup on their remote destination (or something like
that) you need to go make a manual change.

It’s sorta like how there’s only one licensing template in control hub for new
users. We’re gonna struggle with that. We might have to engage (professional)
services which make uses of APIs to assign different services for different
users in webex. But I digress.

-sent from mobile device-

www.uoguelph.ca/ccs
| @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On May 15, 2019, at 5:20 PM, Jonathan Charles
mailto:jonv...@gmail.com>> wrote:

Enabling Cisco hybrid call and routing calls to the PSTN using local gateway
(via Expressway C/E pair).

What search rules do we need on the E and C?

How do we prevent toll fraud if we have E.164 patterns inbound on our
Expressways?

Am I being paranoid?

Jonathan
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C5b817b962f3e419f017508d6d986a8fe%7C84df9e7fe9f640afb435%7C1%7C0%7C636935569711652307sdata=UCJB8OKg5UlpRWHaTtp6Y2AJNzpfh6NmVWdejkBYmDI%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via local PSTN

2019-05-15 Thread Ryan Huff

This is Webex Hybrid Calling (which was formerly Spark Hybrid calling). Whether 
you configure for cloud registered codec devices, or Webex Teams clients, both 
use cases use the same configuration path / scenario to enable PSTN call via 
CUCM.

Sent from my iPhone

On May 15, 2019, at 22:08, Tim Smith 
mailto:tim.sm...@enject.com.au>> wrote:

Hey guys,

I think this one has changed a little.
We did “Spark hybrid calling” for one customer with the Spark RD devices in CUCM
Honestly, the experience was a little confusing.

I think the new direction is going to be the WebEx Calling via CUCM (it’s in 
preview mode still)
https://help.webex.com/en-us/n15ylys/Explore-Calling-in-Cisco-Webex-Teams-Unified-CM<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.webex.com%2Fen-us%2Fn15ylys%2FExplore-Calling-in-Cisco-Webex-Teams-Unified-CM=02%7C01%7C%7C3415229c927c4735729d08d6d9a36719%7C84df9e7fe9f640afb435%7C1%7C0%7C636935693163773518=mKiI9NZtHIy0acs0DrBHnhydCAT10YX9AQVHXWqGH%2BA%3D=0>

It’s not parity with the Hybrid Calling yet. (i.e. I think it’s only desktop)
Either way, I’d check out all the details first.

If you are not already on there, make sure you are on the Fabian bot in WebEx 
teams. (Not sure if it’s partners only)
These hybrid features are really starting to rock and roll now.

Cheers,

Tim

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Jonathan Charles mailto:jonv...@gmail.com>>
Date: Thursday, 16 May 2019 at 9:30 am
To: Ryan Huff mailto:ryanh...@outlook.com>>
Cc: "cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>" 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via 
local PSTN

Thanks!... looks like I have some more reading to do... so how does it prevent 
anyone from sending a pstn number to my expressway? How does it authenticate 
the Webex devices to pass calls to CUCM for?

Customer has enterprise licensing, so they should be able to do whatever they 
want...


Jonathan



On Wed, May 15, 2019 at 6:16 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
You’ll need a specific Webex DNS zone and the traversal trunk really just needs 
to support pre-loaded route headers and SIP parameter preservation (those are 
the most significant differences over the traversal / neighbor zone you might 
have setup for B2B).

It’s a simple enough configuration, but there are a few more moving parts than 
what the marketing may lead one to believe. Here is the configuration 
documentation: 
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/callservices/cmgt_b_ciscospark-hybrid-call-service-config-guide.html<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2FcloudCollaboration%2Fspark%2Fhybridservices%2Fcallservices%2Fcmgt_b_ciscospark-hybrid-call-service-config-guide.html=02%7C01%7C%7C3415229c927c4735729d08d6d9a36719%7C84df9e7fe9f640afb435%7C1%7C0%7C636935693163783529=rhoOV7yB%2FqTM7xjIPec0dXyzQ29ijSvsGME7RUenYxE%3D=0>

Oh and don’t forget to enable MTLS on the edge and also be aware the ControlHub 
now requires CCM 11.5.1SU3 or better (it detects CCM version via call connector 
on Exp-C). It wouldn’t allow you to enable hybrid calling on cloud registered 
devices otherwise.

You can technically still get away using Expressway 8.11.4, but that’ll soon be 
a deprecated version for hybrid calling (you’ll get an alarm about it), so 
might as well go to 12.5.2 and be done with it.

BTW, if you try to upgrade an 8.x Expressway to 12.5.x, you will interact with 
GLO for the 12.x release key (can’t do it from the self service portal because 
the existing 8.x virtual license is already associated to a PAK and GLO has to 
invalidate that relationship first, then hash your new keys to 12.5.x).

Good Luck!

- Ryan

On May 15, 2019, at 18:42, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

Very good question. From what I understand, there’s a special traversal link 
built and it’s all “built-in” and uses the CSS of the remote destination or 
something like that.

I’ve read absolutely zero docs about this. This is all based on a quick convo I 
had. I had the same worries and if I recall correctly, my worries were somewhat 
alleviated.

However, that being said, there is only one template in control hub, so if your 
user needs a different setup on their remote destination (or something like 
that) you need to go make a manual change.

It’s sorta like how there’s only one licensing template in control hub for new 
users. We’re gonna struggle with that. We might have to engage (professional) 
services which make uses of APIs to assign different services for different 
users in webex. But I digress.

-sent from mobile device-


Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Service

Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via local PSTN

2019-05-15 Thread Ryan Huff

Inbound Flow (PSTN user calls user’s DID):

GW > CCM > (per userWebex Hybrid CTI Device) > Exp-C > Exp-E > ControlHub > 
(rings your cloud registered device)

Outbound Flow (cloud registered device calls PSTN via CCM or other on-prem 
device):

Cloud registered device (ControlHub) > Exp-E > Exp-C > CCM (interacts with the 
dialplan for onnet/offnet calling).

Basically, it’s a B2B call that gets 15 pieces of flair added to it so it can 
utilize your on-prem gateway for PSTN access. When you go through the 
configuration, One of the steps will lead you to creating CTI devices in 
communications manager which share the users DID (Essentially, and on premise 
representation of the cloud registered device). The inbound flow is a little 
unique as it essentially capitalizes on a bastardized form of SNR to ring the 
cloud device.

As far as security goes, you are mostly at the mercy of traditional call policy 
rules (or more specifically writing search rules for your zones).

I have found the following to be two good "reject" policies that tend not to 
interfere with most deployments (though they could if the internal URIs match 
the policy). Most organizations have Directory URIs that ultimately have been 
inherited from the user's email address or other corporate standardizations 
which these policies tend to avoid and also tend to deny routing to a 
surprising amount of obvious junk (typically, I apply CPL at the edge):


  *   ^[0-9,a-z,A-Z]{0,6}@.*
 *The first 0-6 characters are made up of alphanumerics 0-9 and/or 
upper/lower case letters, “@“ anything
*   Example: 123...@domain.com<mailto:123...@domain.com>
*   Example: noa...@domian.com<mailto:noa...@domian.com>
*   Example: 9...@domain.com<mailto:9...@domain.com>

  *   ^[0-9,a-z,A-Z]{0,6}$
 *   The first 0-6 characters are made up of alphanumerics 0-9 and/or 
upper/lower case letter and do not exceed the 6th character
 *   Example: 1000
 *   Example: 
 *   Example: NoAuth
 *

Good Luck!

-Ryan

On May 15, 2019, at 19:30, Jonathan Charles 
mailto:jonv...@gmail.com>> wrote:

Thanks!... looks like I have some more reading to do... so how does it prevent 
anyone from sending a pstn number to my expressway? How does it authenticate 
the Webex devices to pass calls to CUCM for?

Customer has enterprise licensing, so they should be able to do whatever they 
want...


Jonathan



On Wed, May 15, 2019 at 6:16 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
You’ll need a specific Webex DNS zone and the traversal trunk really just needs 
to support pre-loaded route headers and SIP parameter preservation (those are 
the most significant differences over the traversal / neighbor zone you might 
have setup for B2B).

It’s a simple enough configuration, but there are a few more moving parts than 
what the marketing may lead one to believe. Here is the configuration 
documentation: 
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/callservices/cmgt_b_ciscospark-hybrid-call-service-config-guide.html<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2FcloudCollaboration%2Fspark%2Fhybridservices%2Fcallservices%2Fcmgt_b_ciscospark-hybrid-call-service-config-guide.html=02%7C01%7C%7C7ee4a253802142b2a30f08d6d98d40fe%7C84df9e7fe9f640afb435%7C1%7C0%7C636935598030629961=1n%2BPAGaE0G2GZrt3Jq7l2uo41jWG0NYoZh5cUcHFAaw%3D=0>

Oh and don’t forget to enable MTLS on the edge and also be aware the ControlHub 
now requires CCM 11.5.1SU3 or better (it detects CCM version via call connector 
on Exp-C). It wouldn’t allow you to enable hybrid calling on cloud registered 
devices otherwise.

You can technically still get away using Expressway 8.11.4, but that’ll soon be 
a deprecated version for hybrid calling (you’ll get an alarm about it), so 
might as well go to 12.5.2 and be done with it.

BTW, if you try to upgrade an 8.x Expressway to 12.5.x, you will interact with 
GLO for the 12.x release key (can’t do it from the self service portal because 
the existing 8.x virtual license is already associated to a PAK and GLO has to 
invalidate that relationship first, then hash your new keys to 12.5.x).

Good Luck!

- Ryan

On May 15, 2019, at 18:42, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


Very good question. From what I understand, there’s a special traversal link 
built and it’s all “built-in” and uses the CSS of the remote destination or 
something like that.

I’ve read absolutely zero docs about this. This is all based on a quick convo I 
had. I had the same worries and if I recall correctly, my worries were somewhat 
alleviated.

However, that being said, there is only one template in control hub, so if your 
user needs a different setup on their remote destination (or something like 
that) you need to go make a man

Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via local PSTN

2019-05-15 Thread Ryan Huff

Yup, this stuff is soo fluid right now, it’s a contradictory mess . The 
on-prem registration, IMHO, is rrr from prime time (as you even noted, 
“preview mode”). I honestly think it’s a bit further out than what the 
marketing department would have us believe too ;).

Hopefully though, one day, we’ll all have this unified unicorn they’re 
promising... Jeams?... Jams? ... who knows 

Tops to you mate!

On May 15, 2019, at 22:31, Tim Smith 
mailto:tim.sm...@enject.com.au>> wrote:

Hi Ryan,

Yeah sorry, I realise you guys were talking WebEx Hybrid Call (formally Spark 
Hybrid).

Just pointing out there is some new stuff on horizon. Calling from WebEx Teams 
via CUCM feature.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/wbxt/ucmcalling/unified-cm-wbx-teams-deployment-guide/unified-cm-wbx-teams-deployment-guide_chapter_011.html<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2FcloudCollaboration%2Fwbxt%2Fucmcalling%2Funified-cm-wbx-teams-deployment-guide%2Funified-cm-wbx-teams-deployment-guide_chapter_011.html=02%7C01%7C%7C9379fa8f35284f2e6bfc08d6d9a6a4be%7C84df9e7fe9f640afb435%7C1%7C0%7C636935707083032550=b4UfPgVLInjyqap7dxRoF7T3PXcBna%2FOW0%2F7GY7maxA%3D=0>

It looks like this will replace the calling from Teams part of the old Hybrid 
Call (although not on mobile clients yet) – in fact it seems you have to remove 
their old Hybrid config to make them work.

Looks like you’d still need to retain Hybrid Call for cloud registered devices.

There was one specific annoyance with the Hybrid Call from the apps, and I 
can’t find it in my Teams search ☹

Cheers,

Tim


From: Ryan Huff mailto:ryanh...@outlook.com>>
Date: Thursday, 16 May 2019 at 12:14 pm
To: Tim Smith mailto:tim.sm...@enject.com.au>>
Cc: Jonathan Charles mailto:jonv...@gmail.com>>, 
"cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>" 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via 
local PSTN

This is Webex Hybrid Calling (which was formerly Spark Hybrid calling). Whether 
you configure for cloud registered codec devices, or Webex Teams clients, both 
use cases use the same configuration path / scenario to enable PSTN call via 
CUCM.
Sent from my iPhone

On May 15, 2019, at 22:08, Tim Smith 
mailto:tim.sm...@enject.com.au>> wrote:
Hey guys,

I think this one has changed a little.
We did “Spark hybrid calling” for one customer with the Spark RD devices in CUCM
Honestly, the experience was a little confusing.

I think the new direction is going to be the WebEx Calling via CUCM (it’s in 
preview mode still)
https://help.webex.com/en-us/n15ylys/Explore-Calling-in-Cisco-Webex-Teams-Unified-CM<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.webex.com%2Fen-us%2Fn15ylys%2FExplore-Calling-in-Cisco-Webex-Teams-Unified-CM=02%7C01%7C%7C9379fa8f35284f2e6bfc08d6d9a6a4be%7C84df9e7fe9f640afb435%7C1%7C0%7C636935707083042561=zbKn4%2Bo6qOMVpZuBvCVfY2L1QZF3s80v9w%2FeBPvmAKw%3D=0>

It’s not parity with the Hybrid Calling yet. (i.e. I think it’s only desktop)
Either way, I’d check out all the details first.

If you are not already on there, make sure you are on the Fabian bot in WebEx 
teams. (Not sure if it’s partners only)
These hybrid features are really starting to rock and roll now.

Cheers,

Tim

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Jonathan Charles mailto:jonv...@gmail.com>>
Date: Thursday, 16 May 2019 at 9:30 am
To: Ryan Huff mailto:ryanh...@outlook.com>>
Cc: "cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>" 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via 
local PSTN

Thanks!... looks like I have some more reading to do... so how does it prevent 
anyone from sending a pstn number to my expressway? How does it authenticate 
the Webex devices to pass calls to CUCM for?

Customer has enterprise licensing, so they should be able to do whatever they 
want...


Jonathan



On Wed, May 15, 2019 at 6:16 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
You’ll need a specific Webex DNS zone and the traversal trunk really just needs 
to support pre-loaded route headers and SIP parameter preservation (those are 
the most significant differences over the traversal / neighbor zone you might 
have setup for B2B).

It’s a simple enough configuration, but there are a few more moving parts than 
what the marketing may lead one to believe. Here is the configuration 
documentation: 
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/callservices/cmgt_b_ciscospark-hybrid-call-service-config-guide.html<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww

Re: [cisco-voip] IM Upgrade Steps during CUCM upgrade

2019-05-28 Thread Ryan Huff

Actually, I prefer to disable IMP HA before installing in the inactive PT. This 
way, if you have to flip back to the other partition for some reason, IMP is 
already in an “HA disabled” state, which tends to make IMP recover a little 
better in my experience. Then just enable HA once everything is stable.

Thanks,

Ryan

On May 28, 2019, at 14:03, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


Personally, I hate the fact that IM can’t be restarted without first 
disabling HA. So basically, if you have an unattended restart, you have to go 
in and make configuration changes.

Yuck.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook



From: NateCCIE mailto:natec...@gmail.com>>
Sent: Tuesday, May 28, 2019 12:46 PM
To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>; 'Bill Talley' 
mailto:btal...@gmail.com>>
Cc: 'voyp list, cisco-voip' 
mailto:cisco-voip@puck.nether.net>>
Subject: RE: [cisco-voip] IM Upgrade Steps during CUCM upgrade

Yeah, I HATE this bug.  Why in the world can’t the docwiki or what ever it’s 
called be updated quicker than a bug be filed/made universally known, and who 
came up with these recommendations TAC or the BU.

But I have seem IMP just not start services, and adding resources magic fix it.

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Lelio Fulgenzi
Sent: Tuesday, May 28, 2019 9:46 AM
To: Bill Talley mailto:btal...@gmail.com>>
Cc: voyp list, cisco-voip 
(cisco-voip@puck.nether.net) 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] IM Upgrade Steps during CUCM upgrade


In the words of the immortal Chris Farley….

holy schnikes

If possible, it is recommended to have 4vCPU and 8 GB RAM as we are seeing more 
cases with high CPU due to resources related.

They want 4 vCPU if possible? They think these things grow on trees? 

Right now, our two IMP servers are at 2 vCPU and 4GB of RAM. (5000 user OVA).

I’ll have to see about coordinating this change as well. We don’t have a lot of 
capacity/activity on these servers, so I think we should be OK for now.

Funny thing – Bug updated May 20, 2019, but virtualization docs still show old 
OVA information.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook



From: Bill Talley mailto:btal...@gmail.com>>
Sent: Tuesday, May 28, 2019 11:08 AM
To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>
Cc: voyp list, cisco-voip 
(cisco-voip@puck.nether.net) 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] IM Upgrade Steps during CUCM upgrade

That’s the process I typically follow without issues.

Also, I can’t recall if this was posted here, but wanted to make sure you’ve 
seen the recent changes to resource requirements for IM   This may not apply 
to you if you have more than 5000 users.

IM VM resource requirements needs to be updated
CSCvk65006
Description
Symptom:
IM version 11.5.1.x or 12.0.1.x installed using one of the following 
configuration:
150 users (Full UC) 1vCPU 2 GB RAM
1,000 users (Full UC) 1vCPU 4 GB RAM
5,000 users (Full UC) 2vCPU 4 GB RAM

Customers with any of the above configuration might notice an increase use of 
CPU and Memory resources.

This can be fixed by manually increasing the resources according to the table 
below:
150 users (Full UC) 2vCPU 8 GB RAM
1,000 users (Full UC) 2vCPU 8 GB RAM
5,000 users (Full UC) 2vCPU 8 GB RAM

Conditions:
Performance Issues

Workaround:
Manually increase resources according to the table below:
150 users (Full UC) 2vCPU 8 GB RAM
1,000 users (Full UC) 2vCPU 8 GB RAM
5,000 users (Full UC) 2vCPU 8 GB RAM

If possible, it is recommended to have 4vCPU and 8 GB RAM as we are seeing more 
cases with high CPU due to resources related.




Sent from an iOS device with very tiny touchscreen input keys.  Please excude 
my typtos.

On May 28, 2019, at 8:47 AM, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I'm reading the upgrade guide, specifically, the time

Re: [cisco-voip] IM Upgrade Steps during CUCM upgrade

2019-05-28 Thread Ryan Huff

This is what I do for an in-place upgrade with no other changes (hostname, IP
address.. etc).

I do the cucm pub first (obviously), then imp pub (which is more like a cucm
sub for upgrade purposes), then all the cucm and imp subs; everything into the
inactive pt.

I do the pubs individually, then I’ll do a couple subs at a time .. etc.

Next I Switch version on the pubs; cucm, imp then the subs.

On the switch version, I wait till one node is fully up (tomcat started) before
switching another.

May not be as efficient as it could be, but has kept me out of trouble thus
far; plan your dive, dive your plan.

On May 28, 2019, at 09:48, Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

I’m reading the upgrade guide, specifically, the time sequencing:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/upgrade/11_5_1/cucm_b_upgrade-guide-cucm-115/cucm_b_upgrade-guide-cucm-115_chapter_010010.html

and it mentions upgrading the IM publisher (to inactive partition) at the
same time as upgrading the subscribers. Then doing a switch version on the IMP
pub at the same time as the CUCM subs.

Anyone do this parallel type upgrade before?

Sure would save a lot of time.

Lelio

www.uoguelph.ca/ccs
| @UofGCCS on Instagram, Twitter and Facebook

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Cedf6cceff56c4271c0ea08d6e3732081%7C84df9e7fe9f640afb435%7C1%7C0%7C636946480931803660sdata=n96J0GwP3OzvowH3GaT0ql4dru%2FfLKIh4lIdTugoT8Y%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Cisco Live CLUS anyone??

2019-05-23 Thread Ryan Huff

rh...@byteworks.com<mailto:rh...@byteworks.com>, if any hard chargers are in 
the process of setting up a space...

Sent from my iPhone

On May 23, 2019, at 14:13, Peter Slow 
mailto:peter.s...@gmail.com>> wrote:

I want some Cheetos! I’ll be there!

On Thu, May 23, 2019 at 11:12 Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
I’m out here eating Cheetos with you. Let’s do a team’s space...

Sent from my iPhone

On May 23, 2019, at 14:01, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

We're a little over two weeks away from CLUS.  Ryan were you a fan of the Webex 
Teams space for us?  Or is this one of those Rounders moments, where everyone 
else is in the space right now, and I'm on the outside wondering if it even 
exists?  :(

On Tue, Apr 30, 2019 at 11:15 AM Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>> 
wrote:
By "green body paint," I hope you meant Hulk, because I already called dibs on 
cosplaying as Gamora.

On Tue, Apr 30, 2019 at 10:53 AM Jason Aarons (Americas) 
mailto:jason.aar...@dimensiondata.com>> wrote:
So which Avenger character are you going to be?  We fully expect you to dress 
up in character.  How do you look wearing green body paint?


From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Stephen Welsh
Sent: Tuesday, April 30, 2019 2:35 AM
To: Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Cisco Live CLUS anyone??


I’ll be there too.

The WebEx room was fun and helpful, another would be great.

We will have a stand again

Stephen Welsh
Founder & CTO
UnifiedFX
Sent from my iPhone

On 29 Apr 2019, at 20:39, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:
I'll be there!

Last year, I started a webex teams room for those of us who were in attendance 
(and wanted to be in the room).  A few of us used it to coordinate meetups.  
There was also some good conversation in the room during the week as well.  
Mostly, heads-ups on events, humor and commentary on what was being learned 
that week.

I might even been in the Engineering Deathmatch again, as a defending champ.  I 
hope to god they don't put me up against you Ryan.  Fingers crossed.

On Mon, Apr 29, 2019 at 2:19 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Just curious to know whom (if anyone) from the list will be at CLUS this year 
in San Diego? I will be and would love to meetup with those from the list whom 
I’ve only exchanged emails with thus far.
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C00339563478e47c1973608d6dfaa6ba1%7C84df9e7fe9f640afb435%7C1%7C0%7C636942320368587755=C6%2BNMoNCKEOFsZxgsLXOY6LmwJuEzKeQThmI3Rqhaf8%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C00339563478e47c1973608d6dfaa6ba1%7C84df9e7fe9f640afb435%7C1%7C0%7C636942320368607770=0UOYhTDJ%2BLbFUFbbEWSWyRD3100z7n926Yj3tUYH7tA%3D=0>


itevomcid
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C00339563478e47c1973608d6dfaa6ba1%7C84df9e7fe9f640afb435%7C1%7C0%7C636942320368627792=ik%2BL3tEXdoqz%2FG4Gdje%2Fh6U7KeJQ4QY4BhCLtthMdDU%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C00339563478e47c1973608d6dfaa6ba1%7C84df9e7fe9f640afb435%7C1%7C0%7C636942320368647808=FE6ufQsFgxg4v7P4i8480hyd89eOh7t2o3lDgs4btbA%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Cisco Live CLUS anyone??

2019-05-23 Thread Ryan Huff

I’m out here eating Cheetos with you. Let’s do a team’s space...

Sent from my iPhone

On May 23, 2019, at 14:01, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

We're a little over two weeks away from CLUS.  Ryan were you a fan of the Webex 
Teams space for us?  Or is this one of those Rounders moments, where everyone 
else is in the space right now, and I'm on the outside wondering if it even 
exists?  :(

On Tue, Apr 30, 2019 at 11:15 AM Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>> 
wrote:
By "green body paint," I hope you meant Hulk, because I already called dibs on 
cosplaying as Gamora.

On Tue, Apr 30, 2019 at 10:53 AM Jason Aarons (Americas) 
mailto:jason.aar...@dimensiondata.com>> wrote:
So which Avenger character are you going to be?  We fully expect you to dress 
up in character.  How do you look wearing green body paint?


From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Stephen Welsh
Sent: Tuesday, April 30, 2019 2:35 AM
To: Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Cisco Live CLUS anyone??


I’ll be there too.

The WebEx room was fun and helpful, another would be great.

We will have a stand again

Stephen Welsh
Founder & CTO
UnifiedFX
Sent from my iPhone

On 29 Apr 2019, at 20:39, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:
I'll be there!

Last year, I started a webex teams room for those of us who were in attendance 
(and wanted to be in the room).  A few of us used it to coordinate meetups.  
There was also some good conversation in the room during the week as well.  
Mostly, heads-ups on events, humor and commentary on what was being learned 
that week.

I might even been in the Engineering Deathmatch again, as a defending champ.  I 
hope to god they don't put me up against you Ryan.  Fingers crossed.

On Mon, Apr 29, 2019 at 2:19 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Just curious to know whom (if anyone) from the list will be at CLUS this year 
in San Diego? I will be and would love to meetup with those from the list whom 
I’ve only exchanged emails with thus far.
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C76bcbef5870a46015dc108d6dfa8ae5e%7C84df9e7fe9f640afb435%7C1%7C0%7C636942312900515065=MKGZ%2Bj4VeTuCisQ3jpQskGFNwaQwSdaQRs8q0u6Q4i4%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C76bcbef5870a46015dc108d6dfa8ae5e%7C84df9e7fe9f640afb435%7C1%7C0%7C636942312900535081=z7ZQjFBY%2BeG9g5nNS1bAUsTyCn%2BOEwU6B0uV8PiGBTo%3D=0>


itevomcid
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C76bcbef5870a46015dc108d6dfa8ae5e%7C84df9e7fe9f640afb435%7C1%7C0%7C636942312900545085=kLVBPJjQsHvwqOTZdjfS9SClvvyYXjV13Y1h8IntLUw%3D=0>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Multiple native CI/CH WebEx sites in same control hub org

2019-05-23 Thread Ryan Huff

I do

Sent from my iPhone

On May 23, 2019, at 19:09, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


Can anyone confirm they have a control hub org with multiple control hub / 
common identity managed Webex sites enabled?

I’m not talking linked sites. These are WebEx sites that were created from 
control hub as control hub managed from the get go.

There is some scuttlebutt that says this is not possible and it has me 
concerned.

Lelio


-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Cab8a72b7e1184f54e3d008d6dfd3ba33%7C84df9e7fe9f640afb435%7C1%7C0%7C636942497785801465sdata=d%2FPGJvCgZLoWQr5s2nKHxQadfVWn63IkOp1zsRokDBw%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via local PSTN

2019-05-16 Thread Ryan Huff

Apologies, didn’t mean to cause the need to meditate 

Sent from my iPhone

On May 16, 2019, at 11:02, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

"... this stuff is soo fluid right now, it’s a contradictory mess..."

This bothers me to an unhealthy degree.  I really need to meditate or something.

On Wed, May 15, 2019 at 9:39 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Yup, this stuff is soo fluid right now, it’s a contradictory mess . The 
on-prem registration, IMHO, is rrr from prime time (as you even noted, 
“preview mode”). I honestly think it’s a bit further out than what the 
marketing department would have us believe too ;).

Hopefully though, one day, we’ll all have this unified unicorn they’re 
promising... Jeams?... Jams? ... who knows 

Tops to you mate!

On May 15, 2019, at 22:31, Tim Smith 
mailto:tim.sm...@enject.com.au>> wrote:

Hi Ryan,

Yeah sorry, I realise you guys were talking WebEx Hybrid Call (formally Spark 
Hybrid).

Just pointing out there is some new stuff on horizon. Calling from WebEx Teams 
via CUCM feature.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/wbxt/ucmcalling/unified-cm-wbx-teams-deployment-guide/unified-cm-wbx-teams-deployment-guide_chapter_011.html<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2FcloudCollaboration%2Fwbxt%2Fucmcalling%2Funified-cm-wbx-teams-deployment-guide%2Funified-cm-wbx-teams-deployment-guide_chapter_011.html=02%7C01%7C%7C0c06fdfb1500415242ba08d6da0f89d8%7C84df9e7fe9f640afb435%7C1%7C0%7C636936157605890504=70z9uOBPVxB6F%2BpIk9YGMHr1OxsfRoc1%2BJGi61SJ8CU%3D=0>

It looks like this will replace the calling from Teams part of the old Hybrid 
Call (although not on mobile clients yet) – in fact it seems you have to remove 
their old Hybrid config to make them work.

Looks like you’d still need to retain Hybrid Call for cloud registered devices.

There was one specific annoyance with the Hybrid Call from the apps, and I 
can’t find it in my Teams search ☹

Cheers,

Tim


From: Ryan Huff mailto:ryanh...@outlook.com>>
Date: Thursday, 16 May 2019 at 12:14 pm
To: Tim Smith mailto:tim.sm...@enject.com.au>>
Cc: Jonathan Charles mailto:jonv...@gmail.com>>, 
"cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>" 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via 
local PSTN

This is Webex Hybrid Calling (which was formerly Spark Hybrid calling). Whether 
you configure for cloud registered codec devices, or Webex Teams clients, both 
use cases use the same configuration path / scenario to enable PSTN call via 
CUCM.
Sent from my iPhone

On May 15, 2019, at 22:08, Tim Smith 
mailto:tim.sm...@enject.com.au>> wrote:
Hey guys,

I think this one has changed a little.
We did “Spark hybrid calling” for one customer with the Spark RD devices in CUCM
Honestly, the experience was a little confusing.

I think the new direction is going to be the WebEx Calling via CUCM (it’s in 
preview mode still)
https://help.webex.com/en-us/n15ylys/Explore-Calling-in-Cisco-Webex-Teams-Unified-CM<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.webex.com%2Fen-us%2Fn15ylys%2FExplore-Calling-in-Cisco-Webex-Teams-Unified-CM=02%7C01%7C%7C0c06fdfb1500415242ba08d6da0f89d8%7C84df9e7fe9f640afb435%7C1%7C0%7C636936157605920531=QiAUsNC6BtKjjvJQWQEYxQ3FT7qc8oLU6UredrBrSnU%3D=0>

It’s not parity with the Hybrid Calling yet. (i.e. I think it’s only desktop)
Either way, I’d check out all the details first.

If you are not already on there, make sure you are on the Fabian bot in WebEx 
teams. (Not sure if it’s partners only)
These hybrid features are really starting to rock and roll now.

Cheers,

Tim

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Jonathan Charles mailto:jonv...@gmail.com>>
Date: Thursday, 16 May 2019 at 9:30 am
To: Ryan Huff mailto:ryanh...@outlook.com>>
Cc: "cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>" 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Call flow for device registered to Hybrid Cloud via 
local PSTN

Thanks!... looks like I have some more reading to do... so how does it prevent 
anyone from sending a pstn number to my expressway? How does it authenticate 
the Webex devices to pass calls to CUCM for?

Customer has enterprise licensing, so they should be able to do whatever they 
want...


Jonathan



On Wed, May 15, 2019 at 6:16 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
You’ll need a specific Webex DNS zone and the traversal trunk really just needs 
to support pre-loaded route headers and SIP parameter preservation (those are 
the most significant differences over the traversal / neighbor zone you might 
h

Re: [cisco-voip] Expressway E Firewall Rule Activation

2019-04-30 Thread Ryan Huff

Adam,

I certainly didn't mean to imply the, "Expressway Edge on a Stick" method 
doesn't work, though out of pure technical curiosity, I would be curious as to 
what exists in your environment that would make a " single NIC" Expressway Edge 
deployment more preferred than "dual NICs" (not that I expect you would or 
could say). I can think of very few reasons that a single NIC edge would be 
more ideal than a dual NIC edge (outside of the infosec team just not wanting 
to screw with the firewall, or production not being able to sustain a 
maintenance window); its easier to troubleshoot, easier to install, easier to 
support and easier to secure.

Though, I suspect I'm, "preaching to the choir", lol . All good my friend.

Thanks,

Ryan


From: Pawlowski, Adam 
Sent: Tuesday, April 30, 2019 11:36 AM
To: 'Ryan Huff'
Cc: cisco-voip@puck.nether.net
Subject: RE: [cisco-voip] Expressway E Firewall Rule Activation


Ryan,



The “tl;dr” is that we were sort of given the recommendation by Cisco to just 
run it with the single interface given our environment and requirements, and 
hasn’t given us any trouble that I can recall.



Long story is …

Our environment ends up being the driver for a lot of this, as it is sort of a 
historic design from the early internet, with just about everything on public 
address space, and various services and networks secured behind firewalls as 
needed from internal and external alike.



In the dual interface design, the outside interface sits in a “DMZ” with a 
firewall, which we don’t have available explicitly. There is a border firewall 
but that isn’t really its function. The inside leg has to sit somewhere as 
well, which is a place that doesn’t exist.

We did have a competitor’s border proxy become compromised in the past due to a 
software update, and this model where the inside wasn’t properly secured – and 
given our current VMWare topology, creating another zone to hairpin traffic 
around to separate that inside interface wasn’t in the cards. Not to mention 
the annoyance of trying to setup split routes on this device to allow some 
traffic to go in, some to go out, in an environment that is MRA only.



If you trust the E enough never to be a bad actor, then you could put that 
interface in the same zone as your other collaboration appliances, like the 
Expressway C, but, we didn’t want to do that either really.



Given that, we did have a call with Cisco to discuss this, and with 
representation from the Expressway group they recommended that we stick with 
the single interface design.  That was based on the public addressing (so we 
could avoid NAT reflection) and that despite the pipe dream of everyone wanting 
HD video calling and mobile client access, we didn’t see that we’d be pushing 
that much traffic.



As it is, the E clusters sit in a collaboration DMZ, where they are independent 
from any of our other appliances and treated like any other host on our 
network. Our application firewalls do not allow anything in from the Expressway 
E since the C tunnels to it, so really the only thing lacking from a security 
standpoint there could be containment of that host, but, we chose to guard from 
it instead.



Since we installed it back on X8.8 or whatever, I’d noted that rebooting the 
appliance does not reapply the internal rules, which can easily be forgotten, 
and would need to be remembered if you run a VMWare HA policy that restarts the 
guest.



That all being said the worst that we have seen are various SSH attempts (on 
any port, the zone tunnel, administrative SSH, doesn’t matter) until the rules 
are put back up. We could tighten them on the border once that becomes 
available to do so.



The B2BUA is invoked on calls within the appliances sometimes which can cause 
some confusion with attempting to read logging if need be, but it hasn’t 
otherwise caused us any trouble.



Adam







From: Ryan Huff 
Sent: Tuesday, April 30, 2019 10:13 AM
To: Pawlowski, Adam 
Cc: cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] Expressway E Firewall Rule Activation



That seems odd and not been my experience. Let me ask; why are you using the 
application firewall rather than the actual firewall (another reason all our 
edge’s should be using dual interfaces with LAN1 and LAN2 in their own separate 
security zones)? Is there a reason you have to, in other words?

Thanks,



Ryan

On Apr 30, 2019, at 08:49, Pawlowski, Adam 
mailto:aj...@buffalo.edu>> wrote:

Figured I’d also ask this question



I note that it seems like any time I reboot an Expressway E, I have to go and 
re-activate all the firewall rules. They don’t seem to activate automatically.



Is there something I missed or is this really what’s necessary?



Adam





___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://eur

Re: [cisco-voip] Expressway E Firewall Rule Activation

2019-04-30 Thread Ryan Huff

Not generally, no. A couple of my larger customer’s that have fully fleshed out 
IT departments did though.

For a few of my customers I’ve had to walk them through setting a 2nd one up. 
In some cases, not even a true DMZ and just a new network and lock it down with 
ACLs.

I’ve also had customer’s which do the DMZ on “LAN2” (outside), and then keeps 
LAN1 in the same network as Expressway-C. This particular method doesn’t offer 
a lot of advantages (from a infosec perspective) over a “Single NIC”, but still 
makes the traffic flow more logical, easier to support and troubleshoot and 
keeps you from having to “hairpin” in the firewall (ewww, like gag me with a 
spoon man lol), which I have never been a fan of from a design perspective.

-Ryan

On Apr 30, 2019, at 12:12, Anthony Holloway 
mailto:avholloway+cisco-v...@gmail.com>> wrote:

Ryan,

Do you have any insight as to whether or not it's common for Firewalls in the 
field to already have more than one DMZ defined?  In my limited experience, I 
have never seen it done, and I am having to have that second DMZ created to 
support Expressway.  For that reason, I actually tend to think the single NIC 
approach is better, although, the NAT reflection could be a limitation of some 
firewalls.

On Tue, Apr 30, 2019 at 11:09 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Adam,

I certainly didn't mean to imply the, "Expressway Edge on a Stick" method 
doesn't work, though out of pure technical curiosity, I would be curious as to 
what exists in your environment that would make a " single NIC" Expressway Edge 
deployment more preferred than "dual NICs" (not that I expect you would or 
could say). I can think of very few reasons that a single NIC edge would be 
more ideal than a dual NIC edge (outside of the infosec team just not wanting 
to screw with the firewall, or production not being able to sustain a 
maintenance window); its easier to troubleshoot, easier to install, easier to 
support and easier to secure.

Though, I suspect I'm, "preaching to the choir", lol . All good my friend.

Thanks,

Ryan


From: Pawlowski, Adam mailto:aj...@buffalo.edu>>
Sent: Tuesday, April 30, 2019 11:36 AM
To: 'Ryan Huff'
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: RE: [cisco-voip] Expressway E Firewall Rule Activation


Ryan,



The “tl;dr” is that we were sort of given the recommendation by Cisco to just 
run it with the single interface given our environment and requirements, and 
hasn’t given us any trouble that I can recall.



Long story is …

Our environment ends up being the driver for a lot of this, as it is sort of a 
historic design from the early internet, with just about everything on public 
address space, and various services and networks secured behind firewalls as 
needed from internal and external alike.



In the dual interface design, the outside interface sits in a “DMZ” with a 
firewall, which we don’t have available explicitly. There is a border firewall 
but that isn’t really its function. The inside leg has to sit somewhere as 
well, which is a place that doesn’t exist.

We did have a competitor’s border proxy become compromised in the past due to a 
software update, and this model where the inside wasn’t properly secured – and 
given our current VMWare topology, creating another zone to hairpin traffic 
around to separate that inside interface wasn’t in the cards. Not to mention 
the annoyance of trying to setup split routes on this device to allow some 
traffic to go in, some to go out, in an environment that is MRA only.



If you trust the E enough never to be a bad actor, then you could put that 
interface in the same zone as your other collaboration appliances, like the 
Expressway C, but, we didn’t want to do that either really.



Given that, we did have a call with Cisco to discuss this, and with 
representation from the Expressway group they recommended that we stick with 
the single interface design.  That was based on the public addressing (so we 
could avoid NAT reflection) and that despite the pipe dream of everyone wanting 
HD video calling and mobile client access, we didn’t see that we’d be pushing 
that much traffic.



As it is, the E clusters sit in a collaboration DMZ, where they are independent 
from any of our other appliances and treated like any other host on our 
network. Our application firewalls do not allow anything in from the Expressway 
E since the C tunnels to it, so really the only thing lacking from a security 
standpoint there could be containment of that host, but, we chose to guard from 
it instead.



Since we installed it back on X8.8 or whatever, I’d noted that rebooting the 
appliance does not reapply the internal rules, which can easily be forgotten, 
and would need to be remembered if you run a VMWare HA policy that restarts the 
guest.



That all being said the worst th

Re: [cisco-voip] Expressway E Firewall Rule Activation

2019-04-30 Thread Ryan Huff

Look at that, you did say. I just "tl;dr"'ed it hahah

-Ryan

From: cisco-voip  on behalf of Ryan Huff 

Sent: Tuesday, April 30, 2019 12:08 PM
To: Pawlowski, Adam
Cc: cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] Expressway E Firewall Rule Activation

Adam,

I certainly didn't mean to imply the, "Expressway Edge on a Stick" method 
doesn't work, though out of pure technical curiosity, I would be curious as to 
what exists in your environment that would make a " single NIC" Expressway Edge 
deployment more preferred than "dual NICs" (not that I expect you would or 
could say). I can think of very few reasons that a single NIC edge would be 
more ideal than a dual NIC edge (outside of the infosec team just not wanting 
to screw with the firewall, or production not being able to sustain a 
maintenance window); its easier to troubleshoot, easier to install, easier to 
support and easier to secure.

Though, I suspect I'm, "preaching to the choir", lol . All good my friend.

Thanks,

Ryan

From: Pawlowski, Adam 
Sent: Tuesday, April 30, 2019 11:36 AM
To: 'Ryan Huff'
Cc: cisco-voip@puck.nether.net
Subject: RE: [cisco-voip] Expressway E Firewall Rule Activation

Ryan,

The “tl;dr” is that we were sort of given the recommendation by Cisco to just 
run it with the single interface given our environment and requirements, and 
hasn’t given us any trouble that I can recall.

Long story is …

Our environment ends up being the driver for a lot of this, as it is sort of a 
historic design from the early internet, with just about everything on public 
address space, and various services and networks secured behind firewalls as 
needed from internal and external alike.

In the dual interface design, the outside interface sits in a “DMZ” with a 
firewall, which we don’t have available explicitly. There is a border firewall 
but that isn’t really its function. The inside leg has to sit somewhere as 
well, which is a place that doesn’t exist.

We did have a competitor’s border proxy become compromised in the past due to a 
software update, and this model where the inside wasn’t properly secured – and 
given our current VMWare topology, creating another zone to hairpin traffic 
around to separate that inside interface wasn’t in the cards. Not to mention 
the annoyance of trying to setup split routes on this device to allow some 
traffic to go in, some to go out, in an environment that is MRA only.

If you trust the E enough never to be a bad actor, then you could put that 
interface in the same zone as your other collaboration appliances, like the 
Expressway C, but, we didn’t want to do that either really.

Given that, we did have a call with Cisco to discuss this, and with 
representation from the Expressway group they recommended that we stick with 
the single interface design.  That was based on the public addressing (so we 
could avoid NAT reflection) and that despite the pipe dream of everyone wanting 
HD video calling and mobile client access, we didn’t see that we’d be pushing 
that much traffic.

As it is, the E clusters sit in a collaboration DMZ, where they are independent 
from any of our other appliances and treated like any other host on our 
network. Our application firewalls do not allow anything in from the Expressway 
E since the C tunnels to it, so really the only thing lacking from a security 
standpoint there could be containment of that host, but, we chose to guard from 
it instead.

Since we installed it back on X8.8 or whatever, I’d noted that rebooting the 
appliance does not reapply the internal rules, which can easily be forgotten, 
and would need to be remembered if you run a VMWare HA policy that restarts the 
guest.

That all being said the worst that we have seen are various SSH attempts (on 
any port, the zone tunnel, administrative SSH, doesn’t matter) until the rules 
are put back up. We could tighten them on the border once that becomes 
available to do so.

The B2BUA is invoked on calls within the appliances sometimes which can cause 
some confusion with attempting to read logging if need be, but it hasn’t 
otherwise caused us any trouble.

Adam

From: Ryan Huff 
Sent: Tuesday, April 30, 2019 10:13 AM
To: Pawlowski, Adam 
Cc: cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] Expressway E Firewall Rule Activation

That seems odd and not been my experience. Let me ask; why are you using the 
application firewall rather than the actual firewall (another reason all our 
edge’s should be using dual interfaces with LAN1 and LAN2 in their own separate 
security zones)? Is there a reason you have to, in other words?

Thanks,

Ryan

On Apr 30, 2019, at 08:49, Pawlowski, Adam 
mailto:aj...@buffalo.edu>> wrote:

Figured I’d also ask this question

I note that it seems like any time I reboot an Expressway E, I have to go and 
re-acti

Re: [cisco-voip] [EXT] Re: Expressway E Firewall Rule Activation

2019-04-30 Thread Ryan Huff


@Anthony Holloway<mailto:avholloway+cisco-v...@gmail.com> You are correct. 
Whether Expressway Control crosses a network boundary or not to talk to 
Expressway Edge (LAN1), its still communicating; it just doesn't have the 
additional network boundary (that it traverses) for protection (where the ACLs 
live). In essence, if someone compromised the Expressway Edge, they could also 
in theory, get to the Expressway Control server since edge LAN2 inherently 
talks to edge LAN1. Since many customers put the Expressway Control server on 
the same network as the rest of the UC servers... yikes.

The LAN1 DMZ (or at least a separate network with ACLs if you can't do a true 
security context) is very important in the dual NIC design. On the occasions 
where I've found customers with Expressway Control and Edge (LAN1) in the same 
network, I have advised them to change that to a DMZ or just separate network 
with ACLs (which is usually sufficient) ... anything to get some type of 
barrier between Expressway Control and Edge (LAN1).

That said, "Expressway on a Stick" works just fine barring limitations to 
"hairpinning" in whatever the firewall is; though it is not the Cisco 
recommended deployment model in the documentation. Every Expressway deployment 
should try to achieve two security contexts on the edge (or isolated networks 
with ACLs).

-Ryan


From: Jeffrey McHugh 
Sent: Tuesday, April 30, 2019 1:29 PM
To: Ryan Huff; Anthony Holloway
Cc: cisco-voip@puck.nether.net; Pawlowski, Adam
Subject: RE: [EXT] Re: [cisco-voip] Expressway E Firewall Rule Activation


I see a mixture of both and insist on the dual, even it means pushing back an 
implementation.



TAC recommends the dual and the advanced networking guide calls that out, along 
with “not all firewalls support the singe NIC type of NAT”,  it uses about 
triple the bandwidth per call and I don’t think you can cluster them w only 
single NIC



Jeffrey McHugh | Sr. Collaboration Consulting Engineer

[Company_Logo_Image]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fidelus.com%2F=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435%7C1%7C0%7C636922422183579759=12L445HKngUMa7KgEKAHcJ1Q8B2juxp0QnlgqCel9%2FY%3D=0>
Fidelus Technologies, LLC
Named Best UC Provider in the 
USA<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fidelus.com%2Ffidelus-technologies-named-best-unified-communications-provider-in-the-usa%2F=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435%7C1%7C0%7C636922422183589770=dX1CbaWKZbL5%2F3gTq2nHG%2BF9GA01Y%2BzZmtxBJ7WbnVs%3D=0>
240 West 35th Street, 6th Floor, New York, NY 10001
+1-212-616-7801 office | +1-212-616-7850 fax | 
www.fidelus.com<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fidelus.com%2F=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435%7C1%7C0%7C636922422183599775=la9a%2F2nGCB%2BUBT6JxxSuLZodhixLK2qY4bVW9ws1PtU%3D=0>
[LinkedIn]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Ffidelus-technologies%2Fproducts=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435%7C1%7C0%7C636922422183609786=Ho6IAzCFVh4UkBZdoMw8%2Bd0I5K0SavdgAZ7MuxwnI4I%3D=0>[Twitter]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2FFidelusUCC=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435%7C1%7C0%7C636922422183619791=WJ3mKlMcZ3QwuiiJ%2B4pt6wK6Exmw4JCKwNRNpmrqacU%3D=0>[Facebook]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FFidelusUCC=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435%7C1%7C0%7C636922422183629802=I%2FnjBEdwRJKy3zsEI41fW%2BZAQeOkiLcbWffpF%2BlQYP8%3D=0>[YouTube]<https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.youtube.com%2FFidelusTraining=02%7C01%7C%7Cf85c7280f60040476fa308d6cd918314%7C84df9e7fe9f640afb435%7C1%7C0%7C636922422183639807=Vckk3PrVKllvNCL8ol%2Bs9O%2BGF%2FjneLYtPe6wcJyUSow%3D=0>

Disclaimer - This email and any files transmitted with it are confidential and 
intended solely for the person(s) addressed to. If you are not the named 
addressee you should not disseminate, distribute, copy or alter this email. Any 
views or opinions presented in this email are solely those of the author and 
might not represent those of Fidelus Technologies, LLC. Warning: Although 
Fidelus Technologies, LLC has taken reasonable precautions to ensure no viruses 
are present in this email, the company cannot accept responsibility for any 
loss or damage arising from the use of this email or attachments.

From: cisco-voip  On Behalf Of Ryan Huff
Sent: Tuesday, April 30, 2019 12:33 PM
To: Anthony Holloway 
Cc: cisco-voip@puck.nether.net; Pawlowski, Adam 
Subject: [EXT] Re:

Re: [cisco-voip] Expressway E Firewall Rule Activation

2019-04-30 Thread Ryan Huff

Shucks Adam, I didn’t think you were snippy at all :). Listen, the only way to 
truly offend me is to take the last beer BEFORE the designated gofer for the 
night has Uber’ed his/her way back from the package store ;).

Stay Classy AP ;)

- RH

Sent from my iPhone

On Apr 30, 2019, at 13:20, Pawlowski, Adam 
mailto:aj...@buffalo.edu>> wrote:

No snipe intended! Just been a rough day here.

Normally I wouldn’t get too far into details but, I feel like there are other 
customers out there who would have a similar network design with an in and an 
out, and it maybe be simpler to deploy this way, given the considerations.

And as always, I like to post and see what I can learn, especially from 
superstars such as yourself ☺

Best,

Adam Pawlowski
SUNYAB NCS

From: Ryan Huff mailto:ryanh...@outlook.com>>
Sent: Tuesday, April 30, 2019 12:09 PM
To: Pawlowski, Adam mailto:aj...@buffalo.edu>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Expressway E Firewall Rule Activation

Adam,

I certainly didn't mean to imply the, "Expressway Edge on a Stick" method 
doesn't work, though out of pure technical curiosity, I would be curious as to 
what exists in your environment that would make a " single NIC" Expressway Edge 
deployment more preferred than "dual NICs" (not that I expect you would or 
could say). I can think of very few reasons that a single NIC edge would be 
more ideal than a dual NIC edge (outside of the infosec team just not wanting 
to screw with the firewall, or production not being able to sustain a 
maintenance window); its easier to troubleshoot, easier to install, easier to 
support and easier to secure.

Though, I suspect I'm, "preaching to the choir", lol . All good my friend.

Thanks,

Ryan


From: Pawlowski, Adam mailto:aj...@buffalo.edu>>
Sent: Tuesday, April 30, 2019 11:36 AM
To: 'Ryan Huff'
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: RE: [cisco-voip] Expressway E Firewall Rule Activation


Ryan,



The “tl;dr” is that we were sort of given the recommendation by Cisco to just 
run it with the single interface given our environment and requirements, and 
hasn’t given us any trouble that I can recall.



Long story is …

Our environment ends up being the driver for a lot of this, as it is sort of a 
historic design from the early internet, with just about everything on public 
address space, and various services and networks secured behind firewalls as 
needed from internal and external alike.



In the dual interface design, the outside interface sits in a “DMZ” with a 
firewall, which we don’t have available explicitly. There is a border firewall 
but that isn’t really its function. The inside leg has to sit somewhere as 
well, which is a place that doesn’t exist.

We did have a competitor’s border proxy become compromised in the past due to a 
software update, and this model where the inside wasn’t properly secured – and 
given our current VMWare topology, creating another zone to hairpin traffic 
around to separate that inside interface wasn’t in the cards. Not to mention 
the annoyance of trying to setup split routes on this device to allow some 
traffic to go in, some to go out, in an environment that is MRA only.



If you trust the E enough never to be a bad actor, then you could put that 
interface in the same zone as your other collaboration appliances, like the 
Expressway C, but, we didn’t want to do that either really.



Given that, we did have a call with Cisco to discuss this, and with 
representation from the Expressway group they recommended that we stick with 
the single interface design.  That was based on the public addressing (so we 
could avoid NAT reflection) and that despite the pipe dream of everyone wanting 
HD video calling and mobile client access, we didn’t see that we’d be pushing 
that much traffic.



As it is, the E clusters sit in a collaboration DMZ, where they are independent 
from any of our other appliances and treated like any other host on our 
network. Our application firewalls do not allow anything in from the Expressway 
E since the C tunnels to it, so really the only thing lacking from a security 
standpoint there could be containment of that host, but, we chose to guard from 
it instead.



Since we installed it back on X8.8 or whatever, I’d noted that rebooting the 
appliance does not reapply the internal rules, which can easily be forgotten, 
and would need to be remembered if you run a VMWare HA policy that restarts the 
guest.



That all being said the worst that we have seen are various SSH attempts (on 
any port, the zone tunnel, administrative SSH, doesn’t matter) until the rules 
are put back up. We could tighten them on the border once that becomes 
available to do so.



The B2BUA is invoked on calls within the appliances sometimes which can cause 
some co

[cisco-voip] Cisco Live CLUS anyone??

2019-04-29 Thread Ryan Huff

Just curious to know whom (if anyone) from the list will be at CLUS this year 
in San Diego? I will be and would love to meetup with those from the list whom 
I’ve only exchanged emails with thus far.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] External call attempts to Expressway E

2019-04-29 Thread Ryan Huff

In full disclosure, I have not looked at the links you've referenced, just 
offering my thoughts on your questions. First, lets agree that preventing 100% 
of toll-fraud is a fool's errand; the only way to 100% prevent it is to power 
it off.

That said, making toll-fraud "less possible" in Expressway is more challenging 
than a traditional "CUBE" because unlike NANP, URI's can be damn well what the 
business pleases, and you also have to consider the calling scenarios (Example: 
Hybrid call connect could absolutely have "e...@domain.call.ciscospark.com" 
calls coming inbound as source URIs). A system that will only ever have 
outbound calls to Webex CMRs can have a call policy written to prevent calls 
with source URIs matching the internal domain whereas a multi-national 
deployment of two separate systems (with the same doamian), not on-net and 
separated by the Internet may not be able to.

To that end, writing call policies for Expressway has (and always will be) 
something that is customized to the deployment.

I have found the following to be two good "reject" policies that tend not to 
interfere with most deployments (though they could if the internal URIs match 
the policy). Most organizations have Directory URIs that ultimately have been 
inherited from the user's email address or other corporate standardizations 
which these policies tend to avoid and also tend to deny routing to a 
surprising amount of obvious junk (typically, I apply CPL at the edge):


  *   ^[0-9,a-z,A-Z]{0,6}@.*
 *The first 0-6 characters are made up of alphanumerics 0-9 and/or 
upper/lower case letters, “@“ anything
*   Example: 123...@domain.com
*   Example: noa...@domian.com
*   Example: 9...@domain.com

  *   ^[0-9,a-z,A-Z]{0,6}$
 *   The first 0-6 characters are made up of alphanumerics 0-9 and/or 
upper/lower case letter and do not exceed the 6th character
 *   Example: 1000
 *   Example: 
 *   Example: NoAuth

Thanks,

Ryan Huff, CCDP, CCNP
Cisco Certified Network and Design Professional


From: cisco-voip  on behalf of Pawlowski, 
Adam 
Sent: Monday, April 29, 2019 1:13 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] External call attempts to Expressway E


All,



I know I’d asked here and elsewhere in the past regarding spam calls and call 
setup attempts, which seem to be part of the reality of being on the public 
internet. We see consistent call attempts from our own domain, as well as 
@google.com . More lately, I see them pop up with the from address of what 
appears to be another customer’s Expressway E. Not many, but a few.



When I set up CPL on our appliances I had referred initially to this blog post:



https://ciscoshizzle.blogspot.com/2016/05/hardening-your-cisco-vcs-expressway.html<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fciscoshizzle.blogspot.com%2F2016%2F05%2Fhardening-your-cisco-vcs-expressway.html=02%7C01%7C%7Cba259ed920cc480bce2908d6ccc61e5b%7C84df9e7fe9f640afb435%7C1%7C0%7C636921548609965133=nJTRYojsHwoCXwo9gb%2BRETRszZtbZc%2BlwPpqp9IviCw%3D=0>



Expressway was new to me and the documentation was (is) not such that you could 
simply open it and understand how to set it all up end to end without going 
through the process as the tasks are sort of split between documents. I wanted 
to note that in this blog they mention that they don’t make any attempt to 
block routing externally, such that you wouldn’t necessarily care to block 
calls from the default zone back out across DNS because they weren’t coming to 
your enterprise. I am assuming that it is possible to configure your search 
rules to allow this to happen.



I don’t understand the point of this, other than perhaps you could attempt 
calls through known hosts in case they happened to have some sort of trust 
relationship running, or to try and skirt (or poison) blacklists.



Is anyone else seeing that type of call attempt? Do you think it’s worth trying 
to reach out to groups that appear to be proxying these calls?



Best,



Adam Pawlowski

SUNYAB NCS


___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Cisco Live CLUS anyone??

2019-04-29 Thread Ryan Huff

Listen,

No one goes to the Hall of Justice without trying to at least trying to see 
some of the Justice League...

Sent from my iPhone

On Apr 29, 2019, at 21:07, Jason Aarons (Americas) 
mailto:jason.aar...@dimensiondata.com>> wrote:

I’ll be there, but trying to sync up has been pretty hard given the size of 
venue etc!

-jason

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Anthony Holloway
Sent: Monday, April 29, 2019 3:38 PM
To: Ryan Huff mailto:ryanh...@outlook.com>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Cisco Live CLUS anyone??


I'll be there!

Last year, I started a webex teams room for those of us who were in attendance 
(and wanted to be in the room).  A few of us used it to coordinate meetups.  
There was also some good conversation in the room during the week as well.  
Mostly, heads-ups on events, humor and commentary on what was being learned 
that week.

I might even been in the Engineering Deathmatch again, as a defending champ.  I 
hope to god they don't put me up against you Ryan.  Fingers crossed.

On Mon, Apr 29, 2019 at 2:19 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Just curious to know whom (if anyone) from the list will be at CLUS this year 
in San Diego? I will be and would love to meetup with those from the list whom 
I’ve only exchanged emails with thus far.
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip=02%7C01%7C%7C38bbb40c464943939cf008d6cd084649%7C84df9e7fe9f640afb435%7C1%7C0%7C636921832747285311=WqyCPPpj903sxIEiVeWR7xZFjHRk%2Bd8%2BF8xIIFvhsbc%3D=0>


itevomcid
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Expressway E Firewall Rule Activation

2019-04-30 Thread Ryan Huff

That seems odd and not been my experience. Let me ask; why are you using the 
application firewall rather than the actual firewall (another reason all our 
edge’s should be using dual interfaces with LAN1 and LAN2 in their own separate 
security zones)? Is there a reason you have to, in other words?

Thanks,

Ryan

On Apr 30, 2019, at 08:49, Pawlowski, Adam 
mailto:aj...@buffalo.edu>> wrote:

Figured I’d also ask this question

I note that it seems like any time I reboot an Expressway E, I have to go and 
re-activate all the firewall rules. They don’t seem to activate automatically.

Is there something I missed or is this really what’s necessary?

Adam


___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C3fcc9eb351fe41b70dfc08d6cd6a4a65%7C84df9e7fe9f640afb435%7C1%7C0%7C636922253726465693sdata=72kYzwChhoFD14H6a6mRTn4TdHUcMDcFWrMSXpRo%2Btw%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CPU Reservations

2019-07-10 Thread Ryan Huff

People view dial tone as if it were in the US Bill of Rights. Let it not be 
there when expected and see what happens. It’s a fascinating social experience.

Sent from my iPhone

On Jul 10, 2019, at 10:47, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

My answer back to them is this most of the time:

Me: “Please pick up your phone.”
Them: (they pick up their phone)
Me: “What did you hear?”
Them: “Dial Tone”
Me: _That’s_ why we need resource reservation.

And then I go on to ask them how they’d feel if that dial tone or other 
features were delayed by a ½ second? 1 second? 2 seconds?

They’re still not happy, but they begin to get the picture.

Of course, my example may not be the best example, but it gets the message 
across.




---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook



From: Palmer, Brian mailto:brian.pal...@bcbsfl.com>>
Sent: Wednesday, July 10, 2019 9:35 AM
To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>; Wes Sisk 
(wsisk) mailto:ws...@cisco.com>>
Cc: cisco-voip@puck.nether.net; Pawlowski, 
Adam mailto:aj...@buffalo.edu>>
Subject: RE: [cisco-voip] CPU Reservations

The VM team here when I told them we had to have resource reservation and no 
oversubscription always complain.  “Your servers don’t consume anywhere near 
that capacity I can show you the performance stats”  “Every vendor asks for 
resource reservation that comes in”

That is what I always hear from them.

Brian Palmer| VoiceOps | DC6 3 355
904-905-8263  |  Internal Ext: 58263

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Lelio Fulgenzi
Sent: Monday, July 8, 2019 10:42 PM
To: Wes Sisk (wsisk) mailto:ws...@cisco.com>>
Cc: cisco-voip@puck.nether.net; Pawlowski, 
Adam mailto:aj...@buffalo.edu>>
Subject: Re: [cisco-voip] CPU Reservations



“ccm.bin at its core is a distributed real time state machine.”

^^^ this ^^^

This is what I try to tell people when they tell me that they can run 50 
machines on the same boxes that I run 10.

And they _still_ don’t get it.


-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca

http://defang.bcbsfl.com/defang.php?url=www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jul 8, 2019, at 7:38 PM, Wes Sisk (wsisk) via cisco-voip 
mailto:cisco-voip@puck.nether.net>> wrote:
ccm.bin at its core is a distributed real time state machine.

We comply with applicable Federal civil rights laws and do not discriminate.

You may access the Non-Discrimination and Accessibility Notice 
here.

Language Assistance Available:

Español, Kreyol Ayisien, Tiếng Việt, Português, 中文, français, Tagalog, русский, 
italiano, Deutsche, 한국어, Polskie, Gujarati, ไทย, العربية, 日本語, 
فارسی

Florida Blue is a trade name of Blue Cross and Blue Shield of Florida, Inc.  
Blue Cross and Blue Shield of Florida, Inc., and its subsidiary and affiliate 
companies are not responsible for errors or omissions in this e-mail message. 
Any personal comments made in this e-mail do not reflect the views of Blue 
Cross and Blue Shield of Florida, Inc.  The information contained in this 
document may be confidential and intended solely for the use of the individual 
or entity to whom it is addressed.  This document may contain material that is 
privileged or protected from disclosure under applicable law.  If you are not 
the

Re: [cisco-voip] CPU Reservations

2019-07-08 Thread Ryan Huff

Adam,

You'd probably be less likely to have an "issue" if the host's aggregate 
compute resources are at least 30%-35% below subscribed capacity (but no 
guarantees). Real time traffic on the software such as mtp, moh,.. etc (I think 
UCOS even has some files that internally communicate via real time or near real 
time) can be a diva at times. There are two things that come to mind that I 
have always seen give issue to real time traffic without fail;


  *   latency and jitter, albeit spatial or mechanical such as distance or 
clock cycles
  *   unreliable or latent synchronization (I'd humbly suggest this is anything 
over 5 hops from a cesium clock, but Cisco says 3 so we'll go with that)

I've found that if you violate either of these, you can be in for a wild ride. 
The symptoms are often obscure, inconsistent and seemingly unrelated to any 
other known issues; a small delay in voice that randomly pops up here or there 
for one or two phones, a presence HA pair that randomly fails over for no 
apparent reason, some phones not showing call history, SIP trunks going out of 
service.. etc. These issues can be very difficult to troubleshoot because there 
won't "appear" to be anything wrong.

Its "hit or miss" at best with the CPU reservations (on a host that is not 
already over subscribed) I'd say; if the UC VM has to wait (delay) on cycle 
time, even for a fraction of a second, it may or may not cause you an issue... 
just depends on what the server was trying to do at the time, and if it 
involved real time traffic. If you've got UC VMs in the mix with HA / 
clustering, then the VMs will be even less tolerant of asking for cycle time 
rather than it just being available.

The safest path is to guarantee (reserve) the require resources to the UC VM, 
even though it may not ever (or nearly never) use the full capacity (because 
having cycle time readily available and having to ask the scheduler for cycle 
time that is available is not the same thing).

Think of it like insurance, you're not paying for it because you don't need it 
(actual waste), you're paying because of that one time you do need it and don't 
know it.

Thanks,

Ryan

From: cisco-voip  on behalf of Pawlowski, 
Adam 
Sent: Monday, July 8, 2019 11:57 AM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] CPU Reservations


Hi all,



It’s been a bit since I’ve asked this question, if I have here before.



Do we all run our UC appliances in VMWare with the full CPU MHz and core 
reservations prescribed by Cisco, in production? Or, if you have information on 
hand regarding the actual resource usage, have any of you taken on resizing the 
VM reservations?



The various documents are very much so clear that oversubscription isn’t 
supported, but, it also talks about vCPU to cores which I’m told doesn’t really 
play out in VMWare as it’s a MHz reservation that can be scheduled in to 
available hardware.



There are various statements peppered in about running your own VM environment 
with best practices – but also the 1:1 pcore:vcore comments.



Is anyone turning these knobs? Has anyone stepped over that pcore:vcore line 
when it appears there are enough resources?



I’m looking for thoughts or unforeseen consequences that we can use to back 
somewhat of the case as to why we need to continue to fund hardware at scale 
which is largely idle.



Adam




___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] How difficult is hybrid call (connector) setup ?

2019-07-02 Thread Ryan Huff

It’s not that bad (maybe 1 - 2 hours to get a functional test going).

The most unexpected thing I think you may run into is the use/need for MTLS 
(TCP:5062) between the Edge and Control Hub. Also, your Expressway version 
should be 12.5.x (I think 8.11.4 may still work but you’ll get an alarm telling 
you to upgrade if it does work).

Outside of that, it’s a splash of nerd knob turning in the control hub, some 
search rule / traversal & dns zone magic in Expressway C/E and setting up the 
management/call connector in Expressway, you can even re-use a MRA (unified 
communications) traversal client/server (or create a dedicated traversal if so 
inclined).

Here is the guide you’d want to follow for it and it’s pretty complete and well 
written: 
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/callservices/cmgt_b_ciscospark-hybrid-call-service-config-guide.html

Thanks,

Ryan

On Jul 2, 2019, at 21:30, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:


On a scale from 1 to 10, how difficult and/or time consuming is it to setup 
call hybrid connector with WebEx?

I’m just about convinced that I’d rather register our room devices and SX20s to 
the cloud. But people would like to be able to dial extensions and PSTN 
numbers. Being able to use our audio bridges would also be of benefit (ya, I 
understand the irony of that).


-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
2W1
519-824-4120 Ext. 56354 | 
le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C9235159648ab4fda30f808d6ff55f95c%7C84df9e7fe9f640afb435%7C1%7C0%7C636977142054880224sdata=pMRyrYjCx8kKeTKrdkE5EHylZ5bfL2ZVHhf3x6mcVGs%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] How difficult is hybrid call (connector) setup ?

2019-07-02 Thread Ryan Huff

It all comes down to what you are using your Expressways for. In a Webex Hybrid
call connect scenario you could in theory, have calls with source uri’s using
your domain, which in a pure B2B scenario is usually something you’d deny with
a call policy.

As I understand it, the dedicated Expressway recommendation (outside of pure
capacity reasons) is to make it easier to write call policies that don’t
interfere with other use cases since Expressway doesn’t really have a
partitioning mechanism (outside of what you can do with search rules).

You really have to go to the Ninja master level with your regular expressions
in your search rules and call polices to get multiple use cases setup and using
call policies to reduce toll fraud... and have everything work.

... and this is where Cisco should, in my opinion, step up to the plate a
little. The best answer really shouldn’t be, “just deploy and use another
Expressway”.

Yes, that is easier than refining CPL and search rules, but many customers run
tight compute/storage budgets (Ex. be6k) and cant always spin up more
Expressways.

-R

On Jul 2, 2019, at 22:06, Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

Ok. Thanks.

I think we’re on a low version of expressway. I’ll have to confirm.

My memory is failing, and I can’t find it in my notes, but in one session they
talked about using a separate pair of C’s and E’s or have a high risk of toll
fraud.

I believe it was in my Sunday techtorial. I’ll have to reach out to them.

-sent from mobile device-

www.uoguelph.ca/ccs<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7Cc007f1e5951c4fe8148208d6ff5afe84%7C84df9e7fe9f640afb435%7C1%7C0%7C636977163613983703=eA%2F4KJe0VRJ%2FijsYobqcETIGcYwju9f7Q5zZa0XiPAM%3D=0>
| @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jul 2, 2019, at 9:49 PM, Ryan Huff
mailto:ryanh...@outlook.com>> wrote:

It’s not that bad (maybe 1 - 2 hours to get a functional test going).

The most unexpected thing I think you may run into is the use/need for MTLS
(TCP:5062) between the Edge and Control Hub. Also, your Expressway version
should be 12.5.x (I think 8.11.4 may still work but you’ll get an alarm telling
you to upgrade if it does work).

Outside of that, it’s a splash of nerd knob turning in the control hub, some
search rule / traversal & dns zone magic in Expressway C/E and setting up the
management/call connector in Expressway, you can even re-use a MRA (unified
communications) traversal client/server (or create a dedicated traversal if so
inclined).

Here is the guide you’d want to follow for it and it’s pretty complete and well
written:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/callservices/cmgt_b_ciscospark-hybrid-call-service-config-guide.html<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fvoice_ip_comm%2FcloudCollaboration%2Fspark%2Fhybridservices%2Fcallservices%2Fcmgt_b_ciscospark-hybrid-call-service-config-guide.html=02%7C01%7C%7Cc007f1e5951c4fe8148208d6ff5afe84%7C84df9e7fe9f640afb435%7C1%7C0%7C636977163613993708=Ryhmmh%2F1SxqFB8uOU6S%2FTWioJ5IUVgDkjxCEUk0SdvE%3D=0>

Thanks,

Ryan

On Jul 2, 2019, at 21:30, Lelio Fulgenzi
mailto:le...@uoguelph.ca>> wrote:

On a scale from 1 to 10, how difficult and/or time consuming is it to setup
call hybrid connector with WebEx?

I’m just about convinced that I’d rather register our room devices and SX20s to
the cloud. But people would like to be able to dial extensions and PSTN
numbers. Being able to use our audio bridges would also be of benefit (ya, I
understand the irony of that).

-sent from mobile device-

www.uoguelph.ca/ccs<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7Cc007f1e5951c4fe8148208d6ff5afe84%7C84df9e7fe9f640afb435%7C1%7C0%7C636977163613993708=OIht9e0rIYKhqiZKeK1AY7AmCK6CCCdNKhMyDVC82us%3D=0>
| @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flisti

Re: [cisco-voip] Uplinx Report Tool?

2019-08-02 Thread Ryan Huff

I use them all the time. As long as you invest the time to creating good CSS 
and templates, it’s great. The default templates are generic and just create 
“data dumps” in Word format... IMO.

However, and this is my one diva moment here, the GUI wind will not maximize, 
lol... they jail it for a smaller screen resolution... it’s fine and completely 
readable... but it just p*sses me off that I can’t maximize the dang window ... 
lol

Sent from my iPhone

On Aug 2, 2019, at 09:16, Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>> 
wrote:

https://www.uplinx.com/reporttool-usd/

Anyone heard of/used these folks?



Matthew Loraditch
Sr. Network Engineer
p: 443.541.1518
w: 
www.heliontechnologies.com
 |  e: 
mloradi...@heliontechnologies.com




___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Cf4272441d73641e37b1c08d7174b93b2%7C84df9e7fe9f640afb435%7C1%7C0%7C637003485676514858sdata=H0CAduj4INXFLxZItfUMN7gA37AFkpqubtmG76tIObo%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Uplinx Report Tool?

2019-08-03 Thread Ryan Huff

 and, you can maximize the application window.. *key selling point* lol. 
Seriously though, both are really good products.

Sent from my iPhone

On Aug 3, 2019, at 06:51, Stephen Welsh 
mailto:stephen.we...@unifiedfx.com>> wrote:

Hi Nick, hope you are well.

Yes I do follow this email group (among many other communities) for an 
excellent insight to what’s happening in the world of Cisco UC, however modesty 
is not my strong point ;)

I’m partial to a bit of guerrilla marketing, sometimes I go a bit far. Once I 
did get banned from the Cisco Community site, so I apologise if this self 
promotion offends.

[Guerrilla Marketing On]

PhoneView 7.0 (http://download.unifiedfx.com/PhoneView) introduces more unique 
features:
* Virtual Cisco Endpoints (register multiple Jabber devices on a single PC)
* Soft phone and MRA phone support (see call activity & control calls)
* UCCX Integration (see and set real-time agent state)

PhoneView 7.1 (beta due Sept)
* AutomationFX/PhoneFX policy feature
* AutomationFX Community Edition (Free):
Exposes Cisco UCM CTI, AXL & RISPort via REST API
Automate, Develop and Test easily with Cisco UC
Create custom Cisco UC applications
Python SDK 
(https://github.com/unifiedfx/automationfx-python
 )

[Guerrilla Marketing Off]

Kind Regards

Stephen Welsh

Sent from my iPad

On 3 Aug 2019, at 07:35, Nick Britt 
mailto:nickolasjbr...@gmail.com>> wrote:


uplinx is brilliant, I am sure Stephen Welsh is skulking around here practicing 
his modesty. I will continue to push customers to buy it.

On Sat, Aug 3, 2019 at 12:46 AM Fares Alsaafani 
mailto:fares@gmail.com>> wrote:
Hi Matthew, I have used remote control for Cisco phone software was great saved 
my day on remote site upgrade cutover.

On Fri, Aug 2, 2019 at 6:16 AM Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>> 
wrote:
https://www.uplinx.com/reporttool-usd/

Anyone heard of/used these folks?



Matthew Loraditch
Sr. Network Engineer
p: 443.541.1518
w: 
www.heliontechnologies.com
   |  e: 
mloradi...@heliontechnologies.com








___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
--
Best Regards

FARES ALSAAFANI
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip


--
- Nick
___
cisco-voip

Re: [cisco-voip] CUCM SU release cycle

2019-08-15 Thread Ryan Huff

After 12.5, no more “.5” releases, it’ll just be major versions (and the SUs in 
between). After 12.5 we skip 13 and go right to 14 (then presumably, 15 after 
that).

Sent from my iPhone

On Aug 15, 2019, at 02:05, Anthony Holloway  
wrote:


What's going on with .5 releases?  I don't think I heard about that.

On Wed, Aug 14, 2019 at 11:16 PM Charles Goldsmith 
mailto:w...@woka.us>> wrote:
Yeah, I think with the move away from the .5 releases, we'll be getting more 
SU's and less major releases.

On Wed, Aug 14, 2019 at 10:58 PM Ki Wi 
mailto:kiwi.vo...@gmail.com>> wrote:
Hi Group,
in the past , the SU release is every 6 months (usually longer than that, 
approximately twice a year maximum) but now Cisco is changing to every 2 months?

Reference : Page 20 of the link
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/PSOCOL-1000.pdf


--
Regards,
Ki Wi
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C8f229ab7944c4083959608d72146906c%7C84df9e7fe9f640afb435%7C1%7C0%7C637014459258670341sdata=2Ovozm%2FGSCWnNZNpQ4h0zz4VcUi5L%2B3gr1OsZb8FD9M%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUCM SU release cycle

2019-08-15 Thread Ryan Huff

Anthony,

Slide 20 of the deck from this session 
(https://www.ciscolive.com/global/on-demand-library.html?search=cucm%20version=ciscoliveus2019#/session/1540336593046001DbNj)
 makes a loose reference to it in the timeline graphic.

There is a deck out there that gives a deeper explanation (and I'll send it to 
you if I have some time to look for it); but it was essentially because the BU 
felt features/enhancements were delayed to the field because everyone had a 
fear of " .0 " (not a wholly unfounded fear, IMO) and also some marketing jazz 
about being more inline with software revisionist trends .. etc.

-Ryan


From: Lelio Fulgenzi 
Sent: Thursday, August 15, 2019 10:31 AM
To: Matthew Loraditch ; Anthony Holloway 
; Ryan Huff 
Cc: Charles Goldsmith ; cisco-voip voyp list 

Subject: RE: [cisco-voip] CUCM SU release cycle




Yeah, this was the jist. No one liked “dot oh” releases.



It just means people are now going to make up their own upgrade cycle in their 
head based on what we hear. Waiting until SU2 maybe? Who knows.



---

Lelio Fulgenzi, B.A. | Senior Analyst

Computing and Communications Services | University of Guelph

Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1

519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>



www.uoguelph.ca/ccs<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7Ce449d991254e4ff4dc5f08d7218d4fc9%7C84df9e7fe9f640afb435%7C1%7C0%7C637014763120351065=jUQxhoJ7p%2BP%2BA0cnIGyhn3clT%2Fm0IhRb5BB2VoHYKNw%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook



[University of Guelph Cornerstone with Improve Life tagline]



From: cisco-voip  On Behalf Of Matthew 
Loraditch
Sent: Thursday, August 15, 2019 10:20 AM
To: Anthony Holloway ; Ryan Huff 

Cc: Charles Goldsmith ; cisco-voip voyp list 

Subject: Re: [cisco-voip] CUCM SU release cycle



I heard this in a preso. Customers were not moving to .0 releases because they 
were perceived to be bad and waiting for .5 or .1 type releases. The defect 
rates though are not much if any different these days and they won’t want to be 
making releases that nobody uses.





Matthew Loraditch

Sr. Network Engineer

p: 443.541.1518

w: 
www.heliontechnologies.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heliontechnologies.com%2F=02%7C01%7C%7Ce449d991254e4ff4dc5f08d7218d4fc9%7C84df9e7fe9f640afb435%7C1%7C0%7C637014763120371074=3gt6qtSzljMBGn18RVQr3hclplbjB5v6r0R4g4Wzppg%3D=0>

 |

e: mloradi...@heliontechnologies.com<mailto:mloradi...@heliontechnologies.com>

[Helion 
Technologies]<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.heliontechnologies.com%2F=02%7C01%7C%7Ce449d991254e4ff4dc5f08d7218d4fc9%7C84df9e7fe9f640afb435%7C1%7C0%7C637014763120381085=91Tsq3omzV612nWvZjrh5XKLkNlYu3jSipbDRmnCAYY%3D=0>

[Facebook]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffacebook.com%2Fheliontech=02%7C01%7C%7Ce449d991254e4ff4dc5f08d7218d4fc9%7C84df9e7fe9f640afb435%7C1%7C0%7C637014763120401101=dCq3py91zGNp998NFAm6jWjDkiRye8sPqxrqDieD4Sg%3D=0>

[Twitter]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fheliontech=02%7C01%7C%7Ce449d991254e4ff4dc5f08d7218d4fc9%7C84df9e7fe9f640afb435%7C1%7C0%7C637014763120411106=g%2BnrCysHQNHeq48MLrD3Z34KyWL0dEyKqoNtYyp1L0U%3D=0>

[LinkedIn]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fhelion-technologies=02%7C01%7C%7Ce449d991254e4ff4dc5f08d7218d4fc9%7C84df9e7fe9f640afb435%7C1%7C0%7C637014763120431122=uklmlFt38cA82St%2F%2BOCR%2B%2FO7p04Hd4si%2FFJhf920n7U%3D=0>

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Anthony Holloway
Sent: Thursday, August 15, 2019 10:16 AM
To: Ryan Huff mailto:ryanh...@outlook.com>>
Cc: Charles Goldsmith mailto:w...@woka.us>>; cisco-voip voyp list 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] CUCM SU release cycle



Why not just all Major versions all the time?  Google Chrome is on version 76.



But seriously though, anyone got a reference to this announcement?  I didn't 
see it in the cisco live preso linked earlier.



If not, what's the reported reason for dropping minor release numbers?



On Thu, Aug 15, 2019 at 5:40 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:

After 12.5, no more “.5” releases, it’ll just be major versions (and the SUs in 
between). After 12.5 we skip 13 and go right to 14 (then presumably, 15 after 
that).

Sent from my iPhone



On Aug 15, 2019, at 02:05, Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>> 
wrote:



What's going on with .5 releases?  I don't think I heard about that.



On Wed, Aug 14, 2019 at 11:16 PM Charles Goldsmith 
mailto:w...@woka.us>

Re: [cisco-voip] CUCM SU release cycle

2019-08-15 Thread Ryan Huff

Let’s not get ahead of ourselves there ;). Just like war, usually (but not 
always) the people who want 100% cloud calling or think it’s a great idea are 
the people who’ve never experienced it.. lol

Sent from my iPhone

On Aug 15, 2019, at 13:22, Lelio Fulgenzi  wrote:


You forgot how everyone will be migrating to Webex Calling before then. And 
your upgrade cycle will be out of control. Just like how Webex Teams has that 
green restart symbol every two weeks.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435%7C1%7C0%7C637014865456429669=Pd10jsjcQBMgJXb1etRx7L0VkkiGRtg%2B06QmkUhomqY%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook



From: Anthony Holloway 
Sent: Thursday, August 15, 2019 12:05 PM
To: Lelio Fulgenzi 
Cc: Charles Goldsmith ; cisco-voip voyp list 

Subject: Re: [cisco-voip] CUCM SU release cycle

So if I do the math...

No more minor versions
...punches some keys...

And 2 month SU cycles
...punches more keys

With an upper limit of 3 SUs
...punches even more keys...

That's a new major version every 6 months!

That means we'll see
..key punching intensifies...

CUCM 69 by mid-2046.  Just in time for me to retire!

On Thu, Aug 15, 2019 at 10:57 AM Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:
Pretty sure I remember them saying there likely wouldn’t be that many SU’s 
either, three at most?

*sigh*

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435%7C1%7C0%7C637014865456439678=nPmXLEtfP23uE8IG5eNiL4ouIBaMQ0a7bU6IrVmF7Xc%3D=0>
 | @UofGCCS on Instagram, Twitter and Facebook



From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Anthony Holloway
Sent: Thursday, August 15, 2019 11:50 AM
To: Charles Goldsmith mailto:w...@woka.us>>
Cc: cisco-voip voyp list 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] CUCM SU release cycle

Make it SU5 in memory of the .5 releases.

On Thu, Aug 15, 2019 at 9:18 AM Charles Goldsmith 
mailto:w...@woka.us>> wrote:
I didn't see an announcement, was just told about the change, Cisco doesn't 
like us waiting for the .5 release to push out to customers.  We all know that 
the .0 releases have historically been more challenging.

So now, I plan to wait until at least su2 before upgrading :)


On Thu, Aug 15, 2019 at 9:15 AM Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>> 
wrote:
Why not just all Major versions all the time?  Google Chrome is on version 76.

But seriously though, anyone got a reference to this announcement?  I didn't 
see it in the cisco live preso linked earlier.

If not, what's the reported reason for dropping minor release numbers?

On Thu, Aug 15, 2019 at 5:40 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
After 12.5, no more “.5” releases, it’ll just be major versions (and the SUs in 
between). After 12.5 we skip 13 and go right to 14 (then presumably, 15 after 
that).
Sent from my iPhone

On Aug 15, 2019, at 02:05, Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>> 
wrote:

What's going on with .5 releases?  I don't think I heard about that.

On Wed, Aug 14, 2019 at 11:16 PM Charles Goldsmith 
mailto:w...@woka.us>> wrote:
Yeah, I think with the move away from the .5 releases, we'll be getting more 
SU's and less major releases.

On Wed, Aug 14, 2019 at 10:58 PM Ki Wi 
mailto:kiwi.vo...@gmail.com>> wrote:
Hi Group,
in the past , the SU release is every 6 months (usually longer than that, 
approximately twice a year maximum) but now Cisco is changing to every 2 months?

Reference : Page 20 of the link
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/PSOCOL-1000.pdf<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ciscolive.com%2Fc%2Fdam%2Fr%2Fciscolive%2Fus%2Fdocs%2F2019%2Fpdf%2FPSOCOL-1000.pdf=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435%7C1%7C0%7C637014865456439678=yeh%2BPcDLDmSl8oD0w3mTIZBpZXMDrDLZWh5YVl9aV4U%3D=0>


--
Regards,
Ki Wi
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<htt

Re: [cisco-voip] Unity DRS components

2019-08-13 Thread Ryan Huff

In Unity, the Primary and HA DRS components are separated and operate 
independently. Though it’s generally not necessary to backup the HA node.

- In a DR recovery scenario of both Unity Servers, you can restore the Primary 
and install a new HA.

- In a DR recovery scenario of the HA only, just install a new HA (because if 
you restored a HA DRS, it would take even longer because you have to reset 
cluster replication).

- In a DR scenario of the Primary only (and the HA is still running); install a 
new Primary and renegotiate the Primary to the HA. This is far quicker than 
reinstalling a new Primary and then a new HA.

Sent from my iPhone

On Aug 13, 2019, at 09:14, Lelio Fulgenzi  wrote:


Is this one of those “back up the publisher only, restore the publisher, 
reinstall the subscriber and let the publisher re-image the subscriber” sort of 
things?

We’ve seen that in this case, platform information is never restored and who 
the heck likes to remember that sort of stuff?

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs
 | @UofGCCS on Instagram, Twitter and Facebook



From: cisco-voip  On Behalf Of Anthony 
Holloway
Sent: Monday, August 12, 2019 11:24 AM
To: Charles Goldsmith 
Cc: cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] Unity DRS components




Source: Install, Upgrade, and Maintenance Guide for Cisco Unity Connection 
Release 
11.x


On Mon, Aug 12, 2019 at 9:22 AM Charles Goldsmith 
mailto:w...@woka.us>> wrote:
Unity Connection has always been the oddball, the pub only backs it self up, 
you have to schedule the sub to do it's own backup.

On Mon, Aug 12, 2019 at 8:30 AM Myron Young 
mailto:mdavid_yo...@hotmail.com>> wrote:
Morning,

Is it just me or shouldn’t both the Unity Pub and Sub servers be shown as 
available “components registered with Disaster Recovery System” when running 
either a manual or scheduled backup?

 I see all nodes in the cluster for UCM but not seeing it on the Unity cluster; 
and confirmed the DRS local and master services are running on both servers.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C8071883e60cd467d66c608d71ff02649%7C84df9e7fe9f640afb435%7C1%7C0%7C637012988606498828sdata=0IYqhzIBMQgfVTkWMzksKuwL0Fs%2BrxK4fzIfU6sMREE%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CIMC MIC self-signed cert and new browsers

2019-08-29 Thread Ryan Huff

May want to look at the browser’s address bar and see if there is an applet / 
plugin looking for permission to run.

- R

On Aug 29, 2019, at 01:56, Dana Tong  wrote:


Hi all,

New server install. Trying to login to the CIMC to configure. Chrome, Firefox, 
IE all have a hissy fit. I did manage to get in once on one of the servers 
using firefox and dropping the max TLS version to 3. But after setting the 
password and change IP and hostname, it won’t let me back in.

Chrome just keeps going round and round if I choose to proceed.

Any tricks on getting browsers to work with this?

Cheers




___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C32e674038823488117a708d72c45a38b%7C84df9e7fe9f640afb435%7C1%7C0%7C637026549912353727sdata=ZM3mj04f3VhSRBo8SE7H%2BSsW4BSWcERP2JKnuktei0A%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] TAC Support for Unsupported Configurations

2019-09-10 Thread Ryan Huff

Wow, this one hits home..

I’ve found (and this is just my experience, which is entirely subjective) that, 
if in a dire moment of need, on a Saturday morning at 12:12 AM EST, if you show 
a humanness to yourself, TAC will show moments of kindness ... supporting the 
statement that yes indeed, it really is about whether the TAC agent wants to 
help or not.

Personally, I’ve never experienced a TAC agent that hit me with the, “call me 
back when you fix XYZ” scenario. I’ve heard it discussed in the community 
before but have always considered it as lore.

I suppose it’s all about the individual scenario; if I open a case on a c220 
M3S/Xeon E5-26xx with 14 physical cores allocated ... I’d expect to have the 
phone hung up on me, but perhaps not (speaking from real life experience). Some 
times you find some truly exceptional TAC agents..

-Ryan

On Sep 10, 2019, at 17:30, Anthony Holloway  
wrote:


Why do I get the feeling that you're speaking from experience, with that crazy 
setup?

That's kind of been my experience too, just to confirm.  I have had mixed 
results with TAC in the past, on how far they were willing to go for me.  It's 
definitely a human experience.

On Tue, Sep 10, 2019 at 3:35 PM Charles Goldsmith 
mailto:w...@woka.us>> wrote:
I think he's conflicted :)

I've always been told that it's best effort, and as you stated, probably how 
much effort the TAC engineer wants to put into it.  It is likely handled on a 
case by case basis as well as their queue/work load.  If you come in there 
trying to run CUCM 8.0 on VMware fusion on an AMD based MACOS that is connected 
to a CUBE running in GNS3, they may not be in a hurry to help you :)

On Tue, Sep 10, 2019 at 2:05 PM Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>> 
wrote:
Or maybe it's just up to the assigned TAC Engineer to decide whether they want 
to work the case or not?



Source: 
https://community.cisco.com/t5/contact-center/agent-login-failure-uccx-finesse-ver-10-6-1/m-p/2870582/highlight/true#M92340



Source: 
https://community.cisco.com/t5/contact-center/uccx-11-5-1-finesse-jabber-em-7841/m-p/3091142/highlight/true#M100912


___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Ce35a0a58804d456e7f2308d7363609b2%7C84df9e7fe9f640afb435%7C1%7C0%7C637037478026879695sdata=IGseLzv0TRz25EkR4PiVlULXdu2Uiizt3jesH9Jmk74%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Do you need TMS to get OBTP

2019-08-07 Thread Ryan Huff

To do OBTP on prem; TMS/TMS-XE. If you want to go the cloud registration route 
for the endpoint, Expressway-C/management connector and Hybrid calendar 
connector (on-prem Exchange) or cloud (Webex) calendar (O365 or Google)

Sent from my iPhone

On Aug 7, 2019, at 12:39, Jonathan Charles 
mailto:jonv...@gmail.com>> wrote:

OK, do we need TMS XE as well, or can the Calendar Connector handle it? (they 
are O365)


Thanks!


On Wed, Aug 7, 2019 at 11:36 AM Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>> 
wrote:
You need TMS. Something has to publish the schedule to the endpoints, on prem 
that’s TMS. In the cloud that’s Webex.


Matthew Loraditch
Sr. Network Engineer
p: 443.541.1518
w: 
www.heliontechnologies.com
   |  e: 
mloradi...@heliontechnologies.com




From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Jonathan Charles
Sent: Wednesday, August 7, 2019 12:34 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Do you need TMS to get OBTP

Have a customer with CUCM 10.5 and they want to register video endpoints 
locally to CCM.

They do not have TMS, but they want OBTP... can we just install an Expressway 
Connector and use the Webex Hybrid cloud to use @webex and @meet to get OBTP 
without TMS?



Jonathan
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C18941cb1b07f4a780b0908d71b55c058%7C84df9e7fe9f640afb435%7C1%7C0%7C637007927426353859sdata=%2Bvb%2FG7r7yRyv9Hhn4vBq%2BFOCrgDtwlj6gdd1SYC3Cik%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] IP Phone 8811 backgrounds

2019-09-23 Thread Ryan Huff

I find that on-prem CUCM is still used fairly substantially.. :).

The thumbnail needs to be PNG and 139x109 (not 159x109). I’d also double check
the spelling and casing of the directory in TFTP; Desktops/800x400

Your images must be in PNG format and the dimensions of the full sized image
must be within 800 pixels by 480 pixels. Thumbnail images are 139 pixels
(width) by 109 pixels (height).

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cuipph/8800-series/english/adminguide/P881_BK_C136782F_00_cisco-ip-phone-8800_series/P881_BK_C136782F_00_cisco-ip-phone-8811-8841_chapter_01010.html#concept_325325E245AAC3BF76989A0D4E66A47F

Sent from my iPhone

On Sep 23, 2019, at 20:43, Dana Tong wrote:

Hi all,

Not sure if anyone is still using on-prem CUCM much these days but am trying to
update some 8811 background and am getting a “Wallpaper cannot be set.
Incompatible image size”.

My image and thumbnail are:
800 x 480 x 24 bit
Thumbnails are: 159 x 109 x 24 which match the existing backgrounds.

Although there is some documentation that says they need to be 139 x 109 for
the Thumbnails.

I would have thought the original included images would be okay? But they are
not displaying either.

Anyone done this and know for certain what they should be?

Cheers
Dana

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7Cf0123ac4a3654bf402c908d7408848c1%7C84df9e7fe9f640afb435%7C1%7C0%7C637048826386617977sdata=I7WcPH099zDxZx4ImUx7GAPwjNckEf4mfYxeqPGSgXw%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

2019-11-17 Thread Ryan Huff

Likely certificate / trust issues..

Sent from my iPhone

On Nov 17, 2019, at 18:36, Jonathan Charles  wrote:


Yep, we are running into clustering issues...

Getting Inactive: (Remote host is reachable but connection is not established. 
Either refresh this page, or check the credentials.)

For IMP connection, so MRA is down...

Still looking for a fix...


Jonathan

On Fri, Nov 15, 2019 at 7:17 PM Erick Bergquist 
mailto:erick...@gmail.com>> wrote:
I’ve done 2 8.11.x to 12.5.5 fine (clustered setup, 4). There is a bug with 
clustering to watch out for but I did not encounter it. The 12.5 Cisco download 
page has a note and link about this.

Currently working on jabberd process high memory consumption issue on one node 
that has been present since 8.11.x which 12.5 had memory leak fix for but still 
an issue. Slow memory increase over time just on one of the edge nodes.

Going to look over 12.5.6 release notes now

Erick



On Fri, Nov 15, 2019 at 3:28 PM Matt Jacobson 
mailto:m4ttjacob...@gmail.com>> wrote:
If that is the case, then I would double check that it is supported. In the 
release notes there is a chart for supported platforms based on serial numbers. 
If it is a legacy Tandberg box, then I suspect 12.x may not work out for you.

On Fri, Nov 15, 2019 at 14:30 Jonathan Charles 
mailto:jonv...@gmail.com>> wrote:
This is a legacy Tandberg VCS for video only... no MRA, no remote phones... 
just inbound and outbound sip video...


Jonathan

On Fri, Nov 15, 2019 at 12:44 PM Pawlowski, Adam 
mailto:aj...@buffalo.edu>> wrote:
We’re at 12.5.3 and probably moving to 12.5.5/12.5.6 somewhere in the Holiday 
timeframe when everything quiets down a bit.

There hasn’t been really any significant issue upgrading from 8 -> 12, but 
there have been a couple of bugs that largely are all resolved by deleting and 
rebuilding whatever the thing is that is misbehaving.

The requirement for the _cup_login and _cisco-uds SRVs went away though it 
still endlessly logs a warning about not finding them, but it will work.

You do also gain the ability to play with the openssl cipher strings but in my 
limited experience trying to change those to bump them up a notch, it ends up 
breaking XMPP or something.

Adam

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Jonathan Charles
Sent: Friday, November 15, 2019 11:59 AM
To: Ryan Huff mailto:ryanh...@outlook.com>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

Thanks, the latest is 12.5.6, released last week, I am avoiding it like the 
plague...and the bug fix doesn't apply to us.

I am going with 12.5.5 (released in August).

I already have release keys (Cisco AM sent them over)...

Hybrid services are on a separate VCS-C that is already 12.5.

My plan is to get new certs if we have any issues


Thanks!


Jonathan

On Fri, Nov 15, 2019 at 10:46 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
A couple of thoughts for you...


  *   Get the software release key for 12.x now (you'll be asked to enter it 
during the upgrade in the GUI). You'll need to work with TAC > GLO for this if 
(and I assume this would be your case) the existing 8.7 serial is active in 
Cisco's licensing system. The caveat to trying to do this with Cisco's 
self-service license re-host tool is that while the 8.7 serial is active, it 
won't allow you to assign the new 12.x software release PAK to the serial 
because the serial is already assigned to another software release key.

 *   Take a backup first, your only roll back option is to re-install 8.7 
and restore the backup.

  *   Your VMware Hypervisor needs to be 6.0/5/7.

  *   If you have Hybrid Services configured, make sure the management 
connector is up to date first.

  *   SSL Certificate validation changed a bit in 8.8+

 *   Verify proper forward / reverse DNS for all the relevant touch points
 *   Make sure the Expressway certificate trust is up-to-date with all the 
current CUCM,CUC,IMP identity certificates (self-signed) or CA certificates 
(public CA signed certificates).
 *   no duplicate certificates in the Expressway trusts
Beyond that, just pay attention to the caveats list in the upgrade doc for your 
version of 12.5.x (12.5.4 is the latest I think).

Thanks,

Ryan


From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Jonathan Charles mailto:jonv...@gmail.com>>
Sent: Friday, November 15, 2019 10:57 AM
To: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> 
mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

Can we just upgrade directly or do we need to go to an intermediary version 
first?

Also, any gotchas besides new certificates?


Jonathan
___
cisco-voip ma

Re: [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

2019-11-17 Thread Ryan Huff

Have you tried adding the IMP identity cert into the Expressway trust? It 
shouldn’t have to work that way, but if it does, might point to an issue with 
how the CA chain is being recognized in the trust.

Also, make sure to do a full reboot of the Expressway node after adding certs 
into the truststore (again, you shouldn’t have to do that but I’ve seen this 
work before).

Sent from my iPhone

On Nov 17, 2019, at 18:58, Jonathan Charles  wrote:


When I try to refresh the IMP nodes, I get Failed: Unable to communicate with 
[[IMPNODE] CryptoError: Decryption failure.

On Sun, Nov 17, 2019 at 5:54 PM Jonathan Charles 
mailto:jonv...@gmail.com>> wrote:
I re-uploaded the root and intermediate CA certificate... still get the same 
error...

I also tried adding a new AXL user... same error...


Jonathan

On Sun, Nov 17, 2019 at 5:48 PM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
Likely certificate / trust issues..

Sent from my iPhone

On Nov 17, 2019, at 18:36, Jonathan Charles 
mailto:jonv...@gmail.com>> wrote:


Yep, we are running into clustering issues...

Getting Inactive: (Remote host is reachable but connection is not established. 
Either refresh this page, or check the credentials.)

For IMP connection, so MRA is down...

Still looking for a fix...


Jonathan

On Fri, Nov 15, 2019 at 7:17 PM Erick Bergquist 
mailto:erick...@gmail.com>> wrote:
I’ve done 2 8.11.x to 12.5.5 fine (clustered setup, 4). There is a bug with 
clustering to watch out for but I did not encounter it. The 12.5 Cisco download 
page has a note and link about this.

Currently working on jabberd process high memory consumption issue on one node 
that has been present since 8.11.x which 12.5 had memory leak fix for but still 
an issue. Slow memory increase over time just on one of the edge nodes.

Going to look over 12.5.6 release notes now

Erick



On Fri, Nov 15, 2019 at 3:28 PM Matt Jacobson 
mailto:m4ttjacob...@gmail.com>> wrote:
If that is the case, then I would double check that it is supported. In the 
release notes there is a chart for supported platforms based on serial numbers. 
If it is a legacy Tandberg box, then I suspect 12.x may not work out for you.

On Fri, Nov 15, 2019 at 14:30 Jonathan Charles 
mailto:jonv...@gmail.com>> wrote:
This is a legacy Tandberg VCS for video only... no MRA, no remote phones... 
just inbound and outbound sip video...


Jonathan

On Fri, Nov 15, 2019 at 12:44 PM Pawlowski, Adam 
mailto:aj...@buffalo.edu>> wrote:
We’re at 12.5.3 and probably moving to 12.5.5/12.5.6 somewhere in the Holiday 
timeframe when everything quiets down a bit.

There hasn’t been really any significant issue upgrading from 8 -> 12, but 
there have been a couple of bugs that largely are all resolved by deleting and 
rebuilding whatever the thing is that is misbehaving.

The requirement for the _cup_login and _cisco-uds SRVs went away though it 
still endlessly logs a warning about not finding them, but it will work.

You do also gain the ability to play with the openssl cipher strings but in my 
limited experience trying to change those to bump them up a notch, it ends up 
breaking XMPP or something.

Adam

From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Jonathan Charles
Sent: Friday, November 15, 2019 11:59 AM
To: Ryan Huff mailto:ryanh...@outlook.com>>
Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

Thanks, the latest is 12.5.6, released last week, I am avoiding it like the 
plague...and the bug fix doesn't apply to us.

I am going with 12.5.5 (released in August).

I already have release keys (Cisco AM sent them over)...

Hybrid services are on a separate VCS-C that is already 12.5.

My plan is to get new certs if we have any issues


Thanks!


Jonathan

On Fri, Nov 15, 2019 at 10:46 AM Ryan Huff 
mailto:ryanh...@outlook.com>> wrote:
A couple of thoughts for you...


  *   Get the software release key for 12.x now (you'll be asked to enter it 
during the upgrade in the GUI). You'll need to work with TAC > GLO for this if 
(and I assume this would be your case) the existing 8.7 serial is active in 
Cisco's licensing system. The caveat to trying to do this with Cisco's 
self-service license re-host tool is that while the 8.7 serial is active, it 
won't allow you to assign the new 12.x software release PAK to the serial 
because the serial is already assigned to another software release key.

 *   Take a backup first, your only roll back option is to re-install 8.7 
and restore the backup.

  *   Your VMware Hypervisor needs to be 6.0/5/7.

  *   If you have Hybrid Services configured, make sure the management 
connector is up to date first.

  *   SSL Certificate validation changed a bit in 8.8+

 *   Verify proper forward / reverse DNS for all the relevant touch points
 *   Make sure the Expressway certificate trus

Re: [cisco-voip] DNS and LDAP Domain name change - current process node is IP

2019-11-11 Thread Ryan Huff

what are you trying to do? Do you need to add a domain name to UC servers that 
currently do not have a domain name?

Sent from my iPhone

On Nov 11, 2019, at 18:21, Nick Britt  wrote:


A customer has had a domain name, this includes the DNS and the active 
directory integration. I am trying to pull together the necessary steps for 
each application.

Below is what I have deduced from the documentation so far

Change Domain name CUCM, Pub and Sub

The CUCM processNode name is the IP address (System - > Server) changing the 
domain name will have no effect on the CTL/ITL files as phones only reference 
the IP currently.
Remove each server from PLM and add back in post-change
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db 
replication status to be checked before moving onto subscriber.
Current Active directory authentication and LDAP authentication will be moved 
from one server to another. The usernames are the same between the the Active 
Directory domains so the device associations should remain when the LDAP 
integration is change between one AD domain to another.

Change Domain name IMP, Pub and Sub

Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db 
replication status to be checked before moving onto subscriber.

CUC
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db 
replication status to be checked before moving onto subscriber.
LDAP is used to manually "import" user name/extension then the users are added 
manually
SMTP is used for voicemail to mail integration instead of unified messaging so 
no changes needed as the mail server details remains the same.

I've also seen reports of mgcp sccp gw's unregistering if relying on DNS but 
the IP is used for each MGCP registration.

I would appreciate a heads up if you have encountered any issues with similar 
changes.

--
- Nick
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voipdata=02%7C01%7C%7C1c991cdfa1ba4d1a875408d766fde4db%7C84df9e7fe9f640afb435%7C1%7C0%7C637091112956630527sdata=Fl%2B6R%2F1feUBCLif%2Ft1TUCSKkEgMoZlbzfy3jz87ORhg%3Dreserved=0
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

< 2 3 4 5 6 7 8 >

601 - 700 of 772 matches

Mail list logo