These are my notes used while studying for Nortel & Cisco Certs.

VoIP Technologies Notes

Table of Contents


foundation for audio video data communications across IP-based networks. network, platform, app independent. H323 handles entire call. H.323 Cheatsheet


SIP only handles signalling SIP Cheatsheet


Unistim is Nortel's proprietary VoIP protocol. Used to talk to phones. Uses Nortel version of Reliable UDP (RUDP, which functions at l7 to provide reliable deliv of msgs.


Media Gateway Control Protocol

Cisco capable devices

PRI/BRI Backhaul


MEdia Gateway COntrol

Skinny Client Control Protocol (SCCP)

Cisco proprietary protocol kind of like Unistim in function.

Evaluating Network

IP Peer Networking Considerations


Meridian Customer Defined Network


Trunk Route Optimization

Trunk anti-tromboning

VoIP Network Considerations

Analog to digital conversion

  1. Analog signal filtered to 300-3600 Hz), and then converted. This is narrowband, toll-quality voice. a) recognizable as the voice of the other pparty, b) able to understand the other party's speech.
  2. PCM (Pulse Code Modulation) - assign 8-bit binary code to specific amplitute of signal. Sampled 8000 times/sec. Harry Nyquist stated that guarantee accuracy samplying rate must be twice max frequency of signal being sampled.
  3. PAM (Pulse Amplitude Modulation - series of pulses that represent amplitude of analog signal at the time of each sample. 8 bit code.
  4. Transmit code as seres of bits. In VoIP we group sampled bytes in increments of 10ms. Called packetization rate, or voice sample size. When sample size reached send. Depart the source at regular intervals.

Audio CODECs

Cisco phones start default with G.711, G.722, G.729, iLBC

Video CODECs

Coding Delay

Taken from Nortel VoIP technologies book and CVoice 8.0 - Implementing Cisco Unified Communications Voice over IP and QoS v8.0 by Andrew Froehlich.
CODEC Bandwidth estimates Sample Size Conversion Time Min Compression Algo Delay Voice Quality
G.711 64kbps PCM 8 bits 0.125 0.125 Toll Quality
G.729 A/B 8kbps CS-ACELP 80 bits 10 ms 15 ms (5 ms look-ahead delay) Near Toll Quality
G.726 16,24,32,40kbps ADPCM 4 bits 10 ms 0.125ms Fair to Good
5.38kbps CS-ACELP (r53)
6.40 kbps MPMLQ (r63)
160 bits
192 bits
37.5ms, 7.5ms look-ahead
37.5ms, 7.5ms look-ahead
Fair to Good
G.728 16 kbps LDCELP
G.722 - Wideband 48, 56, or 64 kbps ADPCM
GSMFR - GSM Full Rate Codec 13 kbps RPE-LTP
iLBC - (Internet Low Bit Rate Codec) 13.33kbps or 15.20kbps
Block-Independent Linear Predictive Coding
iSAC (Internet Speech Audio Codec) - Wideband 10-32kbps
Book recommends 250ms max delay for G.711 and 150ms max delay for compression CODECs (or users perceive delay).


Typically a problem for VoIP in local environments because Carrier 'Echo Cancelers' ECANs are not deployed on local trunk lines. Additional CODEC and jitter buffer delay can introduce echo where it didn't previously exist.

ECANs are required (according to the book) in VoIP telephony components, especially media gateways.

Controlling Echo

3 techniques:

Transcoding/Tandem Hops

Occurs when signal encoded 2 or more times during transit. Try using CODECs that reduce the effects of transcoding without increasing overall bandwidth required.

QoE Problems described

VoIP looks for timeliness of packet, and can tolerate a few bit errors in the media stream.

Smaller the voice sample, the greater the number of packets required.

Packet Obstructions

IP clients on private net mapped to single public addr. Media path from puib addr cannot reach IP clients with private addr. Can result in one-way speech.


Jitter buffers

Jitter buffers implemented in 2 ways:
Resolve Jitter with QoS implmentation and L2 fragmentation and interleaving on very slow WAN links (e.g. < 1Mbps).

Ways to minimize delay and jitter

Baseline speed is the performance of the router given the most favorable conditions.
Packets that arrive at router in bursts are delayed more then evenly spaced packets.

Link Management

Make sure pipe size on both sides of link is of appropriate size to handle throughput expected.
Shape traffic on larger size of link to allow all packets to be transmitted without dropping.

Serialization Delay

The time it takes to put bits of info, on bit at a time (serially) onto a physical medium.
Make sure to implement QoS on WAN links
Be sure to watch for MTU (Max Transmission Unit) and take fragmentation into account.
On slower links (e.g. < 1kpbs), serialization delay can eat a significant portion of your delay budget

Fragmentation and Packet Size

Calculating Delay based on MTU
Calculating max recommended MTU
MTU in bytes x 8 = MTU in bits/sec (bps)
MTU in bps / Link speed in BPS = MTU in bits / Link Speed in bits = delay in seconds
(8ms is avoid but acceptable, more is unacceptable)

Calculating Ideal MTU
Link speed in bps x 0.01 seconds / 8 = Ideal MTU in bytes
If you are reducing MTU, remember that ideal MTU creates no more than 10ms serialization delay
Delay in seconds * Link Speed in bps / 8 = MTU in bytes .01 * 56000 / 8 = 70 bytes
Calculating Serialization Delay
MTU in bits / link speed in bps = Delay in seconds * 1000 = Delay in ms
Given 1.48 KB fragmentation size in bytes on a 56 kbpx WAN link:
1480 Bytes x 8 bits/Byte = 11840 bits
11840 bit / 56000 bits/sec = 0.211428571 seconds delay 0.211428571 seconds delay * 1000ms/second = 211ms serialization delay

Packet Loss

PLC (Packet Loss Concealment) algorithms can sometimes compensate for packet gaps (packet loss or jitter discards).
Factors that impact packet loss include:

How to avoid or compensate for packet loss

Measure Voice Quality

Tools can be used to analyze Voice Quality (esp. E-Model).


Cisco version -
BW = PacketSize x PPS
PacketSize = L2header + IP/UDP/RTP header + voicePayloadSize
PPS = codec bit rate / voicePayloadSize
voicePayloadSize = CodecSpeed(b/ms) x SampleSize(ms)

L2 Overhead
Frame Relay (FRF.12)6 bytes (cisco doesn't count 1 byte for end-of-frame flag)
PPP6 bytes (Nortel said 8)
Ethernet (Cisco)18 bytes
Ethernet w/ 802.1Q tag26 bytes per packet, nortel book doubles this
Ethernet w/out 802.1Q tag22 bytes per packet, nortel book doubles this
MP6 bytes + 1 byte for end-of-frame flag
L2TP/GRE28 bytes
MPLS tagging4 bytes/tag

L3/L4/L5 Overhead
IPv420 bytes
TCP20 bytes + options
UDP8 bytes
RTP12 bytes
Nortel book assumes TCP by default.

Voice Payload Size
b/SampleSize / 8b = B/SampleSize = VoicePayloadSize
G71130ms 240B20ms 160B
G729/8k30ms 40B20ms 20B

PPS = codec bit rate / voicePayloadSize
    G711 64kbs
    G729 8kbs
BW = total packet size x PPS

Don't forget about Security and Tunneling Overhead

  • IPSEC: 50-57 bytes


Available Bandwidth (e.g. burstable) vs. Guaranteed Bandwidth
  • For low-bandwidth (< 1mbps) available, nortel recommends no more than 50 to 55% for voice
  • For connections > 1mbps available, nortel recommends use up to 85% of availabandwidth for voice traffic

  • Do not plan for any given link to run at more than 80% of total capacity. This is to leave buffer for bursty and 'other' traffic.
PayloadSize(B/ms) = (EncodingRate(bps) / 1000(ms/sec)) / 8(bits/byte)

G.711 encoding speed is 64kbps or 64000bps
64000bps / 1000ms/sec = 64b/ms
64b/ms / 8b/B = 8B/ms
Bpms multiplier
G.711 G.729 A/B G.726 G.726 G.726 G.726 G.723.1 G.723.1
Enc Speed (kbps) base number 64 8 16 24 32 40 5.38 6.4
Enc Speed (bps) * 1000 64000 8000 16000 24000 32000 40000 5380 6400
every millisecond (bpms) /1000 64 8 16 24 32 40 5.38 6.4
every millisecond (Bpms) /8 8 1 2 3 4 5 0.67 0.8

G.711 voice sample time (ms) x 8
G.729A/B voice sample time (ms) x 1

Calculating bandwidth

PPS = 1000 / sample size in ms
PPS * (packet size in bytes) = bytes/second
bytes/second * 8 = bits/second (bps)
bps / 1000 = kbps

CODECs and Coding Delay ref sections.

Adding VAD to the mix

Expect 30 to 40% savings. Be careful VAD can cause clipping effects in voice transmission.
kbps * .3 (30%) = VAD savings in kbps
kbps - VAD savings = effective kbps. (or kbps * .7)

Cisco recommends not including in your calculation.
  • Sometimes messes up quality....


  • SW MTP - install Cisco IP Voice Media Straming App on CM or IOS GW w/out using DSPs - cannot transcode (need HW MTP)
  • HW MTP - NM modules on 2800 and 3800, WS-SVC-CMM-ACT, Cataluyst WS-X6608-T1, WS-X6608-E1


  • DSP does hw based calculations, transcoding, voice term, media termination point (MTP) (e.g. hw - translating between mu-law (in U.S.) and a-law, sw - supports (H.323) supplementary svcs (if the endpoint doesn't), conferencing.
  • Cisco puts DSP use in rtrs...

Codec Complexity

Medium G.711, G726, G.729A, G.729, Fax Relay - 4 calls per DSP
High Complexity - G.728 G.723, G.729, G.729B, Fax Relay 2 calls per DSP
C549 (3 digit codecs slightly less complexity)
C5510 (4 digit codec type has chance to do higher complexity
voice-card 1 (where DSP resources reside install extra voice card)
codec complexity ?

sccp ccm {ipaddr | dns} identifier idnumber [port port-number] [version version-number]
voice-card slot
codec complexity flex | high | moedium | secure
dsp services dspfarm
codec codec-type
maximum sessions number
associate application SCCP

sh dspfarm profile 1
sh dspfarm dsp all
sh voice dsp

Cisco Commands

Verifying Codec  Complexity

show voice dsp

DSP Reqs for Media Resources

Calculator for Cisco DSP resources

DSP Configuration commands

  • determine DSP resource reqs
  • Enable SCCP in CM
  • Config enhanced conference and transcoding
    • Enable DSP farm services
    • Cfg DSP farm profile
    • Assoc DSP Farm Profile to CUCM group
    • Verify DSP farm cfg
    • voice-card 0
      dsp services dspfarm
      dspfarm profile 1 transcode (or conference)
      codec g711ulaw
      codec g729ar8
      max sessions 6
      associate application SCCP
      no shutdown
  • media resource groups in CM can be used across resources

SCCP config

sccp local FastEthernet 0/1
sccp ccm <ipaddr> identifier 1 priority 1 version 4.1
sccp ccm group 1
bind interface FastEthernet0/1
associate ccm 1 priority 1
associate profile 1
register XCODERouter1 (used on CM to ID registering dsp(?) group))

show statements

show dspfarm profile 1 (profile #)
show dspfarm dsp all

CM config

Service/Media Resource/Conference Bridge
DSPs per PVDM2 example
PVDM2-8 1/2 vs PVDM2-64 4 DSPs

PVDM module
NetModule (NM) DSPs need to be on NM

Add resource group name on call manager to get it to work

Analog Signaling

FXS - provides dialtone to phone
FXO - is the phone port
  • Supervisory signaling
    • loop-start - close loop to go off hook - problems with glare and switch originated disconnect supervision
    • ground-start - preferable
    • E&M - RJ48 connector - 2 or 4 wire can have 6 to 8 physical wires
    • Cisco support I, II, III, and V.
      Type Wires Comments
      I 1 E, 2nd M, remaining 2 pairs audio
      PBX side - indicate off hook by connecting M to battery
      line side - indicate off hoook by connecting E to ground
      most common in North America
      II 1 E, 2nd M, 3rd signal ground, 4th signal battery
      PBX side - indicate off hook by connecting M to SB (signal battery)
      Line side - indicate off hook by connecting E to SG (signal ground)
      used in sensitive environments - produces little interference
      III 4 wires for signaling
      idle - E open, M connect to SG
      PBX off hook - move M from SG to SB
      line side off hook - ground E
      not commonly used
      IV uses 4 wires for signaling
      idle - E and M open
      PBX off-hook, move M from SG to SB
      line side off-hook, move E to SG (grounded on PBX side)
      V similar to Type I.
      2 wires (E & M)
      idle - both E&M are open.
      PBX off-hook - ground M
      line side - off hook - ground E
      most common outside of North America
      SSDC5 Similar to type V, but backwards
      - if line breaks, interface defaults to off-hook (busy)
      often found in England
  • address signaling
    • pulse
    • DTMF
  • Informational signaling
    • call progress tones - dial tone, busy tone, ring-back, congestion (LD), reorder (local - similar to congestion), receiver off-hook, no such number
Immediate Start Signaling
  • wait 150ms before sending DTMF digits after off-hook
  • responding side sends wink goes off-hook 140-200ms.
  • eliminates glare
  • default and most commonly used
No info on type 1 & type 2
voice-port 0/2/0
signal groundstart
cptone GB (great Britain)
ring cadence pattern01
no shutdown (remember to bounce interface anytime you change signal type)
show voice port summary

voice-port 0/0//0 (fx0)
    signal groundstart
    connection plar opx 40001 (off premise extension)
dial-peer voice 90 pots (outbound call goes to POTS)
    destination-pattern 9T (any # that begins with 9-wildcard) route it out 0/0/0
    port 0/0/0

voice-port 1/1/1 (E&M)
    signal wink-start
    operation 2-wire
    type 1
    no shutdown
dial-peer voice 10 pots
    destination-pattern 1... (4 digits that start with a 1)
    forward-digits all
    port 1/1/1 (send out port 1/1/1)

CAMA - Centralized Automated Accounting

can be FXO or E&M card
Direct access for 911 - not common
Signal cama types
KP-0-NXX-XXXX-ST7 digit ANI transmission. NPA is implied by trunk group
KP-0-NPA-NXX-XXXX-STfull E.164 # is transmitted
KP-2-STno corresponding num plan digit (NPD) in lookup table, or calling # < than 10 digits
KP-NPD-NXX-XXXX-ST8 digit ANI transmission. single MF NPD is sent and expanded into NPA via NPD table. NPD val is range 0-3
voice-port 1/1/1
    ani mapping 1 312 (using NPD dialing the psap matches the digit 1 to NPA 312)
    signal cama KP-NPD-NXX-XXXX-ST
dial-peer voice 911 pots
    destination-pattern 911
    prefix 911
    port 1/1/1
dial-peer voice 9911 pots
    destination-pattern 9911
    prefix 911
    port 1/1/1
dial-peer voice 910 pots
    destination-pattern 9[2-8].......
    port 0/0/0

Configure DID Trunks

voice-port 0/0/0
    signal did wink-start
voice-port 0/1/0
    signal groundstart
dial-peer voice 1 pots
    incoming called-number .
    port 0/0/0
dial-peer voice 910 pots
    destination-pattern 9.....
    port 0/1/0

Timers and Timing Configuration

  • timeouts initial - dial-tone length
  • timeouts interdigit - highend of time (maximum) (CM default 15sec, router 10sec)
  • timeouts ringing
  • timing digit - time that someone presses digit
  • timing interdigit - lowend of time (minimum)
  • timing hookflash-in and hookflash-out

Show commands

show voice port summary
show voice port 0/1/0
  • FXS shows status as ‘in status’ because the switch hook is external, so the port’s on or off hook status is determined by an external device, like a phone.
  • FXO shows its status as ‘out status’ because the switch hook is internal to the port and therefore controls what it is connected to.
  • As for ring cadences, the indication [20 40] means 2 seconds of ring followed by 4 seconds of silence (you multiply the numbers by 100 msec).  So the Australian ring cadence would be indicated by similar numbers.
show voice busyout
show voice dsp
show voice call stat (show status of dsps against port)
show voice trace <interface> (show history of interface/dsps)
show controller T1|E1

FXO is in OUT port
FXS in IN STATUS (monitor in port)
50/0/12 with type efxs dynamic foiceport on call manager express

test commands
test voice port slot/port:ds0-group detector {m-lead | battery-reversal | loop-current | ring | tip-ground | ring-ground | ring-trip} {disable | on | off}
test voice port slot/port:ds0-group loopback {local | network | disable} (testing loopback settings)
test voice port slot/port:ds0-group inject-tone {local | network} {1000hz | 2000hz | 200hz | 3000hz | 300hz | 3200hz | 3400hz | 500hz | quiet | disable}
test voice port slot/port:ds0-group relay {e-lead | loop | ring-ground | battery-reversal | power-denial | ring | tip-ground} {on | off}  
test voice port slot/port:ds0-group switch {fax | disable} (forces it into fax mode for 30 seconds)

csim start XXXX     (Call Simulator - used to initiated simulated calls to whatever real-world E.164 number is desired)

debug commands

debug vpm signal
debug voip ccapi inout
debug voip vtsp all
(not pure analog - from the ISDN qsig section...)
show isdn status
debug isdn q921
debug isdn q931
show debugging
show voice dsp

OSI Ref Model

Comm Decisions

  • how to convey or pass msg
  • select language used for communication
  • determine how best to prevent msg from mixing with other msgs
  • determine how to deliver msg

Prereq knowledge

  • Loc of other device
  • medium needed to get msg to device
  • proper use of medium

7 layer model

Please Do Not Throw Sausage Pizza Away.
  1. App layer - provides svcs to user
  2. Presentation layer - translate to diff display formats
  3. Session layer - keeps app organized
  4. Transport layer - make sure networked conversations are maintained valid
  5. Network layer - determine path msg travels
  6. Data Link layer - organizes local/physical transmission
  7. Physical layer - organizes low-level signals over medium

IP Suite

  • App Layer -> app, preso, and session layer (e.g. Telnet, FTP, HTTP, SMTP)
  • Trans Layer -> transport layer (e.g. TCP, UDP)
  • Internet Layer -> network layer (e.g. ipv4, ipv6)
  • Network Interface Layer -> data link and phys layer (e.g. ethernet, ppp, mpls, atm, etc.)

Transport Models


Carrier Class PBT/PBB

802.1af Provider Backbone Bridging (PBB)/Provider Backbone Transport (PBT) technology allows bandwidth-intensive real-time apps to go point-to-point using Ethernet tunnels.

Voice over Frame Relay

FRF.11 - VoFR
  • uses PVCs and SVCs for transmission
  • CIR (Committed Info Rate) guarantees transmission. Above this DE (discard eligible) (bit) marked traffic can be dropped.
  • 56 Kbps-45 Kbps

Voice over ATM

  • 53-byte cells
  • fixed channel or route between 2 points
  • CBR (constant bit rate) - like a leased line
  • VBR (variable bit rate) - data not sent evently. Popular for voice and video conferencing.
  • UBR (Unspecified Bit Rate) - no guaranteed trhoughput levels. File transfer might be an application
  • ABR (Available Bit Rate) - guaranteed minimum cap, allows birsting when higher caps are avail
  • 25-622 Mbps
  • small ATM cell size is much less subject to serialization delay than Frame Relay

Voice over PPP

  • full duplex over dedicated or circuit switched

Voice over Wireless LAN

  • DCF (Distributed Control Function) - if medium is idle (Carrier Sense), WLAN devices wait for inter-fram spacing interval gbefore they transmit; this builds in delay for VoIP
  • DCF can use either DIFS (Distributed Control Function Inter-frame Spacing, or SIFS (Short Interval Inter-frame Spacing). SIFS is shorter. PIFS (Point Control Function Inter-Frame Spacing) is rarely used.

Voice over MPLS

  • To use for VoIP, make sure network is configured with Fast Route (also called MPLS local restoration or MPLS local protection). This allows recovery at local level, not at IP level, which could impact voice qual resulting in dropped packets and/or clipping.

Cable Modem


VoIP Control Protocols

  • RTP - L5 protocol to carry voice/codec data.
    • RFC3550
    • Cisco ports typically UDP 16384-32767.
    • Framework not intended as separate layer(?).
    • Works well with RTCP
    • Time stamp is autonomous clock source (based on NTP) that determines how many clock ticks have occurred
    • time stamp supports VAD and jitter
  • RTCP - augments RTP by providing end-to-end delivery service for real-time traffic.
    • RFC3550
    • RTCP XR (Real-time Transport Control Protocol Extended Reports - RFC3611 - allows user-agent endpoints to send metrics to eachother on VoIP call quality (e.g. jitter, packet loss, discards, delay, analog, voice quality,...)
    • RTCP can be one-to-one or one-to-many
    • RTCP packets
      • Seder Report
      • Receiver Report
      • Source Description
      • Goodbye
      • app-specific


QoS Mechanisms for VoIP

  • Header Compression
  • Frame Relay Traffic Shaping (FRTS)
  • FRF.12 - Link Fragmentation and Interleaving (LFI) - force break up of big packets on one side
  • PSTN Fallback
  • IP RTP Priority (Diffserv) - map L3 to L2 technologies
    • and Frame relay IP RTP Priority
  • IP to ATM class of service (CoS)
  • Low Latency Queuing (LLQ) combo of 
    • Priority Queuing, and 
    • Weighted Queuing, and 
    • Class based queuing
  • Multilink PPP (MLP)
  • RSVP


  • Supported dedicated BW
  • Improve loss chars
  • Avoid and manage net congestion
  • shape net traffic
  • set traffic prios


802.1Q VLAN ID

Application/Network Service Classes
  • IETF RFC4594 defines 12 ASCs (Application Service Classes) via DSCPs.
  • These can be mapped to 8 NSCs (Network Service Classes) represented via 802.1q field
This table taken from Table 4-1 in Nortel VoIP Technologies book
Application Service Class Elasticity DSCP Loss Delay
Network Control (net element msging such as routing) Both CS6 Low Low
Telephony (VoIP audio) Inelastic EF Very Low Very Low
Real-time Interactive (video) Inelastic CS4 Low Very Low
Multimedia Conferencing (audio-video conferences with rate adaptive CODECs) Rate adaptive AF4x Low/Med Very Low
Signaling (app-signaling such as SIP) Inelastic CS5 Low Low
Broadcast Video (broadcast-quality trans - IPTV, security video...) Inelastic CS3 Very Low Med
Multimedia Streaming (audio-video transmissions - podcasts, streaming video...) Elastic AF3x Low/Med Med
Low Latency Data (delay-sensitive apps - client/server, transaction-based svcs Elastic AF2x Low Low/Med
High Throughput Data (file transfers - ftp, http...) Elastic AF1x Low Med/High
OAM (ops data) Both CS2 Low Med
Standard (best effort traffic) No spec DF Not specified
Low Priority Data (data that can be starved) Elastic AF1x High High
ASC to NSC mappings
  • Some switches will map DSCP (ASC) mappings to 802.1q (NSC) mappings and ignore what is in that field
  • Book says "If an IP packet arrives with a non-standard or experimental DSCP value that is not mapped to any svc class, then this packet must be treated as a DF-marked (default) packet."
  • RFC4594 defines scheduler/queue types as rate or priority
    • Priority Queuing looks at highest prio queue and sends packets if packets exist. Then goes to next, etc.
    • Rate-based queuing including things like WRR and WFQ (see QoS cheatsheet)
NSC Traffic Svc Classes
  • App traffic can be divided into 2 categories
    • Network Control - net traffic such as routing updates
    • User traffic
      • Interactive (human to human) - sensitive to delay, loss, jitter. Delay perf on order of 10s of ms
      • Responsive (human to server) - less affected by jitter. Can tolerate longer delays than interactive traffic. Delay perf on order of 100s of ms
      • Timely (between servers or server to human) - daly tolerance significantly longer than Responsive traffic. delay perf less than 1 sec.
  • NSCs are a superset of six QoS classes defined in ITU-T Y.1541.
taken from table 4-5 in Nortel VoIP Technologies
Network Control Traffic Category Network Service Class Target Applications Loss Tolerance Delay Tolerance Jitter Tolerance Trafic Profile
Network Control Network
  • Network Control
Low to very low Low NA Variable sized packets
Interactive Premium
  • VoIP Telephony
  • Interactive video (video conferencing)
Very low to low Very low Very low to low Typically varaiable sized packets
Interactive Platinum
  • Multimedia conferencing (rate adaptive)
  • Application Signaling
Low to med Very low to low Low to med Variable sized packets
Responsive Gold
  • Broadcast TV
  • Pay-per-view movies and events
  • Video surveillance and security
  • Web casts - multimedia streaming
  • Interactive gaming
Very low to med Med Low to high Variable sized packets
Responsive Silver
  • Client/Server apps
  • SNA term-to-host transactions (SNA over IP using DLSw)
  • Web-based ordering
  • Credit card transactions
  • Financial wire transfers
  • ERP apps
Low Low to med NA Variable sized packets
Timely Bronze
  • Store and forward apps
  • Email
  • Billing record transfer
  • Non-critical OAM&P (SNMP, TFTP, ...)
Low Med to high NA Variable-sized packets
Timely Standard
  • All traf not in other classes
  • Best Effort traffic
  • Bulk data transfer
Typically not specified Typically not specified NA Variable-sized packets
Timely Custom
  • Customer defined
Custom Defined Custom Defined Custom Defined Specified

Port-based prioritization

Prio packets in 1 l2 port over packets in the other. Not recommended for end-devices (e.g. phones) as they can be moved.


Put all VoIP traffic into one VLAN, and prio that VLAN over other ones.
VLANs also segment broadcasts to their own VLAN (other end-devices do not have to respond to broadcasts.
VLANs imply 802.1Q (VLAN std) support.
  • Port based
  • Policy based
    • MAC based
    • IP subnet based
    • Protocol based
    • Book forgot application based (e.g. application selects VLAN)

Queue types

See Queue types in the QoS Notes.

Queuing guidelines

  • Also, realize the on a low-bandwidth connection, WRR and WFQ may not prevent serialization delay. Implement fragmentation on these links.
  • on high bw connections, strict queueing is recommended for VoIP queue.
  • WRR and WFQ not recommended for VoIP over WAN

WAN Queuing considerations

  • For PPP, consider PQ, RTP header compression, and fragmentation.
  • For FR, with voice and data sharing a PVC, consider PQ with traffic shaping to ensure voice packets are note discarded or delayed.
  • For ATM, with voice and data sharing a PVC, consider PQ to guarantee voice has prio over data



See the RSVP section in the QoS Notes.

Traffic Shaping

Determine which packets get dropped from queue during congestion situations. Can be based on traffic characteristics, bits in header such as DSCP or IP Precedence. Can occur at L2 or L3. See Congestion Control notes and details on RED and WRED.

IP Addr Prio

Prio traffic based on IP addr.

DiffServ and DSCP

  • See the DiffServ section in the QoS Notes.
  • PHB - Per hop behaviour recommended by IETF for DE, AF, and EF marked traffic.
  • DiffServ Domains and Edge Nodes
    • Edge Node on edge of domain. Applies QoS policies for edge of DiffServ domain, and connects domain to non-DiffServ network.
    • Boundary Node between domains. Provides QoS policies between 2 or more DiffServ domains.
    • Interior Node is in trusted part of DiffServ domain. Less compleex traffic policing and conditioning.

L4 and beyond

  • Best-effort networks - try creating 3 prio levels, Prem for voice traf, Platinum for VoIP signalling, BE for rest
  • L4 TCP/IP classification - look at TCP or UDP port #s. May not always work if duplicate ports are in use.

  • prio - reserve a RTP port range and prio on this
  • Packet Frag - can add processing delay to frag, interleav, and re-int. Be careful when apps set Do Not Frag bit. Reduced MTU puts data on WAN sooner, but makes transmissions less efficient.
    • Frame Relay (FRF.12) - Frag smaller pieces and interleave real-time frames with non-real-time frames
    • ATM - packets frag automatically into 53-byte cells
    • PPP - split large packets into smaller ones and encapsulate into PPP frames before queing and trans. Hi prio packets can interupt and trans ahead of lower prio packets.
    • IP - only 1st packet in series of frag packets contains L4 and higher proto info.
  • Policy Mgmt - control traf flow based on traf condition, VLAN ID, user prio val, DSCP val, proto type. Schedule the time when policy is effective. What happens to packets in various stes.
Network Policies Monitors chars of traffic and performs controlling action on traffic when matches chars.
  • Policy mgrs can ID traffic flows, and mark flows for prio based on packet info.
  • Policy mgr administers rules or policies for net behavior to alilgn prios with busines.
  • can be applied across multiple devices simultaneously

Common Open Policy Services - Provisioning

Policy Server distributes policies to devices (PEPs - Policy Enforcement Points). Can get policies from policy repository (e.g. LDAP dir).

Net Mgmt

  • Perf Mgmt
  • Fault Mgmt

Cisco QoS Implementation Technologies

  • Header compression
  • Frame Relay Traffic Shaing (FRTS) - Delays excess traffic using buffer or queuing mechanism when data rate of source is higher thhan expected
  • FRM.12 (and Higher) -interleaves delay-sensitive voice traffic on one virtual cirucit with fragments of a long fram from another VC utilizing same interface
  • PSTN Fallback - based on network congestion
  • IP RTP Prio and FR IP RTP Prio - queuing for slower links, works with Weighted Fair Queuing (WFQ) and Class-Based WFQ (CBWFQ).
  • IP to ATM CoS - maps QoS characteristics between IP and ATM
  • Low Latency Queuing (LLQ) - provides strict prio queuing on ATM VCs and serial ints.  provides priority queuing in conjunction with CBWFQ.  Cisco recommends.
  • MLP - Allows large packet to be multilink encap'ed and fag'ed to satisfy delay reqs
  • RSVP



  • Uses CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance). Wired ethernet uses CSMA/CD (.../Collision Detection)
  • Physical Carrier sense -
    • is a station transmitting. If so synchronize...
    • CCA (Clear Channel Assessment) - is there too much ambient radio frequency to indicate that another station is transmitting (or something else is happening
  • Virtual carrier sense -
    • In every transmission there is a Duration/ID field with value between 0 and 32,767. Values above 0 are copied to the stations NAV (Network Allocation Vector) countdown timer
    • NAV continues to countdown whether busy or idle.
    • station will transmit when:
      • NAV is 0
      • CCA indicates medium is free

Interframe Spacing

The following are from 802.11. 802.11e extension has 8 diff interfame spaces designed to allow for QoS. Separate Spec (extension).

standard/delay primary use/notes
SIFS (Short Interframe Spacing) 802.11a - 16ms
  • Acks following data frame
  • CTS responding to RTS
  • data frame following CTS
PIFS (Point Coord Func Interframe Space) 802.11a - 25ms
SIFS+1 time slot (9ms)
  • Optional mode in which Access point controls which stations can transmit.  Stations do not contend for access
  • No known vendor implements PIFS
DIFS (Distributed COord Funct Interfame Space) 802.11a - 34ms
(longest of fixed interframe gaps)
  • most data and mgmt frames
  • RTS frame
EIFS (Extended Interframe Space) 802.11a - 200ms
  • Whenever station detects frame transmission did not result in a correct FDS (Frame Check Sequence), it knows collision occured.
  • Use this before next transmit.  When detecting correctly transmitted frame, revert to SIFS and DIFS.

Contention Window

Transmit when:
  • SIFS is ready to go, OR
  • DIFS is ready to go, NAV is 0, CCA is clear
Otherwise wait for NAV to 0 or CCA to clear. Then wait for Contention Window (random period of time). Than transmit (DIFS frame).


Frame sequence is
RTS > SIFS > CTS > SIFS > Data frame > SIFS > ACK
  • Receiving station (typically access point) transmits CTS to station that sent RTS.
  • In mixed mode (802.11b/g), stations send RTS and CTS at slower speed. All stations can wait for NAV value, but 802.11g stations can transmit data packets at faster speeds.
  • ACKs must be sent after every Data frame. Otherwise sending station assumes that packet was lost.

Radio Waves

  • Low freq waves (100-150khz) propagate as ground waves
  • Mid-range frequency waves propagate as space waves and bounce off the troposphere or the ionosphere. They can travel several thousand kilometers.
  • Waves with frequencies above 3GHz propagate as direct waves, and can travel only as far as the optical horizon.
  • WLAN signals genarlly fade in strength with the square of the distance they travel. Obstacles in the way make it worse (e.g. by the fourth power of the distance they travel, could be totally blocked).
  • remember to do site survey, not just guesstimate what the coverage is going to be.
  • Lobe - coverage area of RF antenna.
  • Multi-path - signals reflect/bounce off of other objects, and cause noice or out-of phase interferance

WLAN components

  • Mobile Units (MUs) or stations
  • Access Points
  • Access Ports - switches to coordinate access points, make them intelligent, allow for easier mgmt.
  • WLAN switches
  • GWs and VPN term points
  • Supporting servers (DHCP, DNS, etc...)

Service Sets

  • BSS (Basic Service Set) - 1 AP and 1 or more MUs. All traffic must go thru AP
  • ESS (Extended Service Set) - Multiple APs and 1 or more MUs. All APs have same SSID (same service set identifier). Roaming from one AP to another is allowed.
  • IBSS/ad hoc (Independent Basic Service Set) - no AP. Units talk directly to each other


  • Beacons
    • Beacon frames sent out at frequent and periodic intervals.
    • Intended to synchronize the MUs via time stamp.
    • Contains channel info and SSID. Some APs will allow SSID advertising to be turned off.
    • Contains TIM (traffic indication map) that lets clients know if AP has data to send to it.
    • Contains info about which data rates are supported by AP
  • Scanning - passive - listen for beacons and attempt to associate when you see a matching SSID
  • Scanning - active
    • Send probe request frame with SSID of net that MU wishes to join (or wildcard). All APs that match, respond.
    • frame is simlar to beacon frame, but no TIM.
    • if multiple responses received, MU joins strongest signal strength
    • continue to gather info about nearby APs, so roaming is easier
  • Authentication and Association - after MU determins AP to connect to:
    • MU sends Auth frame to AP. AP can auth or hand off req to back0end server
    • Auth establishes verfied L2 connection. AP sends auth response to MU after ID verification
    • After authentication, MU associates with AP (sends a association req frame and gets a association resopnse frame back from AP allowing or disallowing association request. Once associated, data can be sent
    • pre-authentication makes roaming smoother


  • omni directional - standard or high-gain
  • highly directional
  • semi directional (i.e. 1 half of a omni directional)

WLAN Power

relative loss/gain absolute power loss absolute power gain
3dB 1/2 original power 2x original power
10dB 1/10 original power 10x original power
  • Decibels per mW (dBm) measure abs power. 1mW of power is amped to 10 mW would hav a gain of +10dBm.
  • Gain of antena is dBi (decibels / isotrobic radiator or perfect antenna). AP at 20 mW, gain is 10dBI, trans signal is 200mW.


  • Frequency Hopping Spread Sprectrum
  • 2.4GHz ISM (Industrial, Scientific, and Medical) band
  • channel 2 through 79 - 1MHz wide sections of band
  • 802.11 hops ~10x per second.
  • hop sequence specified freq hopping sequence
  • Dwell time defines how long to stay on specific frequency
  • Hop time time takes to hop from on freq to another. Usually measured in ms.


Direct Sequence Spread Sprectrum
  • Apply quick large chipping sequence to info bit, to result in large number of bits sent across spread spectrum simultaneously
  • DSSS uses Barker Codes of (+1 +1 +1 -1 -1 -1 +1 -1 -1 +1 -1) and (+1 +1 +1 +1 +1 -1 -1 +1 +1 -1 +1 -1 +1).


WiFi Specification Cheatsheet

Delays and ARQs

WLANs use positive acks; ARQs (Auto Repeat Reqs) are common. These happen when drrors are detected and can be complete retrans or retrans of orig info using idff mod and coding scheme. This happens outside of typical QoS queues and prios.

You also have to wait for interframse spacing, NAV countdown, waiting for IDFS, etc. Every frame has to be ack'ed.

Voice packet typically experiences (at least):

  • 50 microseconds - DIFS
  • 80 microseconds - Avg Backoff
  • 192 microseconds - Synch/Preamble
  • 171 microseconds - full packet transmit
  • 10 microseconds - SIFS
  • 192 microseconds - preamble
  • 11 microseconds - MAC ACK
Total time is 706 microseconds or .7 ms (absolute best case scenario).

VoIP Security


Types of External Threats

  • DoS attacks
  • Intrusion attacks
  • Information theft

Tech Solutions

  • intrusion - fw combined w/ auth svcs
  • data theft - fw and encrypt sw
  • data mod - encrypt and gi sig sw

Types of FWs

  • Simple filtering routers
  • Stateful packet filters
  • Circuit-level GWs - checks for TCP and UDP connections, then nothing.
  • App GWs (ALGs) - book describes these as proxy, thinks these aren't transparent to users.
  • Bastion Hosts

Topology elements

  • Dual-homed Host
  • Screened Host - Bastion Hosts off to side of fw.  All traffic passes through them.
  • DMZ and Perim Nets - Bastoin Hosts/ALGs behind filtering router.  All traffic passes through them.
  • Combined Rtr and FW
  • Isolated Perm Network - Only one rtr/fw combo with DMZ arm and protected nets arm.


See NAT section in SIP Cheatsheet.

NAT Traversal solutions

  • UPnP w/ NAT device as to what exteral address/port will be.  Can only traverse one NAT.
  • STUN (Simple Traversal of UDP through NAT) - Send multiple STUN query requests to STUN server outside of firewall.  Determines external address(s) and what type of NAT it is behind.  Doesn't work with Symmetric NATs.
  • TURN (Traversal Using Relay NAT) - TURN server on Internet becomes a relay server changing NAT addresses to it's own and forwarding.  Also handles media.  Expensive solution.  Can be bottleneck and single point of failure.
  • NAT SIP ALG - ALG inspects every SIP paragrpah, performs necessary translations, and updates SIP msg before forwarding packet.
  • NAT Hairpinning - 2 private side addrs use public addr in SIP and RTP/RTCP.  Box translates and/or forwards as appropriate.

Crossing Autonomous System Boundaries


Receives and re-initiates SIP and media traffic.


Can be combination of proxy server and/or B2BUA.  Basically intended as SIP server between 2 autonomous systems.  

Securing SIP Signalling

  • HTTP Digest authentication, MD5-Session or MD5 (MD5 default)
  • RFC 3261 Section 22
Term endpt A


<-407 Proxy Auth Required Proxy Auth Nonce--


--Invite w/ Proxy-Auth-->

<-200 OK--

--ACK Auth: resonse->



  • Transport Layer Security (RFC 4346)
  • Allows secure channel between 2 machines, on a hop-to-top basis.
  • Does not relay on user input.  Computers on each end of hop rely on scerts issued by CA (Cert Auth) to auth each other.  Cannot use self-created certs to create secure chans across pub net.

TLS Auth


Contains enrypt algo opts

(Use this encrypt algo)


Contains enrypt algo opts

(Use this encrypt algo)

Create pre-master secret key --ClientKeyExch-> Decrypte
Get Pre-master secret key
Key Deriv Function
Get MsgAuthCode

<-Finished-- Key Deriv Function
Get MsgAuthCode
If MsgAuthCodes match on both sides, key is exchanged. We can use the key to encrypt packets that flow between.

Secure SIP

  • Each TLS chan provides single hop of encryption and auth.  
  • RFC3261 requires each hop to be secured or send 416 error msg.  Exceptsions made for first and last hop (can be secured in other ways (such as IPSec).


  • Secure Real-time Transport Protocol (RFC3711) - bump in the stack (encrypt/decrypt the
  •  at both endpoints).
  • Session keys derived from Master key.  Master key is random bit string provided to SRTP by external key mechanism.  RFC3711 references MIKEY, KEYMGT, SDMS, and KINK as external key mgmt protos.
  • SRTP can enctyp payload and include auth hash, or just include auth hash.  auth hash is 180 bit truncated to 80 bit HMAC-SHA-1.
  • SDP indicates RTP/SAVP or SRTP/SAVPF in media (m=) line.  
  • RFC refers to SDP attr referred to as "crypto".  Only use the crypto attr to exchange key with another enctyping tech such as IPSec, TLS, or SIP S/MIME.

VPNs and VPN Components

  • Authentication svrs - such as Cert Authorities and RADIUS svrs, gurantee ID
  • Manage svrs - contorl monitoring alerting reporting
  • Phys transport 
  • VPN GWs 
  • VPN client sw 

Security Reqs

  • Integrity - make sure end to end is valid.  Dig Sigs and 1-way hash or digests
  • Privacy - Ectypt to ensure priv
  • Encryption
  • Authorization - Access rights/privelages LDAP, RADIUS, ID the user,etc...
  • Authentication - Username/pw
  • Non-repudiation - keep sender from saying they did not send msg
  • Non-replay - keep unauth users from recreating session by impersonating respondants

Encryption and Key mgmt

  • Symmetric (1 key both sides) can be less secure/scalable
    • DES
    • 3DES
    • RC4
    • AES
  • Asymetric (1 key for encrypt, 1 key for decrypt) can be slower/more cumbersome.
    • RSA
    • ECC (Elliptic Curve Crypto, good for handhelds)

VPN Tunneling Protos

  • GRE (not encrypt?)
  • L2F
  • PPP (RFC1661)
  • PPTP (RFC2637)
  • L2TP (RFC2661)


L3 not tunneling, but operates under tunnel mode.  Carries IP only.
Authentication for IPSec Tunnels
Make sure packets are authentic.  Hash/Digests used.
  • HMAC 128 or 160bit - msg auth mechs using crypto hash functions, such as MD5, SHA-1
  • MD5 128bit
  • SHA-1 160bit
VPN Session Authentication Protos
Used for L2F, PPTP, L2TP
  • PAP
  • ChAP
  • MS-CHAPv2


  • Secure web browsing, email ,other data transfers
  • Secure gw can term conns and provide policy enfocement and access ctrl.
  • Encrypts HTTP data payload
  • Complete start and stop proxy.  App specific algos
  • Easy to use RAS
  • TLS handshake establishes symmetric keys that server and client use for session
  • Can provide app level access for VoIP across NAT, FWs, and provides drop-out resiliency.

User Authentication Services

  • RADIUS - External
  • LDAP - Internal or External db or external proxy (preferred)
  • Certs
  • SecurID using a RADIUS server proxy


  • 911/122 call goes to PSTN and then to Selective Router
  • Selective Router matches ANI/CLID agaisnt MSAG (Master Street Address Guide).  Routes to appropate PSAP.
  • PSAP dips into ALI DB and pops info to call taker's computer terminal

L2 Switch port discovery

  • L2 DM (Discovery Manager) uses SNMP traps and queries to learn where phones connect ot network.

L3 Subnet Discovery

  • Based on VoIP phones IP address, assign acceptable ERL (Emergency response Location)/zone.
  • ERLs/zones should be 7000 square feet or less
  • ERL associated with specific ELIN to be usesd as CLID/ANI for 911 calls.

E911 Considerations

  • Support 911 as well as AC+911, (e.g. 9911).  Allow for misdials.
  • Allow for onsite notification of 911 events, but do not intercept call from getting to PSAP.
  • Set up dedicated 911 trunk facilities.

Network Assessment

Pre-Sales Planning phase

  1. Who's the network assessment prime.
  2. ID the PCs used as endpoints for assessment (kit or customer).  Make sure they meet baseline assumptions.
  3. Obtain physical and logical network diagrams.
  4. Obtain list of equipment and telephony currently provided.
  5. Obtain additional net info
    • Voice quality targets
    • loc of users
    • link types
    • QoS strategy
    • etc...
  6. Verify net assessment kits have appropriate tools

Net Assessment Work FLow

  1. Readiness audit.  Security.  Power and Wiring.  Protocol considerations.
  2. Estimate traffic.  Use or generate existing numbers of possible.
  3. Develop Solution
  4. Work with customer to Implement.

Cisco Stuff

Reasons for using VoIP

  1. Cost savings
  2. Flexibility
  3. Advanced features
    • Advancced call routing
    • Unified messaging
    • Integrated Info Systems
    • Long-distance toll bypass
    • Security
    • Customer relationships
    • Telephony application services - pixel-based display stuff..

VoIP Network Components

  • IP Phones
  • Gatekeeper
  • Gatway
  • MCU (Multipoint Control Unit)
  • Call agent
  • App servers - voice mail unified messaging, Attendant COnsole
  • Vidconf station

VoIP Functions

  • Signaling
  • Database Services - access to toll-free nums, caller ID, etc requires cap to query db.  billing info, caller name delivery, toll-free db svcs, calling card svcs
  • Bearer control
  • Codecs

H.323 Protocols

See H.323 Cheatsheet.


  • Analog station gateways.
  • Analog trunk gateways.
  • Digital gateways.
  • H.323 and SIP gateways don't need a call control agent (like UCM).
  • 2600XM or 3700 rtrs support H.323 and MGCP 0.1 beginning with IOS 12.2(11)T and UCM Rel 3.1+.
  • SMDI standard for integrating VM systems with PBXs or Centrex.  Uses FXS or PRI conections, use SCCP or MGCP to work with specific line/ports.
  • Adv GW functionality
    • DTMF relay
    • supp svcs - hold transfer, conference, etc.
  • Rehoming to secondary UCM in event of failure
  • call survivability
  • QSIG support
  • fax/modem support
  • 2801, 2811, 2821, 2851
  • 38xx
  • 6500 w/ Communication Media Module (CMM) - can handle up to 144 T1/E1 connections using 8 CMMs with 18 ports each
  • 1751-V, 1760-V (Modular access rtrs
  • 2600XM
  • 3600
  • 37xx

Standalone Voice Gateways

  • VG224 (and used to be VG248)
  • AS5300 (T1/E1 gw)
  • AS5400 (enhances fax/modem)
  • AS5850 Universal gateways (T3/T1/E1)
  • 826-4V ADSL Rtr
  • ATA 186 - supports up to 2 voice portHA, fault tolerant infra.
  • 7200

Deployment Models

Single-Site Deployment

  • max 30,000 SCCP/SIP phones or SCCP vid endpoints, max 1100 H.323 or MGCP devices (gws, MCUs, trunks, clients)

Best Practices

  • know calling patterns
  • Use G.711 if possible (reduce DSP use)
  • Use SIP, SRST, and MGCP GWs for PSTN  H323 possibly or SS7 or Non fac assoc signal (NFAS)

Multisite WAN w/ Centralized Call-Proc Deployment

  • Same Max endpoints
  • hi bw in site, lower between sites
  • min 768kbps WAN recommended (for video)
  • SRST set up 4.0+ for video
  • Unified CME an alternative for SRST (more features)
  • H.323 devs require gatekeeper such as Cisco IOS Gatekeeper (IOS 12.3(8)T+)
  • Need to allow for QoS for signaling and RTP over WAN
  • Use CAC (Call Admission Control) to limit calls over WAN so quality is acceptible (via QOS)
    • locations based CAC - calls from hq to site1 use this much BW (statically set)
    • Use regions (HQ, site1, site2) and relationships
      • HQ<->HQ G711
      • HQ<->S1 G729
      • HQ<->S2 G729
  • AAR (Automated Alternate Routing) use if WAN bw is exceeded
  • Secure Survivable Remote Site Telephony (SRST)
    • basic to full-capability
    • phone keep-alives to primary, secondary, and tertiary call manager fail
    • SRST router monitors keep-alives going between phone and CM
    • go to SRST mode
    • can use MGCP fallback to config basic dial peers configured
      • recommend basic dial plan for MGCP fallback
    • build expanded dialplan #s when in SRST mode
    • Call Mgr Express in SRST mode 
    • 2800 < 100 phones SRST sales model
    • 3800 > 100 phones SRST sales model

Best Practices/Design Guidelines

  • minimize WAN delay (e.g. clipping, reduce voice cut-through delays)
  • user HSRP for backup GWs
  • use locations mechanism in CUCM to pfrovide CAC into and out of remote branches
  • SRST on IOS GW supports 720 phone whereas Unified CME running in SRST supports 240.
    • num of IP phones and line appearsances supported SRST mode at each remote site depends on branch router platform
    • SCCP phones - use SRST on IOS GW or Unified CME
    • SIP phones use SIP SRST
    • MGCP phones, use MGCP GW Fallback.
    • Can all reside on same GW.

Multisite WAN w/ Distributed Call-Proc Deployment

  • same max endpoints / cluster
  • without Gatekeeper - Intercluster trunks need to be built between CMs
  • with Gatekeeper - Intercluster trunks only need to be built to Gatekeeper from each CM
  • Use IOS Gatekeeper for (CAC) Call Admission Control between UCM clusters, 
  • use gatekeeper pairs, gatekeeper clustering, alt gatekeeper suport resiliency HA/HSRP between Gatekeeper pairs/cluster members
  • Use 11 type of codec on WAN  - H323 dosn't allow for header overhead in bw request.  Simplifies capacity planning.
    • use 1 type of codec (simplify conig)
  • Provide redundacy for SIP proxies
    • ensure SIP proxie have capacity for call rate
  • Transparent use of PSTN if IP WAN is unavailable

Clustering over IP WAN Deployment

  • Local Failover Deployment
  • Remote Failover Deployment (may need higher BW for intracluster traff flows)
  • < 40ms round trip delay or DB breaks, can recover - manual effort
    • QoS to min jitter for IP Precedence 3 ICCS traffic (CoS 3)
    • provide sufficient prio bandwidth for all ICCS traffic, especially prio ICCS traffic
  • minimize jitter related delay, packet loss/errors especially for Intra-Cluster Communicatoin Signaling (ICCS) traffic
  • Prvide sufficient bw for expected voice/video traffic
  • configure QoS appropriately

VoIP Design Elements

Call Manager Publisher/Subscriber

  • Changes are made on publisher
  • Subscriber picks up changes

Networking/Audio Clarity

  • Fidelity - accurate recreation of signal. human speech bw 100-10,000Hz, although 90 percent of speech is between 100-3000hz
  • Echo - usually due to impedance mismatch
  • Jitter - variation in arrival of voice packets - runthrough dejitter/playout buffer
  • Delay - G.114 says<150ms acceptable...for private networks 200ms is reaonable, 250ms is limit...remember to calculate coder, packetization, queuing buffering, serialization, dejitter buffer, as well as network delay...
  • Packet Loss - loss of packets on the network, shoot for < 1%
  • Side tone - hear your own voice in the earpiece
  • Background noise - Compensate for voice activity detection (VAD) issues with comfort noise generation (CNG).

Modulated Data over IP Nets


fax meant to operate on 64kbps pcm.  ways to get it over IP are:
  • Fax Relay - T.30 fax from PSTN demod'ed, enveloped into TCP packets, sent over net, remodulateed to T.30 on far end.
    • Cisco default is Cisco Fax Relay (proprietary)
    • T.38 standard can also be configured.
      • H.323, SIP, MGCP
      • Fax relay packet loss concealment
      • MGCP-based fax (T.38) and DTMF relay
      • SIP T.38 fax relay
      • T.38 fax relay for T.37/T.38 fax gateway
      • T.38 fax relay for VoIP H.323
  • Fax pass-through - passes in-band end-to-end over IP net.  Preferred method of sending
    • G711 with no VAD and No Echo Cancellation, or
    • clear-channel codec, or
    • G.726/32 (?)
    • GW notes fax tones, and changes codec configured to G.711 with not VAD, no EC for the duration of the fax session.  Usually changes packetization to 10ms.
    • voice-band-data referes to transport of fax modem signals over oice channel thru packet net.
    • redundant encodng or packet redundancy often used to mitigate packet loss.
    • Does not work when codec is G.Clear (GW cannot detect fax tone).
    • Supported in H.323, SIP, MGCP.
  • Store-and-forward fax - uses separate process.  ITU-T T.37. Converts to TIFF. Sends via SMTP. Can be delivered/received between computers rather than machines.


  • Modem pass-through - similar technique to fax-pass-through
    • Can use packet redundancy (e.g. @ 10ms sample size) to mitigate jitter, loss, etc
    • In Cisco, static jitter buffer of 200ms kicks in
  • Modem relay - modem signals demodulated at gw, converted to digital, carried in Simple Packet Relay Transport (SPRT).
    • SPRT runs over UDP
    • On detection of modem answer tone, GWs switch to modem pass-thorugh, and then if call menu (CM) signal is detected, into modem relay mode
    • Defaults to 20ms packet size


  • DTMF tones are distorted when gateways use compression on slower WAN links or compression oriented codecs
  • DTMF relay addresses problem
    • Cisco Proprietary - DTMF digits encoded differently and RTP packets IDed as type 121
    • H.245 Alphanumeric - send through H.245 signaling channel as User Input Indication msgs. Guaranteed delivery
    • H.245 Length - Similar to H.245 Alphanumeric, but includes info on length digits are pressed
    • NTE - (H.323 is RFC2833) - Separate Codec type negotiated that cannot be compressed for DTMF digits. Still uses RTP.
    • NSE - (MGCP is RFC2833)
    • SIP DTMF can use Cisco Proprietary method using Notify msgs - similar to DTMF relay described in RFC2833

Notes from CVoice Class

Voice Termination feature that a GW router performs.

Business Case for VoIP
  • Cost Savings
  • Flexibilty 
  • Advanced features
    • Advanced call routing (e.g. PSTN fallback)
    • Unified msging
    • Integrated info systems (e.g. integrate AD users into VoIP systems)
    • LD toll bypass (e.g. Tel-End-Hopp-Off (TEHO) - toll by-pass to local #)
    • Voice security
    • Customer relationship
    • Telephony application services

GW connects 1 network to another
ICT - Inter Cluster Trunks
SIP Trunks -

  • H.323 - Rtr decides what to do, lots of config on rtr (all dial plan), not much on Call Mgr, more distributed
  • MGCP - call mgr makes decision, very dependent on call agent such as call mgr, lots of config on Call Mgr (all dial plan), a little on rtr, more centralized
  • SIP - Rtr decides what to do, in this class, lots of config on rtr, less on Call Mgr
  • SCCP/"Skinny" - call mgr makes decision - default for phone

  • Distributed configuration

  • IETF RFC 2705 - 1999
  • Centralized configure on CM - backhauls used for signaling!
  • make sure IOS and CUCM have compatible version
  • Allow call agent to control interfaces, call agent (e.g. CM) controls all
    • if CM controlling MGCP PRI  backhaul controls interfaces...
    • BRI backhaul available with recent versions
  • P2P
  • SIP GWs never registered with CUCM; only IP addr available to confirm comm is possible
  • 2800, 3800
  • Distributed configuration

  • Proprietary terminal control protocol
  • stimulus protocol -  for every event end device sends msg to CUC
  • Can be used to control GW FXS port (e.g. VG224)
  • Proprietary nature allows quick additions and changes
  • SEP (Selsius E Phone)
  • Centralized
  • CM maintains dialplan
  • 224 ata 186, 2800 with FXS

VoIP Svc Considerations
  • Latency - delay
  • Jitter - Doesn't re-arrange sequence
  • BW
  • Packet loss
  • Reliability
  • Security

Default packet size for Cisco is 20ms.

Call Types

  • Local
  • On-net
  • Off-net
  • PLAR - Private Line Automatic Ringdown - auto connects tlephone to 2nd phone
  • PBX-to-PBX - originates at one PBX and terminates at another
  • Inter-Cluster Trunk calls (H.323):  Occurs when calls are routed by 2 separate CMs Device/Trunk/Add New
  • On-net-to-off-net

Dial Peers

  • Inbound call leg matches inbound dial peer
  • outbound call leg matches outbound dial peer
  • POTS/PSTN dial peer - type 1
  • VoIP dial peer - type 2...
  • match where it came from 1st
  • dial peer is an addressable call endpoint
  • dial peers establish logical connections, called call legs, to complete an end-toend cal

POTS Dial Peers

MATCH longest string
dial-peer voice 1 pots (number is arbitrary)
    destination-pattern 7777 (this is the phone #, caller id not automatically picked up)
    port 1/0/0

anything on this router can dial 7777

dial-peer voice 999 pots  
    dest-pattern 3...  (route 3xxx out port 1/1/0 even if pstn)
    port 1/1/0

    forward-digits all (redial the all the digits e.g. normally deletes specific digits e.g. 3 in 3...)

VoIP Dial Peers

dial-peer voice 2 voip  (H.323)
    destination pattern 8...  (voip dest patterns doesn't delete specific digits)
    session target ipv4: (could be call manager, could be provider, could be router)

string and wild cards match up
  • T - value is variable length dial string
  • # and * - could be in string
  • . - any single digit
  • , - insert 1-second pause between digits
  • + in front - must confirm to E.164

destination pattern 8T (any string starting with a 8)

consider putting 9T or 9911 for fall back to routers at remote sites...

Inbound Dial Peers

match order
  1. incoming called-number: defines called # or DNIS string
  2. answer-address:  Defines originating calling number or ANI string
  3. destination-pattern: uses calling number (orriginating or ANI string) to match incoming call let to an inbound dial peer
  4. port: attempts to match configured dial-peer port to the voice port that is associated with incoming call (POTS dial peers only)
  5. first dial peer in multiple (if multiple exist)
  6. dial peer 0
dial-peer voice 1 pots
    incoming called-number .  will match everything

Dial peer 0
  • no ivr application command
  • Any codec
  • IP precedence 0
  • VAD enabled
  • No RSVP
  • fax-rate service
default dial peer 0  (assumed dial peer 0 is inbound dial peer)
show call active voice

Outbound Dial Peers

match order
  1. most specific destination-pattern command routes to port (POTS) or session target (VoIP) command)
dial-peer voice 1 voip
destination-pattern .T
session target ipv4:
dial-peer voice 2 voip
destination-pattern 34512[3-4]
session target ipv4:
dial-peer voice 3 voip
destination-pattern 345125.
session target ipv4:
dial-peer voice 4 voip
destination-pattern 3451251
session target ipv4:
show dialplan number string to determine which dial peer matches specific string

Digital Voice Ports

  • T1 - TDM - 24 - CAS - channel associated signaling - robbed bit signaling
  • E1 - TDM - 32 - R2 - 30 voice - 1 frame - 1 signal
    • consists of 16 consecutive 256bit frames
    • 32 time slots
      • time slot 1 frame sync
      • time slots 2-16 and 18-32 carry actual voice traffic
      • time slot 17 used for signaling
        • bit 1 declares multiframe formate
        • bits 2 to 16 carry ABCD for
ds0-group 0 created in Cisco
0/0/0:1 could be a T1 CAS
0/0/0:23 could be PRI
channel #ing is 0-23
at controller level are 1-24
  • PRI
  • PRI NFAS (non faciilty associated signalling)
  • QSIG

  • BRI 2B+D (D 16kb/s)
  • E1PRI 30 B+D (D 64kb/s)
    T1 PRI 23B+D (D 64kb/s)
  • Digital trunks configured at controller level and signaling at logical serial interfaces
  • D channel iss Common Channel Signaling (CCS)
  • Drop and insert: B channels can be statically multiplexed betweeen interfaces
    • channelized PRI (split up for inbound, outbound, or part for data, part for voice, etc)

Configure commands

controller T1 1/0
    framing [esf | sf]
    linecode [b8zs | ami]
    clock source [line {primary | bits} | internal | free-running]
        ds0-group timeslots 1-12 type e&m-wink-start (T1 CAS)
    ds0-group 0 timeslots 0-12 type e&m-FGD (inbound ani)
    ds0-group 1 timeslots 13-24 type 1fgd-eana  (outbound ani)
      (This latter ds0-group will be referenced as 1/0:1)     ---

network-clock-participate [slot slot-number|wic wic-number|aim aim-slot-number]
  allows rtr to use clock from line via specified slot WIC or AIM - onboard clock synch'ed to here, must be repeated for each installed card (VWIC))
network-clock-select prioritynum [e1|t1|bri] slot/port
  (which specific slot port to get timing from)

voice-port 1/0:1
    cptone US
    compand-type u-law
    no shutdown

dial-peer voice 1 pots
   incoming called-number .
   port 0/0/0:0
controller E1 0/0/0
    ds0-group 0 timeslots 1-32 type r2-digital r2-compelled ani
    cas-custom 0
    country china use-defaults (sets values back to defaults)
dial-peer voice 90 pots
    destination-pattern 9T
    port 0/0/0:0
isdn switch-type primary-qsig
controller t1 0/0
    pri-group timeslots 1-24
    interface serial 0:23
isdn incoming-voice voice
clear interface bri0/0
config t
network-clock-participate wic 0 (allows defined card to participate in clocking of clocking on wic 0)
network-clock-select (use this for clocking)
interface bri0/0
    isdn switch-type basic-ne3
    isdn overlap receiving (receive digits - do not process until T302 timer is complete)
    isdn overlap receiving T302 10 (sets T302 timer to 10)
    isdn incoming-voice voice
    isdn protocol-emulate user (user side of connection - BRI specific)
network-clock-particpate wic 0
isdn switch-type primary-net5
controller e1 0/0/0
pri-group timeslots 1-31
interface Serial 0/0/0:15 (d channel)
    isdn switch-type primary-net5 | primary-qsig
    isdn overlap-receiving
    isdn incoming-voice voice (send to DSPs)
    isdn protocol-emulate user (default)
    isdn protocol-emulate user | network
Busyout channels (e.g. H323)
interface Serial0/1:23
isdn service b_channel 0-23 state 2 soft
  b_channel <range>
  state <0=InService, 1=Maint, 2=OutOfService>
  soft - place in defined state when chan is idle
show voice port [slot/port | summary] (things like attenuation, echo cancellation, interdigit time out, etc...
show controllers bri slot/port
show controllers t1 slot/port (things like b8zs, ami, etc)
show controllers E1 slot/port
show isdn status
debug isdn q921
debug isdn q931
show debugging
show voice dsp
show voice call summary
    1/015.1 (is E1PRI - logical port 15 is dchan)
show call active voice (show active call table)
show call history voice (show history call table)


functions with 2 sublayers
  • Basic Call - basic calls across circuit switched Call Control (Q.931)
  • Generic Function - Supplementary Services and Additional Network Features (ANFs)
Common way of doing things
  • basic call
  • call completion
  • call diversion
  • call transfer
  • ID svcs
  • MWI
  • path replacement
  • do not disturb and override
  • ISDN based signaling protocool
  • based on Q.931
  • allows some feature transparency between diff vendor PBXs
controller t1 0/1
    pri-group timeslots 1-23
interface serial 0/1:23
    isdn switch-type primary-qsig (other ways of doing e.g. through call manager)
isdn protocol-emulate user|network

show controllers t1 0/1/0
show isdn status (look for MULTIPLE_FRAME_ESTABLISHED (not just TEI established))
debug isdn q921
debug isdn q931

H323 GW Config

  • H.225 - call setup, RAS (registration, admission, and status) control
    • RAS is registration, admissions, bw chgs, status, disengage procs between endpoints and gk.
  • H.245 for capabilities exchange

  • Dial plan cfg'ed on gw
  • Translations cfg'ed on gw
  • Call routing can be more specific than on CM
  • Extra SRST cfgs not needed
  • No dependency on CM version
  • More voice interface types supported
  • NFAS supported
  • Fax support better
  • Call preservation (when CM disappears)

  • H.323 and H.324 (latter over reg phone lines) Terminals
  • GWs
  • GKs
  • SBCs (e.g. CUBE)
  • MCUs
voice service voip
    no shutdown
interface loopback 0
    ip addr <ip addr> <netmask>
    h323-gateway voip interface (this is always my source addr)
    h323-gateway voip h323-id gw1 (name for this gateway registered with gatekeeper)
    h323-gateway voip bind src addr (use this for inbound info)

voice class codec 100
    codec preference 1 g711 alaw
    codec preference 2 g729br8
dial-peer voice 500 voip
    voice-class 100
    codec g711alaw

Tuning params

voice class h323 600
    h225 timeout tcp establish 10 (how long to wait for connect)
    h225 timeout setup 10 (allow up to 10 seconds for setup to complete)
dial-peer voice 500 voip
    voice-class h323 600
voice service voip
        h225 timeout tcp call-idle never (don't drop call being setup ever)

H.323 Fax Passthrough

dial-peer voice 550 voip
    destination-pattern 550
    session target ipv4:
    fax protocol {cisco | none | system | pass-through {g711ulaw | g711alaw}} (default is Cisco fax relay)
    fax rate 14400 (to get better quality output)

H.323 Fax Relay

Voip service voip
    fax protocol t38
dial-peer voice 14151 voip
    destination pattern 15125551234
    session target ipv4:101/1/50
    fax-relay ecm disable (error correction mode)
    fax-relay sg3-to-g3 (class of fax on either side)
    fax rate 14400
dial-peer voice 14152 voip
    destination-pattern 15125551760
    session target ipv4:
    fax protocol cisco

DTMF Relay

dial-peer voice 500 voip
    dtmf-relay {[cisco-rtp] [h245-alphanumeric] [h245-signal] [rtp-nte [digit-drop]] [sip-notify]}

Verifying H323 GW

show gateway

H323 GK services

  • addr translation
  • net access control for H.323 terminals, GWs, MCUs
  • admission ctrl (ARQ, ACF - Admission Conf, ARJ)
  • bw control (BRQ, BCF, BRJ))
  • zone mgmt
  • call authorization (optional) - restrict access to certain endpoints or gws based on policies
  • call mgmt (optional) - maintains active call info and uses it to indicate busy endpoints or redirect calls
  • bw mgmt (optional) - reject admission when bw not avail
set of H.323 nodes controlled by single logical gk
nodes send discovery msg - multicast or unicast, and are admitted or rejected
zone local 805*
zone remote name HQGK2

  • tech prefix is optional h323 feature  enables flexibility in call routing within H323 network
  • cisco gk uses tech prefixes to group endpoints of same type together
  • can be used for hopoff

GK is router with appropriate image
H225 used in GK signaling & call setup
H245 used for media control
RTP used for media

IRQ/IRR GK to GW and back

  • GK disc msgs - endpoint to gk - GRQ/GCF/GRJ - UDP 1718 - unicast or multicast (
  • Term/GW reg msgs - RRQ/RCF/RRJ (Reg Req/Confirm/Reject)
    • register H.323 ID (e.g. or E.164 addr
    • lightweight reg (no changing cfg after initial reg) fr H.323 v2+ uses abbreviated renewal proc to update gk and min overhead - uses TTL timer
  • Term/GW unreg msgs - URQ/UCF/URJ
  • Call Admission msgs - ARQ/ACF/ARJ
  • LRQ/LCF (Location Request/Confirm)GK to Dir GK and back trying to determine zone endpoint IP addrs
  • Status/Info msgs - IRQ/ICF/IRR (Req Response)/IACK /INAK
  • BW Req - BRQ/BCF/BRJ
  • Resrce avail msgs - RAI (resources avail in GW to take calls)/RAC (Ack/Avail confirm)/RIP (request in progress)
  • Disengage msgs (DRQ/DCF/DRJ) - call being disconnected
  • ARQ/RIP/ACF GW to GK request

GK  Signaling: LRQ Sequential
default is sequential lookup
zone remote GKB
zone remote GKC
zone prefix GKB 1408555... (seq)
zone prefix GKC 1408555... (seq)
lrq lrj immediate-advance  (immediately advance on LRJ response as opposed to wait for timeout no matter what)
make it blast by replacing zone prefix statements with
zone prefix GKB 1408555... blast
zone prefix GKC 1408555... blast

Also put in
zone remote GKB cost 50 priority 50
zone remote GKC cost 51 priority 49
  (cost and priority are 1-100, lower cost and/or lower priority wins)

DRQ/DCF disengage request/confirm
GRQ/GCF (Gateway registration with Gatekeeper)
  • unicast (pre-configured addr), or
  • broadcast (
RRQ/RCF (Re-request registration or Registration Request) - endpoint registering after a GRQ/GCF
LRQ/LCF (location request between GKs)

Directory Gatekeeper is centralized gatekeeper for gatekeepers
  • essentially a superGK that forwards LRQ msgs.
  • LRQ msgs are RAS msgs triggered by an ARQ msg from endpoints
  • limit of 5 hops for an LRQ msg - 4 tier GK hierarchy
- End GK can go directly back to originating GK
GWs multiple GKs
GWs multiple GKs Directory GK

zone prefixes
Part of a called # that IDs the dest zone for call
    zone local Houston 1719 (this router)
    zone local zone local SanJose (don't need to put IP addr/port again)
    zone prefix Houston 281.......
    zone prefix SanJose 408.......

technology prefix

 - way to tag call so that it (call routing) can be treated differently
e.g. 1# for voice calls and 2# for video calls
    zone local Houston 1719 (this router)
    zone local zone local SanJose (don't need to put IP addr/port again)
    zone prefix Houston 281.......
    zone prefix SanJose 408.......
    zone remote DGK 1719
    zone prefix NYCGK 212* gw priority 10 NYGW
    zone prefix DGK*
    gw-type-prefix 1#* default-technology (default tech profix for routing calls that don't have tech prefix)
use GW/GKs for larger installation betweens CM clusters

GKTMP (Gateway Transaction Message Protocol)
transaction oriented app proto allwos ext app to modify gatekeeper behaviour processing specified RAS msgs
view/modify GK/GWs cfgs using 3rd party app
runs on Linux, MMAC, WIndows, etc...


show gatekeeper status
show gatekeeper endpoints
show gatekeeper zone prefix
show gatekeeper zone status
show gatekeeper gw-type-prefix
show gatekeeper calls show call resource voice threshold
show call resource voice statistics
show gateway
show gatekeeper gw-type-prefix
show gatekeeper endpoints
debug h225 {asn1 | events}
debug h245 {asn1 | events}
debug ras

GK Cfg steps

  1. config local and remote zones on GK
  2. cfg zone prefixes
  3. cfg tech prefixes
  4. cfg gws to use h323 gk
  5. cfg dial peers
    zone local SanJose
    zone remote Austin
    zone prefix SanJose 2... gw-priority 5 SanJose1
    zone prefix SanJose 2... gw-priority 10 SanJose2 (lower preference to use this gw RAI msgs can say back off...)
    gw-type-prefix 99#* gw ipaddr 172-
    gw-type-prefix 1#* default-technology
    bandwidth interzone zone SanJose 384
    bandwidth interzone zone Chicago 256
    no shut
interface Loopback 0
ip address <ipaddr> <netmask>
h323-gateway voip interface
h323-gateway voip bind srcaddr
h323-gateway voip id GK1 ip addr 1719 priority 1
h323-gateway voip h323-id Houston
h323 voip tech-prefix 1#

dial-peer voice 1 voip
    destination pattern 2...
    tech-prefix 1#
    session target ras

GK Zone BW Operation

CAC helps prevent link over-subscriptions
CM, CM Exp or GKs
formula for zone bw calc double amount of standard codec payload
example 3 calls * G711 * 2 = 3*64*2 = 384kbs
    this is just a reference point
bandwidth config for all zones is done at GK
only CAC for distributed is GK
    bandwidth interzone default 5000  (all calls for each interzone can't use morethan 5000kbs)
    bandwidth total default 5000 (or all calls total will not be more than 5000kbs)
    bandwidth session default 384  (or one call no more than 384)
    bandwidth session zone denver 256 (or one call to denver)
    bandwidth interzone zone chicago 4000 (calls to chicago are 4000kbs limited)

    show gatekeeper zone status

Dial Peer CAC

dial-peer voice 601 (tag)
    max-conn 1 (only 1 connection at a time via this dial-peer)
    default max-conn to set back

RAI (Resource Availability Indicator)

GW informs gk when running short on resources (when DSP or DS0 resource usage exceeds 'high water' mark.
GK can use another GW (make sure configured)
DS0s and DSPs included in calc
gw that sends overloaded sends another RAI to config when resources fall below cfged low water mark
    resource threshold [all] [high percentage-value] [low percentage-value] (default hi and low is 90%)
    resource threshold high 70 low 50

show call resource voice threshold
show call resource voice statistics

Debug Commands

show call resource voice threshold
show call resource voice statistics
show gateway
show gatekeeper gw-type-prefix
show gatekeeper endpoints
debug h225 {asn1 | events}
debug h245 {asn1 | events}
debug ras


  • RFC3435
  • UDP 2427
  • Media Gateway Control Protocol - stimulus protocol
  • extension of Simple GW Ctrl Protocol (SGCP)

Advantages of MGCP GW

  • Centralized dial plan config on CM
  • simplified dial plan config on CM
  • Simplified IOS config
  • Supports QSIG supp svcs with CM
needs versions to be the same on CM and GW


  • residential - interface between RJ11 call from phone and a VoIP ntwk. Examples - Cable modems, 2600 rtrs
  • trunking - interface betrween PSTN trunks(T1, E1, DS0, etc), and VoIP ntwk. Access svrs and rtrs
  • call proc is done on call agent (e.g. CM)
  • no dial peers on gw
  • endpoints
    • src or dest, phys or logical locations
  • connections
    • point-to-point, multipoint
  • UDP 2427 used for MGCP communications
  • UDP 2428 used for PRI D-channel backhaul

Calls and connections

Everything goes between CM / call agent and GW
  • Create Connection (CRCX) - between gw and endpoint
  • Modify Connection (MDCX)
  • Delete Connection (DLCX)
  • Delete Ack
  • AuditEndpoint (AUEP) - requests status of endpoint
  • AuditConnection (AUCX) - requests status of connection
  • NotificationRequest (RQNT) - watch for events on endpoints and take certain action if they occur
  • Notify (NTFY) - gw informs call agent of event for which notification was requested
  • RestartInProgress (RSIP)

Package types

usually enabled from CM, but can enable with mgcp package-capability
  • trunk
  • line
  • DTMF
  • generic media
  • RTP
  • Announcment server
  • script

Residential GW cfg

ccm-manager mgcp
    mgcp call-agent <cm ipaddr> service-type mgcp
dial-peer voice 1 pots
    service mgcpapp
    port 1/0/0
dial-peer voice 2 pots
    service mgcpapp
    port 1/0/1
mgcp package-capability dtmf-package
mgcp package-capability gm-package (general media)

Trunk GW cfg

This can mostly be done in CM (1st 3 are needed for CM only cfg)
ccm-manager mgcp
mgcp 4000    (port)
mgcp call-agent <cm ipaddr> 4000   (4000 is port)
controller t1 0/1/0
    framing esf
    clock wsource internal
    ds0-group 1 timeslots 1-24 type none service mgcp  (CAS)
controller t1 0/1/1
    framing esf
    clock source internal
    ds0group 1 timeslots 1-24 type none service mgcp

Fax passthrough and relay

ccm-manager mgcp
no ccm-manager fax protocol cisco   (make it T.38)
mgcp call-agent <cm ipaddr> service-type mgcp version 0/1
mgcp package-capability fxr-package
mgcp package-capability rtp-package
mgcp fax rate 14400
mgcp timer {receive-rtcp timer | net-cont-test timer | nse-response t38 timer}
mgcp fax-relay sg3-to-g3

MGCP debugging

show mgcp
show ccm-manager    (registering is bad, configure name correctly)
show mgcp endpoint
    s0/SU1/ds1-0/1@H!-1 (slot 0/subunit1/group/port@rtrname)
show mgcp statistics (shows counts and stats)
debug voip ccapi inout
debug mgcp [ all | errors | events | packets | parser ]

CM steps

  1. add MGCP GW (device/gw/add New)
  2. Cfg MGCP gw
  3. add voice modules
  4. add VICs to module
  5. cfg endpoints


  • determines loc of target endpoint
  • determines media caps of target endpoint
  • detrmines avail of target endpoint
  • establishes a session between the orig and target endpoints
  • handles transfer  and termination of calls

SIP Advantages

  • dialplan confg on gw
  • translations defined per gw
  • adv supp for 3rd party telephony system integration
  • interop with 3rd party voice gws
  • supp of 3rd party end devices (SIP phones)

SIP Architecture

  • User Agents
  • SIP Proxy, Register, location,redirect servers
  • SIP Gateway - can act as UA, client, server, sip proxy svr

SIP Servers

  • Proxy
  • Redirect
  • Registrar
  • Location


  • Invite
  • Trying
  • Ringing
  • OK
  • ACK
  • Bye
  • Moved (from a redirect server)

SIP Addresses

  • FQDN
  • e.164 sip:1234!; user=phone
  • mixed - sip1234;pasword=changeme@ sip:jdoe@

Addr Resolution - SIP Proxy has to query Location DB


  • In-band SIP
  • IP Voice Media Servcies needed to provide media termination point
  • RTP Named Telephony Event: Forward DTMF tones using RTP with NTE payload type (rfc2833)
    • OR
  • SIP NOTIFY: Forwards DTMF tones using SIP NOTIFY msgs
  • SCCP IP phones only support out-of-band.  Therefore SIP NOTIFY must be used.

SIP GW cfg

  1. enable sip voice svcs
  2. cfg SIP svc
    1. transport
    2. bind interface
  3. cfg SIP UA
    1. timers
    2. auth
    3. SIP servers
  4. Cfg dial-peer SIP params
    1. session protocols
    2. session target
    3. DTMF relay

voice service voip
    session transport udp
    bind control source-interface loopback 0
    bind media source-interface loopback 0

    authentication username JDoe password secret
    registrar expires 3600
    retry invite 2
    return response 2
    retry bye 2
    retry cancel 2

dial-peer voice 2000 voip
    destination -pattern 2...
    session protocol sipv2
    session target sip-server (see sip-server above)
    dtmf-relay rtp-nte
dial-peer voice 2001 voip
    destination-pattern 2...
    session protocol sipv2
    session target ipv4:
    dtmf-relay sip-notify
    preference 1 (no definition is 0 - lower pref value wins if sip server is available)
dial-peer voice 90 voip
    destination-pattern 9T
    session target ipv4:<ipaddr>
    session protocol sipv2
    dtmf-relay rtp-nte

Debug commands

show sip service
show sip-ua register status (can show DNs and dial-peers)
show sip-ua calls
debug asnl events (verifies sip sub svr is up)
debug voice ccapi inout (shows interaction with call control api)
debug voip ccapi protoheaders (displays msgs sent betweeen orig and term gws
debug ccsip {all | calls | errors | events | info | media | messages | preauth | states | transport }

Dial Plan on GWs

Digit manipulation commands

  • num-exp (num-exp 55.. (prefix number with 55) global command)
  • digit-strip (no digit-strip to not strip)
  • prefix
  • forward-digits (e.g. forward-digits 2 or forward digits all (right justified))
  • voice translation-profile
  • clid (modify your caller id)
voice translation-rule 1
   rule 1 /^4085551/ /1/
voice translation-profile pstn-in
   translate called 1
voice-port 0/0/0:23
   translation-profile incoming pstn-in
voice translation-rule 2
	rule 1 /^2/ /4085552
voice translation-profile pstn-out
	translate calling 2
voice-port 0/0/0:23
	translation-profile outgoing pstn-out
number expansion
num-exp 5551... 2815551...
dial-peer voice 2000 pots
    destination-pattern 22715551...
    no digit-strip
    port 0/1:23
prefix with preference
dial-peer voice 2000 voip
    destination-pattern 2...
    session-target ipv4:
dial-peer voice 2001 pots
    destination-pattern 2...
    preference 1
    prefix 5125552
    port 0/1:23


clid network-number number [second-number strip]   (second # strips from h323 original clid)
clid second-number strip (prevents 2nd # from being sent)
clid restrict
clid strip [name]

Calling Privileges

  • Defines destinations user is allowed to call
    • e.g. blocks costly svc numbers
  • Class of Svc on PBXes
  • Implemented on Cisco IOS GWs using COR (Class of Restriction) lists

Call Coverage - Hunt groups

Attributes of Scalable Dial Plan
  • Dial plan logic distribution
  • hierarchical num plan
    • summarization
  • simplicity ihn providisioning
  • reduction in postdial delay (t302 timer delay)
  • availability and faul tolerance
  • conformance to public standards 

on rtr 9011T will stop with #, on call manager needs to be in dial string
remember to deal with calling and called #s for inbound and outbound separately

ISDN Possiblities
  • can manipulate ANI based on TON

Digit manipulation

inbound - applied at voiceport/dialpeer
voice translation-rule 1 rule 1 /^4085552/ /2/   (match / change to - 2 followed by 3 digits)
voice tranlation-profile pstn-in translated called 1 (translate called party based on rule 1)
voice-port 0/0/0:23 translation-profile incoming pstn-in

outbound - applied at voiceport/dialpeer
voice translation-rule 2 rule 1 /^2.../ /4085552.../
voice translation-profile pstn-out translate calling 2
voice-port  0/0/0:23 tranlsation profile outgoing pstn-out

Global digit manipulation - done at global config mode
num-exp 3... 915125553...

Inbound Dial Peer Matching
direct-inward-dial in dial-peer makes it inbound?
Must match
  • incoming called-number (called number / DNIS)
  • answer-address (calling number / ANI)
  • destination-pattern (calling number / ANI)
the port command here defines POTS port that the call comes in on
Take a look at Cisco's Understanding Inbound and Outbound Dial Peers Matching on IOS Platforms.

Outbound Dial Peer Matching
Must match
  • destination-pattern
dial-peer voice 910 pots  (need no matter what - voice translation-rules are extra)
    destination-pattern 9[2-9]3.. [2-9]...... (strips the 9, only strip through 1st wildcard)
    direct-inward-dial (pass all digits that match dest pattern
    prefix 1
    port 0/0/0:23

incoming called-number 2... (match inbound dialpeer)

Debugging dialpeers and dialplans

show dial-peer voice <number>
show dial-peer voice summary (shows table of dial-peers)
show dialplan number <dial-string> [carrier id] [fax | huntstop } voice] [timeout]      (PICKS UP EVERYTHING Will show digit manipulation)
debug isdn q931 (?)
debug voip dialpeer
debug voice translation
test voice translation-rule <rule#> <dial#>
show voic translation-rule 1
show voice translation-profile

Digit Manipulation Order

  • Best Practice - do digit manipulation as soon as possible
  • POTS dial peers by default strips left-justified digits (deestination-pattern 555.... strips 555)
    • disable with no digit-strip or forward digits all
  • VoIP dial peers - by default router fwds all digit pairs
Inbound POTS
Inbound voice-port translation profile (physical interface)
number expsnsion
match inbound dial peer
Dial-peer voice translation profile
Inbound VoIP
Global trans profiles
number expansion
Match inbound dial peer
Dial peer translation profile
Outbound POTS
Match outbound dial peer
Dial-peer voice translation profile
Digit strip
Prefix digits
Forward digits
Outbound VoIP
Match outbound dial peer
Dial-peer voice translation profile

Digit collection

  • rtr collects one at a time until match an outbound dial peer
  • after match made, rtr immediately places call, no futhrer digits collected

Caller ID Name/number manipulation

voice-port 0/0/0
    station-id name HQ Fax
    station-id number 71355510003

Voice translation rules/profiles

  • rules define upt o 15 sub-rules to manipulate digits TONs num plans
  • profiles ref up to 3 rules
    • called
    • calling
    • redirect-called
  • profiles referenced by
    • voip dial peers
    • voice ports
    • inbound voip call
    • specific range of src IP addrs on VoIP calls
    • trunk groups
    • NFAS controllers
    • SRST

Regular expressions

rule 1 /\(^[2-9]..........\)/ /9\1/   things in parentheses become \a
/^9/ //  (strip a 9, don't have to match a 9)

/^2.../ /801&/  changes 2001 to 8012001
/^2.../ /801\0/ changes 2001 to 8012001
/.* /91&/ type national national changes '3125551212 type national' to '913125552001 type national'
/\(9\)\([^01].*\)/ /\11408\2/ will change 95551212 to 914085551212

Voice Translation Profiles

Processing order
applied toinboundoutbound
voice port/nfas14
trunk group source ip23
dial peer42
voice translation-rule 1
    rule 1 /^4085552.../ /2.../
voice translation-rule 2
    rule 1 /^.*/ /9&/ type subscriber subscriber
voice translation-profile pstn-in
    translate called 1
    translate calling 2
Call block example
voice translation-rule 1
	rule 1 reject /312555*/
voice translation profile block
	translate calling 1
dial-peer voice 111 pots
	call-block translation-profile incoming block
	call-block disconnect-cause incoming invalid-number


works with Call Mgr express and SRST
creates another dial peer for every ephone-dn
    dialplan-pattern 1 4085552... extension-length 4
dial-peer voice 2001 pots
    destination-pattern 2001
    port 1/0/0
...put in voice translation profile...

Basic digit manipulation - Quick ref

  • num-exp (num-exp 55.. (prefix number with 55) global command)
  • digit-strip (dial-peer command - no digit-strip to not strip)
  • prefix (dial-peer command)
  • forward-digits (dial-peer command - e.g. forward-digits 2 or forward digits all(right justified))
  • voice translation-profile
  • clid (modify your caller id)
    • station-id [ name | number ] (modifies FXS/FXO port Caller ID info)

num-exp 4... 7135554...
dial-peer voice 4000 pots/voip (sends match/trans out port
voice translation rule 1
    rule 1 ...
voice translation-profile pstn-in
    translate called 1
voice-port 0/1:23
    translation-profile incoming pstn-in
dial-peer voice 2001 pots
    destination-pattern 2001
    port 1/0/0
apply voice translations globally or dial-peer

show dialplan number <dial-string> [carrier id] [fax | huntstop } voice] [timeout]      (PICKS UP EVERYTHING Will show digit manipulation)

Call Routing and Path Selection

relies on dial ppeers
route to TDM or IP
match incoming and outing dial leg

inbound  dial-peer matching
DNIS with incoming called-number
calling number (ANI) with answer address
calling number ANI with destination-pattern
for pots voice-port matches with dial-peer port
still no match: default dial peer 0

outbound dial-peer matching
DNIS destination-pattern
lowest preference

Best practices

dial-peer voice 1 pots
    incoming called-number .   (match everything)
dial-peer voice 100 voip
    preference 1
    destination-pattern 1...
    session target ipv4:<ip addr>
dial-peer voice 100 voip
    preference 2
    destination-pattern 1...
    session target ipv4:<ip addr2>

Tail-End Hop-Off (TEHO)

routing through internal network and hopping off at remote location

COR (Class of Restriction?)

  • Restricts calling...
  • dial-peers with corlist names have corlist members assigned to them
  • outbound and inbound dialpeers get corlist (dial-peers) assigned to them
  • CORs can be used in SRST and with CME
Enter COR cfg mode
dial-peer cor custom
	Name the CORs
	name 911
	name local
	name ld
	name intl
Configure Outbound Corlists
dial-peer cor list 911call
	member 911
dial-peer cor list localcall
	member local
dial-peer cor list ldcall
	member ld
dial-peer cor list intlcall
	member intl
Configure Inbound Corlists
dial-peer cor list 911
	member 911
dial-peer cor list local
	member 911
	member local
dial-peer cor list ld
	member 911
	member local
	member ld
dial-peer cor list intl
	member 911
	member local
	member ld
	member intl
Assign Corlists to PSTN dial peers
dial-peer voice 911 pots
	destination-pattern 911
	forwrd-digits all
	corlist outgoing 911call
	port 0/0/0:23
dial-peer voice 9911 pots
	destination-pattern 9911
	forward-digits 3
	corlist outgoing 911call
	port 0/0/0:23
dial-peer voice 9 pots
	destination-pattern 9[2-9]......
	corlist outgoing localcall
	port 0/0/0:23
dial-peer voice 91 pots
	destination-pattern 91[2-9]..[2-9]......
	prefix 1
	corlist outgoing ldcall
	port 0/0/0:23
dial-peer voice 9011 pots
	destination-pattern 9011T
	prefix 011
	corlist outgoing intlcall
	port 0/0/0:23
Assign Corlists to incoming dial peers
dial-peer voice 1003 pots
	destination-pattern 1003$
	port 1/0/0
	corlist incoming local
	corlist incoming 911
dial-peer voice 1004 pots
	destination-pattern 1004$
	port 1/0/1
	corlist incoming 911
	corlist incoming locla
	corlist incoming ld
	corlist incoming intl
(optional) assign to SRST cfg
	cor {incoming | outgoing } cor-list-name  [cor-list-number starting-number - ending-number | default]
	cor incoming intl 1 2000 - 2100

Debugging COR

show dial-peer cor (shows corlists and members)

Border Control (Cisco UBE)

  • Session Border Controller (terminates and re-originates signaling and media)
  • H323 to SIP
  • H323 to H323
  • SIP to SIP
  • Address hiding
  • Security
  • Video Integration
  • Call Admission Control (CAC)
  • 2800/3800 + 12.2(13)+
  • Interconnect between networks
  • Each call leg can terminate at CUBE. (examine receive performs translation, regenerate)
    • Can eliminate hair pinning
  • H323/SIP - Fast Start/Early Offer
  • Media flow-through (default) - all media streams routed through CUBE
  • Media flow-around - media streams flow directly between endpoints.  optional whether actual traffic actually routes through
  • CM 8.5 allows flow-around early offer with certain phones...
  • CUBE can negotiate/limit codec usage (implemented via dial peer cfg)
  • Enables RSVP-based CAC:
    • CM intercluster RSVP based CAC
    • support for voice and video calls
    • media flow-through only
  • CUBE can register with GK like any other GW
    • may be deployed on same rtr
  • CUBE can also be used by GKs using via-zones
    • via-zone is cisco term for zone that contains CUBE and via-zone-enabled GKs
    • via-zone-enabled GK is capable of recognizing via-zones and sending traffic to via-zone GWs
    • via-zones are usually locaated on edge of an enterprise or Internet telephony service provider net
voice service voip
    allow-connections h323 to h323
    allow-connections sip to sip
    allow-connections h323 to sip
    allow-connections sip to h323
dial-peer voice 2001
    description to CM
    destination pattern 2...
dial-peer voice 2000 voip
    description to International
    session protocol sipv2

    destination-pattern 9011T
    session target ipv4:
    media [flow-around (media flows around) | flow-through (terminate media)]
    codec transparent (pass-through codec)

show gatekeeper endpoints
show gatekeeper calls

Call Manager Express example

voice register global
    mode cme
    source-address <localIpAddr> port 5060
    max-dn <#>
    max-pool <#>
voice register dn 1
    number 12800
voice register pool 1
    id mac 111.222.333
    number 1 dn 1
    codec g711ulaw

SIP Trunk Cfg example

voice service voip
        bind control source-interface FastEthernet0/1.202
        bind media source-interface Fastethernet0/1.202
    sip-server ipv4:<ipAddrOfPartnerGW>:5060
dial-peer voice 17020 voiop
    destination-pattern 1..........
    session-protocol sipv2
    session target sip-server
    dtmf-relay rtp-nte
    codec g711ulaw

Debug Commands

show call active voice
show sip-ua calls
debug ccsip messages