Cisco Webex Edge for Meetings Webex Edge Audio, Connect and Video Mesh
Richard Murphy
BRKCOL-2120
August 5, 2019 Cisco Webex Teams
Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Abstract
Cisco Webex is a constantly evolving cloud platform with innovation happening all the time such as the Webex Edge for Meetings service. What is it? If this question is something you are asking yourself, then this session is right for you. This session is designed to be an introductory session and will cover the three different services of Webex Edge Connect, Webex Edge Audio, and Webex Edge Video Mesh that make up the Webex Edge for Meetings service. The attendees will understand the differences of each service, the configuration requirements, and common deployment scenarios. A general knowledge of Cisco UC products such as Expressway and Cisco UCM is required. Cisco Expressways and Cisco UCM will not be discussed in detail except where they are relevant to the Webex Edge for Meetings service.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Agenda
• Webex Edge Connect • Overview
• Webex Edge Audio • Design and Implementation
• Webex Edge Video Mesh • Design and Implementation
• Conclusion
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Components of Webex Edge for Meetings
Webex Edge for Meetings
1 Connect 2 Audio 3 Video Mesh
Direct Connection to the Webex Meeting Audio via the Meeting Resources on Webex Datacenter Internet or Edge Connect premises
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Webex Edge Connect Webex Edge Connect Brings the power of the Webex backbone directly to your data centre
Webex Edge Connect
• A direct peering at Equinix data centers • Bypasses the Internet by providing a direct connection1 to the Webex data center • All Webex media traffic traverses the dedicated link to the meeting. (VoIP, video, content sharing) • When used with Video Mesh provides a more secure end-to-end experience Webex Edge
1 via a peering agreement with Equinix © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Overview Peering connection with Cisco Webex Benefits
• Private circuit (not over Internet)
• Deterministic network path
• Predictable and stable latency and jitter
• Guaranteed bandwidth
• Speed options: 500M, 1G, 5G,10G Available Services Enterprise Equinix Cloud Cisco Exchange • Webex Meetings (ECX) • Webex Teams Media *
• Video Device-Enabled Webex Meetings (CMR)
• Webex Edge Audio
* Webex Teams, Board, Cloud Registered Endpoints and Video Mesh require Internet access for signaling
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Webex Edge Connect Benefits
• Enhanced Meeting Quality - Your day-day core business conducted over the internet does not interfere with meetings and vice-versa. This means you can be assured of a consistent, reliable, cost effective, and secure meeting experience for all
• Added Security - Webex Edge Connect direct peering insulates your meetings from the variability of the Internet and provides protection from the public Internet and the potential threats and attacks.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Equinix Cloud Exchange
Customer Network Layer 1 (1G/10G)
Layer 2 Cust ASN (802.1q) AS13445 Layer 3 (BGP)
IMPORTANT ROLES AND RESPONSIBILITIES
1. Layer 1 – Physical Connectivity Equinix responsibility: ✓ Physical link provisioning (cross connects) 2. Layer 2 – Ethernet Connectivity ✓ Virtual circuit monitoring reports & support
3. Layer 3 – IP connectivity Cisco responsibility ✓ peering provisioning and support
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 HELSINKI STOCKHOLM MANCHESTER SEATTLE TORONTO AMSTERDAM DUBLIN CHICAGO OSAKA BOSTON TOKYO DENVER SILICON NEW YORK DÜSSELDORF VALLEY LONDON FRANKFURT WARSAW SHANGHAI DALLAS PHILADELPHIA MUNICH WASHINGTON ,D.C. PARIS LOS ANGELES ATLANTA CULPEPER, VA GENEVA HONG KONG HOUSTON MADRID MIAMI ZURICH MILAN SOFIA BARCELONA ISTANBUL
SEVILLE LISBON SINGAPORE BOGOTÁ JAKARTA
DUBAI ABU DHABI
Equinix Location BRISBANE PERTH SYDNEY ECX Fabric Location ADELAIDE MELBOURNE ECX Fabric Connectivity SÃO PAULO CANBERRA (routes subject to change) RIO DE JANEIRO Partner data centre Cisco Webex Locations
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Option 1: Equinix Cloud Exchange (ECX) Direct Peering via Customer Cage
Customer Equinix ECX Facility
Customer to Customer Equipment to Equinix Webex Cross Connect Physical Circuit
Customer Cage Cisco Webex Cage
`
1 On-prem Enterprise 2 BGP Peering Link
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Option 1: Equinix Cloud Exchange (ECX) Direct Peering via Customer Cage ‘Remote Port’
Customer Equinix Facility A Equinix Backbone Equinix Facility B Customer to Equinix Equinix Backbone Physical Circuit Connected
Customer Cage Cisco Webex Cage
1 On-prem Enterprise 2 BGP Peering Link
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Option 2: ECX Direct Peering via Customer Cage cross connected to SP Cage
Customer Equinix Co-Location Data Center
Service Provider Customer ECX Cisco Webex Cage Physical Cage Cage
SP Network
On-prem 1 Enterprise BGP Peering Link
When a customer has a cage within Equinix DC, the ECX virtual circuit will be considered ‘Local Port & Local Connection’ with lower monthly fee from Equinix.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Option 3: Equinix Cloud Exchange Direct Peering via VAR Partner Cage
Customer Equinix Co-Location Data Center
Service Provider VAR Partner ECX Cisco Webex Cage Cage Cage
SP Network
On-prem 1 Enterprise BGP Peering Link
In this option, VAR Partner has established a cage with Equinix and manages the equipment, ECX ports, and billing from Equinix. VAR Partner can manage virtual connections on customer’s behalf or assign ECX portal permissions for customer to manage virtual connections. The VAR partner is the Equinix customer of record with a local Cage thus Local Port pricing applies. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Option 4: Equinix Cloud Exchange Direct Peering via Network Edge
Customer Equinix Co-Location Data Center
Service Provider Customer ECX Cisco Webex Cage Virtual Router on Cage Equinix Network Edge
Cisco CSR 1000V
SP Network
1 On-prem Enterprise BGP Peering Link
When a customer does not have a cage in Equinix DC, they can consider the new Equinix ‘Network Edge’ option; however, the the ECX connection will be considered a ‘Remote Port’ with additional monthly fees from Equinix. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Customer Requirements - Core
• Equinix Cloud Exchange (ECX) Account and Rackspace in ECX
• BGP and Dot1Q Tagging Capable Router with L3 Connectivity to the Enterprise
• Physical port [1G/10G typical] available for connecting to ECX Fabric
• Public BGP Autonomous System Number (ASN)
• An IP space that is public and provider-independent • Edge Connect does not accept private IP advertisements like RFC1918
• An IT team knowledgeable of BGP and peering principles
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Customer Requirements – IP Routing
• IP Addressing • Public IP - /30 or /31 supported Customer Equinix Cloud Cisco Webex • Max length prefix that Webex advertises is /24 Premises Exchange (ECX) • The maximum length prefix that Webex accepts is /29 • The maximum number of routes Webex accepts is 100 • We recommend that customers allow 50 routes from Webex on the BGP peering as the number of routes that Webex advertises may change over time • Bidirectional-Forwarding Detection (BFD) is supported and enabled with a default value of 300 ms x 3 on the Webex Edge routers • Customer owned IP Addresses
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Ordering Process
• Purchase link/space in Equinix Cloud Exchange (ECX)
• Cisco Commerce Workspace (CCW): Cisco Order # used in ECX Portal
• ECX Portal to Request Port Connection • VLAN ID (customer side locally significant for Equinix only) • Purchase Order (PO) Number (From CCW order) • Public IP Range (/30 or /31) for BGP Peering (BYoIP - Customer and Webex side) • Subnets to Advertise to Webex (max /29 – max 100 subnets) • Public AS + password (32 bit supported) • Tech contact (i.e. admin group alias + phone number) • Link speed to provision: 200mb, 500mb, 1gb, 5gb, 10gb or increments thereof!
• Peering Provisioning Completion Email • L3 should be up and running
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 How do I Connect? Connectivity - Key Components
Equinix Cloud Exchange Order Process
Layer 1 1. Order physical circuit (1G/10G) to ECX fabric
Layer 2 2. Provision virtual (802.1q) Customer AS13445 circuit to Cisco Webex using Equinix Network Layer 3 self-service portal (BGP) 3. Cisco enables BGP IMPORTANT ROLES AND RESPONSIBILITIES connection to the Enterprise to establish connectivity 1. Layer 1 – Physical Connectivity Equinix responsibility: ✓ Physical link provisioning (cross connects) 2. Layer 2 – Ethernet Connectivity ✓ Virtual circuit monitoring reports & support
3. Layer 3 – IP connectivity Cisco responsibility ✓ peering provisioning and support
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Equinix Cloud Exchange Connectivity BGP Peering Router Location
BGP peering from the router in the BGP peering from the router in the Equinix Cage Enterprise
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 BGP Peering Configuration – high level
Cisco Webex Customer IP address is provided by customer • /30 or /31 IP subnet supported Gig interfaces: Webex network uses LAG bundles to support • Customer public IP block – Bring your own IP (BYOIP) 10 Gig
(IOS-XE) (IOS-XR) interface GigabitEthernet0/1/1 interface Bundle-Ether10000.2 ip address 192.0.2.2 255.255.255.252 ipv4 address 192.0.2.1/30 encapsulation dot1q 10 encapsulation dot1q 11 Cisco Recommends Customer Dual peering Network links for high availability
(IOS-XE) (IOS-XR) interface GigabitEthernet0/1/1 interface Bundle-Ether10000.2 ip address 192.0.2.6 255.255.255.252 ipv4 address 192.0.2.5/30 encapsulation dot1q 20 encapsulation dot1q 12
Note - VLAN assignment is locally significant due to ECX QinQ tagging and does not need to match on Webex & Customer sides
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Webex Routes AMER 64.68.96.0/19 64.68.104.0/21 Internet …. APAC 69.26.176.0/20 69.26.176.0/22 …. EMEA 62.109.192.0/18 …. Redistribute Equinix
OSPF BGP BGP
Advertise Customer
Network BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Connect to DNS webex.com Server
DNS Lookup Internet
64.68.96.55 DNS Server
Equinix
OSPF BGP BGP
Customer
Network BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Connect to DNS webex.com Server
DNS Lookup Internet
64.68.96.55 DNS Server
Equinix
OSPF BGP BGP
Customer
Network BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 BGP Peering Webex Edge Connect Customer Requirements
✓ Enterprises are responsible for their network architecture • Avoid asymmetric routing • Avoid suboptimal network paths Don’t have the networking expertise ✓ A connection to the Equinix Cloud Exchange internally? Consider enlisting a partner or Cisco Advanced Services to ensure a successful ✓ Knowledge of BGP Routing deployment.
✓ Public BGP Autonomous System Number
✓ Public provider independent IP block ✓ No RFC1918 addressing (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 BGP Traffic Engineering – Customer Controlled
• All global routes are advertised by Webex Edge Connect
• We recommend using IP prefix lists to manage route advertisements
• Filter ONLY on subnet groups by Theater: North America, EMEA, AsiaPac
• No static routing – Dynamic routing routing is required
• Route advertisements may change over time so customers should accept all Webex routes with prefix length that is less than or equal to /24
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 BGP Traffic Engineering – Customer Controlled
Traffic Engineering Communities
Multiple options to influence traffic flow Link Priority • None - Default (least desirable path) • 13445:200 - Local Preference 200 Option 1 – BGP Community local preference • 13445:300 - Local Preference 300 tagging • 13445:400 - Local Preference 400 • Highest level of control and routing influence • 13445:500 - Local Preference 500 • Advanced customer configuration • 13445:600 - Local Preference 600 • 13445:700 - Local Preference 700 • 13445:800 - Local Preference 800 Option 2 – AS-Path prepending • 13445:900 - Local Preference 900 (Most desirable path) • Simple Webex Prefix BGP Origin communities • 13445:10000 - AMER Option 3 – Unique NAT Pools per peering • 13445:10010 - EMEA session • 13445:10020 - APAC • Simple • Disruptive Fail-over Customer Prefix propagation scoping communities • None - Default permit global reachability • 13445:677 - Permit local theater reachability
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Example: Community Route Policy IOS XE
RTR1 Example BGP Configuration
router bgp 64496 neighbor 192.0.2.2 remote-as 13445 ! The following diagram is an example of a typical address-family ipv4 neighbor 192.0.2.2 activate active/standby topology. Router 1 (RTR1) is the primary path neighbor 192.0.2.2 send-community both and Router 2 (RTR2) is the backup. neighbor 192.0.2.2 route-map PRIMARY-OUT out neighbor 192.0.2.2 route-map PRIMARY-IN in exit-address-family ! Enterprise Network ip prefix-list ADVERTISE-TO-WEBEX seq 5 permit 198.51.100.0/28 BGP community 13445:900 ! route-map PRIMARY-OUT permit 10 Local match ip address prefix-list ADVERTISE-TO-WEBEX Primary Local Preference set community 13445:900 Preference 900 ! RTR1 900 route-map PRIMARY-IN permit 10 192.0.2.1/30 192.0.2.2/30 set local-preference 900 198.51.100.0/28 NAT RTR2 Example BGP Configuration 192.0.2.5/30 192.0.2.6/30 RTR2 router bgp 64496 Local AS13445 neighbor 192.0.2.6 remote-as 13445 AS 64496 Local Preference ! Secondary address-family ipv4 Preference 800 neighbor 192.0.2.6 activate 800 BGP community 13445:800 neighbor 192.0.2.6 send-community both neighbor 192.0.2.6 route-map SECONDARY-OUT out neighbor 192.0.2.6 route-map SECONDARY-IN in exit-address-family Webex to Enterprise network path selection: ! ip prefix-list ADVERTISE-TO-WEBEX seq 5 permit 198.51.100.0/28 RTR1 applies the BGP community 13445:900 and RTR2 applies the community 13445:800 to the enterprise prefix ! 198.51.100.0/28. The Webex cloud selects the RTR1 path because it is advertising the most desirable link priority route-map SECONDARY-OUT permit 10 community. match ip address prefix-list ADVERTISE-TO-WEBEX set community 13445:800 Enterprise to Webex Network path selection: ! RTR1 applies a local preference of 900 and RTR2 applies a local preference of 800 to the Webex prefixes. The route-map SECONDARY-IN permit 10 best path to reach the Webex cloud is RTR1 because it has assigned the highest local preference. set local-preference 800
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Webex Prefix BGP Origin communities Filter routes by Origin Community (per Theater)
• 13445:10000 - AMER • 13445:10010 - EMEA • 13445:10020 - APAC
Customer Network
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Example: AS-Path Prepending Route Policy
The following diagram is an example of a typical active/standby topology. Router 1 (RTR1) is the primary path and Router 2 (RTR2) is the backup. IOS XE
RTR2 Example BGP Configuration Enterprise Network router bgp 64496 neighbor 192.0.2.6 remote-as 13445 Primary ! address-family ipv4 1 AS-Hop 1 AS-Hop neighbor 192.0.2.6 activate neighbor 192.0.2.6 send-community both RTR1 neighbor 192.0.2.6 route-map SECONDARY-OUT out 192.0.2.1/30 192.0.2.2/30 neighbor 192.0.2.6 route-map SECONDARY-IN in exit-address-family 198.51.100.0/28 NAT ! ip prefix-list ADVERTISE-TO-WEBEX seq 5 permit 198.51.100.0/28 192.0.2.5/30 192.0.2.6/30 ! RTR2 AS13445 route-map SECONDARY-OUT permit 10 match ip address prefix-list ADVERTISE-TO-WEBEX AS 64496 2 AS-Hops 2 AS-hops set as-path prepend 64496 Secondary ! AS Path Prepending route-map SECONDARY-IN permit 10 set as-path prepend 13445 Webex to Enterprise network path selection: RTR2 applies AS path prepending 64496 to the enterprise prefix 198.51.100.0/28. The Webex cloud selects the RTR1 path because it is advertising the shortest AS Path.
Enterprise to Webex Network path selection: RTR2 applies AS path prepending 13445 to the Webex prefixes. The best path to reach the Webex cloud is RTR1 because it has the shortest AS Path.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Example: Unique NAT per peering Route Policy IOS XE
RTR1 Example BGP Configuration
The following diagram is an example of a typical router bgp 64496 neighbor 192.0.2.2 remote-as 13445 active/standby topology. Router 1 (RTR1) is the primary path ! address-family ipv4 and Router 2 (RTR2) is the backup. neighbor 192.0.2.2 activate neighbor 192.0.2.2 send-community both neighbor 192.0.2.2 route-map PRIMARY-OUT out neighbor 192.0.2.2 route-map PRIMARY-IN in Enterprise Network exit-address-family ! Local ip prefix-list ADVERTISE-NAT1-TO-WEBEX seq 5 permit 198.51.100.0/28 Primary ! Preference route-map PRIMARY-OUT permit 10 200 match ip address prefix-list ADVERTISE-NAT1-TO-WEBEX RTR1 ! route-map PRIMARY-IN permit 10 198.51.100.0/28 NAT1 192.0.2.1/30 192.0.2.2/30 set local-preference 200
198.51.100.16/28 NAT2 192.0.2.5/30 192.0.2.6/30 RTR2 Example BGP Configuration RTR2 AS13445 Local router bgp 64496 AS 64496 neighbor 192.0.2.6 remote-as 13445 Preference Secondary ! 100 address-family ipv4 neighbor 192.0.2.6 activate neighbor 192.0.2.6 send-community both neighbor 192.0.2.6 route-map SECONDARY-OUT out Webex to Enterprise network path selection: neighbor 192.0.2.6 route-map SECONDARY-IN in RTR1 and RTR2 are advertising unique prefixes. The Webex network will respond to the exit-address-family ! router performing the NAT. ip prefix-list ADVERTISE-NAT2-TO-WEBEX seq 5 permit 198.51.100.16/28 ! Enterprise to Webex Network path selection: route-map SECONDARY-OUT permit 10 match ip address prefix-list ADVERTISE-NAT2-TO-WEBEX RTR1 applies a local preference of 200 to make it the most desirable path towards the Webex ! network. route-map SECONDARY-IN permit 10 set local-preference 100
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 High Availability and Redundancy Equinix Circuit
Enterprise Network BGP Peering
RTR1 192.0.2.1/30 192.0.2.2/30
198.51.100.0/28 NAT
AS 64496 AS13445 Multi-link Single Router LAG Bundle Single BGP Support as single Port Peering
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Internet as a backup
Enterprise Network
X
NAT
NAT X Internet as a backup • Internet is a valid fail-over path solution during Edge connect failures or maintenance events Internet • A brief meeting disruption is expected if the client IP address changes due to NAT pool change
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Internet as a backup
Enterprise Network X
NAT
Avoid Disruptions • Limit edge router responsible to routing and Internet forwarding packets • BFD Fast failure detection ensures meeting traffic is redirected over alternative available links to prevents meeting disruptions • Perform NAT on a device inside network
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Hybrid Peering: Edge Connect and Direct Internet Access
Webex DC Webex DC Webex DC
Internet Internet
NAT NAT NAT Local Local Local NAT Pool NAT Pool NAT Pool
Enterprise Network Enterprises will need to limit route leaking across their WAN to ensure remote offices utilize local Internet paths
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Link Redundancy and Site Redundancy
Internet NAT NAT NAT NAT
Enterprise WAN
Enterprise Network - West Enterprise Network - East
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Link Redundancy and Site Redundancy
Internet
NAT NAT
Enterprise Network - West Enterprise Network - East
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Edge Audio w/ Edge Connect using Internet as Backup DNS SRV: _sips._tcp.edge-us.example.com Priority determines list order Cisco Site 1 Webex Edge DNS SRV Records Unified CM Audio - _sips._tcp.edge-us.example.com. 60 IN SRV 10 5 5062 exp-us1.example.com Secondary _sips._tcp.edge-us.example.com. 60 IN SRV 20 5 5062 exp-us2.example.com 1:1 NAT
Internet
exp-us2.example.com Meeting Z Webex Edge Audio - Primary 1:1 NAT Laptop Client Call back made to On net IP phone exp-us1.example.com
• Expressway-E is configured in Webex for callback Customer • +1 is defined in Webex callback settings Primary Path Premises • SRV records along with DNS configuration will set Secondary Path Expressway cluster exp-us1 as Primary and exp-us2 as Secondary BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 What level of redundancy is desired?
Link Level Redundancy? • Cost vs other redundancy options • Expressway solution considerations • Seamless recovery Site to Site redundancy? • Can the MAN/WAN support the traffic load? • Changing NAT pools can cause service disruption Failover to Direct Internet Access (DIA)? • Use your DIA link as a redundant option • Changing NAT pools can cause service disruption
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Webex Traffic Flows over Edge Connect Webex Edge Connect - Traffic Signaling and Media
Signaling Edge Connect Peering Link Media
Webex Meetings App Signaling and Media Webex Meetings App Edge Connect
Z
Webex Meetings Browser Integration ECX and Productivity Tools Z
Public Internet
Internet
Customer
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Webex Edge Connect - Traffic Signaling and Media
Signaling Edge Connect Peering Link Media
Webex Meetings App Signaling and Media
Webex Teams, Board and Endpoint’s Media Edge Connect Webex Boards Webex Teams Z Cloud Registered Endpoints
ECX
Z Public Internet
Webex Teams, Board and Endpoint’s Signaling Internet
Customer
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Webex Edge Connect - Traffic Signaling and Media
Signaling Edge Connect Peering Link Media
Webex Meetings App Signaling and Media
Webex Teams, Board and Endpoint’s Media Edge Connect Webex Boards Webex Teams Video Mesh Cascade Media Z Cloud Registered Z Endpoints Video Mesh ECX
Z Public Internet
Webex Teams, Board and Endpoint’s Signaling Internet Video Mesh Signaling Customer
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Webex Unified CM integration – Video Mesh Enablement Z Signaling and Media Video Mesh
Signaling Edge Connect Peering Link Media
Webex Meetings App Signaling and Media Unified CM Webex Teams, Board and Endpoint’s Media Cisco Video Edge Connect Unified Devices CM Z Video Mesh Cascade Media SIP Trunk
Video Mesh ECX
Z Public Internet
Webex Teams, Board and Endpoint’s Signaling Internet Video Mesh Signaling Customer
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Webex Unified CM Integration – Video Device- Enablement Enabled Cisco Webex Meetings Z Signaling and Media Expressway Signaling C/E Edge Connect Peering Link Media
Webex Meetings App Signaling and Media Webex Video Webex Teams, Board and Endpoint’s Media Cisco Meetings Edge Connect Unified CM Z Video Mesh Cascade Media SIP Trunk
Expressway Signaling and Media Expressway C/E ECX
Z Public Internet Video Endpoints Webex Teams, Board and Endpoint’s Signaling Internet Video Mesh Signaling Customer
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Webex Unified CM Integration – Webex Edge Audio Enablement Z
Expressway Signaling C/E Edge Connect Peering Link Media
Webex Meetings App Signaling and Media Webex Edge Webex Teams, Board and Endpoint’s Media Cisco Audio Edge Connect Unified CM Video Mesh Cascade Media SIP Trunk Z
Expressway Signaling and Media Expressway C/E ECX
Z Dials +1.844.621.3956 US Webex Access Number Public Internet IP Phone Webex Teams, Board and Endpoint’s Signaling Internet Video Mesh Signaling Customer
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 Webex Unified CM Integration – Webex Hybrid Services Enablement
Signaling Z Media Video Endpoints REST/HTTPS Expressway Z Hybrid Calling C/E Edge Connect
Z
Cisco SIP Trunk Unified CM ECX
Expressway C/E
Active Directory Directory Connector Z
Expressway-C Webex Connectors Communication Connector Host Management Connector Microsoft Exchange Calendar Connector Internet Call Connector Customer
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Connect to DNS Webex Routes webex.com Server AMER 64.68.96.0/19 DNS Lookup 64.68.104.0/21 Internet …. APAC 69.26.176.0/20 69.26.176.0/22 …. 64.68.96.55 EMEA DNS 62.109.192.0/18 Signaling Server …. Media Equinix
OSPF BGP BGP
Customer
Network BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Connect to DNS Webex Routes wbx2.com Server AMER 64.68.96.0/19 DNS Lookup 64.68.104.0/21 Internet …. APAC 69.26.176.0/20 69.26.176.0/22 13.59.223.20 …. EMEA 64.68.96.55 DNS 62.109.192.0/18 Signaling Server …. Media Equinix
OSPF BGP BGP
Customer
Network BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Connecting to Webex through Enterprise Firewalls: Webex Teams Apps and Devices Firewalls : Whitelisting Ports and Destinations Signalling You will need to allow Webex Teams media and signaling traffic to pass UDP Media through your Enterprise Firewall – For white listing details refer to : Webex Teams Network Requirements doc : https://collaborationhelp.cisco.com/article/en-us/WBX000028782
Webex
Media Port Ranges : Source UDP Ports : Voice 52000 - 52099, Video 52100- 52299 Source TCP/ HTTPS Ports : Ephemeral (=> No DSCP re-marking) Destination UDP/ TCP Port : 5004 Destination HTTPS (TLS) Port : 443 Destination IP Addresses : Global IP subnets listed in doc above
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Firewall rules continued Webex Teams, Board and Registered Video Endpoints Include all rules outlined in the following documents: Webex Meetings: https://collaborationhelp.cisco.com/article/en-us/WBX264 Webex Teams & Boards: https://collaborationhelp.cisco.com/article/en-us/WBX000028782
Note - Teams, Board and Registered Video Endpoints signaling service and messaging requires Internet access.
Source IP Destination IP Destination Port Protocol Description Devices using this rule HTTPS and WSS for signalling and messaging. If your firewall supports DNS resolution, or you Internet Your networks ANY 443 TLS are using a proxy; use these Webex Teams All URLs to white list access to Webex Teams access services. Video Mesh Node cascade signalling required Video Mesh Node ANY 444 TCP Cascade Signalling to Webex Cloud Video Mesh Node ANY 123 UDP Network Time Protocol Video Mesh Node NTP Video Mesh Node ANY 53 TCP/UDP Domain Name System Video Mesh Node DNS Secure audio, video. Content sharing on Your Networks Webex Collaboration Cloud 5004 (1) UDP SRTP All Webex Teams devices Used for secure content sharing on Webex Teams desktop and mobile apps. Your Networks Webex Collaboration Cloud 5004 TCP SRTP All except Webex Board Also serves as a fallback transport for audio and video if UDP cannot be used. Used as a fallback transport for audio, video TLS/HTTPS Webex Teams desktop and mobile Your Networks Webex Collaboration Cloud 443 and content sharing if UDP and TCP cannot be SRTP apps used. Secure audio, video & content sharing media Video Mesh Nodes in your Video Mesh Node Cascade Webex Collaboration Cloud 5004 UDP SRTP from Video Mesh Node to the Webex Cloud networks connections (TCP also supported, but not recommended) SIP calls to or from Webex Teams, Your Networks Webex Collaboration Cloud 33434-33598 UDP SRTP Secure audio, video & content sharing media including Hybrid Call Service © 2020 Cisco and/or its affiliates. All rightsConnect reserved. Cisco Public Marking for Webex Media Cisco Webex Teams Media Assigning Cisco Webex Teams Media Traffic To Queues
Cisco Webex Audio-only EF Audio traffic marked PHB Endpoints
EF PQ EF / DSCP 46 mapped to BW Assigned BW to Cisco Webex EF priority queue
Room / Board WRED AF41
AF41
Video LLQ Video traffic marked PHB Cisco Webex CBWFQ Applications AF41 Classes AF41 / DSCP 34 mapped
AF41 to a class-based other other queues weighted fair queue with DSCP-based WRED
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 Cisco Webex Teams Media Webex Teams Endpoint and Applications Native Marking
PHB; DSCP 802.11 User Traffic Type Notes (decimal value) Priority (UP) Includes audio streams of voice-only calls, Audio EF; 46 6 audio streams of video calls, and related RTCP packets Includes video streams (main video and Prioritized video AF41; 34 5 presentations or content) and related RTCP packets Includes messaging, file transfer, Other traffic Best Effort; 0 0 configuration, call and meeting setup
Microsoft Windows does not allow applications to mark DSCP natively. Group Policy Objects (GPO) can be used to instruct the operating system to classify traffic from the application based on specific port ranges; however, we recommend following a network-based classification scheme.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 Webex Edge Connect – Where to mark/queue
Customer Edge ECX Enterprise LAN Metro link to Equinix Cage Equinix Facility Cage
Outbound Outbound Ingress Policy Ingress Policy Queue Queue
Outbound Outbound Ingress Policy Ingress Policy Queue Queue
Hybrid PA for more guidance© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Media Signatures for Cisco Webex Teams and Cloud Registered Endpoints Client to Cloud (Reverse for Cloud to Client) Source IP Destination IP Source UDP Destination UDP Recommended Media Ports Ports DSCP Type Webex Teams Webex cloud and 52000 to 5004 EF Audio application or Video Mesh Media 52099 endpoint Services Webex Teams Webex cloud and 52100 to 5004 AF41 Video application or Video Mesh Media 52299 endpoint Services Video Mesh Node Webex Cloud 52500 to 5004 EF Audio Media Services 62999 Video Mesh Node Webex cloud 63000 to 5004 AF41 Video Media Services 65500 Video Mesh Node Video Mesh Node 52500 to 5004 EF Audio 62999 Video Mesh Node Video Mesh Node 63000 to 5004 AF41 Video
65500 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Media Signatures for Cisco Webex Meetings Application Client to Cloud (Reverse for Cloud to Client)
Source IP Destination IP Source UDP Destination UDP Recommended Media Ports Ports DSCP Type Cisco Webex Webex Cloud Ephemeral 9000 AF41 Audio / Meetings Application Video
Webex Meetings App webex-audio = Webex audio streaming webex-video = Webex video streaming webex-app-sharing = Webex app sharing traffic Z webex-meeting = Webex Signaling Traffic - (non- Webex Mtgs App media – not port based) NBAR2
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 Port Usage Today – Webex Teams
Enterprise Network Internet
TCP TCP 443 UDP 52000-52099 Z TCP/ UDP Webex Teams UDP 5004 52100- 52299
Cisco Webex Teams Endpoints and Applications
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 Port Usage Today – Webex Teams
Enterprise Network Internet
TCP TCP CS3 443 UDP EF 52000-52099 Z TCP/ UDP Webex Teams UDP AF41 5004 52100-
52299 AF41 NBAR2
Cisco Webex Teams Endpoints and Applications
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 Port Usage Today – Webex Meetings App
Enterprise Network Internet
TCP TCP 80/443 Z Webex Mtgs App UDP TCP/ Ephemeral UDP 9000 Cisco Webex Teams Endpoints and Applications
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Port Usage Today – Webex Meetings App
Latest Webex Version Enterprise Network Internet
TCP TCP CS3 80/443 AF41 WebexZ Mtgs App STUN UDP EF TCP/ Ephemeral UDP
AF41 9000 NBAR2 Cisco Webex Teams Endpoints and Applications
Protocol Pack 39/41
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 Video Mesh Node – Ports • Webex Control Hub Services > Video Mesh Video Mesh Cluster • QoS (Enabled by Default) • Enables Cascade Port Ranges and Native Marking • Audio 52500-62999 (EF)* Video Mesh • Video 63000-65500 (AF41)* Node
* When disabled changes the source ports that are used for audio, video, and content
sharing from the Video Mesh node to the range© 202034000 Cisco and/or to its affiliates. 34999 All rights reserved. Cisco Public 67 Video Mesh - Native Marking QoS Enabled Enterprise Network Internet
TCP TCP 443
UDP 52000-52099 AF41 TCP/ Video Mesh UDP UDP AF41 5004 Node TCP TCP 52100- 443,444 52299 AF41 UDP 52500-62999 EF TCP TCP/ 5000,5001 AF41 UDP Cisco Webex Teams UDP 5004 Endpoints and Clients 63000-
UDP 65500 62999
65500 AF41 - 5004 -
TCP
TCP (SIP)TCP 5060,5061
UDP 52500
UDP 63000
UDP
52500-62999
AF41
AF41 EF UDP 63000- Source ports configure on Video Mesh 65500 Unified CM Node SIP Endpoints © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 Video Mesh - Native Marking QoS Disabled Enterprise Network Internet
TCP TCP 443
UDP 52000-52099 AF41 TCP/ Video Mesh UDP UDP AF41 5004 Node TCP TCP 52100- 443,444 52299 AF41 UDP 34000 - AF41 34999 TCP TCP/ 5000,5001 AF41 UDP Cisco Webex Teams UDP 5004 Endpoints and Clients 34000 -
UDP 34999 62999
65500 AF41 - 5004 -
TCP
TCP (SIP)TCP 5060,5061
UDP 52500
UDP 63000
UDP
52500-62999
AF41
AF41 AF41
UDP 63000- Source ports configure on Video Mesh 65500 Unified CM Node SIP Endpoints © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69 Expressway
Cisco Expressway Core • System → Quality of Service (C) and Edge (E) • DSCP Signaling value 24 (Default) → CS3 • DSCP Audio value 46 (Default) → EF • DSCP Video value 34 (Default) → AF41 • DSCP XMPP value 24 (Default) → CS3
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70 ip access-list extended QOS_VOICE Webex Ingress QoS Policy permit udp any range 17000 17999 any dscp ef ip access-list extended QOS_PRIORITIZED_VIDEO permit udp any range 17000 17999 any dscp af41 ip access-list extended QOS_WEBEX_TEAMS_AUDIO permit udp any range 52000 52099 any any Z permit udp any eq 5004 any range 52000 52099 Webex Mtgs App ip access-list extended QOS_WEBEX_TEAMS_VIDEO permit udp any range 52100 52299 any any permit udp any eq 5004 any range 52100 52299
Update QoS class-map match-any VOICE configuration match protocolaccess-group WEBEX name-AUDIO QOS_VOICE
ip acces-list… match access-group name QOS_WEBEX_TEAMS_AUDIO permit udp… . . . class-map match-an… match access-g . . . class-map match-any PRIORITIZED_VIDEO Webex Meetings App match protocolaccess-group WEBEX name-VIDEO QOS_PRIORITIZED_VIDEO webex-audio = Webex audio streaming match protocolaccess-group WEBEX name-APP -QOS_WEBEX_TEAMS_VIDEOSHARING webex-video = Webex video streaming webex-app-sharing = Webex app sharing traffic webex-meeting = Webex Signaling Traffic - (non- media, not port based) NBAR2 BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 ip access-list extended QOS_VOICE Webex Ingress QoS Policy permit udp any range 17000 17999 any dscp ef ip access-list extended QOS_PRIORITIZED_VIDEO permit udp any range 17000 17999 any dscp af41 ip access-list extended QOS_WEBEX_TEAMS_AUDIO permit udp any range 52000 52099 any any Z Z Webex Cloud permit udp any eq 5004 any range 52000 52099 Registered Webex Teams ip access-list extended QOS_WEBEX_TEAMS_VIDEO Video permit udp any range 52100 52299 any any permit udp any eq 5004 any range 52100 52299
Update QoS class-map match-any VOICE configuration match protocolaccess-group cisco name-spark QOS_VOICE-audio
ip acces-list… match access-group name QOS_WEBEX_TEAMS_AUDIO permit udp… . . . class-map match-an… match access-g . . . Webex Teams class-map match-any PRIORITIZED_VIDEO cisco-spark-audio = Teams audio streaming match protocolaccess-group cisco name-spark QOS_PRIORITIZED_VIDEO-video cisco-spark-video = Teams video streaming match access-group name QOS_WEBEX_TEAMS_VIDEO cisco-spark-media = Outdated: Will match if Audio and Video are not matched cisco-spark = Teams Signaling (login, chat, keep-alive, etc…) NBAR2 BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73 WAN Ingress QoS Ingress Policy 1 Marking Policy
! This section applies the policy-map to the Interface Ingress 1 Policy Router(config-if)# service-policy input INGRESS-MARKING ! Attaches service policy to interface 2
! This section configures the policy-map to set DSCP for Trusted and Untrusted Voice, Video and SIP Signaling on ingress ! This section configures the classes class-map match-any VOICE policy-map INGRESS-MARKING match webex-audio class VOICE match access-group QOS_WEBEX_TEAMS_AUDIO set dscp ef class-map match-any PRIORITIZED-VIDEO class PRIORITIZED-VIDEO match webex-video set dscp af41 match access-group QOS_WEBEX_TEAMS_VIDEO class OPPORTUNISTIC-VIDEO class-map match-any SIGNALING 3 set dscp af42 match webex-meeting class SIGNALING match cisco-spark set dscp cs3 match access-group QOS_SIGNALING class class-default© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ingress Policy 1 WAN
Egress Policy 6
! This section configures the policy-map to set DSCP for Trusted and Untrusted Voice, Video and SIP Signaling on ingress ! This section configures the classes class-map match-any VOICE 4 policy-map INGRESS-MARKING match webex-audio class VOICE match access-group QOS_WEBEX_TEAMS_AUDIO set dscp ef class-map match-any PRIORITIZED-VIDEO class PRIORITIZED-VIDEO match webex-video set dscp af41 match access-group QOS_WEBEX_TEAMS_VIDEO class OPPORTUNISTIC-VIDEO class-map match-any SIGNALING 3 set dscp af42 match webex-meeting class SIGNALING match cisco-spark set dscp cs3 match access-group QOS_SIGNALING class class-default© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public ! This section configures the ACL’s ip access-list extended QOS_WEBEX_TEAMS_AUDIO Ingress Policy 1
permit udp any range 52000 to 52099 any 5004 WAN permit udp eq 5004 any range 52000 to 52099 ip access-list extended QOS_WEBEX_TEAMS_VIDEO 5 permit udp any range 52100 52299 any 5004 permit udp eq 5004 any range 52100 52299 Egress Policy 6
4 ! This section configures the policy-map to set DSCP for Trusted and Untrusted Voice, Video and SIP Signaling on ingress ! This section configures the classes class-map match-any VOICE policy-map INGRESS-MARKING match webex-audio class VOICE match access-group QOS_WEBEX_TEAMS_AUDIO set dscp ef class-map match-any PRIORITIZED-VIDEO class PRIORITIZED-VIDEO match webex-video set dscp af41 match access-group QOS_WEBEX_TEAMS_VIDEO class OPPORTUNISTIC-VIDEO class-map match-any SIGNALING 3 set dscp af42 match webex-meeting class SIGNALING match cisco-spark set dscp cs3 match access-group QOS_SIGNALING class class-default© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Egress Classification Egress Policy 6 and Queuing WAN
! This section applies the policy-map to the Interface 6.1 Router (config-if)# service-policy output EGRESS-QUEUING ! Attaches service policy to interface
! This section configures the bandwidth for all collab traffic policy-map EGRESS-QUEUING 6.2 class VOICE ! This section applies the policy-map priority percent 10 class-map match-all VOICE ! Provisions 10% LLQ to VOICE class match dscp ef class VIDEO class-map match-any VIDEO bandwidth percent 30 match dscp af41 ! Provisions 30% CBWFQ to VIDEO class match dscp af42 class SIGNALING class-map match-all SIGNALING bandwidth percent 2 6.3 match dscp cs3 ! Provisions 2% CBWFQ to SIGNALING class BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78 … QoS Marking and Traffic Queuing
Key Takeaways
• Simplified Ingress Remarking Policy
• Egress Queuing Policy (recommended)
• Single video queue for AF class traffic model is recommended
• All Webex media traffic can be differentiated and marked
• QoS should be set prior to arriving at Edge Connect
• Webex Edge Connect over Equinix does not modify the QoS marking applied but does not use it either. It will only be used for your outbound queueing (If configured)
• A QoS policy is required for traffic coming from Webex to remark it prior to entering the Enterprise.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79 Common Questions and Answers
Q: Does Edge Q: Will Edge Connect Q: Will Edge Connect Q: Does Edge Connect support support a private support private IP Connect support 4 IPv6 BGP AS Addressing byte ASN
A: Yes, contact A: No your account A: No A: Yes team to request
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80 Reference Links Tutorial Videos
• ECX Portal Tutorials: https://ecxfabric-documentation.equinix.com/hc/en-us/articles/360013215672-Video- tutorials
• ECX Portal Edge Connect Ordering Tutorial: https://www.youtube.com/watch?v=WhRHgbUXGns
Cisco Webex Edge Connect Documentation
• https://collaborationhelp.cisco.com/article/en-us/n68tcpb
Equinix Cloud Exchange Portal
• https://cloudexchangeportal.equinix.com
Network requirements for Webex Services
• Webex Meetings: https://collaborationhelp.cisco.com/article/en-us/WBX264
• Teams & Boards: https://collaborationhelp.cisco.com/article/en-us/WBX000028782
Network connectivity test
• https://mediatest.webex.com
AS13445 Looking Glass
• http://lg.webex.com/lg/ © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex Edge Audio Components of Webex Edge for Meetings
Webex Edge for Meetings
1 Connect 2 Audio 3 Video Mesh
Direct Connection to the Webex Meeting Audio via the Meeting Resources on Webex Datacenter Internet or Edge Connect premises
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83 Cisco Webex PSTN Audio High level overview
1. On-premises telephone or cell phone Call dials the Webex meeting number to Control/PBX get connected by audio into the Meeting meeting.
2. Signaling is routed via the on- premises call control device/PBX or by the cell phone network to Webex Meetings audio service. Webex Dials theIP Webex PSTN 3. Audio media (the sound) is meetingPhone number PSTN GW Dials the Webex connected via the Webex PSTN meeting number Customer connection between the Webex Signaling meeting and the on-premises phone Premises Media Path or cell phone.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 84 Cisco Webex Edge Audio High level overview
1. Webex Edge On-premises telephone dials the Cisco Audio Webex meeting number or gets a call Unified CM back from the Webex meeting to get Meeting Z connected by audio into the meeting.
2. Signaling is routed via the on- Expressway C/E premises call control device (Unified CM) through the Expressway C and E to Webex Meetings audio service.
IP 3. Audio media (the sound) is routed Phone from the Webex meeting to the Customer Expressway E and C and then to the Signaling on-premises phone for callback and Premises Media Path the reverse for call in.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 85 Cisco Webex Edge Audio
Webex Edge Cisco Audio Unified CM •Intelligent audio routing: integrating Webex with Z Unified CM Meeting • Creates end-to-end VoIP path for Unified CM Expressway C/E registered devices (callback and dial-in) • Uses company’s own PSTN for any other device (callback savings) • No SIP trunks or peering arrangements
IP required Phone •Geo-country code configurable Signaling Customer •Included in Collaboration Flex Plan – no extra Premises Media Path charge. No port charges on Expressway •Supports Webex Meetings, Events, Training No user training, no change in user behavior, easy for IT
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86 Cisco Webex Edge Audio Architecture requirements Unified CM support only • 10.5 or later
Cisco UCM registered IP phones • Supporting G.711 or G.722 Webex Edge Audio Cisco Expressway support only Unified Meeting • X8.10 or later CM Z • Can use existing Expressway C/E deployment • Audio scale dependent on Expressway Expressway C/E deployment and services enabled.
Webex site • WBS 33.x or higher • Included in Flex, A-WBX and A-SPK SKU need IP the Webex Edge Audio package Phone • Not available on CCA-ENT or TSP sites. • Requires migration to Webex Audio Site Customer Signaling Premises Requires a signed certification from a Cisco trusted Media Path Certificate Authority (CA)
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87 Configuration Steps Best Practice
1. Make a new SIP trunk from CUCM to
Meeting Expressway – C, do not use an existing Webex Edge trunk. Cisco Audio 2. Create a new dedicated traversal zone Unified CM between Expressway C and E for Edge Z SIP Trunk Internet Audio only, do not use an existing zone.
Expressway C/E 3. MRA and Edge Audio can co-reside on the same Expressway C/E pair.
4. Dials +1.844.621.3956 Edge Audio is based on +E.164 US Webex Access Number numbers for dialing. IP Phone 5. Recommend a dedicated Expressway C & E pair for environments that require Customer Signaling high volume webex audio calling Premises Media Path support. USA
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89 Expressway sizing
Expressway – C + E Single Expressway C + E pair 1 node cluster • Supports up to 1000 audio calls
• Size the Expressway clusters based on peak load and regional traffic
• Each Expressway cluster supports up to 4000 peak audio calls with full active- active redundancy
• Each Expressway 6 node cluster supports up to 16 calls per sec.
Expressway – C Expressway – E • Recommend dedicating Expressway C and 6 node cluster 6 node cluster E pairs for Edge audio only calls to Webex for large peak loads
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90 Cisco Webex Edge Audio Overview Architecture configuration
Overview of Webex Edge Audio Webex Edge Configuration Steps: Cisco Audio Unified CM 1. Obtain dial-in numbers and Lua script Meeting Z from Control Hub
Expressway C/E 2. Configure Unified CM 3. Set Up Expressway-C
4. Set Up Expressway-E
IP 5. Phone Open Firewall ports 6. Apply Signed Certificate From Trusted Customer Signaling Certificate Authority Premises Media Path 7. Apply Edge Audio Callback Settings
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91 Cisco Webex Edge Audio Architecture configuration – Dial in
Overview of Webex Edge Audio Webex Edge Configuration Steps: Cisco Audio Unified 1. Obtain dial-in numbers and Lua script CM Z from Control Hub
Expressway C/E 2. Configure Unified CM 3. Set Up Expressway-C
4. Set Up Expressway-E
IP Phone 5. Open Firewall ports 6. Apply Signed Certificate From Trusted Customer Signaling Premises Certificate Authority Media Path 7. Apply Edge Audio Callback Settings
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
1. Obtain dial-in numbers and Lua script from Webex Control Hub.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
1. Obtain dial-in numbers and Lua script from Webex Control Hub.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 94 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
1. Obtain dial-in numbers and Lua script from Webex Control Hub
Lua Script Changes outgoing INVITE RequestURI and To header
RequestURI will be changed to have • Webex Edge Audio DNS SRV for a Webex region • x-cisco-site-uuid parameter
To header will be changed to have • Webex access number added
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Webex Edge Audio Call-in Set Up Cisco Audio Steps: Unified Meeting CM Z 2. Configure Unified CM • Create SIP Normalization Script using the Expressway C/E Webex LUA Script • Create or Update Early Offer Profile. • Create a Sip Trunk Security Profile. • Create a CSS for class of service for IP incoming Webex Edge Audio calls Phone • Create a new Trunk between Cisco UCM and Expressway-C and apply above CSS Customer Signaling Premises • Create Route Patterns for Webex Media Path numbers.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 96 Cisco Webex Edge Audio Architecture configuration
Webex Edge Audio Call-in Set Up Steps:
2. Configure Unified CM
✓ Create SIP Normalization Script using the Webex LUA Script • Device -> Device Settings -> SIP Normalization Script • Import file or input script details in the Content section.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97 Cisco Webex Edge Audio Architecture configuration
Webex Edge Audio Call-in Set Up Steps:
2. Configure Unified CM
✓ Create SIP Normalization Script using the Webex LUA Script ✓ Create or Update Early Offer Profile. • Device -> Device Settings -> SIP Profile
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 98 Cisco Webex Edge Audio Architecture configuration
Webex Edge Audio Call-in Set Up Steps:
2. Configure Unified CM
✓ Create SIP Normalization Script using the Webex LUA Script ✓ Create or Update Early Offer Profile. ✓ Create a Sip Trunk Security Profile. • System -> Security -> SIP Trunk Security Profile • Update Security Mode • Incoming port to a nonconflicting port. Do not use 5060 or 5061
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99 Cisco Webex Edge Audio Architecture configuration
Webex Edge Audio Call-in Set Up Steps:
2. Configure Unified CM
✓ Create SIP Normalization Script using the Webex LUA Script ✓ Create or Update Early Offer Profile. ✓ Create a Sip Trunk Security Profile. • Create a CSS for class of service for incoming Webex Edge Audio calls • Create a new Trunk between Cisco UCM and Expressway-C and apply the above CSS.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100 Cisco Webex Edge Audio Architecture configuration
Webex Edge Audio Call-in Set Up Steps:
2. Configure Unified CM ✓ Create SIP Normalization Script using the Webex LUA Script ✓ Create or Update Early Offer Profile. ✓ Create a Sip Trunk Security Profile. ✓ Create a CSS for class of service for incoming Webex Edge Audio calls ✓ Create a new Trunk between Cisco UCM and Expressway-C and apply above CSS • Create Route Patterns for the Global Webex access numbers.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101 Cisco Webex Edge Audio Architecture configuration
Webex Edge Cisco Audio Webex Edge Audio Call-in Set Up
Unified Meeting Steps: CM Z 3. Configure Expressway-C Expressway C/E • Create Neighbor zone • Define secure traversal client zone • Define search rules to forward calls between Webex Edge Audio UCM IP neighbor zone and Webex Edge Phone Audio traversal zone
Customer Signaling Premises Media Path
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 102 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
3. Configure Expressway-C • Create Neighbor zone • Define secure traversal client zone
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
3. Configure Expressway-C ✓ Create Neighbor zone • Define secure traversal client zone
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 104 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
3. Configure Expressway-C ✓ Create Neighbor zone ✓ Define secure traversal client zone • Define search rules to forward calls between Webex Edge Audio UCM neighbor zone and Webex Edge Audio traversal zone
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Webex Edge Steps: Cisco Audio
Unified Meeting 4. Configure Expressway-E CM Z
Expressway C/E • Set up Secure Traversal Server Zone. • Set up mTLS zone to Webex • If you're using an Expressway version before X8.11, then the DNS Zone with Mutual TLS (mTLS). IP • If you're using Expressway version x8.11 or later, Phone then the Webex Zone. • Define search rules to forward calls Customer Signaling between between Webex Edge Audio Premises Traversal Zone and Webex Zone Media Path • Configure Mutual TLS (mTLS)
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
4. Configure Expressway-E
• Set up Secure Traversal Server Zone.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 107 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
4. Configure Expressway-E ✓ Set up Secure Traversal Server Zone. • Set up mTLS zone to Webex • If you're using an Expressway version before X8.11, then the DNS Zone with Mutual TLS (mTLS). • If you're using Expressway version x8.11 or later, then the Webex Zone.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 108 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
4. Configure Expressway-E
✓ Set up Secure Traversal Server Zone. ✓ Set up mTLS zone to Webex ✓ If you're using an Expressway version before X8.11, then the DNS Zone with Mutual TLS (mTLS). ✓ If you're using Expressway version x8.11 or later, then the Webex Zone. • Define search rules to forward calls between Webex Edge Audio Traversal Zone and Webex Zone
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 109 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Audio Call-in Set Up Steps:
4. Configure Expressway-E
✓ Set up Secure Traversal Server Zone. ✓ Set up mTLS zone to Webex ✓ If you're using an Expressway version before X8.11, then the DNS Zone with Mutual TLS (mTLS). ✓ If you're using Expressway version x8.11 or later, then the Webex Zone. • Define search rules to forward calls between Webex Edge Audio Traversal Zone and Webex Zone • Configure Mutual TLS (mTLS)
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 110 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Cisco Audio Webex Edge Audio Call-in Set Up Steps: Unified Meeting CM Z 5. Open Firewall ports
Expressway C/E • https://collaborationhelp.cisco.com/ar ticle/en-us/WBX264
IP Phone
Customer Signaling Premises Media Path
UDP 36000 - 59999
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111 Cisco Webex Edge Audio Architecture configuration – Dial in
Webex Edge Webex Edge Audio Call-in Set Up Steps: Audio Cisco 5. Open Firewall ports Unified Meeting CM Z • https://collaborationhelp.cisco.com/article/e n-us/WBX264
Expressway 6. Apply Signed Certificate From Trusted C/E Certificate Authority • https://collaborationhelp.cisco.com/article/en- us/WBX9000008850
IP Phone
Customer Signaling Premises Media Path
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 112 Cisco Webex Edge Audio Overview Architecture configuration – Call Back
Webex Edge Cisco Audio Overview of the Webex Edge Audio Callback Set Up Steps: Unified Meeting Z PSTN CM 1. Apply Webex Edge Audio Callback Expressway C/E Settings • Define country callback parameters in Control Hub • Ensure the proper SRV record configuration for Expressway - E • Ensure connectivity checks are successful. IP Phone 2. Configure Expressway- E to accept calls and route to Expressway – C Customer Signaling 3. Configure Expressway - C to accept calls Premises Media Path and route them to Cisco UCM 4. Cisco UCM routes the +E.164 audio call to the IP phones or local PSTN
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 113 Cisco Webex Edge Audio Architecture configuration – Call Back Create DNS SRV Records for Expressway-E with the following parameters:
Webex Edge 1. SIPS (_sips._tcp) DNS SRV record for peering Audio domain (for example edge.example.com). It is Cisco recommended that Edge Audio Expressways have Unified Meeting its own subdomain. CM Z 2. The DNS SRV records must refer to the mutual Expressway C/E TLS port (the default mutual TLS port is 5062). You cannot reuse existing MRA (_collab-edge._tcp), or B2B (_sips._tcp) SRV records, because Edge Audio requires that the SRV records resolve to the Internet Expressway-E cluster’s mutual TLS port. Both MRA DNS DNS and B2b cannot use mutual TLS. IP Phone DNS SRV 3. The hostnames (FQDNs) in the DNS SRV records _sips._tcp.edge.example.com must resolve to the Expressway-E cluster’s IP Customer DNS SRV Records Signaling addresses through DNS A/AAAA record(s). _sips._tcp.edge.example.com. 60 IN SRV 10 10 5062 expe1.example.com. Premises _sips._tcp.edge.example.com. 60 IN SRV 10 10 5062 expe2.example.com. DNS-SRV-Records-for-Expressway-E document Media Path https://help.webex.com/preview/en-us/eb6cb7/DNS-SRV- Records-for-Expressway-E
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 114 Cisco Webex Edge Audio Architecture configuration – Call Back
Overview of the Webex Edge Audio Callback Set Up Steps:
1. Apply Webex Edge Audio Callback Settings • Define country callback parameters in Control Hub • Default settings: +E.164 number for callback • Ensure proper SRV record configuration for Expressway • Note: do not enter the full SRV record entry • Ensure connectivity checks are successful.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 115 Extension callback
Webex Edge Edge Audio Extension Callback: Cisco Audio Unified • User defines local extension CM • Webex calls back to that extension Z Internet • Expressway C/E and CUCM figures out where to send the extension and routes the call to the device Expressway C/E Considerations: PSTN GW • There will be no PSTN fallback support Call back # for extension based call routing. 84082345 IP Meeting • It will take a maximum of 30 mins for Phone the extension callback settings to apply
Customer Premises PSTN USA
Signaling Media Path
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116 Extension callback configuration
• Select ”Extension from the drop down list
• Add SRV and click “Apply Settings” button
• A single SRV can be configured for callback
• Webex 33.x or higher required
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 117 PSTN Fall Back
Webex Edge What if any of these happen? Cisco Audio Unified CM • No local PSTN capacity Z Internet • CUCM blocks callback to PSTN Expressway C/E GW
PSTN GW • Customer wants to use Webex PSTN Meeting PSTN IP Phone • Connectivity issue in the path from Webex to the local PSTN GW Customer Premises PSTN Call back # USA +1.408.555.4478 Signaling Media Path
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118 PSTN Fall Back
When PSTN fallback will be triggered?
When an Edge Audio call is failed due Webex Edge to Cisco Audio Unified 1. DNS issues CM • DNS timeouts / failures Z Internet 2. TCP issues • TCP timeouts / failures 3. TLS issues Expressway C/E • TLS timeouts / handshake failures PSTN GW 4. SIP error responses • 380 / 4xx / 5xx / 6xx
Meeting Call back # IP +1.408.555.4478 Phone Results:
Customer • A SIP response code is sent to the Premises Webex cloud and the call is PSTN rerouted out Webex’s PSTN. USA • Media is sent from Webex PSTN to Signaling the cell phone.
Media Path BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119 PSTN Fall Back
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 120 Cisco Webex Edge Audio Architecture configuration – Call Back
Overview of the Webex Edge Audio Callback Set Up Steps:
1. Apply Webex Edge Audio Callback Settings ✓ Define country callback parameters in Control Hub • Ensure proper SRV record configuration for Expressway • Ensure connectivity checks are successful. • Success – successfully able to connect to Expressway – E. • Partial – unable to connect to a node(s) • Error - unable to connect to the Expressway - E
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 121 Cisco Webex Edge Audio
Ensure connectivity checks are successful. • Success – successfully able to connect to Expressway – E. • Partial – unable to connect to a node(s) • Error - unable to connect to the Expressway - E
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 122 Cisco Webex Edge Audio Architecture configuration – Call Back
Overview of the Webex Edge Audio Callback Set Up Steps:
1. Apply Webex Edge Audio Callback Settings ✓ Define country callback parameters in Control Hub ✓ Ensure proper SRV record configuration for Expressway ✓ Ensure connectivity checks are successful. ✓ Success – successfully able to connect to Expressway – E. ✓ Partial – unable to connect to a node(s) ✓ Error - unable to connect to the Expressway – E • Click Apply to activate the call back settings
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 123 Cisco Webex Edge Audio Architecture configuration – Call Back Exp - E
Overview of the Webex Edge Audio Callback Set Up Steps:
✓ Apply Webex Edge Audio Callback Settings ✓ Define country callback parameters in Control Hub ✓ Ensure proper SRV record configuration for Expressway ✓ Ensure connectivity checks are successful.
2. Configure Expressway-E to accept calls and route to Expressway – C • Create Webex zone (x8.11) or DNS zone (x8.10). • Note: this could have already been done if dial in configuration is enabled. • Create search rule to route Edge Audio Calls to Expressway - C
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 124 Cisco Webex Edge Audio Architecture configuration – Call Back Exp - E
Overview of the Webex Edge Audio Callback Set Up Steps:
✓ Apply Webex Edge Audio Callback Settings ✓ Define country callback parameters in Control Hub ✓ Ensure proper SRV record configuration for Expressway ✓ Ensure connectivity checks are successful.
2. Configure Expressway-E to accept calls and route to Expressway – C ✓ Create Webex or DNS zone (depends on version of Expressway software.) • Create search rule to route Edge Audio Calls to Expressway - C
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 125 Best practices/Toll Fraud
Webex Edge Audio Meeting • When sharing Expressway-C/E for Cisco Webex Edge Audio and B2B calling Unified differentiated CoS is required CM Z • Make a new SIP trunk from CUCM to Exp-C. Do not use an existing trunk Expressway C/E Internet PSTN • B2B calls should not have access to PSTN PSTN GW Webex Edge Audio • Create dedicated traversal zones, B2B Calling Expressway neighbor zones and UCM IP SIP trunks for Webex Edge call-back Phone • Apply tag to search rule “.*x-cisco- webex-service=audio” to only allow Customer Edge Audio calls to traverse the path. Premises • MRA and Edge Audio can co-reside on the same Expressway C/E pair
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 126 Best practices/Toll Fraud Exp - E
• Apply tag to search rule: (.*)@mtls.ucdemolab.com;.*x- cisco-webex-service=audio
• Makes sure only Edge Audio traffic goes across the zone.
• Allows customers to add a new rule to trust Webex Zone in the Call Policy and not change existing rules. • Place Webex Zone rule first before other rules
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco Webex Edge Audio Architecture configuration – Call Back Exp - C
Overview of the Webex Edge Audio Callback Set Up Steps:
✓ Apply Webex Edge Audio Callback Settings ✓ Define country callback parameters in Control Hub ✓ Ensure proper SRV record configuration for Expressway ✓ Ensure connectivity checks are successful.
✓ Configure Expressway-E to accept calls and route to Expressway – C
3. Configure Expressway-C to accept calls and route to Cisco UCM
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128 Cisco Webex Edge Audio Architecture configuration – Call Back
Overview of the Webex Edge Audio Webex Edge Callback Set Up Steps: Cisco Audio Unified ✓ Apply Webex Edge Audio Callback Z Meeting PSTN CM Settings ✓ Define country callback parameters in Expressway C/E Control Hub ✓ Ensure proper SRV record configuration for Expressway ✓ Ensure connectivity checks are successful.
IP ✓ Configure Expressway-E to accept calls Phone and route to Expressway – C
Customer ✓ Configure Expressway-C to accept calls Signaling and route to Cisco UCM Premises Media Path 4. Cisco UCM routes the +E.164 audio call to the IP phones or local PSTN
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 129 Deployment Scenarios Multisite Dial In PSTN Dials US, Germany and UK +44.203.198.8143 UK Webex Access Number Meeting Webex Edge Webex Edge Cisco Cisco Audio Audio Unified Unified CM CM Z Z SIP Trunk SIP Trunk Internet
Expressway C/E Expressway C/E PSTN GW Dials Dials +1.844.621.3956 +49.692.573.67268 US Webex Access Number Germany Webex Access Number IP IP Phone • Requires LUA script applied to the SIP trunk Phone configuration Customer • Off Net UK participant uses PSTN to connect to Webex Customer Premises • Media traverses Expressway C/E to the meeting for On Premises net phones USA Germany Signaling Media Path
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 131 Multisite Call Back PSTN Call back # US, Germany and UK +44.21.8824.6910
Meeting Webex Edge Webex Edge Cisco Cisco Audio Audio Unified Unified CM CM Z Internet Z
Expressway C/E Expressway C/E
Public DNS: PSTN GW
Call back # _sips._tcp.edge-amer.example.com. 60 IN SRV 0 5 5062 exp-amer.example.com. Call back # _sips._tcp.edge-emea.example.com. 60 IN SRV 0 5 5062 exp-emea.example.com. PSTN +1.408.555.4478 +49.6100.773.5678 IP • One SRV domain per region IP Phone • One SRV record per Expressway-E associates Expressway-E to Phone region Customer • Global Callback enabled on Webex Customer • Webex routes call back calls to Expressway C/E then to the local Premises Call back # Premises Cisco UCM for on net numbers +49.6100.773 USA • Cisco UCM routes in country PSTN connection for unresolved in country Germany .8852 numbers. Local PSTN toll charges apply • Webex routes call to PSTN for out of country phones (UK) Signaling Media Path
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 132 Single Country Call Back – Multiple Expressways clusters
Meeting Cisco Site 1 Webex Edge Unified CM Audio
Z
Internet exp-AUS1.example.com
WAN
Site 2 DNS SRV: Cisco Webex Edge _sips._tcp.edge-AUS.example.com Unified CM Audio DNS SRV Records
_sips._tcp.edge-AUS.example.com. 60 IN SRV 0 5 5062 exp-AUS1.example.com. Z _sips._tcp.edge-AUS.example.com. 60 IN SRV 0 5 5062 exp-AUS2.example.com.
exp-AUS2.example.com • Expressway-E is configured in Webex for callback • +61 is defined in Webex callback settings Laptop Call back made to Client On net IP phone • SRV records along with DNS configuration will Customer determine cluster routing or load balancing Signaling Premises Media Path Australia
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 133 Single site with SME
Meeting
Webex Edge Audio Cisco Unified CM (SME) Z Internet SIP Trunk
• Session Manager Edition is supported • +E.164 enterprise dial plan to route dial-in and call-back • Inter-cluster routing using ILS/GDPR • Apply LUA script on SME trunk for dial-in • Request and To: URI manipulation • Enterprise dial plan can support arbitrary dialing habits for dial-in • … as long as the number ultimately exposed to LUA Customer script is a valid +E.164 Webex dial-in number Premises Australia Signaling Media Path
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134 Cisco Webex Edge Audio w/ CCA-SP Mixed SIP Trunk & Expressway as Edge in Region 1 and Region 2
Webex Edge Audio Call Control CUCM CCA-SP Internet/Edge SIP Trunk Connect
Off-net Expressway C/E
SP PSTN
Phone IP Phone
• Investment protection. Keep SIP trunks where they Region 1 are deployed today Region 2 • Expand with Edge Audio in secondary locations/regions
• Both architectures work to support the audio calls
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 135 Audio Costs PSTN Call back # Where can it occur? +44.21.8824.6910
Meeting Webex Edge Audio Cisco Unified CM Internet Z
Expressway C/E
PSTN GW • Webex • A committed or uncommitted Webex Audio plan is needed for Call back # +49.6100.773.5678 PSTN Webex PSTN IP Phone • Customer premises • Customer needs audio capacity to support the cell phone Customer users Premises Call back # • Customer will have local PSTN charges from their PSTN GW +49.6100.773 • Webex PSTN minutes not used when using Edge Audio to the Germany .8852 customer premises Signaling Media Path
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 136 Edge Audio Reporting
• Number of Edge Audio calls • Dial in and callback numbers are combined.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 137 Edge Audio Reporting PSTN Fallback indicators
• Possible Fallback Reasons: • DNS TimeOut • DNS Error • TCP Timeout • If PSTN/CCA fallback occurred in • TLS Timeout a call back situation, it is indicated • TLS Failure in the client details popup. • SIP error
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 138 Webex Edge Video Mesh Webex Video Mesh
Internal Problem Cisco Webex Teams App ▪ 1:1 meetings use a cloud resource to meet 1.5 MB ▪ Multiparty meetings use a cloud resource to meet 3 MB ▪ Signaling and media go to and from the cloud Cisco Webex Internet Device ▪ Increased bandwidth requirement for the Internet with adoption of Cisco Webex 1.5 MB Meetings Cisco Webex Teams App
Solution
Cisco Webex Video Mesh Cisco Webex Cisco Webex Teams App Teams App
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 140 Webex Video Mesh What is it? Internet
• A little piece of our cloud on your premises
• Cisco cloud meeting capabilities packaged in a software image for Webex Video Mesh Node on-premises deployment
• Ability to provide local media processing on the corporate network.
• Customers can deploy Video Mesh Nodes across multiple locations, optimizing media quality within a location and bandwidth across locations Corporate Network • Automatic overflow from on-premises Video Mesh Node to cloud nodes
• Automatic upgrades of Video Mesh Nodes
• Single pane of glass for management, resource monitoring and usage metrics
Webex Video Mesh Node Webex Video Mesh Node
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 141 Cisco Webex Video Mesh
Corporate Network Video Mesh Node Cascade Link
Overflow: Cisco Webex- Standards-based registered devices SIP endpoints and and Cisco Webex Cisco Webex Meetings & standards-based Teams app Cisco Webex Teams SIP clients apps, or Skype for Business
Overflow: Cisco Webex- On-premises registered Cisco and third-party Cisco Webex-registered registered devices, Cisco Webex standards-based SIP endpoints and devices, and any Teams app standards-based SIP clients standards-based SIP/H.323 endpoints BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 142 Architecture Webex Video Mesh
Unified CM Expressway-C Expressway-E
Internet
OR
Webex Video Mesh Node Webex Video Mesh Node
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 143 Architecture Webex Video Mesh – Option 1
Internal DMZ
Cisco Webex Teams App Internet
Cisco Webex Device Webex Video Mesh Node Cloud Mesh Node
Cisco Webex Teams App
Internal installation considerations: ▪ All media for internal participants stay internal ▪ Placed with other collaboration infrastructure devices ▪ Single connection per conference to Cloud Mesh Nodes
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 144 Architecture Webex Video Mesh – Option 2
Internal DMZ
Cisco Webex Teams App Internet
Cisco Webex Cloud Device Webex Video Mesh Node Mesh Node
Cisco Webex Teams App
DMZ installation considerations: ▪ External media does not traverse the internal network. ▪ All media for internal participants goes to the DMZ. ▪ Security policy does not allow Cisco Webex network ports to be opened outbound for media directly to the Internet from the internal network.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 145 Architecture Webex Video Mesh – Not an Option
Internal DMZ
Cisco Webex Teams App Internet
Cisco Webex Device Webex Video Mesh Node Webex Video Mesh Node Cloud Mesh Node
Cisco Webex Teams App
• Not a firewall-traversal solution • Different architecture than Expressway C/E pair • Each Video Mesh Node communicates directly to the cloud • Can not use Expressway C/E pair for firewall traversal
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 146 What devices and scenario can the Video Mesh node be used?
Uses the Node Uses the Node
• Any Cisco Webex-registered device • Cisco VCS/Exp.-registered devices
• SX, MX, DX, Room-series, Webex • Calling a Cisco Webex scheduled Board meeting or personal room.
• SIP or H.323 (requires Interworking) • Cisco Webex Teams app
• Desktop and Mobile • Cisco Webex VDI client (39.3 or higher)
• CUCM-registered devices • Cisco Webex Call My Video System to Webex-registered endpoints • Calling a Cisco Webex scheduled meeting or personal room.
• SX, MX, DX, Room-series, Jabber, Jabber VDI (12.6 or higher)
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 147 What devices and scenario can the video mesh node be used?
Can NOT use the Node Can NOT use the Node
• Webex Teams browser client • Webex Meetings app
• teams.webex.com
• Webex Calling-registered phones • Cisco Webex Call My Video System to premises-registered endpoints
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 148 VMN = Webex Video Mesh Node Call Control Connectivity Cisco Unified Communications Manager
Cisco Webex
Unified CM VMN
SIP Trunk
Meeting
• Supported with Unified CM version 11.5(1) and higher. Recommended versions 12.5(1) and higher.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 149 Unified CM Configuration SIP Profile
• Create a SIP Profile for VMN • Modify Early Offer Support to • “Best Effort (no MTP inserted)” • Make sure SIP Options Ping is Enabled (default setting)
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 150 Unified CM Configuration SIP Trunk Security Profile
• Create a new SIP Trunk Security Profile
• Add appropriate name and description
• Use default settings
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 151 Unified CM Configuration SIP Trunk
• Create a new SIP Trunk • Name the trunk • IPv4 or FQDN of VMN • Port 5060 • Add VMN SIP Trunk Security Profile • Add VMN SIP Profile • Run On All Active Unified CM Nodes • Calling and Connecting Party Info Format • Deliver URI and DN in connected party, if available.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 152 VMN = Webex Video Mesh Node Call Control Connectivity Unified Communications Manager
Cisco Webex
Unified CM VMN
SIP Trunk
Meeting
• Previously only supported unencrypted SIP over 5060 • Added support for SIP over TLS using port 5061 on the trunk
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 153 Secured Media & Signaling to CUCM
• Secured trunk between CUCM & VMN • CUCM in Mixed Mode.
• Certificate Management • CUCM VMN
• Enabled on the Control Hub at the organization Level • All VM Nodes must be enabled with secured trunks within organization
• Endpoints must use encrypted connections to the VMN. Endpoints running without encrypted connections to the VMN will overflow to cloud, assuming the environment has a Expressway C/E for Internet connectivity and CUCM has a trunk setup to the Expressway C/E.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 154 SIP over TLS Trunk
Video Mesh -> Settings
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 155 SIP over TLS Trunk
Video Mesh -> Cluster Settings
CUCM pub and subs
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 156 SIP over TLS – SIP Profile
• Set “Early Offer support for voice and video calls” to Best Effort (no MTP inserted)
• “Enable OPTIONS Ping to monitor destination status for Trunks with Service Type” is checked.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 157 SIP over TLS – Trunk Security Profile
• Device Security mode: Encrypted
• Incoming and outgoing: TLS
• X.509 Subject Name
• SIP V.150 Outbound SDP Offer Filtering: Use Default Filter
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 158 SIP over TLS – Trunk Config
• Enable sRTP Allowed
• Run On All Active Unified CM Nodes
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 159 SIP TLS – Trunk Config
• Calling and Connecting Party Info Format
• Deliver URI and DN in connected party, if available.
• Destination Address
• Destination Port - 5061
• Video Mesh Trunk Security Profile
• Video Mesh SIP Profile
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Unified CM Configuration SIP Route Pattern
• SIP route pattern for customer Webex domain • sitename.webex.com
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 161 SIP Dial-in Flow to VMN Ucdemolab = Webex sitename Signaling [email protected] Media UCM
EX90 SIP Route Pattern SIP Route Pattern ucdemolab.webex.com Non-Video Mesh sites
Route List Route List
Route Group Route Group (top down)
HQ_VMN SIP Trunk
VCS-C/Exp- C
Signaling Media Signaling Media
VMN 1 VMN 2
HQ Cluster Internet Meeting request --> <-- create meeting on VMN 1
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 162 SIP Dial-in Flow to VMN Ucdemolab = Webex sitename Signaling Media Media goes UCM directly to VMN 1 EX90 SIP Route Pattern SIP Route Pattern ucdemolab.webex.com Non-Video Mesh sites
Route List Route List
Route Group Route Group (top down)
HQ_VMN SIP Trunk
VCS-C/Exp- C
Signaling Media Signaling Media
VMN 1 VMN 2
HQ Cluster Internet
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 163 SIP Dial-in Flow to VMN Ucdemolab = Webex sitename Signaling [email protected] Media UCM
EX90 SIP Route Pattern ucdemolab.webex.com
Route List
Route Group RG_HQ
HQ_VMN SIP Trunk
Full Full Signaling Media Signaling Media
VMN 1 VMN 2
HQ Cluster Internet Meeting request -->
<-- Response
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 164 SIP Dial-in Flow to VMN ucdemolab = Webex sitename Signaling
[email protected] Can add another RG with a different VMN cluster Media UCM before the RG_Internet.
EX90 SIP Route Pattern SIP Route Pattern ucdemolab.webex.com Non-Video Mesh sites
Route List Route List
Note: A SIP 488 Route Group Route Group (NOT_ACCEPTABLE_HERE) RG_HQ RG_Internet Route Group response tells CUCM to go to the next route group HQ_VMN SIP Trunk Internet SIP Trunk
488 response code VCS-C/Exp- C
Full Full Signaling Media Signaling Media
VMN 1 VMN 2
HQ Cluster Internet Meeting request -->
<-- Response
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 165 SIP Dial-in Flow to VMN Ucdemolab = Webex sitename Signaling Media Media goes UCM out VCS or EX90 Exp C/E pair to the Internet SIP Route Pattern SIP Route Pattern ucdemolab.webex.com Mesh nodes Non-Video Mesh sites
Route List Route List
Route Group Route Group RG_HQ RG_Internet Route Group
HQ_VMN SIP Trunk Internet SIP Trunk
VCS-C/Exp- C
Full Full Signaling Media Signaling Media
VMN 1 VMN 2
HQ Cluster Internet Media
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 166 VMN = Webex Video Mesh Node Call Control Connectivity VCS/EXP - C
Cisco Webex
VCS/Exp - C VMN
Neighbor Zone
Meeting
• Supported with VCS or Expressway X8.11.4 or higher
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 167 Expressway - C Neighbor Zone Creation
VideoMeshZone • Create a neighbor zone for Webex Video Mesh Node • Configuration > Zones > Zones, and then click New • 5060 support only
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 168 Expressway - C Neighbor Zone Creation
• Create a neighbor zone for Webex Video Mesh Node VideoMeshZone • Configuration > Zones > Zones, and then click New
• Add Webex Video Mesh Nodes
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 169 Expressway - C Search Rule
• Create a search rule for Webex
Video Mesh Node calls Outbound To VMN for Webex Meetings • Configuration > Dial Plan > Search Rules, and then click New • SIP only • Alias Pattern Match • your Webex site • Sitename is “ucdemolab” • ex: .*@ucdemolab.webex.com.*
VideoMeshZone
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 170 Expressway - C Zones
VideoMeshZone 1
New Neighbor Zone created with search rule
Default Traversal Zone between Exp – C and Exp – E • Used for failover when Webex Video Mesh Nodes are full • Normally already setup in existing deployments
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 171 Enable Video Mesh support on Cisco Webex site
To cascade media to and from the VMN for Webex meetings, a configuration item needs to be modified from the default setting.
This configuration is available when the Webex site is on the new platform running WBS 33 and higher. Media Resource Type
• Cloud (default)
• Video Mesh
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 172 Webex Video Mesh Node Discovery - Scenario 1 Scenario 1 Registration
Corporate network- MEX Internet
Cloud1 Cloud2
Cancun1 Cancun2
Cisco Webex Teams app and Webex Cluster - Cancun Cluster - Cloud device register to their organization 1. Node – Cancun1 1. Node – Cloud1 Cisco Webex responds with the clusters 2. Node – Cancun2 2. Node – Cloud2 available for the users
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 174 Note: Checks are performed: Scenario 1 a) At launch of Cisco Webex Teams app b) Network change event Reachability Test c) Cache expiration (2 hours)
Corporate network- MEX Internet
Cloud1 Cloud2
Cancun1 Cancun2
Cisco Webex Teams app and Webex devices do reachability tests to the mesh nodes. Cisco Webex Teams app and Webex devices sends results to the cloud at call start. Cluster - Cancun Cluster - Cloud
1. Node – Cancun1 (RTD = 10) 1. Node – Cloud1 (RTD = 220) 2. Node – Cancun2 (RTD = 11) 2. Node – Cloud2 (RTD = 200)
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 175 Scenario 1 Registration
Corporate network- MEX Internet
Cloud1 Cloud2
Cancun1 Cancun2
Cisco Webex Teams app and Webex devices connect to a mesh node Mesh node Cancun1 hosts the meeting If additional participants join later, they follow the same process
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 176 Scenario 1 Meeting with Overflow
Corporate network- MEX Internet
Cloud1 Cloud2 Full Full
Cancun1 Cancun2
Cisco Webex Teams app and Webex devices connect to a mesh node Mesh node Cancun1 hosts the meeting If additional participants join later, they follow the same process Cancun 1 and Cancun 2 are full Overflow to the cloud and automatic cascade is created
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 177 Webex Video Mesh Node Discovery - Scenario 2 Scenario 2 Registration
Corporate network- MEX Internet
Cloud1 Cloud2
Cancun1 Cancun2
Mobile Home Office
Cisco Webex Teams app and Webex device Cluster - Cancun Cluster - Cloud register to their organization Cisco Webex responds with the clusters 1. Node – Cancun1 1. Node – Cloud1 available for the users 2. Node – Cancun2 2. Node – Cloud2
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 179 Scenario 2 Reachability Test
Corporate network- MEX Internet
Cloud1 Cloud2
Mobile Cancun1 Cancun2
Home Office Cisco Webex Teams app and Webex devices do reachability tests to the mesh nodes. Cisco Webex Teams app and Webex devices sends results to the cloud at call start. Cluster - Cancun Cluster - Cloud
1. Node – Cancun1 (RTD = 10) 1. Node – Cloud1 (RTD = 220) 2. Node – Cancun2 (RTD = 11) 2. Node – Cloud2 (RTD = 200)
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 180 Scenario 2 Meeting
Internet Corporate network- MEX
Cloud1 Cloud2
Cancun1 Cancun2
Mobile Home Office Cisco Webex Teams app and Webex devices connect to a mesh node Mesh node Cancun1 hosts a meeting for the corporate users Mesh node Cloud 2 hosts a meeting for remote users Mesh node Cancun1 cascades automatically to Mesh node Cloud2 to create the meeting for all participants BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 181 Reachability to the cloud
Mesh Node RTT
Oslo 270
San Jose 300
Cloud Node 120 • Default behavior is to use the corporate VMNs before cloud nodes. • Will use the cloud node instead of internal video mesh nodes if the RTT >= 250ms to the video mesh node and cloud node’s RTT is
20% less (200ms ©or 2020 less) Cisco than and/or itsthe affiliates. internal All rights VMN reserved. clusters. Cisco Public DMZ Deployment Architecture Webex Video Mesh – Option 2
Internal DMZ
Cisco Webex Teams App Internet
Cisco Webex Cloud Device Webex Video Mesh Node Mesh Node
Cisco Webex Teams App
DMZ installation considerations: ▪ External media does not traverse the internal network ▪ All media for internal participants goes to the DMZ. ▪ Security policy does not allow all Cisco Webex ports to be opened outbound for media directly to the Internet from the internal network
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 184 Dual Nic
• Cloud Cascades • HTTPS, WebSocket
Deployment: Outside 72.163.4.188 • Require all nodes be the same configuration in Corp. the cluster LAN • For example dual-NIC only • Recommend changes be done in maintenance mode Internet
• RFC 1918 address is acceptable on the internal Video Mesh interface only. The external interface needs to be a publicly routable address. Inside • Use internal IP address for node registration in 192.168.1.50 Control Hub. • The browser used for registration of VMN must • Local Media have connectivity to Cisco Webex cloud as well • Management as the internal IP address of the node. • CLI • SIP
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 185 Dual NIC – External IP Configuration
• External IP configuration needs to be explicitly enabled when required.
• External IP can be enabled before or after registration.
• Maintenance Mode is required if registered to production environment.
• All nodes in the cluster need to have the same configuration, either single or dual NIC.
• Menu Options • Enable/Disable – Configure external IP or switch back to Single interface mode • Display Configuration - Display the external IP configuration • Manage Routing Rules – View, Add and Delete the routing rules.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 186 Proxy Support
Signaling • Transparent Proxy Media • Inspecting and non inspecting
• Explicit Proxy
Proxy • Inspecting and non inspecting Server Internet • No auth, Basic, Digest and NTLM
Video Mesh
• HTTP(s) signaling support only
• Ports 443 and 444
• Media goes direct to the cloud
• UDP port 5004
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 187 Video Mesh Webpage
This webpage is available per node
• https://ip_address_of_the_vmn/setup What can you view?
• User: admin 1. Video Mesh Overview • Password: Use the one that was created when the node was setup via the CLI. 2. Trust Store
3. Certificate management
4. Troubleshooting
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 188 Number of Node Usage and Node specific Overview ongoing Type, Service Alarm calls SW Image Status Notification
Network Information
DNS Test, Hover to reveal when Node Server Response time, BW Registration the test was run and test what was checked Status © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Transparent Proxy
Supported Types of Proxies
1. No Proxy
2. Non-Inspecting
• Video Mesh nodes are not configured to use a specific proxy server address and should not require any changes to work with a non-inspecting proxy.
3. Inspecting
• Requires certificate upload to VMN
• No http(s) configuration changes are necessary on Video Mesh, however, the Video Mesh nodes need a root certificate so that they trust the proxy. Inspecting proxies are typically used by IT to enforce policies regarding which websites can be visited and types of content that are not permitted. This type of proxy decrypts all your traffic, even https.
• Reboot is required after the certificate is install.
• Proxy connectivity check
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 191 Explicit Proxy
• Admin tells the VMN which proxy to use and authentication mechanism.
• Admin needs to know the proxy IP address and proxy listening port
Authentication Type:
• None: for HTTP or HTTPs explicit proxies, no further authentication is required. • Basic: for HTTP or HTTPs explicit proxies and used for an HTTP user agent to provide a username and password when making a request, and uses Base64 encoding • Digest: for HTTPs explicit proxies only and used to confirm the identity of a user before sending sensitive information, and applies a hash function on the username and password before sending over the network. • NTLM: for HTTP only. Like Digest, NTLM is used to confirm the identity of a user before sending sensitive information. Uses Windows credentials instead of the username and password.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 192 Troubleshooting the Cisco Webex Video Mesh Solution - BRKCOL-3002 Event: 2019 San Diego Troubleshooting Speaker: Paul Stojanovski https://www.ciscolive.com/global/on-demand-library.html?#/
• Logs
• Send logs to Cisco
• Log package contains media, system, and container logs
• Download logs locally to attach to a TAC case manually
• Packet Capture
• Captures packets from all interfaces
• 2 GB limit for the packet capture file
• Include upload identifier to a TAC case for the support engineer to look at the file
• Ping
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 193 Troubleshooting
• Trace Route
• Check NTP Server
• Reflector Tool
• Used to identify blocked TCP or UDP ports on the node.
• Requires client reflector script.
• Must put the node in maintenance mode before you start the reflector server.
• Debug User
• Only used when working with support
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 194 VMN Architecture Deployments Regional Design Centralized VMN • Internal SIP endpoints Internet have joined
San Jose Melbourne Tokyo Unified CM Unified CM Unified CM
MPLS WAN MPLS WAN
Meeting
Webex Video Mesh Node
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 196 Regional Design Centralized VMN • Cascade link is Internet created • Signaling only, no media
San Jose Melbourne Tokyo Unified CM Unified CM Unified CM
MPLS WAN MPLS WAN
Meeting
Webex Video Mesh Node
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 197 Regional Design Centralized VMN • Webex Meeting App sends media to the Internet cloud. • They can not use the VMN
San Jose Melbourne Tokyo Unified CM Unified CM Unified CM
MPLS WAN MPLS WAN
Meeting
Webex Video Mesh Node
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 198 Regional Design • Local VMs in region Distributed VMN • Each participant dials into a Webex Meeting
Internet • Hub and Spoke design
San Jose Melbourne Tokyo Unified CM Unified CM Unified CM
Meeting Meeting MPLS WAN MPLS WAN
Meeting
Webex Video Mesh Node
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 199 Control Hub Reporting Cisco Webex Control Hub https://admin.webex.com
• Webex Video Mesh Reports enables administrator to understand the trend of their on premises resource capacity and utilization, as well as availability that impacts capacity.
• Webex Video Mesh Activity graph gives an overall perspective of the number of calls hosted on the cloud vs the number of calls that were hosted on on-premises clusters in an organization.
• Webex Video Mesh Activity Adoption tab added to the reports to help administrators find the most popular categories of client types and utilization in the organization.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 201 Cisco Webex Control Hub https://admin.webex.com
• Webex Video Mesh Cascade Bandwidth reports enables administrator to understand the amount of bandwidth used with a Video Mesh cluster cascades to the Webex cloud for the meetings
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 202 Key points to remember in architecting a Video Mesh solution
One recommendation does not fit all deployments
• Video Mesh is a cloud service on the customer premises. It is not the same as an MCU.
• Deploy Video Mesh cluster(s) in a large campus site or Datacenter close to the Internet connection
• Start small and grow
• Continuously monitor the reports in Webex Control Hub. • Add more Video Mesh Nodes as the number of overflows to the cloud trend upwards
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 203 Documentation Reference Links
• Deployment Guides • Webex Edge Connect: https://collaborationhelp.cisco.com/article/en-us/n68tcpb • Webex Edge Audio: https://collaborationhelp.cisco.com/article/en-us/xmsy7d
• Video Mesh: https://collaborationhelp.cisco.com/article/en-us/jgobq2
• Datasheets • Webex Edge: https://www.cisco.com/c/en/us/products/collateral/conferencing/webex-edge/data-sheet-c78- 741264.pdf • Video Mesh: https://www.cisco.com/c/en/us/solutions/collaboration/webex-hybrid-services/webex-hybrid-media- service.html
• Webex Audio Coverage: https://www.cisco.com/c/dam/en/us/products/collateral/conferencing/webex-meeting- center/cisco_webex_gpl_audio.pdf
• Network requirements: https://help.webex.com/en-us/WBX000028782/Network-Requirements-for-Webex-Teams- Services
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 205 Components of Webex Edge for Meetings
Webex Edge for Meetings
1 Connect 2 Audio 3 Video Mesh
Direct Connection to the Webex Meeting Audio via the Meeting Resources on Webex Datacenter Internet or Edge Connect premises
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 206 Complete your online session • Please complete your session survey survey after each session. Your feedback is very important.
• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events Mobile App or by logging in to the Content Catalog on ciscolive.com/emea.
Cisco Live sessions will be available for viewing on demand after the event at ciscolive.com.
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 207 Continue your education
Demos in the Walk-In Labs Cisco Showcase
Meet the Engineer Related sessions 1:1 meetings
BRKCOL-2120 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 208 Thank you