Blog Archives

CSCvf07153 Cisco CUBE uses incorrect timezone in SIP messages

CSCvf07153 is a pretty simple mistake exacerbated by inconsistent implementation from Cisco.

What is it? Cisco CUBE sends the local timezone of the router in SIP headers when the RFC specifies that GMT should always be used. This causes some SBCs to respond with 400 SIP Parser Error : Missing TIME ZONE and causes calls both inbound and outbound to fail.

The bug lists a workaround, yet the workaround is not complete for two reasons.

  1. It only lists the Daylight Saving timezone and not the Standard timezone
  2. It lists the timezones only in upper-case, but CUBE (3.16.7S) uses upper-case for Standard time and lower-case for Daylight Saving time.

TAC is updating the bug notes with this info, but it may not show up for a few days. Here’s a proper workaround. Replace CST/CDT/cst/cdt with your timezone:

voice class sip-profiles 27
  response ANY sip-header Date modify "CST" "GMT"
  response ANY sip-header Date modify "CDT" "GMT"
  request ANY sip-header Date modify "CST" "GMT"
  request ANY sip-header Date modify "CDT" "GMT"
  response ANY sip-header Date modify "cdt" "GMT"
  request ANY sip-header Date modify "cdt" "GMT"
  response ANY sip-header Date modify "cst" "GMT"
  request ANY sip-header Date modify "cst" "GMT"

Read the rest of this entry


Dial Plan Design: No Device/Line?!

  1. Interdigit Timeout
  2. E.164
  3. DN Length
  4. Localization and Globalization
  5. No Device/Line?!

I started writing this series three years ago, but got distracted by other tasks and neglected to complete this last post in the series. It’s one of the most important. Before I begin writing about other topics I wanted to come back to this draft and the notes I started three years ago and finally publish it.

First, let’s set our baseline. The common wisdom in Cisco UC for as long as I can remember has been to use the “Device/Line” approach. Older SRNDs spent plenty of time explaining this approach, which can be summed up as follows:

  • Provide access to ALL destinations via the Device CSS (unrestricted access to internal & PSTN)
  • Restrict access and create Classes of Service via the Line CSS and exact match blocking patterns.
  • The resulting concatenation of the Device and Line CSS’s would provide the user’s Class of Service.

E.g. if I had a pattern, 9.1[2-9]XX[2-9]XXXXXX to provide long distance calling in the US applied to the Device CSS, but I wanted this phone to have Local-only dialing privileges I would need to create a duplicate pattern, 9.1[2-9]XX[2-9]XXXXXX, that would be set to block or reject the call. This blocking pattern would be applied to the Line.

The thought was that you only needed one set of blocking patterns to handle an entire country dialing plan. That same 9.1[2-9]XX[2-9]XXXXXX that blocked LD calls in Minnesota would work equally well for users in California, Kentucky, etc. It was intended to minimize the overall configuration needed.

But with +E.164 patterns this starts to break down. These blocking patterns that provide Class of Service can no longer be applied globally when it comes to E.164 because they are source specific (i.e. the context of the call matters). Take a look at this same E.164 pattern and see what I mean:

  • +1651XXXXXXX in Minneapolis, MN blocks Local calls
  • +1651XXXXXXX in Chicago, IL blocks Long Distance calls
  • +1651XXXXXXX in Germany blocks International calls

Once deciding to allow users to dial E.164 patterns our entire Class of Service design breaks down. We’d need to individually create blocking patterns at every geographic location based on their local, LD and Intl patterns.

What’s the alternative? A single CSS. That single CSS should have:

  • Route Patterns that are ONLY in +E.164 format
  • All other patterns are Translation patterns that Globalize to +E.164 format

In this way we create translation patterns that allow all of the end user dialing habits, globalize those varied dialing habits to a standard E.164 number and then provide class of service based on the E.164 patterns.

Here are two examples:

In the first we have an end user that dialed 9 608 298 1100. Looking at the translation patterns in that LD partition you can see that they also could have dialed 9 1 608 298 1100 or +1 608 298 1100 and the end result would be the same. We expand to E.164, use the Originating CSS option on the translation and try again, but now we match the +E.164 Route Pattern.


In the second example we see a CSS that only provides Local calling from Minneapolis. We still match the same translation pattern for this call and expand to an E.164 number. But now when we loop back around there is no matching pattern for the +16082981100 number. There is access to the local area code +1763XXXXXXX, but no long distance area codes.


One benefit of this is that toll fraud patterns like 1-900 numbers only need to be defined once as +E.164 blocking patterns. No matter how a user tries to dial (with PSTN Access Code, with/without 1, etc.) the only Route Pattern that will match and potentially provide PSTN access is the single blocking pattern.

What are some other benefits of this Single CSS approach?

  • There are places we can’t apply a Device/Line approach because CUCM only allows one CSS
    • Call Forward CSS’s (except CFwdAll)
    • Rerouting and Out-of-dialog CSS’s
    • Integrations (SIP Trunks to 3rd party systems, Expressway, etc.)
  • Device/Line is complicated and confusing. It’s second nature for most voice engineers now, but new engineers and customers who rarely touch the Call Routing config in CUCM have trouble following the “resultant CSS” to know what access a phone truly has. A single CSS is easier to troubleshoot.
  • No need to create exact match blocking patterns for Line CSS’s for every pattern created and added to a Device CSS. Let’s face it, the system might be perfect on First Day of Service, but come back a year or two later and I guarantee there are toll fraud holes in that Device/Line design from admins inadvertently creating new patterns and not creating a partner exact match blocking pattern for all of the Line CSS’s.

Where should we apply this single CSS? The Device or the Line? Choose carefully for your design.

  • If applied to the Device it is changed by Device Mobility and Extension Mobility
  • If applied to the Line it follows that user when roaming.

This isn’t a one size fits all scenario, but I’ve found this approach to work well.

  • Apply a single CSS to the Line only.
  • Apply Emergency (911) patterns to the Device since emergency calls should be location-specific rather than user-specific. But do so via each Device Pool’s Device Mobility CSS. Even if you are not using Device Mobility this CSS will still apply to the phone and keeps extra config off of the phone. It also means it’s less likely admins will forget to set it and cause an issue with emergency calling.

Cius & AppHQ Launch

Everyone is talking about Cisco’s latest Cius announcement today, the AppHQ and July 31st availability.

I won’t disagree that Cisco has a a ways to go yet with the Cius (I’ve been using one the last few weeks), but the reviewers are missing the point here.

First, price. Reviewers, stop freaking out about it. If the Cius is $750 list and Cisco’s standard discounts apply most customers will pay a very “tablet-competitive” price even though it’s not “a tablet”. For reference, Cisco’s 9971 video phone has a list price just under $1000 and many customers are more than willing to buy them. Now you can have everything the 9971 offers and more.

Second, Android & the power of apps. Enterprise-grade video phone + Android apps = unlimited potential. Read Dave Michels great article on re-inventing the desk phone on, The Cius has 80-90% of his wishlist and it’s definitely on the right track here. Beyond these features think about current Cisco developers like Singlewire and the possibilities with their InformaCast notification products. Or the ability for a contact center supervisor to walk around the building with a Cius getting real-time stats and re-skilling agents to meet traffic spikes with a swipe of their finger. This is the future of the enterprise desk phone.

Finally, all the tablet comparisons are fine, but the real value for enterprises is this: VDI & the Cius media dock. Enterprises can buy a Cius and they no longer have to buy that employee a computer. A Cius with the dock connected to a monitor, keyboard & mouse with a Citrix or VMware View virtual desktop to connect to is the power play here. Now even at list price that $750 doesn’t sound so bad.

The strength of the Cius isn’t that it’s a tablet, because as far as that’s concerned it’s mediocre at best as the recent reviews have shown. They’re right. It’s not an iDevice. It’s not slim, aluminum, dual-core. It doesn’t even run recent code (Android 2.2). But Cisco’s positioning this in a perfect mix of their collaboration & data center strengths with a dash of the “consumerization of IT” thrown in. I think the idea & theory is perfect, now Cisco just needs to deliver.

Automated Alternate Routing

A couple interesting items I learned about Cisco Unified Communications Manager’s (UCM) Automated Alternate Routing (AAR) feature today.

  1. In UCM 8.6, even with 1kb of bandwidth allocated for audio it still lets one call through. The second gets stopped or uses AAR. This one might be a bug… more research on that.
  2. If a DN has a Remote Destination or Dual Mode phone associated to it, AAR will not kick in. The call will be placed to the RD only and the AAR path will not be used. I’m still trying to decide if this is desirable and I’m leaning towards no and a TAC case.
  3. When exceeding Video Bandwidth for a location a call between two video phones will still traverse the WAN as usual if there is audio bandwidth available, but just set itself up as an audio-only call. Then if video bandwidth opens up and the call is held/resumed video will be added back into the call (unfortunately, looks like a hold/resume is required to get UCM to renegotiate the media. It’d be cool if UCM would keep track of the call and add video when the bandwidth opened up.).

Dear Cisco [Jabber, Umi, Skype, Google Edition]

Dear Cisco,

I know you’re an enterprise-focused company and in light of recent events you’ve proven your loyalty there. But let’s take a look at that consumer market in a different light, because your competitors are doing just that. First up:

Skype… oh yeah, and Microsoft

No one seems to be quite sure if Microsoft understands what they did here and the incredible potential the purchase provides. I work with enterprises to design their UC systems every day and lately I’ve been hearing a lot of this, “What’s the deal with SIP trunking? Can I use that to connect to Skype? We have a bunch of vendor support teams in *insertforeigncountryhere* that only use Skype. Plus, all our execs use Skype when they travel.”

This next idea should scare the daylights out of anyone on Cisco’s sales team. Native Skype “node” built into MS Lync 2.0’s edge server. Take a look at these usage numbers from Wikipedia. Direct access to all those users from your Lync client using their impressive SILK super-wideband, adaptive bitrate, audio codec and also offering video (conferencing)? Everyone was scratching their heads, but it’s a wonder Skype wasn’t snapped up by Cisco or Microsoft sooner.

And then there’s Google –

Google may not be an enterprise UC player yet, but that doesn’t mean they won’t soon be taking a share of the SMB market through their Google Apps program by adding GVoice in the near future. Could you imagine if Google offered a simple IVR to all of their GApps customers? For the <20 user businesses it’d be incredible. Now take a look at the link above if you haven’t already. Chrome OS + native & free video chat using their new WebRTC & iLBC?  Instant access to all of their existing gMail, gTalk & GVoice users? With high-quality audio & video? The power of the masses strikes again.

So where does this leave Cisco? It means that while they cancelled Flip, may be selling Linksys, and Umi is a flop because they doesn’t get consumer pricing, they still have an opportunity with consumer UC. Cisco needs to attack the consumer market with their own free desktop IM/presence/voice/video client just like their competitors. I think that opportunity is Umi Connect.

(sidenote – WebEx Connect? Umi Connect? Is it possible they’re using the same Client Services Framework backend for this Umi Connect client? please say yes)

Back on point, supposedly a Umi Connect desktop client will be available for free to Umi subscribers this fall. I say make it available for free to anyone this fall. Charge for video voicemail storage, charge for the Umi hardware, but give the client away for free. Your competitors are doing it. Build native federation between Umi Connect and WebEx Connect. Make federation to a corporate Cisco Unified Presence Server a checkbox to select during install. Give away a free client, connect it to the beta site and you’ll have users by the boatload. And then you’ll have a leg to stand on when Microsoft announces a builtin Skype node in Lync 2.0.

Cisco 894x

Update on July 9th, 2012: This post was originally published in June 2011. A year later a lot has changed.

First, Cisco quickly came out with a matching SIP load so they are not limited to just SCCP. From what I’ve seen there is feature parity between the two and if I had a choice I’d pick SIP. Hopefully Cisco continues to invest more heavily in the SIP loads as they’ve done with their other high-end models.

Second, a number of initial gripes are fixed in recent firmware.

  • Custom backgrounds & ringers
  • Max/call busy trigger is now configurable
  • Mobility & DND are now available as softkeys
  • Many other little fixes here and there

This thing has been my primary desk phone for quite a few months now and I’m growing to like it. There are still a few things I’d like to see fixed (e.g. Phone VPN), but if I were faced with a purchasing decision today I would favor this over a 7942/45 and in most cases the 7962/65. I’d accept the fact that I’ll be doing regular firmware upgrades over the next year or so and balance it with the fact that I “future-proofed” my environment by offering video & Bluetooth to a large population of workers.

*When wouldn’t I use these to replace a 796x phone? When I need sidecars. And in that case, I’d move up to an 8961/9951/9971 and use the KEMs. They have some really nice high call volume features. The phone + KEM costs a bit more, but for the few people who need them it’s worth it.

Cisco recently released their new 8941/45 phones with built-in video cameras. A few interesting observations, but first the differences between the two.

The 8941 lacks gigabit network connectivity and Bluetooth, but comes in as a Class 1 PoE device (3.84w or less). The 8945 adds gig & Bluetooth, but still comes in much lower on the power scale than any of Cisco’s other phones with a color screen or video running between 6-7w when the screen is active.

Perhaps the most interesting design decision is the fact that the default firmware (and only fw at the moment) is SCCP, an interesting departure from their other recent high-end phones that run SIP (the 8961/9951/9971). I really expected SIP to be the go-to fw for all new phones. Especially considering the camera, why not re-purpose existing 9900 code rather than write all new fw from scratch?

A couple comments on the physical design of the phone. First, new finish & new handset. Take the finish from the bodies of the 7900 & 9900 phones, mix and serve for the 894x. Handset looks to be the same as the one that will come with the Cius dock. I miss the meaty 7900 handsets, but this is much better than 9900 handsets. Screen looks great, in some ways more crisp & clean the 9971. Disappointing that it appears there is no way to add a sidecar/KEM and no USB ports.

I had very high hopes for this phone and thought it would be the replacement for the 794x/6x phones that brought video to the masses. Unfortunately, while the hardware is all there the firmware is beyond disappointing. The good news? Firmware can be fixed. A few things that Cisco should consider non-negotiable when they release an information worker phone:

  1. No Phone VPN support.
  2. No custom background or ringtone support.
  3. UI is slow, e.g. phone can’t keep up with me when I’m dialing, much less moving through the setting or service menus.
  4. Hardcoded max call/busy trigger (3/2) just like the 6900s. Poor shared line support due to this. Ridiculous that Cisco thinks this is acceptable for a phone of this caliber.
  5. Pre-config’d softkeys like the 9900s (not the 7900s). Another frustrating aspect. Mobility & DND can’t be put on softkeys, so those 4 line buttons get cut down to 2 very quickly and you’re back to a 794x.
  6. Other miscellaneous things like not supporting Visual Voicemail give you the feeling that Cisco pushed this one out the door a little early.
Final thought… price point for this phone is incredible when you consider Bluetooth & video. If Cisco releases firmware that does this hardware justice it will make the 7900s obsolete.

Using DNS SRV Records with IOS Dial Peers

Ah… IOS. Refreshing after spending a week with ACME Packet’s ACLI. And at the same time it certainly has it’s own frustrations. It took me a while to get this working in my lab (partially because I was in Boston and my lab is most decidedly not), but I have a feeling DNS SRV records with SIP are going to prove very useful to me in the future.

The goal here: use DNS SRV records to minimize the number of dial-peers required in IOS. Typically CUCM is set up in some sort of redundant fashion so that there are multiple call processing servers. Going deeper, the configuration of CUCM is such that CM Groups are created with a max of three servers per group meaning everything needs to be pointed at two or three different servers in case one goes down. So we want to use one dial-peer to send a particular call to a CM Group made up of three servers rather than the usual three.

VoIP dial-peers use session targets to determine where to send a matching call. With no DNS SRV records each pattern would require three dial-peers using preference commands as shown below (Note: The use of an ipv4: target vs dns: target makes no difference here, I am using ipv4 in this example for contrast. DNS A records for each server would still require three dial-peers, it is only with DNS SRV records that we can collapse three dial-peers down into one).

dial-peer voice 1 voip
 destination-pattern 2000
 preference 1
 session protocol sipv2
 session target ipv4:

dial-peer voice 2 voip
 destination-pattern 2000
 preference 2
 session protocol sipv2
 session target ipv4:

dial-peer voice 3 voip
 destination-pattern 2000
 preference 3
 session protocol sipv2
 session target ipv4:

With DNS SRV records we can cut this down to one dial-peer:

dial-peer voice 1 voip
 destination-pattern 2000
 session protocol sipv2
 session target dns:cmgroup1.lab.local

along with a little extra config (to host the DNS SRV records in IOS to remove reliance on the corporate DNS server)

ip host cucm1.lab.local
ip host cucm2.lab.local
ip host cucm3.lab.local

ip host _sip._udp.cmgroup1.lab.local srv 1 50 5060 cucm1.lab.local
ip host _sip._udp.cmgroup1.lab.local srv 1 50 5060 cucm2.lab.local
ip host _sip._udp.cmgroup1.lab.local srv 1 50 5060 cucm3.lab.local

ip name-server
ip domain name lab.local

Finally, in order for a CUCM subscriber server to accept a SIP URI with a destination of @cmgroup1.lab.local rather than @<servername>.lab.local each parent DNS SRV records (cmgroup1.lab.local) must be added to the Cluster FQDN list in Enterprise Parameters. If this step is not completed, expect to see SIP 404 Not Found errors. From the CUCM Help:

This parameter defines one or more Fully Qualified Domain Names (FQDN)
for this cluster. Multiple FQDNs must be separated by a space.
Wildcards can be specified within an FQDN using an asterisk (*).
Examples are and * Requests
containing URLs (for example, SIP calls) whose host portion matches any
of the FQDNs in this parameter will be recognized as a request destined
for this cluster and/or devices attached to it.

Many thanks to these helpful resources, the first in the list is an especially good resource:

Gateway Configuration for SIP Proxy Redundancy

Load Balance Between SIP Dial-Peers
Designing Unified CVP for High Availability
Cisco IOS SIP Configuration Guide, 15.0

Cisco SIP Gateway Troubleshooting