Trusted Relay Point configuration

The Cisco Unified Communications system can be deployed in a network virtualization environment. Cisco Unified Communications Manager enables the insertion of trusted relay points (TRPs). The insertion of TRPs into the media path constitutes a first step toward VoIP deployment within a virtual network.

The underlying network infrastructure comprises one of the key shared assets in an overall network design. A number of customer use cases require support for network infrastructure virtualization, such as the following examples:

-Guest internet access

-Partner access

-Departmental or divisional separation

-Subsidiaries/mergers and acquisitions

-Application segregation (data/voice)

All these applications include a requirement to maintain traffic separation on the network device as well as between network devices.

Traffic separation translates into concepts such as Virtual Routing and Forwarding (VRF). VRF allows multiple instances of a routing table to co-exist within the same router at the same time. In a virtualized network, these different routing domains, or VRFs, typically cannot communicate directly without transiting through the data center.

This situation challenges applications such as Cisco Unified Communications, where devices in the data VRF domain, such as software endpoints running on PCs, need to communicate directly with hard phones in the voice VRF domain without hairpinning media in the data center and without directly exposing the voice and data VRFs to each other.

Below a sample configuration off TRP.  This sample setup will force softclient RTP streams (voice or video) through the MTP control point in the router. In this router you might want to add additional security settings (FW, ACL, QOS,…). We will focus here on the basic TRP configuration in the  Cisco callmanager and  ISRG2 router.

Basic Principle:


As you can see in this setup we make a direct call between a Cisco EX90 and the CUPC client. Both devices are registered to the Callmanager 8.6.



Continue reading

The Power of Participation

Today, Cisco launched the “Power of Participation”, an important extension to both Cisco’s Borderless Networks architecture and Cisco’s Data Center Business Advantage architectural framework.

Why the “Power of Participation”? Because we are right in front of the third wave of the Internet Evolution. Wave 1 (1990s) was all about connectivity and transforming transactions (E-commerce, B2B, B2C). Wave 2 (2000s) was about driving inclusion and transforming interactions through social media and the consumerization of IT. Last week, in this blog, I mentioned some future trends: mobility, internet of things, cloud and collaboration/video. As these trends take full scale, they will fundamentally transform organizations and we will be entering Wave 3 of the Internet Evolution: an era of changed business interactions and new user expectations. In this era, end users will expect their collaborative, video-rich work environment virtually and securely Anywhere, Anytime on Any Device of their choice (the New Normal). They will demand a Borderless Experience giving them the Power to Participate optimally to business. In this new era, businesses will also demand to IT the Power to Participate and transform in an agile way into new and changing business models.

How will we enable this Borderless Experience and these new business models? Through an architectural Borderless Networks approach delivering uniform network services. In previous Borderless Networks launches, we already delivered network services such as Motion (driving Anywhere mobility capabilities); Medianet (supporting media-rich video collaboration), EnergyWise (driving energy control and building management) and TrustSec (driving secure support for Any Device and controlled access for Anyone).

In today’s announcement, we take an important next step in delivering Anywhere – Any Device capability with the launch of AnyConnect 3.0. The Cisco AnyConnect Secure Mobility Client provides a single 802.1x authentication framework, allowing smooth and transparent wired or wireless access and delivering a seamless Always-On secure (IPSec VPN, SSLVPN, MacSec, …) borderless connectivity experience  across a broad set of PC- and Smartphone-based mobile devices (windows, Apple iPhone, …) ( Advantage for the end user: the ability to access and use his business applications seamlessly and securely – without any technology complexity – whether on the wired network at work, on the wireless network in a meeting room, on a wireless guest net, on the road or at home. Advantage for the IT department: being able to open up the access policy to a broad set of devices while still guaranteeing security compliance. This solution also allows to take advantage of cloud-based services while maintaining consistent security policies towards the applications, whether in the on-premise datacenter or in the cloud (

A Borderless Experience also requires a perfect end-to-end application experience. To enable this, Cisco announced the Application Velocity network service. This network service delivers a network that is application aware, has application visibility and monitoring capabilities, can accelerate applications (WAAS express, WAAS on the Integrated Services Routers ISR-G2’ Services Ready Engine (SRE) ( and can deliver application agility and extend application virtualization up to the branch office (Unified Computing System (UCS) on the ISR-G2 Services Ready Engine (

The launch also considerably expands the network infrastructure in terms of high density and high performance through new announcements in the wireless offering (1040 access points), the Catalyst 4500 platform, the high-end ASR routing platform, the new high-end ASA5585 firewall, the LMS4.0 management platform and EnergyWise.

To enable you to take a fast start in this important network transformation to a Borderless Networks architecture, Cisco has created detailed Validated Design Guides that can help you on your journey: the Smart Business Architecture for mid-sized networks and enterprises  (

So, who is the person on the picture above? Well, meet Ike Theodore (IT) Willis and follow him towards the Borderless Networks challenge, Oct 5th – Oct 8th and take the chance to win a trip to see Your Wonder of the World:

For more info on the announcements, please go to

Oh Crystal Ball …

As an IT department, you are asked to be ready to enable future business directions and related changing end user requirements, enabling productivity increases and efficiency improvements.  But what are those upcoming requirements? What do you need to prepare your IT infrastructure for? When asking the question to your business departments, it might appear that they also have difficulties answering this.

Still, there are already some tendencies appearing that will underpin these business direction changes and, in one way or another, will fundamentally change the IT infrastructure you need to provide. These tendencies all have a direct impact on either or both Cost Reduction/Productivity Improvement or driving Innovation/increasing Differentiation, fundamental forces that will always keep on driving change in companies.

Mobility for sure is one of them. Your company’s workforce is only sitting a low amount of their time behind a fixed desk. They spend more time in meeting rooms, in a virtual desk environment, in flexible workspaces within changing project teams, on the road or even increasingly from their home office. Your companies’ workforce might even go beyond the corporate borders due to increased collaboration with external teams and partners. So, you will need to be able to provide an IT experience wherever the end user would like to connect. The border of location, previously tied to the fixed desk, has disappeared and you will need to provide the end user with a Borderless experience.

Cloud computing is entering the IT landscape. Companies are still figuring out up to what level they need to integrate and take advantage of cloud based applications and business models. Whatever the outcome, IT departments will need to enable high quality and secure access to both applications in the datacenter and applications out in the cloud. So, the location border, both of the end user AND of the application that he wants to access, has gone. IT departments even need to check whether they are still in the path between the end user and the application, especially since the IT department will still be requested to guarantee security and data integrity.

More and more devices of different types will connect onto the network: The Internet of things. Where once an IT department needed to foresee a standard corporate desktop PC and a mobile telephone, it is now faced with an increasing amount of diverse devices connected to the network. Sometimes, these devices are controlled by IT; sometimes they are brought in by the end user and are less IT controlled. The Blackberry was one of the first devices requested directly by end users, imposing IT to support it on their network. This user-driven evolution only increased with the rising popularity of the iPhone, Blackberry devices, Symbian devices, Android devices, the iPad, the Cisco CIUS, … Cisco’s IT, for example, acknowledged that a standard desktop and mobile was not maintainable anymore, and moved to the support of a full catalogue of devices, allowing people to use devices that optimally support their personal business requirements. Beyond that, new non-user based devices are becoming IP based: access control devices, physical security camera’s, building management sensors. In short, the device border is disappearing. IT needs to adapt to these increasing demands in supported devices and non-user devices on the network, while of course maintaining a coherent and uniform network access control policy.

Finally, after decades of productivity improvement through process optimization, companies are now seeking the next wave of productivity improvement through increased collaboration. Being able to flexibly bring the right people and specialists together to solve problems or accelerate innovative ideas, being able to take advantage of the knowledge in a globalised world, drive richer interaction with customers to increase their customer experience, satisfaction and loyalty will all be important drivers behind collaboration. So, IT departments need to be ready to support the next wave of collaboration tools. Where today this translates into the movement from telephony to IP telephony to Unified Collaboration, this will increasingly mean the usage of rich video to increase the impact. Get the expert – from wherever in the world – in front of your customer in a High Definition real live experience, bring teams dispersed worldwide together in a seemingly same meeting room, drive video rich messages to your customers, … The result : a much higher level of impact and interaction. Based upon my own experience with several collaboration tools, I can only confirm that the level of attention and efficiency of a video based Telepresence meeting approaches the one of a live meeting, and is way above the impact of a voice-based conference call. The IT impact: an important increase in bandwidth requirements (video is already more than 50% of the bandwidth on Cisco’s network), and a network that needs to be aware and be able to cope with rich media and video.

Can we see into a Crystal Ball … not really. However, you will have recognized several of the above mentioned changes starting to play into your IT environment. We can help you to move forward in this challenging journey through our Borderless Networks architecture. This architectural approach goes beyond switch ports, access points, speeds and feeds; but will combine these network infrastructure building blocks to interoperate together to drive infrastructure functionality that addresses above mentioned IT challenges :

– Mobility: Cisco Motion & CleanAir, Cisco AnyConnect and Cisco TrustSec

– Cloud: Cisco AnyConnect and Cisco Application Velocity

– Internet of Things: Cisco TrustSec and Cisco EnergyWise

– Unfied Collaboration and Video: Cisco Medianet

For more details on each of these functionalities, please visit:

Let’s confidently start the journey …

The impact of video on your network

Last week Cisco held its annual Global Sales Meeting with nearly 1.100 conference rooms in 162 locations around the world.  What used to be around 20.000 people flying towards the United States and to the event location, has now been transformed into a worldwide virtual experience. Needless to say the enormous cost reduction achieved through this, as well as the enormous challenge to support such an event. Making usage of all available Web2.0 technologies such as extensive Telepresence usage, High Quality video streaming and interactive Webex-sessions for collaboration and discussions. In short, full rich media session enablement to all participants.

This is just an example that shows the potential of video to transform internal collaboration in the company. Video is becoming central to how we work, how we live and how we communicate and if you have a look at the expected evolution of traffic, you can clearly see the increase of video usage and overall bandwidth growth. Given the impact on quality of interaction and collaboration as well as on cost reduction, IT department’s will be challenged with the daunting task to be ready to serve these media demands and rapidly growing content volume. Cisco’s Borderless Networks architecture, incorporating Medianet, can help IT departments to address this challenge.

TB = Terabyte (1000 GB)
PB = Petabyte (1000 TB)
EB = Exabyte (1000 PB)

A Medianet-ready network is an intelligent network that understands the specific requirements and has been optimized for video traffic and rich media traffic. With medianet, your borderless network optimizes traffic flow and bandwidth utilization, while reducing the effect of network congestion. And it does all this while lowering the complexity and risk associated with video rollouts.

The medianet approach gives you unprecedented quality, scalability and efficiency, allowing you to:

–          Deliver all types of media over a single end-to-end IP architecture.

–          Provide reliable extraordinary customer experiences.

–          Increase revenues and reduce operating expenses.

The Medianet will make the required bandwidths available (Gbps to the desktop, 10Gbps in the backbone, 100Gbps in SP backbone) but will also ensure a constant rich-media user experience, independent of where you are (wired or wireless) or on which device you want to view the content (thanks to the Media Exchange Engine). The Medianet will also make the network understand video devices and their requirements, through build-in end-to-end functionalities such as Auto Smartports, Quality Of Service, RSVP (Resource Reservation Protocol), Performance Routing (PfR), …

Let’s take a look at Performance Routing (PfR). It complements traditional routing technologies in order to improve application performance and availability. This technology can select the best path for each application based upon advanced criteria such as, reachability, delay, loss, jitter, and Mean Opinion Score (MOS).

And probably, we are only still at the beginning of the video era. Maybe the STAR WARS holographic virtual meetings are not that futuristic anymore …. Cisco Telepresence Magic

Is Your network ready for it ?

SAF: Service Advetisement Framework

Service Advetisement Framework (SAF) is a method to transport discovery information that would typically resides locally across Wide Area Networks. A SAF-enabled network will transport encapsulated messages and distribute those as it they were part of an IP routing protocol.

Current Cisco implementation leverage EIGRP as a transport medium, independent of the actual routing protocol; could be a BGP, OSPF or IS-IS routed network.

The first application I want to spend a bit more time on is Call-Control Discovery.

Problematic with a large number Call-agent is to have them inter-working and in particular adjusting dial-plan amongst and between them. Previous to SAF, two options were offered as depicted below:

Fully meshed network of h.323 or SIP trunks

Centralized SIP proxy or h.323 gatekeeper

You’ll note that in both case the operational overhead and technical complexity can ramp up pretty quickly as the number of call-agents to inter-work is growing.

Cisco Unified Communications is using a new service, CCD, that leverages SAF to exchange call routing information, automatically, between multiple SAF-enabled call control systems (like CUCM, CUCME, CUBE). This permits those systems to update their call routing table dynamically.

SAF enabled network

The call-control, being a SAF-client, is sending CCD information to the first connected SAF-forwarder, a router in this case. CCD is contained in a SAF Advertisement, itself having a header and ‘service data’ payload.


SAF Client: any application wishing to advertise a service to the network or request a service from the network or both
SAF Forwarder: router feature – provides relationship between client and framework, stores service information and propagates it to other forwarders
Service: any information that a SAF client wishes to advertise and “consume” (e.g., dial plans for CCD)
SAF Advertisement: carries service information, consists of SAF Header and Service Data
Non-SAF Node: any router that does not run the SAF protocols

How does it work ?

In the following example, you have the San Jose site updating, via the SAF-enabled  network, the New-York office with its call routing information.

Then New-York office is also sending its CCD to the SAF-enabled network, and by which San Jose call-control also gets updated call routing information.

Now a third call-control, London, is added to the scheme, the CCD does not need to be re-send by the call-control as it’s the SAF-agent that will update the new call-control, without other intervention. In the meantime, London’s CCD will be propagated across the SAF-enabled network.

If for any reason the IP path becomes unavailable to a specific call agent, the network will update itself the call routing information, alerting the other call-control to use the PSTN path to reach those location.

And the beauty of this, it all happened without any administrative actions with regards to the call-routing…. great isn’t it  🙂

Stay tuned to an upcoming post on how to configure CUCM to use SAF.

%d bloggers like this: