In the past two weeks, I have been involved in troubleshooting issues relating to sip trunk and run on all active nodes. In both cases call routing was affected and this led to some form of outage. I have therefore decided to write a short blog on this. In this blog I will be looking at the pros and the cons of using this new feature. As good as it looks; it has its downfalls which without careful planning could create potential issues for you in your network. So before you check that tick box, make sure you read this blog. Do your colleagues a favour too, send it to all of them and if you are a team leader ensure all your team members read, understand and digest this article before deploying that sip trunk. Happy reading
In CUCM 8.5 and above Cisco introduced a new feature on sip trunks and Route List called “Run on all active unified CM nodes” This basically removed the dependency of the sip trunk and the route list on the CUCM group assigned to them. This implies that you can have more than three CUCM servers originating and terminating calls from and to a sip trunk.
Calls over a Single SIP Trunk.
There are two things to consider when SIP trunks are involved.
Source Node for outbound trunk calls
The source node specifies which CUCM node the call will originate from ( not necessarily the node that your endpoint is registered to). This is very crucial as you will in the coming paragraphs.
The destination node(s)/Remote servers specify which serves the call is sent to.
SIP Trunk connections configured in each cluster may be using standard Unified CM Groups or the Run on all Active Unified CM Nodes feature.
I shall attempt to cover CUCM call routing decisions on both scenarios.
CUCM NODE SELECTION FOR OUTBOUND CALLS
CUCM uses a process called Route Local feature to influence which server is used to initiate outbound calls. This feature selects the CUCM node depending on a number of factors described below:
Using Standard Unified CM Groups with SIP Inter cluster Trunks (PRE-CUCM 8.5)
Before the run on all active unified CM node feature was introduced. The standard behaviour was to use cucm groups with SIP Trunks. There are two scenarios to consider with this type of deployment:
Route-List in USE
In this scenario, a Route list is in use and points to one or more Route Groups
NB: The Route List is active only on the primary CUCM in the RL’s Call Manager Group
The cucm node that will be used for a call in this scenario is determined as follows:
When a trunk is used with Route List and Route groups, the Route List is considered to be the calling device.
If the calling device (Route List) is not registered to a CUCM server that is part of the selected outbound Trunk’s Call Manager Group;
Then CUCM will randomly distribute calls across the servers in the Trunk’s Call Manager Group to initiate outbound Trunk calls. This is recommended, because in this scenario calls are load balanced across your CUCM servers.
If the calling device (Route List) is registered to a CUCM server that is also a server in the selected outbound Trunk’s Call Manager Group;
Then use this server to initiate the outbound Trunk call (i.e. the server the RL is registered to)
A word of caution, as you can see this is a bad idea. You do not get any load balancing with this; hence it is recommended that you DO-NOT-CO-LOCATEthe RL and Trunks in the same CUCM group.
Single ICT---No Route List in USE
In this scenario an ICT is in use and the route pattern points directly to it
The cucm node that will be used for a call in this scenario is determined as follows:
If the endpoint is registered to the same CUCM server that is part of the CUCM group assigned to the sip trunk, then use the server the phone/endpoint is registered to to initiate the outbound call
If the endpoint is registered to a CUCM server that is not part of the CUCM group assigned to the sip trunk, then cucm will randomly distribute the call across the servers in the trunk’s CUCM group
Using Run on All Active Unified CM Nodes with SIP Trunks
The second deployment type is using the new feature “Run on all active unified CM Nodes”
This feature is available for both the SIP trunk and the Route List. In Pre CUCM 8.5, your RL is only active on one CUCM node, which in some cases means that all outbound calls will originate from the NODE the RL is registered to. That as you can see is not efficient and doesn't give any form of load balancing. For the sip trunks, you can only have up to 3 CUCM NODE to make outbound calls.
This feature enables you to use up to 16 CUCM nodes to initiate outbound calls compared to only 3 you have when using standard CUCM group.
The other excellent thing about this is that you can now have up to 16 CUCM nodes to set as your destination address as compared to the 3 in previous releases. Another advantage of this is that it reduces the intra cluster signaling within the cluster, because the call is routed out locally from the node it arrived on, rather than choosing another node and thereby creating a need for Intra cluster signaling.
Deployment Considerations and Call routing
For single Trunks
When the Run on all Nodes feature is selected on a SIP trunk, then The Route Local rule selects the node to originate calls from as the same node that the inbound call arrives on. i.e. The CUCM node the endpoint is registered to.
Multiple Trunks using Route Lists
When the Run on all Nodes feature is selected on a SIP trunk and the corresponding RL, then The Route Local rule selects the node to originate calls from as the same node that the inbound call arrives on. I.e. The CUCM node the endpoint is registered to.
There are some scenarios where this feature may be enabled on the RL but not on the SIP trunk (not recommended and you will see why). The next few lines details the outcome of test results for all of these scenarios.
Scenarios and Tests results
The tables below consist of different scenarios in which an outbound call originated from a cucm node. The tests and results detail which cucm node is chosen in a particular scenario. These tests uses the following elements
Route List (Registered to a CUCM node)
SIP Trunk (CUCM Group)
IP Phone (Registered to a CUCM Node)
Table 1: Route List enabled with "Run on all Node", SIP Trunk not Enabled for "Run on all CM Node"
From: " bob banks2" < sip:email@example.com> ;tag=552~736dccb8-3be2-4f69-88f8-ec5946dd6872-47142526
To: < sip:firstname.lastname@example.org>
SUMMARY: TEST 3
When the "Run on all active CM Node" is selected on the SIP Trunk and NOTselected on the RL, the Route Local feature uses this algorithm to determine which node the call will orginate from;
The Route list be comes the calling node. If the CUCM node the RL is registered to is part of the active CUCM node in the cluster, then use this node. As you can see the node the RL is registered to will always be used. This is a bad idea.You dont want to do this.
Table 4: SIP TRUNK enabled with "Run on all Active CM Nodes, RL NOT IN USE"
From: " bob banks2" < sip:email@example.com>
SUMMARY: TEST 4
When the "Run on all active CM Node" is selected on the SIP Trunk WITH NO RL in USE the Route Local feature uses this algorithm to determine which node the call will originate from;
Use the node that the inbound call arrived on. e.g CUCM server IP Phone is registered to.
DEPLOYING CUBE SIP TRUNK WITH "Run on all active node"
A new feature introduced with 15.(1)2T is the default behavior of a toll-fraud prevention feature. With this feature CUBE(or any IOS gateway) will check any source address against its trusted source list before allowing the call. The router will automatically add any destinations that are defined as an ipv4 target in a VoIP dial-peer to the trusted source list.
The implication of this, when using "run on all active node" is that if a call arrives to the CUBE from a CUCM node that is not defined in the ipv4 target on its VoIP dial-peer, that call will be rejected. This will lead to a scenario where some users will report that they are unable to make outbound calls.
To prevent this ensure that you add the subnet of your CUCM nodes in your IP address trust list as follows:
voice service voip
ip address trusted list
ipv4 10.10.10.0 255.255.255.0 (assuming 10.10.10.X is the subnet of your cucm nodes)
CONCLUSIONS AND RECOMMENDATION
FInally we are here. If you have stayed to read this bit, then I am sure you love what you do and want to do it better. So based on the test results, documentation and results here are my recommendations when deploying sip trunks
If you are not using the "run on all active CM node" feature, DO-NOT-CO-LOCATE your RL and SIP trunk CUCM group. What this mean is that do not assign a server in your RL CUCM group to the SIP trunk CUCM group. If you do this, you will not have any load balancing across your because calls will always originate from the node the RL is registered to.
When using "run on all active CM node" feature ensure that this is selected on both the ROUTE LIST and the SIP TRUNK. Doing this on one and not the other leads to an undesirable outcome
When Troubleshooting SIP trunks related issues, understand how the call is routed so that you can collect your traces from the appropriate node(s).
Finally, always use the "run on all active CM node" feature. It simplifies troubleshooting, reduces ICCS in the cluster and gives you a greater amount of nodes to use for call routing.
NB: When using this over SIP ICT Trunks, ensure that you define in your remote cluster all the IP addresses of servers that have CUCM service active on them. This is because a SIP trunk will reject any call that doesn't have its sip daemon running on. It populates this from the destination address.
Ensure you add the subnet of your CUCM nodes to your IP address trust list when using CUBE(s) with run on all active nodes
Enough of my babbling for now..Hope you find this useful!