Re: Pub + Subs in different VLAN+++

JulienCAROFF87492 · ‎02-08-2020

Hello all,

Actually on site in Egypt to deploy full VoIP infrastructure(main site: 4 VM(CUCM-Pub+ CUCM-Sub1-CM + CUCM-Sub2-TFTP + VoiceMail Unity + BAckup site: 3 VM: CUCM-Sub3-CM-BAckup + CUCM-Sub4-TFTP-Backup + UNity-BackUp), I have 2 big issues I wanna talk to you about.

In fact, I prepared all the VM in my Lab @ work. Then I uploaded them all in the current ESX here on site(lets talk about main site only).

1°) But it seems only SIP phones that have already been registered in my lab are registering OK. Phones I've never connected(despite being present in Subscriber-DB + Pub-DB) dont want to register. Whereas everything, IP, SIP, ... is OK. While tracing the SIP phones, these ones are sending their Register correct but Sub1_CallMAnager responds/sends back to the phones"Not found, not present in DB"...whereas I can see them perfectly when logged on the Web I/F of Subscriber1_CallMAnager=> Any idea?

2°) Due to some VLAN segregation, we recently changed SUb1_CM IP@ to put it in a separate VLAN than the 3 others(Pub+Sub2+Unity) here on main site. But I was not aware that ONLY Pub has full R+W rights. So, I tried to make changes from the Sub1_CM, but it tells me "NO permission". Thats why I understand I need to repair my Pub, because all management should be done from this machine, right?

But, at the moment, I had my 4 VM assigned to the same ESX Eth port: is there a way to say"OK, Pub is on VLAN1, and the 3 others on VLAN2? Or do I have to move my 3 other VM to a different ETh port of the ESX?

And by the way, what are the best practices about VLAN vs VM(Pub+Sub...) that Cisco advices? All in same VLAN? Or can we put Sub1_CM in 1 VLAN(because all VoIP traffic is here) + Unity eventually, and Pub + SUb2 in some other VLAN because no Voice traffic on these 2?

Thank you very much for support

Julien

Gregory Brunn · ‎02-08-2020

Can you go onto your command line and issue a utils dbreplication runtime state. Is your database in order?

Please post a santized version of your output.

There is no problems and subs and pubs being on different vlans.

All best practices for this stuff is called out in the SRND. I suggest you read and refernece that document.

JulienCAROFF87492 · ‎02-09-2020

H Gregory

And thx for reply
I have some issue with my Pub, so I am thinking about reinstalling it from subscriber1_CM DB, I found a TC about it.
Anyway, my backup site is not connected yet, so the dbreplication state should not be that good...
And all that mess has happened since I changed IP@ of Sub1_CM... Pub is not well seen since then
Anyway...

About 2nd question, what is SRND? Can you gimme the link, pls?

THX

Julieni

Roger Kallberg · ‎02-08-2020

Not sure what you mean by this “Or can we put Sub1_CM in 1 VLAN(because all VoIP traffic is here) + Unity eventually, and Pub + SUb2 in some other VLAN because no Voice traffic on these 2?”

Do you mean that sub1 and phones are in the same vlan? If so that would not be recommend. Ideally phones would be in their own vlan and the servers would be in one. Although the servers could very well be in different vlans. But as you run them in VMWare what would the reason be to put them into different vlans?

JulienCAROFF87492 · ‎02-09-2020

Hi Roger,

Let me be clear:

phones + Sub1_CM+Unity in Voice VLAN => because all RTP flow is here

Pub + Sub2_TFTP => no Voice traffic, so I wanna put it in another VLAN

+ Also fo r a matter of NAT/SRST/IP Lookup, I had to remove Sub1_CM from the Voice VLAN

Did I make it clear enough?

Roger Kallberg · ‎02-09-2020

Thanks, that’s sort of what I thought. Minus the mention of NAT. What would be the reason for NAT being used for an internal sourced service?

About the RTP traffic, there are barely any traffic of this kind to any CM node. For sure it would be for CUC, but still the recommendation would be to put the phones and servers on different vlans. All this is very well described in the SRND, Solution Reference Network Design document. If your not familiar with this I recommend you to read up on the parts that you have questions about.

Roger Kallberg · ‎02-09-2020

Here is the link to UC 12 SRND. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab12/collab12.html

JulienCAROFF87492 · ‎02-09-2020

We are using NAT for SRST and roll-over issues.
Anyway, u right, is it direct RTP between internal phones, but also vs external via SIP trunk, right?
But I also have to setup a private connection via E1 from my network to a pre-existing network, that's why I wanna put Sub1_CM and SIP phones or Patton GW whatever, in same Voice VLAN
Anyway, I need to read SRND, I was not aware of this doc

THx

Roger Kallberg · ‎02-09-2020

As far as I know and from experience there is no reason for why NAT would be needed for SRST.

Yes there would be RTP between phones and the voice gateway(s) that interface with external services, like an ITSP or TDM service provider. That traffic wouldn’t however go via a CM, other than signaling.

JulienCAROFF87492 · ‎02-09-2020

We use SRST.... For SIP third-part, no Cisco IP-phones
SO, as it is not validated by Cisco, we had to do it our way! And also for network design issues
And obviously, u right: only SIG between SIP-phones and CM, and RTP is direct for the rest

JulienCAROFF87492 · ‎02-09-2020

And because my third-party SIP phones accept only 1 SIP registrar IP@ in their setup!
That's why I configured this Loopback NAT for SRST

JulienCAROFF87492 · ‎02-11-2020

Hi Roger,

I am afraid I forgot

This is a military project, so here it is briefly =>

IP from central => satellite up/RF=> satellite down/RF => IP to remote stations

Thats why it is really particular., this is not full IP, for a private company, bank
There is no direct RTP in this condition(how could it be?), all flows, sig+RTP, are going thru CM, so it is not an easy-to-deploy infrastructure...

Does anyone have any kid of experience on that kind of military + IP + RF environment?

Thx for advice

Julien

dp215 · ‎02-13-2020

Hi Julien,

From reading your previous post I was wondering if you were DoD. I manage multiple clusters world wide. I would let your satcom engineers handle the RF and transport, let the network engineers handle all the routing and KGs. As long as you have full ip connectivity you should be fine assuming you have enough bandwidth. Let me know if you have any further questions.