Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2454
Views
0
Helpful
0
Replies

CUBE / SBC with VRF & Multi-VRF

Matthew Newbrough
Level 1
Level 1

‎10-04-2012 04:37 PM

Hello,

I have recently purchased a Cisco ASR1001 with CUBE. Its primary role in life is to servce as an SBC. I have configured a working scenario where i can send and receive phone calls without an issue. However, now that I have nailed down the simplest (and least secure) configuration possible, I would like to begin "tightening up" the SBC and making it more secure. In the documenation I found online it mentions VRF and mult-VRF configuration for CUBE but it's like reading Greek to me at points! I have a good understanding of VRF in general (the whole logical router, seperate routing tables, etc.). Here is the example configuation from the Cisco's documentation that i found online:

vrf definition cust100side // Create a VRF instance

!

address-family ipv4

exit-address-family

interface SBC100 // Create an interface in the VRF space

vrf forwarding cust100side

ip address 12.0.0.30 255.255.255.0 secondary // This contains the IP address for the

// media, if different to the signaling

// address. The line is not entered, but

// appears automatically after the DBE

// configuration is entered (see

// ‘media-address’ CLI later.)

ip address 12.0.0.20 255.255.255.0 // This is the SIP adjacency address

interface GigabitEthernet0/1/0

no ip address

media-type sfp

negotiation auto

interface GigabitEthernet0/1/0.100 // VLAN identifier 100 defined here

vrf forwarding cust100side

encapsulation dot1Q 100

ip address 100.0.0.1 255.255.255.0 // This IP is where the remote side or external

// router can send traffic to, in order to get

// to the internal 12.0.0.0/24 network

interface GigabitEthernet0/1/0.200 // Other VLANS that are being trunked.

vrf forwarding cust200side

encapsulation dot1Q 200

ip address 200.0.0.1 255.255.255.0

sbc ted

sbe

adjacency sip adj_cust100

vrf cust100side

...

signaling-address 12.0.0.20 // This is the local address where call traffic

// will get routed to/from

remote-address ipv4 100.0.0.14 // This is an address for the remote side, where

// traffic will be routed

...

attach

...

media-address ipv4 12.0.0.30 vrf cust100side // The media address is also on the

// internal network. When the line

// is entered, the interface SBC

// will show a secondary address

// containing this IP address.

activate

Using this configuration as a boiler plate for discussion:

1.) what does the command "interface SBC100" actually do?

2.) should the other party set their device (SBC/PBX/Voip Phone/etc) to 12.0.0.20 or to 100.0.0.1 as my signaling address?

3.) In general, I'm unclear on what this whole configuration actually accomplishes. I mean, what is the advantage of doing something like this over just adding two adjacencies to the same VRF and creating static routes to any relevant subnets?

Thank you for taking the time to assist.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents