Guest

Cisco Network Modules

How to Configure Failover for Cisco Unified SIP Proxy

Techzone Article content

Document ID: 116015

Updated: Apr 02, 2013

Contributed by Randy Yuan Wu, Cisco TAC Engineer.

   Print

Introduction

This document discusses two options to use in order to configure redundancy (failover) for Cisco Unified SIP Proxy.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Hot Standby Router Protocol (HSRP)
  • DNS
  • Cisco Unified SIP Proxy (CUSP)

Components

The information in this document is based on the CUSP.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Create a Fault-Resistant Default Gateway

The ability to create a fault-resistant default gateway is a key feature that the Cisco Unified SIP Proxy (CUSP) provides. There are two options you can use to achieve redundancy for CUSP. One is to use Domain Name System Server DNS SRV; the other is to create a virtual server. Hot Standby Router Protocol (HSRP) is the mechanism by which a virtual server can be created. The first part of this document briefly describes how to implement DNS SRV. The rest and majority of this document describes how HSRP?s features can be implemented in order to detect problems on either the Integrated Services Router (ISR) chassis or on the CUSP service-module itself.

Option One — DNS SRV

In this option, configure the upstream element (whichever element forwards calls to CUSP) to use DNS. If the attempt to reach cusp1 fails, the upstream element queries for the next entry in DNS SRV and attempts to use cusp2. DNS must be configured properly in order for this to work.

  1. First, two DNS SRV (service) records must be created, one for each cusp. The record which points to cusp1 has a higher priority.

  2. Secondly, two DNS A (hostname) records must be created so that the destinations in the DNS SRV records can be resolved. This example shows what the DNS server should contain in its records.

116015-configure-failover-cusp-01.png

Option Two — HSRP

This diagram provides a basic architecture of how to configure CUSP for HSRP. The left side is an upstream SIP element, and the right side is the downstream SIP element. In between these elements is one virtual router with an IP address of 192.168.20.7. Both the upstream and downstream elements lead SIP traffic towards the IP address of the virtual router. Inside the virtual router are two actual routers: a primary and a secondary. These two routers share this same virtual IP address, and their configurations are identical with two exceptions. Therefore, the configurations given in this document are the same for both routers.

Note: HSRP configuration for two CUSPs in a single router has not been tested. It might be possible to take this solution and expand it for multiple CUSPs, but it is not supported at this time.

116015-configure-failover-cusp-02.png

Setup Basic Connectivity

First, setup connectivity between the router and the blade. Although this is covered in other documents, it is redundantly discussed in this document as well. In this example, the primary router has an address of 192.168.20.80 and its CUSP has an address of 192.168.20.81.

interface GigabitEthernet0/1
ip address 192.168.20.80 255.255.252.0
!!
interface Integrated-Service-Engine1/0
ip unnumbered GigabitEthernet0/1
service-module ip address 192.168.20.81 255.255.252.0
service-module ip default-gateway 192.168.20.80
!!
ip route 192.168.20.81 255.255.255.255 Integrated-Service-Engine1/0

The secondary router has an address of 192.168.20.90 and its CUSP has an address of 192.168.20.81.

interface GigabitEthernet0/1
ip address 192.168.20.90 255.255.252.0
!!
interface Integrated-Service-Engine1/0
ip unnumbered GigabitEthernet0/1
service-module ip address 192.168.20.81 255.255.252.0
service-module ip default-gateway 192.168.20.90
!!
ip route 192.168.20.81 255.255.255.255 Integrated-Service-Engine1/0

Setup Router-Level Failover

Next, router level failover must be configured. This involves designation of one of the routers as the primary and the other as the secondary. There is a slight difference in the configuration of the two routers.

Here is the configuration for the Primary Router:

interface GigabitEthernet0/1
standby 0 ip 192.168.20.7
standby 0 priority 100

Here is the configuration for the Secondary Router:

interface GigabitEthernet0/1
standby 0 ip 192.168.20.7
standby 0 priority 90

Both routers have their standby IP addresses set to the virtual router; however, the primary router has a higher priority than the secondary one. That means, while all other things are identical, the primary router is considered active, and all SIP traffic goes thru the primary router and then to the CUSP on that router. The secondary router is in standby and only takes over if the primary router goes down for any reason, such as a power outage.

Track the Interfaces

HSRP also must be setup to detect a CUSP level failure. What happens if the CUSP in the primary router dies for someone reason, but the router itself is unaffected? SIP traffic continues to be sent to the CUSP in the primary router. The priority of the router must be changed based on the state of the CUSP located in each router.

The way to do this is to setup an ICMP echo to the CUSP from each router. In this case, the echo is sent every two (2) seconds, with a one (1) second timeout. The lower these values are, then the quicker the router can detect that the CUSP is down. However, if the ICMP echo is set too low, this could result in false positives. The last configuration line in this example begins the echo and sets it to occur forever.

Note: ICMP echoes cannot track the state of the SIP port. HSRP failover cannot be initiated if the problem is at the port level. To reiterate; if the router fails, the other router takes over; if the pings for the IP Service Level Agreements (SLA) fail, the other router takes over; if SIP port fails, this is not detected.

ip sla 1
icmp-echo 192.168.20.81
timeout 1000
frequency 2
!!
ip sla schedule 1 life forever start-time now

An object must be setup to track the state of that echo. The object number is 100 in this case. The interface must be set to decrement the priority of the router by 20, if this object's status is down. This means if the CUSP on the primary router goes inactive for some reason, its priority will drop from 100 to 80. Its priority is then less than that of the secondary, which has a priority of 90. If standby 0 preempt is set, it forces the secondary router to takeover for the primary, and then the SIP traffic goes to the secondary CUSP.

track 100 ip sla 1 reachability
!!
interface GigabitEthernet0/1
standby 0 track 100 decrement 20
standby 0 preempt

HSRP Configuration of Primary Router

ip sla 1
icmp-echo 192.168.20.81
timeout 1000
frequency 2
!!
ip sla schedule 1 life forever start-time now
!!
track 100 ip sla 1 reachability
!!
interface GigabitEthernet0/1
ip address 192.168.20.80 255.255.252.0
standby 0 ip 192.168.20.7
standby 0 priority 100
standby 0 preempt
standby 0 track 100 decrement 20
!!
interface Integrated-Service-Engine1/0
ip unnumbered GigabitEthernet0/1
service-module ip address 192.168.20.81 255.255.252.0
service-module ip default-gateway 192.168.20.80
!!
ip route 192.168.20.81 255.255.255.255 Integrated-Service-Engine1/0

HSRP Configuration of Secondary Router

ip sla 1
icmp-echo 192.168.20.81
timeout 1000
frequency 2
!!
ip sla schedule 1 life forever start-time now
!!
track 100 ip sla 1 reachability
!!
interface GigabitEthernet0/1
ip address 192.168.20.90 255.255.252.0
standby 0 ip 192.168.20.7
standby 0 priority 90
standby 0 preempt
standby 0 track 100 decrement 20
!!
interface Integrated-Service-Engine1/0
ip unnumbered GigabitEthernet0/1
service-module ip address 192.168.20.81 255.255.252.0
service-module ip default-gateway 192.168.20.90
!!
ip route 192.168.20.81 255.255.255.255 Integrated-Service-Engine1/0

Related Information

Updated: Apr 02, 2013
Document ID: 116015