A. The Cisco Unified Border Element is a session border controller, or IP-to-IP gateway, designed to provide easy and cost-effective connectivity between independent unified communications (including voice-over-IP [VoIP] and video-over-IP) networks, for both enterprises and service providers. The Cisco Unified Border Element provides interconnection between incompatible applications within the enterprise network, between different enterprises for business-to-business applications, for enterprise connectivity to service provider SIP trunks, as well as between multiple independent service provider networks (peering). The Cisco Unified Border Element was formerly known as the Cisco Multiservice IP-to-IP Gateway.
The Cisco Unified Border Element provides session management capabilities, H.323 and SIP interworking functions, and network-to-network interface security and demarcation features. It performs most of the same functions of a public switched telephone network (PSTN)-to-IP gateway but joins two VoIP call legs. Media packets can either flow through (thus hiding the networks from each other) or flow around the Cisco Unified Border Element platform.
Q. Why would I use the Cisco Unified Border Element?
A. The Cisco Unified Border Element provides a connectivity point for interconnecting realms of Unified Communications. The connectivity point may require security screening of communications passing the point, a billing or troubleshooting demarcation between departments or networks, a protocol conversion (H.323 to SIP) point, call admission control decisions, or the need for a transcoding service. Specific applications include connectivity to service provider SIP Trunk Services or between different unified communications applications within a business such as Cisco Unified Communications Manager to Cisco MeetingPlace.
Q. How is pricing for the Cisco Unified Border Element determined?
A. Pricing for the Cisco Unified Border Element is determined either via a capacity-based license that allows a specific number of sessions (e.g. FL-CUBE-25 or FL-CUBE-100), or a platform-based license (e.g. the FL-INTVVSRV licenses) that allows as many sessions as the CPU of the platform can sustain. The Cisco Unified Border Element Ordering Guide explains the details of the license options available for different platforms.
Q. What interoperability testing has Cisco validated?
A. Cisco has validated interoperability with Cisco Unified Communications Manager, Cisco IOS gatekeepers, Cisco IOS gateways, and the Cisco PGW 2200 Softswitch. Configuration guidance for interoperability is posted at the Cisco Interoperability Portal.
Third party interoperability is achieved by Cisco's extensive participation in independent testing events, and conformance with H.323 standards and SIP standards. For a complete list of SIP RFC compliance of Cisco IOS, refer to the "Achieving SIP RFC Compliance" document.
Platforms and Software Images
Q. What platforms supports the Cisco Unified Border Element?
A. The Cisco Unified Border Element is an integrated application within Cisco IOS® Software that runs on the Cisco 2800 and 3800 Series Integrated Service Routers for integrated data and unified communications services; it also runs on the Cisco AS5350XM and AS5400XM Universal Gateways, and select Cisco IOS images on the Cisco 7200VXR Series Routers and the Cisco 7301 Router. Older platforms such as the Cisco 2600 Series Multiservice Platforms and Cisco 3700 Series Multiservice Access Routers can also support Cisco Unified Border Element features with older versions of Cisco IOS software. The most recent features may not available on these platforms.
Q. Are there plans to add more platforms?
A. The current choice of platforms provides a good range of capacities from 65 to 1000 simultaneous IP-to-IP calls. Cisco continually adds feature enhancements for both enterprises and service providers to existing platforms. Support for other Cisco platforms is being considered and are determined by market need. Service Provider peering interconnect SBC functionality is also supported on the Cisco 7600 and Cisco 12000 platforms. For more information, please refer to the Cisco XR 12000 Series Session Border Controller.
Q. What images are supported for the Cisco Unified Border Element? What considerations should I be aware of when ordering?
A. Generally, the Cisco Unified Border Element is supported on all Cisco IOS images of IP Voice and above. The data sheet and Cisco Unified Border Element Ordering Guide detail image names and platform requirements. Note that you must purchase a feature license to gain support from the Cisco Technical Assistance Center (TAC). To check current prices for the Cisco Unified Border Element, use the pricing tool at: https://tools.cisco.com/qtc/pricing/MainServlet (Cisco.com login required).
Q. What are the features in the Cisco Unified Border Element images and what are the differences in the image sets offered on each platform?
A. A range of software images is available with different tiers of functionality for the different supported platforms. On the Cisco 2800 and 3800 series Integrated Services Routers, the Cisco Unified Border Element is supported on the IP Voice and higher level images. The more sophisticated features, such as security and Gatekeeper, require a higher level image. On the Cisco 7200VXR Series Routers and the Cisco 7301 Router, the Cisco Unified Border Element is supported on Cisco IOS T-train images. The Cisco Unified Border Element Ordering Guide provides further details.
All software images with the Cisco Unified Border Element require a feature license.
Q. If my customer already has an applicable gateway platform, how can that be upgraded to support the Cisco Unified Border Element?
A. Existing Cisco 2800, 3800, AS5350XM, AS5400XM, 7200VXR, and 7301 platforms can be used as a Cisco Unified Border Element. If the platform is currently used as a PSTN gateway, it can be easily upgraded to add the Cisco Unified Border Element functions by loading an image that supports Cisco Unified Border Element functions and purchasing the required software licenses.
Q. What are the memory requirements for running the Cisco Unified Border Element?
A. For Cisco IOS Software Releases 12.4 and 12.4T, memory requirements for the Cisco 2800 and 3800 platforms are 64 MB of flash memory and 256 MB of DRAM for traffic loads of less than 300 simultaneous calls. For traffic exceeding 300 simultaneous calls, 512 MB of DRAM is recommended. For the Cisco AS5350XM, AS5400XM platforms, 128 MB of flash memory and 1G of DRAM is recommended. For the Cisco 7200VXR and 7301 platforms, 64 MB of flash memory and 1G of DRAM is recommended.
Q. What are the performance guidelines for the Cisco Unified Border Element?
A. The maximum number of simultaneous IP-to-IP calls that each platform can carry depends on several parameters, including but not limited to traffic mix, average call-hold time, desired CPU usage percentage, the codec used, transcoding and whether voice activity detection (VAD) is activated.
The values in Table 1 assume the use of a G.711 codec, with VAD turned on, call-hold times of 180 seconds, flow-through mode, Cisco IOS Software Release 12.4(9)T, and CPU use not to exceed 75 percent. These values should be used as guidelines only and should not be taken as guaranteed performance.
Table 1. Number of IP-to-IP Calls per Platform
Platform
Maximum Simultaneous Calls (Flow-Through)
Cisco AS5350XM and AS5400XM
1000
Cisco 7200 and 7201-NPE-G2
1000
Cisco 7200 and 7201-NPE-G1
700
Cisco 3845
750
Cisco 3825
600
Cisco 2851
600
Cisco 2821
400
Cisco 2811
200
Cisco 2801
100
Availability of Features in Cisco IOS Software Releases
Q. What Cisco IOS Software release supports specific Cisco Unified Border Element functions and features?
• Enhancements for SIP-to-SIP interworking for supplementary features using REFER
• Support for the Global System for Mobile Communications (GSM) Adaptive Multi-Rate Narrow Band (AMR-NB) codec for H.323-to-SIP and SIP-to-SIP calls
• Media Flow-Around for SIP-to-SIP calls
Q. What functions were added in Cisco IOS Software Release 12.4(6)T?
A. With this release, the Cisco Unified Border Element provides extended SIP-to-SIP support termination and re-origination of both signaling and media between VoIP and video networks using SIP signaling in conformance with RFC 3261 to interoperate with SIP user agents. Some important SIP-to-SIP features available in this release follow:
• TCL scripts with SIP Notify for application customization
• VoiceXML for application customization
• Transparent LAN Services (TLS) for secure calls and interworking with non-TLS endpoints
• E.164 Number Mapping (ENUM) support
• Lawful Intercept support
• Interoperability with Cisco Unified Communications Manager, Cisco PGW 2200 Softswitch, Cisco SIP Proxy Server, Cisco and BTS 10200 Softswitch,
Q. What functions were added in Cisco IOS Software Release 12.4(4)T?
A. With this release, the Cisco Unified Border Element provides basic SIP-to-SIP support termination and re-origination of both signaling and media between VoIP and video networks using SIP signaling in conformance with RFC 3261 to interoperate with SIP user agents. SIP-to-SIP features available in this release include the following:
• Voice calls (B2BUA): Termination and re-origination of signaling and media
• Early media call
• Network topology hiding
• Codecs (audio):
– G711µ-law and G711a-law
– G279, G.729A, G.729B and G.729AB
– G.723 and G.723A: 5.3K and 6.3K
– G.726: 16K, 24K, and 32K
– G.728
• Codec filtering
• Media flow-through
• DTMF: RFC 2833 to RFC 2833 and SIP-Notify to SIP-Notify
• Fax: T.38 and Cisco Fax Relay
• Transport: TCP and UDP
• CAC: Resource Reservation Protocol (RSVP) and max connections
• QoS: IP Precedence and differentiated services code point (DSCP)
• Call detail records
• TCL scripts with SIP RFC 2833
• Rotary mode with similar codecs
Q. What functions are supported in Cisco IOS Software Release 12.4 mainline?
A. The following features are present in the Cisco IOS 12.4 mainline release:
• H.323 video networking capabilities:
– Proxy capabilities
– Call admission control
– Simultaneous data, audio, and video conferencing
– RSVP synchronized with call signaling
– DSCP markings for video streams
– T.120 data collaboration
– Far-end camera control
• Cisco Unified Communications Manager H.323 support (refer to the application guide to better understand Cisco Unified Communications Manager version requirements)
• The ability to allow Real-Time Transport Protocol (RTP) traffic to flow around the Cisco Unified Border Element (in the initial release, only one configurable method for RTP traffic flow was supported, the flow-through mode)
Features
Q. What version of SIP does the Cisco Unified Border Element support?
A. The Cisco Unified Border Element complies with RFC 3261.
Q. Can the Cisco Unified Border Element support both early and delayed media SIP calls?
A. Yes. The Cisco Unified Border Element supports SIP Early-Offer-to-Early-Offer, Delayed-Offer-to-Delayed-Offer, and Delayed-Offer-to-Early-Offer on SIP-to-SIP calls. Additionally, H.323 FastStart, SIP Early Offer, H.323 SlowStart, and SIP Delayed Offer are supported for H.323-to-SIP calls.
Q. What version of H.323 does the Cisco Unified Border Element support?
A. H.323 support on the Cisco Unified Border Element is the same as that of the Cisco IP-to-time-division-multiplexing (TDM) gateways. Both support H.323v4. Note: H323v4 is backward-compatible with H.323v3 and H.323v2.
Q. Can the Cisco Unified Border Element support both fast-start and slow-start modes at the same time for a single call?
A. Yes. If a fast-start call is on an inbound call leg and a slow-start call is on an outbound call leg, the Cisco Unified Border Element supports a conversion from one mode to another. Both legs do not need to be in the same mode.
Q. What do "flow around" and "flow through" mean?
A. The terms describe whether the RTP, or media, traffic from the originating and terminating endpoints flows through the Cisco Unified Border Element or flows around it (directly from endpoint to endpoint).
Advantages of flow-through mode include the obscuring of endpoint RTP port numbers and IP addresses, support for supplementary services, converting in-band DTMF relay such as RFC2833 to out of band methods, as well as doing media manipulation such as transcoding. With flow-around support, the CPU load on the Cisco Unified Border Element can be reduced, but address hiding on RTP packets is no longer applicable, transcoding cannot be done and some supplementary services may not be supportable.
Flow around for H.323-to-H.323 mode was added in Cisco IOS Software Release 12.3(1). Flow around for SIP-to-SIP is supported as of Cisco IOS Software Release 12.4(9)T.
Q. Does the Cisco Unified Border Element perform transcoding?
A. Yes. Transcoding is supported except on the Cisco 7200VXR or 7301 platforms, which do not have digital-signal-processor (DSP) hardware that can support transcoding. DSP hardware for transcoding can reside on same platform as the Cisco Unified Border Element or on a separate router. Transcoding between any two of the following codecs is supported:
• G.711 a-law 64 Kbps
• G.711 µlaw 64 Kbps
• G.723: 5.3 and 6.3 Kbps
• G.729, G.729A 8 Kbps
• G.729B, G.729AB 8 Kbps
• iLBC: 13.3 and 15.2 Kbps
• G.722: 64 Kbps
Q. Does the Cisco Unified Border Element support hunt groups?
A. Yes, except that all dial peers in the hunt group must have identical parameters for the call. Call parameters are not renegotiated while hunting after an initial connect failure.
Q. What is a transparent codec, and what does it do?
A. The Cisco Unified Border Element transparently passes capabilities between endpoints. To configure this function in Cisco IOS Software, a new codec type called the transparent codec is used.
The transparent codec is unique to the Cisco Unified Border Element. Configuring "codec transparent" on the Cisco Unified Border Element allows it to pass through codecs that it understands, but it does not force the negotiation of any particular codec-codec negotiation is left to the two endpoints. Only codecs that are supported on the Cisco Unified Border Element can be passed between the two call legs.
Q. What is codec filtering?
A. The Cisco Unified Border Element supports codec filtering, a mechanism designed to force a call to select a specific codec from a list of codecs. Codec filtering can be enabled by restricting codecs advertised on outbound call legs. For example, high-bandwidth codecs can be restricted on the re-origination side of the outbound dial peer of the gateway.
Q. How do packets get transferred from one call leg to the other?
A. RTP packets are fast-switched through the Cisco Unified Border Element. The payload is not examined or modified, but the header information, such as source IP address, is updated.
Q. Does the Cisco Unified Border Element affect voice or video quality?
A. There is minimal effect on quality because no encoding or decoding is required. The average media latency is only minimally increased, by about 2 milliseconds (ms).
The Cisco Unified Border Element setup with Registration, Admission, and Status (RAS) signaling adds about 25 ms of post-dial delay (under a call load of 500). This number is derived from a 5-ms delay for each passed-along call setup message.
Q. How might the Cisco Unified Border Element affect IP Precedence, and why would we use it?
A. IP Precedence of RTP packets can be changed by the Cisco Unified Border Element if configured to do so. This remarking allows the existing QoS policies of the different network to remain unchanged, and the Cisco Unified Border Element itself can map between these networks to provide the appropriate level of prioritization on both sides of the network.
Q. Does the Cisco Unified Border Element pass along Compressed RTP (cRTP)?
A. cRTP is supported on the Cisco Unified Border Element . All cRTP traffic is decompressed on the ingress interface before it is switched through the router; then it is recompressed on the egress interface if cRTP is configured on the egress interface.
Q. Does the Cisco Unified Border Element support standard Cisco vendor-specific attributes (VSAs)?
A. Yes. The Cisco Unified Border Element supports all the standard VSAs currently available on Cisco IP-to-TDM gateways.
Q. Can the Cisco Unified Border Element handle unified communications and data traffic simultaneously?
A. Yes. CPU performance must be engineered to allow for all types of traffic flowing through the router.
Q. Does the Cisco Unified Border Element support IVR?
A. The Cisco Unified Border Element can work with Tcl IVR scripts or VoiceXML applications to provide IVR capabilities to call legs. A basic single-stage call using a Tcl script is supported (session.tcl). Custom scripts that use IVR verbs (to play prompt or collect digits, for example) are also supported. Tcl scripts that result in call flows, such as call transfer or hunting, are not supported.
Bearer Capabilities
Q. Does the Cisco Unified Border Element support in-band DTMF (not DTMF Relay) on SIP trunks?
A. Yes, the Cisco Unified Border Element supports in-band tones in G.711 on unified communications SIP trunks, and can convert these in-band tones to RFC 2833 DTMF Relay for interoperability to the rest of the network.
Q. Does the Cisco Unified Border Element support early media-to-delayed media conversion for SIP-to-SIP calls?
A. Yes.
Q. When are DSPs needed on the Cisco Unified Border Element?
A. Access to DSPs is needed when the Cisco Unified Border Element performs transcoding for the media stream. The DSPs can be housed physically on the same platform as Cisco Unified Border Element or on a neighboring router. It is also needed if in-band DTMF tones (non-RFC2833) must be detected and converted to DTMF relay methods. DSPs are not needed to detect RFC2833-encoded tones.
Q. Does the Cisco Unified Border Element support the empty capability set?
A. Yes, it transparently passes the empty capability set from one call leg to the other.
Q. Does the Cisco Unified Border Element support fax, modem, and DTMF?
A. Yes. The Cisco Unified Border Element transparently passes the following:
• DTMF: DTMF Relay: H.245 (signaling and alphanumeric), RFC 2833, SIP Notify, Skinny Client Control Protocol (SCCP) out of band (OOB), and G.711 In-band DTMF
Q. Does the Cisco Unified Border Element support translation rules and digit manipulation?
A. Yes, it has the same support for translation rules and digit manipulation on VoIP dial peers as other Cisco H.323 and SIP gateways.
Q. What is a Conference ID? Does the Cisco Unified Border Element carry the same conference ID on both call legs?
A. A Conference Identifier is a globally unique identifier (GUID) as defined in the H.323 standard. The Cisco Unified Border Element carries the same Conference ID on both call legs. All call legs that belong to a single call carry this identifier. Billing servers use the Conference ID to correlate all such call legs belonging to a call. Cisco billing partners already understand and use Conference ID, so there is no change in handling when it comes to the two call legs on a Cisco Unified Border Element.
Enterprises and SMBS
Q. Should a Cisco Unified Border Element be used when a unified communications SIP trunk delivers calls into an enterprise or SMB site?
A. Yes. A proper demarcation point should exist between the service provider network and the private (enterprise or SMB) network to provide all the manageability, security, and troubleshooting benefits that TDM PSTN gateways provided. The Cisco Unified Border Element provides many additional functions in the enterprise network such as IP address hiding, CAC, protocol signaling, media normalization (for example, in-band DTMF-to-DTMF Relay conversion) and SIP normalization (manipulation of SIP headers for different networks or policies) that are necessary to protect your enterprise call agents and endpoints from protocol and media variations that may exist on the unified communications SIP trunk.
Q. What versions of Cisco Unified Communications Manager have been verified with the Cisco Unified Border Element?
A. Cisco CallManager 3.0 or later and Cisco IOS Software Release 12.3(1) or later with H.323 have been verified with the Cisco Unified Border Element, in addition to Cisco Unified Communications Manager 5.0, 6.0 and 6.1and Cisco IOS Software Release 12.4(6)T and later with SIP. Many specific releases of Cisco Unified Communications Manager and Cisco IOS Software have introduced specific features for both H.323 and SIP interconnectivity. Cisco Unified Communications Manager requirements for an MTP also vary among its releases and specific call flows. Please check configuration and feature documentation on both products for specific details.
Q. Can I use a unified communications SIP trunk from a provider without implementing SIP on Cisco Unified Communications Manager?
A. Yes. This is one of the many benefits that the Cisco Unified Border Element offers. Interoperability with Cisco Unified Communications Manager is possible with H.323 if the Cisco Unified Border Element terminates the SIP trunk. You can operate in this manner until it is convenient to upgrade the enterprise network to SIP signaling on the Cisco Unified Communications Manager side, and then merely change the protocol from H.323 to SIP on the Cisco Unified Border Element dial peer facing toward Cisco Unified Communications Manager.
Q. Is an MTP needed when using a Cisco Unified Border Element with Cisco Unified Communications Manager?
A. The Cisco Unified Border Element does not require MTPs. When connected to Cisco Unified Communications Manager, Cisco Unified Communications Manager may require an MTP for the specific call flow. If so, the MTP maybe resident on the same ourter platform as the Cisco Unified Border Element. Requirements for MTPs vary with the protocol, deployment model and release of Cisco Unified Communications Manager used.
MTP requirements when using an H.323 trunk to Cisco Unified Communications Manager:
• If the Cisco Unified Border Element is handling H.323-to-H.323 calls, an MTP is not mandatory if the Cisco Unified Border Element release is Cisco IOS Software Release 12.4(6)T or later and the Cisco Unified Communications Manager is Version 4.1 or later.
• An MTP can be co-resident on the same router as the Cisco Unified Border Element.
MTP requirements when using a unified communications SIP trunk to Cisco Unified Communications Manager:
• Configure a SIP trunk without MTP if delayed media or an INVITE with no Secure Device Provisioning (SDP) is acceptable
• Configure a SIP trunk with an MTP if early media or an INVITE with SDP is a requirement (G.711 calls only)
Service Provider-Access and CPE Capabilities
Q. Can other router-based services be collocated with the Cisco Unified Border Element on managed CPE device?
A. Yes.
Q. How can the Cisco Unified Border Element be managed as a CPE device?
A. All general Cisco IOS router services and management interfaces such as telnet access, SSH, SNMP and AAA are available on the Cisco Unified Border Element to interface with existing router network management applications to allow for downloading and editing of configurations and service monitoring.
Q. How can I perform the Lawful Intercept function on the Cisco Unified Border Element?
A. The Lawful Intercept function is part of the Cisco Unified Border Element software, and is supported on the Cisco 2851, 3825 and 3845 platforms only. If a customer requires the function of Lawful Intercept exclusively, then only the Cisco Unified Border Element software image is required. Refer to the "Cisco Service Independent Intercept Architecture" document for more information about the Cisco architecture for Legal Intercept.
Service Provider-Peering Capabilities
Q. What is the Open Settlement Protocol?
A. Open Settlement Protocol (OSP) is a client-server protocol defined by the ETSI Internet Protocol Harmonization over Networks (TIPHON) organization to establish authenticated connections between gateways and to allow gateways and servers to transfer accounting and routing information securely. OSP allows service providers to deploy VoIP services without establishing direct peering agreements with other Internet Telephony Service Providers (ITSPs).
The protocol specifies a method for an originating gateway at a subscriber carrier to request a termination point from the OSP server at the clearinghouse organization. The OSP server provides a secure, token-based signature to certify to a terminating gateway that the call has been authorized and will be settled. The OSP server provides a secure link between the gateways and server to transfer accounting and routing information. The OSP protocol does not specify the method by which routes are selected by the route server, a function of the OSP server. OSP-based clearinghouses provide least-cost and best-route selection algorithms based on parameters their subscriber carriers provide, including cost, quality, and specific carrier preferences.
Q. Does the Cisco Unified Border Element support carrier ID routing?
A. Yes. Carrier IDs can be assigned at a trunk-group level at the PSTN gateways. The gateway can then make a routing decision based on the source carrier ID if provided. The carrier ID can also be assigned at the gateway using the ip circuit command shown below and the parameters of this command are explained In Table 2:
ip circuit [carrier-id carrier name] [reserved-calls reserved]
| [max-calls maximum calls] | [default {only | name carrier name}]
Table 2. Carrier ID Routing Configuration Syntax Description
Configuration Variable
Configuration Variable Detailed Description
Carrier-id
Sets the IP circuit associated with a specific carrier
Carrier name
Defines an IP circuit using the specified name as the circuit ID
Reserved-calls
Specifies the maximum number of calls for the circuit ID
Reserved
Maximum number of calls; default value is 200
Max-calls
Sets the number of maximum aggregate H.323 IP circuit carrier call legs
Maximum calls
Maximum number of call legs; default value is 1000
Default only
Creates a single carrier using the default carrier name
Q. Can the Cisco Unified Border Element be used with carrier-sensitive routing applications?
A. Yes, the Cisco Unified Border Element can be used in conjunction with a route server using the Gatekeeper Transaction Message Protocol (GKTMP) interface on the Cisco Gatekeeper. Cisco offers such a product in the form of the Cisco Unified Intelligent Contact Management Hosted platform. Some service providers have developed their own route servers to provide this function based on the Cisco gatekeeper GKTMP.
The most commonly used carrier-sensitive routing applications are time-of-day routing, least-cost routing, access cost-based routing, percentage-of-traffic-based routing, and geographically based routing. The Cisco Unified Border Element can send RAS requests to the Cisco Voice Infrastructure and Applications (VIA) Gatekeeper, which then sends GKTMP requests to a route server. Note that H.323v4 compliance is required.
Q. How does the Cisco Unified Border Element support authentication, authorization, and accounting (AAA)?
A. The Cisco Unified Border Element supports per call authentication, authorization and accounting. This is done a similar manner to the TDM-to-IP voice gateways, however there are two IP call legs and no TDM calls legs. Authentication can be done based on the Calling or Called number or an IVR script can be used on the incoming call leg to add a second level of authentication.
All RADIUS features including accounting templates and multiple RADIUS servers can be used with the Cisco Unified Border Element.
Call Admission Control
Q. What mechanisms of CAC are supported on the Cisco Unified Border Element?
A. Call Admission Control with a Cisco Unified Border Element can be provided based on total calls, CPU, memory, IP call capacity, "max-connections" through a specific dial peer, and Resource Reservation Protocol (RSVP; H.323-to-H.323 calls only).
Q. Can RSVP be used to provide CAC for calls through the Cisco Unified Border Element?
A. Yes, for H.323 calls. This capability is typically used to provide CAC on H.323 Inter-Cluster Trunks (ICT) between Cisco Unified Communications Manager and Cisco Unified Communications Manager clusters.
Q. How is resource allocation handled on the Cisco Unified Border Element?
A. Resource management can be performed through H.323v4 call capacities. Traditional Resource Availability Indicator (RAI) mechanisms available on Cisco TDM voice gateways are not supported. However, call capacities can be used to simulate RAI mechanisms such as resource management. The Cisco Unified Border Element reports call capacity through H.323v4 call-capacity fields to the gatekeeper. It is also possible to reserve a capacity for a particular carrier in the scheme. Gatekeepers can load-balance among the Cisco Unified Border Elements using the call-capacity information supplied by the gateways.
Security
Q. Can the Cisco Unified Border Element perform NAT?
A. The Cisco Unified Border Element inherently performs NAT and Port Address Translation (PAT) functions for unified communications calls because it terminates and re-originates all sessions. In this function, the Cisco Unified Border Element substitutes its own address for the address of any endpoint it communicates with, thus effectively hiding (translating) the address of that endpoint. This function is slightly different from the function of the Cisco Hosted NAT Traversal application, where typically a third address is substituted in the place of an endpoint address. Hosted NAT Traversal is also supported on the Cisco Unified Border Element.
Q. Should I use a firewall with the Cisco Unified Border Element?
A. The Cisco Unified Border Element provides many security features (including topology hiding, SIP protocol inspection, and rogue/malformed packet detection) for the unified communications sessions that pass through it-using an additional external firewall is supported but optional. Typically firewalls are general traffic inspection applications that sees all traffic coming into the network, while the Cisco Unified Border Element sees only H.323 or SIP traffic. If an external firewall is used, it may be on the outside or the inside of the network with respect to the Cisco Unified Border Element, as determined my enterprise network security operations policies.
Q. Can the default SIP listening port 5060 be changed?
A. Yes. It can be configured to any valid port number.
Q. How does the address-hiding feature appear to external devices and networks when multiple customers are involved?
A. Figure 1 illustrates a basic Cisco Unified Border Element network. From the perspective of the private, or customer, networks, the Cisco Unified Border Element appears as a single public address that must be routable on their private networks (in this case a 192.x.x.x address routable on the 10.10.x.x and 12.10.x.x networks). Care must be taken at the Cisco Unified Border Element to ensure that proper routing restrictions are in place to prevent communication directly between the private networks attached to it. Note that this model works only if no overlapping address schemes are used on the customers' networks. Finally, to the hop-off gateways on the public network, all calls appear to originate from the 192.x.x.x address of the Cisco Unified Border Element and not the private addresses on the customer networks.
Figure 1. Cisco Unified Border Element Network
Q. Does the Cisco Unified Border Element support Virtual Route Forwarding (VRF)?
A. Voice VRF awareness is available as of 12.4(15)T. A single VRF for voice is supported for SIP or H.323.
Q. Is the MD5 algorithm supported with Digest Authentication?
A. Yes, the Cisco Unified Border Element response to a Digest Authentication is MD5 encrypted.
Q. Does Cisco token security work with the Cisco Unified Border Element?
A. Yes. The security features using Cisco Interzone ClearToken (IZCT) are passed through, allowing the Cisco Unified Border Element to be inserted into a secure network.
Q. How do I configure Cisco access tokens and IZCT?
A. To enable Cisco IZCTs, use the following configuration:
security izct password xxxxxx
on all the related Cisco Unified Border Element. To enable Cisco access tokens, use:
