HCS PoD Tenant Scaling
Along with the recommendations described in Architecture Capacity Planning, the number of customers that can be accommodated in a Cisco HCS PoD configuration is based on the following key factors that are required for each customer:
- Two VRFs are defined for each HCS customer on the Nexus aggregation switch, one northbound and one toward the Adaptive Security Appliance (ASA)
- Two HSRP groups are defined, one toward the applications and ASA (inside), and one for the SBC (demarcation device) and ASA (outside)
- Two VLANs are provided for each HCS customer, one toward the application and one for ASA and Session Border Controller (SBC).
- Two static routes are provided inside and outside to connect to the ASA firewall
- One static route is defined to the outside VLAN to connect to the SBC
- One static route is defined to route traffic to the management domain. This route is for any traffic communication between the management domain and on-premise devices, such as voice gateway, and so on.
The ASA and SBC connect on the same outside VLAN. This means that the outside VLAN of the ASA is same as the inside VLAN of SBC.
The outside of the SBC does not pass through the ASA so that media does not go through the ASA for the inter-customer or off-net calls. Therefore, you can place the SBC and ASA on the same HSRP group and VLAN for SBC inside and ASAs outside VLAN.
You can extend the HSRP group used by the aggregation switch facing toward the application to the ASA (security appliance) on the inside; this saves one HSRP group on the Nexus aggregation switch.
Cisco recommends that you use the static route to connect to the ASA and SBC because dynamic routing (BGP) is not supported on the ASA. Use one static route to route calls from UC applications to the firewall and use one static route to route the incoming specific customer base traffic to the firewall. In HCS deployments, all the communication between an end device and the Cisco Unified Communications Manager goes through the firewall.
Note |
Signaling goes through the firewall, but no media goes through the firewall other than the MOH or voicemail. |
Define a static route on the Nexus aggregation switch to route the outbound traffic to the SBC and define one static route to route the customer-specific management traffic from the customer premise to the management domain.
Based on the preceding numbers, static routes are the lowest common denominator. If you require four static routes for each Cisco HCS customer in your deployment and only 4,000 static routes are supported on the Nexus 7000, the HCS customer scale numbers can be determined using the following formulas:
- Number of customers = (Static Routes - 50 Spare)/Static Route per customer
- Number of customers = (BGP peers - 20 Spare) / BGP peers per customer
- Number of customers = HSRP Groups - 40 Spare) / HSRP per customer
- Number of customers = (VRF - 10 Spare) / VRF per customer
- Number of customers = (VLANs - 100 Spare) /VLAN per customer
When deploying an over-the-Internet model for the same enterprises that have the MPLS-enabled HCS, there is no change to the maximum number of customers. If a service provider onboards only over-the-Internet customers, they still require four static routes per customer. Therefore, the maximum number of customers for the following deployments is the same:
- Cisco HCS deployment
- Cisco HCS deployment with over-the-top traffic (OTT)
- Cisco HCS deployment with TP
- Cisco HCS deployment with TP and OTT