VSC x8.1 upgrade - Should we update the port ranges on an upgrade to match new instalation port ranges?

Answered Question
Mar 10th, 2014
User Badges:
  • Silver, 250 points or more

Hi all,

 

I know there are several threads regarding this upgrade, yet I don't think there is anything specifically relating to this question.

 

I see that the port ranges on several connections have changed, but if an upgrade from x.7.2.2 has been applied, then certain port ranges remain the same.

 

i.e. the traversal media ports for NEW installation are now 36000 – 59999, with the first two ports in this range being use for the media demultiplexing ports (36000 and 36001). However, if a VCS has been upgraded from x7.x than the port range could be 50000 - 54999 (with 50000 and 50001 being the media demultiplexing ports).

 

So, is the advice that we should update the port ranges on the VCS upgrade to marry with that of a new installation, especially considering that in some instance, firewall rule will need to be amended in any case? The port ranges are wider to account for future improvement and traffic flows and I suspect that they will be at these levels for some time.

 

Many thanks

 

Chris

Correct Answer by Martin Koch about 3 years 4 months ago

Btw, the multiplex range can even be 36.000-36.011 in large VM deployments)

I would say practice is to update the ports using the default values for X8.1:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_g...

If you want to be future proof you might also want to see what going on on the "Cisco Expressway"

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config...

It might also depend on the security rules for you company/customer.

Some might ask you to limit the ports even more down, some will not care and have at least internally >1024UDP/TCP open
or even no firewall at all (not recommended, especially external!)

After the upgrade its always handy to double check the listening and outbound ports on the VCS

under "Maintenance > Tools > Port usage" and sure do a functionality test as well.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
Correct Answer
Martin Koch Thu, 03/27/2014 - 11:45
User Badges:
  • Red, 2250 points or more

Btw, the multiplex range can even be 36.000-36.011 in large VM deployments)

I would say practice is to update the ports using the default values for X8.1:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_g...

If you want to be future proof you might also want to see what going on on the "Cisco Expressway"

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config...

It might also depend on the security rules for you company/customer.

Some might ask you to limit the ports even more down, some will not care and have at least internally >1024UDP/TCP open
or even no firewall at all (not recommended, especially external!)

After the upgrade its always handy to double check the listening and outbound ports on the VCS

under "Maintenance > Tools > Port usage" and sure do a functionality test as well.

 

Chris Swinney Thu, 03/27/2014 - 12:48
User Badges:
  • Silver, 250 points or more

Thanks Martin,

Odd though as I thought there were several other replies to this thread previously. I wonder if these forums had created a doubled post to this thread? Its also difficult to work out what content you have posted as that feature is broken too. And annoyingly, accidentally hitting the Reply button again after composing a response simply wipes your work (he says, after typing this whole thing for the second time!)

However, your words are heeded and indeed this is the direction we will be going. However, we have no plans to deploy of utilise CUCM or the VCSs in the "Expressway" flavours across any of our managed organisations at this point in time - if ever.

 

Cheers

Chris

 

Wayne DeNardi Thu, 03/27/2014 - 19:10
User Badges:
  • Green, 3000 points or more
  • Cisco Designated VIP,

    2017 TelePresence

Hi Chris,

Yes, you had asked a similar question before... it was a few weeks ago.

Here's the thread: https://supportforums.cisco.com/discussion/12135251/vcs-upgrade-x81-recommended-practice-updating-port-ranges

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Martin Koch Fri, 03/28/2014 - 04:38
User Badges:
  • Red, 2250 points or more

Hi Wayne,

what is the status with your install/upgrade?

We had filed a Cisco SR#629524925 and my Cisco contact is saying he is trying to escalate it.

But I have the feeling that there is not much response.

 

What I requested:

* back port of the security issue bug to X7

* backwards capability of the traversal zone >X8.1 towards <=X7.x

Chris Swinney Fri, 03/28/2014 - 13:32
User Badges:
  • Silver, 250 points or more

Hey martin - I have a feeling you posted this in the wrong thread - Don't you jut love these new forums????

I have absolutely no idea what is going on!!!!!!!!!!!

Wayne DeNardi Sun, 03/30/2014 - 15:51
User Badges:
  • Green, 3000 points or more
  • Cisco Designated VIP,

    2017 TelePresence

Hi Martin,

At this stage, we're staying with X7.2.2 until there is a confirmed migration path doing parts of the environment at a time.

I have a meeting with our local Cisco rep on Friday afternoon this week to discuss this (and some other things) further.

I've asked that there is a fix for backwards compatibility (X8.1.1?) to allow us to migrate parts of the environment without upsetting the rest.

I've pushed this to the Asia Pacific experts too and asked that it is excalated.  Similar to you, I haven't had much in the way of a response - hopefully I'll find out more on Friday.

Cheers

Wayne
--
Pleae remember to rate responses and to mark your question as answered if appropriate.

Wayne DeNardi Sun, 03/30/2014 - 17:44
User Badges:
  • Green, 3000 points or more
  • Cisco Designated VIP,

    2017 TelePresence

Thanks Martin, +points for you.

Yep.  I agree - the communication, and follow up on questions, has been pretty ordinary on everything to do with X8.1.

I've queried the Security Advisory too and used that to highlight why we need answers to all the other questions.

Fingers crossed we'll hear something positive soon.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Actions

This Discussion