Incoming Dial-peer matching on IP Address [CUBE/TDM-SIP]

Document

Mon, 04/11/2016 - 06:05
Jun 20th, 2012
User Badges:
  • Cisco Employee,

Introduction


Starting IOS version 15.1(2)T, we can  match inbound dial-peers via IP Address or hostname. This enables  CUBE/TDM-SIP to connect to two or more different ITSPs allowing specific  call routing, codec selection, digit manipulation, CAC, QoS, or  security policies for each ITSP.


Feature Overview

Dial-peer  selection is based on immediate SIP neighbor's address information and  applicable only to incoming SIP calls. The address information is  retrieved from the VIA header of the incoming message, which is then  used to lookup the dial-peer that has the best match for the criteria  selected. The lookup will first attempt to match a dial-peer with the  address information in the following order:

  • Via header
  • Request URI
  • To URI
  • From URI
  • Called Number


If none of the parameters match, then the default inbound dial-peer is matched.


This  feature also allows for Generic DNS Caching framework for faster FQDN  to IP Address lookup. For a configured FQDN, the DNS Caching framework  resolves the FQDN and stores the corresponding set of IP addresses for  it. The framework also takes care of the regular DNS refreshes for the  FQDN. For a dial-peer match to be done, if the incoming Via header has  an IP address and the configuration has an FQDN, then the corresponding  resolved addressed of this FQDN is queried from the DNS Caching  Framework.


Call Flow


ITSP1 ---> SIP --> Call from source address 172.16.1.10 ----->

                                                                                                                  | ----> CUBE - SIP - CUCM - IP Phones

ITSP2 ---> SIP --> Call from source address 172.31.10.10 --->


Sample Config


!To handle incoming calls from ITSP1

voice class uri 1001 sip
host ipv4:172.16.1.10

dial-peer voice 1 voip
description Calls from ITSP1
session protocol sipv2
incoming uri via 1001
max-connection 10
codec g711ulaw
acc-qos controlled-load
req-qos controlled-load


!To handle incoming calls from ITSP2

voice class uri 1002 sip
host ipv4:172.31.10.10

dial-peer voice 1 voip
description Calls from ITSP1
incoming uri via 1002
session protocol sipv2
max-connection 30
codec g729r8
Loading.
Paul McGurn Tue, 01/14/2014 - 09:54
User Badges:
  • Bronze, 100 points or more

Is 172.16.1.10 supposed to be the source address of the ITSP1, or the address of the CUBE this dial peer is being configured on?

Paul McGurn Tue, 01/14/2014 - 17:35
User Badges:
  • Bronze, 100 points or more

Thanks for confirming.  I'm on IOS 15.1(4)M3, and tried this config with via, to, and from, all to no avail.  I think I'll be opening a TAC case on that one.

Yorick Petey Mon, 04/11/2016 - 06:05
User Badges:

This mechanism actually matches with the SIP VIA header, not with the Source IP on the IP layer.

What happens if a bad guy sends an INVITE with the Source IP of the Provider (to pass through the trusted list), but with a different IP in the VIA Header?

In my opinion, the Inbound DP will not be matched here, and possibly an Outbound DP will.

What do you think?

Actions

This Document

Related Content