Archive for the ‘LAB TIPS’ Category

000 0001 1 Unallocated (unassigned) number
000 0010 2 No route to specified transit network
000 0011 3 No route to destination
000 0110 6 Channel Unacceptable
000 0111 7 Call awarded and being delivered in
an established channel
001 0000 16 Normal call clearing
001 0001 17 User busy
001 0010 18 No user responding
001 0011 19 No answer from user (user alerted)
001 0101 21 Call Rejected
001 0110 22 Number changed
001 1010 26 Non selected user clearing
001 1011 27 Destination out of order
001 1100 28 Invalid number format
001 1101 29 facility rejected
001 1110 30 Response to status enquiry
001 1111 31 Normal, unspecified
010 0010 34 No circuit/channel available
010 0110 38 Network out of order
010 1001 41 Temporary failure
010 1010 42 Switching equipment congestion
010 1011 43 Access information discarded
010 1100 44 Requested circuit/channel not available
010 1101 45 Pre-empted
010 1111 47 Resources unavailable, unspecified
011 0001 49 Quality of service unavailable
011 0010 50 Requested facility not subscribed
011 0100 52 Outgoing calls barred
011 0110 54 Incoming calls barred
011 1001 57 Bearer capability not authorised
011 1010 58 Bearer capability not presently available
011 1111 63 Service or option not available, unspecified
100 0001 65 Bearer capability not implemented
100 0010 66 Channel type not implemented
100 0101 69 Requested facility not implemented
100 0110 70 Only restricted digital information
bearer capability is available
100 1111 79 Service or option not implemented, unspecified
101 0001 81 Invalid call reference value
101 0010 82 Identified channel does not exist
101 0011 83 A suspended call exists, but this call identity does not
101 0100 84 Call identity in use
101 0101 85 No call suspended
101 0110 86 Call having the requested call identity has been cleared
101 1000 88 Incompatible destination
101 1011 91 Invalid transit network selection
101 1111 95 Invalid message, unspecified
110 0000 96 Mandatory information element is missing
110 0001 97 Message type nonexistent or not implemented
110 0010 98 Message not compatible with call state or
message type nonexistent or not implemented
110 0011 99 Information element nonexistent or not implemented
110 0100 100 Invalid information element contents
110 0101 101 Message not compatible with call state
110 0110 102 Recovery on timer expiry
110 1111 111 Protocol error, unspecified
111 1111 127 Interworking, unspecified

Source: ITU-T.org

If you are a “pure” network engineer and still have a mortgage to pay, this post is probably for you!. Those who are preparing for CCIE voice or application firewall or F5 load balancer are on the right track.

In short,  SDN (Software defined network, aka SDN cat) products are already out of the bag now. SDN will require no more so called CLI monkey (The Network Engineer)  to configure and monitor the traditional switches/routers. SDN products are coming soon in your local cinema. Here is a typical example of upcoming SDN:

Dynamic changing nature of an IT industry, keeps all of us (in IT) awake till 2am in the morning – this sounds about true! I remember way back in 2010 when I was studying for CCIE Security, I bought an IPS appliance of the eBay and as soon as it arrived on Tuesday afternoon, I was on it until 3AM in the morning. I remember that day it was 2:30 AM in the morning, my neighbor “Mrs Kathy” knocked on my door and asked why I have been vacuuming my flat for the last 3 hours, she couldn’t sleep because of the noise. I said, no I am not vacuuming my carpet at all, in fact, I don’t even have a carpet to start with! She grumbled and said to me, she can still hear a “strange” noise coming out of your flat. I said, oh..  I bought this small machine that might have some strange noise coming out of it. She looked at me and said politely ‘go to bed and have some life”. You know now it is true, we’ve to wake up or study during the weekend to keep up with the never changing world of the IT. This is fun or fuss! It’s your call to get along with it or select another career that is not so dynamic. That is my little real story. Let’s come to the point now!

In this post, I will try to keep everything much simpler than they are hovering over onto us. I think this is about the time to make a decision whether to stay in a pure so called ‘network engineering’ role or move into application, system and virtualization (Cloud is the right buzz word) space.

All Network Engineers should diversify their skill set, those days are not long ahead from now when Employer will stop advertising network engineer’s role. Nobody needs old pascal or clipper programmer anymore these days, do they?

I put that intentionally in “BIG” quotes, there is a reason for that. If you look any role that google or other big  web3 company are advertising for network engineer, they are asking for ‘Perl/python’ scripting. Why is that? Now you probably think, it is a network engineer role, but they are asking for scripting knowledge. This doesn’t sound right. Since when a Cisco or Juniper router need to be scripted. Those who are preparing for CCIE Routing and Switching lab exam would probably have used a skirt of TCL based script to check ping connectivity across the topology in the lab exam, but most network engineers (especially those coming from the small shop)  won’t have a clue about using script on a router.
But wait .….. there is a catch why google/amazon need a perl/python junkie for a networking role. Well, simply because the power of Open Source philosophy.

Google and Amazon are the biggest consumer of networking equipment on this planet that vendors like Cisco/Juniper build for them as well as for other companies. Most cash flow comes off these big companies because they buy switches from these companies – simple. Now, what happens if these big consumers (google/amazon) decide and start building their own switches? You must be thinking what I am talking about. Why would anyone build switches if there are off the shelf switches that they can buy.

The fact is, these vendors have had so good for such a long time. Have had enough milking out of writing software codes. A 48 port switch from Cisco or from Juniper will have approximately the same amount of chips/silicons so the original (OEM) hardware costs almost the same. The silicon chip cost the same no matter which vendor is using it. The switch price is decided by the  cost of the software and feature set. Sounds familiar now with the Cisco IOS and feature sets (voice, security, advance enterprise et. al)?

Talking about these top companies/consumer (google/amazon), the cost is not probably issued with them. They’ve got the money and they can buy any vendor switches.  The issue comes with when they want something to do with the switch but they can’t do. This is because of switch vendor do not release source code with the switch. As we all know, google recruits best of the best mind and have an in-house programming team, so called ‘python/Perl’ programmer.
Cisco never has a merchant switch in their portfolio until the Nexus family of product release late last year. So much customer base (banking/share market/financial institutions) and no merchant switch? You see someone else started building merchant switches and ate up the market share. Time is the money! Google philosophy works in the same way, they want the feature set with a switch and they want it now. Most vendors won’t even look into introducing new features, the reason being their team is so busy in fixing the bug from previous release, have no resources to work on a new feature. Well, the close source world works like this way and it has been since I have been working in IT. It is as it is and as its name implies (close source, black magic).

In this modern day and age, thanks god, things has started changing. Take a step back, had Cisco/Juniper made their networking equipment codes available through GPL license, it would have been easier for anyone to add and remove features that they wanted on the fly. It would have been just like any other open source project that we see on SourceForge.net. Now the game of depending on the vendor  to get a feature set is changing rapidly. Genius brain child at google/amazon have finally decided not to depend on these vendors  anymore to get a new feature that they want today and now. This is fair enough and fair game, just like a kid want to play with a toy today when he’s a kid and need a toy when he’s a kid. It would be meaningless having a bunch of toys stacked in the backyard when you’re 50! Is it? Anyway… The matter of the fact is, google’s traffic is so huge none of the vendor on this planet were able to provide them the right equipment to handle their massive data the way they wanted. This is the only option for them.

As we all know, Google already has a team of engineers working on building their own network switches. They order cheap silicon (from Taiwan) and build their own switches. Are these switches running Chrome OS or Android and what about IOS Feature set? The IOS for these no-name brand switches are based on the standard Linux kernel (version 2.6  oh yeah) and an open stack software protocol  that comes in a tar file OpenFLOW. The answer is no, they run the standard Linux kernel and  *nix variant. The engineer can get root shell access and write their own codes to develop the switch feature set that they wanted today. Is this new, probably, know, this is what open source is all  about. The  magic stick is called “openflow” that is running wild in the open source community to power these no-name brand switches. Now you’d be thinking that if these big giants have started building their switches what the heck another vendor are going to do with their products. Well, believe it or not vendor had already started the race with Google and other web giants. Cisco, Juniper, IBM, HP all has started introducing OpenFLOW feature in their switches:

Cisco openflowhttp://blogs.cisco.com/tag/openflow/
Google’s secret 10 GIG switch: http://www.nyquistcapital.com/2007/11/16/googles-secret-10gbe-switch/
IBM has already released openFLOW based switches – IBM OpenFLOW switches

There are so many advantages of openstack codes running on Taiwanese silicon switches. The main advantages are:
1. Develop your own feature that you want “TODAY” (don’t wait for years for a small feature set)
2. Software based controlled – NO CLI or expensive engineer required to configure a switch.
3. Easy to take switching codes to the next label – End of the vendor war

BTW, if you already not aware of, google G-Scale production network was already on their own homegrown OpenFLOW based switching platform. They’ve figured out how to hook slow (their internal) on openFlow. Full SDN are based on sFLOW and runs on top of OpenFlow.  There are only 2 vendors at the moment who have solved this L2 and L3 issue with sFLOW and OpenFlow. Nircia is the one that comes in my mind who have the full SDN product. Well, they’ve solved the issue at the right time. Cisco and other vendor are still figuring it out. See on the above Cisco link – Cisco has a dedicated coding team to develop openFlow in their switches.

You now have an idea what I am whining about in this post.  Back to our original topic- why next generation’s network engineer should have coding skills and why google and other vendor want a network engineer equipped with the Perl/python toolsets. Now, this obviously makes sense that it’s a fair drinking for Google /Amazon to ask a network engineer “hey do you know Perl/Python”.  These web giants just do not want a network engineer with “show IP route” or “IP route” type  Network Engineers (oh the CLI monkey). They need more bang for their bucks. The above #1 and #2 are the reason why a traditional network engineer will no more be in demand in coming years. The fact is  that  the Openflow and sFLOW based network hardware are going to be software GUI provisioned.  There will be no vendor limitation. You can have Cisco, Juniper, raw no-name brand switches , all managed and provisioned by a single GUI (the sFlow controller). Since it’s  software driven and everyone knows how to click and who clicks knows how to read work instructions too. If everything is gonna be software driven, with a few mouse clicks now an HR lady could easily provide SDN powered switches/routers.  SDN powered switches/routers can be shipped on site with no configuration. A sparkee plugs it in at the site when he goes to do the cabling and SDN powered (sFLOW) controller finds and automatically pushes pre-template configuration. These templates are created by the Perl/python type network engineers. The HR lady now can easily select a template and push the configuration with a few mouse clicks to the newly plugged in switch.  Sometime she might get too busy and  can easily schedule provisioning task for midnight. During the day she could focus on her  regular HR tasks.

And what about those template nerds? Once these templates are created, slow/OpenFlow powered switches start configuring themselves within the SDN frame work. What would these nerds (Perl/python type network engineers) do after they have created  the required template? Who is going to monitor and troubleshoot  those newly shipped switches? The well HR lady can’t do that, she only checks and does according to the GUI work instructions (WI)? The answer is SDN taken care of all these tasks. There is no room for mistake because all kinks are already tested and taken care well in advance by Perl/python powered network Engineer. When HR lady and  the nerd wake up  and get to the work the next morning, they saw already 90% traffic load creeping on these  switches in their production network.

Is it just the fantasy or I have lost my mind now thinking about such a crazy thing? What would this type of network engineer will do all day long at google office if everything is gone templates and automatic. HR lady is doing provision work and she can easily cron/schedule it for the night time. Well,  the answer is these nerd in google office you’ll see doing the other innovative work rather than supporting customer (as a traditional network engineer does) for simple things like switch port is not configured, oh port suppose to be a trunk, config errors. Now you’d probably think that I might have been on high when I wrote this posting, pun indeed.  Some of you might have got an idea and may be thinking like – well, I am a network engineer switching part is eaten by the openFLOW revolution, but I will still be able to get a job on Routers. Someone needs routing to do if not switching. Well, don’t kid yourself here mate, open vSwitch/sFLOW  powered SDN products are already on the horizon. These new technologies are baking at a very fast rate – probably on 300 degree Celsius in  a microwave oven. They (the stable SDN) will be out in the wild before we could even think. As  usual, you probably noticed,  early production of mangos do not taste as good as the later or natural version. The same concept applies here, the current version of sFLOW  based  SDN products are quite buggy.  The open vSwitch is a combination of NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag.

Nicira already have vSwitch product out and available today. The software controlled switches (SCN) are the current market trend. SDN will be the next generation network for bigger enterprise. We’re very close to experiencing SDN in real life. (update April 2013, btw, VMware bought this company and added to their portfolio)

Source: nircia.com

I remember, 5 years ago when VMware started doing virtualization, nobody will put their SQL or Exchange server on VM.  DB/APP guys  will go ballistic if you even whisper  SQL VM to IT manager.  Hasn’t that changed now? Oh yeah!, the matter of the fact is these days you have no choice but virtualization.  This is exactly what we would see – Software powered network, the SDN in action, taking networking world to the next level. No offense here, but this is one of the reasons network engineers should multi-skill themselves!. You could argue anything for political shake, but you can’t argue against what is going to be the future trend and you’ll feel and experience these new and upcoming SDn stuffs. They’re going to hit everyone, so did the cloud and dotcom bubble in the past, nothing new here.

In next, blog entry I will cover up OpenFLOW architect and some scripting features.

Cheers, Push
4xCCIE (voice/security/SPv3/DC)

Update 17 April 2014 – VMWare in 2013 bought Nircia and SDN has started kicking in!

This blog is written based on the my experience with CUE/Unity and VPIM practice. This is 100% based on practice, so the folk are looking for theoretical approach, please visit http://www.cisco.com/univercd/. Also I must mention that these are personal notes which I made for myself and may not be appropriate your approach.

Scenario#
CUE ip = 192.168.20.253
CME ip = 192.168.20.254
NTP server; 2.2.2.2

SITEC phone#1 = 5001
SITEC phone#2 = 5002
HQ phone#1 = 3001
CME to CUE VM pilot = 4444
———————————————-

CME Config;
========

I am assuming youv’e alredy created a SIP voip dialpeer cme to CUE. Also created 2 MWI-on/off DNs on CME, incoming called number of mwi-on/off under cme-cue sip-voip-dialpeer. Now lets straight hop onto CUE module. Please note, 10 minutes doesn’t include above CME setup and DNS for VPIM.
step#1: configure the cue module itself
==========================
config t
interface Service-Engine0/0
description ====== AIM CUE Module ======
ip unnumbered FastEthernet0/0.102
service-module ip address 192.168.20.253 255.255.255.0
service-module ip default-gateway 192.168.20.254

ip route 192.168.20.253 255.255.255.255 Service-Engine0/0 <— a must

thats all.

Step#2; CUE initial setup
——————–

Rack02R3#service-module service-Engine 0/0 sess
Trying 192.168.20.253 2066 … Open

Site C router
————
Please answer y or n.

IMPORTANT:: DNS Configuration:
IMPORTANT::
IMPORTANT:: This allows the entry of hostnames, for example foo.cisco.com, inste
ad
IMPORTANT:: of IP addresses like 1.100.10.205 for servers used by CUE.  In order
IMPORTANT:: to configure DNS you must know the IP address of at least one of you
r
IMPORTANT:: DNS Servers.

Would you like to use DNS for CUE (y,n)?y

WARNING: If DNS is not used CUE will require the use
WARNING: of IP addresses.

Are you sure (y,n)? y

Enter IP Address of the Primary NTP Server
(IP address, or enter for 192.168.20.254): 192.168.20.254

Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa            4) Arctic Ocean     7) Australia       10) Pacific Ocean
2) Americas          5) Asia             8) Europe
3) Antarctica        6) Atlantic Ocean   9) Indian Ocean
#? 5 <————————————————
Please select a country.
1) Afghanistan           18) Japan                 35) Philippines
2) Armenia               19) Jordan                36) Qatar
3) Azerbaijan            20) Kazakhstan            37) Russia
4) Bahrain               21) Korea (North)         38) Saudi Arabia
5) Bangladesh            22) Korea (South)         39) Singapore
6) Bhutan                23) Kuwait                40) Sri Lanka
7) Brunei                24) Kyrgyzstan            41) Syria
8) Cambodia              25) Laos                  42) Taiwan
9) China                 26) Lebanon               43) Tajikistan
10) Cyprus                27) Macao                 44) Thailand
11) Georgia               28) Malaysia              45) Turkmenistan
12) Hong Kong             29) Mongolia              46) United Arab Emirates
13) India                 30) Myanmar (Burma)       47) Uzbekistan
14) Indonesia             31) Nepal                 48) Vietnam
15) Iran                  32) Oman                  49) Yemen
16) Iraq                  33) Pakistan
17) Israel                34) Palestine
#? 13 <———————————————-

The following information has been given:

India

Therefore TZ=’Asia/India’ will be used.
Local time is now:      Tue Aug 12 19:14:46 GMT 2008.
Universal Time is now:  Tue Aug 12 11:14:46 UTC 2008.
Is the above information OK?
1) Yes
2) No
#? 1 <——————–type
Configuring the system. Please wait…
Changing owners and file permissions.
Change owners and permissions complete.
INIT: Switching to runlevel: 4
INIT: Sending processes the TERM signal
STARTED: cli_server.sh
STARTED: ntp_startup.sh
STARTED: LDAP_startup.sh
STARTED: superthread_startup.sh
STARTED: SQL_startup.sh
STARTED: HTTP_startup.sh
STARTED: ${ROOT}/usr/wfavvid/run
STARTED: probe
STARTED: dwnldr_startup.sh

waiting 202 …

IMPORTANT::
IMPORTANT:: Create an administrator account. With this account,
IMPORTANT:: you can log in to the Cisco Unity Express GUI and
IMPORTANT:: run the initialization wizard.
IMPORTANT::

Enter administrator user ID:
(user ID): administrator      ^H^H
**************************************************
administrator  is not a valid user ID.
A valid user ID:
1) must start with a letter
2) may contain letters, numbers, hyphens, underscores or dots
3) must end with a letter or a number
4) must contain no fewer than 2 characters
5) must contain no more than 31 characters
**************************************************
Enter administrator user ID:
(user ID): administrator
Enter password for :
(password):
Confirm password for  by reentering it:
(password):

sTEP#1 create a ccn subsystem sip
——
CUE#config t
CUE(config)# ccn subsystem sip
CUE(config-sip)# gateway address 192.168.20.254
CUE(config-sip)# enable
CUE(config-sip)# end

Step#4#2 create a ccn trigger sip
————————–

CUE(config)#
CUE(config)# ccn trigger sip phonenumber 4444
Adding new trigger
CUE(config-trigger)# enabled
CUE(config-trigger)# application voicemail
CUE(config-trigger)# end
CUE(config)#

Step#5 create users on CUE,  associate them with their phones and create Voice mailbox for them.
—————————————————————————–

CUE(config)#
CUE(config)# username sitec1 create
CUE(config)# username sitec1 phonenumber 5001<–sitec phone1
CUE(config)# username sitec2 create
CUE(config)# username sitec1 phonenumber 5002<–sitec phoen2
CUE(config)#
CUE(config)# groupname sales create <—-how to create a GDM
CUE(config)# groupname sales phonenumber 5555
CUE(config)# groupname sales member sitec1
CUE(config)# groupname sales member sitec2
CUE(config)#
CUE(config)# voicemail callerid <—this is a must
CUE(config)#
CUE(config)# voicemail mailbox owner sitec1
CUE(config-mailbox)# no tutorials
CUE(config-mailbox)# no tutorial
CUE(config-mailbox)# end

CUE(config)# voicemail mailbox owner sitec2
CUE(config-mailbox)# no tutorial
CUE(config-mailbox)# end

CUE(config)# voicemail mailbox owner sales
CUE(config-mailbox)# no tuto
CUE(config-mailbox)# end
CUE(config)# exit
CUE#
CUE# username sitec1 pin 12345 <–these are pin#
CUE# username sitec2 pin 12345 <–these are pin#
CUE#
CUE# wr

note, I prectice the CLI only and it hardly took 5 minutes to do everything.

Trick#1: Never use GUI [unless specified to do so]. You’ll know why not to use once u get caught into the the CUE GUI lunch! [its just $1400 lunch + GST damn!!]

Trick#2: CME only support 1 alternate extension so if there is a requirement for more
than 1 , use voice translation profile on CME dialpeer pointing to CME (incoming/outgoing).

Trick#3: by default mwi-on/off are 8000/8001 in CUE system. If needs to be modify them then in CUE
just do ‘show run’ on cue module and u will see below output, just copy into notepad modify
them according to your need and paste back into the cue;

ccn application ciscomwiapplication
description “ciscomwiapplication”
enabled
maxsessions 6
script “setmwi.aef”
parameter “CallControlGroupID” “0”
parameter “strMWI_OFF_DN” “8001” <———-
parameter “strMWI_ON_DN” “8000” <—————-
end application

CUE to Unity VPIM Networking

VPIM is an industry standard protcol for integrating differnt voicemail systems. Cisco CUE supports – CUE to CUE vpim networking without any DNS server, also  CUE to unity. CUE to unity vpim integration must have a DNS server.

The other typical scenario could be CUE without any DNS server [since CUE vpim networking can work without DNS. CUE assumes MX record being a site email address.] and unity uses DNS server.

Basic idea of vpim is to save the expensive T1 timeslots to send VoiceMAIL and instead send it via internet or an IP network. For example, if you are sending a VM from Australia to Paris, normally it will go via GSM/TDM
network, but if VPM or similar protocol is being used at GSM/cellular operator’s MSC they can route that
perticular Voice message via internet to Paris. So end of the day it comes to cut the cost of an expensive
links.

Its pretty easy task. Lets assume, you’ve;

CUE dns = 1.1.1.1
CUE domain; cue.ccievoice.com
Unity domain; unity.ccievoice.com

CUE phones DN# 5001 5002
CCM phones DN# 6001 6002
Unity network location id# 100
CUE network location id# 200

Scenario/what we are trying to achieve here; VPIM between HQ and siteC users should work and vice-versa.

CUE side config
===========
Step#1.
make sure you put DNS address during initial CUE configuration screen. if u didn’t do it that time
u can do later on by using ip name server <dns ip> in config t mode.

Step#2 create 2 locations, one for CUE and one for Unity.

CUE# config t
Enter configuration commands, one per line.  End with CNTL/
CUE(config)#
CUE(config)# network location id 100 <———-for unity
CUE(config-location)# name Unity
CUE(config-location)# email domain unity.ccievoice.com
CUE(config-location)# enable
CUE(config-location)# end
CUE(config)#
CUE(config)# network location id 200 <—- for CUE
CUE(config-location)# name CUE
CUE(config-location)# enable
CUE(config-location)# email domain cue.ccievoice.com
CUE(config-location)# end
CUE(config)#

Now make CUE as a local domain on CUE module itself;

CUE(config)#
CUE(config)#
CUE(config)# network local location id 200
CUE(config)#
Thats all on CUE, now below are what needs to be done on Unity;

Unity Configuration;
=============================================

It took me a while to work out I need a license on Unity. I was able to arrange a demo license
from our local Cisco-AM. So if u don’t have u may get it the license in that way to practice for the voicelab.

So here we go, the steps are below;

1. Make sure that you’ve VPIM license installed on Unity. VPIM networking is a special feature of Cisco unity which needs a  valid [**shrug**] licsense to run vpim. U can use Unity SA web interface to check the license.

2.  Since I am using unity server as a DNS server for both CUE and Unity VPIM networking, I added 2.2.2.2 as a IP alias in Unity TCP/IP property. Just to keep the IP addie separate. U can use the existing IP but I like to keep things separate. Also 2.2.2.2 should be reacheble from CME.

DNS prepration; – Create 2 zones in Unity DNS;
a. cue.ccievoice.com – add A and MX record, put ip addie of cue in these records.
b. unity.ccievoice.com – add  A and MX records, put ip add of unity in these records
c. Make sure you’ve installed Unity Schema from unity CD#1. If this is not installed you’
would not be able to create vpim locations. unity will let you add the location but when u
click on ok at the end of location creation, it will return with nothing.
d. Make sure you’ve installed unity voicemail connector, otherwise when u try adding the
unity location, u won’t see the vpim protocol options.
e. Make sure your unity server and CUE module has a DNS ip addie 2.2.2.2.

3.   Add the unity local locations for HQ itself. Put an email domain as unity.ccievoice.com. Assign ID=100. Don’t forget to click on Address option and select “global address” option.

4. Add  Delivery location for SITEC/CUE.  Assign vpim 200 as a VPIM ID. email domain=cue.ccievoice.com
The final CUE config should looks like something to this; please don’t worry about all other fucking craps in the below config. Just pay attention what you’ve just done in the above steps.

CUE#
CUE# sh run
Generating configuration:

clock timezone Asia/INDIA

hostname CUE

ip domain-name localdomain

ntp server 2.2.2.2

software download server url “ftp://127.0.0.1/ftp” credentials hidden ”
sEuSAEfw40XlF2eFHnZfyUTSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk
WTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmP”

groupname Administrators create
groupname Broadcasters create
groupname sales create

username administrator create
username sitec1 create
username sitec2 create

groupname sales phonenumber “5555”

username sitec1 phonenumber “5002”

groupname Administrators member administrator
groupname sales member sitec1
groupname sales member sitec2
groupname Administrators privilege superuser
groupname Administrators privilege ManagePrompts
groupname Administrators privilege broadcast
groupname Administrators privilege local-broadcast
groupname Administrators privilege ManagePublicList
groupname Administrators privilege ViewPrivateList
groupname Administrators privilege vm-imap
groupname Broadcasters privilege broadcast

restriction msg-notification min-digits 1
restriction msg-notification max-digits 30
restriction msg-notification dial-string preference 1 pattern * allowed

backup server url “ftp://127.0.0.1/ftp” credentials hidden “EWlTygcMhYm
XHCkplVV4KjescbDaLa4fl4WLSPFvv1rWUnfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWT
ZNgd+Y9J3xlk2B35j0nfGWTYHfmP”

calendar biz-schedule systemschedule
open day 1 from 00:00 to 24:00
open day 2 from 00:00 to 24:00
open day 3 from 00:00 to 24:00
open day 4 from 00:00 to 24:00
open day 5 from 00:00 to 24:00
open day 6 from 00:00 to 24:00
open day 7 from 00:00 to 24:00
end schedule

ccn application autoattendant
description “autoattendant”
enabled
maxsessions 6
script “aa.aef”
parameter “busOpenPrompt” “AABusinessOpen.wav”
parameter “operExtn” “0”
parameter “welcomePrompt” “AAWelcome.wav”
parameter “disconnectAfterMenu” “false”
parameter “busClosedPrompt” “AABusinessClosed.wav”
parameter “allowExternalTransfers” “false”
parameter “holidayPrompt” “AAHolidayPrompt.wav”
parameter “businessSchedule” “systemschedule”
parameter “MaxRetry” “3”
end application

ccn application ciscomwiapplication
description “ciscomwiapplication”
enabled
maxsessions 6
script “setmwi.aef”
parameter “CallControlGroupID” “0”
parameter “strMWI_OFF_DN” “8001”
parameter “strMWI_ON_DN” “8000”
end application

ccn application msgnotification
description “msgnotification”
enabled
maxsessions 6
script “msgnotify.aef”
parameter “logoutUri” “http://localhost/voicemail/vxmlscripts/mbxLogou
parameter “DelayBeforeSendDTMF” “1”
end application

ccn application promptmgmt
description “promptmgmt”
enabled
maxsessions 1
script “promptmgmt.aef”
end application

ccn application voicemail
description “voicemail”
enabled
maxsessions 6
script “voicebrowser.aef”
parameter “uri” “http://localhost/voicemail/vxmlscripts/login.vxml&#8221;
parameter “logoutUri” “http://localhost/voicemail/vxmlscripts/mbxLogou
end application

ccn engine
end engine

ccn subsystem jtapi
ccm-manager address 0.0.0.0
end subsystem

ccn subsystem sip
gateway address “192.168.20.254” <======cme router eth0/0 ip addie
end subsystem

ccn trigger sip phonenumber 4444
application “voicemail”
enabled
maxsessions 6
end trigger

network location id “100”
email domain unity.ccievoice.com
name “Unity”
voicemail broadcast vpim-id vpim-broadcast
voicemail vpim-encoding dynamic
end location

network location id “200”
email domain cue.ccievoice.com
name “CUE”
voicemail broadcast vpim-id vpim-broadcast
voicemail vpim-encoding dynamic
end location

network local location id 200

voicemail callerid
voicemail default mailboxsize 2964
voicemail broadcast recording time 300
voicemail mailbox owner “sales” size 2964
end mailbox

voicemail mailbox owner “sitec1” size 2964
end mailbox

voicemail mailbox owner “sitec2” size 2964
end mailbox

end
CUE#

TESTING:
——-

CUE voicemail testing:
1. CUE testing is easy – make a call from 5001 to 5002 , leave a VM for 5002. You should check MWI on 5002 should lit up once  u left the VM. press MSG button on 5002 and see if you can log into the 5002’s mailbox.
2. if there is an issue use ‘debug ccsip inout’ and see whats the issue is.
3. In most cases, the issue is with number of dots you put in your mwi-on/off config. Make sure there are enough dots (…. 4 dots after mwi number). Also incoming called number should be in one of the voip dial peer. I normally put everything on one dialpeer which is pointing to CUE.

VPIM testing;

1. Test from CME phone 5001 to hq phone 3001 – Hit MESG button on CME phone, select option#2 (send VM), follow the instruction and do what Cisco lady tells u, then when that lady says dial, then dial vpimID(100) + hq-ext-number(3001).
so in a nutshell, to leave a message form 5001 to 3001, you need to go to voicemail option of 5001 and then dial the destination vpim location id (e..g 100 in this case) followed by the destination phone number e..g 3001. Once the message is left, you should see MWI lamp on 3001.

Common VPIM gochas!!
————-

1. In Unity server the most common issue I have seen with first timer – When adding delivery locations with destination type “VPIM”, it won’t show you any error message but the added new delivery location won’t appear in the list, however if you add the destination type non-vpim i.e. SMTP, unity will show that in the list.

On one of the Cisco doc it says that “It has been identified as a but and this bug has been fixed in next release! damn what a fake statement!”

In practical, the solution was I forgot to install the voice connector and fucking microsoft Active directory SCHEMA. Both can be installed from the disk#1 of Unity installation media. AFter that no more issue with creating the vpim delivery location.

2. One WAY message; wankers complains that they’ve one way voicemail message. e.g. cue to unity works but unity to cue doesn’t. hehe… Most likely you need to check the MX record entry in the DNS zone file. DNS should be configured properly. Its damn easy, yo don’t really need to be a expert in the learning Microsoft crap. I have also tested this wtih a LINUX bind DNS server – works great for me.

3. Message arriving late – in your exchange server configuration option  on unity server , make sure the retry time of smtp is set minimum time. Also schema is okay there. Check your voicemail connector statistics on exchangeserver admin page.

I would strongly recommend to use the debug commands on CUE to troubleshoot the DNS or message arriving late issues.  there is a command on CUE u can use to see what the F*** happening inside the CUE which gives you fair bit of idea of if it is dns issue or what.

-Pushkar Bhatkoti
CCIE voice# 21569

 You may be thinking ..how can anyone do the QoS part in 10 minutes?

YES it’s possible! And proved…. Keep reading 🙂

I have seen many people struggling with QoS and till the last minute they are not 100 percent sure that if what that is the right solution what was asked in the monster exam. Even you have a good understanding of  QoS and you say that oh yeah, I have no problem with QoS, but just about the enormous time everyone is putting in configuring the QoS itself.

Everyone may have a different approach to win the lab game, but my approach was like this;

The whole lab has 100 points. To pass the lab we only need 80 points.
– Don’t touch LAN QoS – u hve to configure on 3 switches. CatOS is creepy, it may spike other things as well. AS u know 6608 blades are really old, applying QoS onto those older crabs may hung or may behave un-expected. I kept hearing from others that they had issues where they had to reset the 6608 blade or ethernet module. I was lucky, as here in Sydney lab I never had that kind of issue(s).

So the bottom line is, don’t be too greedy and you may safely leave some topics where you are not 100% confident (as I did). As we all know that the lab exam is not like the university exam where you’d be given points for partially correct answers.
The real benefit of leaving  non-confident topics are “Save time” and put that time in doing other things, may be you can utilize that in verifying the answers again and again until you drain your 8 hours time.

Just a side config)#do sh run int s0/3/0
Building configuration…

Current configuration : 152 bytes
!
interface Serial0/3/0
description — to frswitch
no ip address
encapsulation frame-relay
ip ospf dead-interval minimal hello-multiplier 4
end

HQ(config)#do sh run int s0/3/0.1
Building configuration…

Current configuration : 178 bytes
!
interface Serial0/3/0.1 point-to-point
description ====== To SITE-B =======
ip address 10.10.33.1 255.255.255.128
ip ospf mtu-ignore
frame-relay interface-dlci 201
end

HQ(config)#

HQ(config)#
HQ(config)#do sh run int s0/3/0.2
Building configuration…

Current configuration : 178 bytes
!
interface Serial0/3/0.2 point-to-point
description ===== To SITE-C ======
ip address 10.10.33.129 255.255.255.128
ip ospf mtu-ignore
frame-relay interface-dlci 202
end

HQ(config)#

HQ(config)#
HQ(config)#int s0/3/0.1
HQ(config-subif)#bandwidth 512
HQ(config-subif)#exit
HQ(config)#
HQ(config)#int s0/3/0.1
HQ(config-subif)#
HQ(config-subif)#!first Assign the bandwidth to this interface this is a must
HQ(config-subif)#
HQ(config-subif)#bandwidth 512
HQ(config-subif)#
HQ(config-subif)#!now the magic part
HQ(config-subif)#
HQ(config-subif)#frame-re interface-dlci 201
HQ(config-fr-dlci)#
HQ(config-frdlci)#auto qos voip trust fratm

Now lets see what MAGIC has the above command has done in your router;

Common Myth: Auto-QoS breaks many things. I had the same concept until I proved that it doesn’t break anything and is a real time saver tool.  I know all boot camps are taught not to use it, but they don’t explain you why not! May be they don’t want to tell you the secrets? Duh! (just joking) . I have never been to any bootcamp so I really don’t know what they teaches. I did everything start to finish in 9 months myself, self learning method with a few wonderful online study mates!

The other myth is wheather it is allowed in the real lab exam – yes it is, I raised this question with Ben NG on Ask Expert and his answer was “yes you can use it as long as it qualify the questions requirement” , in other word, its not just run auto-qos and thats all, you need to fine tune it.

Change#1 in existing configuration
—————————–

First, lets see if anything got changed in physical interface;

HQ(config-frdlci)#do sh run int s0/3/0
Building configuration…

Current configuration : 196 bytes
!
interface Serial0/3/0
description — to frswitch
no ip address
encapsulation frame-relay
ip ospf dead-interval minimal hello-multiplier 4
no fair-queue
frame-relay traffic-shaping <—- NEW NEW
end

HQ(config-fr-dlci)#

note; U don’t hve to remember to put that command if you are doing FRTS.

Change#2 in existing configuration
—————————–

Next, lets see what has changed on sub interace:

HQ(config-frdlci)#do sh run int s0/3/0.1
Building configuration…

Current configuration : 236 bytes
!
interface Serial0/3/0.1 point-to-point
description ====== To SITE-B =======
bandwidth 512
ip ospf mtu-ignore
frame-relay interface-dlci 201 ppp Virtual-Template200 <– WOW
class AutoQoS-FR-Se0/3/0-201 <—WOW
auto qos voip trust fratm
end

HQ(config-fr-dlci)#

Change#3 in existing configuration
—————————–

HQ(config-fr-dlci)#do sh run | be class
class-map match-any AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-any AutoQoS-VoIP-Control-Trust
match ip dscp cs3
match ip dscp af31
!
!
policy-map AutoQoS-Policy-Trust
class AutoQoS-VoIP-RTP-Trust
priority percent 70
class AutoQoS-VoIP-Control-Trust
bandwidth percent 5
class class-default
fair-queue

wowthats sound really time saver here! but what about virtual template and frame-relay class?

well u won’t get everything spoon-feed 😦
but wait! shut up!

this baby feeds you everything…. ‘auto qos voiptrust fratm’is the man here!

Change#4 in existing configuration
—————————–

HQ(config-fr-dlci)#do sh run | be Virtual-Tem

frame-relay interface-dlci 201 ppp Virtual-Template200
class AutoQoS-FR-Se0/3/0-201
auto qos voip trust fratm
!
interface Serial0/3/0.2 point-to-point
description ===== To SITE-C ======
ip address 10.10.33.129 255.255.255.128
ip ospf mtu-ignore
frame-relay interface-dlci 202
!
interface Virtual-Template200 <————–WoW
bandwidth 512
ip address 10.10.33.1 255.255.255.128
ppp multilink
ppp multilink interleave
ppp multilink fragment delay 10
service-policy output AutoQoS-Policy-Trust

!Change#5 in existing configuration
—————————–

HQ(config-fr-dlci)#
HQ(config-fr-dlci)#do sh run | be map-class
map-class frame-relay AutoQoS-FR-Se0/3/0-201
frame-relay cir 512000
frame-relay bc 5120
frame-relay be 0
frame-relay mincir 512000
!
!

I think thats pretty much all you need for MLPPP scenario, for FRTS only
you need use this command:

HQ(config-subif)#interface 3/0.2 <— going to CME site for example
HQ(config-subif)#bandwidth 2048
HQ(config-subif)#
HQ(config-subif)#!now the magic part
HQ(config-subif)#
HQ(config-subif)#frame-re interface-dlci 202
HQ(config-fr-dlci)#
HQ(config-frdlci)#auto qos voip trust <— just that yes, noticed there is no “fratm

Summary of commands;

auto qos voip trust          <—- for FRTS only , no mlppp
auto qos voip trust fratm   <—- for MLPPP only

How can you save time?
——————-
1. you don’t have to look in the docCD for any command.
2. Just quickly put the above template on all sites and then copy and paste them into notepad and modify according to the questions need.

Someone who’s reading this blog must be saying that “Enough of the bullsh**t and about to close firefox/IE windows and probably mumaling about ‘oh dude come on now and get to the real life, show me how to do any QoS scenario in 10 minutes”

Hue…. you are 20 yrs+ old nowand still expecting someone will spoon feed you the QoS tricks?
ok okshowing you in a sec….

Lets take an example;

a. mark sip and h323 traffic to cs3 [ since I hate switches, I will do it on router itself].
b. hq to siteb = MLPPP,                  PVC = 512kbps
c. hq to sitec = frf.12/shapping    PVC = 2048 kbps
d.misc…. whatever

Step#1: do the marking first
config t
class-map match-any NBAR
match protocol Sip
match protocol h323

Policy-map remark
class NBAR
set dscp CS3

interface fas0/0
service-policy input remark

now thats done HQ router, do show run and copy and paste it to other routers. Note when you copy and paste to other router it may take a bit of time to see the all commands pasted on the router, just paste on siteb router and move on to site c and paste there as well. Then come back to siteb router apply service-policy input on the lan facing interface and then move on to siteC router to apply the service-policy input command.

tips1# my fas0/0 had 3 sub-interface – fas0/0.10 for server ,  fas0/0.100 – hqvoicevlan, fas0/0.1000 for datavlan. So instead of applying service policy on all 3 interface, just apply on the main one ie..e fas0/0.
wow!

tips2# I have seen most of my friends tends to be leaving data vlan at siteB for marking. So put on both data and voice vlan at siteB.

tips3# Also noticed, at siteC CME router, be careful when marking. at my home lab i had 2801 router and 2 sub-interface on fast0/0 interface e.g. fas0/0.100 = voice, fas0/0.1000 =data. So i just put my QoS service policy on fas0/0 like i did on my Hq router.

Now you all propably think that marking on router is done and wow easy 10 points. but when you read your score report u will see “ZERO”!! Damn blame the innocent  guy at http://www.ccievoice-assessor.com/ coz he graded your lab wrong! May be he was in a pub just before he got back and went straight into your pod to start grading it!!

Think about SITEC where you’ve h323 RAS traffic also needs to be marked to CS3. You probably applied the QoS service-policy on fas0/0 [in my scenario above] and when dialpeer tries eastiblishing a call to hq, h323 signaling straight hits to WAN interface.
Think about it! , you’ve applied marking on fas0/0 , when you confirm the QoS marking u won’t see that h323 protocol counters in the show policy-map interface command.
bummer!

So above practice is just to mark signaling stuffs on each routers – max time 2-3 minutes. [not for the guys who don’t know where “q” key is in the keyboard]. BTW people call me sometime a stenographer coz my typing speed is like those people who type really fast without looking at the keyboard [touch typeing]

Now remaining 7 minutes and I have the whole QoS job to bind up. . damn it doen’st look right.

STEP#2 Everything else, apart from marking;   s0/3/0.1 = hq to siteb , s0/3/0.2 hq to sitec

config t
HQ(config)#int s0/3/0.1
HQ(config-subif)#
HQ(config-subif)#!first Assign the bandwidth to this interface this is a must
HQ(config-subif)#
HQ(config-subif)#bandwidth 512
HQ(config-subif)#!now the magic part
HQ(config-subif)#frame-re interface-dlci 201
HQ(config-frdlci)#auto qos voip trust fratm
exit

apply that command to siteb as well. at siteC router just use ‘auto qos voip trust’ for frf.12 or frts
STEP#3 copying/pasting and modifying parameters in notepad to/from router. MAX time = 4 minutes

Do ‘show run’ pipe out the class-map+map-class+virtual-template and paste them into the notepad.
HQ(config-fr-dlci)#do sh run | be class

class-map match-any AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-any AutoQoS-VoIP-Control-Trust
match ip dscp cs3
match ip dscp af31
!
!
policy-map AutoQoS-Policy-Trust <—– use this default for HQ-2-siteB
class AutoQoS-VoIP-RTP-Trust
priority percent 70
class AutoQoS-VoIP-Control-Trust
bandwidth percent 5
class class-default
fair-queue

interface Virtual-Template200 <————–WoW
bandwidth 512
ip address 10.10.33.1 255.255.255.128
ppp multilink
ppp multilink interleave
ppp multilink fragment delay 10
service-policy output AutoQoS-Policy-Trust
!

HQ(config-fr-dlci)#
HQ(config-fr-dlci)#do sh run | be map-class
map-class frame-relay AutoQoS-FR-Se0/3/0-201
frame-relay cir 512000
frame-relay bc 5120
frame-relay be 0
frame-relay mincir 512000
!

Within your notepad, copy and paste the policy-map (above) commands, we need to prepare that for hq to siteC.
policy-map AutoQoS-Policy-Trust-SITEC <—– copy and paste within notepad rename end of itSITEC
class AutoQoS-VoIP-RTP-Trust
priority percent 70 <————change them if required
class AutoQoS-VoIP-Control-Trust
bandwidth percent 5 <———-change them whatever u want
class class-default
fair-queue

another copy and paste business withing notepad;

frame-relay cir 512000 <— that shud be 95% of pvc according to the QoS SRND
frame-relay bc 5120 <——-ditto—-
frame-relay be 0
frame-relay mincir 512000 —-ditto—-

tips#?# press ctrl + h in notepad put infront of find – 5120 , replace-with 4864 (95% of pvc), and hit replace all.. bingour all 3 parameters are replaced now. do the same for hq to siteC frame-relay pvc parameters.

Once everything is ready in notepad, paste above parameters back to routers. Make a note that hq and siteC frame-relay class-map name could be different and also under map-class service-policy statement u need to remove the existing one first then type the new one ‘service-policy output autoqos-blah–sitec
paste pvc parameters at the same time.

Last step4# verification

show policy-map interface and check the counters.

break-down of time is;

3 minutes = marking
3 minutes = applying autoqos
4 minutes = modifying parameter and pasting them back to router and verification.

First time when I did this practice, it used to take my 30-40 minutes. Gradually when I knew inside out where to modify and how to use notepad I really reduced it down to 10 minutes. Believe me, its doeable, just matter of the practice.

do this practice 10 times and when u reach to 11th then u will see oh, QoS is only 10 minute job.

Note, I haven’t included the time in reading the QoS question in above 10 minute business.

The other important tip is, read the question 3 times and verify that if the solution u are working on is going in the right direction.

Pushkar Bhatkoti
CCIE voice #21569

PS: if anyone who found this article useful, don’t forget to send me a post card. LOL :=)

It’s pretty common that we all could be busy at work and most of the time we don’t have time to read the online forums. Or even when we’ve time we lock ourself in the lab and do practice-practice-practice. till my 2nd attempt I used to do the same and didn’t bother much to check online forums.

My advice is keep your eyes open and look around what’s going on in the online forums. During my preparation, I found the following websites very live and helpful.

1. CCBOOTCAMP – http://www.voiceie.com, my favorite site.  You will get the answers to your question pretty soon. Apart from this, I like the notification system as they sent you on your mailbox only if someone posted something on the voiceie.com. You don’t have to manage your mailbox at all. Just hop on the voiceie.com and start posting! a few guys on that forum are very experienced!
The drawback of this website is, we don’t see the much posting from Avner [ccbootcamp’s instructor].

2. IPEXPERT – OSL voice online list. The only interaction method of this list is via email notification. You post your question and the system sends you a bunch of new questions/postings  asked on hourly basis [couldn’t figure out if it is once after every 3 hours or…]. There are 2 guys always available – Mark Snow and Vik Malhi. You will definitely get an answer from them if nobody has answered or they’ll add comments on them.

The drawback is, the mailing notification. The method is via email and you’ll have to manage the postings in your inbox by yourself. They may have an option but I couldn’t see an option on their online portal.
3. Cisco NETPro forum: This is a must, if you have any doubt you can ask directly to the CCIE voice program manager – Ben NG.

Please note, the Ask Expert forum only opens for certain time. E.g. For 1 weeks or 2 weeks and in between that period you can ask any question you’d like to ask directly for Ben NG.

I found ask the expert forum very helpful and Ben NG is really good at answering the questions. You can see below his comment when he was available to answer the questions. You can have a look at his previous answers to ask the expert forum:

The link is:

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_user_messages&username=benng&sortby=date&fromdate=6/11/2005&todate=6/11/2008&type=all&cboForum=0&cboTopic=0&pagenumber=2

Cheers, Push