[cisco-voip] Session/connection limits on multi-tenant CUBE

Fri Apr 12 12:27:48 EDT 2019

So far, in testing, a consolidated dial-peer configuration like shown below
is working to meet our needs:

voice class server-group 5000

ipv4 10.X.X.1 port 5060 preference 1

ipv4 10.X.X.2 port 5060 preference 2

description TENANT 1 TRUNK GROUP

!

voice class uri 5500 sip

host ipv4:10.X.X.1

host ipv4:10.X.X.2

!

dial-peer voice 999998 voip

description TENANT 1 TEST

incoming uri from 5500

incoming called-number 9876543210

destination-pattern 9876543210

session protocol sipv2

session transport udp

session server-group 5000

voice-class codec 1

voice-class sip options-keepalive profile 5000

voice-class sip bind control source-interface GigabitEthernet0/0/0

voice-class sip bind media source-interface GigabitEthernet0/0/0

dtmf-relay rtp-nte

no vad

max-conn 1

!

I opened a TAC case and was informed that we aren't the only customers
seeking the functionality that I outlined in my initial email.  There is a
bug opened to track that enhancement request:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm89283.  It does only
mention limiting outbound connections, but hopefully that will change to
include inbound too.

On Fri, Apr 5, 2019, 11:47 Fred Hunt <fredmanwalking.voip at gmail.com> wrote:

> We are trying to determine the best was to configure what will essentially
> be multi-tenant CUBEs.  These will be multi-tenant in the sense that they
> will interface with a number of different CUCM and IVR environments.  Each
> environment will be considered a tenant.  We need a means of limiting the
> number of SIP sessions the different environments will be allowed to use.
> Unfortunately, I’m not seeing any tenant level commands that facilitate
> doing so:
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-cube-multi-tenants.html#reference_0DECA59896064A95ACCB2A2553107EA8
>
> Thus far, we have come up with the idea to create different “voice class
> uri” entries, comprised of the various IP addresses for each tenant.  Those
> voice class uri entries would be used for dial-peer matching and a
> “max-conn” parameter would be used to limit the number of connections using
> each dial-peer.  We typically configure separate dial-peers for inbound and
> outbound matching, in order to make the configuration more easy to visually
> review.  If we continue with that design, this would allow us to implement
> session limits on inbound and outbound dial-peers corresponding with each
> environment.  However, we want to be able to apply a session limit globally
> for each tenant, meaning inbound and outbound both count cumulatively
> towards that limit.
>
> Would it be better to have a consolidated dial-peer for each tenant, which
> would be used for both inbound and outbound purposes, and has a “max-conn”
> parameter?  My understanding is that to accomplish that we would use
> “incoming uri” matching for the inbound side and destination dial-peer
> group (using “voice class dpg” and “destination dpg”) for the outbound
> side.  Alternatively, I think we could use pattern maps (“voice class
> e164-pattern-map” and “destination e164-pattern-map”) instead.
>
> Has any Cisco-VoIP list member faced this same scenario and, if so, what
> configuration met your needs?  Am I missing a tenant level command that
> would fulfill this need?  Am I on the best path to accomplish this with
> what I outlined in the paragraph above?
>
> Thanks in advance for any feedback
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190412/32e0a43f/attachment.html>