[cisco-voip] SIP Domain substitution

Lelio Fulgenzi lelio at uoguelph.ca
Sat Oct 5 10:12:54 EDT 2019


Yeah. I hear ya. I’ll have to do more research. To see how much effort is actually required.

My biggest concern is enabling PSTN access and not opening up a security exposure.

I was at the collab techtorial where the presenter put the fear of Dog into us about spinning up a separate expressway cluster to ensure no pstn abuse.

I’ll try with Macros first. If I can get extension dialing easy enough, it buys me s proof of concept that can get me more support.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<x-apple-data-detectors://1/0>
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Oct 5, 2019, at 9:36 AM, Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:

Webex Hybrid Calling definitely sounds like a good fit for you then; it’ll also give your cloud registered devices a way to dial the on-prem extensions.

Basically, when the cloud registered device is setup, you select Hybrid calling as the PSTN service (assuming Hybrid calling has already been setup) and then it sends signaling to CUCM via Expressway-C > CUCM. The effective media path is device <> cloud.

If you have Expressway B2B, you can also leverage that to allow your cloud devices to make B2B SIP calls via Cloud > Expressway-C > CUCM > Expressway-C > Expressway-E > Internet. The idea was to make Hybrid Calling for cloud devices “transparent” to the user over cloud calling in terms of PSTN capabilities, with the added feature of interacting with on-prem extensions as if the device was registered on-prem.

There are more than a few scenarios where Webex Hybrid calling will trombone the call, and it’s by design and due to the nature of the scenario. Under the hood, the call legs and SIP messages can get hairy from a troubleshooting perspective (TranslatorX is a beast for this), and Cisco has had more than a few complaints about it, but it is what it is.

Sent from my iPhone

On Oct 4, 2019, at 23:40, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:



I’m trying to do a bit of everything, really.

In our case, I’d like to have a few cloud registered WebEx room devices still be able to call our extensions. It’s the one thing we loose vs. on-prem reg WebEx room devices.

I still have to get it working (I’m guessing there are IP address ranges I have to permit) but a cloud registered device can call <ext>@myphone.acme.com

If I can create a macro on cloud registered devices like you can on CE devices, then it gives me that functionality.

We don’t have Webex Teams deployed. We don’t have Webex pstn / calling enabled.

So it’s either a hybrid call setup or a macro.

I’ll have to investigate further.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<x-apple-data-detectors://1/0>
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587224475&sdata=K8Hkz7W%2F3ijLyQTh0Nc6ZgnMbiXTurUDovMLe%2FjqT6k%3D&reserved=0> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Oct 4, 2019, at 11:25 PM, Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>> wrote:

Wait, I thought this was for other businesses to call you.  Are you saying that to call within your own cloud you have to dial that giant URI?  Is there no directory, or extension dialing?  Clearly, I have not done a single Webex calling deployment yet.

On Fri, Oct 4, 2019 at 10:06 PM Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

Ok. Looking at it from the other way around, could I create a macro(?) on the cloud registered devices that ask for a 5 digit extension and then add the appropriate SIP domain to the extension to place the call?

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587234480&sdata=hP1iUi1T8p7kIR8cnYIG6z3JKod80gGGYp47f1seNCA%3D&reserved=0> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Oct 4, 2019, at 10:32 PM, Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:

Webex Hybrid Calling (with Expressway B2B), could in theory, help accomplish this. The codec is still cloud registered, though Hybrid calling would allow for an on-prem URI to be associated with the Webex remote destination of the codec.

The call would come into the on-prem URI via B2B like normal, and assuming the Hybrid integration was setup correctly, ring the Webex remote destination which rings the cloud registered codec.

It’s a little bit of an ugly trombone, but it does work..

Sent from my iPhone

On Oct 4, 2019, at 22:09, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:



Darn. Double darn.

Let’s hope webex offers up custom domain registration for devices soon.

‘Cause room123 at acme.rooms.webex.com<mailto:room123 at acme.rooms.webex.com> is a bit much.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587244485&sdata=up%2BFCTMM56ltoeiCLOkkoDz%2BjVc8Tpe6Z9kkqE7rUPs%3D&reserved=0> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Oct 4, 2019, at 9:05 PM, Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:

What it sounds like you are trying to do to me, is allow the call to ultimately setup with a URI different than the URI that was dialed, without the calling party being the wiser.

DNS won’t be able to do anything with regards to that I don’t think, because it really sounds like you’re trying to manipulate/transform the called URI, and you’ll need something to interact with the SIP message stack for that I’d think.

You can create a round robin A record, that resolves to multiple IP addresses, so when the client looks up the DNS SRV, it receives multiple targets to try before considering the SRV target “unreachable” (SRV weights and priorities determine the ordering of the target addresses resolved for the client). However, this won’t have the ability to change the called URI, which is ultimately what I think you’re attempting in the scenario (DNS and SIP messages are on different networking layers).

As Dave mentioned below, Expressway or a LUA script (sip normalization) in CUCM seems to be uniquely qualified for what you’re wanting to do.

Sent from my iPhone

On Oct 4, 2019, at 20:40, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:



I’ve seen some references to Cisco SIP proxy server.

Would that help?

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587254496&sdata=%2BDWdd5Bj2baDh9yla7QDgc4Qiig1S6ki26u5adIEN7w%3D&reserved=0> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Oct 4, 2019, at 7:46 PM, Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:

According to RFC 2782 (https://www.ietf.org/rfc/rfc2782.txt<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Frfc%2Frfc2782.txt&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587264501&sdata=T5gNO4TAfOEFXaKUKLBLleyj1GtmxSXVzc2BAMbXC5E%3D&reserved=0>), it does not, under the “Target Definition”; “there must be one or more address records for this name, the name must not be an alias”.

However, I can tell you that I have used a CNAME in the SRV target field before, and it appeared to work at the time. Still, depending on the application, doing so could potentially cause some weird issue with regards to PTR or something.

Sent from my iPhone

On Oct 4, 2019, at 19:10, Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>> wrote:


I don't think DNS SRV records support CNAME.  Even then, it would only change where it was sent to and not the SIP headers.

On Fri, Oct 4, 2019 at 12:26 PM Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:
Yeah – I’d want this to happen all within DNS. But of course, in a supported fashion. I’m not interested in spending time modifying infrastructure at this time.

I’ve done some searching, and there’s talk of RR records, but we haven’t found much documentation.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587274512&sdata=ls8WyWXgtfKDMoC3gIKyHoq07iuEP4VbDlQLnweBKJQ%3D&reserved=0> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

From: Dave Goodwin <dave.goodwin at december.net<mailto:dave.goodwin at december.net>>
Sent: Friday, October 4, 2019 12:09 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Cc: cisco-voip voyp list <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] SIP Domain substitution

Are you wanting this to all happen within DNS instead of happening within a SIP UA? As far as I understand, if DNS redirected somewhere (SRV or CNAME record for example) it would not change the destination URI the originator is trying to reach. The SIP protocol has redirection codes (such as 301 or 302) but whether or how you might be able to use them depends on the SIP UAs being used.

You might also be able to use something like a SIP normalization script (CUCM), SIP profiles (CUBE), or maybe search pattern replacements (Expressway) to just translate the domain as calls flow in/out. I'm guessing what might be feasible without knowing more of the picture.

On Fri, Oct 4, 2019 at 11:10 AM Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

Does SIP allow for domain name substitution?

By this I mean, instead of advertising or dialing coyote at phones.america.acmemanufacturing.com<mailto:coyote at phones.america.acmemanufacturing.com> I want to use coyote at zing.com<mailto:coyote at zing.com>

But I don’t want to have to reorganize and reprogram anything.

I just want the DNS to say, “hey, use this domain instead and try again.”
-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587284523&sdata=d7UxK0tYWLGKNshr7rcBEBv4XImcgWh%2BAzsfqTgMOPQ%3D&reserved=0> | @UofGCCS on Instagram, Twitter and Facebook

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587294528&sdata=%2FntSpFvdq5C9fBtAxbIqHNdJd3zh3MLoKzUB58MdQzo%3D&reserved=0>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587304539&sdata=VmatVAGW8esVjSRB9OrfERfeODum63Up5%2BLflPnqiWQ%3D&reserved=0>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C8490bfb695e94274db6d08d7491ffa5a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058274001837045&sdata=zfbMgSZMo1JkN8aVUEQ0s%2B18Hgsoa9887UvQ3z1v6rw%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587314544&sdata=iZL6Ab6FqFN5VySWfedSKgp2jJRDTdQ444d9LNzHnmI%3D&reserved=0>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cb16503f6614e48ab04dc08d74945d472%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637058436587324549&sdata=Ag76XstJgq0n7JVtfAOabXMrYu25RqmHonFUYLe28ao%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20191005/86497f07/attachment.htm>


More information about the cisco-voip mailing list