SIP and Domain Settings
Session Initiation Protocol (SIP) is an ASCII-based, application-layer control protocol that can be used to establish, maintain, and terminate calls between two or more endpoints. SIP is an alternative protocol developed by the Internet Engineering Task Force (IETF) for multimedia conferencing over IP. SIP was originally standardized with IETF Request for Comments (RFC) 2543, “SIP: Session Initiation Protocol,” published in March 1999. The current RFC 3261 (July 2002) makes the original RFC 2543 obsolete and has had many updates. The Cisco SIP implementation enables supported Cisco platforms to signal the setup of voice and multimedia calls over IP networks. SIP can be carried by several transport layer protocols including Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). SIP clients typically use TCP or UDP on port numbers 5060 or 5061 for SIP traffic to servers and other endpoints. Port 5060 is commonly used for nonencrypted signaling traffic, whereas port 5061 is typically used for traffic encrypted with Transport Layer Security (TLS). Normally SIP over UDP is not recommended because SIP messages for video systems are too large to be carried on a packet-based (rather than stream-based) transport.
Like other Voice over IP (VoIP) protocols, SIP is designed to address the functions of signaling and session management within a packet telephony network. Signaling allows call information to be carried across network boundaries. Session management provides the ability to control the attributes of an end-to-end call.
The Cisco Expressway supports SIP. It can act as a SIP registrar, as a SIP proxy, and as a SIP Presence Server. The Expressway can also provide interworking between SIP and H.323, translating between the two protocols to enable endpoints that only support one of the protocols to call each other.
To support SIP:
SIP mode must be enabled.
At least one of the SIP transport protocols (UDP, TCP, or TLS) must be active. Note that the use of UDP is not recommended for video because SIP message sizes are frequently larger than a single UDP packet.
For a SIP endpoint to be contactable via its alias, it must register its Address of Record (AOR) and its location with a SIP registrar. The SIP registrar maintains a record of the endpoint’s details against the endpoint’s AOR. The AOR is the alias through which the endpoint can be contacted; it is a SIP Uniform Resource Indicator (URI) and always takes the form username@domain. When a call is received for that AOR, the SIP registrar refers to the record to find its corresponding endpoint. (Note that the same AOR can be used by more than one SIP endpoint at the same time, although to ensure that all endpoints are found, they must all register with the same Expressway or Expressway cluster.)
A SIP registrar only accepts registrations for domains for which it is authoritative. The Expressway can act as a SIP registrar for up to 200 domains. To make the Expressway act as a SIP registrar, you must configure it with the SIP domains for which it will be authoritative. It will then handle registration requests for any endpoints attempting to register against that domain. Note that the Expressway will also accept registration requests where the domain portion of the AOR is either the FQDN or the IP address of the Expressway. Whether or not the Expressway accepts a registration request depends on its registration control settings.
In a Cisco Unified Communications deployment, endpoint registration for SIP devices may be provided by Cisco Unified Communications Manager (Unified CM). In this scenario, the Expressway provides secure firewall traversal and line-side support for Unified CM registrations. When configuring a domain, you can select whether Unified CM or Expressway provides registration and provisioning services for the domain.
There are two ways a SIP endpoint can locate a registrar with which to register: manually or automatically. The option is configured on the endpoint itself under the SIP Server Discovery option (consult your endpoint user guide for how to access this setting; it may also be referred to as Proxy Discovery).
If the Server Discovery mode is set to automatic, the endpoint sends a REGISTER message to the SIP server that is authoritative for the domain with which the endpoint is attempting to register. For example, if an endpoint is attempting to register with a URI of john.smith@example.com, the request will be sent to the registrar that is authoritative for the domain example.com. The endpoint can discover the appropriate server through a variety of methods including DHCP, Domain Name System (DNS), or provisioning, depending upon how the video communications network has been implemented.
If the Server Discovery mode is set to manual, the user must specify the IP address or FQDN of the registrar (Expressway or Expressway cluster) with which the user wants to register, and the endpoint will attempt to register with that registrar only.
The Expressway is a SIP server and a SIP registrar:
If an endpoint is registered to the Expressway, the Expressway will be able to forward inbound calls to that endpoint.
If the Expressway is not configured with any SIP domains, the Expressway will act as a SIP server. It may proxy registration requests to another registrar, depending upon the SIP Registration Proxy Mode setting.
The Expressway acts as a SIP proxy server when SIP mode is enabled. The role of a proxy server is to forward requests (such as REGISTER and INVITE) from endpoints or other proxy servers on to further proxy servers or to the destination endpoint. If the Expressway receives a registration request for a domain for which it is not acting as a registrar (the Expressway does not have that SIP domain configured), then the Expressway may proxy the registration request onwards. This depends on the SIP Registration Proxy Mode setting, as follows:
Off: The Expressway does not proxy any registration requests. They are rejected with a “403 Forbidden” message.
Proxy to known only: The Expressway proxies the request in accordance with existing call processing rules, but only to known neighbor, traversal client, and traversal server zones.
Proxy to any: This is the same as Proxy to Known Only but for all zone types (i.e., it also includes ENUM and DNS zones).
If the Expressway receives a proxied registration request, in addition to the Expressway’s standard registration controls, you can also control whether the Expressway accepts the registration depending upon the zone through which the request was received. You do this through the Accept Proxied Registrations setting when configuring a zone. Proxied registrations are classified as belonging to the zone they were last proxied from. This is different from non-proxied registration requests, which are assigned to a subzone within the Expressway.
The Expressway, as a SIP Presence Server, supports the SIP-based SIMPLE protocol. It can act as a Presence Server and Presence User Agent for any of the SIP domains for which it is authoritative. The Presence Server can manage the presence information for locally registered endpoints whose information has been received via a SIP proxy (such as another Expressway).
The SIP page (Configuration > Protocols > SIP) is used to configure SIP settings on the Expressway, including:
SIP functionality and SIP-specific transport modes and ports
Certificate revocation checking modes for TLS connections
Registration controls for standard and outbound registrations
Table 3-3 outlines the configurable settings for enabling SIP functionality and for configuring the various SIP-specific transport modes and ports.
Table 3-3 SIP Settings
Field |
Description |
Usage Tips |
|---|---|---|
SIP mode |
Enables and disables SIP functionality (SIP registrar and SIP proxy services) on the Expressway. The default is Off. |
This mode must be enabled to use either the Presence Server or the Presence User Agent. |
SIP protocols and ports |
The Expressway supports SIP over UDP, TCP, and TLS transport protocols. Use the Mode and Port settings for each protocol to configure whether incoming and outgoing connections using that protocol are supported and, if so, the ports on which the Expressway listens for such connections. The default modes are
|
At least one of the transport protocol modes must be set to On to enable SIP functionality. If you use both TLS and MTLS, Cisco recommends that you enable them on different ports. If you must use port 5061 for MTLS, you should avoid engaging the B2BUA, by switching Media Encryption mode to Auto on all zones in the call path. |
TCP outbound port start/end |
The range of ports the Expressway uses when TCP and TLS connections are established. |
The range must be sufficient to support all required concurrent connections. |
Session refresh interval |
The maximum time allowed between session refresh requests for SIP calls. The default is 1800 seconds. |
This is the time period after processing a request for which any session-stateful proxy must retain its state for this session. |
Minimum session refresh interval |
The minimum value the Expressway will negotiate for the session refresh interval for SIP calls. Default is 500 seconds. |
This is the time period after processing a request for which any session-stateful proxy must retain its state for this session. |
TLS handshake timeout |
The timeout period for TLS socket handshake. The default is 5 seconds. |
You might want to increase this value if TLS server certificate validation is slow (e.g., if OCSP servers do not provide timely responses) and thus cause connection attempts to timeout. |
Certificate revocation checking mode |
Controls whether revocation checking is performed for certificates exchanged during SIP TLS connection establishment. |
Cisco recommends enabling revocation checking. |
The Domains page (Configuration > Domains) lists the SIP domains managed by this Expressway. A domain name can comprise multiple levels. Each level’s name can only contain letters, digits, and hyphens, with each level separated by a period (dot). A level name cannot start or end with a hyphen, and the final level name must start with a letter. An example valid domain name is 100.example-name.com. You can configure up to 200 domains. (Note that you cannot configure domains on an Expressway-E.)
When the Expressway-C has been enabled for Unified Communications mobile and remote access, you must select the services that each domain will support. The options are as follows:
SIP registrations and provisioning on Expressway: The Expressway is authoritative for this SIP domain. The Expressway acts as a SIP registrar for the domain (and Presence Server in the case of Video Communication Server (VCS) systems) and accepts registration requests for any SIP endpoints attempting to register with an alias that includes this domain. The default is On.
SIP registrations and provisioning on Unified CM: Endpoint registration, call control, and provisioning for this SIP domain are serviced by Unified CM. The Expressway acts as a Unified Communications gateway to provide secure firewall traversal and line-side support for Unified CM registrations. The default is Off.
IM and Presence Service: Instant messaging and presence services for this SIP domain are provided by the Unified CM Instant Messaging and Presence (IMP) service. The default is Off.
XMPP federation: Enables Extensible Messaging and Presence Protocol (XMPP) federation between this domain and partner domains. The default is Off.
Deployment: Associates the domain with the selected deployment, if there are multiple deployments. This setting is absent if there is only one deployment (there is always at least one).
Any domain configuration changes, when one or more existing domains are configured for IM and Presence services on Unified CM or XMPP federation, will result in an automatic restart of the Universal Measurement and Calibration Protocol (XCP) router on both Expressway-C and Expressway-E.