Webex Calling Options

Routers Supporting Local Gateway

Webex Local Gateway can be hosted on a variety of Cisco IOS-XE routers and a select group of third-party routers. This topic will cover the platforms, capacities, and software versions required to support Local Gateway functionality on Cisco routes and third-party routers. This chapter will also cover the differences between the registration-based Local Gateway and certificate-based Local Gateway settings.

Cisco Routers

The 1100 and 4000 series of IOS-XE devices are the entry point for Local Gateways and the oldest devices supported to function as Local Gateways. These are the same devices that function today as branch gateways in an on-premises-based VoIP system. This allows the rapid conversion from on-premises to cloud-based or a hybrid calling model without requiring router upgrades.

The smallest supported router for Local Gateway is the ISR 1100 series. These small devices are capable of handling 500 calls with up to five calls per second (CPS). The routers are available with different amounts of memory, WAN, and Ethernet interfaces to suit the needs of small sites. Since telephone ports are not supported with the ISR 1100 series, these routers could only be used as a Cisco UBE using SIP trunks. The ISR 1100 series products went end of sale (EOS) on May 9, 2023 and have an end of support date of May 31, 2028.

The 4000 series of Integrated Services Routers are able to handle the demands of most branch office needs. A wide range of interface choice for WAN, Ethernet, and Telephony allow the user to customize the router to suit their needs. The router can be used as a Cisco UBE for full SIP-based communications but also as a Time Division Multiplexing (TDM) gateway using older circuits such as T1/E1 PRI. The product line supports 500 calls with four CPS on the smallest ISR 4321, up to 10,000 calls and 55 CPS on the largest ISR 4461. This product line eases the process of finding a router with the right mix of interfaces and performance needed for the branch site in your organization. The ISR 4300/4400 line is set to go end of sale (EOS) on November 7, 2023. The product will be supported for several more years, but the latest IOS XE release will be either 17.9 or 17.12, depending on the software train you are utilizing. Table 24-2 identifies all the 1100 and 4000 series routers that support Local Gateway.

Table 24-2 Local Gateway Support on 1100 and 4000 Series Routers

The replacements for the ISR 1000 and 4000 routers are the Catalyst 8000 Edge Platforms. The Cisco Catalyst 8300 Series Edge Platforms are best-of-breed, 5G-ready, cloud edge platforms designed for accelerated services, multi-layer security, cloud-native agility, and edge intelligence to accelerate your journey to cloud. The C8000 line is broken into two series similar to the 4000 series lineup. The smaller 8200 series provides multi-core processors, up to 32GB of DRAM, up to four Ethernet ports (two support SFP), and one Network Interface Module, which can support various WAN and Telephony interfaces.

The C8300 products contain multicore processors, expandable memory, and up to six Ethernet ports. Two of those ports can support Small Form Factor Pluggable adapters to allow copper or fiber connections. The Edge Platforms also come with dual power supplies for greater redundancy. Numerous WAN and Telephony interface cards allow you to tailor the product to the site’s voice and data services, which require support at a branch site.

When the C8000 line is used as a Local Gateway, its performance is upgraded from the ISR 4000 series it replaces. Call throughput ranges from 1500 (middle of the pack for ISR 4000) on the small end to 10,000 on the higher end. Sustainable CPS rates of nine on the C8200L to 55 on the C8300-2N2S-4T2X meet the needs of most branch locations. Table 24-3 identifies all the 1100 and 4000 series routers that support Local Gateway.

Table 24-3 Local Gateway Support on Catalyst 8000 Edge Routers

A third option for Local Gateways is either the CSR1000v or the C8000v. Both products are virtual machines that can run in a variety of virtual environments. The Cloud Services Router 1000v is a virtual IOS-XE router that can run in VMware ESXi, Citrix XenServer, Microsoft Hyper-V, SuSE KVM, or Red Hat KVM virtual environments. The CSR1000v can also be deployed in Microsoft Azure, Amazon EC2, and Google Cloud Platform. The CSR1000v can support up to IOS-XE version 17.3 software. After that version, the branding and licensing was changed to reflect the new product name of Catalyst 8000v.

The Catalyst 8000v is a continuation of the CSR1000v. The C8000v is a software-based virtual router that combines the functionalities of Cisco Cloud Services Router (Cisco CSR1000V) and Cisco Integrated Services Virtual Router (Cisco ISRv) into a single image that is intended for deployment in cloud and virtual data centers. It is supported in ESXi, KVM, NFVIS hypervisors. Further, you can deploy this router on public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Alibaba Cloud.

The router can be deployed as a virtual machine in your virtual environment, and it can be created as a small, medium, or large virtual machine using increasing amounts of vCPU, memory, and other resources. The number of concurrent and sustained CPS also increases. If the C8000v is deployed in a cloud environment such as Microsoft Azure or Amazon AWS, the medium VM is deployed with 3000 concurrent calls and 20 CPS. Table 24-4 identifies the 1000v and 8000v virtual routers that support Local Gateway.

Table 24-4 Local Gateway Support on 1000v and 8000v Virtual Routers

Third-Party Routers

A relatively new addition to the supported Session Border Controller area are third-party Session Border Controllers (SBCs). The following products running Oracle SBC version 9.0 software are supported as a Local Gateway with Webex Calling:

• AP 1100

• AP3900

• AP 4600

• AP 6300

• AP 6350

• AP 3950 (Starting from SBC 9.0)

• AP 4900 (Starting from SBC 9.0)

• VME

• Oracle SBC on Public Cloud

The following AudioCodes SBCs running software version 7.40A.250.440 or later are supported as Local Gateway with Webex Calling:

• Mediant 500 Gateway and E-SBC

• Mediant 800B/C Gateway and E-SBC

• Mediant 1000B Gateway and E-SBC

• Mediant 2600 E-SBC

• Mediant 4000/B SBC

• Mediant 9000, 9030, 9080 SBC

• Mediant Software SBC (VE/SE/CE)

Finally, the Ribbon line of SBCs has also received approval to function as Local Gateways with Webex Calling. The following Ribbon SBCs running Ribbon Code version 10.1.0 or higher are supported as Local Gateways:

• SBC 5000

• SBC 7000

• SBC SWe

Registration- and Certificate-Based Local Gateway

While it is true that an ISR 4461 can handle 10,000 concurrent calls, that capacity can be restricted to as low as 250 if the connection to the Webex cloud is not chosen correctly. To understand this issue, it is important to understand that there are two ways to connect to the Webex Calling system:

• Registration-based Local Gateway

• Certificate-based Local Gateway

In the registration-based Local Gateway connection, you create the connection in Control Hub and you are provided with the elements needed to allow your Local Gateway to create a TCP connection to the cloud. This is a one-way connection from the Local Gateway to the cloud. One of the big benefits of this connection type is that a technician with limited IOS skills can successfully deploy a Local Gateway behind a NAT/firewall without requiring changes to the NAT or firewall. The connection does not require CA signed certificates, which reduces complexity and cost. However, since the registration consists of a single TCP connection, the link has a lower capacity and is not as durable if there are network issues such as high latency and packet loss. This means that no matter what SBC platform you are using, you are limited to 250 concurrent calls per trunk built on that device. It is possible to build multiple trunks on a single Local Gateway. Careful configuration of outbound interfaces, SIP listening ports, dial-peers, and load balancing for the on-premises Cisco Unified Communications Manager can allow you to exceed the 250-call limit. Figure 24-2 illustrates the connection flow for Webex Calling using registration-based Local Gateway.

FIGURE 24.2 Registration-Based Local Gateway

The certificate-based method of connecting a Local Gateway fixes the capacity issue by using Mutual TLS as the connection type. This method also uses four bi-directional connections rather than a single one-way connection, as with the registration-based connection. This connection type requires CA signed certificates in the Local Gateway. The engineer also needs to add the Webex Calling trust bundle into the Local Gateway so that the SBC trusts the certificates of Webex Calling.

A connection is configured to endure four fully qualified domain names (FQDNs) or a DNS Service Record (SRV) that points to the Access SBCs of Webex Calling. If configured correctly, four bi-directional TLS connections will be created to carry traffic to and from the Local Gateway and Webex Calling. NAT/firewall traversal is possible with the certificate-based connection method using Session Traversal Using NAT (STUN). Figure 24-3 illustrates the connection flow for Webex Calling using certificate-based Local Gateway.

As you can see from these two descriptions, if you are looking for an easy installation and only have a capacity need below 250 concurrent calls over the public Internet, it is recommended that you use the registration-based connection method. If you require up to 2000 concurrent calls over the public Internet, the solution will be certificate-based. It is possible to reach up to 6500 concurrent calls with the certificate-based connection method, but this will require a dedicated Interconnect connection to Webex Edge Connect. If you wish to use any of the newly supported third-party SBCs, you will need to use the certificate-based connection method as well. Table 24-5 identifies sizing parameters for a Local Gateway based on registration type.

FIGURE 24.3 Certificate-Based Local Gateway

Table 24-5 Local Gateway Sizing Parameters Based on Registration Type