Session Initiation Protocol or SIP and Cisco Unified Communications Manager

In the following series of documents I am planning to provide you with a high level of
understanding as to what it takes to run SIP in your New or Existing Cisco Unified
Communications Manager Cluster, some of the topics in this series of documents will be sip as a
protocol, security of SIP, Cisco SIP IP phones (Basic/Enhanced), 3rd Party SIP IP Phones
(Simple/Advanced), SIP endpoint features, DTMF, KPML, SIP Trunks, SIP SRST and
interoperability with other voip systems.
Call manager was initially designed to inter-operate with Cisco IP phones using its proprietary
signaling protocol Skinny or SCCP, most of the features that were created or made it available to
the Cisco IP Phones were designed to inter-operate using the Skinny (SCCP) protocol and not
SIP, meaning that when Cisco decided to have their IP phones to support the ability to also run
SIP, initially many common features that were available to Cisco IP Phones that were running
the Skinny (SCCP) protocol were not available to Cisco IP Phones that will run SIP, with this
being said if you have an older and or existing Call Manager cluster and you are wishing to make
the move to SIP, you must have a complete understanding of what features are going to work,
what type of phones will have the capability to run certain or all features that your current user is
accustomed to and nonetheless what changes you may need to make to your current IPT
infrastructure and also let?s don?t forget that if you currently have an older Cisco IP Phone such
as the 7940, you may also need to make some changes to your dial plan, such as creating new
SIP Dial Rules and applying these rules to every type A phone or Basic Cisco SIP Phone,
furthermore if you have remote locations you may need to upgrade to SIP SRST, etc, of course
many of this changes will depend upon you deciding to have a SIP trunk for PSTN access only
or having SIP all the way from your demarcation to your endpoints, now when it comes to a
totally new deployment of Cisco Unified Communications Manager things can be much easier,
as long as you have the right Cisco SIP IP phone models, voice gateways, IOS, etc
What is SIP?
Session Initiation Protocol or SIP is a signaling protocol used mainly to establish sessions or
multimedia calls over an IP Network. SIP can be utilized to set up and to tear down multimedia
sessions over an IP Network, such as conferencing, telephony, presence, event notifications and
instant messaging, SIP in fact is very similar to HTTP in the way that it works.
Who and what plays a role during a SIP session?

To make a SIP session possible between 2 or more endpoints, several logical entities and
components must play a single or dual role when a SIP session needs to be set up, routed or
when the SIP session needs to be tear down. Those several logical entities and components can
be,

-User Agent
-Proxy server
-Redirect Server
-Registrar Server
-Back to Back User Agent

Because I am not trying to make this series of documents to complex and hard to understand I
will be only going over the definition of the 2 components that I think will be playing an
important role when it comes to the interaction of a Cisco SIP IP phone and Cisco Unified
Communications Manager.

UA or User Agent .- The User Agent has the capabilities to initiate, receive and terminate a
transaction is a SIP session, since the User Agent is a logical application, the User Agent can
play either the role of a User Agent Client (UAC) or the role of a User Agent Server (UAS)
during a sip session, by having a SIP endpoint acting as the role of either a User Agent Client
(UAC) or a User Agent Server (UAS) during a SIP session 2 SIP Endpoints can have the ability
to set up and tear down a sip session between both. An Example of a User Agent will be a Cisco
SIP IP Phone.

Phone A is initiating the Call

------------------- >
Phone A (UAC) (UAS) Phone B

Phone A | B2BUA | Phone B
--------------------- | (UCM) | ---------------





What does a SIMPLE SIP connection look like?
A SIP connection involves a call signaling process and a RTP stream.

Sound IN RTP Stream Dynamically assigned UDP Ports
Call Control TCP Port 5060
Is it easy to troubleshoot SIP?
Troubleshooting SIP can involve many components and protocols, such as NAT, DNS,
Firewalls, Routing, etc, although by knowing some of the Basic messages and Response Codes
troubleshooting SIP will be much easier, although later on I will try to post a document that will
show you how to troubleshoot typical SIP issues such as DTMF and NAT especially when you
are integrating 2 different voip pbx?s.

How secure is SIP?

As any other protocol, SIP has some security flaws, mainly because SIP was created with the
simplicity and trust words in mind. Securing a SIP connection is not an easy task, but when using
certain security methods, components, and endpoints, a SIP transmission can be protected with a
certain level of security. Let?s face it no protocol is 100 percent secure, securing a way of
communications involves more than just what the level of security that the protocol used can
offer you.

As any other signaling protocols, a SIP transmission can be secured if certain methods and
components are used in conjunction with a SIP connection, an example of methods and
components can be,

TLS or Transport Layer Security. ? TLS relies on the exchange of valid security certificates,
although not all SIP endpoint support TLS.

Digest Authentication.- This is a challenge and response method, in a few words let?s say a
Cisco IP Phone sends an INVITE to the UCM, then the UCM gets the INVITE, but because the
UCM doesn?t get the proper Digest Auth header in the initial INVITE, it proceeds to send a
message back to the Cisco IP Phone with the proper Digest Auth header, basically saying hey I
don?t know who you are? Identifiy yourself by giving me your credential values, then the Cisco
IP Phone sends a message back to the UCM but this time with the proper credentials, basically
with the Digest Auth values, saying hey! I do have the proper credentials can we talk?

SRTP or Secure Real-Time Transport Protocol.- What SRTP does is, it encrypts the RTP
payload meaning that it encrypts your media stream, in fact SRTP was developed by experts
from Cisco and Ericsson.

For example, using SIP in conjunction with TLS will make sure that your call signaling is secure,
although your audio or media will not be secure.

SIP in IP Phones

Based on the capabilities of certain Cisco SIP phones, Cisco classifies some of its models as
either Basic (type A) or Enhanced IP Phones (Type B), almost the same thing applies for 3rd
Party SIP IP phones, in fact when configuring 3rd Party SIP IP Phones in Cisco Unified
Communications Manager you may need to select between a 3rd party SIP Device (Simple) or a
3rd Party SIP Device (Advanced) this will depend on the features or capabilities that the 3rd
Party SIP IP Phone has.

Let?s take a look for example some of the differences between Cisco SIP Phones Type A (Basic)
and Cisco SIP Phones Type B (Advanced)

Basic Cisco SIP Phones (Type A phones)
Cisco 7905, Cisco 7912, Cisco 7940, Cisco 7960
Basic and or limited xml capabilities
Supports UDP
Support Digest Auth
No RFC2833 DTMF Relay Support
Ideal SIP endpoints if you are going to use a 3rd Party Call control Box
No PRACK support

Enhanced Cisco SIP Phones (Type B Phones)
Cisco 7906, Cisco 7911, Cisco 7931 (only compatible with UCM 7.x and up), Cisco 7941, Cisco
7942, Cisco 7945, Cisco 7961, Cisco 7962, Cisco 7965, Cisco 7970, Cisco 7971, Cisco 7975
Supports TCP
Supports Digest Auth
Supports UDP
Supports TLS
Support RFC2833 DTMF Relay when registered with UCM
Support KPML
No PRACK support





3rd Party SIP IP Phones

When deciding what type of 3rd Party SIP IP phones to use for your new Cisco SIP deployment
or current environment, keep in mind the following when referring to 3rd Party SIP Phones.
-You will be using a Cisco Platform, meaning that depending on the type of Cisco SIP IP Phone
that you are using, that is Type A or B phone, your Cisco SIP IP phone will have access to either
some or most of the features that Cisco Unified Communications Manager normally provides to
the SCCP phones, in the other hand the 3rd Party SIP IP Phones will either have a limited access
or no access to the these features.
-You will have to use Auth Digest to register 3rd Party SIP Phones with Cisco Unified
Communications Manager
-You must use SIP Dial Rules for your 3rd Party SIP Phones and some 3rd Party SIP Phone
don?t even support the SIP Dial Rules, hence you may have to configure the dial patterns
manually to 3rd Party SIP IP phone via web, etc.
-A 3rd Party Simple SIP IP Phone will consume 3 DLU?s
-A 3rd Party Advance SIP IP Phone will consume 6 DLU?s


How to categorize 3rd Party SiP Phones (Simple/Advanced)

The way Cisco classifies 3rd Party SIP IP phones, is based on the capabilities of the 3rd Party
SIP IP phone.

SIP IP phone Capabilities Simple Advanced
Authentication Digest Authorization Only Digest Authorization Only & TLS
Number of Lines 1 Single Line Can have up to 8 Lines
Amount of calls per line 2 Calls 2 Calls
Wifi or Dual Mode No Yes
Video No Yes


So before you go out and purchase a bulk of 3rd Party SIP IP phones to be used in your Cisco
Unified Communications Manager cluster think about dial plans, bulk inserts, feature parity and
others.

In the next document (PART 2) we will be adding a Cisco SIP IP phone and a 3rd Party SIP IP
phone (aastra 9133i/Linksys SPA 941) to Cisco Unified Communications Manager, KPML, SIP
DIAL Rules, we will be migrating SCCP phones to SIP, migrating Cisco SIP IP phones back to
SCCP, creating a SIP trunk to another voip system, configuring SIP SRST and others.