CUBE Configuration

Table 1. Feature History
Feature Name	Release Information	Description
Cisco Unified Border Element Configuration	Cisco IOS XE Catalyst SD-WAN Release 17.7.1a Cisco vManage Release 20.7.1	This feature lets you configure Cisco Unified Border Element (CUBE) functionality by using Cisco IOS XE Catalyst SD-WAN device CLI templates or CLI add-on feature templates.
Secure SRST Support on Cisco Catalyst SD-WAN	Cisco IOS XE Catalyst SD-WAN Release 17.10.1a Cisco vManage Release 20.10.1	This feature enables you to configure Cisco Survivable Remote Site Telephony (SRST) commands on Cisco IOS XE Catalyst SD-WAN devices using Cisco SD-WAN Manager device CLI templates or CLI add-on feature templates. The feature also provides additional Cisco Unified Border Element (CUBE) commands that are qualified for use in Cisco SD-WAN Manager device CLI templates or CLI add-on feature templates.
Cisco Unified Border Element Configuration	Cisco IOS XE Catalyst SD-WAN Release 17.14.1a Cisco Catalyst SD-WAN Manager Release 20.14.1	This feature provides support for the following commands: cipher (voice class) nat media-keepalive secure-ciphersuite transport tcp tls (sip-ua) voice-class sip nat media-keepalive
Survivable Remote Site Telephony (SRST) commands	Cisco IOS XE Catalyst SD-WAN Release 17.14.1a Cisco Catalyst SD-WAN Manager Release 20.14.1	This feature provides support for the following commands: http client secure-ciphersuite transport-tcp-tls (call-manager-fallback)

This chapter provides information about configuring devices for Cisco Unified Border Element (CUBE).

Information About CUBE

CUBE bridges voice and video connectivity between two VoIP networks. It is similar to a traditional voice gateway, except for the replacement of physical voice trunks with IP-based voice trunks. Traditional gateways connect VoIP networks to telephone companies by using a circuit-switched connection, such as PRI. CUBE connects VoIP networks to other VoIP networks and enterprise networks to Internet telephony service providers (ITSPs).

CUBE provides conventional Session Border Controller (SBC) functions and a wide variety advanced features.

You can configure Cisco IOS XE Catalyst SD-WAN devices for CUBE by using device CLI templates or CLI add-on feature templates.

For more information about the CUBE setup, functionality, usage, configuration, and related topics, see the Cisco Unified Border Element Configuration Guide.

Supported Devices for CUBE Configuration

Cisco 1000 Series Integrated Services Routers
Cisco 4000 Series Integrated Services Routers
Cisco Catalyst 8200 Series Edge Platforms
Cisco Catalyst 8300 Series Edge Platforms
Cisco Catalyst 8000v Software Router
Cisco ASR 1001-X Router
Cisco ASR 1002-X Router
Cisco ASR 1006-X Router with the Cisco ASR1000-RP3 Module, and the Cisco ASR1000-ESP100 or ASR1000-ESP100-X Embedded Services Processor
Cisco ASR 1004 Router with the RP2 Route Processor and the Cisco ASR 1000-ESP40 Embedded Services Processor
Cisco ASR 1006 Router with the RP2 Route Processor and the Cisco ASR 1000-ESP40 Embedded Services Processor
Cisco ASR 1006-X Router with the RP2 Route Processor and the Cisco ASR 1000-ESP40 Embedded Services Processor

Restrictions for CUBE Configuration

High-availability configuration is not supported for CUBE.

Use Cases for CUBE

CUBE can be used to configure session border controller elements for a wide variety of applications, including the following:

Enterprise premises-based collaboration capabilities using Cisco Unified Communications Manager (or another call control application) with centralized or local PSTN breakouts
A local breakout gateway for Cisco Unified Communications Manager Cloud, which is a Cisco-hosted cloud service for large enterprises
A local gateway to enable the Bring Your Own PSTN (BYoPSTN) option for Cisco Webex Calling
Edge audio for Cisco Webex meetings with a direct VoIP route to the Cisco Webex cloud or through existing PSTN services

Configure CUBE

To configure a device to use the CUBE functionality, create a Cisco IOS XE Catalyst SD-WAN device CLI template or a CLI add-on feature template for the device.

For information about device CLI templates, see CLI Templates for Cisco IOS XE Catalyst SD-WAN Device Routers.

For information about CLI add-on feature templates, see CLI Add-On Feature Templates.

For information about CUBE configuration and usage, see Cisco Unified Border Element Configuration Guide.

For information about the CUBE commands that Cisco Catalyst SD-WAN supports for use in a CLI template, see CUBE Commands .

The following example shows a basic CUBE configuration using a CLI add-on template:

voice service voip
 ip address trusted list
  ipv4 10.0.0.0.255.0.0.0
  ipv6 2001:DB8:0:ABCD::1/48
  !
 allow-connections sip to sip
 sip
  no call service stop
  !
dial-peer voice 100 voip
  description Inbound LAN side dial-peer
  session protocol sipv2
  incoming called number .T
  voice-class codec 1
  dtmf-relay rtp-nte
  !
 dial-peer voice 101 voip
  description Outbound LAN side dial-peer
  destination pattern [2-9].........
  session protocol sipv2
  session target ipv4:10.10.10.1
  voice-class codec 1
  dtmf-relay rtp-nte
  !
 dial-peer voice 200 voip
  description Inbound WAN side dial-peer
  session protocol sipv2
  incoming called-number .T
  voice-class codec 1
  dtmf-relay rtp-nte
  !
 dial-peer voice 201 voip
  description Outbound WAN side dial-peer
  destination pattern [2-9].........
  session protocol sipv2
  session target ipv4:20.20.20.1
  voice-class codec 1
  dtmf-relay rtp-nte

CUBE Commands

The following table lists the commands that are supported by Cisco Catalyst SD-WAN CLI templates for CUBE configuration. Click a command name in the Command column to view information about the command, its syntax, and its use.

Table 2. Cisco Catalyst SD-WAN CLI Template Commands for CUBE Configuration
Command	Description
address-hiding	Hides signaling and media peer addresses from endpoints other than the gateway.
anat	Enables Alternative Network Address Types (ANAT) on a SIP trunk.
answer-address	Specifies the full E.164 telephone number to be used to identify the dial peer of an incoming call.
application (global)	Enters application configuration mode to configure applications.
asserted-id	Enables support for the asserted ID header in incoming SIP requests or response messages, and to send the asserted ID privacy information in outgoing SIP requests or response messages.
asymmetric payload	Configures SIP asymmetric payload support.
audio forced	Allows only audio and image (for T.38 Fax) media types, and drops all other media types).
authentication	Enables SIP digest authentication.
bind	Binds the source address for signaling and media packets to the IPv4 or IPv6 address of a specific interface.
block	Configures global settings to drop (not pass) specific incoming SIP provisional response messages on a CUBE.
call spike	Configures the limit on the number of incoming calls received in a short period (a call spike).
call threshold global	Enables the global resources of a gateway.
call treatment action	Configures the action that the router takes when local resources are unavailable.
call treatment cause-code	Specifies the reason for the disconnection to the caller when local resources are unavailable.
call treatment isdn-reject	Specifies the rejection cause code for ISDN calls when all ISDN trunks are busied out, but the switch ignores the busyout trunks and still sends ISDN calls into the gateway.
call treatment on	Enables call treatment to process calls when local resources are unavailable.
callmonitor	Enables the call monitoring messaging functionality on a SIP endpoint in a VoIP network.
call-route	Enables header-based routing at the global configuration level.
cipher (voice class)	Configures the cipher setting, and associates it to a TLS profile.
clid	Passes the network-provided ISDN numbers in an ISDN calling party information element screening indicator field, and removes the calling party name and number from the calling-line identifier in voice service voip configuration mode. Alternatively, allows the presentation of the calling number by substituting for the missing Display Name field in the Remote-Party-ID and From headers.
codec preference	Specifies a list of preferred codecs to use on a dial peer.
codec profile	Defines audio and video capabilities that are needed for video endpoints.
codec transparent	Enables codec capabilities to be passed transparently between endpoints in a CUBE.
conn-reuse	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Reuses the TCP connection of a SIP registration for an endpoint behind a firewall.
connection-reuse	Uses global listener port for sending requests over UDP.
contact-passing	Configures pass-through of the contact header from one leg to the other leg for 302 pass-through.
cpa	Enables the call progress analysis (CPA) algorithm for outbound VoIP calls and to set CPA parameters.
credentials	Configures a SIP TDM gateway or CUBE to send a SIP registration message when in the UP state.
crypto signaling	Identifies the trustpoint trustpoint-name keyword and argument that is used during the Transport Layer Security (TLS) handshake that corresponds to the remote device address.
dial-peer cor custom	Specifies that named class of restrictions (COR) apply to dial peers.
dial-peer cor list	Defines a class of restrictions (COR) list name.
disable-early-media 180	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Specifies which call treatment, early media or local ringback, is provided for 180 responses with 180 responses with Session Description Protocol (SDP).
dspfarm profile	Enters DSP farm profile configuration mode and defines a profile for DSP farm services.
dtmf-interworking	Enables a delay between the dtmf-digit begin and dtmf-digit end events in the RFC 2833 packets sent from CUBE, and generates RFC 4733 compliance RTP Named Telephony Event (NTE) packets from CUBE.
early-media update block	Blocks the UPDATE requests with the Session Description Protocol (SDP) in an early dialog.
early-offer	Forces CUBE to send a SIP invite with Early Offer on the Out Leg.
emergency	Configures a list of emergency numbers.
error-code-override	Configures the SIP error code to be used at the dial peer.
error-passthru	Enables the passage of error messages from the incoming SIP leg to the outgoing SIP leg.
g729-annexb override	Configures the settings for G.729 codec interoperability and overrides the default value if the annexb attribute is not present.
gcid	Enables Global Call ID (GCID) for every call on an outbound leg of a VoIP dial peer for a SIP endpoint.
gw-accounting	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Enables an accounting method for collecting call detail records (CDRs).
handle-replaces	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Configures a Cisco IOS device to handle SIP INVITE with Replaces header messages at the SIP protocol level.
header-passing	Enables the passing of headers to and from SIP INVITE, SUBSCRIBE, and NOTIFY messages.
host-registrar	Populates the sip-ua registrar domain name or IP address value in the host portion of the diversion header and redirects the contact header of the 302 response.
http client connection idle timeout	Sets the number of seconds for which the HTTP client waits before terminating an idle connection.
http client connection persistent	Enables HTTP persistent connections so that multiple files can be loaded by using the same connection.
http client connection timeout	Sets the number of seconds for which the HTTP client waits for a server to establish a connection before abandoning its connection attempt.
ip qos dscp	Configures the DSCP value for QoS.
localhost	Globally configures CUBE to substitute a DNS hostname or domain as the localhost name in place of the physical IP address in the From, Call-ID, and Remote-Party-ID headers in outgoing messages.
max-conn	Specifies the maximum number of incoming or outgoing connections for a particular VoIP dial peer.
max-forwards	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Globally sets the maximum number of hops, that is, proxy or redirect servers that can forward the SIP request.
media	Enables media packets to pass directly between endpoints without the intervention of CUBE, and enables signaling services.
media disable-detailed-stats	Disables the collection of detailed call statistics.
media profile asp	Creates a media profile to configure acoustic shock-protection parameters.
media profile nr	Creates a media profile to configure noise-reduction parameters.
media profile stream-service	Enables stream service on CUBE.
media profile video	Creates a media profile video.
media-address voice-vrf	Associates an RTP port range with VRF.
media-inactivity-criteria	Specifies the mechanism for detecting media inactivity (silence) on a voice call.
midcall-signaling	Configures the method that is used for signaling messages.
min-se	Changes the minimum session expiration (Min-SE) header value for all the calls that use the SIP session timer.
nat	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Uses SIP Network Address Translation (NAT) global configuration.
nat media-keepalive	Enables media keepalive packet transmission for the specified interval of time.
notify redirect	Enables application handling of redirect requests for all VoIP dial peers.
notify ignore substate	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Specifies Ignoring the Subscription-State header in a Notify message.
notify telephone-event	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Configures the maximum interval between two consecutive NOTIFY messages for a particular telephone event.
num-exp	Defines how to expand a telephone extension number into a particular destination pattern.
options-ping	Enables in-dialog options.
outbound-proxy	Configures a SIP outbound proxy for outgoing SIP messages globally.
pass-thru content	Enables the pass-through of SDP from in-leg to the out-leg.
permit hostname	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Stores hostnames used during validation of initial incoming INVITE messages.
privacy	Sets privacy support at the global level as defined in RFC 3323.
privacy-policy	Configures the privacy header policy options at the global level.
progress_ind	Configures an outbound dial peer on a CUBE to override and remove or replace the default progress indicator in specified call messages.
protocol mode	Configures the Cisco IOS SIP stack.
random-contact	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Populates an outgoing INVITE message with random-contact information instead of clear-contact information.
reason-header override	Enables cause code passing from one SIP leg to another.
redirect ip2ip	Redirects SIP phone calls to SIP phone calls globally on a gateway.
redirection	Enables the handling of 3xx redirect messages
referto-passing	Disables dial peer lookup and modification of the Refer-To header when the CUBE passes across a REFER message during a call transfer.
registrar	Enables SIP gateways to register E.164 numbers on behalf of analog telephone voice ports (FXS), IP phone virtual voice ports (EFXS), and SCCP phones with an external SIP proxy or SIP registrar.
rel1xx	Enables SIP provisional responses (other than 100 Trying) to be sent reliably to the remote SIP endpoint.
remote-party-id	Enables translation of the Remote-Party-ID SIP header.
requri-passing	Enables pass-through of the host part of the Request-URI and To SIP headers.
retry bye	Configures the number of times that a BYE request is retransmitted to the other user agent.
retry invite	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Configures the number of times that a SIP INVITE request is retransmitted to the other user agent.
rtcp all-pass-through	Passes through all the RTCP packets in the datapath.
rtcp keepalive	Configures RTCP keepalive report generation and generates RTCP keepalive packets.
rtp payload-type	Identifies the payload type of an RTP packet.
rtp-media-loop count	Configures the number of media loops before RTP voice and video media packets are dropped.
rtp-port	Configures the real-time protocol range.
rtp-ssrc multiplex	Multiplexes RTCP packets with RTP packets and sends multiple synchronization source in RTP headers (SSRCs) in an RTP session.
secure-ciphersuite	Configures the cipher suites (encryption algorithms) to be used for encryption over HTTPS for a WebSocket connection in CUBE.
session refresh	Enables SIP session refresh globally.
session transport	Configures a VoIP dial peer to use TCP or UDP as the underlying transport layer protocol for SIP messages.
set pstn-cause	Maps an incoming PSTN cause code to a SIP error status code.
set sip-status	Maps an incoming SIP error status code to a PSTN cause code.
signaling forward	Configures global settings for transparent tunneling of QSIG, Q.931, H.225, and ISUP messages.
silent discard untrusted	Discards SIP requests from untrusted sources in an incoming SIP trunk.
sip-server	Configures a network address for the SIP server interface.
srtp	Specifies that SRTP be used to enable secure calls and call fallback.
srtp negotiate	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Enables the Cisco IOS Session Initiation Protocol (SIP) gateway to accept and send a Real-Time Transport Protocol (RTP) Audio/Video Profile (AVP) at the global configuration level.
stun	Enters STUN configuration mode for configuring firewall traversal parameters.
stun flowdata shared-secret	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Configures a secret shared on a call control agent.
stun usage firewall-traversal flowdata	Enables firewall traversal using STUN.
supplementary-service media-renegotiate	Globally enables midcall media renegotiation for supplementary services.
timers	Configures SIP-signaling timers.
transport	Configures the SIP user agent (gateway) for SIP signaling messages in inbound calls through the SIP TCP, TLS over TCP, or UDP socket. This command supports TLS version 1.3 and all associated ciphers.
uc secure-wsapi	Configures a secure Cisco Unified Communication IOS services environment for a specific application.
uc wsapi	Configures a nonsecure Cisco Unified Communication IOS services environment for a specific application.
update-callerid	Enables sending updates for caller IDs.
url (SIP)	Configures URLs to either the SIP, SIP secure (SIPS), or telephone (TEL) format for your VoIP SIP calls.
vad	Enables VAD for calls using a specific dial peer.
video codec	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a.
voice cause code	Sets the internal Q850 cause code mapping for, voice and enters voice cause configuration mode.
voice class codec	Enters voice-class configuration mode and assigns an identification tag number for a codec voice class.
voice class dpg	Creates a dial-peer group for grouping multiple outbound dial peers.
voice class e164-pattern-map	Creates an E.164 pattern map that specifies multiple destination E.164 patterns in a dial peer.
voice class media	Configures media control parameters for voice.
voice class server-group	Enters voice-class configuration mode and configures server groups (groups of IPv4 and IPv6 addresses) that can be referenced from an outbound SIP dial peer.
voice-class sip options-keepalive	Monitors connectivity between CUBE VoIP dial peers and SIP servers.
voice class sip-copylist	Configures a list of entities to be sent to the peer call leg.
voice class sip-event-list	Configures a list of SIP events to be passed through.
voice class sip-hdr-passthrulist	Configures a list of headers to be passed through the route string.
voice-class sip nat media-keepalive	Configures media keepalive to enable media keepalive packets to be transmitted for the interval specified.
voice class sip-profiles	Configures SIP profiles for a voice class. Configuring a sip profile, request REGISTER sip-header Authorization modify "550\"," [550@dl.ims.airtel.in\|mailto:550@dl.ims.airtel.in]", on a device throws a warning message: `Device# show run sec sip-profiles voice class sip-profiles 4 rule 2 request REGISTER sip-header Authorization modify "550\"," "[550@dl.ims.airtel.in\|mailto:550@dl.ims.airtel.in]""`
voice class srtp-crypto	Enters voice class configuration mode and assigns an identification tag for an srtp-crypto voice class command.
voice class uri	Creates or modifies a voice class for matching dial peers to a SIP or TEL URI.
voice class tls-cipher	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Configures an ordered set of TLS cipher suites.
voice class tls-profile	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Enables voice class configuration mode, and assigns an identification tag for a TLS profile.
voice iec syslog	Enables viewing of internal error codes as they are encountered in real time.
voice statistics iec	Enables collection of internal error code statistics.
xfer target	Minimum supported releases: Cisco vManage Release 20.10.1 and Cisco IOS XE Catalyst SD-WAN Release 17.10.1a. Routes the INVITE to the refer-to destination in the REFER consume case. The routing decision is made based on the xfer target destination.

SRST Commands

The following table lists the commands that are supported by Cisco Catalyst SD-WAN CLI templates for SRST. Click a command name in the Command column to view information about the command, its syntax, and its use.

Table 3. Cisco Catalyst SD-WAN CLI Template Commands for SRST
Command	Description
http client secure-ciphersuite	Sets the secure encryption cipher suite for the HTTP client.
transport-tcp-tls (call-manager-fallback)	Configures a specific TLS version for Unified Secure SCCP SRST, in call-manager-fallback mode.

Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x

Bias-Free Language

Book Title

Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Catalyst SD-WAN Release 17.x

Chapter Title