Juniper WLC Licensing + Cluster - Update

So Juniper wireless licensing as I know it has changed! Previous I thought it was the same as Cisco where you had to have enough licenses per controller to handle all APs should a single controller fail but this is no longer the case.

The way that AP licensing now works on Juniper WLC is that WLC can burst up to double their current installed license count as long as they have installed the HA license: WLCXXX-HA-RTU

Therefore if you have 100 APs, each WLC can have 50APs licensed and the HA license, this allows up to 100 APs in the event of a single AP failure.

One note on this is that you do not require the HA-RTU license in order to cluster Juniper WLCs. The only thing that the HA-RTU license grants you is the ability to burst to double the installed license capacity. Clustering is configurable without it, but each WLC will be limited to the number of AP licenses is currently has installed.

Here is a great description of Juniper WLC Clustering I was given:
A cluster is something you create inside a mobility domain which enhances the reliability and redundancy features in a mobility domain. A mobility domain does provide controller redundancy but an AP needs to reboot in order to find the redundant controller. If you enable A/A clustering it provides stateful peering between controllers therefore the APs do not need to reboot during controller failure. This is a powerful feature specific to Juniper which clients like for ISSU and unplanned outages. A mobility domain supports up to 64 WLCs from which a maximum of 32 can participate in a A/A cluster (currently max size of a cluster is 4096 APs) . Clustering provides the following benefits:

o   Hitless Failover (AP switches to secondary AP manager subsecond)

o   Hitless software failover

o   AP load balancing (automatic balancing of all APs across all clustered WLCs in your mobility domain)

o   Cluster configuration - you define your complete wireless configuration once on the seed

Juniper Clustering is great because of the truly hitless failover, the WLC are configured in a A/A cluster and when controllers are clustered each AP maintains connectivity with it's Primary AP Manager (PAM) and Secondary AP Manager (SAM), the PAM propagates client sessions to the SAM. For voice, once a call is setup, local switching would occur to avoid any issues with latency caused by tromboning traffic via a controller. Data can also be locally switched which is great because you can choose how extensively you want to implement local switching choosing when to use either local or central switching. An AP failure is not even considered as 'system failure’, it is seen as a roaming event. The nearby AP taking over the session will not distinguish between ‘nearby AP failure’ or ‘user approaching AP with better signal strength’.

ISSU works in a similar fashion when running a virtual controller cluster. APs without sessions are targeted first and those with sessions take neighbouring APs into consideration allowing session roaming to neighbours before updating the now session free AP.

Webinar: Cisco VIC Advantages

I'm going to start recording all my notes from Webinars which I attend, also with a link to the webinar recording. So here is my first:

Cisco VIC Advantages:

• VIC cards are managed by CIMC, the VIC it has extra copper pins on the board, so it can be managed via the CIMC without the server being powered on, unlike generic interfaces on other servers which require the server to be powered on and a keystroke hit.
•   FIP mode (Fibrechannel initialization mode) allows the port to do FCoE
• VNTAG mode = Adapter FEX mode / NIV Mode
• VIC firmware can be managed out of band on CMIC. It’s not reliant on the OS, it can be done out of band. Flash is actually on the adapter, 2 locations, 1 for the active and one for the backup firmware.
• This means firmware can be put on a adapter without affecting the operation, just put a new firmware in the backup flash location then change the firmware over to make it active later on.
• Firmware is loaded per card, so if there are 2 cards in the UCS server you need to upload the new firmware to each VIC
• Classical Ethernet mode is IEEE 10Gig Ethernet, it can be used to connect to any vendors 10 Gig switches
• vNICs can be swapped between the physical uplink ports. For example if a switch on uplink port 1 goes down the vNICs can be swapped over to port 
• Classic Ethernet mode the failover is manual
• Adapter FEX can be automatic
• VICs are only available in Cisco servers, the reason is because there is no option ROM, it can only be configured via CIMC

Recording Links:

WebEx recording: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00050777
PDF: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00050781
MP4: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00050848

E1 ISDN G703 Cisco VIC cards

So this is something which has always confused me, which interface to choose when connecting to a ISDN30 being used for voice and what the difference is. Here is the information I've picked up from researching this:

PRI ISDN is a service which operates on top of an E1 circuit.

VWIC3-1MFT-G703 vs VWIC3-1MFT-T1/E1
The difference here is essentially if you want framed or unframed E1.
Unframed (G.703) allows you to use the full bandwidth of the circuit (2048kbps), this mode is not often given and is more costly.
Framed E1 gives you 1984kbps bandwidth because timeslot 0 is reserved for signalling and sync

The E1 connector is either 2 pairs (RX and TX) on a single RJ48 interface or 2 x BNC coax.

Sources:
http://www.farsite.com/cable_standards/G.703_E1_ANSI_T1.403_T1.shtml

CUCM UCL License types

The license types available for UCL are the following:

Essential
Basic
Enhanced
Enhanced Plus
Public Space
Telepresence

The different licenses allow different things as shown on this page:
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6882/ps9156/product_solution_overview0900aecd806cc7a4.html

However Just a couple of notes:
Public space licenses are exactly that, for use on public space devices such as conference phones and other public phones. There is no user profile attached to a public space phone, if you need an employee extension on the device you need the enhanced license.
Public Space phones are going away in UCL 9.0 and onwards, to be replaced with enhanced licenses.

Below is a good graphic which shows the licenses for each phone in UCL version 9.0 onwards

Cisco C3750X vs C3750E Switches

Cisco has, fairly recently, made end of life a number of older 3750 switches end of life. The way forward with the 3X50 series are the C3750X and the C3850 switches and this depends on your exact features required as well as if you want to do unified access (CAPWAP termination on controllers built into access layer switches - and that's another story!). But the reason for my post is to document some of differences between the C3750E (end of life) and C3750X (the recommended replacement). This post focuses on how the C3750E and C3750X are different and similar.

The C3750X is very similar to the C3750E except it is more feature rich. They are both built on the same ASICs and switch fabric and both employ stackwise plus, so you can have stacks consisting of E and X switches. There are, however, a number of features available in the C3750X switches not available in the C3750E:

• Four optional uplink network modules with GE or 10GE ports
• PoE+ with 30W power on all ports in 1 rack unit (RU) form factor
• Dual redundant, modular power supplies and fans
• Cisco StackPower technology
• Media Access Control Security (MACsec) hardware-based encryption
• Flexible NetFlow and switch-to-switch hardware encryption with the Service Module
• USB Type-A and Type-B ports for storage and console
• Three software feature sets: LAN Base, IP Base, and IP Services(LAN Base is not available on the 3750E series)

There aren't any features on the E which isn't on the X, the only items which are worth considering are the 10Gigabit Ethernet modules - The C3750E has them built in where as the C3750X requires an additional module, the 10Gigabit interfaces are also different, X2 and SFP+. Lastly the backup is different - The C3750E uses RPS2300 where as the C3750X uses the XPS2200.

As a bonus, as long as the IOS is the same and a 10Gigabit module is installed the configurations should be compatible, I've not tested it but the theory is most definately there.

Cat6500 with SUP720-3B NAT performance figures

Here's a little query I had about performance figures for a Cat6500 with the SUP720-3B. The answers and some transcript is below:

Regarding static NAT on the Catalyst 6500 with Sup 720, we do not recommend configuring large numbers of static NAT entries on Supervisor 720 (100-200 entries is a safe ballpark figure, and should be adequate for most deployments).

Since NAT uses the NetFlow TCAM to store its entries, the total number of NAT entries depends on the forwarding engine being used :

Non-XL – 512K (Ingress / Egress)

XL – 512K Ingress, 512K Egress

The non-XL TCAM is shared for both directions, while the XL TCAMs are unique to each direction.

Cisco VMware parts

When buying VMware virtualisation software from Cisco there are 2 options available vSphere and vCenter.

vSphere is the the hypervisor software which enabled virtualisation on a server. Please note this is licensed per CPU.

vCenter is management software used to manage an estate of virtual machines. The licensing is per instance, so purchasing one vCenter license will allow you to manage a number of  virtual machines.

The maximums details for vSphere and vCenter can be found here:

http://www.vmware.com/pdf/vsphere5/r51/vsphere-51-configuration-maximums.pdf

Meetingplace 8.5 Scheduling, Call recording

I've done a previous port about Cisco Meetingplace 8.5 Licensing which lists a couple of different types of servers, here's the link for reference:
http://twhittle1.blogspot.co.uk/2013/04/meetingplace-85-licensing.html

But I've got a number of extra bits of information I want to get down so here is a follow up.

A web scheduling server is used to schedule meetings / calls through outlook or through a web interface. If this functionality is not required and only phone scheduling is needed then the web scheduler server isn't needed. A gotcha here is recordings, despite being a scheduler server it is required for recording meetings. 

With regards to the recordings, the Application (A/V) Server can store up to 1000 hours of audio recording or 160 hours of video recordings, and is limited to 100 simultaneous meetings being recorded.  Also note that each recording will consume an audio port so this will effect overall system capacity.

Cisco Unified MeetingPlace audio and video meeting recordings are initially stored only on the Application Server. Shortly after each recorded meeting ends, the Replication Service copies the meeting recording from the Application Server to the Web Server, where the recording is converted and stored for user playback.

Every day at 2 a.m. (local server time), the system deletes all recordings on the Application Server that are older than 24 hours. To display the available disk space for recordings (/mpx-record directory) on the Application Server, sign in to the CLI and enter df -k.

By default, the Web Server stores all recordings for meetings held on the server on a local disk. You can change the storage configuration to copy these items to an external backup location (such as a shared network drive on a dedicated storage server, a network-attached storage device, or a storage area network).  If the customer will have a large number of recordings, or would like to keep recordings for an extended period of time, using external storage will be needed.

If you want to record calls then the Web Server is practically mandatory. Using CUCM to initiate the recordings is definitely not a recommended option.  First of all, CUCM can initiate call recording but it doesn't "do" the call recording.  You would still need to add a 3rd party recording application.  Also, recording in CUCM pre-9.0 is not done on-demand, it is done via admin config or CTI invocation (MP is not CTI), and would turn on recording for all phones.  This means that all calls would be recorded, so you would have "x" number of copies of that meeting where "x" is the number of meeting attendees.  

Also, regardless of whether or not you have a version of CUCM that supports on-demand recording, there wouldn't be a good way of differentiating the calls that are an MP meeting from just normal calls in the recording database, so it would be difficult to manage and retrieve the recordings.  All calls would just look like a phone call that "phone x" made at this date/time, so you'd have to know which exact calls are an MP meeting.

WebEx audio entitlement with CUWL Pro subscription

If you look at the list of included items within CUWL pro you'll notice that WebEx social and WebEx meetings in in there, the following table is UC Licensing 9.0:

<--- You can see here WebEx listed.














Ignore WebEx Social for the time being because this the old Cisco Quad (social networking for the enterprise) very very good but not the subject of this post.

When you think of WebEx you normally think of a collaborative online meeting environment, which is audio, video, chat, slide show and an interactive white board. But what do you get with CUWL Pro? The quick answer is most of it, the longer answer is below...

First of all there are 2 options for WebEx with CUWL, Hosted (WebEx Meetings) or on-premises (WebEx Meeting Server). The Hosted version gives you a subscription to WebEx Meetings for 1 year (which can be increased to 3 or 5 years). One big note here is you get 1 port for every 10 CUWL users. So if you are deploying 100 CUWL users you will get 10 ports. A port allows 1 user to participate in a WebEx meeting, this can either be hosting a meeting or a participant. Ports don't have a bearing on the number of meetings you can have, so for the 10 port example this could be 1 meeting of 10 or 5 meetings of 2 etc. This service must be activated within 90 days otherwise you risk loosing days of the service.

The Hosted version requires that you have a dedicated server, virtual or otherwise, to install the WebEx Meeting Server software on. You don't have the concept of ports but rather "Meeting Server users" of which you get 1 Meeting Server user per CUWL Pro User, allowing everyone to take part in meetings. This is obviously better but you will have to host and maintain your own WebEx Meeting Server.

One other very important note is the audio minutes. Within the WebEx Meetings (both hosted and on-premise ) functionality you get unlimited VoIP minutes, meaning that all the users can join a WebEx meeting, user their USB headset / computer speakers and participate in the conference. WebEx also has the to dial in on the phone for free however someone has to front the bill for this and Cisco sells you this service in the form of audio minutes. If you do not pay for WebEx audio minutes your participants will only be able to participate using the computer audio. If you want a freephone number and particpants to be able to dial in you must purchase audio minutes, which are sold in minutes per month, here is an example top level part: L-WBX-AUDIO-5K. Audio license subscriptions must run in line with the WebEx data subscription.

References:
Cisco UC Licensing version 9.0
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6882/ps9156/product_solution_overview0900aecd806cc7a4.html

Cisco CUBE and SIP Trunks

SIP trunking is becoming more common place nowadays so here is a little post containing information and some specific references to CUBE - The Cisco Unified Border Element.

First off SIP trunks can be used for a number of different applications but a popular use, and the one I'm describing here, is to replace traditional connectivity to the PSTN. A SIP trunk can be provided by a ITSP (Internet Telephony Service Provider), the ITSP then provides the connection to the PSTN. The primary advantages are cost and scalability, a SIP trunk often connects over Ethernet (Gigabit or Fast Ethernet) and so has a much higher scalability for calls compared to traditional circuits.

The 3 basic components would be
1) The SIP Trunk from the ITSP
2) A Border Element which is essentially a gateway between the IP PBX and the ITSP
3) A PBX, IP or Otherwise

In a Cisco environment element 2 is a router with CUBE licensing on it, often just referred to as a CUBE. A CUBE router requires the relevant UC licenses, such as the UC package license for the ISRG2's, DSPs for translating between calls with different codecs, CUBE licenses and appropriate interface, most commonly Ethernet but check with the ITSP.

CUBE Licenses are cumulative and licensed based on a number of sessions. An example is:
FL-CUBE-25

CUBE is defined as an IPIPGW (i.e. H.323-SIP, SIP-SIP or H.323-H.323 dial-peer connections, using the "voice service voip > allow-connections" CLI). Gatekeeper is defined as the H.323 GK functionality (and "gatekeeper" CLI). Meaning the SIP trunk to Provider network requires a CUBE license.

You do not need a CUBE license for a SIP trunk built directly between CUCM clusters. For example:
|<-----------------------signaling--------------------------------->|
IP Phone----CUCM Cluster 1-----------IP WAN--------------------CUCM Cluster 2-----TDM GW--------External Phone

You do need a SIP trunk license when you use a gateway to terminate the CUCM signalling (and often media as well) and re-generate the signalling to the SIP trunk provider or third party PBX. For example:
|<---signaling--------->|<-----------signaling---------->|
IP Phone-----CUCM Cluster------------------29xxGW-----------------------SIP provider/third party IP PBX-------External Phone 


References:
What is SIP Trunking?
http://www.siptrunk.org/whatissiptrunking.php

CUBE FAQ (2011)
https://supportforums.cisco.com/docs/DOC-17964

CUBE v8.8 datasheet
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps5640/product_data_sheet09186a00801da698.html

Power Cube 4 wont fit in 7900 series IP Phones

Here's an interesting item I've just discovered and worth remembering:

Is CP-PWR-CUBE-4= compatible with the 7900 series phones?

A: No this power cube is for the new 8900/9900 phones, compatible with Communications Manager. The power tip is different size, won't fit in other phones.

So now we know!

Cisco UCL vs UWL (CUWL)

Cisco UCL and UWL are two types of licensing for Cisco IP Telephony deployments. The top level difference between them is that UCL is licenced per user per application, where as UWL is just licensed per user. CUWL licensing covers many more applications than UCLand because of this costs more is you compare a set of UCL licenses with a set of UWL licenses, however UCL only covers one application so if you are doing more than call processing UCL starts getting expensive.

For example if you want call processing and voicemail you can either buy one CUWL license per user or 2 UCL licenses per user (one for call processing and the other for voicemail).

This is a great quick reference:
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6882/ps9156/product_solution_overview0900aecd806cc7a4.html

Cisco UCS C-Series RAID controller notes

Software embedded RAID controllers (UCSC-RAID-ROM5 and UCSC-RAID-ROM55) are not supported by virtualisation software so a physical RAID controller would be required for use in a vmware host.

The Intel Romley architecture removes the IO Hub and directly maps the PCIe lanes to the processor logic. In the C220M3, the Mezz slot (used by UCSC-RAID-11-C220 and UCSC-RAID-MZ-220) and PCI Slot 2 are both mapped to CPU2, therefore in a 1-CPU configuration, the Mezz slot and PCI slot 2 are unavailable for use.

The C220 M3 spec sheet provides information on supported RAID card configurations from Page 21.

http://www.cisco.com/en/US/prod/collateral/ps10265/ps10493/C220M3_SFF_SpecSheet.pdf

MeetingPlace 8.5 licensing

MP8-UCM8-NODE - This is now part of MP8X-AV-SVR-K9 underneath the MeetingPlace top-level part number MP8X-SW-K9.  The A/V server software is the core of MeetingPlace and is the actual software that runs your conferences.

MP8-WEBSCHED - This is either MP8X-WB-MCS-K9 or MP8X-WB-UCS-K9, underneath that same top-level part number MP8X-SW-K9.  You would choose the MCS part number if deploying on an MCS server, and the UCS part number if deploying virtually (on a UCS server).  Please note that this is an optional component.  If you are doing scheduling through the phone you will not need this server.  The web scheduler component requires a separate server to the A/V server, it doesn't currently support co-residency. 

MP8-AUDIO - This was the old method of licensing users.  With MeetingPlace 8.5 users are now licensed using the part number L-MP8X-USR-1 under the top-level part number L-MP8X-LIC.  MeetingPlace users are both audio and video users now, and not licensed separately. 

I've written a further post on Meetingplace 8.5 which can be found here:
http://twhittle1.blogspot.co.uk/2013/04/meetingplace-85-scheduling-call.html

WCS Unsupported Access Points - 1600/2600/3600

WCS has pretty much reached the end of it's development cycle. It's not currently EOL (March 2013) but the capabilities have been built into Prime Infrastructure and this is where the development and research will go.

WCS does not support the newest 1600/2600/3600 access points, this is because these access points support features (Clean Air, Client Link 2.0) which WCS does not and there is very little development in it going forward.

Cisco Meeting Place vs Cisco WebEx Meeting Server

This is a little tricky because my knowledge is very sparse on the subject but I wanted to make a quick note with what I currently have:

Cisco WebEx Meeting Server is new and similar to Meetingplace however it is not actually the replacement... yet. Cisco hasn't (April 2013) announced the EOL / EOS for Meetingplace but I can't imagine it's that far away. WebEx Meeting Server is a more feature rich solution and carries more focus and development.

The advantage which Meetingplace still carries is scalability, if you need more than 100 attendees on a single call then Meetingplace is the recommended solution.

Here is the link to the Unified Comms Apps Ordering Guide for reference:

http://www.cisco.com/web/partners/downloads/partner/WWChannels/technology/ipc/downloads/ucapps_og.pdf

Cisco 3850 as a Wireless LAN Controller

Using 3850's as WLC is a relatively easy feat you just need the 3850 switch with IP Base or IP Services and finally a number of AP licenses equal to the number of access points. Remember that a single switch can have up to 50 access points, and a switch stack can have up to 50 APs as well.

Example part numbers might be:

WS-C3850-24T-S

LIC-CTIOS-1A

One thing that threw me initially on the data sheet is the below part number:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/data_sheet_c78-720918.html

L-LIC-CT3850-UPG

It bills it as an upgrade license so I assumed it was required to upgrade the switch enabling the WLC. This is not the case. This part is a top level part used to add additional licenses to an existing 3850 switch.

Nexus 7004 Architecture

The Cisco Nexus7004 is a 4 slot chassis, which comprises of 2 supervisor slots and 2 line card slots, 2 power supplies and 5 fabric channels.

The fabric channels are a little unique to the 7004 because although they are similar to the fabric2 modules, operating at up to 110Gbps each they are hardwired into the switch so they are not removable or upgradable. To allow for central arbitration and a management connection between the modules and supervisors one of the fabric modules is reserved for this, making the potential system fabric speed 440Gbps.

The above figure is dependant on the modules used in the chassis. Because there is only 2 slots the bandwidth between the two cards will be dependant on the slowest line, up to the potential 440Gbps.

Below is a picture showing the architecture.

ASA, support and IPS signatures

Here's a specific  issue I ran into which I'll document here for reference, and maybe it'll stop someone else getting the same problem.

When buying an ASA firewall, if you want to use IPS you will need signature updates from Cisco. There is little point running IPS without signature updates because outdated security doesn't really help anyone.

A confusing point I found is that if you are a partner ordering partner support some ASA firewalls don't let you select a IPS signatures support level in the CCW, only the standard support levels without IPS updates. This is a strange omission and hopefully it will be fixed at some point but for now (March 2013) it's not.

Therefore to get IPS signature updates on ASA firewalls, You order an ASA with support, for example:

ASA5512-IPS-K9
CON-PSRT-A12IPS9    (This is partner support so will only be available to applicable partners)


And then once the device arrives (or when you have the serial number) you can order a SUSA IPS signatures service. it cannot be done all together at point of order.

After the contract has been generated (post shipping), the secondary coverage for Cisco IPS signature updates can be quoted or ordered in Cisco Service Contract Center (CSCC). You will need to use the serial number of the device that was shipped before you can create a quote for the IPS signature updates. 

Cisco Services for IPS:
http://www.cisco.com/en/US/services/ps2827/ps6076/services_qa0900aecd8022e96e.pdf

Cisco Communications Manager 40,000 plus deployments

The maximum device count for a standard Communications Manager 9.0 Cluster is 40,000 devices, either SCCP or SIP, secured or unsecured devices:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/9x/callpros.html#wp1287334

If you need more than this you have a couple of options. A "Mega Cluster" is an expansion which increases the device count to 80,000 devices, more information in the above link. Essentially it is additional subscriber nodes, up to 8, allowing for the 80,000 devices. The Mega Cluster can also be used to extend the number of sites from 8 to 16. The Mega Clister contains a maximum of 21 servers, 16 subscribers, 1 publisher, 2 TFTP, 2 MoH.

Another way to increase the number of devices supported above 40,000 would be to run multiple instances of CUCM. This may also be required if you need more than 8 locations.

Design Guidelines for Multisite Deployments

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/9x/dialplan.html#wp1150060

Additional Considerations for Multi-Cluster System

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/9x/dialplan.html#wp1150088

Cisco UCS Servers - Spare CPUs

When replacing or buying a new CPU for a Cisco UCS server, or any server for that matter, you have to consider more than just the CPU itself, specifically the heat sink and thermal paste. These are low value items when compared to the CPU they are going with but will be enough to mess up an installation so are important.

When you get a new CPU for a UCS server, for example a UCS-CPU-E5-2690= for a C220M. You alos need the relevant heat sink, for example UCSC-HS-C220M3= and the thermal paste (grease) to apply between, for example: UCS-CPU-GREASE2=

FET-10G= Hidden SKU

You might come across the same issue I did when trying to order FET-10G as spare parts. Ordinarily these items come as part of a larger build, Nexus for example, however what do you do if you want to order some on their own say as spares?

We it turns out the correct part code is:
FET-10G=

And although it's not on the pricing tool, price list, or the DCT, it is orderable. it comes up on the CCW and the ordering tool (so I'm told, I've not tried the ordering tool myself).