Академический Документы
Профессиональный Документы
Культура Документы
BRKCDN-1116
@ciscoliveeurope, #CLEUR
Housekeeping
We value your feedback- don't forget to complete your online session evaluations after each session & the Overall Conference Evaluation which will be available online from Thursday
Visit the World of Solutions and Meet the Engineer
BRKCDN-1116
Cisco Public
Agenda
BRKCDN-1116
Cisco Public
BRKCDN-1116
Cisco Public
Cisco UCM
2. HTTP POST (XACML Request with call info) 3. HTTP 200 OK (XACML Response with policy decisions & obligation) 4. Unified CM routes the call based on the policy decision and obligation
Route Server
A route server hosting call routing policy running web service for Unified CM External Call Control.
1. Call
5. Setup
BRKCDN-1116
Cisco Public
a standards-based XML-based language XACML Response consists of a Decision and an Obligation Obligation encoded in Call Instruction XML (CIXML), routing instructions customized to Unified CM Example applications provided for developing web services for Unified CM ECC
BRKCDN-1116
Cisco Public
ECCP permits configuration of two URIs for redundancy (active & standby) or for load balancing
ECCP also specifies
Timeout value for call routing response
Call treatment on failure Calling search space for call diversion
BRKCDN-1116
Cisco Public
BRKCDN-1116
Cisco Public
Calling or Called Party numbers can be masked or changed using translation patterns as needed
Reduces configuration Enables large groups of numbers to receive route treatment
BRKCDN-1116
Cisco Public
10
BRKCDN-1116
Cisco Public
11
The number that Unified CMs translation pattern wants to convert the calling and called number to. In our reference dial plans, the transformed value is usually the globalized number of the caller and called party
*
BRKCDN-1116
Cisco Public
12
<Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:accesssubject"> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="requestor"> <AttributeValue>CISCO:UC:UCMRoute</AttributeValue> </Attribute> <Attribute AttributeId="urn:Cisco:uc:1.0:callingnumber DataType=http://www.w3.org/2001/XMLSchema#string> <AttributeValue>+19725550101</AttributeValue> </Attribute> <Attribute AttributeId="urn:Cisco:uc:1.0:callednumber DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>50102</AttributeValue> </Attribute> <Attribute AttributeId="urn:Cisco:uc:1.0:transformedcgpn DataType=http://www.w3.org/2001/XMLSchema#string> <AttributeValue>+19725550101</AttributeValue> </Attribute> <Attribute AttributeId="urn:Cisco:uc:1.0:transformedcdpn DataType=http://www.w3.org/2001/XMLSchema#string> <AttributeValue>+19725550102</AttributeValue> </Attribute> </Subject>
13
BRKCDN-1116
Cisco Public
14
Obligation overview:
CIXML block contains specific instructions on how the call will be routed and treatment should be applied
CIXMLs obligation must be consistent with route decision. If it is not, Unified CM obeys the route decision, not the obligation
BRKCDN-1116 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
15
resetCallHistory: The last call hop or all previous call hops will be removed from the call history. Useful when sending call to voicemail.
BRKCDN-1116 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
16
BRKCDN-1116
Cisco Public
18
Failure Treatment
Unified CM applies failure treatment in the following situations:
Unified CM fails to establish connections to the Route Server Unified CM cannot parse the response for the route decision or call routing directive Unified CM receives 4xx or 5xx from Route Server Unified CM times out waiting for a response
Failure treatment is specified in the External Call Control profile; the treatment is either Allow Calls or Block Calls If the failure treatment is Allow Calls, the call is routed to the current destination, as if a permit decision with a continue directive is received
If the failure treatment is Block Calls, the call will be cleared, as if a deny decision with a reject directive is received
When a failure occurs, an alarm will be logged
BRKCDN-1116
Cisco Public
42
All nodes (Publisher and all Subscribers) in a Unified CM cluster will establish a connection to the route server for parallel/simultaneous queries at high call rate.
The connection is always enabled on all nodes. The Route server should be configured to expect Route Requests from all nodes. URIs in External Call Control determine if HTTP or HTTPS connections are established
BRKCDN-1116
Cisco Public
43
Security
Unified CM accepts self-signed certificates as well as certificates signed by trusted CA Unified CM conducts the following verifications when authenticating the server:
Verification of host: Check whether the certificate subject name matches the servers host name
Verification of peer: Check whether the signature of the certificate is issued by the trust CA in the trust store or if it matches the imported certificates in the trust store for a self-signed certificate
BRKCDN-1116 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
44
BRKCDN-1116
Cisco Public
45
BRKCDN-1116
Cisco Public
47
BRKCDN-1116
Cisco Public
49
Support XACML Call Routing request as specified in Cisco Unified Route XML API specification
BRKCDN-1116
Cisco Public
51
Make sure your application responds to the Keep-Alive requests from Unified CM (HEAD Requests)
Dont forget to turn on the Media Streaming service if you want custom announcements
BRKCDN-1116
Cisco Public
52
Enhanced the XML Parser to improve the handling of whitespace in the route request
- Ignored data that only contained whitespace - Remove whitespace from data that could interfere with string matching while processing route requests
BRKCDN-1116
Cisco Public
54
2. AttributeId urn:oasis:names:tc:xacml:1.0:subject:role-id
3. AttributeId urn:Cisco:uc:1.0:callingnumber 4. CallingNumber:
2010 5. AttributeId urn:Cisco:uc:1.0:callednumber 6. CalledNumber: 2011 7. AttributeId urn:Cisco:uc:1.0:transformedcgpn 8. TransformedCgpn: +19728132010 9. AttributeId urn:Cisco:uc:1.0:transformedcdpn 10. TransformedCdpn: +19728132011 11. AttributeId urn:oasis:names:tc:xacml:1.0:resource:resource-id 12. AttributeId urn:oasis:names:tc:xacml:1.0:action:action-id 13. AttributeId urn:Cisco:uc:1.0:description 14. endElement Request
BRKCDN-1116 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
55
In the rest of the parser, you can then check the status of debug before logging any debug output:
- if self.debug: print 'characters are spaces'
BRKCDN-1116
Cisco Public
56
Enhanced Way
def characters(self, ch): if ch.isspace(): # Characters are spaces ch = '' else: # Strip any whitespace chStrip = ch.strip() if self.isCallingNumber == 1: self.CallingNumber = chStrip self.isCallingNumber = 0
BRKCDN-1116
Cisco Public
57
CISCO:UC:UCMPolicy 7. chStrip len is 18 , value is CISCO:UC:UCMPolicy 8. characters are spaces 9. characters are spaces 10. AttributeId urn:Cisco:uc:1.0:callingnumber 11. characters are spaces 12. ch len is 11 ch is 2010 13. chStrip len is 4 , value is 2010 14. CallingNumber: 2010
BRKCDN-1116 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
59
BRKCDN-1116
Cisco Public
60
Demo 1
Demo of Sample CURRI Application
1. Start the Sample Application as standalone web server:
cat sampleXacmlReq.xml
3. Use curl to POST the XACML Request and see Response:
BRKCDN-1116
Cisco Public
61
BRKCDN-1116
Cisco Public
63
BRKCDN-1116
Cisco Public
64
BRKCDN-1116
Cisco Public
65
Some sample configuration snippets from an Apache 2 default site configuration (/etc/apache2/sites-available/default):
1. WSGIDaemonProcess localhost processes=2 threads=15 displayname=%{GROUP} python-path=/var/www/wsgi-scripts 2. WSGIProcessGroup localhost
</Directory>
BRKCDN-1116
Cisco Public
66
Writing to a static-named temporary file in a multi-threaded web applicationprobably not a good idea!
- Let Python turn the string of POST data into a file-like object that can be passed to the XML Parser
Use Python Templates to make the responses a little more generic (and easier to read)
BRKCDN-1116
Cisco Public
67
BRKCDN-1116
Cisco Public
69
BRKCDN-1116
Cisco Public
70
BRKCDN-1116
Cisco Public
71
After the request processing is complete, the application end by returning the filled in output:
return [output]
BRKCDN-1116
Cisco Public
72
xacmlParser.setDebug(parserDebugLevel)
parser.setContentHandler(xacmlParser)
BRKCDN-1116
Cisco Public
73
BRKCDN-1116
Cisco Public
74
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
<cixml ver="1.0"> <divert> <destination> $destination </destination>
</divert>
<reason>$reason</reason> </cixml> </AttributeValue> </AttributeAssignment> </Obligation> </Obligations> </Result> </Response> """)
BRKCDN-1116 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
75
<divert>
<destination> $destination
</destination>
</divert> <reason>$reason</reason> </cixml>
BRKCDN-1116
Cisco Public
76
Demo 2
Demo of Sample CURRI Application ported to a WSGI-based Web Server:
1. View the contents of the sample XACML Request:
cat sampleXacmlReq.xml
2. Use curl to POST the XACML Request and see Response:
curl -k -H "Content-type: text/xml;" -d @sampleXacmlReq.xml http://172.16.43.121/curri1
BRKCDN-1116
Cisco Public
77
CURRI can enhance dial plans in ways that cant be achieved natively
- Block incoming calls based on calling number - Route incoming calls based on calling number
CURRI can be combined with data from other applications to route calls
- Use called number and presence from CUP to route call to available user without login/logout of hunt groups
BRKCDN-1116
Cisco Public
79
CAN leverage the XACML parser that was used for the sample policy application!
BRKCDN-1116
Cisco Public
80
BRKCDN-1116
Cisco Public
81
Use text files to store them; but you have to write a bunch of code to manage adding, deleting, searching
Use a real database to store them; would work, but potentially overkill
- Python extends its dictionary concept to persistent storage with shelves
- Acts like a database for adding, deleting, and searching
BRKCDN-1116
Cisco Public
82
BRKCDN-1116
Cisco Public
83
2. Check the database to see if it contains the calling number found in this route request
BRKCDN-1116
Cisco Public
84
BRKCDN-1116
Cisco Public
85
# Check to see if the number is already in the database if (key in numberDB): # Number is already in the database, block it blockNum = 1 else: # Number is not in the database, permit call blockNum = 0
# Close the database shelve numberDB.close() return blockNum
BRKCDN-1116
Cisco Public
86
theCallingNum = str(xacmlParser.callingNumber())
# Determine appropriate action and complete the response form
if (blockedNumber(theCallingNum) == 1): # Number is in the blocked call database, deny it response = rejectTemplate.substitute({'greetingID': '\"Custom_05001\"', 'reasonValue': 'call blocking'}) else: # Number should not be blocked, continue the call response = continueTemplate.substitute()
BRKCDN-1116
Cisco Public
87
BRKCDN-1116
Cisco Public
88
Add some database locking or consistency checking to manage conflicts Pretty up the web application, format the database display, add searching the database Add some validation of input phone numbers Track usage of blocked numbers
BRKCDN-1116
Cisco Public
89
Could use CURRI (along with some SME configuration) to route calls using ENUM lookups
BRKCDN-1116
Cisco Public
90
BRKCDN-1116
Cisco Public
91
4. CURRI application makes a DNS request for called number received in the route request 5. DNS server returns a URI that indicates the destination of the call
6. CURRI application extracts the server portion of the URI as the destination or next hop of the call
7. CURRI application converts the server into a routing code that SME can use to select a route (prefixed to the called number)
8. SME strips the routing code and sends the call to the appropriate Route List
BRKCDN-1116
Cisco Public
92
Additional Information
Cisco Developer Web Site:
- http://developer.cisco.com
mod_wsgi Documentation:
- http://code.google.com/p/modwsgi/
BRKCDN-1116
Cisco Public
93
Q&A
Recommended Reading
http://m.cisco.com/mat/cleu12/
BRKCDN-1116 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
96
BRKCDN-1116
Cisco Public
97
Thank you.
BRKCDN-1116
Cisco Public
98