What is CUBE on CUCM?

Cisco Unified Binding Element (CUBE) enables users to make inbound and outbound calls via their Internet Telephony Service (ITSP). This is extremely helpful when there is a need to connect your ITSP to some sort of Public Switched Telephone Network (PSTN) infrastructure.

If CUBE is used correctly, it will eliminate the need to connect to an FXO port or other physical connection all together. In this post, we will discuss what CUBE is, how it works, and the different features it can provide to assist your organization.

What is CUBE?

One of the best ways to think of CUBE is as a voice gateway. While there may be slight differences, the analogy holds up. For instance, a voice gateway acts as an interceptor between two calls. It allows the telephonic infrastructure to connect to the telecommunications provider; however, it needs a T1 port or FXO. CUBE works in a similar fashion, however, it is not reliant on analog ports at all. CUBE functions entirely with VoIP.

Another important thing to remember is that a CUBE is not a piece of hardware in and of itself. It is just a router, and it is up to the network engineer to make it a CUBE via the Cisco Unified Communications Manager (CUCM) and the router itself. Learn here:

So, when you see CUBE, think of it as a gateway with VoIP on either side. In fact, CUBE had been originally called IP to IP Gateway. Unlike a traditional voice gateway, CUBE really shines with the amount of additional functionality it provides. One such feature is protocol interworking. Let's describe what that is and how it can help your organization.

What is Protocol Interworking?

Protocol interworking is the ability to receive Inbound calls in one protocol, and send outbound calls in another protocol. This is generally seen between Session Initiation Protocol (SIP) and H.323 protocol. In other words, you can have SIP outbound and H.323 inbound, vice versa, or both as the outbound and inbound protocols.

CUBE provides plenty of flexibility in this respect, after all, it's just 1's and 0's in the end. Not only can CUBE provide protocol interworking, it can obfuscate VoIP addresses as well. Let's touch address hiding, and how it can assist in preventing hackers.

What is Address Hiding?

Address hiding is the ability to obfuscate internal IP addresses from the public internet. In terms of ITSP, this can easily be accomplished with CUBE. In a CUBE setting, the external service provider will only know the IP address of the CUBE that it is hooked into. Conversely, the internal communication network will only know the IP address of the CUBE when they need to make outbound calls.

Another great feature of CUBE is that it allows certain IP addresses to be whitelisted. That way only authorized IP addresses can be placed inbound or outbound. This is to mitigate the possibility of a Distributed Denial of Service (DDoS) attack. A DDoS works by sending millions of requests from numerous different IP addresses—so if those IP addresses aren't allowed then there is no issue.

Thinking of CUBE as a Restaurant

While that may not be completely clear, think of it in terms of a restaurant. A restaurant has chefs, waiters, and patrons. The patrons do not make requests directly to the chefs, they do so through the waiters, an intermediary. Things would get chaotic quickly if the patrons walked into the kitchen and made orders. In this analogy, the chef is the external network, the waiter is the CUBE, and the patrons are the internal network.

Instead, the patrons talk to the waiter who then relays the information to the chef. Furthermore, the patrons can only select from a whitelisted menu. They cannot order whatever they want, and the waiter enforces that. This is just like CUBE's ability to whitelist/blacklist certain IP addresses to prevent malicious activity. Similarly to our VoIP infrastructure, only the waiters know the identity of the outbound and inbound actions.

CUBE's Flexibility

In addition to CUBE's security features, it also provides high flexibility to meet an organization's needs. CUBE provides access to H.323 protocol's video call ability. This provides easy access to video conferencing with external entities. CUBE's flexibility also shines in its ability to configure both analog ports and IP ports. Even though it has this ability, it is still a good idea to divide these two functionalities.

In addition to video conferencing, CUBE can execute CAC. Call Admission Control (CAC) Let's talk a little bit about how CAC can enhance the throughput of your organization.

What is CAC?

CAC is a way to prevent oversubscription to a VoIP centric infrastructure. Think of CAC as a load balancer if you are familiar with networking. Let's say a network can process 24 calls at any one given time. After 24 calls, a busy signal is relayed because there are too many packets on the network.

CAC allows us to balance things out between different call hubs. Let's say the sales department of your organization is very call intensive, while the account receivable department makes very few calls. We don't want the sales department to be able to make twenty-four calls, because then we'll have reached our limit. CAC will mandate that sales can only make 20 calls, leaving four transactions reserved for departments that call less frequently but are important nonetheless. This is just one of the many ways that CAC can be used.

How is CUBE Configured?

CUBE configuration is a fairly involved topic, and can't be covered to completion in this post. We have an excellent training video on the subject that covers configuration and more.

To configure CUBE, you must ssh (secure shell) into your router. In order to determine whether or not CUBE is active, type cube status and hit enter. This will display a message telling you whether or not it is active. Assuming it is not active, type mode border-element. This will give you a list of options, but license is the one you're looking for. It will look something like the image below:

HQ-CUBE#show cube status

At this point, it is understood that you know how many licenses you plan to buy for CUBE. A license capacity indicates how many concurrent calls are authorized on the the CUBE. Type license capacity <amount of licenses> to activate CUBE.

HQ-CUBE(conf-voi-serv)#mode border-element license capacity 100

Please note your need to save and reload the router for this configuration change to be effective. Once that is complete, save and reload the router and the very, very basics of configuration are complete.

Final Thoughts

In this post we discussed in depth what CUBE is, what it can do for our organization, and how to apply licenses in the router. CUBE provides excellent security features such as Address Hiding out of the box, load balancing features like CAC, and protocol interworking. 

Remember that CUBE is essentially a voice gateway, but for SIP and H.323 protocols. By learning, applying, and configuring CUBE and its features you will become an invaluable member of your IT organization. Learn CUBE with CBT Nuggets today!