Cisco Unified SIP Proxy (CUSP) License State Definitions

Available Languages

Download Options

  • PDF     (747.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (858.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (419.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 5, 2021
Document ID:211303

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document defines the different CUSP license states and describes how each license state affects call handling. CUSP uses Cisco Smart Manager to register and authorize licenses.

    You must have a valid account in Cisco Smart Manager to configure smart licensing for CUSP.

    Problem

    The CUSP license has different states, and each state causes CUSP to handle calls differently. Enforcement modes are described below.

    Enforcement Modes

    Enforcement modes determine the mode of license usage after the entitlement (license count) is requested.

    • Eval: When the CUSP state is unidentified or registered, the enforcement mode is Eval. The evaluation period is 90 days by default. Calls are allowed in this state. The evaluation period starts the moment that smart licensing is enabled. If registration or authorization requests fail, CUSP moves to Eval mode.

    • InCompliance: The license count requested to the server is within the purchased limits.

    • OutOfCompliance: The license count that was requested is more than the license count that is available (that is, more than the license count that was purchased in Cisco Smart Manager). The request is honored here and calls are allowed. There is no impact on call handling.

    • EvalExpired: The evaluation period has expired. Calls are not allowed in this mode.

    • AuthorizationExpired: The authorization period has expired. Calls are not allowed in this mode.

    This image summarizes the CUSP license states and the effect of each state.

    License States diagram

    Solution

    The Check License Usage state is based on the sum of the CUSP server's configured counts compared to the purchased license count. The Check License Usage state is not the real-time Call Per Second (CPS) count.

    You must check the number of licenses purchased and the usage from the Cisco Smart License website: https://software.cisco.com/#SmartLicensing-Inventory

    This image shows where to check the current CUSP license state from the CUSP Admin page.

    CPS Mechanism

    • The CPS check is different than the license usage check. For releases earlier than vCUSP 9.1.5, CUSP rejects calls immediately if the CPS check is over the configured license count. The response messages are either 500 or 503 error messages.

    • CUSP keeps count of the calls and records a snapshot every 30 seconds for a window time of five minutes. The average CPS for these five-minute records must be well under the license's limit. If the average goes higher than the limit, CUSP starts rejecting the calls. If the call volume stays consistently high, CUSP does not resume service until the CPS drops to the limit.

    • You must enable failed call logging to see rejected calls. This image shows where to enable the Failed Call Log.

      Enable Failed Call logging

    Message Flow and Contents

    Registration Request

    Token [ hash generated for the customer account in Smart Manager ]

    Software Tag Identifier (CUSP software ID)

    [UDI|SN#*] (CUSP generates an 11-character random string for SN)

    Certificate Signing Request

    Registration Message Response

    PEM-encoded Device ID certificate

    Product Instance Identifier

    Cisco Signing Certificate

    Signature [signed by Cisco Signing Cert]

    Device ID Certificate

    CommonName = GUID

    SN=PID:<PID>SN:<SN>

    Domain=has(logical account name)

    Validity Period =360 days

    MMI (Mother May I Request) Message

    Capability [Entitlement tags and counts]

    Client Nonce

    Product Instance Identifier

    Cisco Signing Cert SN#

    Signature [MMI signed by ID cert]

    MMI Response

    Signature

    Status

    Expiry

    Entitlement Tag

    Logs Analysis

    Registration

    23:43:53,400 277058 [RubyThread-6: file:/opt/CUSP/dsnrs/lib/cisco/ruby-gems-1.0.jar!/smart_agent.rb:161] DEBUG root - register received: id_cert_sn:970857, signing_cer:sub_ca_cert:2, renew_interval:15552000000

    23:43:53,421 277079 [RubyThread-6: file:/opt/CUSP/dsnrs/lib/cisco/ruby-gems-1.0.jar!/smart_agent.rb:161] DEBUG root - Registration success with response: {"signature"=>{"type"=>"SHA256",

    <this registration signed by Cisco cloud , and will renew after 1 year >

    Authentication

     13:48:25,614 1461205341 [RubyThread-1275: jar:file:/opt/CUSP/dsnrs/lib/cisco/ruby-gems-1.0.jar!/gems/rufus-scheduler-2.0.23/lib/rufus/sc/scheduler.rb:464] DEBUG root - Sending auth request msg with sudi:#<Sudi:0x531d9e>, hostname:se-10-66-75-64, signing_cert_sn:3, id_cert_sn:969365,product_instance_id:c2d100c0-c268-49ad-ad8c-9519d2b823c2, entitlements:[#<LicenseEntitlement:0x1de5cd2 @listener=#<Java::ComCiscoNeslaSmartLicense::EntitlementNotificationListenerImpl:0x16c1b44>, @entitlement_tag="regid.2014-08.com.cisco.CUSP-5,1.0_8f106f12-4d11-44b7-8f36-f7aeaee3dfaa", @requested_count=2, @vendor="8f106f12-4d11-44b7-8f36-f7aeaee3dfaa", @requested_date=#<Date: 49322-04-19 ((19735659j,0s,0n),+0s,-Infj)>, @entitlement_version="9.0", @display_name="ICV CUSP-5 calls per second", @description="ICV CUSP-5 calls per second", @enforce_mode=:out_of_compliance, @days_left=-17206>]

    13:48:28,516 1461208243 [RubyThread-6: file:/opt/CUSP/dsnrs/lib/cisco/ruby-gems-1.0.jar!/smart_agent.rb:161] DEBUG root - auth request received: start_date:1494337382539, compliance_status:OOC,expiry:7775673, retry_interval:43200

    FTP to Collect Logs from CUSP

    1. Create a username and assign privilege in CUSP CLI.

      Example:

      Username cisco create

      Username cisco password cisco

      Username cisco group pfs-privusers

    2. Use a browser and type FTP:<CUSP SERVER IP ADDRESS>.

    3. Navigate to CUSP/log/sml.log to access the logs.

    Related Information

    TAC Authored

    Contributed by Cisco Engineers

    • Donnie Yan
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products