Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ConfidentialityandProprietaryStatement
TheinformationcontainedinthisdocumentisthepropertyofSaskTel,andit isstrictlyconfidential.Therecipientofthisdocument,byitsretentionanduse, agreestotreattheinformationcontainedhereinasconfidentialtoSaskTel. Without SaskTels prior written permission, this information must not be copied, disclosed, or distributed in whole or in part. By receiving this information,thereceivingpartyisboundbytheseconditions.
TableofContents
Overview ................................................................................................. 1
CentrexIPArchitecture ....................................................................................2
PotentialVoIPKillingImpairments......................................................... 7 EthernetSwitchesandPrioritization......................................................... 9
M6350SoftPhone..........................................................................................10 NetworkConnectivityandSaskTelCentrex IPService ...................................11
Bandwidth ............................................................................................. 20 NetworkAssessment.............................................................................. 21 PostVoIPImplementation..................................................................... 23 SaskTelRecommendations .................................................................... 24 AppendixA:CommonLANDeploymentScenarios .............................. 25 AppendixB:SourceDocuments ............................................................ 31
VoIPReadiness RestrictedandConfidential
August2005
Overview
TargetAudience Thisdocumentisintendedforbusinessprofessionalsand/orITmanagerswhohavethe generalresponsibilityfortheplanning,design,management,andperformanceof networkswithintheenterprisedomain. Whilethisdocumentisnotexpresslytechnicalinnature,itassumesthereaderhasa thoroughunderstandingofconceptsrelatingto, butnotlimitedto, thefollowingareas: QualityofService(QoS,or Priority ClassofService) TheOSImodel Routers,switches,andfirewalls Wideareanetworks(WANs) Signaling SaskTelCentrexIP SaskTelCentrexIPisanetworkbasedVoIPapplicationbasedonNortelNetworks Succession switcharchitecture. Itconsistsofacentral officebasedservercomplex which providesapplicationandsignalingfunctionalitytocustomerpremisesbasedIPtelephone setsandPCbasedclientsoftware.MediaandsignalingpacketsaretransportedviaanIP network. ThepromiseorvalueofSaskTelCentrexIPServiceliesintwomajorareas:cost savings,andenhancedfunctionality.Comparedwithothertypesoftelephonyservices, includinglegacyCentrexserviceofferedoverthetraditionaltelephonenetwork,Centrex IPratesmaybe15to39% cheaperthanexistingCentrexrates.BecauseSaskTel CentrexIPisinherentlybasedonIP,ithasthecapabilitytodomore(servicemobility, newmultimediaapplications,greaterintegrationwithotherdesktopservices).Forthese reasons,andmore,SaskTelCentrexIPhasappealandthepotentialtodelivertremendous valuetoCustomers. SaskTelCentrexIP,asarealtimeVoIPapplication, placesmoreexactingdemandson thedatanetworkswhichtransporttheservice. SaskTelhasinvestedtosignificantly upgradeitsCentralOffice,transport,andaccessnetworks. SinceCentrexIPtraverses networkswhicharecontrolledbyCustomers,Customersmustbepreparedtoexamine, test,designandupgradetheirnetworksinorderforusersoftheservicetohaveapositive experience.
VoIPReadiness
1 RestrictedandConfidential
August2005
CentrexIPArchitecture
=CarrierPrivateLAN =CarrierPubliclyRoutableLAN
SS7
USP PVG
PSTN
Firewall
CarrierManagedNetwork
DHCP server
Firewall NAT/NAPT
Firewall NAT/NAPT
DHCP server
i2004/i2002
m6350
i2004/i2002
6
m6350
Source:SuccessionCS2000ServiceOverview,March2004,NortelNetworks.
VoIPReadiness
2 RestrictedandConfidential
March2006
Introduction
WhilemuchofthefollowingdocumentscontentisapplicabletoanyVoIPdeployment, thisdocumenthasbeenpreparedwithparticularfocustotheconsiderationsnecessary forthoseimplementingSaskTelsCentrexIP service,overanMPLSbasedwidearea networkwhichiscapableofcertainqualityofservice(QoS)functions. . IfyouareconsideringrunningVoiceoverIP(VoIP) onyourlocalareanetwork(LAN), chancesareyou'llneedtomakesomechangestoyournetwork regardlessofwhether youreplanningtouseahostedsolutionoracustomerownedsolution,.Keepinmind thatVoIPisanapplicationlikeanyother.Yournetworkdesignandcapacitycanmakeor breakthefunctionalityof VoIP.
150mseconeway delaymax
Callsare private
Few impairments
EventhoughtraditionalbusinesstelephoneservicesandcustomerownedTDMbased PBXsystemsarebeingreplacedwithVoIP,enduserswillstillhavethesameexpectation forvoicequalityandreliabilitythattheyhavealwayshadwiththepublicswitched telephonenetwork(PSTN). Theabovediagramdepictsusers expectationsforatelephonesystem.Usersexpectthe samevoicequality aswiththePSTNwithnodelaysorjitter,privacy,andan instantaneousdialtone.Theywantphoneservicethatwillworkeven whenthepoweris out. Traditionallyfordatanetworks, timingislessimportantthanaccuracy,butvoiceisa realtimeapplicationwithverystringentrequirements.The typicaldatanetworkisnot designedtomeettheserequirements.
VoIPReadiness
3 RestrictedandConfidential
March2006
NetworkBehaviors
Tomeetendusers expectationsofvoicequalityandreliability,youshouldbefamiliar with thethreeleadingfactorswhichleadtoimpairmentofquality ofVoIP.Network behaviorssuchasdelay,jitter,andpacketlosshaverelativelylittleimpactonadata network,butcanaffectthevoiceapplicationrunningoveryourdatanetworktothepoint creatinganunpleasantexperienceforyouremployeesandcustomers,oratworst,making theVoIPserviceunusable.
Jitter
Packetvoicesystemsacceptanalogvoicesignalsfromtelephonehandsets,which digitize andcompressthesignal,placingtheresultingseriesof bitsintoashortpacket.The packetisthen sentoveranIPnetwork.Whenitreachestheotherend, thepacketis decodedandthesignalisreconstructed. Packetscantakedifferentroutesacrossyour network,othersmaygetdelayed,andtheintervaltimebetweenthepacketscanvary. Thisiswhatjitteris:thevariationofdelayinreceivedpackets.
Steadystreamofpackets
Packetstreamaftertravelingthroughthenetwork
Atthesendingside,voicepacketsaresentinacontinuousstream andtheyarespaced evenlyapart.However, thepacketbypacketdelayinflictedbythenetworkmaybe differentforeachpacket,causingirregularspacingordelaybetweeneachpacketwhen theyarriveatthereceivingend.Thereceivingendrequiresfixedspacingbetweenthe packetsbeforethepacketscanbeconvertedbacktovoice.Tofixthisspacingissue,the receivingIPdevicewillhaveajitterbufferinsideitthatwilldeliberatelydelay incoming packetstoallowforacontinuousfixedstream.
Delay
Delayeffectshowmuchtimeavoicepacketspendsinthenetwork.Delaycanbethought ofastheintervaloftimebetweenthemomentasoundismadebythespeakingpersonto themomentthatsoundisheardbythenonspeakingperson.Delayisusuallyexpressedin th milliseconds(ms:onemillisecondis1/1000 ofasecond). Thereare typical sourcesof delay: Thenetworkitself
VoIPReadiness 4 RestrictedandConfidential March2006
o Whenavoicepackettransversesthenetwork, itmustbereceivedbyeach networkingdeviceandadecisionmustbemadebythatdeviceonwhereto sendit. Codec o Codecsarealgorithmsthatdigitizeandcompressthevoicesignal. o CodecsarebuiltintotheIPsets,softclients,andendpoints. o Thetimerequiredtoprocessandcompressasignalisbydefinitiondelay. Eachcodechasacertain amountof builtindelay. Codecswhichcompressa givensignaltoasmalleroverallpacketsize(highcompression)maytake moretimeorcausemoredelaythananothercodecwhichdoesnotcompress thesignalashighly. Jitterbufferdepth o Thisbufferholdsincomingpacketsforaspecificamountoftimebefore forwardingthemontothedecodertobeconvertedbacktovoice(thisis helpfulinreducingjitterbyeliminatingunevenspacesbetweenpackets). o Thisbufferingeffectintroducesadditionaldelay. Agoodbaselinefor onewaydelayforacceptabletwowaycommunicationis150ms. Delaysabove400msresultinpoorquality. Thefollowinggraphshowsthelikelihoodof usersbeingsatisfiedbasedonagivenamountofdelay.Asyoucansee,asjitterincreases, userssatisfactiondecreases.
VoIPReadiness
5 RestrictedandConfidential
March2006
Source:TIA/EIATelecommunicationsServicesBulletin116VoiceQualityRecommendationsfor IPTelephony
PacketLoss
Packetlossisacommon occurrenceonpacketnetworks. Packetlosscanbetheresultof manycauses: Overloadedlinks ExcessivecollisionsontheLAN Duplexmismatches Audiocodecstakeintoaccountthepossibilityofpacketloss.Codecsmaychoosetouse thepacketreceivedjustbeforethelostpacket toeliminateanyclicksorinterruptionsin theaudiostream.Theymayalsouseamoresophisticatedmethodtofillinthegaps.
NetworkUtilization
Network loadisanotherimportantnetwork factor thatcouldaffectvoicequality.When thenetworkloadishigh,especiallyinEthernetnetworks, framelossandjitter typically increase(aframeisabundleofpackets).Higherloadsleadtomorecollisions.Collided framesareeventuallyresentoverthenetwork,resultinginexcessiveframelossand jitter. Ifnetworkutilizationishigh,considerpacketprioritizationmethods(oftenreferredtoas QualityofServiceorQoS). Packetprioritizationallowstimesensitivepacketssuchas voicetobeprioritizedoverdatapackets.Aprioritizationschemesignificantlyimproves voicequality.
VoIPReadiness
6 RestrictedandConfidential
March2006
PotentialVoIPKillingImpairments
Voiceisarealtimeapplicationwithverystringentrequirements.Recentstudiessuggest that over80%ofnetworkshaveVoIPkillingimpairmentsevenwhennetworkutilization isatalowlevel(ie.impairmentsinnetworkscanexistevenwhenthereislotsof bandwidthavailable)
PotentialVoIPKillingImpairments
1. Duplex Mismatches Description:OneendofanEthernetlinkhasadifferentspeedand/ormode fromtheotherendoftheEthernetlink.Forexample,oneendofthelinkcould beconfiguredashalfduplexwhiletheotherendofthesamelinkwas configuredasfullduplex. IPphonesusetheautonegotiationmode,whiletheportsofsupportingLAN switchesmayuseforcedconfigurations(eitherfullorhalfduplex). Duplexmismatcheswillcausedirectpacketloss. RecommendedSolution:Configurethedevicesonbothendstotheauto negotiationmode. 2. Half DuplexLinks Description:A connectionwhereinformationflowsinbothdirections,but only inonedirectionatatime.Thistypeofconnectioniscomparabletoa conversationoverawalkietalkieorintercomsystem. Halfduplexlinkswillcausejitterproblemsunderheavyloads,andthisisnot appropriateforfullduplexstreamingapplicationslikeVoIP. SaskTelcontinuestooffera10MbpshalfduplexoptionwithitsLANspan andLANspanIPfiberbasedservices.TheDSLtechnologyusedtoprovide bothLANspanandLANspanIPservicesovercoppercableareequippedwith a10MbpshalfduplexEthernetinterface. While802.3LANswitchessupportfullduplexoperation,manywireless 802.3LANsdonotallowmorethanonedevicetotalkatatimeandtherefore donotsupportfull duplexoperation. IfVoIPmediapathsaresubjectedtoverylowutilization,endtoendfull duplexlinkageandQoSmaynotbenecessary.AsingleVoIPcallona dedicatedhighspeedinternetaccesswithasmallquantityofdatatraffic shouldnotexperiencesignificantvoicecallqualityproblems.Troublearises whenapplicationtrafficfrommultipleusersistransportedonhalfduplex linksinconjunctionwithmanyactivephonecalls. RecommendedSolution:Migratetoafullduplex linkenvironment.
VoIPReadiness
7 RestrictedandConfidential
March2006
3. Hubs Description:Hubsarehalfduplexdevices,andVoIPdemandsfullduplex linkoperation. HubbasedLANsegmentscannotsupportfullduplexoperation. Halfduplexlinkshavemuchlowertrafficcarryingcapacitythanfullduplex links(30%vs.70%). Underheavytraffic,theycanresultinpacketlossand packetdelayvariationduetoincreasedcollisions RecommendedSolution:Hubsmustbereplacedbyswitches. 4. Category 3Cable Description:Category3cabledoesntsupport100Mbps/fullduplexorVoIP. RecommendedSolution:HaveCategory 5cable(orhigher).
VoIPReadiness
8 RestrictedandConfidential
March2006
EthernetSwitchesandPrioritization
Aspreviouslymentioned,packetprioritizationallowstimesensitivepacketssuchas voicetobeprioritizedoverdatapackets.Thiswillhelptominimizeendtoenddelay throughthenetwork,minimizethevariabilityinendtoenddelay,andpreventpacket loss.Thiswillsignificantlyhelpimprovevoicequality. Throughextensiveexperience,SaskTel hasdeterminedthatnetworkswhicharecapable of priorization arenecessary.Itisatruismthatnetworktrafficgrowsovertime.Non congestednetworkseventuallybecomecongested. Therefore,inplanninganddesigning appropriateLANandWANnetworks,priorizationmustbetakenintoaccount. Ethernetswitches,nothubs,shouldbeused,andtheyshouldmeetthefollowing requirements: ShouldhaveadequateEthernetportdensity,throughput,andreliability. Mustsupportthenecessarypacketprioritization IEEE802.1Q/802.1p,and/or DiffservCodePoint(DSCP) to802.1p(layer2)mapping. ShouldsupportstandardsbasedPoweroverEthernet,andbesupportedby UninterruptedPowerSupply(UPSseethePowersectionofthisdocument) The802.1pprioritycan onlybeusedwhentheterminal (IPphone)isamemberof a virtualLAN(VLAN)and802.1Qheadersarebeingaddedtoallpacketsleavingthe terminal.TheNortel i200xterminalusesanaudioprofiletoconfigurelayer3,andlayer2 markingfortherealtimeprotocol(RTP)mediapath totheRTPmediaportalinthe central office. TheNortel i200x terminal doesnotmarkfor theUNIStim callsignalingpacketsdestined tothecallmanagerinthecentral office.SignalingcanbemarkedbytheLANswitch(if switchcan),butwillalwaysbemarkedbytheCErouter. Figure11belowshowsanexampleof theprioritizationmethodrequiredforatypical voicemediacall.
VoIPReadiness
9 RestrictedandConfidential
March2006
Source:NortelNTP2975551100.2CentrexIPClientManager(CICM)Series7.0Engineering Guide,Part2:NetworkDesign
Ethernetswitchesmustsupportmultipleoutputqueuestoenablevoicetraffictobe prioritizedoverdatatraffic.Queuesarejuststorageareasforthepacketsastheyare receivedbytheswitch.Eachqueuehasapriority.Incomingpacketsareassignedtoa particularqueuebasedontheprioritysetbytheIPphone.Theswitchhasmechanisms whichenableserviceofahighpriorityqueueswhileminimizingthechanceofstarving servicetolowerpriorityqueues. Customersshouldpayespeciallycloseattentioniftheyintendtouseswitchfeaturesin theirnetworkgenerallyreferredtoasautoQoS.Thesekindsoffeatures,while intendedtomaketheapplicationofsomepriorizationeasiertoimplement,oftendonot meettheneedsofarealtimeapplicationsuchasvoice. PleaserefertoAppendixAforvariousLANprioritizationdeploymentscenarios.
M6350SoftPhone
Them6350softwareforPCsdoesntsupport802.1porDSCPmarking.Theability for 802.1pandDSCPmarkingisreliantonthecapabilitiesofthespecificPCnetwork interfacecard(NIC). Ingeneral,itshouldbeconsideredthatthem6350softphoneisto beusedinabesteffortenvironment. MinimumPCrequirementsforthem6350softphone: PentiumII233MHzprocessor
VoIPReadiness 10 RestrictedandConfidential March2006
32MbRAM 10Mb diskspace Goodquality fullduplexSoundBlastercompatiblesoundcard Goodqualityheadsetorhandset LANormodemconnection MicrosoftWindows95/98/NT/2000/XP (notethattheseminimumrequirementscanchangefromtimetotime.Pleaserefer to www.sasktel.com/centrexipforthemostuptodaterequirements).
NetworkConnectivityandSaskTelCentrexIPService
Currently CentrexIPcan only beaccessedviaSaskTelsLANspanIPdatanetwork service.TheLANspanIPdataservicehasQoScapabilities,robustness,and24/7support. SaskTelisalsoinvestigatingotherdataservicesthatwillbeallowtoaccesstheCentrex IPenvironment. Theoverallperformanceof theCentrexIPserviceisdeterminedinlarge partbythequalityofthenetworkcarryingtheservice. Thisdocumentfocusesondescribingtheuseof SaskTelsLANspan IPservice (CommunityNet)inconjunctionwithCentrexIP. AlltrafficonaLANspanIPnetwork connectionistransportedthroughthenetworkatIP precedencelevel3andtheSaskTelprovidedcustomeredgeroutermarksthetraffic enteringtheWANtoIPprecedencelevel3.ThisisthestandardlevelthatLANspanIP serviceprovides. LANspanIPservicehasanoptionalPriorityClassofServicefeature.Thisoptionallows traffictobedeliveredatahigherprioritythroughtheLANspanIPcorenetworkthanthe standardIPprecedencelevel3.PriorityClassofServiceoptionmaybepurchasedat eitherIPprecedencelevel4orIPprecedencelevel5.IfIPprecedencelevel5is purchased,level4isincluded. CentrexIPtrafficisroutedovertheLANspanIP WANbetweenSaskTel'scentral office CentrexIPserviceandthecustomer'senterpriseLANwheretheCentrexIPphonesare located.CentrexIPtrafficconsistsof signaling,phonefirmware,andconfigurationdata, inadditiontotwowaydigitizedvoicemediastreams. CentrexIP(i200x)phonescontainanaudioprofilewheretheIPTOSprecedencelevel and802.1ppriorityaredefinedforsignalingandmediatraffic(notethatsomeof the attributesoftheprofileareembeddedintheserviceprovidedbySaskTel,andarenot adjustablebyendusers).Thephonemarkstheoutgoingtrafficasdirectedbytheprofile. AsthevoicetrafficenterstheSaskTelcustomeredge(CE)router,thepriority settingsare maintained.AnyotherdatatrafficnotmarkedwithIPPrecedencelevel4or5willhave itsprecedencelevelmarkedwith3.
VoIPReadiness
11 RestrictedandConfidential
March2006
WhentheLANspanIPcustomeredge(CE) routerreceivesprioritizedtrafficfromthe WAN,theprecedencewillbemaintainedtowardsthecustomer'senterpriseLANthrough theuseof802.1QVLANand802.1pQoSorpassthroughoflayer3TOSsettings.The implementationtypewillbebasedonthecapabilitiesofthecustomerowneddevice whichlinkstotheEthernetinterfaceoftheLANspanIPCErouter. Thelinkagebetween theCEinterfaceandthecustomer'senterpriseLANisoftencreatedbyacustomerowned firewall/NATdeviceor trunking(802.1QVLANs),priorityschedulerandhardware transmitqueuesterminatingonaportof acustomerownedlayer2switch.Eachscenario canaddresstheneedtoensurethatproperprioritizationismaintainedtothecustomer's LAN. AlldatadevicesontheenterpriseLANtypicallyresideondataVLANsinthetraditional switchedscenario.ItisdesirabletoprovisionaseparatevoiceVLANwhenyoucombine thevoicenetworkintothedatanetwork.InCiscosoftwarecommandlineinterface(CLI) configurationterms,thenewvoiceVLANisreferredtoastheauxiliaryVLAN.The nativeVLAN(defaultVLAN)oftheswitchwouldtypicallysupportthenetworksdata devices. TheIPPhone2002and2004threeportswitchenablesthecapabilitytosharethephone andPCconnectiontotheswitch.ThisconfigurationrequiresonlyoneEthernetcable betweenthewiringclosetandtheIPPhone/PClocation. Whensharingasinglephysicalswitchport,itisrecommendedthattheportbeconfigured asamultiVLANaccessport.WhentheIPphonebootsup,itsconfigurationwillcauseit toassociateitselfwiththevoiceVLAN(orauxiliary/CiscoVLAN)whilethePCwill resideinthenativeVLAN.ThedataVLANtrafficwillbeuntagged,andthevoice VLANwillbeuntagged. Theinternalphoneswitchdoesnotinterpretthe802.1Qheader,butrather,allowsthe packetstopassthroughunmodified.Priorityisachievedonaperportbasis.Thephone porttraffichashighpriorityovertheEthernetporttowhichthePCisconnected. Voicetraffichastheprioritybitsofallframessetto6(octal)bydefault.Datamessages havetheprioritybitsofallframessetto0.NotethattheIPphonewilladdthedata VLANIDtountaggedPCtraffic.However,ifthetrafficarrivingonthePCportis alreadytagged,theframewillpassthroughunchanged. AnIPphonecanreceivebroadcastframesfromaPCsdataVLAN.Anydatanetwork broadcaststormpacketsfromthenetworkareseenbytheIPPhone.Thistypeoftraffic doesnotadverselyaffecttheIPPhone. BestpracticestatesthevoiceVLANshouldbeassociatedwithauniqueIPsubnetin ordertoachieveasuccessfulimplementation.Inotherwords,alwayskeepvoiceanddata onuniquesubnets(VLANs).Thiswillhelpprovideaddedsecurityandhelpprevent broadcastsfromthedatanetworkimpactingtherealtimevoiceapplication.
VoIPReadiness
12 RestrictedandConfidential
March2006
Note:AsCentrexIPdeploymentisestablished,collaborationwithSaskTelis requiredinordertoensureaccurateconfigurationsbetweenSaskTels(LANspan IP)customeredgedeviceandthe customerslocalareanetwork (e.g.VLANIDs). Thissolutionallowsthescalabilityofthenetworkfromanaddressingperspective.IP subnetsoftenhaveahighpercentageoftheirIPaddressesallocated.AseparateVLAN (IPsubnet)carryingthevoicetrafficallowstheintroductionofalargenumberofnew phonesinthenetworkwithoutextensivemodificationstotheexistingIPaddressing scheme.
VoIPReadiness
13 RestrictedandConfidential
March2006
Cabling
Atthepresenttime,somecustomernetworksstillhaveCategory 3cabling.Category 3 cablingdoesntsupportVoIP. ItisrecommendedtoonlyuseCategory 5cabling(or better). SaskTelisaBeldenCDTCertifiedSystemVendor(CSV). SaskTelcancertifywiring installationsandprovidea25yearperformancewarranty.ContactyourSaskTelSales Representativefordetails.
VoIPReadiness
14 RestrictedandConfidential
March2006
Power
Power considerationsareveryimportantintheVoIPworld.Animportantcharacteristic ofIPtelephonyingeneralcomparedtotheregulartelephonenetworkisthatifpoweris losttosomeportionofanIPnetwork,suchastheIPsetorendpoint,oratanyotherLAN switch,orpointinthenetwork,ALLserviceislost.Mosttraditional telephonenetwork setscanstillfunctioninapoweroutagesincelinevoltageforbasicoperationofthesetis deliveredfromtheCentralOffice. Thisrequiresthoroughconsideration.Consideranemergencysituationwhereemployees mayneedtocall911.Ifthepowerisout,andnoUPSsupportisinplace,nocallscan bemadewiththeIPphone. IfyouplugyourIPphoneintotheACwall socket, youwillneedtoensurethatyourAC wallsocketsareservicedfrom an uninterruptedpowersupply (UPS)oryourbusiness couldexperiencephoneoutagesduetopowerfailures. Optionally,powercanbesuppliedtotheIPphoneby aproperlyequippedEthernet switch.Thesetypesof Ethernetswitcheswill requirepowerfromaUPS toprevent downtimeintheeventofapoweroutage. Powermustbeexplicitlyconsideredinnetworkplanninganddesign.
VoIPReadiness
15 RestrictedandConfidential
March2006
Security
Theinformationprovidedhereishighlevelintermsofdetail.SaskTelcanprovide comprehensivesecurityconsultingservices.ContactyourSaskTelsalesrepresentative formoreinformation. CentrexIPtrafficwillbecarriedonthesameinfrastructureasyourregulardata.Avoice applicationonthedatanetworkissusceptibletoallthesamevirusesandattackstargeting theotherapplications,suchasdenialofservice(DoS)attacksandviruses.Measures shouldbetakentoensurethatrealtimeapplicationsaresecureandthatbusinessassets areprotectedagainstmaliciousintent. SaskTelsoverallCentrexIPservice,includingtheCentralOffice,IPcorenetwork, transportnetwork,andaccessnetworkhaveallbeenengineeredtomaximizesecurity whileofferingneededperformanceandaccess. Onthecustomersnetwork, oneshouldconsider: Basicnetworksegmentation (VLANs) Subnets Theuseofaperimeterfirewalltoprovideportfilteringoftrafficflow. Theenterprisefirewalldeviceshould: Be,attheminimum,alayer3device Havehighreliabilityandadequatecapacity(packetforwardingrate,throughput, andconcurrentsessions). Beastatefulfirewall,capableofL3/L4packetfilteringandinspectionbasedon definedfirewallrules. SupportadequateWANinterfaces,dependingupontheinterfacerequirementto connecttotheLANspanIPCEdevice Thisdevicemust: supportDiffServ(DSCP)marking supportDSCPto802.1pmapping.
VoIPReadiness
16 RestrictedandConfidential
March2006
FirewallConfiguration
TosupportCentrexIPdeployment,enterprisefirewallsmustbeproperlyconfigured, followingtherecommendationsbelow: MinimallyrestrictedUDPpolicyshouldbeactivatedonfirewallstoperform dynamicstatefulpacketfiltering,allowingaUDPpacketviapredefinedUDPport intoenterprisenetwork. Asmallsetoffirewallpinholes(i.e.UDPports)andfirewallrules(seeTable5 &6)mustbedefinedandconfiguredontheenterprisefirewall toallowflowof packetsbetweenCentrexIPclients(IPphonei200xandsoftclientm6350)and publicinterfacesoftheCallManger(CICM) throughthefirewalls. UNIStimoverUDPforcontrolandsignalingbetweenCentrexIP clients(i200x andm6350)andthecallmanager(CICM). RTPoverUDPforCentrexIPvoicemediastreamsbetweenCentrex IPclients (i200xandm6350)andanothermediaendpoint(e.g.RTP MediaPortal). RTCP(RTPControlProtocol)forperiodicnetworkperformancemonitoring. UNIStimFTPforclient(i200xandm6350)firmwaredownload. Theconfigurablefirewallpinholetimervalueisrecommendedtobethree minutes. Althoughtheuseofafirewallprovidessecurityfortheprotected enterprise,veryfew firewallsareapplicationaware.Mostfirewallshavetoopenupspecificportscalled pinholesforpacketsofallowedapplicationtoflowthrough. BecauseNATdeviceshidethedetailsoftheIPaddressingstructureoftheprivate network,asasideeffect,theyalsoprovidesecurity.Theyonlyallowpacketstotraverse theNATtowardstheenterprisewhenabindhasalready been established.BecauseNAT isnotawareoftheapplicationsnature,itusesatimertodeterminewhentocloseabind orapinhole. Eachi200x IPtelephoneset,orm6350softclientisconfiguredwiththeIPaddressofits hostingCentrexIPgateway.WhentheIPphonepowerson,itsendsResume ConnectiontotheCentrexIPgateway.ApaththroughtheNATdeviceissetupfor phonesignaling.Oncetheinitialconnectionhasbeenmade,theIPphonestartsthe watchdogtimer,withadefaultvalueof twominutes. Tokeepthesignalingpathopen, everyminute,theCentrexIPgatewaysendsasignalingmessagetoresetthewatchdog timerontheIPphoneandtheclientrespondswithanacknowledgement.Asmentioned, theconfigurableNATbindingtimervalueisrecommendedtobethreeminutes.Inthis way,abindorconnectionisestablishedfromwithinthecustomernetwork,witha supportingmethodofmaintainingthattrustedconnection. PerformancecanvarybetweendifferentNATandFirewalldevices.Monitoringofthe CPUandmemoryusageisrequiredtoavertexcessivedelays.
Source:NortelNTP2975551100.2CentrexIPClientManager(CICM)Series7.0Engineering Guide,Part2:NetworkDesign VoIPReadiness 17 RestrictedandConfidential March2006
ImportantFirewallRecommendations: IfyourEnterprisefirewallisperformingaNATfunctionforalltraffic,itisrecommended thattheEnterprisenetworkbereaddressedastoeliminatetheNATfunctionperformed bytheEnterprisefirewall.IfforwhateverreasontheNATfunctionmustbemaintained bytheEnterprisefirewallthenanoNATgroup mustbeconfiguredinthefirewallto ensurethevoiceconnectivity oftheCentrexIPservice.Pleasenote,bymaintaininga noNATgroupinyourEnterprisefirewallalloutsidenetworksthatarealsousingthe CentrexIPserviceandrequirevoiceconnectivitytoyourEnterprisefirewallmustbe includedinyournoNATgroup. ThesoftclientwillnotworkintheNATenvironmentbecause..
VoIPReadiness
18 RestrictedandConfidential
March2006
Source:NortelNTP2975551100.2CentrexIPClientManager(CICM)Series7.0Engineering Guide,Part2:NetworkDesign
VoIPReadiness
19 RestrictedandConfidential
March2006
Bandwidth
Thebandwidthrequiredpercall dependsonthecodecusedandthepacketizationrate. Thecodecdeterminesthenumberofvoicesamplespersecond,whilethepacketization ratedetermineshowmanymillisecondsofvoicedataissentineachpacket. Otherconsiderationswhich determinetheamountofbandwidthrequiredpercallinclude thevoicesample(voicepayloadsize),IP/UDP/RTPheaders,andthedatalinkprotocol header,e.g., Ethernet. Asofthedateofthisdocument,SaskTelCentrexIPutilizesa G711/20mscodec,whicheffectivelyconsumes100kbofbandwidthperactivesession (64kbbitrateplusoverhead). Caremustbetakenwhenexaminingbandwidthrequirements,especiallyininstances whereWANlinksareasymmetrical (ie.therearedifferingbandwidthsallocatedfor uploadversusdownloadoftrafficfromthenetwork). Ifyouhavea640Kbps/4MbpsLANspanIPcircuit,youmayassumethatyoucanget approximatelyahalfdozencallsoverthislinkwithnoproblem.Thismaynotbethe case.Whileyoudohavea4Mbpspipefrom thewideareanetworkservice intoyour officeenterprisenetwork,youonlyhave640Kbpsgoingbackout(minusADSL overhead).Thisasymmetryisfineforafewdatatrafficusersastheyprobablypullmost oftheirdatafromheadofficeandtheInternet,butvoicetrafficisverymuchatwoway application.Assuch,forbandwidthcalculationsinthisexample,youllneedtowork withthe640Kbpsfigure.Withthisrate,youcouldhaveapproximately sixsimultaneous callsusingtheG.711codecat20mspacketizationintervals,assumingnootherIPtraffic isrunningonthesamelink.Thiscalculationmayalsobeimpactedbyprioritization schemesinplace. ForSaskTelnetworkaccessservicessuchasLANSpanIPor CommunityNet,whicharecapableofpriorizingtrafficasitegressesontotheWAN,a maximumof70%oftrafficcanbetaggedwiththehighestpriority. Intheprevious example,the640kbpsavailablewouldbereducedto448kbpsor70%of640kbps. Anotherissuetokeepinmindistheimpactofcongestionon otherdataornonrealtime applications. Sincevoicetrafficreceiveshighestpriority,attimesofhighvoicetraffic, therewillbelessremainingbandwidthforotherapplicationsusingthelink. Endusers wouldperceivethisasaslowdownofotherdataapplications.Caremustbetakento designadequatebandwidthforvoicespecifically,andforall applicationdatatotraverse thenetwork.
VoIPReadiness
20 RestrictedandConfidential
March2006
NetworkAssessment
Statisticsindicatethat85%ofdatanetworksarenotreadyforVoIP.A 50/50chanceof failureawaitsthosewhoproceedwithoutanetworkassessment. Therefore,SaskTelhasa NetworkAssessmentaconditionofservicetoreceiveCentrexIPservice.Testingthe infrastructurewithsimulatedVoIPcallscanhelpensureproperperformance. Anetworkassessmentcan: HelpminimizetheriskofVoIPfailureduringdeployment Evaluate thedatanetworksabilitytosupportVoIP Identifybottlenecksinthenetwork MeasurenetworkstatisticsthatimpactVoIP(e.g., jitter, delay,lostpackets) Identify any VoIPkillingimpairmentsinthenetwork Evaluatecallquality Provideabenchmarkofthenetworkscurrentstate WhenanetworkassessmentisperformedonaLAN, themostcommonlyusedmetricto evaluatecallquality istheMeanOpinionScore(MOS):
MOS
5 4.3 4.0 3.6
2.6
Notrecommended
Figure1:LevelofusersatisfactionasfunctionofMOS
Source:TIA/EIATelecommunicationsServicesBulletin116VoiceQualityRecommendationsfor IPTelephony
Thefollowingcallqualityratingchartdisplaysminimumrequirements:
Measurement MOS Delay(ms) Jitter(%) Good Atleast4.03 Lessthan150 Lessthan0.50 Acceptable Atleast3.60 Lessthan400 Lessthan1.00 Poor Anylowervalue Anyhighervalue Anyhighervalue
VoIPReadiness
21 RestrictedandConfidential
March2006
LostData(%)
Lessthan0.50
Lessthan1.00
Anyhighervalue
VoIPReadiness
22 RestrictedandConfidential
March2006
PostVoIPImplementation
OnceyouhaveimplementedVoIPinyournetwork, themanagementof networkchanges becomesvery important. Beforeyoumakeachangetoyournetwork,likeaddinganew featureorchangingaconfiguration,youneedtounderstanditsimpactonyourVoIP network. Industrybestpracticesshouldalwaysbefollowed.ITIL isasetofbestpractices andstandardmethodologiesforcoreIToperationalprocessessuchaschange,release, andconfigurationmanagement. Changemanagementisanimportantconsideration.IfSaskTelprovidespostinstallation andtroubleshootingservicesfortroubleswhicharedeterminedtohaverootcauseinthe customernetworkenvironment,chargesmaybeapplicable. Ifpossible,informSaskTelofanymajorchangewithinyourenvironment.
VoIPReadiness
23 RestrictedandConfidential
March2006
SaskTelRecommendations
YoumusthaveaLANspanIPaccess. Ensurethereissufficientbandwidth tocarryCentrexIP,data,andotherplanned applicationtraffic. Beawarethatwhennetworkloadishigh,jitterandpacketlosstypicallyincrease. Implementprioritizationmethodstoensurevoicepacketshavepriorityoverdata packets. Makesuretheprioritizationmethodsareendtoend. Ensureyournetworkisfreeofimpairmentsthatmayimpactvoicequality.
VoIPReadiness
24 RestrictedandConfidential
March2006
AppendixA:CommonLANDeploymentScenarios
ThefollowingarecommonEnterpriseLANdeploymentscenariosinproductionnetworks today.Theseareprovidedassamplesofwhatshouldbedonetoprovideguaranteesto thequalityofVoIPtraffic. Designanddeploymentdecisionsmadewhenworkingwithanexistinginfrastructure maywellbedifferentthantheonesmadeifworkinginagreenfieldenvironment. TheremaybesomedifficultchallengeswhentryingtomeetexpectedQoStargets.In eachofthecasesillustratedbelow,thevoicetrafficontheenterpriseLANisprioritized overdatatrafficusingeither802.1porDSCP(orboth). ThesimpleLANtopologyisthemostcommonlydeployedLANmodelseeninthe enterprisetoday.TheLANinfrastructurewasdesignedandinstalledwithnoeffortmade toseparateusertrafficbasedonapplication. Many differentsubnetsandVLANscouldexistwithintheLANtoday,butthetrafficis mixed.Typically,QoShasnotpreviouslybeendeployed QoSisnecessarywhen implementingCentrexIP.
SimpleLANConfigurations
Figure1SimpleLANwith802.1Q/psupport
trafficseparationisaccomplished.Thismethodeliminatestheneedforadditional EthernetportsfortheconnectionofIPphonestotheLANinfrastructure. InLANtopologiesmodeledontheuseofclosetswitchesaggregatingtocentral distributionswitchingand/orcorerouting,itiscriticalthatanunderstandingoftraffic levelsonthetrunkslinkingeachlevelbemaintained.Technologiessuchasmultilink trunkingcanbedeployedwhichpermitloadbalancingof thetrafficbetweenthedevices, therebyensuringoptimalavailablebandwidth. TheIPaddressingforthei200xIPphonesareunderthecontroloftheenterprise,andthe sizeoftheIPsubnetisaconsiderationnottobeforgotten. EachIPphoneisanotherIP addressablehostonasubnet,andtheymustbeplannedappropriatelytoaccommodatethe additionaldevices. NotethatiftheaddressingisprovidedtotheIPphonesthroughDHCPandtheDHCP serverislocatedonadifferentsubnet,aroutermustbeconfiguredtosupportDHCP relay.ItisadvisabletoassigntheVoIPsubnettoacontiguousblockwiththeexistingIP addressingusedwithintheenterprise. Thisexampleutilizes802.1Qtaggedconnectionsbetweentheenterpriseswitchandthe i200xLANinterfaces.ThisconfigurationresultsinseparatelogicalIPsubnets(voiceand data)whichallowsforcontroloftrafficdistribution.Thelayer2priorityassignedtothe VoIPframesattheIPphoneiscarriedforwardthroughtheLAN,ensuringtheframesare treatedwiththeproperpriority. Thisconnectivitymodelusesan802.1Qtaggedconnectionbetweentheenterpriseswitch andtheLANspanIPCErouterinterface.ThisconfigurationresultsinseparatelogicalIP subnets(voiceanddata)appearingonsubinterfacesoftheCErouter,allowingfor controloftrafficdistribution.Thisimplementationrequiresthesupportfor802.1Qonthe CErouter(an optionalQoSfeature)andtheenterpriseswitch.Thelayer2priority assignedtotheVoIPframesiscarriedforwardthroughtheLAN,ensuringtheframesare treatedwiththeproperpriority.
LANQoSRules
GeneralrulesthatapplytothesimpleLANsolution: LANspanIPCErouter mustbeprovisionedwith theoptionalQoSfeaturewith 802.1QconfiguredontheLANinterface. o Thisisnecessarywhentheassociatedenterprisedevicedoesntsupport Layer3DiffServ LANspanIPCErouter mustbeprovisionedwith802.1pto/from DSCPmapping o ThisisnecessaryifvoicetrafficisprioritizedontheLANusing802.1p o TheCEroutermapstheappropriateDSCPvaluesto802.1pforVoIP trafficfromtheWANenteringtheVoiceVLAN LANspanIPCErouter mustsupportDSCP o TheWANusesDSCPtoprioritizetheVoIPtraffic
VoIPReadiness 26 RestrictedandConfidential March2006
Enterpriseinfrastructuremustbeswitchbased o ThisisalocalLANperformancerequirement. EnterpriseLayer2switchingmustdo802.1pmarking o Theabilitytomarkandthenprovideprioritytovoicetrafficwithinthe infrastructure EnterpriseLayer2switchingshouldhavemultiplehardwarequeues o DeviceslimitedbytwoqueuestypicallyhavelimitedCPUandprocessing powerandarenotadequateforpolicybasednetworks. o BeinglimitedtotwoqueuesresultsinmultipleDiffServvaluesbeing mappedtothesamequeueandthebehaviorappliedtothequeueisthe sameforallpackets. In Figure2below,theuserpopulationisconnectedthroughswitchestotheenterprise firewall/NATdevicewhichthenconnectstotheLANSpanIPorCommunityNetVPNvia theLANspanIPCErouter.TheEthernetsegmentbetweenthefirewallandthe demarcationrouterinterfaceistypicallyasmallsubnet.TheIPaddressingontheFirewall publicinterfaceconnectingtotheLANspanIPCErouterisprovidedtotheEnterpriseby SaskTel. AddingCentrexIPservicecapabilitiesrequiresthataconnectionbeprovisionedfromthe enterpriseLANtotheSaskTelservicehostedintheCentralOffice.Asatrustedbusiness partner,SaskTelensurestheconnectionto thehostedserviceissecure. Forthepurposeofillustration,Figure2assumesthattheEnterpriseFirewall/NATdevice willimposelimitationsontheabilitytodeliverendtoendQoS.Becausethedevicedoes notsupport802.1Q/p,nor isitabletoactuponlayer3DiffServ,theenterprise firewall/NATmustmaintainthelayer3DSCPsettingsandforwardthemintactbetween theprotectedenterpriseandtheLANspanIPCErouter. Becauseofthelimitationsofthefirewall/NATdeviceinthisexample,theenterprisewill requiretheuseoftwointernalfirewallinterfacesonededicatedtoVoIP trafficandthe secondinterfaceto transportthedatatraffic.Switchportslinkingthefirewalltothe protectednetworkareeachconfiguredtobeamemberofaportbasedVLANtype. Thisconnectivitymodelusesan802.1Qtaggedconnectionbetweentheenterpriseswitch andthei200xLANinterface.ThisconfigurationresultsinseparatelogicalIPsubnets (voiceanddata)whichallowsforcontroloftrafficdistribution.Thelayer2priority assignedtotheVoIPframesattheIPphoneiscarriedforwardthroughtheLAN,ensuring theframesaretreatedwiththeproperpriority.
VoIPReadiness
27 RestrictedandConfidential
March2006
Figure2:SubnetbasedLANwith802.1Q/psupportandfirewall/NAT LANQoSRules
GeneralrulesthatapplytothesubnetbasedLANsolution(Figure2): LANspanIPCErouter mustbeprovisionedwithoptionalQoSfeature. o Thisisnecessarytoallowtheenterprisefirewall/NATdeviceto transparentlypassVoIPprecedenceontoenterprisedevicessupporting DSCPto802.1pmapping.DSCPmustbeappliedbeforethefirewall, sincefewfirewallssupport802.1p LANspanIPCErouter mustsupportDSCP o TheWANusesDSCPtoprioritizetheVoIPtraffic Enterprisefirewall/NATdevicemaysupport802.1Q o FirewallandNAT/NAPTdeviceareoftenthesamephysicalplatformand may support802.1Q o ThisisnecessarytoprovideendtoendqualityofserviceinaVLAN model Enterprisefirewall/NATdevicemustallowpinholes o TherequiredpinholesforVoIPtrafficmustbedefinedaspartofthe firewallrules o PinholescanbeopenedonalogicalinterfaceifVLANmodelisused Enterprisefirewall/NATdevicemustsupportQoStransparency o DSCPtransparencyisrequiredtopreserveQoSmarking EnterprisedevicemustbeprovisionedwithDSCPto802.1pmapping o ThisisnecessaryifvoicetrafficisprioritizedontheLANusing802.1p o ThedevicemapstheappropriateDSCPvaluesto802.1pforVoIPtraffic fromCommunityNetbeforeenteringtheVoiceVLAN EnterprisedeviceperformingDSCPto802.1pmappingshouldhavemultiple hardwarequeues EnterpriseLayer2switchingmustdo802.1pmarking
VoIPReadiness 28 RestrictedandConfidential March2006
o Theabilitytomarkandthenprovideprioritytovoicetrafficwithinthe infrastructure EnterpriseLayer2switchingshouldhavemultiplehardwarequeues o DeviceslimitedbytwoqueuestypicallyhavelimitedCPUandprocessing powerandarenotadequateforpolicybasednetworks o BeinglimitedtotwoqueuesresultsinmultipleDiffServvaluesbeing mappedtothesamequeueandthebehaviorappliedtothequeueisthe sameforallpackets Enterpriseinfrastructuremustbeswitchbased o ThisisalocalLANperformancerecommendation In Figure3below,theuserpopulationisconnectedthroughtheenterpriselayer3switch totheCommunityNetVPNviatheLANspanIPCErouter.TheEthernetsegment betweenthelayer3switch andthedemarcationrouterinterfaceistypicallyasmall subnet. TheIPaddressingonthefirewallpublicinterfaceconnectingtotheLANspanIP CErouterisprovidedtotheenterprisebySaskTel. AddingCentrexIPservicecapabilitiesrequiresthataconnectionbeprovisionedfromthe EnterpriseLANtotheSaskTelservicehostedinthecentral office.Asatrustedbusiness partner,SaskTelensurestheconnectionto thehostedserviceissecure. Thisconnectivitymodelusesan802.1Qtaggedconnectionbetweentheenterpriseswitch andthei200xLANinterface.ThisconfigurationresultsinseparatelogicalIPsubnets (voiceanddata),allowingforcontroloftrafficdistribution.Thelayer2priorityassigned totheVoIPframesattheIPphoneiscarriedforwardthroughtheLANensuringthe framesaretreatedwiththeproperpriority,forwardingthehighpriorityVoIPframes beforelowpriorityframes.
Figure3:SubnetbasedLANwith802.1Q/pandDiffServsupport
VoIPReadiness
29 RestrictedandConfidential
March2006
LANQoSRules
GeneralrulesthatapplytothesubnetbasedLANsolution(Figure3): LANspanIPCErouter mustbeprovisionedwithoptionalQoSfeature. o Thisisnecessarytoallowtheenterprisefirewall/NATdeviceto transparentlypassVoIPprecedenceontoenterprisedevicessupporting DSCPto802.1pmapping.DSCPmustbeappliedbeforethefirewallsince fewfirewallssupport802.1p LANspanIPCErouter mustsupportDSCP o TheWANusesDSCPtoprioritizetheVoIPtraffic Enterpriselayer3switch mustsupportDSCP o ThenetworkbetweentheLANspanIPCErouterandtheswitchmayuse DSCPtoprioritizevoicetraffic Enterpriselayer3switch musthavemultiplehardwaretransmitqueues Enterpriselayer3switch mustsupport802.1Q o ThisisnecessarytoprovideaVLANbasedmodel Enterpriselayer3switch mustsupport802.1ptoDSCPmapping o ThisisnecessaryifvoicetrafficisprioritizedontheLANusing802.1p o ThedevicemapstheappropriateDSCPvaluesto802.1pforVoIPtraffic fromCommunityNetbeforeenteringtheVoiceVLAN Enterpriseswitchesmustdo802.1pmarking o Theabilitytomarkandthenprovideprioritytovoicetrafficwithinthe infrastructure Enterpriseswitchesshouldhavemultiplehardwarequeues o DeviceslimitedbytwoqueuestypicallyhavelimitedCPUandprocessing powerandarenotadequateforpolicybasednetworks o BeinglimitedtotwoqueuesresultsinmultipleDiffServvaluesbeing mappedtothesamequeue,andthebehaviorappliedtothequeueisthe sameforallpackets Enterpriseinfrastructuremustbeswitchbased o ThisisalocalLANperformancerecommendation
VoIPReadiness
30 RestrictedandConfidential
March2006
AppendixB:SourceDocuments
1. NortelNetworksCentrexIPClientManager(CICM)Series7.0Engineering Guide 2. NortelNetworksLAN/WANdesignguidelinesfordeployingSuccession services 3. DesigningVoIP Networks:LessonsFromTheEdgebyMatthewF.Michels 4. EmergingNetworkandCommunicationTechnologiesTheHypeCycleby GartnerInc. 5. VoIP:TheFutureofVoiceTraffic WhitePaperbySaskTel,November2004 6. TIA/EIATelecommunicationsServicesBulletin116,VoiceQuality RecommendationsforIPTelephony 7. SuccessionCS2000ServiceOverview,March2004,NortelNetworks
VoIPReadiness
31 RestrictedandConfidential
March2006