350 likes | 357 Views
IP Telephony Working Group. QUESTnet 2003 Session1 - Up-date on Current Activities. Introduction. Introduction IPTEL is AARNet’s IP Telephony Working Group. A small “steering” committee interacts with a larger community that is the IP Telephony Working Group.
E N D
IP Telephony Working Group QUESTnet 2003 Session1 - Up-date on Current Activities
Introduction • Introduction • IPTEL is AARNet’s IP Telephony Working Group. • A small “steering” committee interacts with a larger community that is the IP Telephony Working Group. • The Steering Committee was formed by invitation from AARNet as a result of the original 2001 planning meeting. • Operation • The Steering Committee meets by video conference, email and occasional face-to-face meetings. • It reports to the CEO of AARNet Pty Ltd. • Contact and interaction with the Steering Committee can be made directly to its members or by joining the mailing list. iptel-l@aarnet.edu.au • The web site is the official record of the group. http://www.aarnet.edu.au/engineering/wgs/iptel/
Steering Committee Members • Rod Ibell (Chair) - University of Southern Queensland • Steve Cox - Flinders University • Ruston Hutchens - La Trobe University • Chris Myers - Swinburne University of Technology • Stephen Kingham – AARNet Pty Ltd • Ann Pettigrew – AARNet Working Group Support Officer
What does the AARNet VoIP service provide? • Toll-bypass telephone service between members and hop off gateways in the major capital cities for local calls and Cellular Mobiles . • Long distance calls in Australia by use of a bypass code. • http://www.aarnet.edu.au/services/voip/ • QoS for telephony traffic and the VoIPMonitor. http://lattice.act.aarnet.net.au/VoIPMonitor. • Billing System http://voip.aarnet.net.au/AARNet. • The Australian Root Gatekeeper and peering with the international Roots.
Goals and Areas of Interest for the Working Group • Design guides for Cisco Call Manager and other vendor IP Telephones • Design guide for interworking with VoIP Proxies for QoS and firewalls • Checking of interworking with AARNet VoIP network • Telephone routing for outgoing and incoming calls • Connection to Carriers and PABXs • Business case templates and whole of life costs • Emergency calls and powerfail telephones • Supporting modems and facsimile machines • Global directory service (LDAP) • Call admission control (cf telephone class of service) • Billing for AARNet • Internal billing (TIMS) for a Member and reconciliation with Carriers • Supporting SIP • Unified messaging • Guidelines and case studies on implementation of QoS • Fault tolerance/survivability
Current Issues under Review • Security • Quality of Service (QoS) • Call Manager • Peering with other VoIP Carriers • Implementing IP Telephony – Pitfalls and Pit Stops • Trials • ENUM ( Session 2 ) • Dial Plan ( Session 2 ) • Billing ( Session 2 )
Deployment • Plan ahead • Firewalls • Packet inspection • Access Control • Proxies Security should be part of the whole process.
Plan ahead • What can I log? • Map out the call flow. • Think of the end deployment, not just the pilot. • But don’t be too rigid. Things change fast.
Firewalls • Firewalls can be used to protect the call servers • Do not use H.323 fix-up on PIX firewall. • Firewalls are also very useful in toll bypass protection. • Dual Firewalls can also be configured in redundant pairs for high availability.
Packet Inspection • IDS is very handy for stopping Worms and Trojans. • It can give the heads up on incoming DoS attacks or port scans that can be a precursor to an attack.
Access Control (ACL to build) • Handset to call server • Handset to handset • Softphone to call server • Softphone to handset • All to voice mail • Data to call server • Toll bypass Examples will be available on the AARNet web site.
Web Proxies • Proxies are used to allow access to www information on the phones. • XML is going to be a big part of a total VoIP solution. The Working Group would like to implement a library of XML applications that users are able to share. Please send details to: ann.pettigrew@aarnet.edu.au
Other useful devices • Gatekeeper • Should you use the AARNet gatekeeper? • Back-to-back gateways • AARNet is testing one. • H.323 Proxies • DO NOT work with CCM to CCM. • ARP watchers • Check for changes. • QoS monitors • Wish list – write you own!
VoIP Attacks • Virus and Trojans • DoS & DDoS • OS Hacking • ARP Poisoning • IP Spoofing • Packet Sniffing • Call Interception • Toll Fraud • CLI Spoofing
QoS • Importance and relevance of QoS in the network • Recent problems within AARNet that stopped the VoIP traffic • Re-routing of PVCs around faults introduced increased latency. • Hardware in RNO sites is getting beyond usable life span. • Minor miss-configurations in RNO routers. • AARNet VoIP load status • Call rate • Sites using VoIP • There are many resources on the Internet relating to QoS.
QoS – A simple example • Traffic over Telstra ATM link with Cisco routers. • No real bandwidth limitation. • Shared PABX integration traffic. • Very occasional traffic saturation. • Interfaces set for PQ for voice traffic. • BUT- POOR and ERRATIC IP Voice services • even with < 5% link utilisation.
Qos – The Problem • There were no indications of packet loss. • The issue got down to buffer and latency. • The culprit was the ATM Tx-Ring buffer. • The TX-Ring is a FIFO transmission buffer. • The default size is set for data and is LARGE. • Priority Queueing is activated by congestion and with a large buffer and light traffic this does not occur.
QoS – The Fix • The solution is to reduce the Tx-Ring size in the output interface to force the PQ action. ! class-map match-any VOICE match ip precedence 5 ! policy-map QOS-WAN class VOICE priority 384 class VIDEO bandwidth 1500 ! ! interface ATM1/0.1 multipoint description WAN via Telstra ip address 1.2.3.4 255.255.255.248 pvc rno 10/32 protocol ip 1.2.3.4 broadcast vbr-nrt 4000 4000 tx-ring-limit 5 encapsulation aal5snap service-policy output QOS-WAN !
QoS - Miscellaneous • Duplex issues • Cisco IP phones are always ‘auto’ configured. • Switch port and attached PC MUST also be set to ‘auto’ or the phone will select ‘half-duplex’. • SRST Issues (Survivable Remote Site Telephony) • If only one Call Manager, the Cisco IP phone will, by default, attempt to connect to the default gateway as the standby Call Manager.
How to connect using Cisco Call Manager • Call processing flow, and a guide. • How to configure to route calls via AARNet VoIP. • Detailed Configuration Guide (presently being reviewed): http://www.aarnet.edu.au/engineering/wgs/iptel/configurationguides/.
Cisco Call Manager Gatekeeper settings Device : Gatekeeper • Host name = 203.22.212.242 (do not use DNS) • Description = AARNet GK • Registration Request Time To Live = 60 • Registration Retry Timeout = 300 • AARNet needs to configure the GK to accept the registration and to define the zone name. (CCM does not provide the zone name in registration.)
Gatekeepers and Proxies • Gatekeepers are like the Domain Name Servers for WWW. They provide telephone number lookup for H.323 based Video and Voice over IP. • AARNet hosts one of the four ROOT gatekeepers in the world. • Templates for Gatekeeper and Proxy will be available soon. • Note: We need to modify VoIPMonitor to handle Gateways on remote GKs rather than just local Gateways.
Peering with other Carriers • Dial plan incompatibility is the biggest problem. • www.Vide.Net sponsors the International H.323 GKs. Its dial plan is 00+E164, eg 00 61 2 6222 3555. • Agile (Australia) • Comindico (Australia) • QoS policing. • Both problems solved using a Back-to-Back VoIP Gateway. (See talk on Dial Plan.) • Authentication of who can call what destinations (eg calls to cellular mobiles). We do not have an elegant solution.
Why peer? CHEAP CALLS • Replace the Carrier Telephone Networks(because we can). • Create a feature rich telephone/video network, eg enhancements from ENUM. • Call Charges plummet to almost free, regardless of where you call from or to.
Implementing IP Telephony – Pitfalls • When to take the first step • Age of existing equipment • ‘Green’ sites – new buildings etc. • Human Resource - the most valuable item • Training • Opportunity or Threat? • Additional higher level staff costs • Interoperability • A very grey area?
Implementing IP Telephony – Pitfalls cont. • Network IP Telephony Readiness • Many issues to consider, the main ones being: • Delay • Jitter • Packet loss • User perceptions • Voice quality during calls • Availability of a service
Implementing IP Telephony – Pit stops • Power • Can you meet the traditional 99.999% uptime? • Not just the voice services requiring redundancy. • Emergency number access • Possible use of IP to analogue gateways • Virus/ DOS attacks & basic hackers • Vulnerability of phone O/S and Servers to attack. • Constant Patching. • Firewall and access list issues. • Technology evolution & development • Immaturity of IP telephony software c.f. traditional PABX. • Must accept change during evolution.
Trials and Installations • Mitel Networks products pilot trial at Flinders University • Nortel SIP products • Avaya – Installation at ANU • Alcatel – Installation at QUT • We would like to acknowledge the session by the staff of QUT on their experiences with replacing their PABX. • The issues raised are a valuable resource and provide direction for anybody starting out.
IPTEL Working Group • IPTEL Working Group web sitehttp://www.aarnet.edu.au/engineering/wgs/iptel/ • Inform the Steering Committee about any activities that you would like the group to investigate. • Share your own experiences, including problems and solutions, with the group. • Get involved with this and other AARNet Working Groups.http://www.aarnet.edu.au/engineering/wgs/Video over IPIPv6QoSMulticast • Subscribe to the mailing lists of AARNet Working Groups.http://lists.aarnet.edu.au/mailman/listinfo/ • Contact the Working Group Support Officer.ann.pettigrew@aarnet.edu.au