© Copyright AARNet Pty Ltd IP Telephony Working Group QUESTnet 2003 Session1 - Up-date on Current Activities
© Copyright AARNet Pty Ltd Introduction –IPTEL is AARNet’s IP Telephony Working Group. –A small “steering” committee interacts with a larger community that is the IP Telephony Working Group. –The Steering Committee was formed by invitation from AARNet as a result of the original 2001 planning meeting. Operation –The Steering Committee meets by video conference, and occasional face-to-face meetings. –It reports to the CEO of AARNet Pty Ltd. –Contact and interaction with the Steering Committee can be made directly to its members or by joining the mailing list. –The web site is the official record of the group.
© Copyright AARNet Pty Ltd Steering Committee Members Rod Ibell (Chair) - University of Southern Queensland Steve Cox - Flinders University Ruston Hutchens - La Trobe University Chris Myers - Swinburne University of Technology Stephen Kingham – AARNet Pty Ltd Ann Pettigrew – AARNet Working Group Support Officer
© Copyright AARNet Pty Ltd What does the AARNet VoIP service provide? Toll-bypass telephone service between members and hop off gateways in the major capital cities for local calls and Cellular Mobiles. Long distance calls in Australia by use of a bypass code. QoS for telephony traffic and the VoIPMonitor. Billing System The Australian Root Gatekeeper and peering with the international Roots.
© Copyright AARNet Pty Ltd Goals and Areas of Interest for the Working Group Design guides for Cisco Call Manager and other vendor IP Telephones Design guide for interworking with VoIP Proxies for QoS and firewalls Checking of interworking with AARNet VoIP network Telephone routing for outgoing and incoming calls Connection to Carriers and PABXs Business case templates and whole of life costs Emergency calls and powerfail telephones Supporting modems and facsimile machines Global directory service (LDAP) Call admission control (cf telephone class of service) Billing for AARNet Internal billing (TIMS) for a Member and reconciliation with Carriers Supporting SIP Unified messaging Guidelines and case studies on implementation of QoS Fault tolerance/survivability
© Copyright AARNet Pty Ltd Current Issues under Review Security Quality of Service (QoS) Call Manager Peering with other VoIP Carriers Implementing IP Telephony – Pitfalls and Pit Stops Trials ENUM ( Session 2 ) Dial Plan ( Session 2 ) Billing ( Session 2 )
© Copyright AARNet Pty Ltd VoIP Security
© Copyright AARNet Pty Ltd Deployment Plan ahead Firewalls Packet inspection Access Control Proxies Security should be part of the whole process.
© Copyright AARNet Pty Ltd Plan ahead What can I log? Map out the call flow. Think of the end deployment, not just the pilot. But don’t be too rigid. Things change fast.
© Copyright AARNet Pty Ltd Firewalls Firewalls can be used to protect the call servers –Do not use H.323 fix-up on PIX firewall. Firewalls are also very useful in toll bypass protection. Dual Firewalls can also be configured in redundant pairs for high availability.
© Copyright AARNet Pty Ltd Packet Inspection IDS is very handy for stopping Worms and Trojans. It can give the heads up on incoming DoS attacks or port scans that can be a precursor to an attack.
© Copyright AARNet Pty Ltd Access Control (ACL to build) Handset to call server Handset to handset Softphone to call server Softphone to handset All to voice mail Data to call server Toll bypass Examples will be available on the AARNet web site.
© Copyright AARNet Pty Ltd Web Proxies Proxies are used to allow access to www information on the phones. XML is going to be a big part of a total VoIP solution. The Working Group would like to implement a library of XML applications that users are able to share. Please send details to:
© Copyright AARNet Pty Ltd Other useful devices Gatekeeper –Should you use the AARNet gatekeeper? Back-to-back gateways –AARNet is testing one. H.323 Proxies –DO NOT work with CCM to CCM. ARP watchers –Check for changes. QoS monitors –Wish list – write you own!
© Copyright AARNet Pty Ltd VoIP Attacks Virus and Trojans DoS & DDoS OS Hacking ARP Poisoning IP Spoofing Packet Sniffing Call Interception Toll Fraud CLI Spoofing
© Copyright AARNet Pty Ltd Quality of Service (QoS)
© Copyright AARNet Pty Ltd QoS Importance and relevance of QoS in the network Recent problems within AARNet that stopped the VoIP traffic –Re-routing of PVCs around faults introduced increased latency. –Hardware in RNO sites is getting beyond usable life span. –Minor miss-configurations in RNO routers. AARNet VoIP load status –Call rate –Sites using VoIP There are many resources on the Internet relating to QoS.
© Copyright AARNet Pty Ltd QoS – A simple example Traffic over Telstra ATM link with Cisco routers. No real bandwidth limitation. Shared PABX integration traffic. Very occasional traffic saturation. Interfaces set for PQ for voice traffic. BUT - POOR and ERRATIC IP Voice services –even with < 5% link utilisation.
© Copyright AARNet Pty Ltd Qos – The Problem There were no indications of packet loss. The issue got down to buffer and latency. The culprit was the ATM Tx-Ring buffer. The TX-Ring is a FIFO transmission buffer. The default size is set for data and is LARGE. Priority Queueing is activated by congestion and with a large buffer and light traffic this does not occur.
© Copyright AARNet Pty Ltd QoS – The Fix The solution is to reduce the Tx-Ring size in the output interface to force the PQ action. ! interface ATM1/0.1 multipoint description WAN via Telstra ip address pvc rno 10/32 protocol ip broadcast vbr-nrt tx-ring-limit 5 encapsulation aal5snap service-policy output QOS-WAN ! class-map match-any VOICE match ip precedence 5 ! policy-map QOS-WAN class VOICE priority 384 class VIDEO bandwidth 1500 !
© Copyright AARNet Pty Ltd QoS - Miscellaneous Duplex issues –Cisco IP phones are always ‘auto’ configured. –Switch port and attached PC MUST also be set to ‘auto’ or the phone will select ‘half-duplex’. SRST Issues (Survivable Remote Site Telephony) –If only one Call Manager, the Cisco IP phone will, by default, attempt to connect to the default gateway as the standby Call Manager.
© Copyright AARNet Pty Ltd Call Manager
© Copyright AARNet Pty Ltd How to connect using Cisco Call Manager Call processing flow, and a guide. How to configure to route calls via AARNet VoIP. Detailed Configuration Guide (presently being reviewed): urationguides/. urationguides/
© Copyright AARNet Pty Ltd Call Manager
© Copyright AARNet Pty Ltd Cisco Call Manager Gatekeeper settings Device : Gatekeeper Host name = (do not use DNS) Description = AARNet GK Registration Request Time To Live = 60 Registration Retry Timeout = 300 AARNet needs to configure the GK to accept the registration and to define the zone name. (CCM does not provide the zone name in registration.)
© Copyright AARNet Pty Ltd Gatekeepers and Proxies Gatekeepers are like the Domain Name Servers for WWW. They provide telephone number lookup for H.323 based Video and Voice over IP. AARNet hosts one of the four ROOT gatekeepers in the world. Templates for Gatekeeper and Proxy will be available soon. Note: We need to modify VoIPMonitor to handle Gateways on remote GKs rather than just local Gateways.
© Copyright AARNet Pty Ltd Peering
© Copyright AARNet Pty Ltd Peering with other Carriers Dial plan incompatibility is the biggest problem. – sponsors the International H.323 GKs. Its dial plan is 00+E164, eg –Agile (Australia) –Comindico (Australia) QoS policing. Both problems solved using a Back-to-Back VoIP Gateway. (See talk on Dial Plan.) Authentication of who can call what destinations (eg calls to cellular mobiles). We do not have an elegant solution.
© Copyright AARNet Pty Ltd Why peer? CHEAP CALLS Replace the Carrier Telephone Networks (because we can). Create a feature rich telephone/video network, eg enhancements from ENUM. Call Charges plummet to almost free, regardless of where you call from or to.
© Copyright AARNet Pty Ltd Implementation issues
© Copyright AARNet Pty Ltd Implementing IP Telephony – Pitfalls When to take the first step –Age of existing equipment –‘Green’ sites – new buildings etc. Human Resource - the most valuable item –Training –Opportunity or Threat? –Additional higher level staff costs Interoperability –A very grey area?
© Copyright AARNet Pty Ltd Implementing IP Telephony – Pitfalls cont. Network IP Telephony Readiness –Many issues to consider, the main ones being: Delay Jitter Packet loss User perceptions Voice quality during calls Availability of a service
© Copyright AARNet Pty Ltd Implementing IP Telephony – Pit stops Power –Can you meet the traditional % uptime? –Not just the voice services requiring redundancy. Emergency number access –Possible use of IP to analogue gateways Virus/ DOS attacks & basic hackers –Vulnerability of phone O/S and Servers to attack. –Constant Patching. –Firewall and access list issues. Technology evolution & development –Immaturity of IP telephony software c.f. traditional PABX. –Must accept change during evolution.
© Copyright AARNet Pty Ltd Trials and Installations Mitel Networks products pilot trial at Flinders University Nortel SIP products Avaya – Installation at ANU Alcatel – Installation at QUT –We would like to acknowledge the session by the staff of QUT on their experiences with replacing their PABX. –The issues raised are a valuable resource and provide direction for anybody starting out.
© Copyright AARNet Pty Ltd IPTEL Working Group IPTEL Working Group web site Inform the Steering Committee about any activities that you would like the group to investigate. Share your own experiences, including problems and solutions, with the group. Get involved with this and other AARNet Working Groups. Video over IP IPv6 QoS Multicast Subscribe to the mailing lists of AARNet Working Groups. Contact the Working Group Support Officer.