1 / 15

VoicePipe Edgemarc Deployment

VoicePipe Edgemarc Deployment. Overview Randall Holman, Prod. Management 3/19/07. Preferred Templates. Template A-1 Edgemarc is customer edge device - T1 termination - /30 WAN IP for Edgemarc Management - Traffic shaping – voice high priority - Firewall service

kelli
Download Presentation

VoicePipe Edgemarc Deployment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VoicePipe Edgemarc Deployment Overview Randall Holman, Prod. Management 3/19/07

  2. Preferred Templates • Template A-1 • Edgemarc is customer edge device • - T1 termination • - /30 WAN IP for Edgemarc Management • - Traffic shaping – voice high priority • - Firewall service • * Deny all traffic originating from • WAN except HTTP, SSH, SNMP • * Allow all traffic originating from the LAN • * Only allow return traffic for connections • originating from the LAN • * VoIP Application Layer Gateway • dynamically provisions and closes UDP • ports used for VoIP calls • - Up to 15 simultaneous calls per T1 • - DHCP • * Private IP address space for phones and • PCs • DNS service • Phone configuration saved and downloaded from • TFTP server on VoicePipe network • Customer’s 10/100Mb full duplex Etherswitch • connects to Edgemarc • IP phones connect to Etherswitch ports. PCs • plug into back of IP phones Customer does not have any public host systems

  3. Preferred Templates • Template A-2 • Edgemarc is customer edge device • - T1 termination • - /30 WAN IP for Edgemarc Mngt. • - Traffic shaping – voice high priority • - Firewall service • * Deny all traffic originating from WAN • except HTTP, SSH, SNMP • * Allow all traffic originating from the LAN • * Only allow return traffic for connections • originating from the LAN • * VoIP Application Layer Gateway • dynamically provisions and closes UDP • ports used for VoIP calls • - Up to 15 simultaneous calls per T1 • - DHCP • * Private IP address space for phones and • PCs • DNS service • Phone configuration saved and downloaded from • TFTP server on VoicePipe network • Customer’s 10/100Mb full duplex Etherswitch • connects to Edgemarc • IP phones connect to Etherswitch ports. PCs • plug into back of IP phones • Customer has public host systems (NAT’d). • NAT is used to direct public IP to Host’s private IP • Defined port addresses are allowed to pass through firewall • /30 User Assignable Public IPs (2 assignable IPs) – standard • - /29 (6 assignable) upon request at no additional charge • - /28 (14 assignable) upon request at no additional charge • - /27 (30 assignable) upon request at no additional charge • - More than 30 assignable will incur a standard charge

  4. Supported Templates • Template B-1 • Edgemarc is customer edge device • - T1 termination • - /30 WAN IP for Edgemarc Management • - Traffic shaping – voice high priority • - Firewall service • * Protect Phones & PCs only • - public host bypasses firewall • * Deny all traffic originating from WAN • except HTTP, SSH, SNMP • * Allow all traffic originating from the LAN • * Only allow return traffic for connections • originating from the LAN • * VoIP Application Layer Gateway • dynamically provisions and closes UDP • ports used for VoIP calls • - Up to 15 simultaneous calls • - DHCP • * Private IP address space for phones and • PCs • DNS service • Phone configuration saved and downloaded from • TFTP server on VoicePipe network • Customer’s 10/100Mb full duplex Etherswitch • connects to Edgemarc • IP phones connect to Etherswitch ports. PCs • plug into back of IP phones • Customer has public host systems (bypass Edgemarc firewall). • VLANs used to separate public and private networks • IPTABLES routing commands specified to bypass firewall • /30 User Assignable Public IPs (2 assignable IPs) – standard • - /29 (6 assignable) upon request at no additional charge • - /28 (14 assignable) upon request at no additional charge • - /27 (30 assignable) upon request at no additional charge • - More than 30 assignable will incur a standard charge

  5. Supported Templates • Template B-2 • Edgemarc is customer edge device • - T1 termination • - /30 WAN IP for Edgemarc Mngt. • - Traffic shaping – voice high priority • - Firewall service • * Protect Phones only • - customer provided firewall protects • PCsl • * Deny all traffic originating from WAN • except HTTP, SSH, SNMP • * Allow all traffic originating from the LAN • * Only allow return traffic for connections • originating from the LAN • * VoIP Application Layer Gateway • dynamically provisions and closes UDP • ports used for VoIP calls • - Up to 15 simultaneous calls per T1 • DHCP provided by customer’s firewall • * Default gateway is customer’s firewall • * SIP Proxy Server is the Edgemarc • DNS service • Phone configuration saved and downloaded from • TFTP server on VoicePipe network • Customer’s firewall connects to Edgemarc • Etherswitch connects to customer firewall • Customer is using their own firewall (bypass Edgemarc firewall). • VLANs used to establish public and private networks • IPTABLES routing commands specified to allow public IP to be assigned to • customer’s firewall and bypass the Edgemarc firewall • /30 User Assignable Public IPs (2 assignable IPs) – standard • - /29 (6 assignable) upon request at no additional charge • - /28 (14 assignable) upon request at no additional charge • - /27 (30 assignable) upon request at no additional charge • - More than 30 assignable will incur a standard charge • Though Phones will have their default gateway pointed to the customer’s firewall, the Phones • will be directed to use the Edgemarc as their SIP Proxy Server

  6. VoicePipe/Edgemarc Firmware Release EM4300 EM4500

  7. VLANs Used for More Advanced Configs(Template B-x Scenarios – Public IPs Behind EM) VLAN1 is assigned to Port 1 and is used to connect to the customer’s private network (i.e. customer’s PCs and Phones). VLAN2 is assigned to Port 2 and is used to connect to the customer’s public network (i.e. customer’s public host systems or firewall) VLAN1 IP address is the LAN gateway address on the Edgemarc (also the SIP Proxy address) VLAN2 IP address is the LAN gateway address for the customer’s public network (this is the first assignable public IP address provided to the customer) [Note: if there are VLANs configured, then the customer will also have IPTABLE user command statements]

  8. DHCP Service If segmented into VLANs, then the correct VLAN must be specified for the DHCP scope. Note: TFTP server is specified as the Edgemarc’s LAN gateway interface, even though the VoicePipe TFTP host is 170.147.45.201. The Edgemarc ALG will do the network address translation.

  9. Firewall HTTP, SSH, SNMP checked to allow for management of the Edgemarc device. Trusted Management Addresses restrict access to the Edgemarc box except from these specified networks.

  10. Network Address Translation (NAT) Static NAT Translation will be used to allow access to private IP’d devices from the Internet.

  11. VoIP ALG The VoIP ALG (Application Layer Gateway) provides basic proxy features for IP phones such as managing registrations. Phones communicate with Edgemarc box, which in turn communicates with VPAS.ONVOIP.NET (talks directly with Application server) Mobile phones are permitted to pass transparently through the Edgemarc and talk directly to NAT.ONVOIP.NET (session border controller) The TFTP Server is specified in the VoIP ALG (phones actually point their TFTP to the Edgemarc LAN gateway and the ALG does the translation).

  12. User Commands IPTABLES commands are used to allow public IP addresses to pass through the Edgemarc device to the LAN side. Used when customer wants their public host system to bypass the Edgemarc firewall and not use NAT, or when the customer wants to use their own firewall. The customer’s entire assignable public IPs are defined in the IPTABLES commands. Note: if User Commands are being used and any changes are made to any section of the Edgemarc, use Reboot System option to restart the box – otherwise public IPs behind the Edgemarc may no longer be accessible.

  13. Softswitch Redundancy Enabling SIP server redundancy will allow the Edgemarc to fail-over to the secondary Application server should the primary fail.

  14. Network Information Network Information page provides some useful troubleshooting information. Shows routing table and LAN/WAN interface stats (i.e. errors, dropped packets) that may potentially pinpoint source of network problems.

  15. System Information System Information will show you how long the Edgemarc box has been up and running, the number of active calls, and MOS scores.

More Related