350 likes | 374 Views
Get insights into AARNET's IP Telephony Working Group activities, services, goals, and security measures, including QoS, billing systems, and current issues like security and quality of service. Learn about VoIP deployment, firewalls, packet inspection, access control, and more. Explore examples and useful devices for a robust VoIP solution. Stay informed on network latency, hardware issues, misconfigurations, call rates, and more related to QoS in AARNET.
E N D
IP Telephony Working Group QUESTnet 2003 Session1 - Up-date on Current Activities
Introduction • Introduction • IPTEL is AARNet’s IP Telephony Working Group. • A small “steering” committee interacts with a larger community that is the IP Telephony Working Group. • The Steering Committee was formed by invitation from AARNet as a result of the original 2001 planning meeting. • Operation • The Steering Committee meets by video conference, email and occasional face-to-face meetings. • It reports to the CEO of AARNet Pty Ltd. • Contact and interaction with the Steering Committee can be made directly to its members or by joining the mailing list. iptel-l@aarnet.edu.au • The web site is the official record of the group. http://www.aarnet.edu.au/engineering/wgs/iptel/
Steering Committee Members • Rod Ibell (Chair) - University of Southern Queensland • Steve Cox - Flinders University • Ruston Hutchens - La Trobe University • Chris Myers - Swinburne University of Technology • Stephen Kingham – AARNet Pty Ltd • Ann Pettigrew – AARNet Working Group Support Officer
What does the AARNet VoIP service provide? • Toll-bypass telephone service between members and hop off gateways in the major capital cities for local calls and Cellular Mobiles . • Long distance calls in Australia by use of a bypass code. • http://www.aarnet.edu.au/services/voip/ • QoS for telephony traffic and the VoIPMonitor. http://lattice.act.aarnet.net.au/VoIPMonitor. • Billing System http://voip.aarnet.net.au/AARNet. • The Australian Root Gatekeeper and peering with the international Roots.
Goals and Areas of Interest for the Working Group • Design guides for Cisco Call Manager and other vendor IP Telephones • Design guide for interworking with VoIP Proxies for QoS and firewalls • Checking of interworking with AARNet VoIP network • Telephone routing for outgoing and incoming calls • Connection to Carriers and PABXs • Business case templates and whole of life costs • Emergency calls and powerfail telephones • Supporting modems and facsimile machines • Global directory service (LDAP) • Call admission control (cf telephone class of service) • Billing for AARNet • Internal billing (TIMS) for a Member and reconciliation with Carriers • Supporting SIP • Unified messaging • Guidelines and case studies on implementation of QoS • Fault tolerance/survivability
Current Issues under Review • Security • Quality of Service (QoS) • Call Manager • Peering with other VoIP Carriers • Implementing IP Telephony – Pitfalls and Pit Stops • Trials • ENUM ( Session 2 ) • Dial Plan ( Session 2 ) • Billing ( Session 2 )
Deployment • Plan ahead • Firewalls • Packet inspection • Access Control • Proxies Security should be part of the whole process.
Plan ahead • What can I log? • Map out the call flow. • Think of the end deployment, not just the pilot. • But don’t be too rigid. Things change fast.
Firewalls • Firewalls can be used to protect the call servers • Do not use H.323 fix-up on PIX firewall. • Firewalls are also very useful in toll bypass protection. • Dual Firewalls can also be configured in redundant pairs for high availability.
Packet Inspection • IDS is very handy for stopping Worms and Trojans. • It can give the heads up on incoming DoS attacks or port scans that can be a precursor to an attack.
Access Control (ACL to build) • Handset to call server • Handset to handset • Softphone to call server • Softphone to handset • All to voice mail • Data to call server • Toll bypass Examples will be available on the AARNet web site.
Web Proxies • Proxies are used to allow access to www information on the phones. • XML is going to be a big part of a total VoIP solution. The Working Group would like to implement a library of XML applications that users are able to share. Please send details to: ann.pettigrew@aarnet.edu.au
Other useful devices • Gatekeeper • Should you use the AARNet gatekeeper? • Back-to-back gateways • AARNet is testing one. • H.323 Proxies • DO NOT work with CCM to CCM. • ARP watchers • Check for changes. • QoS monitors • Wish list – write you own!
VoIP Attacks • Virus and Trojans • DoS & DDoS • OS Hacking • ARP Poisoning • IP Spoofing • Packet Sniffing • Call Interception • Toll Fraud • CLI Spoofing
QoS • Importance and relevance of QoS in the network • Recent problems within AARNet that stopped the VoIP traffic • Re-routing of PVCs around faults introduced increased latency. • Hardware in RNO sites is getting beyond usable life span. • Minor miss-configurations in RNO routers. • AARNet VoIP load status • Call rate • Sites using VoIP • There are many resources on the Internet relating to QoS.
QoS – A simple example • Traffic over Telstra ATM link with Cisco routers. • No real bandwidth limitation. • Shared PABX integration traffic. • Very occasional traffic saturation. • Interfaces set for PQ for voice traffic. • BUT- POOR and ERRATIC IP Voice services • even with < 5% link utilisation.
Qos – The Problem • There were no indications of packet loss. • The issue got down to buffer and latency. • The culprit was the ATM Tx-Ring buffer. • The TX-Ring is a FIFO transmission buffer. • The default size is set for data and is LARGE. • Priority Queueing is activated by congestion and with a large buffer and light traffic this does not occur.
QoS – The Fix • The solution is to reduce the Tx-Ring size in the output interface to force the PQ action. ! class-map match-any VOICE match ip precedence 5 ! policy-map QOS-WAN class VOICE priority 384 class VIDEO bandwidth 1500 ! ! interface ATM1/0.1 multipoint description WAN via Telstra ip address 1.2.3.4 255.255.255.248 pvc rno 10/32 protocol ip 1.2.3.4 broadcast vbr-nrt 4000 4000 tx-ring-limit 5 encapsulation aal5snap service-policy output QOS-WAN !
QoS - Miscellaneous • Duplex issues • Cisco IP phones are always ‘auto’ configured. • Switch port and attached PC MUST also be set to ‘auto’ or the phone will select ‘half-duplex’. • SRST Issues (Survivable Remote Site Telephony) • If only one Call Manager, the Cisco IP phone will, by default, attempt to connect to the default gateway as the standby Call Manager.
How to connect using Cisco Call Manager • Call processing flow, and a guide. • How to configure to route calls via AARNet VoIP. • Detailed Configuration Guide (presently being reviewed): http://www.aarnet.edu.au/engineering/wgs/iptel/configurationguides/.
Cisco Call Manager Gatekeeper settings Device : Gatekeeper • Host name = 203.22.212.242 (do not use DNS) • Description = AARNet GK • Registration Request Time To Live = 60 • Registration Retry Timeout = 300 • AARNet needs to configure the GK to accept the registration and to define the zone name. (CCM does not provide the zone name in registration.)
Gatekeepers and Proxies • Gatekeepers are like the Domain Name Servers for WWW. They provide telephone number lookup for H.323 based Video and Voice over IP. • AARNet hosts one of the four ROOT gatekeepers in the world. • Templates for Gatekeeper and Proxy will be available soon. • Note: We need to modify VoIPMonitor to handle Gateways on remote GKs rather than just local Gateways.
Peering with other Carriers • Dial plan incompatibility is the biggest problem. • www.Vide.Net sponsors the International H.323 GKs. Its dial plan is 00+E164, eg 00 61 2 6222 3555. • Agile (Australia) • Comindico (Australia) • QoS policing. • Both problems solved using a Back-to-Back VoIP Gateway. (See talk on Dial Plan.) • Authentication of who can call what destinations (eg calls to cellular mobiles). We do not have an elegant solution.
Why peer? CHEAP CALLS • Replace the Carrier Telephone Networks(because we can). • Create a feature rich telephone/video network, eg enhancements from ENUM. • Call Charges plummet to almost free, regardless of where you call from or to.
Implementing IP Telephony – Pitfalls • When to take the first step • Age of existing equipment • ‘Green’ sites – new buildings etc. • Human Resource - the most valuable item • Training • Opportunity or Threat? • Additional higher level staff costs • Interoperability • A very grey area?
Implementing IP Telephony – Pitfalls cont. • Network IP Telephony Readiness • Many issues to consider, the main ones being: • Delay • Jitter • Packet loss • User perceptions • Voice quality during calls • Availability of a service
Implementing IP Telephony – Pit stops • Power • Can you meet the traditional 99.999% uptime? • Not just the voice services requiring redundancy. • Emergency number access • Possible use of IP to analogue gateways • Virus/ DOS attacks & basic hackers • Vulnerability of phone O/S and Servers to attack. • Constant Patching. • Firewall and access list issues. • Technology evolution & development • Immaturity of IP telephony software c.f. traditional PABX. • Must accept change during evolution.
Trials and Installations • Mitel Networks products pilot trial at Flinders University • Nortel SIP products • Avaya – Installation at ANU • Alcatel – Installation at QUT • We would like to acknowledge the session by the staff of QUT on their experiences with replacing their PABX. • The issues raised are a valuable resource and provide direction for anybody starting out.
IPTEL Working Group • IPTEL Working Group web sitehttp://www.aarnet.edu.au/engineering/wgs/iptel/ • Inform the Steering Committee about any activities that you would like the group to investigate. • Share your own experiences, including problems and solutions, with the group. • Get involved with this and other AARNet Working Groups.http://www.aarnet.edu.au/engineering/wgs/Video over IPIPv6QoSMulticast • Subscribe to the mailing lists of AARNet Working Groups.http://lists.aarnet.edu.au/mailman/listinfo/ • Contact the Working Group Support Officer.ann.pettigrew@aarnet.edu.au