160 likes | 230 Vues
VoicePipe Edgemarc Deployment. Overview Randall Holman, Prod. Management 3/19/07. Preferred Templates. Template A-1 Edgemarc is customer edge device - T1 termination - /30 WAN IP for Edgemarc Management - Traffic shaping – voice high priority - Firewall service
E N D
VoicePipe Edgemarc Deployment Overview Randall Holman, Prod. Management 3/19/07
Preferred Templates • Template A-1 • Edgemarc is customer edge device • - T1 termination • - /30 WAN IP for Edgemarc Management • - Traffic shaping – voice high priority • - Firewall service • * Deny all traffic originating from • WAN except HTTP, SSH, SNMP • * Allow all traffic originating from the LAN • * Only allow return traffic for connections • originating from the LAN • * VoIP Application Layer Gateway • dynamically provisions and closes UDP • ports used for VoIP calls • - Up to 15 simultaneous calls per T1 • - DHCP • * Private IP address space for phones and • PCs • DNS service • Phone configuration saved and downloaded from • TFTP server on VoicePipe network • Customer’s 10/100Mb full duplex Etherswitch • connects to Edgemarc • IP phones connect to Etherswitch ports. PCs • plug into back of IP phones Customer does not have any public host systems
Preferred Templates • Template A-2 • Edgemarc is customer edge device • - T1 termination • - /30 WAN IP for Edgemarc Mngt. • - Traffic shaping – voice high priority • - Firewall service • * Deny all traffic originating from WAN • except HTTP, SSH, SNMP • * Allow all traffic originating from the LAN • * Only allow return traffic for connections • originating from the LAN • * VoIP Application Layer Gateway • dynamically provisions and closes UDP • ports used for VoIP calls • - Up to 15 simultaneous calls per T1 • - DHCP • * Private IP address space for phones and • PCs • DNS service • Phone configuration saved and downloaded from • TFTP server on VoicePipe network • Customer’s 10/100Mb full duplex Etherswitch • connects to Edgemarc • IP phones connect to Etherswitch ports. PCs • plug into back of IP phones • Customer has public host systems (NAT’d). • NAT is used to direct public IP to Host’s private IP • Defined port addresses are allowed to pass through firewall • /30 User Assignable Public IPs (2 assignable IPs) – standard • - /29 (6 assignable) upon request at no additional charge • - /28 (14 assignable) upon request at no additional charge • - /27 (30 assignable) upon request at no additional charge • - More than 30 assignable will incur a standard charge
Supported Templates • Template B-1 • Edgemarc is customer edge device • - T1 termination • - /30 WAN IP for Edgemarc Management • - Traffic shaping – voice high priority • - Firewall service • * Protect Phones & PCs only • - public host bypasses firewall • * Deny all traffic originating from WAN • except HTTP, SSH, SNMP • * Allow all traffic originating from the LAN • * Only allow return traffic for connections • originating from the LAN • * VoIP Application Layer Gateway • dynamically provisions and closes UDP • ports used for VoIP calls • - Up to 15 simultaneous calls • - DHCP • * Private IP address space for phones and • PCs • DNS service • Phone configuration saved and downloaded from • TFTP server on VoicePipe network • Customer’s 10/100Mb full duplex Etherswitch • connects to Edgemarc • IP phones connect to Etherswitch ports. PCs • plug into back of IP phones • Customer has public host systems (bypass Edgemarc firewall). • VLANs used to separate public and private networks • IPTABLES routing commands specified to bypass firewall • /30 User Assignable Public IPs (2 assignable IPs) – standard • - /29 (6 assignable) upon request at no additional charge • - /28 (14 assignable) upon request at no additional charge • - /27 (30 assignable) upon request at no additional charge • - More than 30 assignable will incur a standard charge
Supported Templates • Template B-2 • Edgemarc is customer edge device • - T1 termination • - /30 WAN IP for Edgemarc Mngt. • - Traffic shaping – voice high priority • - Firewall service • * Protect Phones only • - customer provided firewall protects • PCsl • * Deny all traffic originating from WAN • except HTTP, SSH, SNMP • * Allow all traffic originating from the LAN • * Only allow return traffic for connections • originating from the LAN • * VoIP Application Layer Gateway • dynamically provisions and closes UDP • ports used for VoIP calls • - Up to 15 simultaneous calls per T1 • DHCP provided by customer’s firewall • * Default gateway is customer’s firewall • * SIP Proxy Server is the Edgemarc • DNS service • Phone configuration saved and downloaded from • TFTP server on VoicePipe network • Customer’s firewall connects to Edgemarc • Etherswitch connects to customer firewall • Customer is using their own firewall (bypass Edgemarc firewall). • VLANs used to establish public and private networks • IPTABLES routing commands specified to allow public IP to be assigned to • customer’s firewall and bypass the Edgemarc firewall • /30 User Assignable Public IPs (2 assignable IPs) – standard • - /29 (6 assignable) upon request at no additional charge • - /28 (14 assignable) upon request at no additional charge • - /27 (30 assignable) upon request at no additional charge • - More than 30 assignable will incur a standard charge • Though Phones will have their default gateway pointed to the customer’s firewall, the Phones • will be directed to use the Edgemarc as their SIP Proxy Server
VoicePipe/Edgemarc Firmware Release EM4300 EM4500
VLANs Used for More Advanced Configs(Template B-x Scenarios – Public IPs Behind EM) VLAN1 is assigned to Port 1 and is used to connect to the customer’s private network (i.e. customer’s PCs and Phones). VLAN2 is assigned to Port 2 and is used to connect to the customer’s public network (i.e. customer’s public host systems or firewall) VLAN1 IP address is the LAN gateway address on the Edgemarc (also the SIP Proxy address) VLAN2 IP address is the LAN gateway address for the customer’s public network (this is the first assignable public IP address provided to the customer) [Note: if there are VLANs configured, then the customer will also have IPTABLE user command statements]
DHCP Service If segmented into VLANs, then the correct VLAN must be specified for the DHCP scope. Note: TFTP server is specified as the Edgemarc’s LAN gateway interface, even though the VoicePipe TFTP host is 170.147.45.201. The Edgemarc ALG will do the network address translation.
Firewall HTTP, SSH, SNMP checked to allow for management of the Edgemarc device. Trusted Management Addresses restrict access to the Edgemarc box except from these specified networks.
Network Address Translation (NAT) Static NAT Translation will be used to allow access to private IP’d devices from the Internet.
VoIP ALG The VoIP ALG (Application Layer Gateway) provides basic proxy features for IP phones such as managing registrations. Phones communicate with Edgemarc box, which in turn communicates with VPAS.ONVOIP.NET (talks directly with Application server) Mobile phones are permitted to pass transparently through the Edgemarc and talk directly to NAT.ONVOIP.NET (session border controller) The TFTP Server is specified in the VoIP ALG (phones actually point their TFTP to the Edgemarc LAN gateway and the ALG does the translation).
User Commands IPTABLES commands are used to allow public IP addresses to pass through the Edgemarc device to the LAN side. Used when customer wants their public host system to bypass the Edgemarc firewall and not use NAT, or when the customer wants to use their own firewall. The customer’s entire assignable public IPs are defined in the IPTABLES commands. Note: if User Commands are being used and any changes are made to any section of the Edgemarc, use Reboot System option to restart the box – otherwise public IPs behind the Edgemarc may no longer be accessible.
Softswitch Redundancy Enabling SIP server redundancy will allow the Edgemarc to fail-over to the secondary Application server should the primary fail.
Network Information Network Information page provides some useful troubleshooting information. Shows routing table and LAN/WAN interface stats (i.e. errors, dropped packets) that may potentially pinpoint source of network problems.
System Information System Information will show you how long the Edgemarc box has been up and running, the number of active calls, and MOS scores.