Inside-the-office best practices (LAN)
- Deploy the VoIP gear on a separate VLAN: This keeps the voice traffic protected with respect to the other traffic, such as file sharing, email and Web browsing.
- Deploy full duplex nonblocking switches. Inexpensive hubs will create collision and packet loss.
- Keep the computers clean of viruses, worms and other malware. There is nothing more likely to bring a network (both LAN and WAN) to its knees than an office full of "dirty" computers.
- Deploy only high-quality VoIP phones and gateways with multiple codec support that are capable of interoperating
- with a variety of IP PBXs and soft switches. Multiple codec support is more cost-effective than using G.711 codecs everywhere -- especially for expensive international links. Phones with adequate echo cancellation capabilities (the longer the better) are recommended.
Outside-the-office best practices (WAN)
- Get an adequate service level agreement (SLA) from the service provider, from provider edge to provider edge (MPLS). The SLA should specify bandwidth, latency and jitter bounds within which the voice packets will be delivered from one service provider edge to the other. Without this, there is no guarantee in the core network. This must be measured continuously.
- Provision enterprise class VoIP-aware security at the perimeter. The firewall has to have an application level gateway. The UDP ports used by VoIP packets are dynamic and negotiated between the two phones, so the firewall has no way of knowing what they will be. Without an application level gateway, pin holes -- permanently opened specific ports -- must be created in the firewall These pin holes leave the network open to hacking.
An application level gateway (ALG) tracks the conversation between the phones and dynamically opens the two ports and blocks the others. This increases the level of security in general because there are no open, idle ports in the firewall that can be used for external attacks.
- Perform a network health check.
- Network managers must know what other applications are going to compete with VoIP (file transfer, interactive, etc.), and those applications must be managed. Hire a vendor that can perform deep packet monitoring to identify every application and its usage patterns. From this, a report can be generated to analyze and prioritize applications. This report will determine which applications are critical for the business, which are less important and can be squeezed, and which are non-business and can be given lowest priority. VoIP requirements can then be defined in terms of number of calls and bandwidth needed. This will determine whether VoIP and critical data can be controlled or whether a bandwidth upgrade is required. Consider using compression or caching to control application behavior.
- Perform a test to a remote site with the target number of calls and data traffic. Use a traffic manager to demonstrate that the network can maintain toll quality under a variety of network conditions.
- Deploy accurate and session-aware QoS at the edge. WAN bandwidth at the branch is typically T1 or less. VoIP traffic must compete with other, less important or even non-business traffic. Network managers need to be able to identify precisely the types of traffic at the Application Layer and apply policies on a session-by-session basis. This guarantees that VoIP will receive the required bandwidth and priority at all times. Controlling outbound traffic is not enough. Inbound large file downloads and Web browsing must be identified and throttled to assure VoIP toll quality.
- Continuously monitor performance. Network managers need to ensure that the erlangs are within the traffic engineered parameters. If the demand is increasing, then more bandwidth is needed or the policies must be adjusted.
- Compress where you can; control where you must. This is essential, especially in enterprises that own both ends of the network. Use compression to expand the pipe virtually and get more traffic through.
- Get a next-generation access device with traffic management, QoS, routing, switching, media gateway and security built into a single device and managed under one policy. One of the most important considerations for VoIP deployment is reducing total cost of ownership. Having three or four boxes in the remote location is a nightmare to manage and prohibitively expensive. Traffic management, security policies, number of calls, CODEX used, etc. all have to be coordinated to obtain optimal performance for VoIP.
About the author:
This was first published in July 2006