From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Fri Mar 03 2006 - 14:06:12 GMT-3
Sounds like a nice little project. I've done a few similar ones although
over WAN rather than VPN but the majority of it should be similar.
I think you could create a fairly straight forward migration path by
bringing up the VPN in parallel and setting up a gateway with interfaces
that tie into the HQ PBX. The interfaces required are typically determined
by the PBX but common ones would include PRI and FXO. The gateway takes the
VOIP from the Ethernet and converts it to a format the PBX can understand.
The PBX admin can then create a route plan that send the calls for the
remote extensions to the gateway, which then converts back to VOIP to the
remote sites.
This way, they could have both phones on their desks and actually use them
both although they would have different extension numbers. This gives you a
viable pilot and migration path. You could also setup ipip/GRE tunnels on
either side of the VPN if you use routers and let EIGRP handle the load
balancing and failover if they go with dual ISP circuits. Later, if the
customer then decides to put in something like CallManager then the gateway
could be used as an external gateway to the CO as the internal gateway would
no longer be needed.
If each remote site only has a single phone then a 1760V or whatever newer
2800-something comparable model would be fine for the gateway device I would
think. Neither one is very expensive. If money is no object then a 3800
series would be a solid choice.
OPX = Off-Premises Extension (although some may call it an exchange as well)
and you are correct about what it is: a remote extension that hangs off of a
central PBX or key system.
Slap me if I'm oversimplifying but the details can be pretty overwhelming if
you're not familiar with it.
Rik
-----Original Message-----
From: Tim [mailto:ccie2be@nyc.rr.com]
Sent: Friday, March 03, 2006 11:32 AM
To: 'Guyler, Rik'; ccielab@groupstudy.com
Subject: RE: voip over VPN
Hey Rik,
I'm delighted & appreciative to have your food for thought anytime you're
serving it.
For the particular scenario where this is being considered, there are 5 or 6
store locations and a Headquarter all situated in a suburban area - Long
Island.
Currently, each store location is being served by 2 T-1's - 1 T-1 is for
data and the other is backup for the data and also provides voice tie lines
connections. Since these T-1's have been in place for a number of years, I
suspect this client is probably paying more for these links than they would
if they priced them now.
I'm considering recommending using both Cable and DSL since it's absolutely
necessary to have redundancy between the stores and HQ - without
connectivity, the stores can't sell any product. And, it's highly unlikely
that both cable and DSL service would be down simultaneously. (If they are,
there's probably some sort of disaster under way and nobody would be
shopping anyway.)
As part of my discovery process, I'll be finding out the costs of each of
the T-1's so I'll have a basis for comparison.
Now that I'm confident that this is a workable solution, I'm starting to
focus on how I'll get them "from here to there" with the least amount of
network disruption.
I'm also trying to figure out how I can do a pilot for them to make sure the
voice quality is acceptable.
The challenge of a pilot is that they only are using one PBX at HQ. So, for
internal voice traffic, there's 1 voice channel per phone at the store side
of the channelized T-1. ( I think it's referred to as an OPX (an
off-premise exchange, but I'm not sure about this).
Initially, we don't want to touch the existing phone system or replace the
phones in the stores. We just want to carry the voice traffic over the data
network - the new voip over VPN and get rid of the T-1's where applicable.
I'm sure there's a way but I haven't figured out what it is yet.
Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Guyler, Rik
Sent: Friday, March 03, 2006 8:45 AM
To: 'ccielab@groupstudy.com'
Subject: RE: voip over VPN
Hey Tim, my name isn't Chris! Oh well, gonna chime in anyway... ;-)
I can only speak about the services in my area so your options may or may
not be similar.
I do like DSL over cable in most cases. I find the latency over our local
DSL networks to be lower and bandwidth much more predictable. Also, there
are synchronous offerings in my area, which would be ideal if available in
high enough bandwidth and reasonably priced. That said, there are some
decent cable options as well but they tend to cost a good deal more. We
have Time Warner cable here and they do offer a business class service that
actually uses a different network and supposedly doesn't share out the
bandwidth like the consumer class product does. We use these services for
something lke 25 remote sites connected via VPN. We don't run VOIP over
these but we do run critical apps, some of which are sensitive (telnet,
client access, etc.) and we don't have a "lot" of problems. In this case,
we don't have a synchronous option, even on our 7x2 service, which costs
close to $600/month.
There are possibly other things to consider as well, such as distance and
facilities issues. DSL can provide great service but that will be dependent
on proximity to the CO facility. Cable is much more flexible in this
regard. Building management can also play a role in the decision making
process. I can bring DSL into my building very easily but cable services
brought in will have a significant build fee associated with them.
Just for grins, I might also check out the price for T1 access into an ISP.
DSL/cable have beaten those prices down to rock bottom. There is an ISP in
town here that offers full T1 access to their network for $500/month
including the circuit charge, which is pretty darn reasonable.
Just food for thought.
Rik
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tim
Sent: Thursday, March 02, 2006 6:16 PM
To: 'Chris Lewis'
Cc: 'Venkatesh Palani'; ccielab@groupstudy.com
Subject: RE: voip over VPN
Hey Chris,
Thanks for chiming in on this issue. And, thanks for the great info.
Currently the company where this might be implemented is using very
expensive channelized T-1's where some channels are dedicated to data and
others are dedicated to voice.
Also, I'm considering whether it matters if a cable or DSL connection is
used. I haven't yet checked with the various service providers but I'm
fairly sure both services are available with the necessary bandwidth.
In terms of quality and reliability, assuming both would do the job, do you
have any opinions on which is better?
TIA,
Tim
_____
From: Chris Lewis [mailto:chrlewiscsco@gmail.com]
Sent: Thursday, March 02, 2006 4:54 PM
To: Tim
Cc: Venkatesh Palani; ccielab@groupstudy.com
Subject: Re: voip over VPN
Tim,
Over the years Cisco has done a lot of work validating hardware and software
configurations for this purpose. We have even certified which providers meet
the requirements necessary to make a site to site voice deployment over
IPsec work properly. This work has been done under the name of V3PN,
standing for voice video and data over IPsec VPN. A marketing description is
available at
http://www.cisco.com/en/US/products/ps6661/products_ios_protocol_option_home
.html
The 160 page SRND with configurations is available at
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns241/c649/ccmigrati
on_09186a00801ea79c.pdf
Chris
On 3/2/06, Tim <ccie2be@nyc.rr.com> wrote:
Thanks guys for the feedback and recommendations. I thought it should work
but never tried it and didn't know for sure.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Venkatesh Palani
Sent: Thursday, March 02, 2006 1:14 PM
To: Tim
Cc: ccielab@groupstudy.com
Subject: Re: voip over VPN
Hi Tim,
I have worked on one of those designs thatr run IP TEL over IPSEC, for qos
use pre classify I dont think using ISR are a bad choice. I used GRE and
IPSEC and it wasnt that bad. actuallhy I tried them between asia and US and
it was OK, most of the delay come with ur SP changing their peerig or
redirecting their traffic. any way running VOICE over internet using IPSEC
is a cheap solution but it is has numerous external dependencies.
Some of my personal recommandation
1. use a Signle SP for all your site so your traffic is kept within the same
network as for as possible. soem of the Asia SP peer in US which makes the
ASIA -ASIA traffic pretty hard
2.USE pre qulaify
3. try avoiding split tunneling as the internet downlaod could swamp your
voice
4. USe ISR routers
5. use Codec 723 where possible
6. use some sort of monitoring system to monitor delay and latency or/and
use IPSLA to fall back to gateway incase of huge latencies
...
HTH,
Venkatesh
On 3/3/06, Tim <ccie2be@nyc.rr.com> wrote:
>
> Hi guys,
>
>
>
> Does anyone have any experience with running voip over a site-to-site
> IPsec VPN?
>
>
>
> Assuming the voice traffic is prioritized as it ought to be and the
> connection to the wan cloud is big enough, does the VPN processing
> slow down the voip traffic to the point where people used to toll
> quality voice would consider it un-acceptable?
>
>
>
> I'd appreciate all your thoughts and comments.
>
>
>
> TIA, Tim
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:38 GMT-3