Definitive MPLS Network Designs [Electronic resources] نسخه متنی

Layer 3 MPLS VPN Design for VoIP

EuroBank elected to move to a pure voice over IP (VoIP) solution for its telephony needs. The primary objective was to reduce costs through the transport of all the intra-holding voice calls (national as well as international calls) over the EuroBank MPLS infrastructure. Another objective was to take advantage of new services such as online access to a corporate telephone directory from the telephone and "follow-me" numbers. With these numbers, a mobile worker can log onto a telephone in any location and be reached at his or her regular phone number.

EuroBank decided to outsource its telephony services to a Telephony Service Provider (TSP) called PhoneNet. PhoneNet is a global TSP whose Managed Telephony Service covers all EuroBank locations (UK, Germany, Spain, and the U.S.). EuroBank's decision to rely on a Managed Telephony Service instead of running it itself was driven by the following motivations:

EuroBank did not have in-depth expertise with the VoIP technology.

Installation, operation, and maintenance of telephony devices across the many EuroBank locations would require a very heavy operational structure. (This is the same reason that drove EuroBank to use Managed CE routers in its branches.)

A TSP with many connection points to the Public Switched Telephone Network (PSTN) worldwide can offer efficient off-net call routing for both incoming calls (someone outside EuroBank calls someone inside EuroBank) and outgoing calls (someone inside EuroBank calls someone outside). Doing so minimizes international call costs.

Using a single TSP worldwide allows for the use of a uniform dial plan and consistent voice services throughout the EuroBank holding.

Because of these factors, PhoneNet could offer a feature-rich Managed Telephony Service at an attractive price.

The objective of this section is to describe how PhoneNet's Managed Voice Service operates within EuroBank's Layer 3 MPLS VPN design. It also briefly digresses from the EuroBank design to discuss how PhoneNet uses the Layer 3 MPLS VPN technology inside its own network to offer Managed Telephony Services to multiple customers. This is a very interesting application of the Layer 3 MPLS VPN technology on its own.

Although the low-level details of the VoIP design are outside the scope of this book, let's start by reviewing the high-level architecture of the Managed Voice Service design.

Architecture of the Managed Telephony Service

As part of the Managed Telephony Service, PhoneNet supports both on-net calls (between two EuroBank telephones) and off-net calls (between a EuroBank telephone and a telephone outside EuroBank).

PhoneNet provides and operates the following:

IP phones in every location of every EuroBank subsidiary.

Centralized call managers located in two London data centers. In each of these two data centers, PhoneNet runs a cluster of call managers. Each cluster has one to N processors (such as Windows or Linux servers) running the call manager application. Each cluster is provisioned and seen by the rest of the network as a single atomic call manager.

Note

Call managers are centralized devices involved in VoIP signaling with IP phones. For example, the call manager is responsible for converting the telephone number that the user dials into the IP address of the called IP phone. You'll read more about the call manager's involvement in VoIP signaling later.

To support off-net calls, PhoneNet also provides IP interconnections of the EuroBank intranet to PhoneNet's VoIP backbone. The backbone is interconnected in many places to the PSTN as well as to other VoIP telephony service providers.

Figure 6-18 illustrates how the Managed Voice Service provided by PhoneNet integrates into EuroBank VPNs.

Figure 6-18. Architecture of the Managed Voice Service Provided by PhoneNet

Data Center Layer 3 MPLS VPN Design" section (including NAT and virtual firewalls, as well as redistribution of reachability across shared and nonshared VPNs) ensure that, as with the shared servers, the call managers can communicate with devices in any VPN.

For the same reasons, the IP links attaching the EuroBank intranet to the EuroBank VPN on PhoneNet's VoIP backbone (which provides support for off-net calls) are also attached to the EuroBank Shared VPN.

Figure 6-19 shows the equipment deployed in EuroBank data centers by PhoneNet for the Managed Voice Service. It also shows how this equipment attaches to the EuroBank Shared VPN.

Figure 6-19. Managed Voice Service Deployment in Data Centers

Data Center Layer 3 MPLS VPN Design," the NAT and virtual firewall entity can ensure basic connectivity among the call managers and IP phones. However, this is insufficient to ensure proper VoIP signaling operations. VoIP signaling protocols encode IP addresses and port numbers inside the body of their messages to communicate those to other entities involved in VoIP signaling. (For example, the call manager tells an IP phone the IP address of the remote IP phone to transmit the voice stream to.) Although regular NAT operations would translate address and port information inside the IP packet headers, they would not automatically translate address and port information buried inside the VoIP signaling. That information would be received as sent and thus would be meaningless to the entity receiving the VoIP signaling message. This NAT- traversal problem is not specific to VoIP signaling. It is generic to any application involving signaling of address and port information. A common solution to this problem involves activation of an application-level gateway (ALG) on the NAT device. This ALG understands the specific protocol involved and performs the necessary translation of address and port information wherever it may appear inside the protocol messages. In the context of EuroBank, such an ALG has been activated on the NAT and firewall device to ensure proper VoIP signaling operation. This ALG supports the specific VoIP signaling protocol used by the call manager and IP phones in EuroBank.

We will now discuss in more detail how the VoIP Signaling ALG operates in conjunction with the call manager and VoIP signaling to achieve proper call handling in a EuroBank VPN as well as across VPNs.

On-Net Voice Call Within a EuroBank VPN

[SCCP] and Session Initiation Protocol (SIP); see [SIP].) However, the key conceptual steps generally include the following, as illustrated in Figures 6-20 and 6-21:

Figure 6-20. IP Phone Registering Phase

[View full size image]

Figure 6-21. On-Net Intra-VPN Voice Call

[View full size image]

IP phone registering phase This is shown in Steps A and B in Figure 6-20. This phase happens whenever an IP phone boots. It contacts the call manager to indicate its presence and IP address.

When doing so, the IP phone encodes its "inside" address. The ALG intercepts this signaling message and replaces the inside IP address with a dynamically allocated outside IP address. The NAT and virtual firewall device stores the corresponding address/port translation state. The signaling messages finally reaches the call manager, which sees only an outside address for the registering telephone and which populates those outside addresses in its telephone number translation table.

Call signaling phase This phase happens when a user dials a telephone number on an IP phone.

The calling telephone conveys via VoIP signaling to the call manager the called telephone number as well as the (inside) IP address and port number it will use for the media stream (Step 1 in Figure 6-21).

The call manager looks up the called telephone number in its telephone number translation table, which returns the outside address of the called IP phone. (The translation table was populated in synchronization with the NAT and virtual firewall device, as discussed in the registering phase.)

The call manager sends a VoIP signaling message to the called IP phone (Step 2 in Figure 6-21), which includes the IP address and port as signaled by the calling telephone in Step 1 (hence, in inside format).

The ALG intercepts this message. Because it realizes that both the calling and called telephone are in the same "inside" domain, the ALG does not translate the IP addresses and port numbers in this signaling message.

The called telephone returns its inside IP address and port number to the call manager (Step 3 in Figure 6-21), which eventually signals those to the calling phone (Step 4 in Figure 6-21). Similarly, the ALG does not translate the (inside) IP address and port number encoded by the called telephone, because the calling telephone is in the same "inside" domain.

At this stage, both IP phones have been provided with the "inside" IP address and port number of the remote telephone. They can exchange the voice media streams directly with each other using those (Step 5 in Figure 6-21).

Hence, although signaling messages are exchanged between the shared VPN and a nonshared VPN (the UKI VPN in Figure 6-21) and they transit through the NAT and virtual firewall device (and its VoIP signaling ALG), the media stream travels directly from telephone to telephone inside the VPN without transiting through the NAT and virtual firewall device.

On-Net Voice Call Across Two EuroBank VPNs

Figure 6-22 illustrates the steps involved in establishing a voice call from IP phone 2 in the UKI VPN to IP phone 3 in the GerBank VPN.

Figure 6-22. On-Net Inter-VPN Voice Call

[View full size image]

The same signaling steps occur as those described previously for a call in a VPN. The key difference in the case of a call across VPNs is that the VoIP signaling ALG in the NAT and virtual firewall device realizes that the two telephones are not in the same VPN. Thus, it translates the "inside" address and ports signaled to the remote telephone in the body of the signaling messages into "outside" address and port. The net result is that each IP phone believes it is talking to an IP phone located in the Shared VPN, and the NAT and firewall device is responsible for performing the corresponding NAT function on the media stream. Note that the virtual firewall device allows communication only between two nonshared VPNs for flows explicitly recognized as properly signaled voice calls.

So, in the case of a voice call spanning multiple nonshared VPNs, signaling messages are again exchanged between the shared VPN and a nonshared VPN (the UKI VPN and GerBank VPN in Figure 6-22). They transit through the NAT and virtual firewall device (and its VoIP signaling ALG). However, the media stream travels between two nonshared VPNs via the NAT and virtual firewall device. This is how calls can be established between telephones located in different VPNs and using incompatible (and potentially overlapping) "inside" addresses and also without compromising the fundamental EuroBank requirement to isolate devices in different nonshared VPNs.

EuroBank considered another approach to integrate the Managed Telephony Service inside its environment. The idea was to create an additional VPN (a "voice VPN") in which to attach all the IP phones and call managers and that would be isolated from all the other devices. However, EuroBank dismissed this option because it could not cope with telephony applications that are not based on dedicated telephone hardware (such as softphone applications running on PCs, which EuroBank was considering deploying). Also, extending an additional VPN to every location raises serious issues for some locations, such as the branches connected via a managed VPN or Frame Relay network.

Layer 3 MPLS VPN Design Within PhoneNet and EuroBank Off-Net Voice Calls

Let's leave the EuroBank intranet environment for a moment and consider the infrastructure PhoneNet uses to build its Managed Voice Services for EuroBank as well as many other customers. PhoneNet chose MPLS and Layer 3 MPLS VPN technology as the basis for its VoIP infrastructure because it easily addresses PhoneNet's requirement for isolation across its many Voice Services customers. This technology also allows all these customers to access some PhoneNet shared resources such as media gateways and media gateway controllers providing interconnection to the PSTN.

This is achieved using the well-known rainbow VPN design. Rainbow VPN ensures that devices attached to that VPN can communicate with devices attached to VPNs of any "color"in other words, with devices attached to any VPN. In this design, the following rules are followed:

Each managed voice customer belongs to a separate VPN over the PhoneNet Layer 3 MPLS VPN network (such as EuroBank being supported as its own dedicated VPN over the PhoneNet network).

All the shared PhoneNet resources (PSTN media gateways and media gateway controllers) are attached inside a rainbow VPN.

All the routes in the rainbow VPN are redistributed into every Voice Services customer VPN.

All the (necessary) routes in every Voice Services customer VPN are redistributed into the rainbow VPN.

The two last points are very easily achieved through appropriate additional route target import and export statements at the PE routers.

Figure 6-23 shows the VPNs PhoneNet uses to support its managed Voice Services in this manner.

Figure 6-23. PhoneNet Layer 3 MPLS VPNs and Off-Net Voice Call

[SIP]) or H.323 (see [H323]), the call manager signals call establishment to the media gateway controller, including the IP address and port for the media stream on the calling side (Step 2 in [SS7]) (Step 3 in [MGCP] or [MEGACO]) the media gateway for the corresponding media stream on its IP side (Step 4 in Figure 6-23).

- It tells the call manager the IP address and port number for the media stream (Step 5 in Figure 6-23).

The call manager eventually returns this IP address and port number to the calling telephone (Step 6 in Figure 6-23).

Finally, media streams can be exchanged directly between the calling IP phone and the PSTN media gateway.

The details of these steps and their relative sequencing depend on the actual signaling protocols used at the various steps and on voice features activated for the call.

With off-net call establishment, the call manager can select which media gateway controller to signal. In turn, the media gateway controller can select which of the media gateways it manages to route the voice call through. Thus, PhoneNet can achieve very efficient voice routing to maximize transport of the call over its MPLS packet infrastructure and hence minimize its use of PSTN on long distances. For example, if a user in a UKI branch in Manchester calls an external telephone in Los Angeles, PhoneNet can ensure that this call is carried to the U.S. over its MPLS network and only enters the PSTN through one of its media gateways in California (say, in Los Angeles). This ensures that only the cost of a local call will be charged by the destination PSTN operator, which eventually translates into significant savings for EuroBank.

Definitive MPLS Network Designs [Electronic resources] نسخه متنی

فارسی

کردی

العربیه

اردو

Türkçe

Русский

English

Français

کانال فیلم من

تبیان من

فایلهای من

کتابخانه من

پنل پیامکی

وبلاگ من

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی