LAN INFRASTRUCTURE
REQUIREMENTS FOR HPBX SERVICES
DATAVO IS NOT RESPONSIBLE FOR THE
CONFIGURATION OF INDIVIDUAL NETWORK DEVICES REQUIRED TO ENSURE CUSTOMER
SERVICES FUNCTION PROPERLY. THE
FOLLOWING INFORMATION HAS BEEN PROVIDED TO ALLEVIATE THE POTENTIAL OF A FAILURE
OR INCONSISTENT VOICE SERVICES AS A RESULT OF AN IMPROPERLY CONFIGURED LAN
ENVIRONMENT.
IP ADDRESSING
The Customer is responsible for providing the proper
static, public IPv4 addresses for all Datavo Hosted VoIP managed endpoints
(Service test point, analog and digital device gateways) within the Customer
Premises Network, typically only one to three addresses (later described as
CustPubIP#1 through N). These addresses must be contiguous, and begin with an
IP address that is a multiple of 4 or 8 in the last octet.
Customers are highly encouraged to provide a dedicated
IEEE 802.1q Virtual LAN for all phone and HPBX service devices to intercommunicate
within, in which case all phones will be provided private IPv4 addresses as
part of the Service. Customers providing
a dedicated IEEE 802.1q Virtual LAN are required to heed all LAN equipment manufacturers’
best practices to mitigate common Ethernet attacks such as “VLAN Hopping” and
“MAC Flooding” and provide security of the dedicated VLAN. Datavo is not
responsible for Service issues arising from Customer’s failure to prevent OSI
Layer 2-based attacks on VoIP endpoints.
Without a dedicated VLAN, the Customer will be required
to provide valid IPv4 addresses to Datavo for all phones as well. IN SUPPORT OF
FCC E9-1-1 REQUIREMENTS, THE IP RANGE USED FOR THE DATAVO HOSTED VOIP PHONES
MUST BE BUILDING SPECIFIC (i.e. AN IP RANGE CAN NOT SPAN DIFFERENT PHYSICAL
ADDRESSES).
If the Customer chooses to employ static IPv4 addressing,
then the Customer-provided IPv4 addresses, gateways, subnet masks must be
provided to DATAVO prior to staging and installation of the endpoints. If the Customer chooses to use the Dynamic
Host Control Protocol (DHCP) to provide these Customer IP addresses
dynamically, then the customer must ensure that any endpoint so configured will
be granted an IP Address lease by the Customer’s DHCP server within 30 seconds
of receiving a Request by a DATAVO Hosted VoIP endpoint.
REQUIREMENTS FOR
QUALITY OF SERVICE
QoS is necessary in IP networks due to the fact that they
are characterized by bursty traffic and “best-effort” delivery. This presents
significant problems for real-time applications like voice and video. Best
effort delivery may be acceptable for Web traffic or e-mail, but voice requires
the maintenance of service within various performance parameters in order to
achieve acceptable quality standards for business communications.
DELAY OR LATENCY
REQUIREMENTS
In order to have an intelligible conversation, the human
voice has to stay within an end-to-end perceptual “delay budget” as recommended
by the G729 specification. The
end-to-end (LAN and WAN) one-way delay budget for this service is 150 ms.
JITTER OR DELAY
VARIATION REQUIREMENTS
The effect of jitter in a VoIP network is to increase
both delay and packet loss. Jitter increases delay because a jitter buffer is
used to smooth out the inter-arrival times of the voice packets. Voice quality
will be affected if the Datavo requirement that the maximum jitter for voice
traffic exceeds 50ms, and the average jitter exceeds 13 ms, for any single
call.
PACKET LOSS
REQUIREMENTS
When voice packets are lost during transport in IP
networks, the result is a perceptual degradation in the quality of the end
users’ conversation. Datavo requires that packet loss not exceed 1%
PACKET
CLASSIFICATION AND MARKING
All voice packets transmitted via the Service are marked
by either the end user device (e.g, IP phones) or PSTN gateways. The customer
WAN and LAN components must preserve the setting in these packets, and should
prioritize the transmission of traffic marked with these settings over both WAN
and LAN, to maximize Voice over IP application performance. The packet markings
in the Differentiated Code Services Point field are Per-Hop-Behavior
Expedited-Forward (EF, decimal 46), for all real-time traffic. Web portal and
HVS Toolbar traffic will be marked as Best Effort unless otherwise marked by
the customer’s hosts or LAN infrastructure.
REQUIREMENTS FOR
SECURITY
Premises network security is the responsibility of each Customer.
The following guidelines have been developed to assist Datavo customers plan
and implement integration of hosted IP telephony into their existing IT
security framework. Customers are responsible for making the following
configuration changes, as well as determining whether their existing firewalls/network
security devices are technically capable of functioning securely for the voice application.
FIREWALLS/PERIMETER
SECURITY
Datavo requires that sessions using the following ports
and protocols be opened from outside any Customer firewall to specific inside devices
in order to not interfere with the passage of voice traffic and the operation
of Datavo- managed Hosted VoIP Service devices. These sessions will be
initiated from the following Datavo-defined public IP addresses designated
below, destined for one or more devices on the Customer’s network, with
Customer-provided Public IPv4 addresses.
|
Protocol
|
Destination Port(s)
|
|
Originating IPs
|
|
SIP
|
5060/UDP&TCP
|
|
216.130.48.200
|
|
SIP
|
5050/UDP
|
|
216.52.233.70
|
|
RTP
|
16384-25386/UDP
|
|
216.52.233.72
|
|
HTTPS
|
443/TCP
|
|
216.52.233.66
|
|
SSH
|
22/TCP
|
|
216.52.233.179
|
|
SNMP
|
161/UDP
|
|
|
|
ECHO
|
ICMP
|
|
|
|
HTTPS
|
443/TCP
|
|
|
|
SSH
|
22/TCP
|
|
|
|
SNMP
|
161/UDP
|
|
|
|
ECHO
|
ICMP
|
|
|
It is required that all traffic received in response to
valid sessions opened through the use of the Service will be passed through any
Customer firewalls without payload modification or translation.
All other traffic transmitted by Datavo will be for
sessions initiated from devices inside any Customer network security perimeter(s);
should the Customer’s network security policies limit outbound traffic or
inbound traffic in response to valid outbound sessions, additional policy
modifications may be required as specified by Datavo for successful operation
of the Service.
APPLICATION LAYER
GATEWAYS
Datavo strongly recommends that customers disable
inspection of SIP protocol traffic associated with the Service, in all
customer-managed Application Layer Gateways, firewalls, and Network Address
Translation devices.
Customers who choose to utilize a firewall, router or
other device to inspect SIP protocol traffic must configure it to perform as a
SIP-aware ALG, compliant with all SIP Methods contained in IETF RFC 3261, and
any future SIP standards as deemed appropriate by Datavo in the enhancement of
this Service. If the customer uses a private IP addressing scheme and uses NAPT
(Network Address Port Translation) to conserve the use of public IP addresses,
the customer’s firewall, or other device negotiating this translation, must
also provide a SIP-aware translation, in accordance with Datavo specifications,
to preserve proper performance of the Service.