The purpose of this document is to define the firewall and general router configuration necessary to implement B4BC’s Voice over Internet Protocol (VoIP) communications on a local area network.
This document is intended to be vendor neutral and is aimed primarily at readers who are not necessarily IT professionals, so explanations are offered throughout to justify the changes requested within, however some networking knowledge is assumed.
Outbound traffic to the following IP Addresses must be permitted. Most firewalls will automatically permit return traffic.
On more aggressive firewalls, it may be necessary to also permit inbound as well as outbound traffic from the following IP addresses to ensure SIP updates & acknowledgements are received.
We recommend allowing the entire range of addresses listed below as this will allow for future expansion of the VoIP Network while reducing the likelihood that you will have to modify your firewall rules in future.
IP Range 1 | Ports | IP Range 2 | Ports |
194.50.55.0/24 | UDP 5060 | 194.50.56.0/24 | UDP 5060 |
UDP 10000 - 20000 | UDP 10000 - 20000 | ||
UDP 53 | UDP 53 | ||
UDP 123 | UDP 123 | ||
UDP 21059 | UDP 21059 | ||
TCP 80 | TCP 80 | ||
TCP 443 | TCP 443 | ||
TCP 21050 - 21051 TCP 389 | TCP 21050 - 21051 TCP 389 | ||
Please note, these IP Addresses are subject to change.
IP Address | Ports | Function | URL |
194.50.56.35 | UDP 5060 | Phone Registration | hosted.sip2sip.net |
194.50.56.39 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast1.sip2sip.net |
194.50.56.40 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast2.sip2sip.net |
194.50.56.30 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast3.sip2sip.net |
194.50.56.29 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast4.sip2sip.net |
194.50.56.28 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast5.sip2sip.net |
194.50.56.27 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast6.sip2sip.net |
194.50.56.31 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast7.sip2sip.net |
194.50.56.32 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast8.sip2sip.net |
194.50.56.23 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast9.sip2sip.net |
194.50.56.24 | UDP 5060 + 10000 to 20000 | Voice Media Traffic | ast10.sip2sip.net |
194.50.56.26 | TCP 21050 - 21051 + UDP 21059 | CTI Server | uc.sip2sip.net |
194.50.56.37 | TCP 80 + 443 | Web Portal | hosted.b4bc.co.uk |
194.50.55.17 | UDP 53 | DNS | ns1.sip2sip.net |
194.50.55.15 | UDP 53 | DNS | ns2.sip2sip.net |
194.50.55.15 | UDP 123 | NTP | ntp.sip2sip.net |
194.50.55.37 | TCP 80 + TCP 443 | Phone Provisioning | provision.sip2sip.net |
If the above ports and IP Addresses are not permitted, various issues such as non registration, dropped calls or one way speech could occur.
The preferred IP address assignment mechanism is DHCP as installations typically take less time to complete. Static address assignments are only used when absolutely necessary. Please also refer to the section relating to VLAN.
SIP ALG must always be disabled on the sites edge router.
SIP Application Layer Gateway (SIP ALG) is common in many routers and in most cases enabled by default. Its primary use is to modify VoIP packets to aid NAT traversal. Active SIP ALG has been known to cause a mixture of problems by adjusting or terminating VoIP packets incorrectly, manifesting in a range of intermittent issues such as one way audio, dropped calls, problems transferring calls and handsets dropping registration.
For instructions on disabling SIP ALG, please refer to your router’s documentation.
B4BC will be unable to accept any faults or issues with its VoIP service if SIP ALG is enabled.
B4BC configures its VoIP user agents to perform a SIP registration every 600 seconds with the ITSP. This is an outbound initiated connection utilising the UDP protocol. The purpose of the registration is to inform the ITSP how to route calls to the respective user agent.
Many routers terminate idle UDP sessions after only a few seconds. The effect of this is that following SIP registration, inbound calls will only be successful for those first few seconds after registration. After this period, inbound calls will fail (Assuming the UDP connection has been idle) until the registration expires and the user agent re-registers.
To prevent this scenario, it is vitally important that the edge router’s UDP NAT session timer is set to a value of at least 620 seconds. Please refer to your vendor’s documentation for instruction.
Please ensure that the following URL’s are whitelisted on your web filtering platform:
http://provision.sip2sip.net This URL is used to automatically provision end user equipment.
Quality of service (QOS) refers to the ability of your router to prioritize voice traffic (VoIP) differently than regular internet traffic on your network. VoIP is a real time protocol which means that if information is lost or delayed it will result in a noticeable drop in call quality or a complete loss of it. Symptoms of network congestion include garbled audio, dropped calls and echo.
B4BC recommend that all VoIP installations have QOS enabled, however in certain scenarios, QOS may not be effective due to insufficient WAN bandwidth, and a 2nd internet connection intended for the sole transmission of VoIP may be required.
A typical VoIP call comprises of two components; signalling (establishing, maintaining and finalizing calls (SIP)) and voice media (your actual conversation (RTP)).
SIP will use a maximum of 65.5 kbits per call and RTP will require 87 kbps per call.
To this end, 153 kbps (rounded off) per phone on your network must be reserved and prioritised to ensure acceptable call quality.
We will need to know in advance which physical port to connect to in the case of port based VLANs, or any VLAN Tags which may be required for IEEE802.1Q type networks.
Disclaimer:
The information contained within in this document may change to keep abreast of current trends. Best 4 Business Communications cannot accept responsibility for costs you may incur should it be necessary to modify your network as a result of an update to this information.