The purpose of this document is to define the firewall and general router configuration necessary to implement Voice over Internet Protocol (VoIP) communications on a NEC SV9100 PBX across a local area network.
Disclaimer:
The information contained within in this document changes regularly to keep abreast of current trends. Best 4 Business Communications cannot accept responsibility for costs you may incur should it be necessary to update your network as a result of changes to this information.
The PBX requires two static IP Addresses outside scope of DHCP.
IP Address A - used for SIP and SDP
IP Address B - used for RTP
If the installation is to use IP handsets, then a sufficient quantity of DHCP addresses should be available.
Traffic to the following IP Addresses must be permitted.
SIP Server SBC | Ports |
93.95.124.0/24 | TCP/UDP 5060 + UDP 10000 - 60000 + ICMP |
46.102.218.74 | TCP 8000 + TCP 35300-35301 |
The following port forwards are required.
Purpose | Destination IP Address | Destination Port |
Admin | IP Address A | TCP 8000 |
Admin | IP Address A | TCP 35300 - 35301 |
SIP | IP Address A | UDP 5060 |
Audio | IP Address B | UDP 10020 - 10533 |
SIP | IP Address A | UDP 5060 |
Audio | IP Address B | UDP 10020 - 10533 |
The following port forwards are only required if 3rd Party SIP extensions or Proprietary NEC IP Phones are to be used from a remote location and a secure VPN is not practical. Only implement if specifically requested to do so by a B4BC engineer.
Destination IP Address | Destination Port | Purpose |
IP Address A | UDP 5080 - 5081 | Proprietary NEC |
IP Address A | UDP 5070 | 3rd Party SIP |
IP Address B | UDP 10020 - 10533 | RTP Audio |
SIP ALG (also known as SIP Transformation or SIP Helper) must be disabled on all routers.
SIP Application Layer Gateway (ALG) is common in many routers and in most cases enabled by default. Its primary use is to modify VoIP packets to aid NAT traversal. Active SIP ALG has been known to cause a mixture of problems by adjusting or terminating VoIP packets incorrectly, manifesting in a range of intermittent issues such as one way audio, dropped calls, problems transferring calls and handsets dropping registration.
B4BC will be unable to accept any faults or issues with its VoIP service if SIP ALG is enabled. For instructions on disabling this feature please refer to the specific router user guide.
The SV9100 PBX typically registers with the ITSP every 15 minutes and performs a SIP keepalive every 180 seconds. This is an outbound initiated connection utilising the UDP protocol.
Many routers will terminate idle UDP sessions after 30 seconds. The effect of this is that following SIP registration, inbound calls will only be successful for the first 30 seconds after registration. After 30 seconds, inbound calls will fail (Assuming the UDP connection has been idle) until the binding expires and the user agent re-registers or sends a keep alive.
To prevent this scenario, it is vitally important that the edge router’s UDP NAT session timer is set to a value of at least 200 seconds. Please refer to your vendor’s documentation for instruction.
Quality of service (QOS) refers to the ability of your router to prioritize voice traffic (VoIP) differently from regular internet traffic on your network. VoIP uses a real time protocol which means that if information is lost or delayed it will result in a noticeable drop in call quality or a complete loss of it. Symptoms of network congestion include garbled audio, dropped calls and echo. B4BC recommend that all VoIP installations have QOS enabled, however in certain scenarios, QOS may not be effective due to insufficient bandwidth, and a 2nd internet connection intended for the sole transmission of VoIP may be required.
A VoIP call consists of two basic components, signalling and RTP (the actual conversation). B4BC uses the G711 codec to encode RTP which requires 87 kbps per call. SIP itself uses up to 65.5 kbps per call.
To this end, sufficient bandwidth should be reserved to satisfy the quantity of voice channels and/or remote extensions connected to the network.
If you require VLANs to be used, we will need to know which physical access port/s to connect to in the case of port based VLANs. In the event that an IEEE802.1Q tagged VLAN is to be used, the PBX itself has to connect to an untagged access port that is a member of the required VLAN. The associated IP Handsets themselves support VLAN tagging so can be connected to tagged access ports. If necessary, the data VLAN can be presented on the secondary ethernet port on the rear of the phone. Depending on the capability of the host switch, LLDP can be used to steer the phones to the correct VLAN.