Embed Size (px)
Citation preview
Best Practices Guide for Over-the-Top (OTT) Deployment
This page intentionally blank
UNIVERGE Cloud Services
19 July 2015
Best Practices Guide for Over-the-Top
(OTT) Deployment
Table of Contents
Introduction page 4
NEC’s Unified Communication as a Service (UCaaS) or (nUCaaS) page 5
Understanding the infrastructure page 7
Network considerations page 7
Types of SMB networks page 9
Option 1
Option 2
Equipment page 12
Routers page 14
Switches page 15
VOIP Analyzer page 16
Troubleshooting Suggestions page 18
Conclusion page 21
Introduction
Unified Communications (UC) refers to the collaboration of voice, data, and different software
based applications in a business environment. When these intertwining communications are
hosted and managed by a service provider other than the end user (i.e., the PBX no longer
resides on the customer premise) it now becomes considered a “cloud” service. Cloud services
allow companies different ways to mitigate the capital and operating expenditures of owning,
implementing, and maintaining on premise hardware. These functions or services include
Storage as a Service (“SaaS”), Infrastructure as a Service (“IaaS”) and Platform as a Service
(“PaaS”). Unified Communication as a Service, or “UCaaS” for short, refers to the delivery of
collaborative voice, data and business applications to the end user as a cloud based service.
“nUCaaS” is NEC’s UCaaS service offering. Some of the many different types of services
delivered by NEC under the nUCaaS umbrella include voice telephony, web services, audio and
video conferencing, call center as a service, and unified messaging.
NEC enables the customer to connect from the customer’s premise to the nUCaaS cloud in a
couple of fundamental ways. The preferred method is via a dedicated, NEC provided, MPLS
circuit from the customer’s premise to the nUCaaS cloud. This is preferred because it provides
visibility to NEC for monitoring and managing the WAN (or circuit side) of the customer’s
connection to the nUCaaS cloud. It will also provide Quality of Service (QoS), eliminate the
need for NAT in the network and will enable NEC to be proactive in detecting and addressing
any performance degradation of the customer’s service that may occur on the managed circuit.
An alternative method of connecting from the customer’s premise to the nUCaaS cloud is by
the use of customer-provided bandwidth, i.e. an unmanaged Internet Service Provider (ISP)
WAN connection to an Internet. This method of connectivity is often referred to as “Over-The-
Top” (or “OTT”) connectivity and it’s suitability for any particular customer deployment is
subject to certain networking guidelines. For deployments that wish to use OTT connectivity,
NEC requires that the customer provided bandwidth be in accordance with the quote provided
for the service. It would be the customer’s responsibility to increase the bandwidth accordingly
to support service expansions as they occur. Furthermore, the customer must use an NEC
approved CPE demarcation device, have adequate voice and data segmenting on their network
and receive a “Pass” result on both a network (circuit/WAN) side and local area (LAN) side VoIP
ready check as performed by the NEC Associate. All OTT deployments over 25 users require a
design review between NEC and the NEC Associate.
For customer deployments where an NEC-provided MPLS circuit is used (due to the ability for
NEC to monitor the managed circuit), NEC can provide the customer with a Service Level
Agreement (“SLA”) that provides significant availability assurances backed with service level
credits. A Service Level Agreement for OTT deployment with a “Pass” result is available;
however the availability assurances provided for the OTT deployment reflect that of a non-
managed circuit environment (i.e. without service level credits) and is delivered as a best effort
deployment.
Some of the biggest concerns when contemplating the migration from a typical premise based
VOIP solution to a hosted Cloud based solution are first and foremost voice call quality; with
network security, startup and conversion costs, pre and post-sales technical support, and
network scalability or growth finishing off the list. As the technology to support Cloud services
grows, the possibilities for smaller sized customers to offer greater business services and
applications to their customers become more financially feasible. Because the Cloud can offer
both flexibility and agility in key areas of UC deployment, a well thought out network design
and implementation is important. This document is intended to provide insight into best
practices for configuring nUCaaS SMB OTT deployments.
NEC’s Unified Communication as a Service (nUCaaS)
Bringing to the table over 100 years experience in both TDM and IP telephony, NEC is offering
end to end hosted telephony solutions through its Cloud Services division. With its completely
hosted behind the scenes telephony solution, NEC’s UNIVERGE Cloud Services for UCaaS,
nUCaaS is able to deliver on-premise voice quality services from the cloud. By following
established industry standards and guidelines for VOIP network deployments nUCaaS is able to
completely monitor, troubleshoot, and provide quality technical expertise to its customers for
all of its currently hosted services. With this in mind, nUCaaS strives to implement next
generation Cloud telephony technology on the customer’s solid functioning switched IP
network. NEC Cloud Services works with each of its customers through authorized dealers to
achieve optimal network performance while providing for flexibility in growth and ease of
maintenance. One goal of nUCaaS is to use NEC’s tenure in the marketplace and experience
gained along the way to provide its Cloud customers the very best experience as they embark
on the challenge of utilizing next generation technology to provide legacy telephony services.
Figure 2
Understanding the infrastructure
The networks that are in place today look very different than the networks of yesterday. It used
to be that small networks only had computers and servers connected to them. The network
was built to be as a best effort delivery mechanism, where delay and loss of information
between devices was something to be dealt with. Today, most networks have an over
saturation of devices needing to gain access to the IP infrastructure. Desktop computers, fax
machines, wireless PDA’s, Servers, home appliances, video servers and numerous types of VoIP
terminals all are fighting for bandwidth, precedence, and addresses on this converged network.
While each and every network functions the same in terms of the sending and the receiving of
traffic (either locally or across the Internet), each network can be routed and switched
differently depending on numerous criteria. When the addition of voice traffic is added to that
switched data network, each end user can also have different expectations when it comes to
voice call communications. In an effort to provide the very best voice communications over the
Cloud, nUCaaS critiques each customer infrastructure so that a solid foundation is built starting
with the deployment of devices on the IP network. When evaluating the existing customer
network design for possible Cloud deployments of 24 voice users or less, nUCaaS has adopted
two physical network design implementations to assist dealers in building solid customer
network bases from which Cloud services and applications can be implemented. Two repetitive
elements of a well functioning voice and data network are segmentation of traffic and quality of
service. Each of these will be further described in the upcoming sections.
Network Considerations
When designing any VOIP network, de facto industry standards suggest that the voice and data
traffic routed across the Local Area Network (LAN) be physically or virtually segmented and
priority given to the transmitting of voice traffic. Because the RTP traffic which carries the voice
packets is never resent over the network it is imperative that this type of traffic reach its
destination in a sequential order and in a timely manner. If this traffic is lost or delayed for any
reason the quality of voice calls over that network suffers (choppiness of conversation, one way
audio conversations, dropped words, etc). To complicate matters, even though the company
internal LAN is optimal in design yet utilizes an Over-The-Top (OTT) solution, the best effort end
to end internet connection may be the bottleneck. Over-The-Top simply refers to the
distribution of media over the Internet without the use of an operator to control content
delivery and is described as “best effort” traffic. Given the challenges of Internet connections
and bandwidth oversubscribing there is little the customer can do short of replacing the
connection with a managed dedicated circuit or obtaining some sort of Service Level
Agreement (SLA) from the provider specifying a guaranteed amount of bandwidth.
Implementing Quality of Service (QoS) on the network is giving some type of priority to the
traffic that is transmitted over the LAN. Most often voice traffic is given QoS over regular data
traffic. This can be accomplished in many different ways with proper design of the network as
well as careful consideration of exactly what traffic is most important. The most common types
of QoS are IP Precedence and Type of Service. Additionally, physical configuration of the ports
on managed switches can also assist with this implementation. NEC Cloud Services is fully
capable of assisting in the proper design or layout of the network to accomplish this task.
There are several network quality requirements that NEC requires be met before deployment
of any hosted VOIP telephony services. In addition to this, once the deployment is
implemented, these parameters need to be periodically monitored so that in the event of any
call quality issues coming forth any one of these items can be quickly dismissed once remote
access to the customer demarc router has been established. At a minimum these criteria
include:
The Local Interface to which the VoIP terminals and/or software terminal connects
must meet 802.3af Ethernet standards (use of PoE L2 / L3 switches)
Sustained packet delay one-way should be less than 100 milliseconds optimal, with a
maximum of 150 milliseconds one-way
Sustained jitter should be between 10-150 milliseconds optimal with maximum of 300
milliseconds
Sustained packet loss of 1% or less is recommended with the maximum of 3% from
end to end
Bandwidth usage will vary depending on the media, payload and audio algorithms
utilized. QoS (IP Precedence /Type of Service) needs to be implemented.
Bandwidth and Latency (ANOP-01-003a) requirements for determining the sustained
amount of bandwidth required (128K per call @G711)
Mean Opinion Score (MOS) voice calls of 4.0 or more
Types of SMB networks
NEC Cloud Services is categorizing SMB networks into three different designs based on how the
customer currently has it deployed. The first design is one which has the voice and data
networks physically separated by switches.
The second design is one that has data devices are plugged into the back of the phones (which
is serving as a switch port) and the phone is cabled to a managed switch again providing PoE.
The managed switch is configured with two Virtual LANS (VLANs) on it; one for voice traffic and
the other for data traffic.
The third design is one which has VLANs set up on a managed switch and uses a dedicated WAN
link from the router through the Internet. Examples of this type of link could be a T1 (1.54Mb)
or an MPLS (1.5Mb or 3Mb) circuit. The additional costs associated with this link provide the
customer with some type of SLA that mandates a specified amount of bandwidth at all times
from the Provider. While this document only covers OTT based solutions, additional specifics
on the nUCaaS hosted MPLS solution can be found in the NEC Cloud Services (nUCaaS) Best
Practices Guide to MPLS Deployments in SMB Markets (document is currently in draft status).
Network Design Option 1
The network design for option 1 typically shows a network that has both voice and data
networks physically separated. Every data device has its own Ethernet cable run back to a non
PoE switch and every phone is cabled into a PoE switch or has an AC adapter supplying AC
power. Every device on the LAN has a separate IP address based on DHCP address schemes and
this can be configured on the demarc router. Traffic from one subnet does not traverse onto
the other and if the switches do not support QoS then it will only be applied as the traffic is
directed in and out the demarc router. The demarc router on site serves to direct any traffic
destined for the Internet out the WAN interface where it then becomes best effort traffic while
traversing the Internet.
Network Design Option 2
The network design for option 2 is configured so that computers are plugged into the back of
the NEC Dterms using the built-in switch port. The Ethernet cable run from the Dterm to the
switch carries both voice and data traffic. At this point the voice traffic can be “tagged” with a
VLAN ID as it enters the managed switch. If this switch is not PoE then all Dterms must have
some sort of AC power adapter to supply power. Any other data devices (printer, DHCP server,
etc) would have a separate connection on the LAN back to the data VLAN. After configuring the
managed switch to provide the rules which regulate the movement of packets across the LAN
(VLAN tags, queue priorities, VLAN trunking, etc) the switch is then cabled to an interface on
the router. A Fast Ethernet interface on the router then serves as the physical link to the ISP.
As traffic enters the managed switch it is queued or managed based on the configuration
programmed on the switch. QoS may be adopted at this point with the voice traffic given a
higher priority. Different switches offer different modes of QoS and it is advisable to discuss
these parameters with nUCaaS prior to deployment. Once the prioritized voice traffic destined
for the NEC NOC enters the demarc router it may also be given some type of priority either
based on Ingress properties (coming in) or Egress (going out) properties out the WAN interface.
Nonetheless, once the traffic (either voice or data) traverses the Internet it all becomes best
effort once again with no QoS implied or given.
Equipment
In an effort to alleviate all possible known or unknown hindrances on a customer’s routed
network and to also verify the network’s ability to support quality Cloud telephony services via
the OTT WAN link, NEC has partnered with Adtran (www.adtran.com) to bring forth a complete
line of high performance routers, switches, and Business gateways at very reasonable prices.
These devices are expected to be implemented into the network where needed to facilitate
routing to the WAN interface. These devices will be implemented into the network with
minimal disruption to the customer and with the full technical support of the NEC dealer and
the nUCaaS team. The nUCaaS team will look at all currently configured devices on the network
to verify that they are able to support the requirements of the network in a hosted
environment.
In addition to the available routers and switches, NEC has implemented a network monitoring
process used to help determine the quality of the network before actual deployment. The
monitor tool (VOIP Analyzer) is able to perform both live and scheduled tests on the network to
assess its overall performance for any specified time duration and is a pass/fail test that
determines the capacity of the network infrastructure’s current configuration to support VoIP
traffic. VOIP Analyzer will be administered as part of every IP Telephony implementation but
will be required for ALL Over-The-Top WAN connections to an ISP. Because of the best effort
“no QoS implied or given” bursty nature of Internet traffic, this requirement has been adopted
to help minimize the trouble-shooting process and lessen the chance of voice issues occurring
after deployment. A failing report on the network means that the network as a whole is not
conducive to support a toll quality VOIP Cloud deployment and must be resolved before
proceeding.
The preconfigured monitoring tool will host a connection from the customers’ on premise
network to a NEC server gathering data in one of NEC’s redundant data centers. The test shows
results for the call quality (MOS) and QoS (jitter, delay, and packet loss) performance of the
expected volume of VoIP Traffic to be supported by the network. The VOIP Analyzer will also
deliver a network speed test, a traffic capacity test and a firewall test. This service however,
does not provide analysis regarding specific network impairments or recommendations for
remediation. If the customer requests this information, they should be encouraged to purchase
a full VoIP Network Assessment. The VOIP Analyzer will be remotely administered for a period
of 7 days on the customer network. The NEC Associate must schedule this monitor service with
NEC’s Cloud Network Operations Center (NOC) a minimum of two weeks prior to any scheduled
customer cut-over.
The currently preferred network hardware devices being offered by NEC for placement on
premise on a customer’s network are listed below. There are other devices available
depending on the needs and requirements of the network and these specific cases should be
discussed with the NEC Associate’s Account team.
Demarc Routers
The demarc router that nUCaaS will be deploying for all OTT deployments where the customer
WAN connection is 20Mbps or greater will be the NetVanta 3140. For any OTT deployment
with a customer WAN connection of 20Mbps or less the NetVanta 3120 will be deployed.
Additional parameters and feature of each router is described in the next section and for more
detailed information of the parameters and feature specifications of each device please refer to
the ADTRAN Hardware Feature Specifications and Matrix Guide for UCaaS Shipped Routers and
Switches document.
NV 3140 (P/N 0410441)
The NV 3140 is a high-performance router supporting three fixed, autosensing LAN or WAN
facing Gigabit Ethernet interfaces. It is ideal for multiple applications where Ethernet
redundancy is needed. This can be achieved with two Ethernet delivered access services
providing immediate failover to the active link anytime a link down event occurs. Also, since
many customer networks still feature separate voice and data network the NV 3140 is a perfect fit
with two Gigabit interfaces routing the LAN voice and data traffic and the third port serving as
the WAN interface connecting to the Internet.
QoS is supported on t he NV 3140 for delay-sensitive traffic like VoIP or video. To prioritize
mission-critical traffic and control network congestion the NV 3140 supports Low Latency
Queuing, Weighted Fair Queuing (WFQ), Class-based WFQ, and DiffServ marking. Also
functionality in the NV 3140 provides for a powerful, high-performance stateful inspection
firewall. The firewall can identify and protect against common Denial of Service (DoS) attacks like
TCP syn flooding, IP spoofing, ICMP redirect, ping-of-death, and IP reassembly problems. The
NetVanta 3140 also supports IPSec compliance for VPN access.
NV 3120 (P/N 0410294)
This access router supports a single 10/100Mb Fast Ethernet interface and a 4-port switch. The
NV 3120 is ideal for Internet access using broadband connectivity such as DSL or cable. The
3120 supports VLAN tagging and trunking, static and default routes, and demand routing, for
fast, accurate network convergence. QoS is also supported for delay-sensitive traffic. It
supports standard queuing mechanisms; LLQ, WFQ, and Class-based WFQ, as well as DiffServ
marking to establish the priority of IP packets.
L2 switches
1234 (P/N 0410078) / 1234P (P/N0410080)
This layer 2 switch comes in both Power-over-Ethernet (PoE) as well as non-PoE flavors. It
includes 24 - 10/100Base-T access ports and 2 - combo 1000Base-T/SFP Gigabit Ethernet Ports
and 2 - Enhanced (1Gbps/2.5Gbps) SFP ports. Features include 32 Static Routes, 802.1Q
VLANs, GVRP, and 802.1p/DiffServ QoS. The devices will provide up to 15.4 watts/port (370
watts) of 802.3af compliant power. 19" Rack mount 1U housing. Current supported SFP
modules include 1000Base-SX, 1000Base-LX and SFP interconnect cable.
1531 (P/N xxxxxx) / 1531P (P/N 0410296)
Both models of the 1531 (PoE and non-PoE) have a 8 -10/100/1000Base-T POE access ports, 2 –
1000Base-T, and 2 - Standard SFP Gigabit Ethernet Ports. Its features include 16 Static Routes,
802.1Q VLANs, GVRP, 802.1p QoS, 802.1w Rapid Spanning Tree, 802.3ad Link Aggregation, Auto
MDI/MDI-X, CLI, HTTP GUI, SSH, SSL, RADIUS, SNMP. The unit’s 8" width allows 2 units to be
mounted side-by-side in a standard 19" Rack. It also supports 1000Base-SX and 1000Base-LX
SFP modules.
VOIP Analyzer Monitor tool (P/N 0410335)
VOIP Analyzer (as previously described) measures the expected call quality (Mean Opinion Score –
MOS, based on modified version of the ITU g.107 standard E-Model equation) and quality of
service (QoS) performance (jitter and packet loss). The objective estimation of a MOS takes into
account important factors that effects call quality in any VoIP implementation, such as codec,
delay, loss data and jitter. A higher MOS estimate indicates higher call quality; a MOS of 5 is
excellent; while a MOS of 1 is unacceptable.
The following table (taken from ITU G.107) summarizes the relationship between the MOS and the
user satisfaction:
Mean Opinion Score
(lower limit)
User Satisfaction
4.34 Very satisfied
4.03 Satisfied
3.60 Some users dissatisfied
3.10 Many users dissatisfied
2.58 Nearly all users dissatisfied
The pass/fail grade is based on the Mean Opinion Score (MOS) of the expected amount of VoIP
calls to be transported over the carrier network. If MOS results show less than 4.03 during the
period of testing, NEC recommends that the customer perform a complete Network VoIP
Assessment to determine the spot(s) in the network that require upgrades or tweaking of the
device’s configuration to guarantee optimum voice quality. If MOS score is less than 4.03, NEC’s
Network Operations Center will fail this test and the project will be placed on hold status until the
network is optimized for voice. The test will need to be re-administered again for a period of 7
days to be scheduled with NEC NOC. Please refer to Figure 2 above to see Cloud connection of the
VOIP Analyzer.
The VOIP Analyzer devices will be pre-configured to find its home server located within the NEC
Cloud Services NOC when the unit is brought online. After order placement the NEC Associate will
place the preconfigured VOIP Analyzer device on to customers’ network. The test will simulate a
number of calls over the customers’ internet circuit every hour for the check period. This will
generate a report that will be evaluated by the NOC to determine if the environment will be able
to support OTT connection adequately. It must be taken into consideration that the test will only
monitor the circuit and determine viability of the customers’ circuit during the period of time that
the test is being administered. It is in no way a guarantee that the customers’ overall network
would not have connectivity issues at any given time based on Internet best effort. OTT is a best
effort SLA from any given provider and NEC does not in any way guarantee the customers’ circuit
stability or bandwidth expectations.
Once the monitoring period has ended and the results gathered, nUCaaS engineers review and
analyze the findings. A failing network would incur several sustained instances of excessively high
jitter rates and / or high percentages of network packet loss. Furthermore, if the averages for the
MOS scores continuously dropped below 3.0 the network would also fail. A passing network
would be produce very minimal jitter or packet loss as well as produce MOS scores of 4.0 or
higher. With test results falling between these two defined outliers or parameters, the Associate
and customer must tweak performance levels on the network and outcome results will be on a
case by case basis. In certain cases the monitor process may be performed a second time once
network tweaking has concluded to verify changes.
Trouble-shooting Suggestions
Over the course of time in dealing with OTT implementations and the plethora of WAN supplied
routing devices installed NEC has gained much insight into necessary changes that need to be
implemented on these devices. By making these changes the quality of voice calls has increased as
well as other trouble issues with calls decreased. Below are some suggestions that NEC suggests
trying if the ISP supplied WAN link router is suspect. As always, with any voice issue or down
system call into the NOC’s support line for immediate assistance.
If you are having issues with dropped or choppy calls, please follow these steps:
1. Reboot the premise gateway router
2. Verify that SIP ALG and or SIP Helper/Fix up is turned off on your gateway router
Having SIP ALG or Helper implemented makes your gateway router attempt to
correct for NAT Traversal difficulties by manipulating the contents of the SIP
Header fields.
Leaving the SIP ALG enabled on your gateway router is most likely going to break
SIP connection between your phones and the NEC Cloud VoIP system. This
happens because your gateway router is rewriting the SIP headers needed to
make the VoIP system work.
Leaving SIP ALG on is not supported on the NEC Cloud VoIP system
3. Common issues related to having SIP ALG turned on your gateway router:
Voice traffic only goes one way (end user can hear you but you can’t hear them)
Strange error messages when attempting to make calls
Incoming calls to users do not connect, go straight to voicemail
The call gets setup but no voice traffic can be heard
IP phones reboot a lot, cannot stay registered to the VoIP PBX
4. To turn off Cisco “SIP Fixup” (SIP ALG)
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-
mt/nat-15-mt-book/nat-tcp-sip-alg.html
On routers:
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
On ASA firewalls
Go to policy-map global_policy > class inspection_default and enter:
no inspect sip
On Pix firewalls
no fixup protocol sip 5060
no fixup protocol sip udp 5060
5. For Adtran routers:
Command line: no ip firewall alg sip
Web Interface:
Under Firewall settings go to Firewall/ACLs,
There's a tab for ALG Settings, under that tab you'll see the following:
SIP ALG – Disable this setting
6. Sonicwall
Uncheck box "Use SIP Header Transformation"
Enable consistent NAT
7. Fortinet
From CLI interface, type the following commands:
config system session-helper
show system session-helper (look for the session instance that
refers to SIP, should be #12)
delete 12 ***** example only, be sure to select the
corresponding number to be deleted *****
Confirm deletion of session-helper entry by running the "show system
session-helper" command again. #12 will be there because #13 moved up in
rank, but no reference to SIP or port 5060 noted.
End
8. Netgear:
http://documentation.netgear.com/dg834n/enu/202-10197-02/Advanced.7.2.html
9. Linksys:
10. For all other manufacturers, please check their documentation to disable any SIP ALG
functionality.
Conclusion
In conclusion, NEC continues to remain a leader in the deployment of voice telephony and
strives to apply the latest industry technology in the marketplace. With over a century of
legacy PBX and telephony application experience NEC Cloud Services (nUCaaS) continues to
build upon this rock solid foundation. NEC is committed to remain being a global partner in the
telephony market and its introduction into hosting Cloud telephony services and applications
brings forth both new rewards as well as new challenges. NEC Cloud Communications
continues to develop and adopt new industry technology as part of its Cloud hosting platform
and is continuously adding service functionality and applications to it platform.
As part of this hosting platform NEC Cloud Communications is committed to bringing toll quality
voice communications to the SMB market. With knowledge gained in the legacy PBX markets,
as one telephony challenge is encountered and overcome that earned experience brings forth
added value to both the nUCaaS platform as well as those that it supports. While the
traditional switched IP networks supporting telephony bring forth many challenges for the
Cloud, the NEC support team and its partners offer the service, the knowledge, and the
commitment to providing the highest level of service.
For additional information or questions please feel free to contact your NEC Account Manager.
For nUCaaS Post-Sale Technical Support please contact:
Project Management
Availability: 8:00 am – 5:00 pm EST
Email: [email protected] Technical Support
Telephone: (800) 852-4632, Dial (Option 7) Availability: 24/7 x 365
Email: [email protected]
Web: Browse to https://help.neccloudsupport.com
NOTE: If you are a new user click on the “Sign-In” button at the top right of the
page then click the link below the sign in box that says “Sign Up”.
