WhitePaperCNC.pdf
(
1131 KB
)
Pobierz
IP Telephony
Contact Centers
Mobility
Services
WHITE
PAPER
Implementing an Avaya IP Telephony
Control Network On An Existing LAN
S8700 Media Server Series Version 1.0
Modhumita Ghosh
March 2005
avaya.com
Table of Contents
Section 1: Converged Communications security Introduction
..................................... 1
1.1 S8700 Media Server series System ................................................................... 1
1.2 Control Network .............................................................................................. 2
Section 2: Glossary
............................................................................................................ 2
Section 3: System Availability and Reliability
................................................................ 2
Section 4: impacts
............................................................................................................. 3
4.1 WAN Remote Port Networks ............................................................................. 3
4.2 Encryption ...................................................................................................... 5
Section 5: Network engineering guidelines
.................................................................... 5
5.1 Control Bandwidth Requirements ...................................................................... 5
5.2 Network Tolerances ......................................................................................... 5
5.3 QoS Requirements .......................................................................................... 6
5.4 Network Configuration Planning ........................................................................ 7
Section 6: Security Concerns
........................................................................................... 9
6.1 Firewalls ........................................................................................................ 9
6.2 Control Network Encryption ............................................................................ 10
6.3 Virtual Private Networks ................................................................................. 10
6.4 Consulting and Security Review ...................................................................... 10
Section 7: Installation and Administration
.................................................................... 10
7.1 Pre-installation Information ............................................................................ 10
7.1 Control Network Subnets ............................................................................... 11
7.2 Server Ethernet Interfaces .............................................................................. 11
7.3 Server DHCP Administration ........................................................................... 14
7.4 Static Route Administration ........................................................................... 15
7.1 SERVER-IPSI Socket Encryption ..................................................................... 17
7.2 Quality of Service Administration on SAT Form ................................................ 19
Section 8: Migration And Downtime
.............................................................................. 20
8.1 Duplex Reliability System Migration ................................................................ 20
8.1 High and Critical Reliability System Migration ................................................. 21
Section 9: References
...................................................................................................... 23
COMMUNICATIONS
AT THE HEART OF BUSINESS
1
Section 1: Converged Communications security Introduction
Prior to Avaya Communication Manager 2.0, the S8700 Media Server series Multi-Connect Control
Network was required to be implemented on a private, dedicated network. With the introduction of Avaya
Communication Manager 2.0, customers now have the option of implementing the Control Network on their
existing enterprise LAN infrastructure. It should be noted however, and taken into serious consideration that a
private, dedicated Control Network provides the highest level of system reliability and availability. Additionally,
since the system is isolated, this interface is less prone to security issues. A non-dedicated network has the
potential of being vulnerable to certain attacks, which in turn could impact the entire IP Telephony system.
Customers with business critical Telephony applications may wish to implement the Control Network on
a private, dedicated network; customers do have the option of implementing the Control Network on their
existing enterprise LAN infrastructure.
Avaya Communication Manager 2.0 also introduced the S8700 Media Server series IP-Connect systems in
High Reliability configuration. In this configuration the Control Network is duplicated. Same configuration
rules as the S8700 Media Server series Multi-Connect system, apply to the S8700 Media Server series IP-
Connect system, in particular the customer has the option of implementing their IP-Connect system Control
Network on a dedicated, private LAN.
This paper provides implementation and installation recommendations when implementing the Control
Network of an S8700 Media Server series system on customer LAN/WAN. Please refer to the following
sections in detail: System Availability, Performance Impact, Network Engineering Guidelines and Security, to
understand the impacts and achieve the best possible performance when deploying the Control Network on
the enterprise LAN.
1.1 S8700 Media Server series System
The Avaya S8700 Media Server series solution uses a standard microprocessor engine with an Intel-based
processor on a commercial server. The S8700 Media Server series provides a foundation for a flexible, highly
reliable Avaya Communication Manager solution that meets a variety of customer telephony needs.
Each S8700 Media Server series Multi-Connect system is configured in one of three reliability options:
Duplex, High and Critical. Each S8700 Media Server series IP-Connect system is configured in one of the two
reliability options: Duplex, and High. Table 1/Table 2 gives a summary of the options.
Reliability Options
Duplex
High
Critical
Server
Duplicated
Duplicated
Duplicated
Control Network/
IPSI: Private,
Dedicated OR
Customer LAN
Simplex
Duplicated
Duplicated
Port Network
Connectivity: EI
Fiber Connected
(CSS/ATM)
Simplex
Simplex
Duplicated
Table 1: S8700 Multi-Connect Reliability Options
➔
COMMUNICATIONS
AT THE HEART OF BUSINESS
2
Reliability Options
Duplex
High
Server
Duplicated
Duplicated
Control Network/
IPSI: Private,
Dedicated OR
Customer LAN
Simplex
Duplicated
Port Network
Connectivity: IP
Simplex
Simplex
Table 2: S8700 IP-Connect Reliability Options
➔
1.2 Control Network
The Control Network is the network that carries control messages between the S8700 servers and the IP
Server Interface (IPSI) Boards (TN2312). In a High or Critical Reliability system, the Control Network is
duplicated – providing redundant Control Network A and Control Network B. Each of the servers has a
dedicated Ethernet Interface for Control A and Control B traffic. In support of this duplication, the IPSI
(TN2312) boards are also duplicated in active/standby mode.
This paper describes the installation, administration, performance impacts and Network Engineering
Guidelines to implement this feature.
Section 2: Glossary
Multi Connect
QoS
SLA
DOS
OSPF
Control is IP via IPSI/IPSI-2 and bearer is via a Center Stage Switch (CSS) or ATM
Quality of Service
Service Level Agreement
Denial of Service
Open Shortest Path First. This is an IP routing protocol.
Section 3: System Availability and Reliability
The migration of the Control Network to the customer’s LAN from a private, dedicated network requires best
practices network engineering and design to provide a highly reliable link between the servers and the port
networks. Network design and operation are critical for properly designing their enterprise data network in
order for the platform to meet the desired availability numbers. Since the enterprise LAN/WAN is owned (or
leased) and operated by the customer, assurance of network integrity and quality can only be accomplished by
the customer.
In this configuration the control signaling traffic between the S8700 Media Server series call controller and
the IP Server Interface board(s) (IPSI), which reside(s) in the Port network is sharing resources with other
data network processes and activities. With proper engineering and a certain level of redundancy efforts
the customer’s enterprise LAN has the potential of meeting a high level of availability. The LAN availability
depends on configuration of the network topology with redundancy provisions. Protocols should be employed
that immediately identify link or device failure, monitor the health of the redundant components and check
for the bandwidth availability.
COMMUNICATIONS
AT THE HEART OF BUSINESS
3
Section 4: impacts
Impacts to various elements of the system are presented in this section. Refer to [0] for details on system
“availability” of S8700 Media Server series under different configurations.
4.1 WAN Remote Port Networks
4.1.1 WAN Characteristics and Associated Concerns
Implementing Control Network on customer LAN also allows for WAN remote IPSI Port Networks. The LAN
segments of an enterprise network are typically owned and controlled by the enterprise, which means that the
enterprise has more strict control over these facilities. This is not always true for WAN links. Most WAN links
are leased through service providers, which mean that the enterprise has limited control over the WAN link.
The enterprise can specify contractual requirements regarding the reliability of the WAN link as condition of
the lease. These contractual requirements, commonly called Service Level Agreements, are often not worth
much because of the difficulty in measuring the service levels.
Due to the high cost of WAN links, whether they are leased through a service provider or owned by the
enterprise, they are also not as redundant as enterprise LAN segments. It is common to see a higher, typically
much higher, degree of redundancy in LAN segments than in WAN links. WAN link redundancy typically employs
an N+1 scheme. The enterprise acquires as many links as it needs, plus one more link for redundancy.
Related to these two points, here are some things that can and often do happen on WAN links:
•
Short, intermittent outages:
These can last a few seconds or more, but they are typically not long enough to
notice a problem with traditional data applications, although the router will notice the outage. These can
happen as infrequently as once every couple weeks, or as frequently as several times a day. It depends on
the service provider and the physical facilities.
•
Route flaps:
These are cases where a WAN link goes down, comes back, goes down, comes back, etc. in
such a manner that the routers continually change their routing tables to compensate for complete outages
and recoveries. This is a severe problem in IP networking, and the effects are both unpredictable and
difficult to quantify.
•
Prolonged Outages:
First, WAN link outages are more common and frequent than LAN link outages. Second,
it is more difficult to compensate for WAN link outages because of the lower level of redundancy in WAN
links. Thirdly, WAN links are inherently slower than LAN segments and incur more latency. This is not only
due to the limited bandwidth, relative to LAN segments, but also the process required to serialize packets
and put them on the WAN link. Typically this is not a huge issue. The incremental increase in delay is not
enough to cause problems under normal operation. But if a partial WAN outage (only some of the links
go down) causes all the traffic to be carried by the remaining links, it results in heavy congestion on the
remaining links, which further increases delay and packet loss. Even with QoS mechanisms in place, the
added stress can create unstable conditions that may affect real-time applications, especially ones that are
very sensitive to network inconsistencies.
•
Troubleshooting:
The wide range of possible problems on WAN links is difficult to troubleshoot. Often the
service provider must be involved in the troubleshooting. It can be difficult to substantiate where the
problem lies and who is responsible to correct it. This can result in long resolution times, which increases
tension and ill feelings when a critical enterprise service is dependent on the resolution.
Plik z chomika:
konri75
Inne pliki z tego folderu:
ipo-cm.pdf
(923 KB)
IP_GUIDE_3.0.pdf
(639 KB)
poe-ciscoxp500.pdf
(382 KB)
8300updates.pdf
(317 KB)
advantages_of_implem.pdf
(268 KB)
Inne foldery tego chomika:
!2007
!2008
!2009
!2010
!2011
Zgłoś jeśli
naruszono regulamin