book

Switching to VoIP

by Theodore Wallingford

June 2005

Intermediate to advanced

502 pages

21h 48m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Assumptions Made in This Book
Safari EnabledHow to Contact Us

Mesh Versus Switched
Plain Old Telephone Service
Limits of Traditional Telephony
VoIP in BusinessVoIP’s Changing Reputation
VoIP’s Pros and Cons
The physical layerThe data link layerThe network layerThe transport layerTo connect or not to connectThe session, presentation, and application layers
IP phones or traditional phones
Configuring a Grandstream Budgetone 101 IP phone
Project 2.2. Make an IP-to-IP Phone Call
Pure IP or IP Enabled
Free Telephony Software
Asterisk’s Requirements
The X100P CardThe POTS pass-through connectorInstalling an X100P
Loading the Interfacing Drivers
Using rc.local to launch AsteriskUsing the safe_asterisk scriptSetting up a Red Hat init script for Asterisk
Project 3.1. Test an IP Phone with AsteriskVerify Asterisk’s SIP server is runningSet the IP phone to use a SIP serverAllow the IP phone to place calls via AsteriskRestart or reload?Listen to the Asterisk automated greeting using an IP phoneListen to a voice over Internet greeting
Asterisk’s logfilesAstman
Regulation and Organization of the PSTNThe FCC
LD carriers
ISPsComponents of the PSTNThe Central Office
Main Distribution FramesSwitch-to-Switch TrunksIn-Band Signaling (DTMF)
City codes, area codes, and country codesOut-of-Band Signaling and SS7
SONET and DS3
CentrexCustomer Premises Equipment
The Demarc“Inside Wiring” and the Cable PlantCP Distribution FramesFXS and FXO Signaling
Channel-Associated SignalingOther Legacy StandardsProject 4.1. Create a Trunk Channel with a POTS LineWhat you need for this project:
Pulse Code Modulation and DS0 Channels
Point-to-Point Trunking
Fiber-Optic Cabling
Legacy EndpointsFXS/Analog Endpoints
Using (or not using) digital endpoints with a VoIP serverSpeakerphoneLines and line appearancesRing groups and private hunt groups
What you need for this project:Step 1: Unlock and configure phone A (Cisco 7960)Step 2: Configure phone B (Budgetone 101)Step 3: Define SIP peers for the IP phonesStep 4: Create a ring group for the two IP phonesStep 5: Allow the SIP phones to dial out
Extensions based on DIDExtensions based on geographyExtensions based on departmentExtensions based on type of device
Dial-Tone Trunks
Basic Call Handling
Mute, Hold, Call Transfer, and Multiparty ConferenceBlind and consultative transferConferenceMeet-me
Administrative ApplicationsCall AccountingProject 5.1. Analyze Call Detail Records and Call AccountingWhat you need for this project:Asterisk CDR default fields
In-Out, DND, and Call ForwardCall Logs and Missed-Call IndicationsMessaging Applications
BargingVoice MailMessage notification (pager, email, etc.)
Call Parking and OrbitProject 5.2. Set Up Call Parking
Automatic Call ReturnHunt Groups and Ring Groups
What you need for this project:Add cell phone bridging to this hunt group
DirectoriesPresence
CTI ApplicationsAutomated AttendantsInteractive voice response and data collectionPrivacy management
Key Issues: Telephony Applications
The “Dumb” Transport
Sampling and Digitizing
Encoding (1/2)FramingDigital versus packet basedMultiplexingCompressionCodecsCodec packet rates
The T1 carrier versus VoIPVoice packet structureReal-Time Transport ProtocolEthernet
Things that degrade playback qualityTranscodingCall pathsSilence suppression and comfort noise generation
What you need for this project:Per-peer codec selection on Cisco media gateways
Key Issues: Replacing the Voice Circuit with VoIP
VoIP Signaling Protocols
Signaling for non-telephony apps
H.323 GatekeeperRegistration
H.323 GatewayMultipoint Control Units
Setup/teardownCapabilities negotiationOpen media channelPerform callRelease
H.245Fast-start
Project 7.1. Build an H.323 Gatekeeper Using Open H.323 (1/2)What you need for this project:Open H.323’s requirementsDownload and compile Open H.323Set up the Gnu gatekeeper (gnugk)Register an H.323 softphone using OhPhoneXRegister an H.323 endpoint using NetMeeting
Make the call
SIP registrarURIsSIP methods and responsesSIP proxiesSIP user agent elements
SIP redirectSession Description ProtocolReal-Time Streaming ProtocolSIP packet encoding
IAX
Heterogeneous Signaling
Cisco AVVID/CallManager
Key Issues: Replacing Call Signaling with VoIP
Business EnvironmentThe Market Adoption Cycle
Productivity
Cost models help sell IP telephonyActual consumption cost modelOverhead costsThe success deltaService provider cost savingsInternal management cost savingsHow do you eat an elephant?Recognizing revenue, productivity, and cost reduction
Convenience and Timing
LANVoIPX? VoNetBEUI? Not a chance.CablingSwitches versus repeatersWireless Ethernet
Cisco power versus 802.3af
LAN Readiness Checklist
Managed VPNVoIP over dial-upImplementation Plan
TimeManpower, Vendors, and VARsSelecting a VoIP platformChoosing a VARCreating an RFP
Key Issues: VoIP Readiness
QoS Past and Present
Noise
Does overcapacity remove the need for QoS?
Hybrids and echoZaptel’s echo suppression
802.1p and ToS
Policy serversDSCP classesThe DiffServ CoS process
What you need for this project:Configure an iptables edge router for DiffServLTC for DiffServ core routers
802.1q VLANLayer 2 Switching
VLAN trunkingCoS over VLAN trunks
Intserv and RSVPControlled loads versus guarantees
Dial-Tone Providers That Offer VoIP Service
Voice QoS on WindowsQoS Packet Scheduler
Project 9.2. Audit a Network’s Capabilities Using pathping and tracerouteWhat you need for this project:Measure the latency time and jitter on a call path
Security in Traditional Telephony
SnoopingPhreaking
Features
Credentials and Authentication
What you need for this project:Origin, destination, and timing policiesHigher-layer access controlPhysical presence policies
Software Maintenance and Hardening
Project 10.2. Harden a SoftPBXWhat you need for this project:Remove unnecessary softwareClean up xinetdKill shell access for daemon usersOptimize the local firewall on the softPBX
DMZs and FirewallsBuilding a DMZ
What you need for this project:Reading and analyzing packet logs
What you need for this project:The console keyword
Enable syslogSnort and Nagios
VoIP Troubleshooting Tools
SIP Packet Inspection
What you need for this project:Configure the SIP softphoneConfigure EtherealObserve SIP registrationObserve registration failure
What you need for this project:Inspect successful capabilities negotiationInspect failed capabilities negotiation
What you need for this project:
Commercial packet analysis toolsWhen the going gets tough, call in the end users
Simulating Media Loads
POTS and Centrex TrunksT1/PRI trunksISDN BRI trunksVoIP trunksHosted PBXATM trunksTelevision cable and fiber trunksIf that’s not enough bandwidth…
The case for fewer trunks
Project 12.1. Make It Easier for Callers to Reach PBX UsersWhat you need for this project:Home phone call bridgingTime-based context includes
Connecting Trunks to Your Telephone Network
Leverage Centrex groupsUse dial-tone trunks to seamlessly route calls between PBXs in the same organization
What you need for this project:Controlling Caller ID when using PSTN trunks
Project 12.3. Grouping PSTN TrunksWhat you need for this project:
What you need for this project:What if the call is from a different area code?What if the caller is using caller ID blocking?
What you need for this project:
Timing Trunk Transitions
Private Analog LinesLeased linesDry lines
Unwanted Effects of Load ManagementTraffic diversion (failover circuits)
Multipath jitterMultilink PPPTCP/IP as a Transport for Voice TrunksInsecure, unencrypted UDPVPNGRE tunnelsIP addressing schemes
To VPN or not to VPN?Soft- or hardphone in the mobile office?
What you need for this project:The Inter-Asterisk Exchange Telephone (IAXTel) networkGet access to IAXTelSet up the dial-plan for regular PSTN callsRoute toll-free calls to the InternetAllow incoming calls from IAXTel
Monitoring registrationsWAN DesignDistributed Versus Client/Server
Hub and spokePeeredMeshed
Locate to conserve network availabilityLocate to save moneyLocate for capabilities
Disaster SurvivabilitySurviving Power Failures
Uninterruptible power suppliesSurviving Network Link Failures
Remote Site Survivability and ALSThe survivability problemThe survivability solution
STUN Allows Coexistence with NAT
Peer-by-Peer Codec Selection
Directory ServicesDirectory services: resolution and advertisingResolution of SIP URIs and E.164 numbersENUMDUNDiAdvertising
What you need for this project:
Fax and Modems
ATAs and fax/modem support
What you need for this project:Receiving faxesSending faxes
What you need for this project:Automatic fax routingFax routing with DIDs
Simulating T.37FoIP SolutionsCisco AVVID
Other solutionsCommercial soft fax solutionsHylafaxHosted Fax
Surveillance Systems and VideoconferencingCamera Surveillance
Project 14.3. Build a Custom Voice Mail SystemWhat you need for this project:Turn on email notificationAttach voice mail sound files to email notificationsCustomize the email notification messageConnect the dial-plan to voice mailWeb access to voice mail
What you need for this project:Use a prerecorded sound for a simple paging routineUse your own sounds in IVRConverting sounds using SoXUse soxmix to put background music into an announcementRecord IVR announcements using Asterisk instead of a sound recording app
E911 on the PSTNE911 on wireless providers’ networksE911 on the converged network911 on large VoIP networksPrivate Switch ALIMapped ALIPOTS pass-throughDial-around
What you need for this project:
Asterisk’s administrative interfaceAMPAMAstConsole and Asterisk setup assistantsOpen H.323 administrative GUIsOther administrator GUI tools
Common Problem SituationsThe people you call complain about echoThe phone rings, but callers cannot hear you
Past a certain number of simultaneous calls, quality breaks down or calls are disconnected
Callers sound robotic, or they say you do
You and your caller find yourself interrupting each other a lotWhen a caller begins to speak, you can’t hear the first word or two of his sentencesThe power went out and so did all the phones
A clumsy keystroke took the softPBX down during peak business hours
My IP telephony salesperson said I would be able to do overhead or zone paging using the IP phone...
The phone company missed a critical circuit switchover deadline
Softphones and Instant Messaging SoftwareOhPhoneX-Lite, X-Pro, and Eyebeam
Firefly (SIP and IAX)IAXCommNetMeetingMSN MessengeriChat
Skype Web LinksConference CallsSkype Handset
Other Desktop Telephony SoftwareCall Soft ProCallerIDGeckoPhoneFaxMachineFaxStatus (Mac)
Voicent GatewaySpeechSoftDeveloper Tools and SoftPBX SystemsAsteriskAstLinuxAsterisk Management PortalLDAPGet
Asterisk Perl modulesJAsteriskAstWindNon-AsteriskOpen H.323VOCALIntel Dialogic productsSIP Express RouterEnvoxBayonneVOCPTelos ISDN H.323 Gateway
VoIP Service ProvidersDial-Tone and Call OriginationBulk trunk providersWholesale IXCsHosted PBX
Telephony Hardware Vendors
How Asterisk Is Supported
Built-in variablesThe layout of extensions.confContextsIncluding contextsThe syntax of extensionsExtension pattern matching
Special extensions
Getting string lengths
Dial-Plan Command Reference (1/4)AbsoluteTimeoutAddQueueMemberADSIProgAGIAnswerAppendCDRUserFieldBackGroundBackgroundDetectBusyChangeMonitorChanIsAvailCheckGroupCongestionControlPlaybackCutDBdelDBdeltreeDBgetDBputDeadAGIDial
DigitTimeoutDirectoryDISAEchoEnumLookupFestivalFlashGetGroupCountGotoGotoIfGotoIfTimeHangupLookupBlacklistMailboxExistMathMeetMeMeetMeAdminMeetMeCountMilliwattMonitor
MP3PlayerMusicOnHoldNoCDRNoOpParkedCallPlaybackPlaytonesPrivacyManagerQueueRandomReadResetCDRResponseTimeoutRingingRptSayAlphaSayDigitsSayNumberSayPhoneticSayUnixTimeSendDTMFSendTextSendURLSetAccountSetCallerIDSetCDRUserFieldSetCIDNameSetCIDNumSetGlobalVarSetLanguageSetMusicOnHoldSetVarSIPdtmfModeSMS
SoftHangupStopMonitorStopPlaytonesStripLSDStripMSDSystemTransferVoiceMailVoiceMailMainWaitWaitExten
ZapatellerZapBargeZapScanAsterisk ChannelsZaptel ChannelsUsing analog interfaces with AsteriskUsing T1 interfaces with Asterisk
SIP peer configuration
Administrator commandsProcess control commandsAGI commandsDatabase commandsIAX v2 commandsIAX v1 commandsCrypto commands
H.323 commandsSIP commandsMGCP channel commandsSCCP channel commandsCAPI channel commands
Integrating Asterisk with Other SoftwareAsterisk CLI Wrapper
Key Issues: Asterisk Reference

Content preview from Switching to VoIP

This is the Title of the Book, eMatter Edition

230

Chapter 10: Security and Monitoring

Hardening VoIP Servers

An important aspect of software security is hardening: the act of proactively making

your operating system and application software more secure. On a softPBX server,

hardening means removing unnecessary services and software agents, so that you

have less of a garden of possible security vulnerabilities to worry about.

On Windows servers, this often means removing unneeded services. If Microsoft

Internet Information Services isn’t needed, shut it down or remove it. That’s one less

risk. The same is true of Linux systems. Notoriously exploitable software like

Apache and BIND should be carefully patched or just removed from the system.

But hardening isn’t just disabling or removing software from telephony servers. It

also means optimizing the system configuration of every relevant device on the net-

work. On an Asterisk server on Linux, for example, this would mean establishing a

very restrictive local firewall policy. That way, only authorized traffic can get into,

and out of, the softPBX. This is sort of access control at the host level—the last line

of defense, if you will.

Even if a would-be intruder is sitting three feet away from your softPBX server, he

won’t be able to break in if it’s hardened correctly. Here are some ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Voice over IP First-Step

Kevin Wallace

Securing VoIP

Regis Jr (Bud) Bates

Low-cost Smart Antennas

Qi Luo, Steven Shichang Gao, Chao Gu, Wei Liu

VoIP Voice and Fax Signal Processing

Sivannarayana Nagireddi

Publisher Resources

ISBN: 0596008686Catalog Page Errata