Viop phone - Voice Over IP

The goal of any network is to support users in a flexible, reliable, secure, and inexpensive manner:

• Network managers want the network to be flexible.
• Users want the network to be reliable and secure.
• Management wants the network to be inexpensive.

A balance of these often−competing goals can be achieved, provided a good dialog is maintained among the participants. It is an exercise left to the reader to select from the list those applications and users who are to be served. The network list indicates that these users and applications could be interconnected by any of these network technologies. As indicated previously, dedicated networks are expensive and rarely fit the need perfectly. Frame Relay and Asynchronous Transfer Mode (ATM) are shared network technologies that can be very cost effective, depending on the geography and traffic volume. Dial−up telephony can be a networking technology for highly mobile, low−volume users. Normally, we would like to have a backbone network with direct access for various users and dial−up remote access for infrequent users. We will discuss these alternatives in the following sections.

Shared Networks

The advantage of shared networks is that organizations do not have to incur the entire cost of the infrastructure. For that reason, Frame Relay has been extremely popular. Because it (like X.25 before it) is virtual circuit based, there is little concern about misdirected or intercepted traffic. Still, Frame Relay service is not universally available and access charges to a point−of−presence (POP) can be expensive. However, compared to the cost of dedicated networks, shared networks offer equivalent performance and a much lower cost.

Internet

The next logical step is to use the Internet as the private network. It is almost universally accessible, minimizing access charges. From our discussion of the Internet in Chapter 29, “Synchronous Optical Network (SONET),” two things are clear

• No one is watching the traffic or performance of the Net as a whole.
• The path our data takes across the network is quite unpredictable.

This leads to the conclusion that performance will be unpredictable and that our precious corporate data may pass through a router on the campus of “Den−of−Hackers University.” (It is not the intent here to malign university students, but only to offer the observation that they are bright, curious, love a challenge, and may have time on their hands and access opportunity to do a little extra curricular research on the vulnerability of data on the Internet.) There are then two problems: performance and security.

Performance

The performance issue poses the problem of sizing the bandwidth on each link, which becomes a major task as the network grows. Unfortunately, few network managers have a good handle on the amount of traffic flowing between any given pair of locations. Typically, they are too busy handling moves and additions to the network, which frequently leads to performance problems. Because the network grew without the benefit of a design plan, invariably, it means that portions of the network, including servers, become overloaded.

A dedicated line network is expensive, requires maintenance, and necessitates a backup plan should a line or two fail. Using a shared network does not alleviate the problem of traffic analysis. On the contrary, we now have to worry about the capability of the Internet to provide the bandwidth we need when we need it. Selecting our ISP to provide the performance we need becomes an important issue.

Outsourcing

One solution is to outsource the network to a network provider (the analogy to a voice VPN here is strong). The most popular previous solution was to lease Frame Relay service. The benefit was that the network provider took care of the management of the network and even provided levels of redundancy (for which you paid) within its network. Unfortunately, to make most efficient use of this service, one still needed to have a handle on traffic volumes. For example, a committed information rate (CIR) that was too low resulted in lost data and retransmission, while a CIR set too high was a waste of money.
A national or international carrier with its own Internet backbone then becomes a good choice as a VPN provider. One negotiates service level agreements (SLA), which include quality of service (QoS) guarantees. Some ISPs even provide Virtual IP Routing (VIPR) in which they permit you to use internal, unregistered IP addresses. If one builds a completely independent, internal (intranet) network, one could use any set of IP addresses one might choose. This alternative is attractive to large corporations that are constrained to using class C addresses. If these private addresses were to get out onto the Internet, chaos would quickly ensue. VIPR permits the flexibility to continue to use this unregistered set of addresses transparently across the Internet. This is strongly analogous to having one’s own dialing
plan on a voice VPN. There are many possibilities and choices here. We can outsource the whole network, including the VPN equipment on each site, or outsource pieces.
Standard Outsourcing Issues A few points are worth making about outsourcing. One must take a realistic look at the task at hand:

• If the internal staff possesses the capability to implement the VPN, do they have the time?
• If you outsource the whole network, how permanent will the relationship be?
• To what extent will the internal staff become involved in the design and maintenance of the VPN?

Choose your vendor carefully. Evaluate responsiveness in the areas of presale support, project management, and post−sale support. As in any procurement process, writing a system specification and Request for Proposal (RFP) is essential. Also, make up the evaluation criteria ahead of time. You may (or may not) choose to publish the evaluation criteria in the RFP. Select the vendor who is most responsive to your requirements. Here is a good opportunity for the vendor to do the traffic analysis so that a traffic baseline for design can be established. Always include growth in the RFP. Ongoing support will be critical. If the network spans multiple time zones, specify the minimum support requirements. For example, 9 A.M. to 5 P.M. CST is of little use to offices located in Taiwan. What training is offered as part of the package? The more knowledgeable the internal staff can be, the better they will be able to support the VPN — even when they are outsourcing support. It is important to have a coordinated security plan so that we have an integrated and consistent view across our firewalls, proxy servers, and VPN equipment

Security

The basic concept of a VPN is to provide a secure, point−to−point connection across the network between communicating entities. A couple of questions about security are important to keep our paranoia in check. The first question is how much security is enough? To answer that question, wemust consider the impact on our business if the data we are sending is

• Simply lost. Is there a backup mechanism for sending or recovering the data?
• Found by another business (not a competitor).
• Found by a competito

In the last case, we must ask how much effort is the competitor willing to invest to get our data? The answer to these questions will help us decided how much security is enough. Note that in the foregoing example, one can equally substitute the word hacker for competitor. What About Security Issues? Turning to security, remote access to a system must have integral security to protect the network and users from unauthorized access and penetration. We have all heard about the teenaged hackers who have been creating havoc in the data processing and Internet business. These young hackers break into systems for the sheer pleasure of challenging the system and showing their prowess with the modem. And it works, because they do it every day. We, therefore, have to consider these issues before opening a door. We must start with different techniques such as VPNs, encryption, authenticating servers, and secure firewalls. The key technologies that compose the security component of a VPN are

• Access control to guarantee the security of network connections
• Encryption to protect the privacy of data
• Authentication to verify the user’s identity as well as the integrity of the data

What Can We Do to Secure the Site? Remote access users sitting in a distant site need to know how to use the system, so training is important. A company with salespersons who travel frequently would provide 800 number access. Hardware considerations vary, depending on what networking you’re using, the number of users, and whether the users need desktops or laptops at the remote location. Standardization is essential — you don’t want three or four different platforms, and you don’t want to have to support 47 varieties of software. We want to leave the variety of flavors to the ice cream manufacturers! Additionally, a firewall service will offer a bastion router capability to filter the packet, the protocol, or the user id and address. These systems will help to keep out unwanted guests. Firewalls can be in different places, as we will see. They can also be integrated or CPE solutions. Security must also be ensured while the data is in transit. Therefore, we need to use a form of encryption so that an eavesdropper cannot listen in on our data and intercept it. By using Internet Protocol Security (IPSec) techniques, we introduce up to five different forms of encryption and digital signatures. These will be sufficient to delay any access to the data and by the time the code could be broken, the data will have little value.
Authentication is also a very effective tool that challenges the caller and requests a key−coded response. In a security dynamics environment, a challenge and response can be issued by default every 30 seconds or user variable to effectively manage the logged−on users. What Are the Risks? The risks posed on data integrity and security take many forms. We usually think of data protection in terms of the corruption or total loss of data. However, other areas of concern may be from the undetected interception of the data by hackers or crackers. Moreover, the inaccessibility of our data from the denial of service attacks has become more prevalent in the security issues facing the IT manager. Lastly, there are also issues of invasions on our LANs or WANs when a promiscious device is attached to the network and picks off all data packets regardless of the addressee. These sniffers, as they are called, can capture all data packets from
the network, usually undetected.

• Hackers
• Crackers
• Salami attackers
• Denial−of−service attacks
• Sniffer

read comments (0)

Internet−Based VPN

the same time. The philosophical point is that a dedicated network will be overbuilt in some areas and underbuilt in others. A shared network offers the hope that we can spread the overall cost out while getting the benefits of a private network. Historically, this accounts for the popularity of shared data networks beginning with X.25, Frame Relay, ATM, and now the Internet. The Internet has become a popular, low−cost backbone infrastructure.
Because of its ubiquity, many companies now want to use a secure Virtual Private Network (VPN) over the public Internet. The challenge in designing a VPN is to exploit the technologies for both intracompany and intercompany communication while still providing security. Of course the rule of thumb we now use in an Internet Protocol (IP) network is “IP on everything.” A VPN is an extension of an organization’s private intranet across a public network (that is, the Internet), creating a secure connection essentially through a tunnel. VPNs securely convey information across the Internet connecting remote users, branch offices, and business partners into the corporate network.

VPNs are owned by the carriers, but used by corporate customers, as though the customers owned them. A VPN is a secure connection that offers the privacy and management controls of a dedicated point−to−point leased line, but actually operates over a shared routed network. In the past we saw traditional networks being built as part of a leased line, point−to−point network. This was expensive and risky. A single link error brought the network down. Later a virtual networking scenario emerged using a packet−switching technology called Frame Relay. This demanded that presubscribed links were established by being premapped in logic. VPNs are created using encryption, authentication, and tunneling, a method by which data packets in one protocol are encapsulated in another protocol. Tunneling enables traffic from multiple organizations to travel across the same network, unaware of each other, as if enclosed inside their
own private steel pipe. It is easy to jump to the conclusion that the Internet is free and, therefore, there are tremendous cost savings to be had from this free shared network. Later, we will explore some cost comparisons, but as one might guess, the relative cost benefit depends very much on each network’s geography and traffic volume.

read comments (0)

To get corporate America back on the switched network, AT&T devised a marketing strategy. The approach went something like this to the CEO/CFO: “Look, your primary business is banking [building airplanes, trading stocks, selling insurance or whatever], but it is not running a telephone company. Who knows better how to run a telephone system than we do? (You can substitute your favorite carrier here. AT&T is chosen here because they were the first to introduce this service.) You think you are saving money by using these dedicated lines. On the surface, it appears that you are. However, who is managing this network? What is it costing you to recover from outages? Do you have back−up facilities for each of your dedicated routes? Your dedicated team of telephony experts is costing you a bundle. Why are you doing this?”

The CFO and CEO look at each other and shrug their shoulders. “Our CIO or CTO [2] CTO is the Chief Telecommunications Officer or Chief Technology Officer depending on the organization sold us on the idea for providing better service at a lower cost,” they said in unison.
“Look,” said AT&T. “We have the ultimate (outsourcing) deal that will provide all your current capabilities for one low price. We will manage the whole network for you and give you all the service you currently enjoy with your private network with little or no hassle.” Our product is called (somewhat obscurely) Software Defined NetworkTM because you can define the parameters of the
network yourself,” AT&T said proudly. Sprint and MCI/WorldCom [3] MCI and WorldCom were different entities at the time of this offering, but for this book are updated to reflect current situations. TMSoftware Defined Network is a Trademark of AT&T. offer essentially the same product and call it a virtual private network (VPN). We use VPN here because it is both the generally used term, and it is descriptive of the offering. Here is how the deal works: The company defines the locations that will be part of the VPN as shown in Figure 3−2. The larger the average traffic commitment made between these locations, the lower the price per minute can be. (The catch is that if traffic falls below the average commitment, cost falls into the next higher rate category.) carrier will do it. Organizations can now lay off the telecommunications department. (Please note that the staff supporting the PBX in each location is still needed to handle moves, adds, and changes. In addition, the staff needed to maintain the dedicated data network is still needed. Even if the organization migrates to a Frame Relay network, some management of the vendor is always required). All the calls to specifically defined locations (offices) in Chicago, Atlanta, Phoenix, and Seattle are known as on−net calls. These are priced at the reduced rate. Calls to business partners and customers are off−net calls and are charged at a higher rate. If the off−net call volume to these specific locations rises, the organization can still place FX lines into these areas. Again, there is no substitute for knowing the traffic distribution when evaluating any telecommunications plan. As one can determine from the above description, it takes a sharp pencil to figure out if this is a good deal. It is definitely a good deal for the carrier who gets all those calls and minutes back on the switched network. The VPN is more reliable than a dedicated, line−based network because calls are really riding over the Public Switched Telephone Network (PSTN), which is rich in multiple paths. One of the features of the private, line−based network was four− or five−digit dialing. This can be preserved intact if we want. Because the switches in the telephone network are computers that have access to a database, they can easily look up how to route a number based on the originating location and number dialed. The VPN then is a special discount−billing plan, with the carrier managing the network on which we can have a custom−dialing plan.
A caveat that should also be brought into the equation is that the large corporations will negotiate long−term SDN/VPN agreements with the carrier. Typically, the agreements will bear a 3 to 5 year term whereby the customer enjoys the benefits of the fixed pricing arrangement, with some caveats on usage such as minimums, numbers of locations, average revenue generated per month, and so
on. If, however, the average volume falls below an agreed−to level, the carrier may charge a penalty. This penalty may be in the form of

• A minimum charge per site
• A minimum charge per month
• An averaged cost that is used on a quarterly basis (that is, they will bill the higher rate for an entire quarter if the customer does not achieve the minimum billing)

Any one of these charges may apply to the consumer’s billing, depending on the agreement between the players. Incidentally, the customer and the carrier are usually sworn to secrecy regarding the rates and terms of the agreement, through some nondisclosure arrangement. The purpose of this nondisclosure is to keep the mass public coming back and asking for the same deal! Or is it? Sometimes the deal is not as good as it is supposed to be. One such case was a large financial company who had a deal with the carrier for 5 years, yet over that same period of time the costs were rapidly plummeting. The customer was actually spending more per minute for their SDN/VPN than if they just picked up the phone and made a long dis−tance call. Newer contracts will usually bear some terms that state if the costs decrease over the term of the agreement, then the carrier will annually review and adjust the rates accordingly. It may also state
that the adjustments will be enacted if the costs drop by some fixed percentage point (like 10 percent). In either case, the carrier will also hook a contingency that because they are tied to reducing the costs in the contract period should the prices fall, they also reserve the right to raise the rates if their prices increase at greater than some tied percentage point (usually 10 percent). So what we have is an agreement that is somewhat fluid and can be modified during the term of the contract so long as both parties are in agreement. Where this is a benefit is when a company plans extraordinary growth over the term of the agreement, or when there is some speculation that some
sites may be closed and contraction will drop the overall volumes.

read comments (0)

As corporate communication volumes increased, organizations realized the cost of telephone service was escalating. Originally, all long distance service was charged on a per minute basis. AT&T introduced a volume discount outbound calling plan called Wide Area Telephone Service (WATS) [1] Some people refer to the term as Wide Area Telecommunications Services. For a monthly fixed payment, the organization got 240 hours of service to one of five bands across the country. Each band was priced, based on the distance from the originator’s location. A typical company usually had a band 5 line and a band 1 or 2 to cover adjacent state calls. It took some analysis to determine the most cost−effective solution for each company’s particular calling pattern. Foreign exchange (FX) service provided a fixed rate calling plan if a company had a large call volume for in−state locations. This is essentially subscribing to telephone service at the foreign central office location and leasing an extension cord from the telephone company to the home location. Originally, there were no usage charges on this line so the more you used it, the less expensive it was. Of course, long distance calls made from the foreign exchange were billed at the long−distance rate. An FX line is needed to each high volume calling location. Alternatively, a company could use a leased telephone line between locations. These lines went by several names: Terminal Interface Equipment (TIE) line, dedicated line, and a data line, when used for data. These are essentially point−to−point telephone lines that are available in two−wire or four−wire configurations. Because the difference in cost between two− and four−wire connections was small (relative to the cost of the line), the four−wire option was preferred unless the company needed many lines. The next logical step was to use these TIE lines to connect private branch exchanges (PBXs) at the various locations. Here again, there were no usage charges on these dedicated lines. A company with locations in Seattle, Phoenix, Atlanta, and headquarters in Chicago might have a “hub and spoke” arrangement of TIE lines from their headquarters to each regional office. Each location then might have FX lines to adjacent cities; for example, a company based in Seattle might have an FX
line to Tacoma, Kent, and Everett. There were corresponding inbound services where the called party paid. For example, the original Zenith operator provided toll−free calling in the days of manual switchboards. The inbound WATS service, now known as 800 service, was originally also structured in bands. Finally, for local toll service, remote call forwarding (RCF) allowed people to sign up for telephone service in a foreign exchange and have them make a long distance call from Tacoma, for example, back to Seattle at your expense. Although this was more expensive (depending on the number of calls) than FX, an advantage of RCF is that you can receive multiple calls at a time. It soon became apparent to people working in the Phoenix location that they could call their uncle in Kent by first asking the company operator (later by dialing) for the TIE line to Chicago. They would then choose the TIE line to Seattle and finally dial across the FX line to Kent. The PBX, although not smart, did allow a person to dial up the TIE and FX lines. The important fly in this otherwise ingenious solution (ointment) to high−cost long distance telephone service is that each TIE or FX line could only handle one call at a time. The challenge for the telecommunications manager was therefore to figure out the optimum number of TIE lines between locations to minimize cost and waiting time for the TIE line, while maximizing savings across the commercial long distance circuits. About this time, AT&T noticed a small drop in its long distance revenue from such business and a sharp increase in the number of leased lines it was providing. Now, clearly it is much more profitable to rent a telephone channel out at $0.25 per minute than to lease that capacity to a corporation for 1,000 per month. One should also be aware that the average corporation will not pay these prices, but smaller companies and independent contractors may! On average, 75 percent of the paying public is overpaying the cost of long distance because of the complexity and the various changes that take place. Recently, the three top providers of long distance service raised their rates by 7 percent (12/2001). The impact was primarily in the area of basic long distance service. This means that many small companies have subscribed to a plan with the carrier. The carrier selects the plan that best fits the customer’s dialing habits and number of circuits used (lines). However, the plan is current at the time of the deal and may change several times in the next year. Better pricing or packaging may become available the very next day. The consuming public may not realize that the new package is available and continue to pay the agreed to rates for the next x years, costing them hundreds to thousands of dollars extra per year. To rectify the problem, many organizations periodically call the carrier and ask for the best plan to meet their dialing habits. Once again, the best plan is selected at the time of the call, not forever adjusted automaticall.

read comments (0)

Some companies have to decide whether to use a private− or public−switched network for their voice, data, video, and Internet needs. Therefore, these organizations use a mix of services based on both private and public networks. The high−end usage is connected via private facilities creating a virtual private network (VPN), while the lower−volume locations utilize the switched network. Installing private−line facilities comes from the integration of voice, data, video, graphics, and fax transmissions. Now VPNs are used on the Internet to guarantee speed, throughput, quality of service, and reliability. This new wave of VPNs takes up where the voice VPNs left off. Only by combining these services across a common circuitry will many organizations realize a savings.

read comments (0)