Apuntes Convergence+

TELEPHONY Legacy Hybrid and IP Telephony Systems Telephone systems have begun the migration from sending voice across dedicated circuit switched lines using time division multiplexing to capturing voice and using IP packets to send the voice across a shared data network to the receiver. Hybrid telephony systems integrate key-systems and wide area connections to allow voice calls to move across traditional phone systems for local calls. If the call is destined for long distance, the voice is encapsulated and sent across the WAN link in packet form. The Internet Protocol (IP) is an OSI layer three protocol. This protocol uses an address to uniquely identify every host connect- ed directly to the Internet. The speaker’s voice is captured and segmented into separate blocks called packets. There are various reasons to migrate to an IP telephone system. First, the phone devices now have universal access. Wherever there is Internet access an IP phone may make calls to anywhere in the world.

IP phones contain additional features not found on traditional phones. Cost reductions are made when companies migrate to a single infrastructure running both voice and data over the same wire. The number of technical experts required to operate a dual telephone/data structure will be reduced.

Key Systems The smallest businesses usually begin with the same sort of single line telephone installed in most homes. However, as a business grows and adds staff, it needs the flexibility of multiple lines. For a business too big for a single telephone, but much too small for a largescale office switching system, key systems are the answer. Key systems are fairly simple on-site telephone systems geared to organizations with fewer than 100 telephones. Like a PBX, they switch calls to and from the public network and within users’ premises. However, key systems are simpler than a PBX, reducing the administrative workload for small businesses. Key System Components The first multiline business telephone system was called the 1A key telephone system. It consisted of a red hold button, four telephone line buttons, and an office intercom button. This system became the workhorse of small businesses, and many of these systems are still installed today. A key system provides multiple telephone extensions access to a group of single telephone lines. For example, if a small office has six single lines, it can use a key system to access

any of those lines from each of its telephones. Each telephone extension would have six buttons (one for each line); this is known as a squared line configuration. To connect a telephone extension to a line, a caller simply presses one of the unlit line buttons and if a line is free the caller will hear dial tone. The concept of key systems is illustrated on the Key Telephone System Diagram

Key Telephone System All telephone sets in a key system were connected to a central device called a Key Service Unit (KSU), which connected each telephone set to a group of outside business lines. Today, new KSU-less systems offer all the functionality of KSU within each telephone set. The main point to remember about a key system is that it can sup- port only as many incoming or outgoing telephone calls, or “call paths,” as there are lines installed. In other words, if a customer has 100 telephone extensions in an office, but only 40 lines installed, the maximum number of simultaneous calls, coming in or going out, is limited to 40. If the 40 lines are all in use, outgoing callers must wait for a free line, while incoming callers receive a busy signal. In many business settings, such as large retail centers or factory floors, cordless key systems provide employees telephone service while allowing them freedom of movement. Wireless transmission is used to connect these mobile extensions to the main business lines, and to each other by means of intercom features. This type of technology is presented on the Cordless Key System Diagram

Cordless Key System The use of wireless telephones inside buildings requires special base stations with antennae located on every floor. There are gen- erally also special outside base stations with antennae for nearby outdoor areas between buildings on a campus. The base stations must be wired with twisted pair to specialized circuit packs within the telephone system cabinet. Specialized wireless telephones associated with key systems and PBXs are high profit margin peripherals. These telephones operate at higher frequencies than home telephones and have specialized features associated with particular key and PBX telephone systems. On-site wireless telephone systems use a cellular digital switching technology similar to Personal Communications Service (PCS). Calls are transferred between base stations when a user walks out of the range of a particular antenna. Some mobile telephone units can function both inside and outside of the business campus. They sense when they are out of the range of the base system, and automatically switch calls to a cellular telephone network.

Limitations of Key Systems A key system provides a cost-effective way for a small business to share a moderate number of telephone lines. However, key systems offer fairly unsophisticated functionality

and features. In addition, their main advantage, simplicity, becomes a liability as a business adds telephone lines past a certain point. As we have seen, each telephone in a key system has a button to access each telephone line, plus a hold button, CO telephone lines, and intercom lines. Therefore, if a business needs 18 business lines, its telephone sets would have at least 20 buttons. By the time a business requires 20 or more lines, each telephone has become quite complex, hard to use, and expensive. Can you imagine an extension telephone with 50 or more buttons on it? Therefore, we can upgrade a true key system only so far before we need to try a different approach.

Hybrid Systems With the integration of computer technology inside telephone systems, key telephone systems became more and more advanced. Gradually, they began to include features previously found on only full PBX systems. Thus, the term hybrid describes a telephone system that includes features of both a key system and PBX. A characteristic of a hybrid key system is the grouping of outside trunks into pools, by function or organization. For example, certain trunks are allocated to a particular department. Electronic Key Telephone Systems (EKTS) often cross the line into the PBX world, providing switching capabilities, as well as impres- sive functionality and feature content. EKTS is a key telephone system in which electromechanical relays and switches have been replaced by electronic devices, often in the telephone sets and central cabinet. The inner workings of the central cabinet of an EKTS more resemble a computer than a conventional key system.

IP Telephony Systems “IP Telephony (Internet Protocol) is a means for handling your phone calls and faxes over the Internet as opposed to a traditional phone line. It is becoming the preferred technology for large organizations because it saves money, is easy to maintain, and produces a superior ROI compared to PBX systems. IP Telephony is less expensive to install than a PBX phone system. Less structured cabling is required. Once a drop is wired, it can be used for data and voice.

Maintenance costs are lower compared to a PBX system. Technicians trained in converged networks are able to maintain both data and voice systems. In fact, you can handle routine maintenance in house, such as add-ons, moves and changes. Monthly operating costs are less because the system does not require dedicated lease lines for voice and data.

Employees favor IP Telephony as it offers better tools to archive voice mail and keep track of faxes. In addition, faxes and voice mail can be retrieved off the Internet anywhere in the world. Features are visible on your computer making it relatively simple to operate. The system provides call accounting, giving you documentation on employee performance, carrier billing and call trends. Call NIC for a total solution. We are a single source for all of your technology requirements. Services include consulting, design, project management, system installation, maintenance, and support for all network systems” http://www.nicweb.com/en/ services/network_systems/ip_telephony.html

Voice Transmission Fundamentals When a caller lifts the handset off hook the PBX signals the router to seize a trunk. The PBX then forwards the dialed digits to the router. The router’s dial plan maps these digits to an IP address and initiates a call establish request to the remote router. The end nodes are responsible, on a VoIP call, for call connection and signaling. The ITU-T Q.931 recommendation manages the call setup and teardown. Steps to initialize the call include: SETUP of a connection, CALL PROCESSING determines the remote terminal received the call, ALERTING informs the calling party the remote terminal is ringing, CONNECT tells the calling party the remote terminal is now off hook, RELEASE COMPLETE happens when either end of the conversation hangs up the call The call control sequence may use RTP – Real-Time Transport Protocol in conjunction with RTCP – Real-Time Transport Control Protocol to manage the audio and/or video streams as requested. RTP running atop UDP carries the voice and/or video stream. RTCP controls the connection and runs atop TCP for tracking and control. H.245 control signaling negotiates channel usage and may negotiate agreement between all the endpoints of a conference call on technologies such as codecs, speeds, and parameters. The call may also use various protocols to set a quality of service for the voice packets. Running on the transport layer is the RSVP – Resource Reservation Protocol for QoS. The packets may have quality of service set on layer three with DSCP – Differentiated Service Code Points. And, on layer two the IEEE 802.1Q for quality of service/precedence levels for the frames themselves.

Encoding, Decoding, and Compression

It takes time to convert a voice signal from analog to digital. A similar delay, or latency, occurs when the remote end converts the digital signal back to analog. Voice compression reduces the number of bits in a transmission by removing redundant character strings in the digital character stream. However, compression algorithms increase latency by requiring large voice stream samples before they can compress and packetize voice signals

Digitizing the Voice As the benefits of a digital telecommunications infrastructure became apparent, it was necessary to take the analog voice and convert it to a digital format. The purpose for digitizing analog voice signals is so they are compatible with a digital telecommunications network. Analog to Digital The first part of the Analog-to-Digital Conversion Diagram (A) represents the original analog waveform. Part (B) represents digital pulses that control the sampling rate of the analog waveform. The digital pulses open a “gate” for the duration of their pulse widths, reading the amplitude of the analog waveform for this period of time. The sampled analog waveform appears as pulses (C) that are each correlated to a specific number (D). This number represents one sample of the voice signal. The binary representation of this number (E) is transmitted digitally across a circuit. At the receiving end, the reverse process takes place to convert the digital signal back to the original analog waveform A typical sampling rate (number of times a byte is generated) is 8,000 times per second, approximately twice the bandwidth required for an analog voice signal. Research has determined that a sampling rate of at least two times the highest frequency compnent of the original signal results in accurate representation of the original intelligence. This is called the Nyquist Theorem. A coder/decoder (codec) is the device that takes the analog voice signal and converts it to digital (binary) format for transmission over a digital circuit. The Analog-to-Digital Conversion Diagram illustrates this concept. Analog-to-digital conversion is also called “A-to-D conversion” or “ADC.” The most common example of this is found in a codec. This device takes the analog voice signal and converts it to digital (binary) format for transmission over a digital path, such as a T1. The output of a codec is combined with other outputs and multiplexed onto a high-speed digital network DTMF Signaling As you saw earlier, the first step-by-step switches were designed to work with rotarydialed telephones. Those telephones used “dial pulse” signaling, which produced short, regular interruptions of the direct current flowing between a telephone and switch. The

number of interruptions, or pulses, corresponded to the value of the digit. In other words, when you dial the number 5, you hear five clicks As CO switching went digital, telephone sets also improved the way they transmitted telephone numbers. The dual tone multifrequency (DTMF) system, commonly called Touch Tone, uses a pad of 12 buttons. When pressed, each button sends out a combination of two pure tones not found in nature: one high- frequency and one low-frequency. The DTMF Touchpad and Tones Diagram illustrates this concept

DTMF Touchpad and Tones By assigning one tone to each row and column, only seven unique tones are needed to identify each of the 12 buttons. These tones can easily be detected by a telephone switching system.

How a Call is Made When you pick up a telephone handset, a sequence of predefined operations occurs that provides you the ability to use the telephone network. Now that you understand the basic components of the telephone system, let us see how they work together to complete a typical telephone call. Dial Tone When you lift the receiver, placing the telephone in the off-hook position, the telephone’s internal switch closes the local loop circuit with the CO switch. This allows electrical direct current to flow through the circuit; the presence of this current signals the CO switch that you need a telephone connection. In telephony terms, we say the CO switch has detected the off-hook condition.

The switching module of the CO switch then tests the line and determines its suitability for call processing. If the line tests good, the switch provides dial tone to the caller’s telephone. The off-hook signal also alerts the switch to receive incoming touch tones. If the switch does not receive these tones in a timely manner, it sends a recorded message that reminds the customer that the telephone is off the hook. Entering a Telephone Number As soon as the CO switch detects the tones that represent the first digit, it removes dial tone from the line. The switch continues to detect tones and record the corresponding digits, while checking that the number of digits is correct. If the caller enters too few or too many digits, the switch sends the caller error tones or a recorded message. Call Routing The switching module of the CO switch then checks with its administrative module to determine the physical transmission path, or routing, the call must take to reach its destination. If the called party is connected to the same CO switch, the call is connected by that switch. However, the administrative module is advised that those connections are in use, and notes are made for billing purposes.

If the called party is connected to a different CO, the call goes through the caller’s CO, through a tandem switch, into the called party’s CO, then to the called party.

What if a particular telephone call is not originated and terminated within the same geographic region? How do we call another city, state, or country? The answer, of course, is to connect the caller’s CO to a higher-echelon CO. Therefore, if a call is not local, it goes through the caller’s CO, up to a Class 4 CO (or “toll switch”), into the receiver’s local CO, then to the called subscriber.

If the path is blocked at the Class 4 CO, the call is rerouted to another toll switch, into the receiver’s local CO, then to the called party (if necessary, the call may be routed up to a Class 1 office).

Ringing After a call has been routed to the destination CO switch, the switch tests the line to the called party, to determine whether the line is capable of processing a call. If the line tests good, the switch sends a ringing signal to the destination telephone. After the destination telephone answers, by going off-hook, the CO switch removes the ringing signal from the destination telephone. At the same time, the destination CO switch signals the calling CO switch to remove the ringing signal the caller hears. Each CO switch also records that the call was completed, so that the proper party may be billed for the call. Ending the Call When either caller hangs up, putting one telephone in the on-hook condition that breaks the local loop circuit, the absence of electrical current sends a signal to the nearest CO switch that the call is finished. Both CO switches then perform a series of tests, advise their administrative modules that the call is ended, and label the communications connections as idle and ready for another connection.

Long Distance Voice Routing This combination of digital switching and touch tone signaling made it simple to introduce direct dialing of long distance and international calls. And, telephone competition is made practical by powerful computers that can track and record the changing relationships

between telephone companies and their customers. The typical sequence of steps to switch a long distance call is as follows: 1.- The caller lifts the handset and receives dial tone from the lo- cal CO switch. 2- The caller enters the called party’s telephone number. 3- The local CO switch identifies the call as long distance, based on the number and pattern

of the digits. 4.- The local CO switch looks up the customer’s record to deter- mine which long distance company the customer uses, then routes the call to that company’s long distance switch (prob- ably in a Class 4 office). 5.- The long distance switch looks up the called party’s number to locate the CO switch

nearest the called party, and connects to that switch. 6.- The destination CO switch tests the line and rings the destina- tion telephone. 7.- The called party picks up the handset and begins the conversa- tion.

8.- The source and destination CO switches record the comple- tion of the call, and begin to track the duration of the call. 9.- Either telephone goes on-hook and the circuit is disconnect- ed. 10.- The source and destination CO switches record the final dura- tion of the call for

billing purposes, perform testing, and label their connections as idle and ready for another call

Signaling As you can see, an important part of the call routing process is the private communications, or signaling, that CO switches use to coordinate the work of setting up and tearing down telephone connections. In general, signaling is the exchange of information between call components required to provide and maintain service. Signaling means that service-related information is sent between a telephone company and its customers, between components of the same telephone company, and between one telephone compa- ny and another. For example, your local CO sends ringing or busy signals to your telephone. When you dial a number, you send an addressing signal to that CO, which then passes the number on to other COs across the country. When you end a call to a distant state, the CO switches that participated in the connection exchange duration information for billing. In-Band vs. Out-of-Band Signaling it is important to distinguish between “in-band” and “out-of- band” signaling. In-band signaling shares a single transmission channel with the voice conversation; voice and

signaling must take turns using the same transmission path. Analog (POTS) lines use inband signaling. Therefore, on a POTS line, you can either talk or signal, but you cannot do both simultaneously. Out-of-band signaling is carried over a separate channel from voice. In other words, it does not take place over the same trans- mission path as a conversation. For example, Integrated Services Digital Network (ISDN) - Basic Rate Interface (BRI) a popular digital service, uses one 16 kbps digital channel for signaling and two 64 kbps digital channel, for voice or data, all carried over the same pair of copper wires at the same time. Sophisticated electronic hardware treats the three channels as if they were carried over different wires

Prefixes The first couple of numbers dialed is the telephone number prefix. Within the North American Numbering Plan (NANP) the first three digits after the country code is the prefix and is mapped to geographic calling area. These three numbers are often called the area code

Telephone Numbering System As we have seen thus far, today’s heavily used telephone system depends on the ability of callers to place calls without the help of a human operator. That ability, in turn, relies on a system that assigns a unique numbered address to each telephone customer. However, there is no global standard for telephone numbers. There is a North American standard, called the North American Numbering Plan, which is used to assign telephone numbers in the United States, Canada, Puerto Rico, and U.S. Virgin Islands, as shown in the North American Numbering Plan Table In this table, the symbols “N” and “X” indicate the type of number that may appear in a particular position: N: any digit from 2 to 9 X: any digit from 0 to 9 Therefore, as you can see in the table above, an NPA (area code) or NXX (local exchange prefix) may begin with any number from 2 to 9. However, area codes and local exchange prefixes may not begin with 0 or 1, because these numbers have special meaning to the telephone switch. If the first number the switch receives is a 0, regardless of what number follows, the switch immediately connects the call to the operator. A number 1 in the first position identifies the call as long distance. If

a switch receives a leading number 1, it immediately transfers the call to the customer’s preferred IXC. Each Class 5 CO is assigned blocks of NPA-NXXs to distribute to all customers who want telephone service within that wire center. Therefore, all subscribers of the same CO share the same three- digit area code and three-digit local exchange prefix. The Dwindling Supply of Numbers Each NPA-NXX block can identify 10,000 unique telephone subscribers, because the four digits of the subscriber line identifier include unique numbers from 0000 to 9999. Following a similar principle, each area code can support approximately 8,000,000 numbers. (Some area codes are set aside for special uses, as we will see later.) Although this may sound like a lot of numbers, the supply of unique telephone numbers is being exhausted. Urban areas continue to add population, and each individual subscriber now wants multiple lines for fax machines, additional voice services, and Internet access. Telephone number management in the United States is presently conducted by NeuStar, a company selected by the FCC to serve a five-year term, beginning July, 2003, as the North American Numbering Plan Administration (NANPA). As the world consumes more and more telephone numbers, this task becomes increasingly more complicated and difficult. One solution, now being used in large metropolitan areas, is to use multiple area codes, called overlay codes, in the same geographic area. For example, a city’s dense downtown district may have a different area code than its outlying suburbs. Or, in heavily populat- ed cities, several area codes may serve the same area. This means residents of those cities must routinely enter 10-digit numbers to make local calls. In addition, the person next door, or even in the apartment below, may have a different area code. This situation is further complicated by the presence of different telephone companies, such as CLECs and wireless carriers, who have their own NXXs that differ from the LECs. It is even possible that a business subscriber could use one LEC for inbound service, another for outbound service, and still another for Internet access or other services. Currently, most telephone companies assign telephone numbers in three ways: Random assignment, or “what you get is what you get,” is the most common method of assigning numbers. The telephone company simply assigns the next number from a pool of available numbers in the customer’s local exchange. Special-request numbers are also available for an extra fee, providing easy-to-remember business numbers such as 444-9000 or 444-TAXI.

Numbers may also be reserved for future use. However, no LEC guarantees a number assignment until it is actually installed

Special Area Codes Digital switching made it possible to use the telephone numbering system to access special services instead of geographical areas. A brief overview of some of the most popular services available through special-purpose NPA (area) codes is presented below. Special NXX Codes NXX codes usually identify CO; however, some NXXs, with or without a special NPA, are set side to access special services as described below. Special Information: 555 The 555 numbers access special information services, such as long distance directory assistance. The line number (XXXX) identifies each individual service. Hearing-Impaired Services: 800-855 The 800-855 numbers, in the format 800-855-XXXX, provide free access to statewide relay services, such as Telecommunications Relay Service (TRS) and Message Relay Service, which provide trained assistants that translate calls between the voice telephones of hearing customers and the teletypewriters used by hearing- impaired customers. Service Codes, or N11 Numbers Like speed-dial numbers, service codes are three-digit numbers that directly connect customers to local exchange special services. They are commonly called “N11” numbers because of their num- bering format, which follows the same rules as NPAs and NXXs. In the United States, the Federal Communications Commission (FCC) administers N11 numbers, which include: 211—Community Information and Referral Services (United States) 311—Nonemergency Police and other Governmental Services (United States) 411—Local Directory Assistance (sometimes 1411) 511—Traffic and Transportation Information (United States), Reserved (Canada) 611—Repair Service 711—TRS 811—Impending U.S. nationwide One-Call service for advanced notice of excavation activities. This allows contractors and others to dial a single number and notify utilities of their intent to excavate.

911—Emergency Toll-Free: 800, 888, 877, etc Toll-free calls (the called company, not the caller, pays for the call) have been available for more than 20 years, and consumers have come to expect companies to provide them as a customer service feature. With such a great demand for these calls, the 800 NPA code has run out of available numbers. Therefore, additional NPA codes, such as 888, 877, and 866, are now used for toll-free calls. Some companies use toll-free numbers to dial into their PBX systems, which then gives them access to special outgoing long distance lines. This PBX system feature is called Direct Inward System Access (DISA). Although DISA can often be a cost- effective system for providing long distance service for traveling employees, hackers have attacked some companies and used these lines to steal long distance service. Premium: 900 Unlike 800 numbers, which companies provide free as marketing and customer service tools, a 900 number is often used as a revenue-generating product. When calling a 900 number, the customer not only pays for the long distance charge, but is also charged a premium by the called company. The extra fee can be as high as $50 per minute. Companies are using 900 numbers for customer support, fund raising, and pay-as-you-go services. By using a 900 number, a company can simplify its billing procedure. Because the customer’s telephone number is billed, the company does not need to create credit card transactions or issue a bill. The Federal Trade Commission (FTC) has established rules that dictate how vendors advertise their 900 number services. For example, they must include in their print, radio, and television advertisements the total call cost, if it is a flat fee call, the per- minute rate if so billed, the fee ranges if they provide different call options, the costs of any other 900 number to which you may be transferred, and any other applicable fees. Other rules apply, and there are exceptions. See http://www.ftc.gov for more information 700 Services IXCs can use the 700 area code to implement new services. These numbers’ destinations are carrier dependent, and some premium services use 700 area codes. Follow-Me: 500 The 500 area code was originally reserved so that carriers to provide personal “followme” services. Some “telesleaze” vendors use 500 numbers to redirect callers to international numbers, and then bill the caller for the call at rates exceeding $2.00 a minute.

Number Formats

Currently, telephone numbers are decimal digits dialed via the pressing of buttons. Each button press sends two tones down the phone line to the central office. These two tones are called DTMF – dual tone multifrequency. The phone numbers dialed are used to dial local, long distance, or international numbers. The format of the numbers is determined by ITU-T standards. These standards are listed in the E.164 recommendation. According to the standard, the telephone number must be 15 or fewer digits and begins with an international country code. Each country is responsible for defining the numbering plan within its own telephone network. Telephone numbers adhere to the following structure: 1.- If necessary, an access code may be dialed. This access code is required for

international and non-domestic calls. 2.- The country code is dialed just after the access code. The coun- try code for the United

States and Canada is 0. International numbers often are dialed with a + sign preceding the country code. 3.- The area code points to the called geographical area. Many locations currently

require 10-digit dialing. When the geographical area “ran out of numbers” an overlay plan was implemented and the area code is dialed even within the local calling area. 4.- The local number is seven digits long. The first three select a local exchange or central office. The last four digits dialed select a port within that central office and represent the local loop for the subscriber called.

Number Blocking Use Call Blocking to prevent the called party from viewing your direct phone number when you make a phone call. This can be done on a per-call basis by dialing “195” before placing your call. The person you are calling will see a “blocked call” or “private” message on caller ID. The actual message that they see will depend on the telephone company that they are using. Anonymous Call Blocking The anonymous call blocking feature of caller ID prevents a caller’s name and number from being sent with a telephone call. Telemar- keters, of course, may take advantage of this concept; however, a person who receives an anonymous call may simply choose to not answer it.

Digit Translation Digit translation rules may add or remove digits to/from the dialed number, before a call is routed, so the call will reach its destination. Digit translation changes the dialed number to a different number. The dialed number may not be the number used by the system. The

number may not be known on the PSTN – public switched telephone network. Area codes for local calls may be removed. A digit translation may be set in a transformation mask value in a Called Party Transform Mask Field. Valid (Cisco example) entries include the numbers 0 through 9 a wild card character and a blank. If no configuration is set the number will be sent without a transformation, i.e. the dialed digits are sent exactly as dialed. Digit translation may be used manipulate the caller’s automatic number identification (ANI), who is calling you, or to manipulate the dialed number identification service (DNIS) digits, the number the caller actually dialed, for a voice call. DNIS captures the dialed DTMF - dual tone multifrequency digits.

Toll Fraud Hackers try to use enterprise telecommunications systems to gain “free” access to outside facilities. Though free to them, toll fraud annually costs companies millions of dollars in unauthorized toll charges. Potentially more severe is the operational impact; once in, hackers can block outbound and inbound line access Once they have located a weakness, hackers attack relentlessly, often sharing this information with others. They attack in a number of ways: through maintenance ports, voice mail, automated attendants, and remote access services. Hackers may gain system access by shoulder surfing (observing and intercepting dialed digits), dumpster diving (acquiring telephone records from a company’s trash), diverting calls, and placing agents inside the company. We can protect our voice systems against toll fraud in a number of ways: Remote access/Direct Inward System Access (DISA)— To enter customer premisebased PBX systems, avoiding inbound call charges, hackers frequently first call tollfree numbers. Once connected, these hackers use random number generators and password-cracking programs to locate a number combination that provides them outside facility access. We can protect our voice systems from this type of toll fraud by first evaluating our remote access needs. If unnecessary, we can turn off this feature and close a system backdoor. If we need this service, we can begin our protection efforts by using unpublished inbound numbers. We can configure the system with barrier and authorization codes of the maximum length, and administer the system so that it does not provide dial tone while waiting for barrier or authorization code entry. We can set the system to disconnect after a preset number of invalid remote access attempts. We may restrict remote access outbound area codes and access hours. We may set authoriza- tion codes to raise Class of Restrictions (COR) for specific users or user groups.

We can protect our remote maintenance ports by changing these ports’ login IDs and passwords, as toll defrauders are well aware of the vendor-supplied default IDs and passwords. If using PC-based emulation programs for administrative access, we can ensure that we do not store dial-up numbers, logins, or passwords as part of an automatically executed script. We can install port security devices on each end of the main- tenance link. Avaya markets a Remote Port Security Device (RPSD) that consists of a modem-sized lock and key. We place the lock on the PBX-end serial port, while we place the key on the maintenance terminal port. The lock and key must match before the devices will open a communications link Automated attendants—Automated attendants are vulnerable as well. Hackers try to find a menu choice, even one unannounced, which would lead to an outside facility. The following auto attendant security tips apply: 1.- Never allow a menu choice to transfer to an outgoing trunk without defining a specific destination. 2.- When any of the digits zero through nine are not menu options, program them to transfer to an attendant, an announcement, a disconnect, or other intercept treatment. If the numbers eight and nine are PBX feature access codes, translate these menus to an extension. 3.- To prevent specific call types or calls to other CORs, assign specific CORs and Facility Restriction Levels (FRLs) to each port. Since the PBX treats the auto attendant ports as stations, we can configure these ports as we do stations. FRLs work with call permissions and route patterns to determine where calls may be placed. The higher the FRL, the greater the calling privileges. We would want to set auto attendant ports to the lowest possible FRL. 4.- Assign the auto attendant ports a class of service (CoS) restricting outward call access. 5.- Restrict our auto attendant menu options to transfer only to internal extensions or

announcements. Voice messaging—Voice messaging systems are also toll fraud targets. Criminals attempt to transfer to automatic route selection (ARS) dial access codes, trunk access codes, trunk verification codes, facility test call access codes, or data origination codes through the voice messaging system. A criminal needs to have only a touch-tone telephone to break into an inadequately secured voice messaging system. The following security tips apply:

1.- Protect voice messaging systems by restricting transfers back to the host PBX. Instead,

disallow transfers, use enhanced call transfer features, or allow transfer to subscribers only. 2.- Use maximum length passwords where feasible

3.- Deactivate unassigned voice mailboxes, creating voice mailboxes only when needed. Upon new extension activation, require users to immediately change their voice mail password. 4.- Never announce that the called individual will accept third-party billed calls. This

allows unauthorized individuals to charge calls to the company. 5.- Never use obvious and trivial passwords, such as the telephone extension, room

number, employee ID, social security number, or easily guessed number/letter combinations. 6.- Change adjunct default passwords immediately. 7.- Lock out consecutive unsuccessful voice mailbox entry attempts. 8.- Discourage users from writing down passwords, storing them, or sharing them with

others. Secure passwords that must be documented. 9.- Never program passwords into auto dial buttons. 10.- Ensure that the carrier provides reliable disconnect to the PBX. Reliable disconnect

prevents the CO from returning dial tone after the called party disconnects. IP PBXs—Since VoIP systems are fundamentally data networks carrying voice traffic, not only are they vulnerable to toll fraud, but also to the many security threats typical data networks confront. VoIP systems commonly tie into the PSTN. This means that a hacker who gains access to the VoIP network can potentially call anywhere in the world by means of the network’s PSTN gateway. These security measures are only as effective as those who exercise them. We must educate users on their implementation, and establish a written toll fraud security policy. Additionally, we must exercise effective physical security, so that only authorized personnel may access administrative and attendant consoles, PBX and messaging systems, and wiring closets

ENUM ENUM stands for Electronic Number. ENUM is described in RFC 2916. ENUM is based on Domain Name Services (DNS). ENUM maps telephone numbers to IP addresses and domain names. The telephone numbers are defined by ITU-T E.164 recommendation. 1.- ITU-T E.164 defines the structure, format, and hierarchy of telephone numbers

2.- A fully qualified E.164 number has a country code, an area code or city code and a

subscriber or station number. 3.- The IP addresses are defined by the RFCs of the Internet by the IETF

Naming Authority Pointer (NAPTR) is defined in RFC 2915 and is a DNS Resource Record (RR). When given a telephone number the DNS server, using NAPTR will return a populated Uniform Resource Identifier (URI). Examples of URIs include: 1.- http - hypertext transfer protocol 2.- https - hypertext transfer protocol secure 3.- ftp - file transfer protocol 4.- mailto - email address 5.- tel - telephone number

6.- sip - session initiation protocol 7.- ldap - lightweight directory access protocol URI’s are pointers to land line phones, mobile phones, faxes, SIP Servers, voicemail, email addresses including VPIM (Voice Protocol for Internet Mail), instant messenger and IRC aliases, web pages, global call forwarding, and others. The Réseaux IP Européens (RIPE) is responsible for administration and coordination of WAN IP networks in their area of authority. The RIPE operational instructions for an E.164 domain are provided here: www.ripe.net/enum/instructions.html To build an ENUM to domain translation, 1.- Take the initial phone number: +1-800-555-1212 2.- Remove all characters but keep the numbers: 18005551212 3.- Separate the numbers with dots/periods: 1.8.0.0.5.5.5.1.2.1.2 4.- Reverse the numbers, this is to map the number to DNS reverse number lookup:

2.1.2.1.5.5.5.0.0.8.1 5.- Append the Tier-0 DNS zone of e164.arpa, this domain has not been agreed upon by all nation states in the world: 2.1.2.1.5.5.5.0.0.8.1.e164.arpa Thus, when the telephone number of +1-800-555-1212 enters the network; a resolver on the client will query a DNS server. The DNS server will find the phone number 1-800-5551212 in the domain e164.arpa and return a URL.

An ITU-T E.164 phone number of (07) 3224 8444 (Queensland, Australia, Disability Information) becomes in ENUM format: 4.4.4.8.4.2.2.3.7.0.e164.arpa (Advanced Research Projects Agency). Starting from the right: 1.- e164.arpa is the top level (Tier-0) DNS domain name for ENUM 2.- the 7.0 is the reversed country code zone number

3.- the first digits 4.4.4.8.4.2.2.3 are the local, within the nation, phone number (For a list of country code telephone zone numbers go to http://www.wtng.info/wtngcod.html) 1.- United Kingdom +44 2.- France +33 3.- Australia +61 4.- United States +1 5.- Canada +1

Each member state is responsible for the final decisions concerning usage and adoption of the ENUM within their sovereign nation's zones.

It is planned that all public phone numbers will enter the domain e164.arpa. The domain structure from e164.arpa on down will be the authoritative 'root' for E.164 telephone numbers. Thus a search from a phone number to a URL will only traverse one branch of the DNS tree. In the global dialing plan the domain is: e164.arpa. Private phone numbers may be attached to any needed domain. In a private dialing plan the domain could be your company's domain: e164.example.com Electronic numbers supports all IP-based communications. This in- cludes voice, video, fax, voice mail, instant messaging, SMS, MMS, paging, etc. After passing a telephone number to DNS, the user could be contacted at their phone, email address, web site, IRC identity, SIP gateway, etc. The phone companies are considering using the ENUM number as each individual's one and only phone number since it may be converted via DNS to nearly any URL

When an endpoint starts a VoIP call using an IP address, the ENUM system will, if necessary, translate that phone number into an IP address. The ENUM system will first determine if there is a registered IP address for the called party. If that IP address exists the call is made IP to IP. If that IP address is not registered, the request is sent to the PSTN - public switched telephone network to complete the call. SIP connections will map the PSTN telephone number to sip:[email protected] via a DNS request.

Electronic Number – ENUM Using DNS for Translation

Each telephony product should ultimately include a DNS resolver to initiate the requests from that handset, or endstation. Countries may decide for themselves whether to join the ENUM system. The control of assigning E.164 phone numbers is the responsibility of each sovereign state. Each DNS zone administrator is responsible for adding their zone's phone numbers into their e164.arpa domain. ENUM is managed by the ITU - International Telecommunications Union but is operated by IAB - Internet Architecture Board

Local Number Portability As we saw earlier, the Federal Communications Commission (FCC) has mandated that a long-term solution to local number portability (LNP) be implemented by the telecommunications industry. In other words, the FCC wants customers to be able to switch service from a LEC to a CLEC (or back again) without losing their existing telephone numbers. As of November, 2003, both wireline and wireless telephone service providers must support LNP in the same local geographic area. In other words, if you choose to change carriers, whether from wireline to wireline, wireline to wireless, or wireless to wireline, in most cases you can keep the same telephone number. The FCC has granted certain smaller carriers temporary stays from this requirement, and litigation is still ongoing in many regions. Additionally, in some areas you can now port an existing number to a Voice over Internet Protocol (VoIP) carrier, such as Vonage or AT&T’s Callvantage service. The Advanced Intelligent Network (AIN) architecture supports LNP. The AIN uses the SS7 network to enable carrier switches to share information such as Location Routing Number (LRN). An LRN identifies a switching port (the carrier) for a particular telephone number. When a caller dials a number, the local CO switch uses SS7 mes- sages to query a number database. This database provides the LRN assigned to the dialed number. Using the LRN, the CO switch can route the call to the called number’s current LEC. If the subscriber changes carriers, only the LRN changes, not the telephone number. AIN also allows cellular telephone users to roam between networks. The AIN Support for LNP Diagram shows how the AIN supports LNP

Network Equipment Building Standards (NEBS)— Originally developed by Bell Labs, the NEBS requirements enable telcos to build networks that can survive and continue operating under the most severe conditions. The two documents describing NEBS requirements are: GR-63—Physical equipment protection GR-1089—Electromagnetic compatibility and electrical safety Local Number Portability (LNP)—The two Telcordia GRs addressing local number portability services and operations are: GR-2936—Switching and signaling requirements to support portability between service providers located on the same or different rate centers

GR-2982—Specific provisioning, call processing, network management, signaling, and other requirements involved in supporting portability across rate center boundaries Voice over Packet Technologies—These GRs outline performance and operational requirements for interfacing voice over packet networks to legacy telecommunications technologies. Some important requirements include: GR-3051—Voice over packet call connection agents (CCAs) (gatekeeper functions) including call flows (call setup and release), CCA functional architecture, network access, interfaces to other network elements, call connec- tion and processing procedures, gateway operations, call routing, and network management and operation GR-3053—Signaling interfaces between voice over packet and the SS7 networks (signaling gateway) GR-3054—Interfacing voice over packet networks to the PSTN (trunk gateway) GR-3055—Interfacing PSTN line-side devices (analog telephones, ISDN equipment, PBXs, and other equipment) to a voice over packet core network (access gateway) GR-3060—Transporting legacy telecommunications services across voice over packet networks

Emergency Service E911 is Enhanced 911 and based on FCC guidelines that are designed for public safety and emergency preparedness. It is required that “interconnected” VoIP providers supply E911/911 service. Both the origination and termination call locations must supply E911 access via wireline, wireless, and broadband network connections. If the “interconnected” provider supplies phone service, then 911 must also be supplied. Interconnected VoIP service is defined as a broadband Internet connection over which packet-based telephone calls and/or standard PSTN telephone calls are made. (DSL, cable networks or broadband wireless networks) The telephone networks of most countries support an emergency services telephone number. This phone number allows a caller to contact emergency services like police, fire department, medical, or emergency rescue services. Although services and service phone numbers differ by country, most emergency numbers are short, typically three digits, to help make them memorable. Emergency numbers like 911 in the United States are intended to be used in emergencies only. For routine inquiries or non-emer- gency services, traditional 7 or 10 digit numbers should be used. Routine calls, prank calls, and other non-emergency calls should not be made to the emergency services numbers. Persons making inappropriate calls to emergency services are often prosecuted in a court of law. Traditional phone numbers are assigned to a local loop, a specific house or business - a specific geographic location. This makes it easy

for emergency response teams to pinpoint exactly where their services are needed. The location of the number remains fairly static. Thus, emergency service operators can, when an emergency call is disconnected, call back to the location of the emergency, With packetbased telephony, mobility is a strong benefit, except in cases of emergency. The call made in an emergency on a cable access network could have been made from anywhere. When using VoIP E911 services. The consumer must register their physical with their VoIP service provider and keep that information up to date

The 9-1-1 system was initiated by AT&T in 1965. “The National Emergency Number Association (NENA) estimates that as of February 2005, some form of 911 service was available to nearly 99 percent of the population in 96 percent of the counties in the United States” As referenced in See National Emergency Number Association, 911 Fast Facts (visited Apr. 25, 2005) http://www. nena.org/911_facts/911fastfacts.htm (NENA 911 Fast Facts). NENA also states approximately 200 million calls are made within the United States to the 911 emergency services each year. The cost of building and maintaining the 911 infrastructure is borne by the state and local governments across the nation. In August of 1999 the United States adopted 911 services for wired as well as wireless calls, thus there is a required end-to-end emergency system for wireline calls, wireless calls and VoIP calls

Voice Terminals

Today’s telephone technologies offer a variety of ways to com- municate using voice, video or both. Customers have the choice of communicating via a computer, a standard analog handset, a USB to computer connection, and more. These virtual or physical phones support multiple protocols and codecs, including H.323, SIP, G.711, G.729 and many others

IP Phones A computing device with embedded telephone VoIP software. No computer is required only Internet access. Instead of a standard RJ11 interface to connect to an analog POTS line, the phones con- tain an RJ45 to Ethernet connector. These IP phones are available for a price of $70 for a basic model up to around $700 for multi- featured models that run additional applications and have a color LCD interface. These IP phones may be powered by standard AC transformers or can receive their power via the new IEEE 802.3af Power over Ethernet standard. Cisco PoE phones currently use a proprietary Cisco standard for transmitting power. To enable Power over Ethernet on a non-PoE phone an additional converter will be required.

TDM Phones Time division multiplexing (TDM) phones sample the speaker’s voice in blocks, but these blocks of voice payload are sent across the TDM bus (a separate Ethernet segment) with a small header prepended to the payload. These blocks are then sent, in order, across the bus based on time – thus you have a virtual circuit running Ethernet packets. Standard phones operate using TDM. When MACs (moves, adds, and changes) are required, a phone technician must be called and a change must be scheduled. When the phone is IP-based, the phone merely is unplugged from the Ethernet jack and moved to a new Ethernet jack. The phone will work with no changes required in the closet, punch down block, or PBX

Analog Phones The most common method used to connect an analog phone to VoIP is through an ATA an Analog Telephone Adapter. This device communicates directly with the VoIP server using the configured protocol. Possible protocols include: H.323, SIP, MGCP, IAX, etc. The ATA and not the analog phone will process the coding and encoding of the voice. ATA boxes do not require a PC

Analog Telephone Adapter Connecting Analog Phones to IP networks

Dialup Hard Phone A dialup hard phone is an IP phone with a built-in modem instead of a built-in Ethernet NIC. The device dials a remote VoIP server and a call is made. In areas without broadband access, a dialup hard phone, a phone line, and an Internet Service Provider (ISP) are the only requirements to make a VoIP call.

PC-Based Soft Phones A soft phone is a virtual phone created in software. Soft phones are installed on computers to emulate a hard phone. The functionality of hard phones and more may be emulated in the soft phone. Many soft phones will support both voice and video streams. A soft phone requires an audio card, microphone, and headset or speakers. Or, the phone may be a USB connected handset. Soft phones are cheaper than their hardware counterparts and may often be downloaded for free. Soft phones may support H.323, SIP or both. Versions are available for Apple Macintosh OS X, Linux, Microsoft Windows operating systems, mobile PCs and PDAs

Microphones and Headsets or Speakers The local computer’s audio card captures the voice stream from the local microphone and delivers the audio from the remote end via the local headset or speakers. VoIP speakers accept a digitized audio stream from IP phones, whether hard or soft phones. This audio stream is the audio from the far end playing locally through a USB phone, a pair of speakers, or an overhead paging system

USB Hand Sets USB (Universal Serial Bus) phones are remote control devices for the soft phone running on the computer. The USB device provides microphone, speakers, and a dial interface. The soft phone itself does the voice encoding/decoding and connection management. Be aware before buying a USB hand set, the USB software/ hardware device drivers are operating system specific

SIP Phones Phones designed to communicate using Session Initiation Protocol (SIP) may be a hard phone, soft phone or an adapter allowing the caller to use their ‘legacy’ analog phone. The hardware SIP phone has an RJ45 connector to directly connect the phone to an Ethernet network. Two or more parties may converse when using SIP phones. To make a call from SIP phone to SIP phone, the following pieces are required: a soft phone or a hardware phone adapter on both end stations, for quality digital voice call, a broadband connection to the Internet is required, to dial from a SIP phone to a phone on the PSTN – Public Switched Telephone Network, a virtual number is assigned to your SIP phone.

PDA Soft Phones PDA soft phones have the same functionality as PC-based soft phones but instead run on a personal digital assistant on a mobile computing software platform like Windows Pocket PC, Windows Mobile, or Palm OS.

WiFi Phones Wireless Fidelity phones are hard phones with an integrated WiFi transceiver. There must be a wireless base station to allow the WiFi phone to contact the VoIP server. WiFi phones often include support for the cellular network as well. Thus if wireless is not available the phone will switch over to a GSM network. GSM stands for Global System for Mobile communications

NETWORK ENGINEERING

Network Requirements for Convergence If a network is to carry a wide variety of traffic, it must have the following capabilities: • Identification—The network must be able to tell the difference between frames that contain video, audio, file transfers, or interactive commands. • Prioritization—The network must detect whether some frames are more urgent than others. • QoS or class of service (CoS)—The network must be able to provide varying types of service, according to the type and urgency of each frame. For example, the network must know that a high-capacity, long-delay link is better for file transfers, while a low-delay link (even with less capacity) is better for streaming multimedia

Converged Network Architecture There are many ways to implement a converged network. We might assume that convergence requires a homogeneous infrastructure, so that a network is either completely packet based and connectionless (such as shared and switched LANs, or packetservice WANs), or completely connection-oriented (such as ATM to the desktop and longdistance ATM clouds).

A Hybrid Approach to Convergence In practice, neither type of homogeneous architecture is viable, due to the different economic and performance requirements for LANs and WANs. A converged network that spans large distances, shown in the Wide Area Converged Network Diagram, has a WAN core network surrounded by LAN edge networks.

In general, the edge networks will use different technologies than the core. Furthermore, for many reasons, each edge network may be based on a different technology than the others. One edge network may be based on a switched Ethernet fabric (one without Layer 3 routing), another on routed Ethernet segments, and a third on ATM LAN technology. The WAN core may consist of a single technology network, such as frame relay, ATM, or the Internet. Alternatively, it may consist of multiple parallel networks, some connection-

oriented and some packet-switched, as shown in the WAN Core Technologies Diagram. The WAN core may consist of a single technology network, such as frame relay, ATM, or the Internet. Alternatively, it may consist of multiple parallel networks, some connectionoriented and some packet-switched, as shown in the WAN Core Technologies Diagram.

Parallel WAN Paths for QoS An architecture that uses multiple parallel paths offers significant advantages to a converged network. It is possible to solve many QoS problems in a LAN simply by radically oversupplying network capacity (in other words, by throwing bandwidth at the problem). However, this is not economically feasible in a wide area network (WAN) because WANs are engineered to optimize their resource use for a particular class of traffic. This means that a single WAN technology cannot provide good service for all the types of traffic that cross a converged network. Connectionless packet-based networks, which make up a large portion of the Internet, provide good service to bursty, non-time- critical traffic. They do not deliver good service to traffic with tight bandwidth, delay, and jitter requirements. On the other hand, connection-oriented networks, such as ATM, provide good service to traffic with tight bandwidth, delay, and jitter requirements. However, it is costly to use ATM networks for bursty traffic. Consequently, a converged network is likely to have a core that consists of multiple WAN networks. The edge LANs carry voice, data, and video traffic over a common physical infrastructure. However, at the LAN/WAN boundary, traffic is classified by QoS and routed over the WAN network that provides the most appro- priate QoS. For example, bursty, non-time-critical traffic will be routed over a packet-switched WAN. Multimedia data, however, will probably be routed over a connection-oriented network that provides QoS guarantees

Application-Level QoS Application-Level QoS Converged networks may be able to use the application-level QoS principle to optimize application performance by customiz- ing network devices on an application-by-application basis. For example, a network could filter traffic according to the appli- cation, then handle the traffic according to each application’s unique processing requirements. Active networking, in which applications download small programs or configuration data into network devices, is another example of this principle. Before networks can guarantee QoS on a per-application basis, some important issues must be addressed, such as security, resource management, and inter-device coordination. However, an organization could enjoy a significant competitive advantage from a network that could optimize services for important applications.

Voice Quality

In a converged network, changing network conditions have dif- ferent effects on network performance and voice quality. “Voice quality” is a subjective term that describes how accurately a digitized and transmitted signal represents the original sound of a human voice. The perception of voice quality is generally a combination of several different factors: • Clarity describes how much of an original sound is recorded by a digital signal, and how much outside noise is included. Clarity can be affected by many factors, such as silence suppression, voice coding and decoding, jitter, loss, and noise. • Echo occurs when some of a transmitted signal returns to the sender. As network delay increases, so does echo. • Delay occurs when packets are not received when they are expected. If packets do not arrive promptly and at a constant rate, the illusion of a continuous voice signal cannot be maintained. Delays can cause annoying gaps in a conversation. The effect of delay is not usually noticeable until the sum of all delays exceeds 500 ms for a single end-to-end transmission (one way). Thus, network engineers work to limit these combined voice network component delays to no more than 200 ms. We will discuss delay in more detail shortly

The QoS Parameters All discussions concerning QoS in data networks focus on some or all of the following parameters: • Bandwidth—The raw measure of the network’s physical or logical data handling capacity. This is measured as an absolute value (10 Mbps Ethernet), or a minimum value (a frame relay circuit’s Committed Information Rate [CIR] of 56 kbps). • Throughput—Throughput is the actual data carrying capacity of a network. Throughput is calculated by subtracting delay, overhead, and other components of normal network operation from the raw bandwidth. On a 10 Mbps Ethernet segment, once overhead, collisions, device latency, and other factors are considered, actual throughput may only approach 2 Mbps. • Delay, or Latency—Delay is the time it takes packets to cross a network. Any device that manipulates a packet can introduce delay. The measure is a maximum value, such as a maximum of 200 ms round trip delay, or 110 ms end-to-end delay. • Jitter—Jitter is variable delay. Jitter is measured in a number of ways, such as a percentage of the maximum network delay (+/- 10 percent), or as a variation above or below the average network delay (+/- 10 ms of the average network delay over a period of time).

• Wander—Wander is the variation of a signal from its timing reference. Synchronous circuits use a clock reference to ensure that each device sending or receiving a digital data stream knows where the information begins and ends. If a clock ref- erence degrades or becomes unavailable, the digital signal will eventually wander from the reference. Other network devices will lose track of where data is located in the data stream. • Packet Loss—Also known as information loss or just loss, packet loss measures the number of packets lost across the network as a ratio of the total sent. For example, packet loss between network nodes could measure 1 packet in 10,000 undelivered (lost). • Availability—Availability measures the amount of time the network is available for use, as a percentage of the total time in a day, week, month, or year. Much is mentioned about achieving five 9s (99.999 percent) availability on a network. • Security—Security is not a measured value, but nonetheless is an important consideration when determining the QoS on a network. We would want only authorized calls on the packet voice network, and we may want to encrypt voice triffic traversing the public Internet.

Bandwidth Bandwidth refers to the raw data carrying capacity of a particular carrier technology. For example, a T1 circuit carrying several frame relay permanent virtual circuits (PVCs) provides a bandwidth of 1.544 Mbps. The individual PVCs provide some bandwidth up to the T1 port’s maximum physical bandwidth. In any network, whether voice or data, bandwidth is a primary QoS concern. As network traffic grows, so does bandwidth utiliza- tion. As bandwidth utilization increases, throughput decreases. At some point, even the common practice of “throwing bandwidth at the problem” reaches its practical limits, and so we are forced to address bandwidth limitations in our network designs. In converged networks, voice traffic must often contend with bursty data for scarce network bandwidth. Bursty traffic, if uncontrolled, can monopolize the network’s bandwidth. Hence, we must use QoS techniques such as admission control and traffic shaping to control and buffer bursty traffic entering and traversing our networks. Voice codecs require a minimum amount of bandwidth to operate. The G.711 codec defines 64 kbps PCM voice encoding and requires at least 64 kbps of bandwidth. If we try to push PCM encoded voice calls across a link with insufficient bandwidth, the call will fail. Data applications will generally perform better if given more bandwidth; they are said to be bound by the network’s bandwidth, or bandwidth bound. Voice applications, on the other hand, do not perform any better if given more bandwidth than the application requires. Voice application performance is bound to the network’s delay; that is, once given enough band- width to enter the network, the network delay decides how well they

perform. Delay is not determined by network bandwidth alone, but also by network component and link performance.

Throughput Throughput measures the actual network performance, that is, the network’s actual ability to transfer data. Bandwidth describes the ideal condition, while throughput is a more practical measurement of the network’s capacity. Many factors can effect network throughput: • Collision rates on contention-based networks • Traffic volumes on network segments • Network device performance (switches, routers, firewalls, gateways) • Maximum transmission unit (MTU) • Fragmentation rates • Delay As you might imagine, calculating actual throughput can be quite daunting, as the list of variables indicates. However, we can calculate the instantaneous throughput packets experience on the network if we know the packet size and how much time elapses as they travel from the sender to the receiver. For example, assume you send a 500 byte packet across a network segment. Using a packet sniffer, you capture the time the packet leaves the sending node. You are also able to capture the time the packet arrives at the recipient node. Since you already know the packet size, you can calculate the throughput the packet experi- enced by dividing the packet size by the end-to-end transmission time. If the packet took 90 ms to reach the recipient, then the net- work throughput provided the packet equals (500 bytes * 8 bits/ byte) / 90 ms = 44,440 bits / second.

Delay Delay, also known as latency, is the time a circuit requires to carry bits from one point in the network to another. Bandwidth-bound applications realize a lower delay when provided with more bandwidth; the greater the bandwidth, the lower the delay. Delay-bound (voice) applications, also known as latency-bound applications, specify the maximum allowable delay voice packets may experience as they traverse the network. For example, many VoIP applications dictate that voice packets must not experience more than 200 ms delay end-to-end. We can calculate a packet’s delay at any point on the network by comparing the time the packet arrived at a point to the time it leaves that point. For example, if an IP packet arrives at a router’s ingress port at time 14:25:00.000 and it leaves the egress port at time

14:25:00.090, we can subtract the departure time from the arrival time. The difference is 14:25:00.090 - 14:25:00.000 = 90 ms, or 90 ms delay. Delay can be measured at many points in the network. The TCP/ IP traceroute utility allows us to measure delay at each hop in a packet’s path. We can use packet sniffers and protocol analyzers to evaluate end-to-end and round trip delay by monitoring out- bound and inbound TCP and RTP messages, and calculating the time it takes for the sender to receive TCP acknowledgments, or by comparing the RTP send time to the received time. Important to remember is that delay will vary at each hop depending on net- work bandwidth, congestion, and the QoS mechanisms in place In a real-time, delay-sensitive application, we won’t necessarily decrease delay if we only throw more bandwidth at the problem. This is because bandwidth alone does not determine the delay packets will experience across a network. Additional processing delay, also called “serial delay,” is added by devices that encode and decode signals, compress data, or assemble data into packets. Encoding, Decoding, and Compression It takes time to convert a voice signal from analog to digital. A similar delay, or latency, occurs when the remote end converts the digital signal back to analog. Voice compression reduces the number of bits in a transmission by removing redundant character strings in the digital character stream. However, compression algorithms increase latency by requiring large voice stream samples before they can compress and packetize voice signals.

Packetization It also takes time for a device to accumulate enough voice samples to fill a packet. For example, codecs sample an analog voice signal once every 1/8000th of a second, or every .125 ms, and represent each sample with eight binary bits. To fill the data portion of a default IP packet (576 bytes), we would need 556 bytes x .125 ms/byte = 69.5 ms. Delay also occurs when a large packet is fragmented to cross a link that has a smaller MTU. To reduce or eliminate this delay, we can adjust network devices and endpoints to use the smallest MTU on the path. Thus, by reducing packet size, we can eliminate fragmentation, and reduce the time needed to build packets. However, too short a packet results in high packet overhead. Hence, we need to weigh packetization delay against packet overhead to come to an agreeable compromise.

Achieving this balance can be a challenge on high-speed LANs that are optimized for data transfers. For example, some Gigabit Ethernet networks use a proprietary approach, known as “jumbo frames,” to provide a better ratio of data payload to packet overhead. The MTU of a jumbo frame is larger than the Ethernet standard MTU of 1,518 bytes; some jumbo frames can be as large as 9 Kb. Although jumbo frames can improve overall network performance, they can increase the problem of packetization delay by requiring more time to fill each frame.

Jitter Delay creates problems even when it is consistent and predictable. But there are also many sources of variable delay. Varying packet sizes, varying levels of network segment congestion, network device performance, QoS techniques that queue packets based on network conditions (DiffServ), etc., all cause packets to experience varying delay conditions. For example, a sending node may transmit some packets immedi- ately, but queue other packets while waiting for free bandwidth. This is common on shared-media networks, when collisions cause the sending device to back off and attempt retransmission. Intermediate devices can also create queuing delays. For example, if a switch or router treats all packets with the same priority, a voice packet can get stuck in the queue behind other, less time- critical packets; however, the voice packet right behind it might not incur the same delay. When a signal is subjected to variable delays, several packets may arrive over a large time interval, or conversely, a clump may arrive all at once. We call this effect “jitter.” Jitter Buffers A jitter buffer, in the receiving endpoint’s audio codec, can reduce the perceived delay by accumulating packets and releasing them at a constant rate. However, jitter buffers introduce additional delay because of the time needed to fill them. The length of this delay depends on the network’s expected maximum jitter. For example, assume that voice packets will experience a maximum of 100 ms delay between the sending and receiving endpoints (actual packet-by-packet delay could vary from some value less than 100 ms to the maximum, and possibly beyond). In that case, we can configure the receiving codec’s jitter buffer to hold 100 ms of audio samples before releasing them for playback. If the sending codec creates voice samples every 10 ms, those samples should (ideally) reach the receiver at 10 ms intervals. However, we know that the end-to-end network delay is variable, so the second sample might arrive 20 ms after the first, the third 15ms after the second, and so on.

The receiving buffer queues up 100 ms of samples before playing them out to the listener. The receiving codec plays out a sample every 10 ms. If the packets come every 10 ms, the buffer will remain full. If they come slower, the buffer queue will shorten, but will still play back a steady audio stream to the listener, as long as packets continue to arrive in time to keep the buffer full. If delayed packets arrive in a clump, they refill the buffer queue Playback problems develop, however, if network conditions vary too much. If packets arrive too slow, the buffer can underrun (empty too fast), causing gaps, or “clipping,” in the playback audio. If the packets come too quickly, the buffer may overrun and drop packets. A static jitter buffer, one set to a specific value, is vulnerable to overruns and underruns. Additionally, the static buffer always introduces a fixed delay, regardless of network performance. Dynamic jitter buffers adjust to the varying rates at which packets are received, so they can reduce or increase their latency as network performance changes. The result is a reduced likelihood of buffer overruns and underruns. Measuring Jitter Jitter can be measured in a number of ways. If a VoIP application specifies acceptable jitter as a relative value, jitter can be measured as a percentage deviation relative to a maximum allowable delay value. If the application states an absolute jitter value, this means that the stated jitter value is the absolute allowable range. As a deviation from the average jitter, the application could specify an acceptable jitter range that references an average value over time. No matter how jitter is specified, jitter outside the stated range will cause poor voice quality. As you may have surmised, non-real time traffic is less sensitive to jitter than is real-time traffic. Hence, we need not spend a great deal of effort chasing down jitter sources for nonreal-time traffic. However, when we combine real-time and non-real-time traffic, we must consider jitter if we wish to play back voice messages, send faxes, and push other jitter-sensitive traffic across the same network segments over which our bandwidth bound traffic travels

Wander Wander occurs when synchronous data deviates from its timing source. Since IP networks are asynchronous, wander is not an issue. However, we need to consider wander whenever voice traffic requires an associated clock to ensure accurate timing, such as on a synchronous WAN link. WAN data circuits use buffers to minimize wander. These buffers store a certain amount of the received signal, and may retime the signal for transmission to upstream devices.

Packet Loss

Packet loss, to a certain extent, is a normal occurrence on best- effort networks. TCP provides loss recovery mechanisms, such as message acknowledgments and sequence numbers. Thus, non- real-time traffic is generally more forgiving of lost packets than is real-time traffic. However, the human ear is not so tolerant. Unless the network employs specific countermeasures, such as forward error correc- tion or error concealment, users will hear annoying gaps and clicks. Whether a user can perceive this effect depends on the packet loss rate and compression algorithm used. The higher compression schemes are less forgiving. There are many reasons why networks lose packets. Some QoS architectures and techniques deliberately discard packets as part of their traffic control protocols. Routers, switches, and other network devices may drop packets due to network congestion or device malfunctions. Even redundant network links can drop in-transit packets as the network recovers from an outage. VoIP applications will commonly specify the amount of packet loss for which they can compensate. The application can also specify whether it can utilize packet retransmission as a recovery method. Note that if a real-time application allows for lost packet retransmission, this will probably be implemented through the use of acknowledgments and buffers in the sending node, which will add latency to the network

Availability If a network is not available for users, it is just an expensive conglomeration of wires and devices. To some businesses, occasional network downtime is only a minor nuisance. To others, such situations can cause serious damage, including: • Lost productivity because of idle workers • Lost revenue when customers go elsewhere • The direct support expense of returning the local area network (LAN) to service Some network downtime cannot be avoided; equipment failures and link outages do occur from time to time. A key to maintaining high network availability is preventive maintenance. However, pre- ventive maintenance at times requires network downtime, as well. To recognize the effect varying availability rates can have on a network, consider the following: There are 31,536,000 seconds in a year (excluding leap years). With a network availability rate of 99%, the network would be available for use 31,220,640 seconds per year, or 23.76 hours per day. This means that the network is available for use 361.35 days per year. This also means that it is unavailable for 3.65 days per year. If a company makes $1,000,000 per

day on the Internet, this means a revenue loss of $3.65 million a year due to network downtime. However, if the network provides a 99.9% availability rate, then the network is offline only .365 days per year. This reduces their network downtime losses to just $365,000 per year. Network device vendors target the elusive “five 9s” (99.999%) availability rate as the ultimate level of availability. Additionally, service providers may promise a service restoration time in a number of hours from the failure time; this limits the risk that multiple failures will affect service. Service level agreements (SLAs) often outline provider penalties for failing to meet these availability targets. Availability often varies by link, as carriers may supply multiple links as components of an overall service contract. Since entire networks rarely fail, one WAN link could fail more frequently than others. Though this link may have a lower availability rate, the provider could still meet their contract obligations, their availability numbers bolstered by better performing links. Hence, SLAs should be written on a link by link basis, rather than as an aggregate performance specification

Security Though previously not considered a QoS parameter, the ever- increasing incidence of network break-ins and virus attacks has brought security into light as another important network QoS factor. Several concerns comprise network security issues. Enterprise users want to protect proprietary and business critical data while at the same time allow network users remote access to voice and data applications. Internet call centers must expose corporate resources to everyday security threats while at the same time protecting these same resources from theft or destruction. Some methods used to protect network data include encryption, either public-key or private-key. User authentication methods such as strong passwords, digital signatures, and biometric authentication, used individually or combined, serve to ensure only authorized users access protected resources. Various software vendors, working groups, and professional organizations have devised architectures for insuring data privacy, confidentiality, and validation. One such architecture is IPsec, a standards-based secure IP protocol used to support secure Internet transactions. IPSec can be used in VoIP applications as well. IP packets are marked to identify their security requirements, and all IPSec aware devices recognize and support this header marking. As a part of an overall QoS policy, VoIP network devices can specify that a traffic stream’s packets receive a certain secure treatment across the network. This security policy can carry across both private and public networks

IP Header Features Even though IP is a best-effort protocol, its header can carry information that other protocols can use to provide QoS features.

ToS Field The IP header type of service (ToS) field indicates the QoS desired by a packet’s original source. There is no guarantee that other devices on the network will honor this request.

IntServ The Integrated Services (IntServ) architecture is defined in the informational RFC 1633. IntServ aims to provide predictable and guaranteed services to specific traffic flows, called streams. Before a stream of traffic can flow, the sender and receiver must set up and maintain a path that can support that stream. Each router along the path must provide the requested resources to each defined stream. If a router cannot provide the resources the stream requires, it informs the reservation requester of this fact with an error message. The IntServ network nodes include traffic control functions implemented with traffic classifier, admission control, and sched- uler elements. The traffic classifier maps inbound traffic into classes, based on IP header contents or some other classification value. The admission control element decides if a router can provide the stream its guaranteed QoS. The packet scheduler manages stream queues.

RSVP Resource Reservation Protocol (RSVP), defined in RFC 2205, is used to set up and maintain stream reservations for IntServ archi- tecture networks. When a host needs to reserve network resources for a stream, it uses RSVP messages to request a reservation for those resources RSVP requests resources in one direction, working backward from the destination. When the receiving node requests resources for a stream, those RSVP messages travel from node to node along the stream’s desired path. Each router responds with either an acknowledgment or error message, then passes the resource request to the next-hop upstream router. Once the reservations are in place, each router maintains the stream’s state information for the duration of the connection. An RSVP request may be initiated as the result of an H.323 call’s setup procedure, where the endpoints negotiate the call resources needed to complete the connection.

CBQ Class Based Queuing (CBQ) is a queuing algorithm developed by the Lawrence Berkeley National Laboratory. CBQ divides the available network bandwidth among different traffic

classes. Each class is assigned a queue, and each queue is assigned a portion of the link’s bandwidth. CBQ allows us to classify traffic flows into hierarchies. Each class can be divided up into sub-classes, and each sub-class is given a specific treatment within its parent class. You will recall that we previously discussed DiffServ access control and traffic shaping functions. In our DiffServ architecture’s ingress routers, we classified, metered, and marked inbound traffic flows as in- or out-of-profile according to their class, and provided differentiated services to each flow based on packet markings. CBQ enables us the ability to classify traffic by IP or port addresses, application, or priority (ToS or DSCP). A unique aspect of CBQ is that it shares unused bandwidth between traffic classes. A flow that needs to burst above its assigned flow rate can “borrow” unused bandwidth from other classes. This “bandwidth borrowing” capability would support the traffic burst shaping function previously discussed

COPS As we have seen, many QoS methods assign priorities to traffic flows, but don’t provide a mechanism to manage and enforce those priorities across the enterprise. Common Open Policy Service (COPS) provides this capability. IETF RFC 2748 describes COPS, a client/server model for supporting policy control over QoS signaling protocols, such as RSVP for IntServ and DiffServ PHBs: • The policy repository contains a central database that describes how to handle each inbound flow. This device could be an LDAP server, though this is not specifically defined. • The COPS server is called the Policy Decision Point (PDP), a server where policy decisions are made based on information provided by the central database. The PDP can be a policy management server or workstation. • A COPS client is a device that must enforce policies. The client is called the Policy Enforcement Point (PEP) because it acts on the server’s instructions to apply and enforce policies on the network. The COPS client decides how to handle each flow by requesting information from the COPS server. More than one PDP may query the repository simultaneously. The PEP can be a router, PSTN gateway, firewall, or some other network edge device capable of sending COPS messages to the PDP. For example, on a DiffServ network, the client is the ingress router that performs the admission control and traffic shaping functions. The COPS Network Diagram illustrates a COPS network.

Though specified separately, the PEP, PDP, and policy repository can be located on the same device. A Local Policy Decision Point (LPDP) can also be used, but all policy decisions must reference a single PDP as the final decision authority. The COPS protocol also addresses fault tolerance, by requiring that the PEP and PDP exchange keep-alive messages to verify the connection. If the connection between the PDP and PEP fails, and the PEP can find no backup or alternative PDP, then the PEP can make local decisions. The PEP is responsible for notifying the PDP of any policy changes made under local control while the connection is down.

MPLS Multiprotocol Label Switching (MPLS) aims to speed packet flows across a routed network by assigning each packet a small label tag. This tag represents the packet’s destination IP address, so that interior routers can route packets by the label tag rather than the destination IP address. When an MPLS tagged packet arrives at an MPLS-compatible router, the router reads the tag value and forwards the packet quickly to the next hop. MPLS can interoperate with such QoS architectures as DiffServ. The label tag, attached ahead of the packet header, can represent not just the destination address, but additional packet information such as: • Precedence • VPN membership • RSVP QoS information • The packet’s route, as chosen by traffic engineering (TE) A set of routers within an MPLS network composes an MPLS domain. The MPLS domain routers are called Label Switch Routers (LSRs). On the edges of the MPLS domain are ingress and egress nodes. The ingress node is responsible for assigning a packet to a certain forwarding equivalence class (FEC). An FEC defines a group of packets to which the domain provides a speci- fied treatment. Each subsequent router acts upon the packet’s label rather than the IP header. Labels are locally significant, and change at each hop. The downstream LSRs inform upstream LSRs of label mappings using a label distribution protocol (LDP). Each LSR maintains these mappings in a Label Forwarding Information Base (LFIB). LFIBs serve as packet label routing tables, replacing traditional IP routing tables. The MPLS Domain Diagram illustrates an MPLS network

MPLS can be used in traditional frame-based LANs, such as Ethernet or Token Ring networks, or in cell-switching networks, such as ATM networks. When used in an ATM network, MPLS enables the edge switches to map inbound packets to MPLS labels, which are in turn mapped to ATM cell Virtual Channel Identifier (VCI) or Virtual Path Identifier (VPI) fields. Once mapped, the core ATM switches assign paths to the cells based on the cell label to VCI/VPI mappings. Packets entering an ATM network through the same physical port could potentially be assigned to the same VCI. These packets would carry different types of data, such as routing table updates, network management traffic, e-mail, and voice traffic. The ingress switch would interleave these inbound packets with no regard to their precedence. However, if the ATM switch assigns these packets MPLS labels based on their designated QoS requirements, and in turn maps these labels to different VCIs, the ATM network can carry the QoS requirements of these packets into the cell-switched network

Policy Routing Policy-based routing allows network administrators to specify additional information sources for the routing table and network model. These sources may include information imported from other protocols or information that network administrators statically configure. Such policies can be defined on a router- by-router basis and control routing information advertisements. They define who can talk to whom, who can listen to whom, and what types of information are transmitted and received. Policy-based routing is often part of network security procedures. For example, a network administrator might specify that network information imported from other protocols be included in the routing table and network model, and subsequently shared with outside routers as part of update messages. However, routers with custom security settings and

other private configuration information would share the information only with other routers that share the same security settings.

RED In times of network congestion, Random Early Discard (RED) attempts to maintain the integrity of each traffic flow. It actively manages output queues by randomly dropping inbound packets once the queue reaches a preset level. This forces underlying protocols (TCP, RTP) to initiate lost-packet recovery procedures, which slows the inbound data rate of each flow

WFQ Weighted Fair Queuing (WFQ) algorithms attempt to give each inbound traffic flow fair access (fair queuing) to the outbound port’s available bandwidth. This access can be determined by each flow’s precedence (weighted) as set by the packet header ToS bits or RSVP reservations. Since WFQ assigns a weight to each flow, it is often used to support QoS architectures, such as IntServ and DiffServ. We weight the queues by assigning each one a priority. A higher priority queue receives more of the available bandwidth, while a lower priority queue receives less. However, each queue receives some level of predictable service on the outbound port. This differs from the first-in, first-out queuing that is the default for many network devices. It also contrasts favorably with PQ, that gives high-priority packets absolute network access at the expense of lower priority flows. WFQ does not discriminate based on packet size. In other words, queue A may have three 200-byte packets, while queue B could have two 300-byte packets. If the device gives 600 bytes bandwidth to each queue in turn, then queue A will empty before queue B forwards its packets.

WRED Just as WFQ provides a queue weighting mechanism, Weighted Random Early Discard (WRED) adds weighting to the RED algorithm. WRED attempts to improve on RED by randomly dropping packets from low-priority flows first. If congestion increases, packets are then dropped from higher-priority flows

DiffServ Internet Engineering Task Force (IETF) Request for Comments (RFCs) 2474 and 2475 define basic ways of treating different subsets of a network’s traffic in different ways at OSI Layer 3. For example, some packets might be routed in ways to expedite delivery and minimize delay, while others are routed to minimize loss.

DSCP Code Points The differentiation of these services is provided by a redefinition of the IPv4 Type of Service (ToS) field (called the Traffic Class field in IPv6). Differentiated Services (DiffServ) uses the ToS octet’s bits 0-5 to identify a Differentiated Services Code Point (DSCP), a procedure used to handle packets on a per-hop basis. The DiffServ Modified ToS Field Diagram illustrates the DiffServ octet. The first three bits of the field (bits 0-2) should be standardized across networks. RFC 2474 uses these three bits to define eight class selector codepoints. These 3 bits prioritize the traffic, with larger numerical values having a higher relative order or priority. Bits 3-5 can be used to define specific types of local services. However, these non-standard definitions may not be recognized by devices outside the local network. Bits 6 and 7 are currently unused. As you have learned, 802.1p also defines eight levels of priority. Thus, it is possible to map 802.1p traffic classes to DiffServ DSCPs to match Layer 3 traffic flows

PHB PHB Key DiffServ operational features are Per-Hop Behaviors (PHB). A PHB is a forwarding behavior a node applies to a packet based on that packet’s condition. The packet’s DSCP indicates the particular PHB a packet should receive as it passes from hop to hop.

Standard PHBs The DiffServ architecture standards define several standard PHBs to help assure predictable behavior across DiffServ domains (described later). These are: • Default PHB—Defined in RFC 2474, the default PHB represents no special handling, or the network’s default best- effort service. All DiffServ nodes must support the default PHB, which sets all six bits to zero: 000000. • Class-Selector PHB—Also defined in RFC 2474, the class-selector PHB sets the first three bits of the DSCP field to match the IP packet header ToS bits. This assures backward compatibility in networks where ToS bits are used to represent service classes. DiffServ nodes must support these PHBs where IP precedence bits are used. • Assured Forwarding (AF) PHB—Defined in RFC 2597, the assured forwarding PHB aims to provide assured packet forwarding services across networks. Traffic is assigned to one of four traffic classes. When using the AF PHBs, packets within each class are marked to one of three drop precedence levels. AF assigns resources to each class, and allocates those resources

according to a packet’s drop precedence. AF provides for a total of 12 class-to-precedence pairings. A DiffServ domain’s use of the AF PHB is optional. See RFC 2497 at http://www.ietf.org/rfc/rfc2497.txt for more information on the AF PHBs. • Expedited Forwarding (EF) PHB—Defined in RFC 2498, the EF PHB sets a specific PHB for assignment to a single pre- ferred traffic flow within the DiffServ domain. This preferred flow would be one that absolutely must receive low jitter, low delay, and low loss treatment across the network. By setting the DSCP to ‘101110’, we guarantee that this one flow receives at least the EF PHB-defined bandwidth at each departure point. The EF PHB is frequently used in DiffServ domains with two traffic flow classes, such as real-time voice traffic carried over the same network as non-real-time data. A DiffServ node does not have to support the EF PHB. See RFC 2498 at http://www.ietf.org/rfc/rfc2498.txt for more information on the AF PHBs Custom PHBs A network administrator may use bits 3-5 to define custom DSCPs. However, routers outside of the local network will not necessarily recognize these custom DSCP endcodings that do not terminate in 000 (xxxyyy).

DiffServ Domains In DiffServ terminology, the local network, whether one subnet, an entire Autonomous System, or a collection of Autonomous Systems, composes a DiffServ domain. In the DiffServ domain, all network devices, both on the network edges and intermediate nodes, are configured to recognize and act upon the packets’ DSCPs. A PHB defines the services each node will provide the different traffic flows. PHBs can vary from hop-to-hop, depending on many variables. Each network segment can experience differing conges- tion levels, bandwidth, delay, and jitter conditions, and DiffServ allows us to define per-segment PHBs for each traffic class.

IP Precedence IP provides the capability to assign packets one of eight precedence levels, according to the traffic’s importance. RFC 791 defines the different precedence levels, and how they apply across network boundaries. The RFC leaves it up to the network architec- ture as to how IP precendence is handled. As we have learned, we can map IP precedences to DiffServ DSCPs, and identify flows and streams by this IP header component

Traffic Prioritization As we have discussed previously, a converged network must be able to provide varying types of service, according to the type and urgency of each frame. Thus, it must first be

able to identify the type of traffic each frame contains, and determine the priority of each type of frame. Two new standards work together to identify and prioritize traffic on an Etnernet LAN. First, the 802.1Q standard identifies each frame according to its VLAN membership. Then, the 802.1p standard uses these VLAN identifiers to prioritize real-time traffic over other types of frames.

802.1Q VLAN Standard The 802.1Q specification, published in December 1998, provides a standard definition of Ethernet VLANs and their use in switched networks. The 802.1Q standard strictly defines procedures and protocols for establishing and maintaining VLANs. The uniform rules of the standard simplify, and, in some instances, automate VLAN configuration and management, regardless of which company’s switches and end-station interfaces are used.

The VLAN Tag Each virtually defined workgroup of a VLAN may include individual members scattered across a large, extended LAN or WAN. The 802.1Q specification associates physical devices and ports to each defined VLAN in the network, then maps and shares those associations with other LAN stations

802.1Q does this by adding a 2-byte VLAN tag, or identifier, to each frame. The tag identifies the virtual workgroup to which the frame belongs, and includes priority and QoS information. With its 12-bit VLAN identifier, 802.1Q can support thousands of VLANs across switch trunks and 802.1Q-capable routers. Tagging provides the necessary information for switches to com- municate and create the VLAN. Tagging also enables a more com- prehensive set of control functions than has been possible through proprietary VLAN frameworks. With an identifier in each frame, VLAN membership, priority, and QoS are highly manageable. The 802.1Q VLAN Tag Format Diagram illustrates this concept.

802.1Q defines two tagged frame types: a VLAN-tagged frame and a priority-tagged frame. A priority-tagged frame sets the first three tag bits to identify the frame’s priority. A VLANtagged frame sets the tag’s last 12 bits to represent VLAN membership information. The three tag priority bits allow any one of eight priorities to be assigned to a specific packet. The 802.1p standard defines the eight priorities from highest to lowest (note that priority 0 is higher than priority 1): • 7—Network management traffic • 6—Voice traffic with less than 10 milliseconds (ms) latency • 5—Voice traffic with less than 100 ms latency • 4—Controlled load traffic (mission critical data applications) • 3—Traffic meriting extra effort by the network for prompt delivery (such as an executive’s electronic mail [e-mail]) • 2—Reserved • 0—Traffic meriting the network’s best effort for prompt delivery (the default priority) • 1—Background traffic such as bulk data transfers and backups

802.1Q as an Architecture VLAN operation now includes workable guidelines for multivendor networks, allowing consistency in membership assignment, activity, and administration. The architecture of 802.1Q specifies three levels of operation: • Relay, or forwarding of frames, based on the two-byte VLAN tag. This smaller 802.1Q “footprint” compares favorably to such vendor-specific VLAN tagging techniques as Cisco System’s (Cisco) Inter-Switch Link (ISL) protocol, which increases the original frame’s size by 30 bytes by encapsulating the frame with an ISL header and a 4-byte frame check sequence (FCS). The ISL protocol frame encapsulation causes non-ISL-aware devices to reject these frames as invalid. • Explicit sharing of VLAN information and exchange of topology information. • Uniform VLAN management and flexible VLAN configuration.

802.1Q Protocols 802.1Q frame tagging is key to uniform sharing of VLAN information among switches in the network. The standard uses several specialized protocols to do this, enabling creation of VLAN configurations by propagating information between switches and end stations throughout an Ethernet network. Other protocols provide information about multicast traffic for traffic containment and efficiency:

• Generic Attribute Registration Protocol (GARP) uses tags to propagate topology information among switches and end stations. • GARP VLAN Registration Protocol (GVRP) is the means by which VLANs themselves are configured, in some cases automatically. Using this protocol, stations request admission to specific VLANs. Membership in a VLAN is determined by a network management or policy system. GVRP helps simplify the administration of VLANs by handling registration of end stations with Ethernet switches and maintaining current information about membership GVRP may be used in end stations and switches. When the protocol is used between end stations across a large network, some switches may not be GVRP-aware; therefore, GVRP information exchanged between end stations is transparent to the intermediary device. In other cases, the intermediary switch recognizes GVRP. In this context, GVRP embedded in VLAN-aware switches may be integrated with a network management console and policy server. This simplifies tracking VLAN additions and departures. • GARP Multicast Registration Protocol (GMRP) is used to create and change multicast groups dynamically. • Internet Group Management Protocol (IGMP) broadcasting is used with Distance Vector Multicast Routing Protocol (DVMRP) to build routes for delivery of multicast messages.

802.1p Traffic Prioritization Standard With more and more networks moving to the speed and simplicity of Layer 2 switching, the IEEE 802.1p standard provides an easy and effective method for prioritizing LAN traffic. Developed by IEEE, 802.1p supports priority transmission of time-critical information in a LAN environment.

Priority Tags and Traffic Classes While Token Ring and FDDI frames have defined priority fields, Ethernet does not. Therefore, the 802.1p standard recommends use of 802.1Q VLAN tags to prioritize Ethernet frames. As we just discussed, VLAN tags are two-byte headers that identify each frame’s VLAN, type of traffic, and priority. As we can see in the 802.1Q VLAN Tag Diagram, three bits of the tag identify the priority level of each frame Because three bits can define eight values, 802.1p defines eight traffic classes. These traffic classes and their associated traffic types are listed in the 802.1p Traffic Classes Table. Traffic Class (Priority)

Tag Value (Binary)

Traffic Types

7 6

111 110

Network control Interactive voice

5 4 3 2 1 0

101 100 011 010 001 000

Interactive multimedia Controlled load app Excellent effort Spare Backgroud Best effort

How 802.1p Prioritizes Traffic The first step in prioritizing traffic is to assign a traffic class to each type of frame. Traffic prioritization policies are centrally configured and administered through management software. After a tagged frame is transmitted onto a network, 802.1p-compliant switches recognize the traffic class value and forward the frame according to its priority. To do this, the switches must have multiple queues implemented in hardware. Lowerpriority traffic is buffered in a lower-priority queue, while higher-priority traffic passes through the higher- priority queue. Therefore, switches with only one queue cannot effectively implement prioritization. Given the increasing speed of networks, two queues (one for business-critical and timesensitive traffic, and the other for best- effort and background traffic) are generally sufficient to ensure high QoS for applications that need it

Mapping 802.1p Traffic Prioritization to IP and ATM Networks By definition, 802.1p is intended for packet-based Layer 2 LANs. In WANs and the Internet, IP has a defined Type of Service (ToS) priority field. Originally intended for network administration traffic, this field has been relatively unused. ATM, with its connection-oriented technology, offers the ultimate in traffic prioritization and guaranteed QoS. In most instances, however, ATM is used as a backbone technology with Ethernet, Fast Ethernet, or Gigabit Ethernet deployed at the edge for connectivity to desktops and servers. To prioritize mission-critical and time-sensitive traffic across these backbone networks and WANs, 802.1p traffic classes must be converted to the corresponding IP or ATM CoS. For example, the IETF Integrated Services (IntServ) working group is defining the crossclassification mapping of DiffServ codepoints to 802.1p traffic classes. Meanwhile, other technical working groups are developing techniques for mapping 802.1p to ATM connection services.

Using QoS to Optimize Voice Quality in VoIP Networks Quality of Service (QoS) is the ability of a network to provide better service to selected network traffic using various technologies. You must plan for QoS by deploying features

that apply these technologies throughout your network. One of the most important things is QoS must be configured throughout the entire network to improve your network’s performance. Using QoS with Voice over IP (VoIP) will allow you to grant priority service to voice as well as servicing the data side with the priority that is specified. By utilizing QoS for the Voice you can implement reliability, predictability and eliminate poor quality voice transmissions. Through the use of packet classification you can mark specific traffic which effectively partitions your network traffic into different levels. This classification is accomplished when you add a tag to the IP Precedence/ Differentiated Services Code (DSCP), source and destination IP addresses and you can classify packets using access control lists, policy- maps, and similar techniques Any network carrying voice traffic also carries data which shares a path through the network. This interaction will have an affect the application performance which can lead in possible congestion and packet loss. Congestion is the direct result of a sustained overload of traffic which requires you to finds methods that will control congestion once it occurs, and then allow you employ strategies that will use some sort of queuing features such as those using the CISCO IOS as follows: • Weighted Fair Queuing—This applies priority to identified traffic to classify traffic into conversations and determine how much bandwidth each conversation is allowed relative to other conversations. WFQ classifies traffic into different flows based on such characteristics as source and destination address, protocol, and port and socket of the session. • Class-Based WFQ (CBWFQ)—CBWFQ extends the standard WFQ functionality to provide support for user-defined traffic classes. It can specify the exact amount of bandwidth to be allocated for a specific class of traffic. Taking into account available bandwidth on the interface, it can configure up to 64 classes and control distribution among them. • Priority Queuing - WFQ (IP RTP Priority Queuing) (PQWFQ)The IP RTP Priority feature provides a strict priority queuing scheme. This allows delay-sensitive data such as voice to be dequeued and sent first, before packets in other queues are dequeued. This feature can be used on serial interfaces and Frame Relay permanent virtual circuits (PVCs) in conjunction with either WFQ or CBWFQ on the same outgoing interface. In either case, traffic matching the range of UDP ports specified for the priority queue is guaranteed strict priority over other CBWFQ classes or WFQ flows; packets in the priority queue are always serviced first. The Frame Relay IP RTP Priority feature provides a strict priority queuing scheme on a Frame Relay PVC for delay- sensitive traffic such as voice.

Voice traffic can be identified by its Real-Time Transport Protocol (RTP) port numbers and classified into a priority queue configured by the frame-relay ip rtp priority command. The result of using this feature is that voice is serviced as strict priority in preference to other non-voice traffic • Low Latency Queuing (LLQ)—LLQ provides strict priority queuing on ATM virtual circuits (VCs) and serial interfaces. This feature is able to configure the priority status for a class within CBWFQ, and is not limited to UDP port numbers as well as IP RTP Priority. LLQ and IP RTP Priority can be configured at the same time, but IP RTP Priority takes precedence

Network Performance Issues An intimate knowledge of network design issues can increase the quality of voice calls over a packet-based network. There is a multitude of issues that can affect throughput on a network. When packets are delayed by congestion or slow routing protocols, delay or latency will reduce the quality of the voice call. Propaga- tion delay describes the time taken by a signal to pass through the media whether that is copper, fiber, or wireless. Each device along the path from speaker to listener introduces handling delay. Han- dling delay may be caused by the encoding/decoding of analog speech to a digital stream, or by the size of each created packet. Queuing delay is based on how long it takes for a packet to leave the device that created that packet. Packets may sit in the queue due to network congestion. Jitter is a variation in the delay of packets. Say one packet is sent every 20 milliseconds; these packets which were sent together arrive at different times. The delta time between when a packet is expected to arrive and when the packet actually arrives is called jitter. Pulse Code Modulation (PCM) converts analog sounds, like your voice, into a digital stream. This stream is created by sampling your voice 8,000 times each second. By applying the Nyquist theorem, and sampling at twice the rate of the highest frequency a voice quality sample will be created. Since the human voice range is 300 to 3,400 – about twice 3,400 is 8,000 samples per second. Voice compression is applied to a voice stream in North America by applying the u-law logarithmic compression algorithm. Other countries use the a-law algorithm. The u-law algorithm works slightly better for low-level signal-to-noise reduction. If making an international call from u-law territory to a-law territory, it is the job of the u-law country to make the conversion. Echo is when the speaker hears their own voice delayed on the phone line. Delays of more than 25 milliseconds are intrusive and should be avoided by setting echo cancellation. Echo is removed by the local router which stores an inverse image of the speaker’s speech pattern to lay over and cancel the sounds coming back from the remote speaker’s phone.

Packet loss is expected and part of the original design of Ethernet networks. Packet loss can be mitigated by giving precedence to time sensitive traffic over standard data packets Voice activity detection Digital-to-analog conversion Tandem encoding Transport protocols Dial-plan design

Voice Quality Packet telephony is a lot like a motion picture: the illusion of a continuous voice signal can be maintained only so long as voice packets arrive promptly and at a constant rate, just as a movie’s individual frames roll off a projector reel. Although cheap Internet telephones have unfairly given packet telephony a bad name, it is true that transmission delays across the packet-switched network can hurt voice quality. These delays cause annoying gaps in a conversation, and may be introduced at a number of points. It takes time to convert a voice signal from analog to digital. Voice compression algorithms increase this delay, requiring large voice stream samples before they can compress and packetize voice signals. A similar delay occurs when the remote end converts the digital signal back to analog. A packet needs time to move through the network, especially if it is relayed through multiple router hops. This propagation delay remains minimal as long as the packet remains on a LAN equipped with wire-speed switches. However, speed disparities at the LAN/ WAN edge interfaces can create considerable queuing delays. It also takes time for a device to accumulate enough voice samples to efficiently fill a packet. RFC 879 defines a default IP packet size of 576 bytes. Codecs sample voice intelligence once every 1/8000th of a second, or every .125 ms, and represent each sample with 8 binary bits. To fill the data portion of this default IP packet, we would need 556 bytes x .125 ms/byte = 69.5 ms.The shorter the packet, the shorter the packetization delay. However, too short a packet results in high packet overhead. Hence, we need to weigh packetization delay against packet overhead to come to an agreeable compromise. Jitter

The variability of delay, also called jitter, creates a more trouble- some problem than packetization delay. Traffic conditions on the backbone network, such as head-of-line blocking or serializa- tion delay, primarily cause jitter delays. For example, if we treat all packets arriving in a switch (or router) with the same priority, a voice packet can get stuck in the queue behind other, less timecritical packets; the next voice packet traversing the network might not incur the same delay. The result is an accordion effect; several packets may arrive over a large time interval, or conversely, a clump may arrive all at once. Without appropriate design, jitter can wreak havoc on a telephone conversation. Jitter buffers, which store a string of packets, can smooth out the packets’ arrival rate; however, jitter buffers introduce additional delay. Voice Compression The default voice digitization rate is the Pulse Code Modulation (PCM) voice rate of 64 Kbps. The simplest way to reduce the bandwidth required to transmit digitized voice is to use voice compression. Voice compression does not actually work on the voice signal but compresses the digitized voice signal by removing redundant character strings in the digital character stream.

Latency Network latency becomes obvious to the callers on a VoIP con- nection when the round trip delay is more than 250 milliseconds. The ITU-T recommends unidirectional, end-to-end latency never exceed 150 milliseconds, from caller to listener. If latency is too excessive, one caller will sense the pause created by the network as a pause created by the other caller and both callers will begin to speak.

Latency is a delay in packet delivery. Latency may be caused by many factors: length of the media, number of routers between callers, encryption delays, voice encoding/decoding, or any other delays on the transmission network.

To reduce latency, each endpoint and all intermediate network devices should be optimized for throughput in the jitter buffers, packet sizing, and configured with appropriate QoS levels.

Packet Loss Most network end stations can accept or recover from an occa- sional lost packet. The human ear is not so tolerant, and unless the network employs specific countermeasures, such as forward error correction or error concealment, users will hear annoying gaps and clicks. Whether a user can perceive this effect depends on the packet loss rate and compression algorithm used. The higher compression schemes are less forgiving. The effect of delays on a voice conversation is not noticeable until it exceeds 500 ms. At that point, the user will perceive that there is a delay occurring. In IP telephony, the use of jitter buffers as a part of the communication link can store and forward the message one delivery packet at a time, and reduce the perceived delay. Packet delays cause gaps in the conversation, and may require the listener to request that the sender repeat information previously sent. Because voice traffic is real-time traffic, network engineers must work to limit these combined voice network component delays to the maximum acceptable end-to-end (oneway) delay of under 200 ms

Port Settings Firewalls may block specific ports or a range of ports to disallow traffic in or out of the network. By default network administrators want to block as many ports as possible to reduce the risk of intrusion. For VoIP to operate, a pair of UDP or TCP ports must be opened. The first even number is opened for the voice traffic; the very next odd numbered port is opened for control of that voice traffic. Enabling ports to allow VoIP to pass through the firewall opens a huge range of port numbers starting with 1024 and moving, if given the chance, two at a time all the way to 65,535. Each call opens another set of ports. Several firewall vendors offer a dynamic firewall solution. This solution only opens ports on demand and closes the ports back down when the voice call is terminated. Example ports that must be opened on the firewall for some VoIP applications include: For Microsoft Netmeeting and others using H.323 TCP port 1720 (H.225 call signaling for hosts) TCP ports 11000 to 65535 (H.245 capability exchange) UDP ports 16384 to 32767 RTP audio stream) For http://www.callserve.com over H.323 UDP port 1719 for signaling

TCP port 1720 for signaling UDP ports 5000 to 65535 for the RTP audio stream For Session Initiation Protocol (SIP) UDP port 5060 for SIP signaling TCP port 5060 for SIP signaling UDP ports 16384 to 32767 for the RTP audio stream For http://www.skype.com “Ideally, outgoing TCP connections to all ports (1 to 65535) should be opened. ” Or, “open up outgoing TCP connections to port 443. ” Or, “open up outgoing TCP connections to port 80.”

Bandwidth Bandwidth refers to the raw data carrying capacity of a particular carrier technology. For example, a T1 circuit carrying several frame relay permanent virtual circuits (PVCs) provides a bandwidth of 1.544 Mbps. The individual PVCs provide some bandwidth up to the T1 port’s maximum physical bandwidth. In any network, whether voice or data, bandwidth is a primary QoS concern. As network traffic grows, so does bandwidth utiliza- tion. As bandwidth utilization increases, throughput decreases. At some point, even the common practice of “throwing bandwidth at the problem” reaches its practical limits, and so we are forced to address bandwidth limitations in our network designs. In converged networks, voice traffic must often contend with bursty data for scarce network bandwidth. Bursty traffic, if uncontrolled, can monopolize the network’s bandwidth. Hence, we must use QoS techniques such as admission control and traffic shaping to control and buffer bursty traffic entering and traversing our networks. Voice codecs require a minimum amount of bandwidth to operate. The G.711 Codec defines 64 Kbps PCM voice encoding and requires at least 64 Kbps of bandwidth. If we try to push PCM encoded voice calls across a link with insufficient bandwidth, the call will fail. Data applications will generally perform better if given more band- width; they are said to be bound by the network’s bandwidth, or bandwidth bound. Voice applications, on the other hand, do not perform any better if given more bandwidth than the application requires. Voice application performance is bound to the network’s delay; that is, once given enough bandwidth to enter the network, the network delay decides how well they perform. Delay is not determined by network bandwidth alone, but also by network component and link performance.

Network Capacity Baselining

Traffic baseline measurements serve as a rough guide for the more exact process called baselining. Baselining (also called benchmarking) documents the performance of a network by measuring its capacity and standard operating efficiency. These measurements can identify long-term trends in network operations and their impact on network performance. Baselining can be used with traffic estimation numbers or as an alternative to estimates since you are capturing what is really happening on the network. Taking baseline measurements requires special monitoring equipment and applications. Because both of these are expensive, many small companies skip this step and rely on estimates alone. However, whenever possible, it is best to use both estimating and baselining Tools for Testing Activity If you have an existing LAN, you can probably get detailed reports from the network operating system (NOS) vendor as to the theoretical capacity of the NOS. Many NOSs run these reports as Value Added Processes (VAPs). Another traffic measurement tool is a protocol analyzer or packet capture program such as Network General Sniffer®, Hewlett-Pack- ard’s LAN Advisor, Novell’s LANalyzer or the free WireShark/ Ethereal package. Each software package records traffic over a given period of time. You can also purchase LAN software emulation packages that monitor networks from a PC. These packages provide tools for: •

Network mapping

•

Physical network management

•

Network design

•

Network planning and simulation

Design and Modeling Tools Design tools model the behavior of a LAN under a given load. They provide an accurate picture of a LAN’s performance, given a certain number of users, applications, and telecommunications links. Some tools include application profiles that estimate traffic generated by specific applications. They may also have user librar- ies that contain performance profiles for various pieces of equip- ment, such as bridges and routers. These profiles can be plugged into the model without doing a lot of research, and can provide a reasonable estimate of the device’s throughput and latency. Many networking products also have built-in capabilities to determine CPU utilization against network traffic. Purchasing or renting sepa- rate design tools is expensive. However, if you need an engineered network with high reliability, the cost of failure far outweighs that of the tool. Simulation and Testing Tools

LAN traffic simulation packages (as well as Network General’s Sniffer® and HewlettPackard’s LAN Advisor) can generate actual LAN test traffic. By varying the size and frequency of the traffic, the effect on the LAN is measured. Progressive degradation of LAN performance can be gauged as a function of client activity using just a few PCs. Activity of each LAN device (server, bridges, routers, etc.) can be monitored to determine the delay within each component. One client can simulate many workstations.

Network Capacity Baselining A network baseline is a snapshot of activity and performance that can provide proactive insight about the performance of a network. It is a measurement that can be taken periodically over time, or while interesting network activity is observed, such as high bandwidth utilization. A separate baseline should be run on each individual subnet, WAN link, and the network backbone, forming a collection of baselines for the entire network. A baseline should not be taken at any specified regular interval. A baseline taken at the same specified interval or time of day has the potential of lending the same results over time. It is better to baseline each subnet of a network at random times throughout the normal business day. The following pages describe steps necessary to baseline a network. The examples use Network General’s Sniffer®, an anlaysis tool used in the management of local and wide area networks. Examples include baseline screen shots for reference. Packet Capture Functions NG Sniffer® is a popular tool for measuring LAN activity. It is available in various forms, from a freestanding hardware unit to a software only tool that can be installed on a PC (laptop, other portable, or client/server platform). A device that runs Sniffer® software (dedicated hardware or PC) must be purchased with a proprietary NIC that is compatible with the network topology being analyzed.