14
VocalTec Architecture A Standards-based Platform for IP Telephony __________________________________________________________________________________ VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001

VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

  • Upload
    others

  • View
    6

  • Download
    0

Embed Size (px)

Citation preview

Page 1: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec ArchitectureA Standards-based Platform for IP Telephony

__________________________________________________________________________________

VocalTec VOIP Virtual Private

Network

White PaperRelease 1.4

January 2001

Page 2: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 1 03/14/01

Information in this document is subject to change without notice. This document may not bereproduced or transmitted in any form or by any means without the express written permissionof VocalTec Communications Ltd.

© 2001 VocalTec Communications Ltd. All rights reserved.

VocalTec®, VocalTec Gatekeeper, VocalTec Telephony Gateway and VocalTec NetworkManager are trademarks or registered trademarks of VocalTec Communications Ltd.All other trademarks are the property of their respective owners.

VPN White Paper, 3rd edition – January 2001

HeadquartersIsrael2 Maskit streetHerzeliya 46733IsraelTel: 972-9-970-7800Fax: 972-9-956-1867

Europe, Middle East and AfricaItalyVia Cassia 108100148 RomeItalyTel: 39-06-302-60311Fax: 39-06-302-60312

Asia and Pacific RimHong Kong (HQ)Suite 2001, 20/F, Tower 1Lippo Centre, 89 QueenswayAdmiralty, Hong KongTel: 852-2530-0452Fax: 852-2801-4555

AmericasUSAOne Executive Drive, Suite 320Fort Lee, NJ 07024-3393USATel: 1-201-228-7000Fax: 1-201-363-8986

France91 rue du Faubourg Saint-Honoré75008 ParisFranceTel: 33-1-4471-3666Fax: 33-1-4471-3696

AustraliaLevel 21, Suite 34, Tower 2201 Sussex StreetSydney 2000, NSWAustraliaTel: 61-2-9006-1310Fax: 61-2-9006-1010

GermanyAugust-Bebel-Allee 6D-53175 BonnGermanyTel: 49-228-30887-20Fax: 49-228-30887-11

ChinaSuite 815, Beijing Silver TowerNo. 2 San Huan North RdChaoyang District, Beijing 100027,ChinaTel: 86-10-641-07140Fax: 86-10-641-07143

SpainBendicion de Campos, 828036 MadridSpainTel: 34-91-350-6633Fax: 34-91-350-7014

JapanTakanawadai Green Bldg 7F4-6-6 Higashi GotandaShinagawa-ku, Tokyo 141-0022JapanTel: 81-35-791-1405Fax: 81-35-791-1406

UKTel: 44-1372-723622Fax: 44-870-1315771

Singapore180B Bencoolen Street# 07-04 The BencoolenSingapore 189648Tel: 65-238-2415Fax: 65-238-8230

email: [email protected]://www.vocaltec.com

Publication number: VTWP- VPN -01-2001-V3-R1-E

Page 3: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 2 03/14/01

ContentsContentsContents ..........................................................................................................2

Introduction.....................................................................................................3

Target Market......................................................................................................................... 3

VPN System Solution ......................................................................................4

VPN Features...................................................................................................5

Private Numbering Plan ......................................................................................................... 5

Routing Services .................................................................................................................... 5

Routing Options ..................................................................................................................... 5

Security .................................................................................................................................. 6

Centralized Management ....................................................................................................... 6

Accounting and Customer Care............................................................................................. 6

VPN Network Topology ...................................................................................7

VPN Call Modes ...............................................................................................8

On-net to On-net .................................................................................................................... 8

On-net to Off-net .................................................................................................................... 9

Off-net to On-net .................................................................................................................. 11

Off-net to Off-net .................................................................................................................. 12

Glossary.........................................................................................................13

Page 4: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 3 03/14/01

IntroductionIntroductionVoice Over IP (VOIP) Virtual Private Network (VPN) is a service that provides itssubscribers with a "virtual" private VOIP network that runs on top of a shared IP network,typically managed by the service provider. All subscribers who share the same VPN cancall each other seamlessly (either while on the private network or from off the network) asthough they were talking on a totally private network.

Please note that the term VPN may be used in other contexts, such as IP-VPN for basicdata-over-IP services, and Voice VPN for PSTN based private networks. In this documentthe term VPN will refer solely to the concept of Voice Over IP (VOIP) VPN. VPN enablesdecreased costs on international calls, convenience in LDCs and international calls andconvergence with other applications and services, and provides a cost effective andfeature rich alternative to traditional PSN circuit switched based voice VPNs.

The VOIP-VPN solution can also serve as a platform for additional business-orientedservices, including Web-based 1-800, Web-enabled Call Centers and support for PCendpoints.

Target MarketPotential customers who may benefit from this service include:

• Internet Service Providers (ISPs)

• Internet Telephony Service Providers (ITSPs)

• Telecommunications Companies (Telcos)

• Clearing Houses (“ITXCs”)

Business-oriented ISPs and Telcos who already provide IP VPN services can easilyextend their service offerings to include VOIP-VPN.

Page 5: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 4 03/14/01

VPN System SolutionVPN System Solution The Voice Over IP (VOIP) VPN system solution is based on the VocalTec architecture.The VocalTec architecture combines all the software and hardware elements required tobuild the infrastructure for global IP telephony networks. It provides a scaleable, ITU-TH.323 standards-based multi-service platform.

The VOIP VPN solution enables a single service provider to offer private Voice over IPVPN services to multiple corporate customers on top of the same IP and VOIPinfrastructure. See Figure 1 below.

Company 2 Branch

Carrier NOC

Company 1 Branch B

Company 1 Branch A Company 3 Branch B

Company 3 Branch A

CPE VoIP GatewayIP WAN

Carrier VoIPGateway

Carrier POP Carrier POP

LAN

Figure 1. Distributed VPN Configuration

Figure 1 illustrates three separate company VPNs, connected to the carrier’s VOIP VPNNetwork. The solution supports multiple VPN dialing plan configurations. Systemcomponents include:

• VocalTec gatekeeper (VGK) - intelligent IP telephony control server, providingaddressing, routing, and system security

• VocalTec Network Manager (VNM) - network management workstation, used tocentrally manage and monitor all the VocalTec architecture components.

• VocalTec Telephony Gateway Series 120 (VGW 120)

• VocalTec Telephony Gateway Series 2000 (VGW 2000)

The VOIP VPN solution based on the VocalTec architecture is currently interoperable withthe following gateways: Cisco 3600, Cisco 2600, Cisco AS5300, Cisco AS5800, CiscoAccessPath

Page 6: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 5 03/14/01

VPN FeaturesVPN Features The basic features for a VPN service based on the VocalTec architecture are as following:

Private Numbering Plan

Short Numbers

VPN is implemented through the use of dialing plans, associated to PBX extensionnumbers in an organization. This enables calling between different corporate branches(intra-organizational), using PBX extensions (e.g., xxxx).

In configurations where a single gatekeeper manages several VPN dialing plans withextension numbers in the same ranges, the extension numbers may be preceded by aprefix (single digit or other short branch prefix) in order to distinguish between the phonenumbers. (“Virtual Prefix”).

Multiple VPN Support

A single gatekeeper supports multiple VPN dialing plans. This is required in configurationsused by service providers supporting multiple VPNs and inter-organization VPN support.All dialing plans are configured within the gatekeeper’s dialing plan.

Routing Services

Phone to Phone

Phone to Phone is the first VocalTec architecture service for VOIP VPN. Pure VPN callsare calls targeted from one office to a remote office using a short numbering plan basedon extension (and possibly branch, organization) numbers.

The same underlying VOIP infrastructure is used for switching calls that may be originatedor terminated at a PSTN phone number (not involving PBX at one or both ends).

Routing Options

PBX Call Recognition

VPN calls that are originated behind a PBX are identified by the PBX as VPN calls. VPNcalls are routed, by the carrier’s gatekeeper that is providing the organization’s VPNservice, to the gateway that terminates the call.

Prefix permissions & restrictions

Dialing plan numbers allow E164 prefix permissions and restrictions in the same manneras ordinary telephony prefixes.

Desktop to Phone

VocalTec Internet Phone Lite, a PC application, can be used to place VOIP VPN callsfrom a PC to a PBX extension belonging to you organization. This is achieved byassociation of the subscriber to the specific VOIP VPN.

Page 7: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 6 03/14/01

Security

Authentication

Access to network resources is authenticated by the gatekeeper.

Calls that are originated off-site need authentication. The gatekeeper recognizes thesubscriber’s organization and links to the correct dialing plan. In cases where the gatewayis owned by the organization, it is possible to link the originating gateway to the properdialing plan, without having to individually associate each user to his/her organization.

Authorization

The gatekeeper controls the different services and routing options used by differentsubscribers and subscriber groups.

Only users associated with a VPN have access to the VPN.

Centralized Management VPN-specific remote management, using VocalTec Network Manager, includes:

• Remote VPN dialing plan management.

• Configuration management

• Authorization profiles configuration

Accounting and Customer Care Integrated billing systems are supported via VocalTec’s AAA API.

The following features are supported:

• CDR tracking (the call’s CDR contains an indication of the call’s VPN identification).

• User profile definition

• Credit / Debit billing

Page 8: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 7 03/14/01

VPN Network TopologyVPN Network Topology Figure 2 illustrates a VPN network set up for a company distributed across four mainbranches (Points of Presence at London, Bogota and Amsterdam and the carrier’sNetwork Operating Center at Tokyo). The solution is based on interoperability with CiscoGateways.

VocalTecGatekeeper

Billing System

London Branch Tokyo NOC

Bogota BranchAmsterdam Branch

VocalTec NetworkManager

Carrier POP

IP WAN

Figure 2. VPN Configuration and Call Procedure

The VPN configuration supports the following call modes:

• On net to On Net – intra-organizational calls between two callers on the same VPN

• On net to Off Net – calls from an organization that terminate outside the company’sVPN (in the PSTN).

• Off net to On Net – calls from outside the company’s VPN (from the PSTN) thatterminate within the VPN.

• Off net to Off Net – calls from outside the company’s VPN (from the PSTN) thatterminate off net (in the PSTN).

These call modes are explained in more detail below.

Page 9: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 8 03/14/01

VPN Call ModesVPN Call ModesOn-net to On-net

In a distributed corporate environment where each location has its own PBX and agateway connected to it, a caller from one location can call the PBX extension in a secondlocation seamlessly, despite the fact that they are geographically remote, using differentPBXs and connected only via IP.

(1) (2)

(3)

(5) (6) (7)

Company Branch A Company Branch BPSTN

PSTN

Carrier NOC

(4)

IP WAN

Figure 3. On-net to On-net

A caller from Branch A in the company’s VPN calls seamlessly to a number at Branch B.

1. The on-net caller dials the on-net extension number, including the necessary gatewayaccess code (e.g., 5212, where 5 is the gateway access code and 212 is therequested extension).

2. The PBX transfers the call to the gateway (e.g., 212).

3. The gateway sends a call setup request (H.225 ARQ) to the carrier’s gatekeeper atthe Network Operating Center (NOC).

4. The gatekeeper checks to see if the number is authorized. The gatekeeper authorizesthe call and returns an authorization token to the gateway, together with a list ofgateways that can terminate the call.

5. The originating gateway makes a call setup (H.225) with the first terminating gatewayon the list and transfers the call.

6. The gateway passes the call on to the switch.

7. The call is transferred by the switch to the requested extension number (e.g., 212).

Page 10: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 9 03/14/01

Remote On-net to On-net

A variant of on-net to on-net, this mode reduces the need for CPE gateways at each VPNbranch. This is a good starting point for a service provider, since it does not requirepurchasing gateways. At a later stage, the enterprise can upgrade their network, bypurchasing the necessary CPE gateway.

This mode is a hybrid between on-net to on-net and off-net to on-net. The carriergateways provide the VPN service to more than one VPN. Based on the VPNs associatedwith the carrier gateway, the gateway maps an abbreviated dialed number to an E.164number, and then dials this remote number via the PSTN.

(1) (2)

(3)

(5) (6) (7)

Company Branch A Company Branch BPSTN

PSTN

Carrier NOC

(4)

IP WAN

Figure 4. Remote On-net to On-net1. The remote on-net subscriber dials the necessary gateway access code and the remote

PBX extension number. (e.g., 5212, where 5 is the gateway access code and 212 is therequested extension).

2. The subscriber is connected to the carrier gateway over the PSTN, via the PBX andenters user credentials, if requested,

3. The gateway sends a call setup request (H.225 ARQ) to the carrier’s gatekeeper at theNetwork Operating Center (NOC).

4. The gatekeeper checks to see if the VPN number is authorized. The gatekeeperauthorizes the call and returns an authorization token to the gateway, together with a list ofgateways that can terminate the call.

5. The originating gateway makes a call setup (H.225) with the first terminating gateway onthe list and transfers the call.

6. The remote gateway dials to the PBX over the PSTN, using the full E.164 number (e.g., 1-201-2282-212).

7. The call is transferred by the PBX to the requested extension (e.g., 212).

Page 11: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 10 03/14/01

On-net to Off-netA caller from a corporate location can call to external, regular PSTN numbers, either byusing a gateway provided by the carrier or by using the company’s own corporategateway, which may be connected through the PBX to the PSTN. The caller cannot exit tothe public domain through the gateways of another VPN. For off-net termination, the localdomain may use inter-domain resources to extend the dialing plan; i.e., a carrier that hasinter-domain relationships with other carriers may offer termination to its local VPN locatedin remote domains – in the same manner it may provide general usage gateways.

The caller dials normally as when calling a regular PSTN number via the PBX.

On-net

Off-net

(1) (2)

(6)

(7)

(3)

(5)

Carrier NOC

(4)

PSTN

IP WAN

Figure 5. On-net to Off-net

Off-net calls can be made both via the company’s own gateways and PBXs or via thegateways deployed by the carrier itself at various points of presence on its network.

1. The on-net caller dials the off-net telephone number (e.g., 228-700).

2. The PBX transfers the call request to the gateway.

3. The gateway sends a call setup request (H.225 ARQ) to the carrier’s gatekeeper atthe network Operating Center (NOC).

4. The gatekeeper checks to see if the number is authorized. The gatekeeper authorizesthe call and returns an authorization token to the gateway.

5. The originating gateway transfers the call to the terminating gateway.

6. The terminating gateway transfers the call to the PSTN CO.

7. The call is transferred by the CO to the requested off-net number (e.g., 228-700).

Page 12: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 11 03/14/01

Off-net to On-netA caller from the regular PTSN can call a PBX extension that belongs to his/her own VPN(identified by the user’s VPN ID in their database record). The caller from PSTN dials thedirect PBX extension of the called number.

(1) (2)

On-netOff-net

PSTN

(6) (7)

(3)

(5)

Carrier NOC

(4)

IP WAN

Figure 6. Off-net to On-net

1. The off-net user dials the gateway access number and enters his/her user name andpassword in response to an IVR prompt. The gatekeeper verifies that the user isassociated with the VPN. The user then dials the on-net extension number (e.g., 212).

2. The CO transfers the call to the carrier’s gateway.

3. The gateway sends a call setup request (H.225 ARQ) to the gatekeeper. The gatekeeperchecks to see if the number is authorized.

4. The gatekeeper authorizes the call and returns an authorization token to the originatinggateway.

5. The originating gateway transfers the call to the terminating gateway.

6. The terminating gateway transfers the call to the PBX.

7. The call is transferred by the PBX to the requested on-net extension (e.g., 212).

Page 13: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 12 03/14/01

Off-net to Off-netA caller from an off-net location on the PSTN can call to a regular PSTN number, either byusing a gateway provided by the carrier or by using the company’s own corporategateway, which may be connected through the PBX to the PSTN. For off-net termination,the local domain may use inter-domain resources to extend the dialing plan; i.e., a carrierthat has inter-domain relationships with other carriers may offer termination to its localVPN located in remote domains – in the same manner it may provide general usagegateways.

Off-net

(6)

(7)

PSTN

(3)

(5)

Off-net

Carrier NOC

(4)

(1) (2)

PSTN

IP WAN

Figure 7. Off-net to Off-net

1. The off-net user dials the gateway access number and enters his/her user name andpassword in response to an IVR prompt. The gatekeeper verifies that the user isassociated with the VPN. He/she can then dial the off-net destination number (in this casean E.164 number e.g., 228-700).

2. The CO transfers the call to the carrier’s gateway.

3. The gateway sends a call setup request (H.225 ARQ) to the gatekeeper. The gatekeeperchecks to see if the number is authorized.

4. The gatekeeper authorizes the call and returns an authorization token to the originatinggateway.

5. The originating gateway transfers the call to the remote gateway, which transfers it to theremote CO.

NOTE The carrier or subscriber can choose to terminate some off-net numbers at thegateway and PBX of the VPN’s network, rather than at the carrier’s own gateways.

6. The call is transferred by the CO to the requested off-net number (e.g., 228-700).

Page 14: VocalTec VOIP Virtual Private Network White Paper · VocalTec VOIP Virtual Private Network White Paper Release 1.4 January 2001. VocalTec Communications VocalTec - VPN White Paper

VocalTec Communications

VocalTec - VPN White Paper Page 13 03/14/01

GlossaryGlossaryAAA Authorization, Authentication, Accounting

ARQ Admission Request. H.225 call setup request message sent by the gateway tothe gatekeeper for permission to make a call.

CarrierGateways

Gateways deployed by the service provider

CPE Gateway Customer Premises Equipment gateway, deployed at a company’s localbranch

CDR Call Detail Record

H.225 Call setup and termination between gateways

H.235 Security definition.

H.245 Control channel for H.323, capability exchange, commands and indications/

H.323 ITU-T standard for real-time voice and video over non-guaranteed networks.

LCR Least cost routing

LDC Long distance calls.

Off-Net Calls to public number outside a private dialing plan using VPN access.

On-Net Calls between two parties using the same private dialing plan.

RAS Registration, Admissions, Status of H.323 .

VOIP Voice over IP

VPN Virtual Private Network. In this document, VPN refers to a Voice over IP(VOIP) VPN.

VGW VocalTec Telephony Gateway, provides a bridge between packet networks(Internet/Intranet) and the Public Switched Telephone Network.

VGK VocalTec Gatekeeper, the intelligent IP telephony control server, providingaddressing, routing, and system security.

VNM VocalTec Network Manager, the network management workstation, used tocentrally manage and monitor all the VocalTec architecture components.