Is Your Network Ready for VoIP?

Gary Hemminger
Director, Product Marketing
Foundry Networks
ghemminger@foundrynet.com

Foundry Proprietary - Copyright 2006

 Is Your Network Ready for VoIP?

VoIP vs. Data in an IP world

VoIP Network Quality Issues
VoIP and Data Security
The Forgotten Factors
– Power Management
– Environment Costs
Choosing Network and IP Telephony Vendors

Page 2 / 14
Foundry Proprietary - Copyright 2006
 VoIP vs. Data in an IP World

In an IP network the default is to deliver the data in a best effort, “net neutral”
manner, independent of content
– This means that traffic with specific delivery requirements, like VoIP, may not be delivered
successfully
– It also means large volumes of data traffic could swamp voice traffic and increase latency
& jitter to unacceptable levels for human speech
What are latency and jitter, and why are they important to VoIP traffic?
– Latency refers to a delay in packet delivery
– Jitter is the variation in the time between packet arrival
– Both are affected by network design, quality of service, queue arch.
In the world of IP, Data is not very sensitive to latency or jitter.
– Instead, data is loss sensitive. Eg. File transfer likes error free communications
But VoIP traffic is very sensitive to latency & jitter
– Human voice conversations require specific delay characteristics and small variations in
“packet” arrival times.
How do we guarantee VoIP traffic is delivered with low latency and jitter, with
higher priority that normal data traffic, to ensure high quality voice calls?

Page 3 / 14
Foundry Proprietary - Copyright 2006
 Quality of Service
Guaranteed VoIP Network Call Quality

Call Manager
Converged Traffic

VoIP
Traffic
Data
QoS guarantees VoIP call has
Traffic
highest priority

QoS network configurations insure that VoIP traffic is delivered with guaranteed quality
QoS takes advantage of high speed buffering and prioritization in the switches/routers
to deliver traffic at high, low, medium priority (with a variety of algorithms)
QoS config uses priority bits in the L2 or L3 headers to signal priority
– L2 standard is IEEE 802.1p, L3 is DSCP/ToS
Configuring this across the entire network can be very tricky & hard to validate

Page 4 / 14
Foundry Proprietary - Copyright 2006
 QoS Solution – Provide Automatic
Honoring of L2/L3 QoS Priorities

Layer 3 QoS Support

PoE Chassis
Simple mapping mechanisms
for L2 to L3 QoS mapping and
remarking

Layer 2
PoE Stackable
QoS Support

• Automatic honoring of 802.1p and DSCP • Cisco

• Mitel
• Eliminates manual configuration • Avaya
• Siemens
• Insures VoIP traffic gets high quality • Nortel
• Shoretel

Page 5 / 14
Foundry Proprietary - Copyright 2006
 Phone Discovery & Security Management

It is normal practice for IP Phones to be

placed on separate VLAN from the data Call Manager DHCP Server
traffic
– This is for security and management reasons
How does the Voice VLAN get assigned to
the phone?
– Phone is manually programmed CDP or LLDP
– DHCP server assigns it
– CDP network assigns it
– LLDP network assigns it and provides enhanced
security and endpoint discovery 20
AN
How do you provide endpoint security for VL
the phone and the PC if they share the
same port?
– What if PC uses 802.1x Radius? 10
10 20 ?? AN
L
– Most phones do not have .1x supplicant L AN L AN AN
V
V V VL
– Can we combine MAC and Radius authentication?

Page 6 / 14
Foundry Proprietary - Copyright 2006
 Embedded L2/L3 Switch Security Support

L2/3 Network Security Concerns

-Denial of Service (DoS) attacks
-Spoof attacks
-Rogue wireless Foundry Integrated Security
App & Web Servers Features
DoS attack protection
CPU protection
Rate limiting
Hardware-based ACLs
DHCP, ARP, IP spoof protection
Access Rogue AP detection & suppression
Policy
Access policy enforcement
Threat control enforcement
Radius, DNS, DHCP Embedded sFlow traffic monitoring
Network Switches, Routers, & Access Points

Multiple endpoints
Call Manager
IEEE 802.1x + MAC Authentication

Page 7 / 14
Foundry Proprietary - Copyright 2006
 Solution –Converged Network Security
Solutions
sFlow-based Anomaly + Signature Defense
Zero-Day Anomaly IDS Signature IDS
Open Source
Applications Closed
Loop
Security
sFlow Net Mgmt
sFlow
App & Web Servers
Threat
Control
Foundry IronShield Security:
• sFlow based security analysis
• Intrusion Prevention thru Snort
Access
• Zero-day anomaly detection
Policy • INM security policy manager

Radius, DNS, DHCP

Network Switches, Routers, & Access Points
sFlow embedded in Foundry
switches and routers
Call Manager
Multiple endpoints
IEEE 802.1x + MAC Authentication

Page 8 / 14
Foundry Proprietary - Copyright 2006
 Forgotten Issues…Power Management
RPS Call Manager

Providing power for each phone

is costly both in labor and in the
backend power requirements
Switch
Midspan power injectors can
provide PoE, but are another
failure and mgmt point
Midspan
Power Injector Most PoE switches require
external power supplies to
provide redundancy in case of
UPS power supply failure

These options are too costly, do

not provide resiliency, and are
hard to manage

Page 9 / 14
Foundry Proprietary - Copyright 2006
 Solution – Integrated, Redundant,
Hot-Swappable Power

Internal, redundant, hot-

swappable AC and DC power
supplies eliminates need for
external power devices and
additional management
Internal, hot-swappable, load sharing power supplies
elements (AC and DC)
Power upgradeability– can start
without PoE and easily add it
without system impact
– Support in both
stackable/chassis products
Automatic detection of legacy
power and standard (802.3af)
PoE devices makes IP handset
installation & configuration easy Redundant PoE Power Redundant System
supplies Power supplies
Power Management designed
for converged switching

Page 10 / 14
Foundry Proprietary - Copyright 2006
 Forgotten Issue…Environmental Costs

Foundry SX1600 Other Vendor

Similar configurations
-384 ports of 10/100/1000 PoE
-2 ports of 10 Gig
-Redundant Power
-Redundant Mgmt Modules
-List Price

Comparison based on data found on public web sites

Page 11 / 14
Foundry Proprietary - Copyright 2006
 Forgotten Issue…Environmental Costs
Environmental Factors Costs
US$
200,000

180,000
Cisco Vendor
Other 6509
160,000 Foundry SX1600
140,000

120,000

100,000

80,000

60,000

40,000

20,000

-
Year1 Year2 Year3 Year4 Year5

Approx. $60,000 savings over 5 years

…and this is just for a single switch!
Page 12 / 14 Comparison based on data found on public web sites
Foundry Proprietary - Copyright 2006
 Choosing Network and IP Telephony Vendors

Do you go best-of-breed or single source?

Best-of-breed strategy provides flexibility for future network and
VoIP changes & keeps costs in check
Choosing the network and VoIP vendor separately insures you
have the best solution for your environment
Single source means higher costs
Vendor network and VoIP equipment is highly interoperable now
– Foundry has reference accounts with Cisco, Nortel, Avaya, Mitel,
Shoretel, Siemens, Sphere, Lucent, and others

Don’t forget the Forgotten Factors (Power & Environmentals)

Page 13 / 14
Foundry Proprietary - Copyright 2006
 Foundry’s Open Voice Over IP Solutions
Supporting Industry’s Best-of-Breed IP Telephony Solutions

BigIron
BigIron RX
RX Backbone
Backbone

FastIron SX 800 and SX 1600

FastIron SuperX With POE
GS624P/GS648P FastIron X424-POE with POE

Avaya Mitel Nortel IP Cisco IP Siemens Shoretel

DevConnect Solutions Telephony Telephony HiPath Solutions
Premier Partner Solutions Solutions Partner Partner
Member

Page 14 / 14
Foundry Proprietary - Copyright 2006
DISCLAIMER
Although Foundry has attempted to use accurate
information, Foundry assumes no responsibility for the
accuracy of the information or any use thereof. The
information is provided “as is” and Foundry disclaims
any warranty of any kind.

Foundry Proprietary - Copyright 2006

Foundry Proprietary - Copyright 2006