Saturday, August 30, 2008

Edgewater Networks EdgeMarc 4500 Installation Notes

Wanted to update all on the install of the EdgeMarc 4500 devices for our customer last week.

Getting into the units was pretty easy. Power them up, plug into LAN port 4. The unit is setup with DHCP enabled and configured for Fire up the web browser and point it at that IP. Default login is root with a password of default. I changed the IP which caused the unit to reboot (a little to my surprise). The VLan enable check box is on this page, if you enable VLans, the only port that is not a trunk port is LAN port 4.

When changing the IP, the EdgeMarc does not update the default DHCP table. You'll need to statically setup an IP in the new address range you just setup for the new LAN IP. One piece on the DHCP page that is missing is the ability to pass a DNS domain name in the DHCP scope. I'd really like to see this changed as DNS is so important to the sipX world.

I configured VLans 1 (data) and 2 (voice) at each site. Put LAN ports 1, 3 and 4 into VLan 1 and port 2 in VLan 2. I setup the 3 devices we got in a fully meshed VPN configuration. To get ports statically into a particular VLan the port must be configured for 802.1 instead of 802.1q (trunk port).

Routing between VLans is enabled by default. I didn't try to block any traffic between VLans for this application.

In defining tunnels I could only specify one to one subnets (unlike on a Cisco ASA or PIX). So I had to create a tunnel for each VLan and each site (Data to Data, Phone to Phone, Data to Phone and Phone to Data). What a pain... but it works. With 3 sites fully meshed I ended up with 8 VPN definitions at each site.

Once the basic configs were done I went into the QOS setups and prioritized traffic from each of the Voip cards outbound.

The only gotchas for me with these units are the reboots after many of the changes and the lack of a DNS Domain option in the DHCP configuration. Looking forward to testing these as a SIP failover device.


Saturday, August 23, 2008

Edgewater Networks EdgeMarc

Finally got my hands on a couple of Edgewater Networks EdgeMarc devices yesterday. I have to say, they really seem like the 'magic bullet' for almost any kind of Internet based VoIP solution.

  • Build in Firewall
  • VPN capabilities
  • Traffic Shaper (by ToS, DSCP, IP Address)
  • WAN Router with up to 4 T1's (MLPPP support)
  • FXO / FXS Gateway
  • 4 Port Network Switch
  • 802.1Q VLan Support
  • Call Quality Monitoring device
  • Local NAT / DHCP
  • Local TFTP and FTP Server
  • Optional Site Survivability
  • SIP NAT Traversal & Application Layer Gateway
The units I got were 4500 series for a particular project and don't have the FXO / FXS ports so I am unable to test that functionality with sipX. In this particular project I need to interconnect 3 sites that have traditional PBX's with proprietary VoIP trunk cards in them, prioritize that traffic over everything else and mesh VPN the sites. I plan on creating a separate VLan for the VoIP cards and plugging the VoIP card directly into one of the switch ports on the EdgeMarc, and prioritizing all of that IP address' traffic outbound.

The site survivability for SIP is an optional component that must be licensed. It monitors the availability of a PBX (via various methods including Ping) and if that connection is not present can re-route calls out a PSTN connection connected to the unit or to a gateway at that site.

The firewall pages could use a little 'dressing up' for creating rules and NAT translations. The GUI management is not as slick as a typical firewall device.

I'll planning on getting in a couple units for testing with some FX ports... when then 'crazy season' ends.


Friday, August 15, 2008

Comments around the web on Nortel's Acquisition of Pingtel

The industry seems to be all a twitter (pun intended) about Nortel buying Pingtel. I'm really hoping they don't mess up a good thing with the acquision. I'm encouraged by the cross pollination that has been going on for about a year with the developers working together.

Ken Camp blogged about the Pingtel acquisition today... Ken always brings a unique perspective on things.

Raltime Unified Communications Blog

Over at OS-Voip they feel it is a big day for Open Source Voip. For sipX the real boost came about a year ago when Nortel started contributing to the development. I really think they were just doing their due dilligence.

OS-Voip Blog

Over at the Hyperconnected Enterprise, Tony Rybczynsk of Nortel writes briefly about the acquisition.

The Hyperconnected Enterprise Blog


Thursday, August 14, 2008

Nortel purchases Pingtel Assets from Bluesocket

This just seems like a better fit for Pingtel rather than being with Bluesocket... That's not meant to be a knock on Bluesocket...

Here's the press release from Nortel's site: Press Release

Scott Lawrence from Pingtel posted this to sipX-users:

Effective last Monday (11 Aug), the assets of the former Pingtel have been purchased by Nortel Networks Corporation [1]. As most members of our community will have noticed, Nortel has been a major supporter of the sipXecs project for over a year now, with many Nortel employees making important contributions. The Nortel SCS 500 is based on sipXecs.

I'm happy to say that the entire Pingtel team has moved to Nortel, and that our commitment to the sipXecs open source project is unchanged. The project goes on as it has been; indeed, with the greater resources of Nortel behind it, we expect to be able to expand our scope considerably.

This will not affect any of the project infrastructure - all the lists and other resources remain the same. There will be some brief outages in some services when we move some of the servers to a Nortel facility, but these should not last more than a few days. You'll see the email addresses change to addresses.

Having this kind of commitment from an industry leader in telecom is a great endorsement of all that the sipXecs community has achieved. To all of you who have contributed your ideas, your enthusiasm, and your code: thank you again, and I hope you'll join me in celebrating this new milestone.

Saturday, August 9, 2008

SIP NAT Traversal

So, you've got your fancy SIP phone system all setup and now you want to connect it to the outside world (to an ITSP or to another SIP PBX). Some may be lucky enough to have NAT traversal built in but many are not. Even if you do have NAT traversal built into your product, how secure is it? Does it support near-end and far-end NAT traversal?

What is the problem with SIP and NAT? It was detailed very well at freshmeat in a tutorial. NAT Traversal for the SIP protocol

In the sipX world we'll need to wait for release 4.0 for NAT traversal to be built in.

In the mean time here are some possible solutions.

Ingate - Ingate's Siparator or SIP firewalls are secure and reliable means of getting near and far-end NAT traversal. The remote NAT traversal is an option that allows for configuration-free (client side) NAT traversal or allows you to set it up as a STUN server. I've used Ingate's products many times and am very happy with their support and configuration options.

Edgewater Networks - I haven't had a chance to work with these products yet but their Edgemark line of equipment looks very promising for Internet edge connectivity.

OpenSBC - Seems to be one of the more popular choices in the open source world. I haven't tried it myself as I've really needed some commercially supported solution like the Ingate. If somebody has tried it please comment...

Others people like?

Tuesday, August 5, 2008

Update on Polycom Firmware

Got an e-mail from a reader who talked with Polycom engineering. Looks like 3.1.0 is 6 weeks out... So it's looking like middle of September.

Saturday, August 2, 2008

New Polycom Firmware on the way

Polycom SIP firmware version 3.1.0 is due around the end of August. We knew it was coming as Pingtel said they were testing an engineering release, we just didn't know when... and now we do!

The big news for this firmware is Polycom finally supporting the Music on Hold (MoH) standard that sipX utilizes (the Dale Worley IETF Draft)

This will be a huge boost for users of the system!

At present the Snom phones are one of the few who support MoH on sipX.

Here's the sipX MoH page: MoH Page