System and Network Management

Hi all,

We are close to exceeding the number of IPs in our voice subnet and so I would like to move the phones to their own subnet.

Are there any issues with having the servers in one subnet and the phones in another? When we set this up 5 years ago, the tech seemed to think the servers and phones needed to be on the same subnet.

We have CM 6.3, AAM, AES, CMS. Do we need to change anything aside from the IP pools (DHCP is running on the g450) before rebooting all phones? Network admin will look after the vlan, POEs, IP Helper.

Thanks,
Elizabeth

We are Using phones in different subnets and different Vlans than our servers without any Problems.
Regards
André

In Reply to Andre G:

We are Using phones in different subnets and different Vlans than our servers without any Problems.
Regards
André

Thanks, Andre, for the confirmation.

There should be no issues. Just remember that you need to have unfiltered access between the routed subnets. So you need to make sure you don’t have any firewalls or other devices that would block traffic between the networks.

-Nick

From: Elizabeth Backler [mailto:iaug-sys-net@lists.iaug.org]
Sent: Tuesday, March 01, 2016 11:42 AM
To: iaug-sys-net@lists.iaug.org
Subject: [IAUG Forums] - Changing IP pool


Hi all,

We are close to exceeding the number of IPs in our voice subnet and so I would like to move the phones to their own subnet.

Are there any issues with having the servers in one subnet and the phones in another? When we set this up 5 years ago, the tech seemed to think the servers and phones needed to be on the same subnet.

We have CM 6.3, AAM, AES, CMS. Do we need to change anything aside from the IP pools (DHCP is running on the g450) before rebooting all phones? Network admin will look after the vlan, POEs, IP Helper.

Thanks,
Elizabeth

-----End Original Message-----

firewalls are no problem at all if you know which ports to forward.
we have up to two firewalls between our core servers (communication
manager, session manager, aes, ...) and everything works fine. to be
honest: the specialists who setup our system were not able to tell in
detail which ports had to be opened, but we were able to use there
information, check what works or not and find out on firewall side which
ports were blocked. so we were able to open all necessary ports. it was
a hard piece of work... but it does work. so firewalls are not a no-go.

regards,
andre

Am 01.03.2016 um 20:30 schrieb Kwiatkowski, Nicholas:
>
> There should be no issues. Just remember that you need to have
> unfiltered access between the routed subnets. So you need to make
> sure you don’t have any firewalls or other devices that would block
> traffic between the networks.
>
> -Nick
>

--
Andre Gronwald
andregronwald78@gmail.com

The issue with VoIP is that it will pick random UDP ports for the bearer path. Essentially, you end up opening up all the UDP ranges between devices (or at the least, wide ranges). The TCP ports are pretty predictable.

The biggest concerns are usually ALGs (Application Layer Gateways) and/or delays caused by equipment inspecting /every/ packet. Having a firewall add 15ms of delay can start to become an issue if you start having other pressures on your network that add delays to voice paths.

-Nick

From: Andre Gronwald [mailto:iaug-sys-net@lists.iaug.org]
Sent: Tuesday, March 01, 2016 2:59 PM
To: iaug-sys-net@lists.iaug.org
Subject: [IAUG Forums] - RE: Changing IP pool

firewalls are no problem at all if you know which ports to forward.
we have up to two firewalls between our core servers (communication manager, session manager, aes, ...) and everything works fine. to be honest: the specialists who setup our system were not able to tell in detail which ports had to be opened, but we were able to use there information, check what works or not and find out on firewall side which ports were blocked. so we were able to open all necessary ports. it was a hard piece of work... but it does work. so firewalls are not a no-go.

regards,
andre
Am 01.03.2016 um 20:30 schrieb Kwiatkowski, Nicholas:
There should be no issues. Just remember that you need to have unfiltered access between the routed subnets. So you need to make sure you don’t have any firewalls or other devices that would block traffic between the networks.
-Nick



--

Andre Gronwald

andregronwald78@gmail.com<mailto:andregronwald78@gmail.com>

-----End Original Message-----

I don't believe that is an issue in our network.

We have CM 6.3, AAM, AES, CMS. Do we need to change anything aside from the IP pools (DHCP is running on the g450) before rebooting all phones?

Thanks

In Reply to Nick Kwiatkowski:

The issue with VoIP is that it will pick random UDP ports for the bearer path. Essentially, you end up opening up all the UDP ranges between devices (or at the least, wide ranges). The TCP ports are pretty predictable.

The biggest concerns are usually ALGs (Application Layer Gateways) and/or delays caused by equipment inspecting /every/ packet. Having a firewall add 15ms of delay can start to become an issue if you start having other pressures on your network that add delays to voice paths.

-Nick

From: Andre Gronwald [mailto:iaug-sys-net@lists.iaug.org]
Sent: Tuesday, March 01, 2016 2:59 PM
To: iaug-sys-net@lists.iaug.org
Subject: [IAUG Forums] - RE: Changing IP pool

firewalls are no problem at all if you know which ports to forward.
we have up to two firewalls between our core servers (communication manager, session manager, aes, ...) and everything works fine. to be honest: the specialists who setup our system were not able to tell in detail which ports had to be opened, but we were able to use there information, check what works or not and find out on firewall side which ports were blocked. so we were able to open all necessary ports. it was a hard piece of work... but it does work. so firewalls are not a no-go.

regards,
andre
Am 01.03.2016 um 20:30 schrieb Kwiatkowski, Nicholas:
There should be no issues. Just remember that you need to have unfiltered access between the routed subnets. So you need to make sure you don’t have any firewalls or other devices that would block traffic between the networks.
-Nick



--

Andre Gronwald

andregronwald78@gmail.com<mailto:andregronwald78@gmail.com>

-----End Original Message-----

absolutely right, but udp ports are in cm ranged from 2048 to 3xxx if i
remember correctly, so it is a range, but it is even predictable. and it
is just udp.
on the other hand if you have well working firewalls you may configure
them to only inspect connections on initiation and let pass them if the
connection is established. in our environment we have round-trip times
(from endoints some hundred kilometers away through 2 firewalls to our
endpoints) which doesn't affect the quality (to be honest: i am not able
to measure it within our environment, so i just can tell you, we are
very happy with the quality).

nevertheless you are completely right. such complex infrastructures have
to be maintained by knowledged people (it is not me who isknowledged,
but our network guys do a good job).

regards,
andre

Am 01.03.2016 um 21:06 schrieb Kwiatkowski, Nicholas:
>
> The issue with VoIP is that it will pick random UDP ports for the
> bearer path. Essentially, you end up opening up all the UDP ranges
> between devices (or at the least, wide ranges). The TCP ports are
> pretty predictable.
>
> The biggest concerns are usually ALGs (Application Layer Gateways)
> and/or delays caused by equipment inspecting /every/ packet. Having a
> firewall add 15ms of delay can start to become an issue if you start
> having other pressures on your network that add delays to voice paths.
>
>