This is chapter 3 of a multiple chapter learning exercise for those looking to buy a phone system for their business.
If you want to read chapter 2, you can find that here: The Early Days of the Business Phone System
We are going to take a real jump here – talking about the history of the phone system (chapter 2) and moving into a discussion of Voice over IP quite quickly. Most of the terms and discussions in this chapter and in this business phone system series are moving forward with the presumption of a basic understanding of Voice Over IP – what is VoIP and how does it work?
What is Voice over IP (What is it?)
Even a discussion of phone lines requires an understanding of VoIP. Therefore, we will take a look at VoIP and then move back into discussing phone lines (circuit switched and VoIP).
IP means Internet Protocol, or in the data world, means packets. Essentially, what happens in VoIP is that voice packets are compressed into streams of data packets (IP packets), sent along the data path to their destination (the person at the other end of the phone), uncompressed, and played back at the other end. Now, that is a very simplistic explanation, and encapsulated within that very brief description are some fairly critical underlying issues which need to be further analyzed.
The key term in the above explanation is “Data Path”. What data path are the IP packets getting sent to? If the data path is the Internet, then the voice is subject to the vagrancies of the Internet itself – a poor quality data path will result in a similarly poor voice quality. If for example, the data path that the voice is getting transmitted to and from is excellent, then the voice quality will in turn be excellent. The Internet is never perfect however – it is possible to have packet loss (where a packet just gets lost).
Packet loss is quite typical in all applications of network design. If a data packet is getting sent from point A to point B and the packet gets lost, then the receiving end will request a retransmition of the packet (the protocol that controls packet retransmission is known as TCP – or transport control protocol). There is, of course, no point in retransmitting a lost packet in the voice world. A lost packet in the voice world is useless – by the time the packets get retransmitted in the voice world, the conversation has moved on. A lost packet means a dead spot in the conversation. So, instead of hearing: “Hello Mark. It’s a beautiful sunny day here”, which is what the sender is saying, the recipient of this (where a packet might have been lost) will hear: “Hello Mark. It’s a (dead air) here”.
Critical Issue – DELAY
Another issue which is critical to a successful VoIP implementation is DELAY. An IP packet gets transmitted normally in a very timely fashion. Therefore, the recipient will receive a continuous stream of packets every…let’s say 40 milliseconds. In this case, there is a 40-millisecond delay between when the sender sends the packet to when the recipient receives the packet. If the continuous IP packet delay is 40 milliseconds on both sides for the entire flow of conversation, then that would make for a clean VoIP conversation. However, it never happens exactly as planned.
You see, in a data world, especially when packets are getting sent over the Internet, packets can get delayed. If the delay is too long, then it might appear as though the packet is actually lost. Let’s say for example, that we expect a 70-millisecond delay from sender to recipient. Therefore, every word that is said on the sending side is played out 70 milliseconds later on the recipient side. Packets are then coming out as follows: 70, 70, 60, 50, 40, 70, 70, 130, 70…and so on. The packet that arrived 130 milliseconds later will appear as a dead zone in the conversation, or essentially, be not that much different from a lost packet (as described in packet loss earlier). Delay and packet loss are therefore two of the more critical issues that need to be addressed in the VoIP world.
The Problem of Echo
Other issues for consideration that affect the quality of voice include issues like echo (when you speak and can actually hear what you have just said coming back to you a few milliseconds later), and jitter.
The above are IP issues. These issues need to be considered whether sending voice over the Internet, or even in an in office network. It is certainly possible for an internal corporate network to itself get flooded with data, and in turn, experience these issues. On an internal network you can install a QoS (quality of service) switch which will prioritize the voice packets over the data packets on the internal network. Installing a QoS enabled router between two offices with data packets running over the Internet will NOT necessarily fix voice-related issues. That is because the voice packets are still running over the Internet, and remember, there is NO guarantee, as we discussed earlier, when sending voice over the Internet.
How do we overcome these issues?
QoS is probably one of the most critical pieces. If we can GUARANTEE QoS, then we can GUARANTEE voice (as much as anything can ever be guaranteed). Therefore, if we wish to connect two offices together in a VoIP mode, or have someone working from home using VoIP, and you want perfect voice, then you will need to purchase POINT-to-POINT bandwidth.
This has been a frequent issue when dealing with customers. Perfect costs money in a VoIP world. I have many customers connecting home workers in the branch offices in Montreal, Vancouver, Chicago…without any problems whatsoever. I have other customers connecting two offices together, one two blocks away from the other, with terrible voice quality. If you use the Internet as your point of medium, then, and I will repeat what I said earlier, your voice will be subject to the vagrancies of the Internet.
My VoIP Formula:
Terrible Internet / data communication = Terrible voice
Amazing Internet / data communication = Amazing voice
Otherwise known as:
Gargage In, Garbage Out
Amazing Voice: How do we get that? That elusive “Amazing” voice. It costs money. So, no matter how you are doing VoIP, remember, if it is free, there is no guarantee of it being perfect. And that is internal VoIP within the office (you need a QoS enabled switch), or a point-to-point data network.
Now, I touch on a critical issue – DESIGN.
Having reviewed the above, the right infrastructure needs to be designed. Internally (VoIP enabled phones within the office) or externally. If you wish to use the Internet, you can still do things that will improve the design and quality.
We understand voice. We understand VoIP, and the issues required in order to make this work properly. From: initial consultation meetings, explanation, cost analysis, proposal, implementation, installation, end-user training, system administration training, and after-sales service and support.
TCP vs. UDP
For those more technically inclined, voice packets are almost always sent via the UDP protocol (instead of TCP). TCP, otherwise known as Transmission Control Protocol, and the User Datagram Protocol (UDP) operate at layer 4 of the Internet Protocol stack. TCP is a connection oriented protocol and is responsible for ensuring the delivery of packets to its destination endpoint. If a packet fails in TCP mode then that packet is re-transmitted.
Voice packets are generally sent via a UDP mode. UDP is a connectionless protocol and does not provide acknowledgement, and is used in place of TCP where packet receipt verification is not required. If a voice packet fails in a VoIP call there is no point in re-transmitting that packet. The packet size of a UDP packet is less then the packet size of TCP packet.
The purpose here is not to make the reader an expert on security issues, but to raise awareness on the issues of VoIP hacking, denial of service, and ‘sniffing’. In addition, one other area of concern is in the area of SIP trunking (SIP will be addressed later in this book). A quick explanation: SIP trunking lets you bypass the public switched telephone network (PSTN) and use your Internet connection to link to a VoIP service provider. Unfortunately, given the open nature of SIP endpoints, there are tools out there for attacking SIP endpoints. Both SIP trunks, and SIP endpoints need to find a way behind the network firewall.
The traditional PSTN network was designed based on trust – only a real phone company had a phone switch. No authentication is done on information from other switches – even things like caller ID. That is why the PSTN network is quite secure. Certainly, there are issues like toll fraud; however, the PSTN network is accessed via DTMF (dual tone multi-frequency – i.e. touch tone). The VoIP world, which also uses DTMF, is also accessed through the network – a much harder element to control.
In a SIP mode, call routing is partially controlled by the DNS. Is it possible to corrupt the DNS? Under certain circumstances, it isn’t that hard to do. By creating fake DNS entries it is possible to reroute the call to go via an intercept station. Moreover, link eavesdropping and DNS attacks are straightforward. The task is easier here; proxies don’t (usually) move around. VoIP providers are high-value targets since they process many calls.
Is it possible to hack the VoIP proxy servers?
Certainly — why not? Conventional phone switches can be (and some are) hacked, but there is a big difference: the attacker can speak a much more complex protocol to a SIP switch than to a PSTN switch, which means they are more vulnerable. It is hard to do too much damage with just a few touch-tones! It is hard to hide an IP address. Why? Because the legitimate recipient sees the sender’s source IP address, and this leaks location data.
Again, the purpose here is not to make the reader an expert on VoIP security issues, but merely to raise awareness of these issues and ensure that they are addressed as part of the network and security design. In addition, keep in mind as you assess which direction you wish to head in that the security issues in the VoIP world are much greater in the SIP trunking, and SIP endpoint side, i.e. the hosted PBX and Hybrid mode (which will be discussed later in this book). VoIP endpoints connected to an internal traditional circuit switched phone system where all phones sit behind the firewall does not carry the same security risk since these IP-based endpoints must be VPN tunneled into the network.
This is an IMPORTANT POINT TO REMEMBER!
To highlight, some of the more common VoIP issues to consider:
Issue: Denial-of-service (DoS) attacks: Prevention of access to a network service by bombarding SIP proxy servers or voice-gateway devices on the Internet with inauthentic packets.
Solution: Configure devices to prevent such attacks.
Issue: Eavesdropping: Unauthorized interception of voice packets or Real-Time Transport Protocol (RTP) media stream and decoding of signaling messages.
Solution: Encrypt transmitted data using encryption mechanisms like Secure RTP.
Issue: Packet spoofing: Impersonation of a legitimate user transmitting data.
Solution: Send address authentication (for example, endpoint IP addresses) between call participants.
Issue: Replay: The retransmission of a genuine message so that the device receiving the message reprocesses it.
Solution: Encrypt and sequence messages; in SIP, this is offered at the application-protocol level by using CSeq and Call-ID headers.
Issue: Message integrity: Ensuring that the message received is the same as the message that was sent.
Solution: Authenticate messages by using HTTP Digest, an option supported on many SIP-enabled phones and the SIP Proxy Servers.
From a feature perspective, a VoIP handset on the inside of the network does not really offer much benefit. Anything you can do with a VoIP handset you can also do with a digital (TDM) handset, and similarly, anything you can do with a VoIP phone you can also do with a digital set,
EXCEPT, a VoIP phone provides greater flexibility on an internal or external network when designing a phone network disaster recovery plan in an N+1 (explained later) scenario. A digital set requires a dedicated digital station port. The digital port goes dead and you lose your phone. An IP phone can be authenticated to an IP switch with a fail-over to an alternate IP switch.
VoIP Wrap Up:
This is a difficult beginning to the book, but an important precursor to the other issues that need to be addressed. And as I mentioned earlier, an understanding of some of the common terms and issues involved in VoIP is important to understanding the balance of this book.
Do you know the role of TDM circuit switch in Business Phones?
This was chapter 3 of the series: How to Buy a Phone System for Your Business..
Read Chapter 4 – Role of TDM circuit switch in a Business Phone System