Solved: 30 Offices VPN with VoiP

tsipoulanis · ‎02-05-2016

hallo everyone,

I have (maybe) a stupid question for you, i am not expert in VoiP but working in Networking.
in our company we have a MPLS Solution which is working properly, everyone can call from one office to another.

we want an other solution now.

one suggest to create VPNs (Site to Site).

my opinion is to create a DMVPN, which can give us a connection / communication from all of our offices to each other.

I think that is really important because for a VoiP communication need a direct communication from one telefon to the other. If i am correct at first need communication to Call Manager to find the Destination, but then there is a direct communication without the Central Location, is that right?

if yes, with a normal site to site VPN i understand 2 Difficultes.
1. the traffic must be pass through the Central to be routed to the destinatio.

2. is not possible to communicate 2 telefones from different location.

I will appreciate your opinion.

Thomas

Mohammed al Baqari · ‎02-05-2016

Hi,

MPLS will always be better than VPN solution for the fact that you can control QoS along with your MPLS provider as highlighted by Chris. In VPN, the moment traffic leaves your internet gateway, it will be up to global carriers on how to route traffic. I have seen scenarios where VPN from Singapore to Malaysia was crossing Japan and US as transit hops which was causing very poor quality.

On the other hand, I have seen VoIP over VPN in many networks and works well. You need to have indepth understanding for global routing to take the final decision.

Now, with regards to what VPN technologies, definitely Phase 3 DMVPN is the way to go. This can provide spoke to spoke connectivity which will reduce delay, jitter, and packet loss chances. On top of this you can have GET VPN to speed up keying mechanism.

Below is a Cisco doc which provide very detailed analysis for VoIP over DMVPN. Very good to read before proceeding.

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/VoSDMVPN.html

View solution in original post

Chris Deren · ‎02-05-2016

Why would you convert MPLS to VPN? is it cost? Site-to-Site VPN might be OK for data, but for voice there is no QoS that you can apply which can lead to poor voice quality. With that being said I have customers that have phones connected to VPN sites and for the most part they work OK. As long as you have proper routing between the site and location hosting your call processor (i.e. CUCM) and then routing between the endpoints, and you are willing to eliminate QoS then that is definitely an option.

tsipoulanis · ‎02-05-2016

yes, the main reason is the cost.
thats why i present a solution with DMVPN VPN which can give us a spoke to spoke solution.
the point is how to make them understand that a normal site to site VPN from each Site to the Central is not to proper for our Network.
as i understand the telefons (VoiP) will not work because (for sure) they must be on the same Network, or

if it will with site to site, all the traffic from one site must be pass through the central which is not correct and of course will be huge performance and quality issues.

Chris Deren · ‎02-05-2016

That is a big drawback. This is no different than hub/spoke old days Frame-Relay where you need to worry about the aggregate bandwidth at the hub location.

My advise would be to stick to MPLS, otherwise deal with this issue. No silver bullet here.

tsipoulanis · ‎02-05-2016

as i said to Mohammed, my plan is to have 2 DMVPN, one only for the VoiP and the second for the rest of the traffic. and if we have an issue to one provider or site, then it will work through the second DMVPN until the issue will be solved.

my question is, if we go to VPN solution, is the DMVPN solution better or the only solution we need instead of the site to site for each location?

Mohammed al Baqari · ‎02-05-2016

Hi,

MPLS will always be better than VPN solution for the fact that you can control QoS along with your MPLS provider as highlighted by Chris. In VPN, the moment traffic leaves your internet gateway, it will be up to global carriers on how to route traffic. I have seen scenarios where VPN from Singapore to Malaysia was crossing Japan and US as transit hops which was causing very poor quality.

On the other hand, I have seen VoIP over VPN in many networks and works well. You need to have indepth understanding for global routing to take the final decision.

Now, with regards to what VPN technologies, definitely Phase 3 DMVPN is the way to go. This can provide spoke to spoke connectivity which will reduce delay, jitter, and packet loss chances. On top of this you can have GET VPN to speed up keying mechanism.

Below is a Cisco doc which provide very detailed analysis for VoIP over DMVPN. Very good to read before proceeding.

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/VoSDMVPN.html

tsipoulanis · ‎02-05-2016

exactly, i know how internet is working and of course the benefits of MPLS.
end finally as you said my recommandation is the correct one, compering the Site to site VPN my colleague said.
I did my research, because all the time I work with cisco equipments and finally thats why i went to DMVPN Solution.
that means with S2S VPN the VoiP with not work because there is no connection between Sites.
correct?

For a better Quality i found the "Performance Routing" and also i will use the dual DMVPN solution. One DMVPN will be for the VoiP traffic and the second one for the rest of the Traffic

Mohammed al Baqari · ‎02-05-2016

S2S can work but to achieve full mesh you need to configure 2^30 - 1 vpns which isn't scalable. Otherwise all the traffic should pass through hq. With dmvpn this can be done dynamically

tsipoulanis · ‎02-05-2016

exactly, that makes sense...
ok, then i am correct in my perspective.
thank you very much Mohammed