Going in head first!

Discussion in 'General' started by leon.a, Oct 21, 2010.

  1. leon.a

    Joined:
    Oct 21, 2010
    Messages:
    5
    Likes Received:
    0
    All I'm after is a shove in the right direction :)

    We are looking to move my small company over to Asterosk with Yealink handset to standardise the phone system and just generally make things nicer. Problem is we have 6 sites in 6 different locations (Japan, China, Hong Kong, Thailand, Malaysia and Singapore) and several "remote" users - mainly in the US. Only about 60 users max, roughly 10 at each location. Network consists of a Cisco ASA5505 in Japan, with each site using a m0n0wall based router using IPsec to Japan. I'll have to beef up the m0n0wall devices and install pfsense - right now its just basic Alix boxes, at the very least they need vpn accelerators.

    I have 3 concerns -

    Incoming phone numbers - I'm guessing we just keep PSTN lines and put them into a FXO device?

    Outgoing Caller ID - preferably the same as the incoming phone numbers - I guess that depends on the provider?

    Reliability - I guess this comes down to design. We want something with a fair amount of resilience without going over the top. The first challenge will be a new office in China - I'm going to put in a POE switch for the phones, and have that and the router on a UPS.

    My first idea was a basic server (mini-ITX?) in each location, and something a little bigger in Japan (Dell PE1950 perhaps). But could I get away with just a FXO gateway device in each location instead?

    Next how could I handle outgoing calls and caller ID? Would this come down to being a case-by-case thing? Hong Kong, Singapore and maybe Taiwan will probably be easy - Japan sounds more difficult. China, Taiwan and Malaysia may be a challenge.

    Finally what would the points of failure be? Having a single server in Japan would mean if the server/network is down we'll lose the other sites? Would having a second server help?

    Thanks in advance!
     
  2. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    I am a m0n0wall dev. :) Small world. And you will need to beef up the Alix boxes, but you do not need to move to pfSense. (Unless you need other options.) SIP over VPN works... Personally, I use old Dell GX110 sff systems. http://imagenes.solostocks.com/z1_27574 ... b-10gb.jpg Cheap, and reliable. I have about 100 in production as m0n0wall firewalls.
    You can, or go with a SIP provider and PIC the numbers over, or both. I like both... See why below.
    Depends on the line. Most will let you define CID, but some force the one associated with the line.
    A lot of variables here. If you go with solid equipment, and good UPS, you should be good. Stay with Intel chipsets (chipsets, are different from CPUs. You can have an Intel CPU on an nVidia or ATI chipset) to minimize issues with add in cards. The POE for phones is nice, but optional. However, managed switches for the lan to control "Noise" is good to good sound quality.
    What will be on it? A lot of voicemail takes a lot of space. And small cases keep hard drives hot... I like nice tower cases with lots of air space. Keep it cool, and it will last forever. (The reason my firewalls last so long is that I set the drive to sleep, and with m0n0wall it will "sleep" for months at a time) Also, if you keep e-mail and CRM off the phone server, the load goes down a lot. I would do a full server, or just direct extensions SIP to the main office. We also though about pluging into the existing land lines. SIP DIDs are cheaper.
    Not really. You can either have a global one, or define rules based on who is calling where. That said, you need a provider that will let you define CID. Not all will. Most, but not all. Telcentris is fine, as an example.
    It depends on how you design it. With more than one server, you can redrect lines to other offices when a place goes dark, but only for SIP lines, not POTS lines.

    To give an example, this is my plan. (Subject to change at the whims of management.) Big nice server in Trenton. It will have SIP trunks, and a T1 trunk. It will have several foreign DIDs over SIP. It will be only phone, and e-mail is on a different server. It will do voice mail. London will also have a smaller server. It may also have an e-mail server, but not on the same box. (I can lock down a mail server... Elastix mail is tougher.) It will have IAX trunks so all extensions in each office will appear as direct extensions. Outbound calling will be out SIP trunks directly. Inbound on both sides will generally be direct, but there may be some transfered calls. Other countries will just have some Aastra SIP phones or soft clients, and connect to Trenton. If they get beg enough, they get the London setup. (Along with m0n0wall, a file server, and IPSEC VPN between them all)

    Clear as muddy water?
     
  3. leon.a

    Joined:
    Oct 21, 2010
    Messages:
    5
    Likes Received:
    0
    Fancy that :laugh: Really its the option to add packages that I like about pfsense - I'd probably drop squid simply for reporting. Otherwise m0n0wall has the ipsec, captive portal, snmp, etc etc. All the goodies I need :)

    I might replace the Alix boxes with old desktops - mainly GX280's and the sort, and use CARP to keep the Alix boxes on standby, something to play with later I guess.


    Right, with you so far...

    Hardware compatibility is at the top of my list, I do quite a few ESXi projects and hardware compatibility lists are my bible.

    The POE is in part because I'm a neat freak (and you have to buy power adapters separate!?) and in part because I don't want to deal with cables for half a dozen countries. I'm looking at a Cisco SF300 series switch - the phones and the switch are compatible for POE, the switch is fully managed so I can create more headaches by playing with vlans and QoS later :)

    I won't be needing email from elastix - we have one Exchange 2003 server in Japan right now, but I don't like that single point of failure. We are giving serious thought to going over to Google Apps at which point I have 3 Dell 2850's (fairly well spec'd out) to put Elastix on.
    I do want to use OpenFire - it is something I had on my todo list before I found Elastix (I was playing with Trixbox until today).
    If voicemail can be stored somewhere else it may be better to move it onto the local Windows DC, else I could probably get away with storing it locally and keeping a close eye on things.

    Btw, does elastix mind running as a VM?

    If possible I want to keep the remote sites as simple as possible - Cisco POE SF300 (SRW224G4P) switch for phones, Cisco 10/100 managed switch for anything else (2950?), m0n0wall router, UPS and a Windows Domain Controller (not on the UPS). I only started here a month ago, and its a bit of a mess with random hardware at each site, so I'll be taking this chance to get some standardisation happening - standard hardware, standard software, standard settings.

    So I could have a half dozen different DID/SIP trunk providers, and use incoming/dialing rules to direct calls to the correct handsets/trunk? Sounds fair enough to me.

    We tend to have fairly high latency depending on the traffic - would all calls route through the VPN or would they take the shortest route from the internet to the handsets?

    How does that work for SIP trunks? Will people still be able to call out/receive on DID's?

    This is very, very helpful. I'm not actually sure what the purpose of the T1 is?

    What we would likely do is have Tokyo as the base (since it has a server room full of sad, unused servers), and use Singapore as the secondary, and I guess within a year I could roll out the whole company.

    Btw, what soft clients do you recommend?

    That is a massive help! At the very least I'll be able to whack up some plans and start solidifying how this will work. Thank you!

    Actually, while I have you here I have a m0n0wall/network inquiry - even though our Tokyo office has a smoking hot 200mbit fibre connection the other Asia offices have a mix of ADSL/VDSL/ADSL2 with varied performance. Would it make more sense to setup a mesh of IPsec connections, or would that really kill my performance? Thanks again! :)
     
  4. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    Less services mean more security and stability. We have this discussion on the m0n0wall list at least once a year. :) The Only feature on pfSense I would like on m0n0wall is the Dual WAN and failover. Which is what you want. :)
    I have used several Trendnet TPE-80WS managed switches. Not as feature rich as Cisco, but a lot cheaper.
    This is risky. You would have to spoof Elastix into thinking it was local, and if the file share goes down, it will get confused. Just get a big drive. 1TB is cheap now.
    Me too, but 6 months out. It was a mess! But rather than a cheap UPS, get a giant one, and plug the servers in. I have a PR6000L. Not that bad when you consider that the network, servers, and POE devices will run for a few hours. Laptop users will be all smug.
    Yes.
    That will be a problem. We have a separate Internet connection here just for voice traffic. Technically, it is also a standby for fail-over... :) And use the traffic shaper to insure yuo have room for VPN.
    Just have the other server "log in" to the sip trunks, and your DIDs are now there.
    If the internet goes down, we still have some phone service. And if the phone line goes down we still have some phone service. The 800 line can be forwarded to either.
    Go slow... They will rush you. Slow down. Trust me here.
    We will probably use Blink. It is the best totally cross platform one out there. Cutecom has sound quality problems. Xlite is not that cross platform, especially for Linux. Blink is still in beta on Windows, but our call center is using it. So far, only call transefers do not work, but I think that is an Elastix problem. See http://www.elastix.org/en/component/kun ... -only.html for the story.
    Contact me directly. That is a bit much for this forum. In general, a complex mesh is most efficient, but you have to deal with routing issues...
     
  5. leon.a

    Joined:
    Oct 21, 2010
    Messages:
    5
    Likes Received:
    0
    Lee Sharp wrote:
    Less services mean more security and stability. We have this discussion on the m0n0wall list at least once a year. :) The Only feature on pfSense I would like on m0n0wall is the Dual WAN and failover. Which is what you want. :)

    We'll see. At the very least I need to upgrade to the latest version - I checked a box right now and its at version

    Actually I was surprised - A Cisco Small Business managed 24x 10/100 POE switch is about $360 for the older model and $550 for the newer model - which makes it very competitive. If you don't need the POE just a straight SF300 series 24 port switch can be had for $250.

    http://www.cisco.com/en/US/prod/collate ... 02279.html

    http://www.cisco.com/en/US/prod/collate ... 10061.html

    I guess you need to add support contracts on top, but for close to a fully featured Cisco switch that aint bad.

    Right, got it.

    Yeah, for sure. I'm getting the Tokyo setup upgraded - we have 7 servers running off one fully loaded 1400VA UPS... :blink:

    Excellent!

    First office will be in China, and I might give them their own Elastix server for the time being. Brand new setup, so I can cheat a little.

    Ok

    So maybe a second internet connection would be a good idea? I'll look into that.

    Probably a good idea :woohoo:

    I'll give it a go.

    Cheers, will do.
     
  6. leon.a

    Joined:
    Oct 21, 2010
    Messages:
    5
    Likes Received:
    0
    Hi Lee,

    I can't find any easy way to contact you through the forums - would you mind dropping me an email - ewok85 (a) gmail.

    Thanks!
     

Share This Page