ATTACHMENT 1 - Florida Department of Management Services



ATTACHMENT 1

Network Requirements

For AT&T Hosted VoIP Service Offer

Network Infrastructure Requirements

Points of Demarcation

AT&T Hosted VoIP Service is a customer premises-based Voice over Internet Protocol (VoIP) product. AT&T Hosted VoIP components are deployed to data center and remote site locations.

The Service Demarcation Point is the AT&T-managed equipment which interconnects AT&T’s network with any customer-managed networks, local and wide-area.

IP Addressing

The Customer is responsible for providing the proper static, public IPv4 addresses for all AT&T Hosted VoIP managed endpoints (Service test point, analog and digital device gateways) within the Customer Premises Network, typically only one to three addresses (later described as CustPubIP#1 through N). These addresses must be contiguous, and begin with an IP address that is a multiple of 4 or 8 in the last octet.

Customers are highly encouraged to provide a dedicated IEEE 802.1q Virtual LAN for all phone and HVS service devices to intercommunicate within, in which case all phones will be provided private IPv4 addresses as part of the Service. Customers providing a dedicated IEEE 802.1q Virtual LAN are required to heed all LAN equipment manufacturer’s best practices to mitigate common Ethernet attacks such as “VLAN Hopping” and “MAC Flooding” and provide security of the dedicated VLAN. AT&T is not responsible for Service issues arising from Customer’s failure to prevent OSI Layer 2-based attacks on VoIP endpoints.

Without a dedicated VLAN, the Customer will be required to provide valid IPv4 addresses to AT&T for all phones as well. IN SUPPORT OF FCC E9-1-1 REQUIREMENTS, THE IP RANGE USED FOR THE AT&T HOSTED VOIP PHONES MUST BE BUILDING SPECIFIC (i.e. AN IP RANGE CAN NOT SPAN DIFFERENT PHYSICAL ADDRESSES).

If the Customer chooses to employ static IPv4 addressing, then the Customer-provided IPv4 addresses, gateways, subnet masks must be provided to AT&T prior to staging and installation of the endpoints. If the Customer chooses to use the Dynamic Host Control Protocol (DHCP) to provide these Customer IP addresses dynamically, then the customer must ensure that any endpoint so configured will be granted an IP Address lease by the Customer’s DHCP server within 30 seconds of receiving a Request by an AT&T Hosted VoIP endpoint.

Requirements for Quality of Service

QoS is necessary in IP networks due to the fact that they are characterized by bursty traffic and “best-effort” delivery. This presents significant problems for real-time applications like voice and video. Best effort delivery may be acceptable for Web traffic or e-mail, but voice requires the maintenance of service within various performance parameters in order to achieve acceptable quality standards for business communications. When using the MyFloridaNetwork/Common Services to connect locations with the AT&T HVS Service Complex, it is highly recommended to provide for adequate RealTime (Voice) bandwidth for transmitting VoIP information with priority across MFN.

Delay or Latency Requirements

In order to have an intelligible conversation, the human voice has to stay within an end-to-end perceptual “delay budget” as recommended by the ITU G.114 specification. The end-to-end (LAN and WAN) one-way delay budget for this service is 150 ms.

Jitter or Delay Variation Requirements

The effect of jitter in a VoIP network is to increase both delay and packet loss. Jitter increases delay because a jitter buffer is used to smooth out the inter-arrival times of the voice packets. Voice quality will be affected if the AT&T requirement that the maximum jitter for voice traffic exceeds 50ms, and the average jitter exceeds 13 ms, for any single call.

Packet Loss Requirements

When voice packets are lost during transport in IP networks, the result is a perceptual degradation in the quality of the end users’ conversation. AT&T requires that packet loss not exceed 1%

Packet Classification and Marking

All voice packets transmitted via the Service are marked by either the end user device (e.g, IP phones) or PSTN gateways. The customer WAN and LAN components must preserve the setting in these packets, and should prioritize the transmission of traffic marked with these settings over both WAN and LAN, to maximize Voice over IP application performance. The packet markings in the Differentiated Code Services Point field are Per-Hop-Behavior Expedited-Forward (EF, decimal 46), for all real-time traffic. Web portal and HVS Toolbar traffic will be marked as Best Effort unless otherwise marked by the customer’s hosts or LAN infrastructure.

Requirements for Security

Premises network security is the responsibility of each Customer. The following guidelines have been developed to assist AT&T customers plan and implement integration of hosted IP telephony into their existing IT security framework. Customers are responsible for making the following configuration changes, as well as determining whether their existing firewalls/network security devices are technically capable of functioning securely for the voice application.

Firewalls/Perimeter Security

AT&T requires that sessions using the following ports and protocols be opened from outside any Customer firewall to specific inside devices in order to not interfere with the passage of voice traffic and the operation of AT&T- managed Hosted VoIP Service devices. These sessions will be initiated from only three AT&T-defined public IP addresses (proxy.hvs., mgmt1.hvs., and mgmt2.hvs.) as designated below, destined for one or more devices on the Customer’s nework, with Customer-provided Public IPv4 addresses.

Protocol DestPort(s) Source IP Destination IP

SIP 5060/UDP&TCP proxy.hvs. CustPubIP#1

SIP 5050/UDP proxy.hvs. CustPubIP#1

RTP 16384-25386/UDP proxy.hvs. CustPubIP#1

HTTPS 443/TCP mgmt1.hvs. CustPubIP#1

SSH 22/TCP mgmt1.hvs. CustPubIP#1 through N

SNMP 161/UDP mgmt1.hvs. CustPubIP#1 through N

ECHO ICMP mgmt1.hvs. CustPubIP#1 through N

HTTPS 443/TCP mgmt2.hvs. CustPubIP#1

SSH 22/TCP mgmt2.hvs. CustPubIP#1 through N

SNMP 161/UDP mgmt2.hvs. CustPubIP#1 through N

ECHO ICMP mgmt2.hvs. CustPubIP#1 through N

It is required that all traffic received in response to valid sessions opened through the use of the Service will be passed through any Customer firewalls without payload modification or translation.

All other traffic transmitted by AT&T Hosted VoIP Service will be for sessions initiated from devices inside any Customer network security perimeter(s); should the Customer’s network security policies limit outbound traffic or inbound traffic in response to valid outbound sessions, additional policy modifications may be required as specified by AT&T for successful operation of the Service.

Application Layer Gateways

AT&T strongly recommends that customers disable inspection of SIP protocol traffic associated with the Service, in all customer-managed Application Layer Gateways, firewalls, and Network Address Translation devices.

Customers who choose to utilize a firewall, router or other device to inspect SIP protocol traffic must configure it to perform as a SIP-aware ALG, compliant with all SIP Methods contained in IETF RFC 3261, and any future SIP standards as deemed appropriate by AT&T in the enhancement of this Service. If the customer uses a private IP addressing scheme and uses NAPT (Network Address Port Translation) to conserve the use of public IP addresses, the customer’s firewall, or other device negotiating this translation, must also provide a SIP-aware translation, in accordance with AT&T specifications, to preserve proper performance of the Service.

Requirements for Unified Messaging

AT&T Hosted VoIP Solutions provides unified messaging to customers via voice messages stored in a AT&T system. This method requires a customer’s network to meet the following requirements in order for customer email clients to retrieve voice messages for presentation to end users.

Customer email clients must be configured with an IMAP4 email profile to retrieve voice messages from AT&T’s server. The IMAP4 inbound server is designated as um.hvs., and as that server does not provide outbound SMTP service; customers should designate their usual SMTP proxy server should clients require this function.

All traversed customer firewalls/security devices must be configured to permit sessions for IMAP4 (TCP port 143) to exit from the customer’s network towards AT&T’s UM server and allow the return traffic back in through the necessary security devices, to be presented to the end user’s PC.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download