Enterprise Network Setup Guide and Recommendations


Prior to deploying the FluentCloud hosted phone system in your office there are a few important considerations to be addressed. Here's some of what we need to know / want to design for enterprise hosted VoIP deployment.


First, we need a comprehensive network structure diagram, or at least a sense of the general LAN/WAN strategy. This would include:


1) Layer 2 / VLAN Strategy


Is the network flat or is it segmented? If segmented, what is the segmentation strategy? Is there a dedicated Voice VLAN? If so, is it routed to the Internet?


What is the networking switch vendor? Are Link Layer VLAN discovery protocols available or in use? CDP or LLDP-MED would be the most common choices here.


2) Layer 3 / Routing Strategy


What is the network / WAN strategy, generally? Are they using dedicated "dark" lines between sites? Site to site tunnels on the public Internet? MPLS? What are the egress points to the Internet? What routing protocols are in use?


What is the router vendor? How is Internet redundancy / failover handled?


What is the speed of the connection to the Internet? What is utilization? Are there tools - netflow, etc - in place to monitor this?


3) Layer 7 / Application Filtering / Firewall


Are there content filtering policies in place? Ingress/egress filters? Is there deep packet inspection of any sort? What networks does this affect?


What firewall strategy is used? What kind of ruleset(s)?


Our ideal setup:


For enterprise networks, we'd like to see something like the following:


We are using the SIP protocol and we are latency sensitive. Our traffic runs through a defined list of known hosts and only to following ports:


HTTP:80,8088

HTTPS:443, 8089

UDP: 5060

TCP:5060-5061

UDP:10000-20000


We tag our traffic with DSCP 0xB8 (184) / Expedited Forward. We would prefer to have those tags respected through the LAN/WAN setup, but if necessary, known hosts can be retagged at the edge router, as required by local network policy.


We would like to bypass all deep packet inspection and general firewall rules, at least for our known hosts. Those can tamper with our RTP packets and slow voice calls, causing degraded voice quality.


We will generally support any router's SIP Application Layer Gateway, with the exception of a small number of non-conforming gateways. In those cases, the ALG or SIP specific "helper" functionality would have to be disabled.


If UDP session termination is enabled, we would like a timeout interval of > 120 seconds.


If Secure SIP signaling and Secure SRTP/ZRTP are required by policy, those can be supported.