Minimum Network Requirements

Before you use the IP Telecom VoIP system, you must verify that your phone network meets the following requirements:

CAUTION: If you don't meet the prerequisites, your VoIP installation will fail.

For more information about any of our minimum network requirements (MNR), see About network requirements.

  • For every phone location, at least one 10/100 Ethernet network port must be available.
  • The cable provided is one metre in length, you must provide patch cabling for any distance longer than a metre.
  • You cannot have double network address translation (NAT). Each network port must be switched, rather than routed, to the outside router or firewall.
  • ALL NAT helpers, such as the SIP Application Layer Gateway (ALG), must be disabled on the outside router or firewall.
  • UDP timers for LAN/WAN traffic must be set to 45 seconds.
  • The router or firewall must have the latest firmware available.
  • IDP and similar applications must be disabled for all voice traffic.
  • The broadband connection must have a fixed IP address.
  • Appropriate firewall rules must be put in place to access the service.
  • You must allow ICMP pings from 195.191.29.21 to a public IP address at each location for basic monitoring.
  • Average latency to sip.iptel.co should not exceed 80 milliseconds.
  • For each required concurrent call, there should be 87.2Kbps available on the WAN link both up and down.
  • Your DHCP server must have the following configuration.

    • Options 66 and 160 should point to { account specific URL }
    • Option 159 should point at sip.iptel.co/spa$PSN.cfg

About network requirements

This section explains the configuration requirements that must be set up on your network for a successful VoIP installation.

Disabled double NAT

Network Address Translation (NAT) is a process that changes the source and destination IP addresses and ports. NAT uses routers or firewalls to translate your private IP addresses into public IP addresses. This process enables communication with devices outside your network.

When two devices such as a firewall and a router are both running NAT inside your network it generates two translation tables. Having two tables might result in the NAT tables on one device becoming full or dropping connections. Double NAT causes issues with peer-to-peer technologies because they are unable to effectively trace back the network path in media services such as VoIP. If you have both a router and firewall doing NAT, one solution is to put the router in bridge mode.

IP Telecom requires that double NAT is disabled.

Disabled NAT helpers

NAT helpers inspect VoIP traffic packets and modify the content to help them pass through the firewall. However, the data can often become corrupted as a result. For example, the SIP ALG protocol can cause problems in the SIP traffic. When a SIP packet is corrupted and consequently lost, the following issues might occur:

  • Failure to register the phone.
  • Problems with the incoming or outgoing calls.
  • Dropped calls.

IP Telecom requires that the SIP ALG in your router and firewall is disabled.

UDP timers

UDP ports must be opened from inside your network. UDP ports are configured to timeout within a set timeframe after the last message is transmitted. The following process occurs:

  • Your phone registers using local port 5060 and sends the registration to the switch.
  • As registration passes through your firewall, the firewall assigns a random UDP port for the external connection. Sometimes the firewall uses the same internal port.
  • The switch keeps this port in the registration data so it can contact the phone at this port, provided the port doesn't close or change.
  • Reregistration or a keep-alive request can be sent to keep this port open. (The port doesn't change very often).
  • If the UDP timeout is too short, the firewall closes the port before reregistration occurs. During this time, SIP messaging from the switch is sent to a port that has already been closed by the firewall, and the packets are dropped. This could cause the following issues:

    • Incoming call goes straight to voicemail, or fails to call certain phones in a ring group.
    • Calls drop in exact times, such as 30secs, 5mins, and so on.
    • Calls drop at random times.
    • The firewall port (registration port) for SIP traffic changes frequently.

IP Telecom requires that the UDP timer for LAN/WAN is set to 45 seconds.

Firmware on router and firewall

The latest firmware version contains fixed issues and applies security patches. This security protects your network from possible intrusions that could affect your VoIP communications and the rest of your traffic.

IP Telecom requires that you have the latest firmware version in your network devices.

IDP disabled for voice traffic

Intrusion detection and prevention (IDP) systems are network security software that monitors your network and system activities for malicious activity. IDPs inspect the data packets in your network traffic.

Because VoIP generates high traffic in your network, IDP applications might detect the VoIP traffic as bad traffic and block or destroy the packets. This intervention results in similar issues as described in the Disabled NAT Helpers.

IP Telecom requires disabling IDPs, and similar software, on voice traffic only. You can keep this feature for the rest of the traffic in your network with no issues.

Fixed IP address

When your system communicates with IP Telecom servers, our servers store your IP address. Our servers then expect responses to come from the same IP address. To make the communication more secure, we can configure our system to only allow communication from this IP address.

If we have your IP in our system and your IP changes, all your phones go offline and lose the registration with our server. Because we enabled a fixed IP, we must reject requests from different IPs.

Also, IP Telecom have a failover system in place to divert calls if your network is down or there is a power outage. The failover system is triggered when our system is expecting responses from your fixed IP and we don't receive anything. If your IP is dynamic and we receive your communication from different IPs, then our system won’t be able to recognise when you are having an outage.

IP Telecom requires a fixed IP address, you can contact your broadband provider to request one.

Allow traffic to and from the IP Telecom network

All IP Telecom services are located in the network range 195.191.28.0/23 (195.191.28.0 - 195.191.29.255). Your devices must be able to connect to these services in order to work properly. All connections (except ICMP pings) are initiated from your devices and so firewall rules must be applied only for outbound traffic.

The simplest way to ensure the correct functioning of the system is to allow access to the full range of IP Telecom addresses on all ports. This ensures that as additional services are rolled out by IP Telecom, clients will be able to access them without intervention. However, some clients might prefer to put more restrictive rules on their firewall as outlined below to match the current minimum firewall rules.

CAUTION: Future services might not work with this more limited access to the IP Telecom network.

Clients might also want to check ethernet switches to ensure there are no ACLs enabled that block traffic to IP Telecom.

SIP Trunk

  • 195.191.28.50 and 195.191.29.50 on UDP ports 5060 and 7000
  • 195.191.28.104/29 and 195.191.29.104/29 on UDP ports between 20480 and 24576
  • ICMP echo-request and echo-reply from 195.191.29.21 on the public facing interface of your router/firewall

HostedPBX

  • 195.191.28.60 and 195.191.29.60 on UDP ports 5060 and 7000
  • 195.191.28.80/29 and 195.191.29.80/29 on UDP ports between 20480 and 24576
  • 195.191.29.26 on TCP ports 80 and 443
  • 195.191.28.143 and 195.191.29.143 on TCP ports 80, 443
  • 195.191.28.6 and 195.191.29.6 on TCP ports 4443, 5443, 8453
  • ICMP echo-request and echo-reply from 195.191.29.21 on the public facing interface of your router/firewall

IP Telecom requires that the traffic in your network should be open to and from our network.

INTERNAL NOTE: All these connections are established from the customer's internal network to our server network. We do not initialise any connections from our network to the customer's network (the only exception is the echo-request for monitoring). All SIP connections are initiated from inside, if the firewall allows stateful return packets all calls will work when there is an inbound call (from outside to the customer), that one is based on the UDP tunnel from the REGISTER. The only time a customer will need to allow traffic FROM our ranges is if they have a stateless firewall (which is rare, possible the military and banks still have these). In this case all mentioned IP's and ports need to be allowed to return traffic as well with the same source as the specified destinations.

ICMP pings

IP Telecom have a monitoring server which sends ICMP pings from our server (195.191.29.21) to your network every five minutes. This process enables us to test the quality of your broadband and detect if you are experiencing jitter (a variation in the delay of received packets) or if your network is losing some packets. If you are experiencing any problems with call quality, enabling ICMP pings also helps us to support you more quickly .

IP Telecom requires that ICMP pings are allowed to and from 195.191.29.21.

Latency less than 80 ms

Latency is any kind of delay that happens in data communication over a network. You can test latency by opening the command line of your system and entering ping sip.iptel.co. In the result you should get a number less than 80ms.

If you have latency greater than 80ms you might experience problems such as delays on the voice, or even voice packet loss. If you have high latency, you should contact your IT company to try and reduce the latency.

IP Telecom requires latency lower than 80ms.

Most standard codecs use 87.2Kb of bandwidth per concurrent call. 87.2Kb is the minimum bandwidth required by voice. Usually, sufficient bandwidth is enough to ensure high quality voice calls on your VoIP system. If you still have problems with sound quality, you can adjust your quality of service (QoS) settings.

For example, traditional versus VoIP bandwidth requirements:

  • PSTN = 1 call = 87.2Kb
  • BASIC ISDN2 = 2 calls = 174.4Kb
  • FRA ISDN = 16 calls = 1.308Mb
  • PRA ISDN = 30 calls = 2.616Mb

With most routers, you can prioritize voice calls on your data network which prevents other applications from affecting the call quality. If you don’t have enough bandwidth, you could experience problems such as compressed audio, or problems with quality.

IP Telecom requires 87.2Kb of bandwidth per call.

DHCP option

A DHCP Server is a network server that automatically provides and assigns IP addresses, default gateways, and other network parameters to client devices. It relies on the standard protocol known as Dynamic Host Configuration Protocol (DHCP).

IP Telecom have an autoprovisioning server, which pushes the preconfigured information from our portal to your phones. To get this information, the phones must have the provisioning URL.

By putting the provisioning URL in your DHCP server (of firewall) in the specified options, the phones can receive the provisioning URL when they are offered their local IP. Having the URL enables them to request the configuration to our servers and avail of autoprovisioning.

IP Telecom recommends configuring all the brands that we support in your DHCP options. Each brand uses different DHCP options to request the configuration and sometimes a different URL format. These must match what is configured in the Hosted PBX:

  • Yealink: option 66
  • Polycom: option 160
  • Cisco: option 159

If you don’t have those settings in place, your phones won’t be able to pick the configuration from our server and any changes applied in the portal won’t be reflected on the phone. For example, if you have new phones and the DHCP is not properly configured in your DHCP server, the phones won’t be able to request the initial configuration file to our server. The screen displays a “No Service” or “Service unavailable” message and you won’t be able to make or receive calls.

Once the string is in place, every phone plugged in the network will obtain the string along with the IP and the phone requests two files to our server.

  • The first file checks the version of the phone and upgrades or downgrades to the most current recommended firmware.
  • The second file is pulled after the first one and contains all the settings that are configured in our portal, including the SIP credentials which enable the phone to register with the server and make or receive calls.

CAUTION: If these DHCP strings are not in place, your phones cannot get the configuration from the server and any changes applied in the portal are not reflected on the phones.

Also, because the string enables your phone to request the initial file, if you are doing a factory reset of any phone in the network, it automatically requests the file and resets the phone for you.

IP Telecom requires that the DHCP strings are set up in your DHCP server.