dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1149
share rss forum feed

connor79

join:2011-11-02

VoIP Router Recommendation

Hey everyone,

Just curious for some recommendations. We had the Netgear WNDR3700 router in our office for the longest time as per a few recommendations on here as a good VoIP router. I then started working from home, took the router home and now I have an office again so need another new router.

We were demoing a Cisco UC540 PBX which of course has the Cisco router built in, but it's way over my head in terms of configuration. The one thing I really did like though was how it automatically made 2 vlan's, one for voice and one for data, so it could prioritize the voice network over data. I also liked how it supported traffic shaping, where I'd put 7000 in as my upload, and then could set it to reserve 10% or so if I wanted for voice traffic to ensure bandwidth for calls.

The other thing I liked was that it has VPN built right in and was incredibly easy to enable. I'd just click on enable, enter if I wanted split tunneling, and make username and passwords with a shared secret for IPSec. I then would install the Cisco VPN client on my PC at home, connect and be on the network instantly.

I was wondering if there were any small business routers that can do that that anyone would recommend. In terms of price I'd say around $200 is the most I'd want to spend, as the Netgear type ones seem adequate, but it's mostly the VPN that I liked and also the traffic shaping. I know there's pfSense that might work but I think that's still too advanced for me. I'm technical but I don't want to have to worry about whether it works or not. The VPN is to be used mostly for security, and then for users with soft phones from their home to VPN in and then use a soft phone.

Thanks everyone!



Trimline
Premium
join:2004-10-24
Windermere, FL
Reviews:
·ObiVoice
·Bright House
·Callcentric
·voip.ms

I use the WNDR3700 as well, it is a workhorse. You could look at the WNDR4500, I have one of those too - it's a backup to the 3700 and only used a few times. As always, shop around for $$.

»www.amazon.com/NETGEAR-Wireless-···wndr4500



Trev
IP Telephony Addict
Premium
join:2009-06-29
Victoria, BC
kudos:5
reply to connor79

I've been deploying ASUS RT-N16 routers with Tomato on them for my end users. I sell these with Tomato pre-installed and pre-configured to prioritize traffic from Aastra and Obihai devices out of the box for $129.

The routers can be obtained for less than this at all the usual places; flashing Tomato is pretty straight forward.
--
Wondering what I do? Find out at »www.digitalcon.ca
Get your Obihai ATA in Canada.


connor79

join:2011-11-02
reply to connor79

What about VPN though? The WNDR3700 didn't have VPN built in and we don't use any servers. I wanted to have VPN so that users have to VPN in to use a Softphone with Asterisk. I don't really want to use Tomato because I had DD-WRT on the WNDR3700 before and it was awful never worked properly and was screwy so rather get something that works out of the box. Is it best to get a router that supports VPN right on it? Or have a VPN server running on Asterisk, or on another system that's strictly for VPN?

What about like a Cisco RV110W?



Trev
IP Telephony Addict
Premium
join:2009-06-29
Victoria, BC
kudos:5

Tomato is very different from dd-wrt. I think you'll have a MUCH better time with it

I, too, started off with dd-wrt and got tired of it's glitchiness. I'm not afraid to let my customers play with their Tomato configuration as it's significantly more polished and user friendly.

The build I use supports many kinds of VPNs. We have Tomato managing secure links for law offices and medical offices that need something a bit more secure than most customers.
--
Wondering what I do? Find out at »www.digitalcon.ca
Get your Obihai ATA in Canada.


connor79

join:2011-11-02
reply to connor79

I'll definitely look into it, DD-WRT def pissed me off, put it on the WNDR3700 which it says is fully supported but then Wifi just would work on some devices and have all these other issues. I'm wondering if that Cisco above would be good for what I need though as it looks semi similar to the Cisco UC520 that we had.


DBOD

join:2012-10-17
reply to connor79

I'm using a Netgear FVS318G. Very cheap small business router. I use the VPN all the time for my personal access to the network at the office. I haven't used it for remote phone extensions. I run a 3CX PBX at the office with sip trunks from Callcentric and the voip part of it works great. The whitelist for URLs is too small and the current version of the firmware doesn't allow IP grouping in an easy fashion. You have to enter IP addresses manually in rules. You can specify port ranges but not ip ranges. And last but not least, it supports emailing logs but it will not let me specify the 465 port that I need to work with my ISP provider.


mmesselt

join:2012-10-24
reply to connor79

I've had good luck with the D-Link DIR-655, specifically with the QOS function (that ensures network traffic doesn't interfere with the quality of voice calls).

It also supports white and blacklisting.

Hope that helps


connor79

join:2011-11-02
reply to connor79

K so I settled on the Cisco one and seems to work really well! I almost did the Tomato route but just knew I'd get into trouble. I have a question about QoS though hoping someone can help just want to make sure I have it set up properly...

Basically here's my current LAN setup. We have Bell DSL 25MBps download 7Mbps upload with static IP. We actually get just over these speeds on up and down. In our office there's just 2 of us, with possibly a 3rd starting in like 6 months or so, so small office. I went with the Cisco router RV110W which has 4 ports on it, and then PIAF Asterisk on a physical HP server. We were using a Cisco UC540 PBX for awhile and I liked how it made VLANs, putting the IP phones on 10.1.1.1 network and Data on 192.168.10.1 and then seemed to auto QoS to prioritize the voice VLAN. I am not that technical with VLAN's to know if it's necessary to do that on this system. Anyway, on LAN port 1 Asterisk is connected. LAN port 2 has one IP phone, and LAN port 3 has another. LAN port 4 has a printer. If I get more IP phones they'd connect to a switch on LAN port 2. Then devices like laptops, iPads etc all connect wirelessly, but sometimes over Ethernet plugged into the IP phone in case the wifi has issues etc. Then we use the built in VPN so from home we can use a soft phone if we happen to work from home once in awhile.

QoS Page
Bandwidth Management. This is where I assume the QoS I'd need would happen. Here is lets me enter 7000Kbps for my upload and 25000 for my download to match my actual DSL speeds. There's then a bandwidth priority page where I can select things on there. Right now I have all defaults, so for service Voice(SIP)TCP & UDP Port 5060-5061 I have Upstream High priority (the highest) and Downstream also High. I then have "All Traffic [all ports] on Normal priority for Upstream and Downstream. It doesn't let you make anything custom, it's all preselected ones, so like HTTPS, TFTP, FTP etc. Voice(SIP) above is the only one relating to Voice.

Next there is QoS Port-based Settings. Here it refers to the 4 LAN ports on the router and I can set priority there from 1 (lowest) to 4 (highest). I set Port 1 which has the Asterisk PBX on it to 4 highest. This part confuses me, because I'm not sure how necessary this is. Also for the actual IP phones in the office, should I connect them to a switch and then put the switch on port 2 and also give it Highest priority, and then set the other 2 which would have printers etc set to say 2 the default? Where this confuses me is if someone plugs their laptop using Ethernet into the back of one of the IP phones, then I assume this would be useless since it's still all on the same port that has highest priority? And also in terms of WiFi I have no idea how that impacts priority on the ports?

Next it has CoS Settings. It says this is CoS to Traffic Forwarding Queue Mapping. I get confused with this, it says set port to CoS mode in the QoS Port Settings page. Then it has 2 columns, CoS Priority which has 7 at the top counting down to 0, and then drop downs beside them saying Traffic Forwarding Queue. Beside 7 it has "4 (highest). 6 and 5 have 3, 4 and 3 have 2, then 2 and 1 have "1 (lowest)" and 0 has 2. I have no idea what this is referring to.

Lastly there's DSCP Settings. It has a big table that comes up , with 4 columns:
DSCP / Binary / Decimal / Queue
The DSCP are things like AF23, CS3, AF31 etc. Then it has under binary things like 010110, 011000 etc, decimal is 22, 24, 26 etc and then last queue has drop downs with 1, 2, 3 or 4 selected on various ones. I've never seen this before or know what this means at all.

So just don't want to have it set up wrong or be missing something, as I'm not really sure what those last options mean. Thanks so much.


A_VoIPer

join:2009-11-04

said by connor79:

I went with the Cisco router RV110W which has 4 ports on it, and then PIAF Asterisk on a physical HP server. We were using a Cisco UC540 PBX for awhile and I liked how it made VLANs, putting the IP phones on 10.1.1.1 network and Data on 192.168.10.1 and then seemed to auto QoS to prioritize the voice VLAN. I am not that technical with VLAN's to know if it's necessary to do that on this system. Anyway, on LAN port 1 Asterisk is connected. LAN port 2 has one IP phone, and LAN port 3 has another. LAN port 4 has a printer. If I get more IP phones they'd connect to a switch on LAN port 2. Then devices like laptops, iPads etc all connect wirelessly, but sometimes over Ethernet plugged into the IP phone in case the wifi has issues etc. Then we use the built in VPN so from home we can use a soft phone if we happen to work from home once in awhile.

I've never used the RV110W, but it looks like a nice offering from Cisco. If you had a very large network, it would be nice to separate the voice and data into different VLANs, but might just complicate matters for such a small office. For instance, if you use a Cisco switch and IP phone, you can use AutoQoS to allow the switch to use CDP to place the phone in a voice VLAN and a computer that plugs into the phone into the data VLAN. However, for this to work, you'd need a Cisco switch that supports trunking on that port and a phone that supports CDP. Note, if there were lots of devices on the LAN that generated an undue amount of broadcast traffic, isolating the voice traffic into its own VLAN can help.

QoS Page
Bandwidth Management. This is where I assume the QoS I'd need would happen. Here is lets me enter 7000Kbps for my upload and 25000 for my download to match my actual DSL speeds. There's then a bandwidth priority page where I can select things on there. Right now I have all defaults, so for service Voice(SIP)TCP & UDP Port 5060-5061 I have Upstream High priority (the highest) and Downstream also High. I then have "All Traffic [all ports] on Normal priority for Upstream and Downstream. It doesn't let you make anything custom, it's all preselected ones, so like HTTPS, TFTP, FTP etc. Voice(SIP) above is the only one relating to Voice.

The default Voice(SIP) selection doesn't include the RTP ports, which is really what would be most important, so you’ll want to create a new service for that. On page 111 of the admin guide, it mentions how to add a service.
quote:
To add a new service definition, click the Service Management button. You can define a new service to use for all firewall and QoS definitions. See Configuring Services Management.

To narrow down the range used by your Asterisk box, you can edit the rtp.conf file and modify the rtpstart and rtpend values.

Next there is QoS Port-based Settings. Here it refers to the 4 LAN ports on the router and I can set priority there from 1 (lowest) to 4 (highest). I set Port 1 which has the Asterisk PBX on it to 4 highest. This part confuses me, because I'm not sure how necessary this is. Also for the actual IP phones in the office, should I connect them to a switch and then put the switch on port 2 and also give it Highest priority, and then set the other 2 which would have printers etc set to say 2 the default? Where this confuses me is if someone plugs their laptop using Ethernet into the back of one of the IP phones, then I assume this would be useless since it's still all on the same port that has highest priority? And also in terms of WiFi I have no idea how that impacts priority on the ports?

Typically, congestion occurs on the WAN not the LAN, so the benefits of setting up QoS on the LAN aren't going to be that noticeable, but since you have the capability, it certainly can't hurt. It looks like you have three choices (Port, DSCP, and CoS). Since you may have non-VoIP traffic on the ports and CoS only works at layer 2 (within Ethernet frames), I'd go with the layer 3 DSCP option (IP frames).

Next it has CoS Settings. It says this is CoS to Traffic Forwarding Queue Mapping. I get confused with this, it says set port to CoS mode in the QoS Port Settings page. Then it has 2 columns, CoS Priority which has 7 at the top counting down to 0, and then drop downs beside them saying Traffic Forwarding Queue. Beside 7 it has "4 (highest). 6 and 5 have 3, 4 and 3 have 2, then 2 and 1 have "1 (lowest)" and 0 has 2. I have no idea what this is referring to.

I'd ignore this unless you want to use the Ethernet CoS markings.

Lastly there's DSCP Settings. It has a big table that comes up , with 4 columns:
DSCP / Binary / Decimal / Queue
The DSCP are things like AF23, CS3, AF31 etc. Then it has under binary things like 010110, 011000 etc, decimal is 22, 24, 26 etc and then last queue has drop downs with 1, 2, 3 or 4 selected on various ones. I've never seen this before or know what this means at all.

In your case, I'd only focus on what is typically used for Realtime packets, signaling and maybe video. For the VoIP RTP packets, you want to minimize the queuing delay, so using EF (Expedited Forwarding) is most common. Signally and video are typically marked with CS3 and CS4, respectively. This page explains all of the bits for IPP, TOS and DSCP: »www.bogpeople.com/networking/dscp.shtml

I'd assume most IP phones will allow setting the DSCP values or have defaults that map appropriately, but YMMV. For your Asterisk server, you can set these in your sip config. Here's what I have my PiAF box:
tos_sip=cs3
tos_audio=ef
tos_video=cs4

Note, those are really DSCP names, not TOS. You can run wireshark to see if the values in the IP headers got marked properly.

Again, since the LAN isn't typically an issue, I'd be more interested in how this router handles packets over the WAN for the VPN packets. Since the router itself is used for the VPN tunnel, I hope the protocols/ports are evaluated for QoS before the packets are encapsulated. This would be a issue if the tunnel terminated on a different device as all of the voice/data distinguishers would be hidden.

Also, for outbound queuing, it sure would be nice if they allowed the use of DSCP matching instead of just protocols/ports. I've not tried this with Tomato, but this link talks about using DSCP for QOS classifications.

A nice tool to test it out to see if it's all working as you expect is TTCP.: »
www.pcausa.com/Utilities/pcattcp.htm

connor79

join:2011-11-02
reply to connor79

This is awesome thanks so much for the detailed reply this is a huge help. I didn't notice I could prioritize the RTP so that's good. What is a normal range to have open if all that would ever happen is 5-6 concurrent calls?


A_VoIPer

join:2009-11-04

At least four times the number of concurrent calls, but leave room for more in case Asterisk doesn't free up the ports immediately. I'd probably set it to 50 or 100, but not the default of 10000. »www.voip-info.org/wiki/view/Aste···rtp.conf