[prev in list] [next in list] [prev in thread] [next in thread]
List: cisco-voip
Subject: Re: [cisco-voip] CUBE Network Design
From: Anthony Holloway <avholloway+cisco-voip () gmail ! com>
Date: 2015-04-21 19:57:57
Message-ID: CACRCJOiL7Ac4s+3EL0z8jHbEaeiXV6FN7B8Uso26Z+v-RbSTqg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Yes, over the internet is becoming increasingly more popular.
Check this out. It's actually quite good, and they do/will have a private
MPLS offering soon.
https://www.twilio.com/sip-trunking
Also, with Cisco pushing Expressway (MRA, Jabber Guest, and B2B), that's
all done over the internet.
On Tue, Apr 21, 2015 at 2:47 PM Derek Andrew <Derek.Andrew@usask.ca> wrote:
> So the CUBE connects to a provider on the Internet? Hmmm. Interesting.
>
> Around here, the CUBE is on our network on one side, and the other is on a
> a dedicated, private network to the provider. No traffic on the Internet
> and no firewall.
>
> The CUBE should not be an IP router.
>
> Of course, this is just me talking.
>
> d
>
>
>
> On Tue, Apr 21, 2015 at 11:59 AM, Brian Meade <bmeade90@vt.edu> wrote:
>
>> Ideally you can rely on SIP inspection on the FW to handle opening the
>> RTP pinholes.
>>
> On Tue, Apr 21, 2015 at 1:38 PM, Jason Aarons (AM) <
>> jason.aarons@dimensiondata.com> wrote:
>>
> Would you open almost all your UDP RTP ports from CUBE in DMZ to inside
>>> phones?
>>>
>>>
>>>
>>> *From:* cisco-voip [mailto:cisco-voip-bounces@puck.nether.net] *On
>>> Behalf Of *harbor235
>>> *Sent:* Tuesday, April 21, 2015 1:35 PM
>>> *To:* Cisco VOIP
>>> *Subject:* [cisco-voip] CUBE Network Design
>>>
>>>
>>>
>>>
>>>
>>> I have infrastructure setup to provide VOIP services as well as other
>>> services to a multi-tenacy environment. I want to segregate those services
>>> as much as possible for security reasons.
>>>
>>> My question, customer resources are behind a edge router and a firewall,
>>> I want my cube positioned as close to the edge as possible for performance
>>> reasons. Cisco design docs have suggested that for larger sites terminating
>>> SIP traffic on a CUBE that best practice is to position the CUBE inside of
>>> the firewall. My thoughts are a DMZ like structure that connects to the
>>> firewall via two interfaces, inside and outside. This provides several
>>> controlled interfaces for policy enforcement.
>>>
>>> I wanted thoughts from the community on real world network design best
>>> practices when aggregating multiple tenancy environments providing VOIP
>>> with CUBE services.
>>>
>>> thanks in advance,
>>>
>>>
>>>
>>> Mike
>>>
>>>
>>>
>>> itevomcid
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>
>
> --
> Copyright 2015 Derek Andrew (excluding quotations)
>
> +1 306 966 4808
> University of Saskatchewan
> Peterson 120; 54 Innovation Boulevard
> Saskatoon,Saskatchewan,Canada. S7N 2V3
> Timezone GMT-6
>
> Typed but not read.
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
[Attachment #5 (text/html)]
<div dir="ltr">Yes, over the internet is becoming increasingly more \
popular.<div><br></div><div>Check this out. It's actually quite good, and they \
do/will have a private MPLS offering soon.</div><div><a \
href="https://www.twilio.com/sip-trunking">https://www.twilio.com/sip-trunking</a></div><div><br></div><div>Also, \
with Cisco pushing Expressway (MRA, Jabber Guest, and B2B), that's all done over \
the internet.<br><br></div></div><br><div class="gmail_quote">On Tue, Apr 21, 2015 at \
2:47 PM Derek Andrew <<a \
href="mailto:Derek.Andrew@usask.ca">Derek.Andrew@usask.ca</a>> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"><div dir="ltr"><div><div>So the CUBE connects to a \
provider on the Internet? Hmmm. Interesting.<br><br></div>Around here, the CUBE is on \
our network on one side, and the other is on a a dedicated, private network to the \
provider. No traffic on the Internet and no firewall.<br><br></div><div>The CUBE \
should not be an IP router.<br><br></div><div>Of course, this is just me \
talking.<br><br></div><div>d<br></div><div><br></div><br></div><div \
class="gmail_extra"><br><div class="gmail_quote"></div></div><div \
class="gmail_extra"><div class="gmail_quote">On Tue, Apr 21, 2015 at 11:59 AM, Brian \
Meade <span dir="ltr"><<a href="mailto:bmeade90@vt.edu" \
target="_blank">bmeade90@vt.edu</a>></span> wrote:<br></div></div><div \
class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div> <div \
dir="ltr">Ideally you can rely on SIP inspection on the FW to handle opening the RTP \
pinholes.</div> </div></blockquote></div></div><div class="gmail_extra"><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="gmail_extra"><div \
class="gmail_quote"><div><div>On Tue, Apr 21, 2015 at 1:38 PM, Jason Aarons (AM) \
<span dir="ltr"> <<a href="mailto:jason.aarons@dimensiondata.com" \
target="_blank">jason.aarons@dimensiondata.com</a>></span> wrote:<br> \
</div></div></div></div></div></blockquote></div></div><div class="gmail_extra"><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="gmail_extra"><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div> <div link="#0563C1" \
vlink="#954F72" lang="EN-US"> <div>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Would \
you open almost all your UDP RTP ports from CUBE in DMZ to inside \
phones?<u></u><u></u></span></p> <p class="MsoNormal"><a \
name="msg-f:1499092146450054042_14cdd23187c95026_14cdd100a1c1accf__MailEndCompose"><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> \
<u></u></span></a></p> <div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span \
style="font-size:11.0pt;font-family:"Calibri",sans-serif"> cisco-voip \
[mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" \
target="_blank">cisco-voip-bounces@puck.nether.net</a>] <b>On Behalf Of \
</b>harbor235<br> <b>Sent:</b> Tuesday, April 21, 2015 1:35 PM<br>
<b>To:</b> Cisco VOIP<br>
<b>Subject:</b> [cisco-voip] CUBE Network Design<u></u><u></u></span></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">I have infrastructure setup to \
provide VOIP services as well as other services to a multi-tenacy environment. I \
want to segregate those services as much as possible for security reasons.<br> <br>
My question, customer resources are behind a edge router and a firewall, I want my \
cube positioned as close to the edge as possible for performance reasons. Cisco \
design docs have suggested that for larger sites terminating SIP traffic on a CUBE \
that best practice is to position the CUBE inside of the firewall. My thoughts are a \
DMZ like structure that connects to the firewall via two interfaces, inside and \
outside. This provides several controlled interfaces for policy enforcement. \
<u></u><u></u></p> </div>
<p class="MsoNormal" style="margin-bottom:12.0pt">I wanted thoughts from the \
community on real world network design best practices when aggregating multiple \
tenancy environments providing VOIP with CUBE services.<br> <br>
<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">thanks in advance,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">Mike <u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<span style="color:white">itevomcid</span> <u></u><u></u></p>
</div>
</div>
<br></div></div>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" \
target="_blank">cisco-voip@puck.nether.net</a><br> <a \
href="https://puck.nether.net/mailman/listinfo/cisco-voip" \
target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br> <br>
</blockquote>
</div></div></div></blockquote></div></div><div class="gmail_extra"><br><br \
clear="all"><br>-- <br><div><div dir="ltr"><div><div dir="ltr">Copyright 2015 Derek \
Andrew (excluding quotations)<br><br>+1 306 966 4808<br>University of \
Saskatchewan<br>Peterson 120; 54 Innovation \
Boulevard<br>Saskatoon,Saskatchewan,Canada. S7N 2V3<br>Timezone GMT-6<br><br>Typed \
but not read.<br><br><img src="http://homepage.usask.ca/dfa878/uofs.gif" height="15" \
width="200"><br></div></div></div></div> </div>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" \
target="_blank">cisco-voip@puck.nether.net</a><br> <a \
href="https://puck.nether.net/mailman/listinfo/cisco-voip" \
target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br> \
</blockquote></div>
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic