The Simulation

Now that I have the scenario ready I perform the simulation. From the simulated results I focus on the delay times in order to find out how the network response to the services.

The following pictures shows the delay times for each service:

Figure 13 : DB response time (sec) Figure 14: Http page response time (sec)

Figure 15: Email download time (sec)

As we can see from the response times above (the peak in the graphs is caused by OPNET), the network even in the worst traffic conditions can support these services without problems since the responses are very low and not perceptible by the users. Now that I have the references I’ll introduce IP telephony into the network and take again the response times for comparison with those of the last simulation. The configuration of IP telephony is the same with the rest of the services (including the actual service, the profile and the applied LANs). The only deference is that an extra server, at the corporate site, will be added in order to take charge of VoIP calls and authentication services. The enterprise is likely to communicate with clients using traditional telephony, so compatibility between packet-based and switched-circuit networks is necessary. So the protocol that will be used is the H.323 and the main reason is that makes multimedia communications and data conferencing, between switched-circuit networks (SCN) and packet-based networks, possible. The default encoding scheme that H.323 use is the G.711 (audio coding at 64 kbps).

Figure 16: Configured IP Telephony

Figure 17: VoIP Profile Configuration

Figure 18: Corporate Site

After the simulation I take the following responses:

Figure 19: DB response time (sec) Figure 20: Http page response time (sec)

Figure 21: Email download time (sec) Figure 22: Voice end-to-end delay (sec)

As we can see from the comparison of the delay responses, the services are completely crashed which means that after the introduction of IP telephony the network cannot

support the extra load and fails to provide the users with the configured services. So I am going to upgrade the LANs from 10baseT to 100baseT (fast Ethernet). I simulate again the network with the current changes and from the results we can see that although the basic services are working well (delay tolerant), IP telephony encounter problems (time sensitive) as shown in following figures:

Figure 23: Time Response (sec) DB,Email,Http Figure 24: Voice end-to-end delay (sec)

Figure 25: Queuing delay in ISDN lines (sec) Figure 26: Utilization of ISDN lines

This is partially caused because of the high utilization and the queuing delays of the ISDN lines between the remote and the corporate site as we can see in figures 25, 26. As mentioned in sections 1.4 and 4.2 the routers can have multiple roles in the network. Not only act as voice gateways but also have firewall and security capabilities. This leads to the other most important cause of the problem in VoIP performance. The current routers are not suitable for managing VoIP traffic.

As we saw VoIP is highly sensitive and easily affected by queuing delays. So the router’s firewall must be able to process and forward data traffic without introduce significant time delays. Processing power is needed. Also there is a need of stateful firewalls to keep track of information from previous VoIP traffic and can inspect the data payload in the packet. The routers with this kind of integrated firewalls can control H.323 traffic and automatically open and close the ports needed by the protocol for its handshaking process.

When H.323 is used in the network TLS can be an alternate solution of IPsec. TLS has the mechanisms to protect H.323 signalling messages from hacker attacks that can affect the integrity and confidentiality of data. It also support for integrated key control with two way authentication and secure key exchange. TLS encrypts the VoIP call that is established between two applications, while IPSec encrypts data between two devices and all the applications that they running. This makes TLS more efficient and consumes less bandwidth improving QoS. In order to save more bandwidth (especially in the links between the sites) and improve QoS another encoding scheme can be used such G.729 (audio coding at 8 kbps).

In order to apply the above I am going to change the routers with others that can manage VoIP traffic. In the corporate site a CISCO 7200 router (supporting 10 and 100Mps, along with ATM, Frame Relay and serial interfaces) will be used and at the remote sites a CISCO 3800 router (supporting 10 and 100Mps and serial interfaces along with modular capabilities). These routers are designed to process VoIP traffic while

managing security and QoS issues. If the links can support more load then the response times of all the services should be lower than the previous results. I am going to upgrade the lines with PPP [9] E1 (2.048 Mbps) leased lines. Along with the changes the following parameters (encoding scheme and TLS) must also be configured:

Figure 27: G.729 Encoding scheme

Figure 28: TLS Configuration

We can see the simulated results in the following figures:

Figure 29: Time Response (sec) DB,Email,Http Figure 30: Voice end-to-end delay (sec)

Figure 31: Queuing delay in PPP lines (sec) Figure 32: Utilization of PPP lines (sec)

From the results it was clear that the problem was the queuing delays between the sites and after the specified changes in hardware and security queuing delays were diminished significantly.

The delay tolerant services were improved without great changes but the time sensitive IP telephony as shown in the figures above was improved in exponential rate. From this example it’s obvious how much the time sensitive services can suffer from queuing delays across the network and how much important is QoS.

Although PPP leased lines offer dedicated speeds at high data rates, at 24 hour base, they also have an increased cost for maintain them. For these reason the technologies, that I have mentioned in the end of chapter 3, ATM and Frame Relay can be used between the sites. These technologies do not provide the maximum bandwidth at 24 hour base but only when it needed. For example in rush hours when the data loads are greater.

Nevertheless they have other mechanisms that provide the maximum quality of service with the minimum bandwidth as mentioned in sections 3.7 and 3.8. These mechanisms can be configured into the routers:

Figure 33: ATM QoS Parameters

Figure 34: Frame Relay QoS Parameters

So the enterprise can save money with these technologies since it doesn’t need to pay for the extra bandwidth but only when it is needed, for example the hours when the productivity of the employees is at the peak. So ATM and Frame Relay are suitable solutions since the combination of cost and delay times that they provide, make them very satisfactory as we can see from the following simulated results.

Figure 35: Time Responses with ATM (sec) Figure 36: Voice end-to-end delay with ATM (sec)

Figure 37: Time Response with FR (sec) Figure 38: Voice end-to-end delay with FR (sec)

From the results we can see that the quality of service that ATM and Frame Relay provide is very good. The delays that these technologies provide, as we can see from the above figures, are decent and along with cost savings that they offer make them a reasonable solution, especially for middle and small enterprises where their budget is limited. Also it became clear how queuing delays can have a serious impact on time sensitive services (such as IP telephony) while the effect on delay tolerant services are minimal.

From the simulations we saw that for VoIP to operate fast Ethernet is required along with WAN technologies that provide adequate data rates and quality of service. This is not a problem since in nowadays fast and gigabit Ethernet have become very common and cheap to implement even for simple users. The same is applied to WAN and internet technologies that become more accessible day by day. These advantages of technology made VoIP a standard, easy to implement by enterprises rather than a special and demanding service.

Conclusion

During this dissertation I tried to introduce Voice over IP technology. I presented the basic protocols on which the technology relies such as H.323 and SIP. H.323 is the proposed protocol of ITU (International Telecommunication Union) for VoIP and SIP (Session Initiation Protocol) is the IETF (Internet Engineering Task Force) protocol for VOIP that was developed as a media based protocol. The architecture, components and operation are also presented in order for the global understanding of these two protocols and why are used in VoIP.

Security in VoIP is essential because anything that has success attract attacks. Since this technology is implemented, for now, most by enterprises it is important to provide advanced security. Attacks where analysed (such as Eavesdropping, Replay attacks, Packet spoofing, Call redirection, Denial of Service) in order to understand the vulnerabilities of the technology and security features (such as Encryption, Firewalls and NAT) where presented for both H.323 and SIP. Security issues of these protocols where specified and countermeasures has been discussed.

In VoIP quality of service is also very important, because if it cannot provide the users with at least the same services (with the same quality) as its rivals then there is no reason to implement it. Latency, Jitter and Packet loss the main problems in QoS where analysed and solutions has been presented. The security effect in QoS is a serious matter which has been covered and ways to compensate it where presented. Also ATM and Frame Relay that providers uses and their QoS mechanisms that these technologies adopt where analysed.

Finally in the last chapter a case study using OPNET IT Guru Academic Edition was developed. An enterprise with its services was simulated. Then VoIP was introduced which had an impact on the network performance. From the simulation it was clear how

VoIP is affected by queuing delays and how with appropriate equipment and specialized software we can overcome this problem. Also ATM and Frame Relay are used in this simulation as a different solution for the interconnection of the sites. From the simulated results it was clear that for VoIP to operate without affecting the network fast Ethernet is required combined with WAN technologies providing data rates that can support the additional load and quality of service. This is not a problem since in nowadays fast and gigabit Ethernet have become very common and cheap to implement even for simple users. The same is applied to WAN and internet technologies that become more accessible day by day. These advantages of technology made VoIP a standard, easy to implement by enterprises rather than a special and demanding service.

References

[1] Jonathan Davidson, James Peters, “Voice over IP Fundamentals”, Cisco Systems 2000

[2] Markku Korpi, Vineet Kumar and Senthil Sengodan, “IP Telephony with H.323:

Architectures for Unified Networks and Integrated Services”, John Wiley & Sons

[3] Henry Sinnreich, Alan B. Johnston, “Internet Communications Using SIP:

Delivering VoIP and Multimedia Services with Session Initiation Protocol”, Second Edition, Wiley Publishing Inc.

[4] Jonathan Davidson, Tina Fox, “Deploying Cisco Voice over IP Solutions”, Cisco Systems 2000

[5] Thomas Porter, “Practical VoIP Security”, Syngress Publishing 2006

[6] Pavlos Papageorgiou, “A Comparison of H.323 vs SIP”, University of Maryland at College Park, 4 June 2001

[7] Debashish Mitra, “Network Convergence and Voice over IP”, Tata Consultancy Services, March 2001

[8] Peter Thermos, Ari Takanen, “Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures”, Addison-Wesley, August 2007

[9]Cisco Networking Academy Program, ”CCNA 1, 2, 3, 4 Companion Guide”, Cisco Systems, Third edition

[10] Fiifi Botwe Arkaah, “VoIP in the Context of Security”, Stockholm University / Royal Institute of Technology,April 2006

[11] Dr. Harilaos Katopodis, “Network Security”, Kingston University, March 2008

[12] Steven B. Winstanley, “Quality of Service over ATM Networks”, Department of Electronic Engineering, Queen Mary and Westfield College University of London 1998

[13] iLBC White Paper, “iLBC – Designed For The Future”, Global IP Sound, October 15, 2004

[14] Kai Vanaanen, “H.323 in Telecommunications ”, Teknillinen Korkeakoulu Teletekniikan laboratorio,October 17th, 1999

[15] ITU-T, “H.323 Recommendation”, International Telecommunication Union, September 1999

[16] ITU-T, “H.261 Recommendation”, International Telecommunication Union, March 1993

[17] ITU-T, “H.235 Recommendation”, International Telecommunication Union, May 2003

[18] J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R.

Sparks, M. Handley, E. Schooler, “RFC 3261 - SIP: Session Initiation Protocol”, Network Working Group, June 2002

[19] J. Peterson, “RFC 3893 – SIP: Authenticated Identity Body (AIB) Format”, Network Working Group, September 2004

[20] J. Peterson, C. Jennings, “RFC 4474: Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)”, Network Working Group, August 2006

[21] Abhijit S. Pandya, Ercan Sen, “ATM Technology for Broadband Telecommunications Networks” ,CRC Press, January 11 1998

[22] Jan Thibodeau, “The Basic Guide to Frame Relay Networking”, Frame Relay Forum, 1998

[23] Cisco Systems, “Internetworking Technologies Handbook”, Cisco Press, 4^th Edition, September 11 2003

Glossary

ABR: Available Bit Rate ABT: ATM Block Transfer ACR: Average Cell Rate

ADSL: Asymmetric Digital Subscriber Line AES: Advanced Encryption System

AIB: Authenticated Identity Body ASN.1: Abstract Syntax Notation ATM: Asynchronous Transfer Mode BCR: Block Cell Rate

BECN: Backward Explicit Congestion Notification CAC: Connection Admission Control

FECN : Forwards Explicit Congestion Notification FR: Frame Relay

FTP: File Transfer Protocol

HMAC: Hash Message Authentication Code HTTP: Hypertext Transfer Protocol

ICE: Interactive Connectivity Establishment IETF: Internet Engineering Task Force IKE: Internet Key Exchange

iLBC: internet Low Bit rate Codec

IM: Instant Messaging

nrt-VBR: non real time Variable Bit Rate OSI: Open Systems Interconnection

RSIP: Real Specific Internet Protocol

RTCP: Real-time Transport Control Protocol RTP: Real-time Transport Protocol

rt-VBR: real time Variable Bit Rate

S/MIME: Secure / Multipurpose Internet Mail Extensions SCN: switched-Circuit Network

STUN: Simple Traversal of UDP through NATs TCP: Transmission Control Protocol

VoMIT: Voice over Misconfigured Internet Telephones VPI: Virtual Path Identifier

VPN: Virtual Private Network WAN: Wide Area Network