nexvortex SIP Trunking Implementation & Planning Guide V1.5 510 S PRING S TREET H ERNDON VA 20170 +1 855.639.8888
Introduction Welcome to nexvortex! This document is intended for nexvortex Customers and Resellers as an aid to setting up nexvortex SIP Trunking service with an IP PBX that has been tested and or certified with nexvortex Business Grade SIP Trunking Service. Additional Information and our PBX specific set up guides can be found through your web portal under Support or online at http://www.nexvortex.com. Further assistance can also be obtained by emailing support@nexvortex.com. Table of Contents Section 1 SIP Trunking Service pg 3 Section 2 Planning and Requirements pg(s) 3 5 Section 3 Network Infrastructure pg(s) 5 6 Section 4 SIP Service Specifications pg(s) 6 7 Section 5 Security pg 7 Section 6 E911 pg(s) 7 8 Section 7 Number Routing pg 9 Section 8 Disaster Recovery pg 10 Section 9 Redundancy pg(s) 10 11 Section 10 Trouble Shooting pg 11 Implementation Guide V1.5 Page 2
Section 1 SIP Trunking Service nexvortex SIP Trunking Solutions enable tested/certified IP PBX platforms the ability to leverage an existing customer provided internet connection to make and receive phone calls. Standard Service Plans Features: Unlimited SIP Trunk Call Paths Broadcast and Auto Dialer Applications are considered separate and may have call path restrictions. Outbound Dialing anywhere in the Continental US & Canada Inbound Calls on DID numbers International Calling Capability Local E911 service Caller ID Number Advanced User Portal with Real Time Billing Multi Node Redundancy Advanced Features: Caller ID Name Inbound Calling on Toll Free Numbers Inbound Calling on International Numbers Directory Listings Multi Site Local E911 Remote Call Forwarding More information on service plans and pricing can be found at http://www.nexvortex.com/services.aspx Section 2 Planning & Requirements Before implementing your nexvortex SIP Trunking Service it will be important to address several key components. Components of a Successful SIP Trunking Implementation: Quality Internet Connectivity IP PBX Interoperability SIP Friendly Network Infrastructure IP PBX Configuration Technical Skills Specific nexvortex/ip PBX Implementation Guide Implementation Worksheet Active nexvortex SIP Trunking Account Access to Networking Skills Post Installation Implementation Guide V1.5 Page 3
Section 2 Planning & Requirements Continued Internet Connectivity Requirements: A reliable, low latency, low packet loss internet connection is required to enjoy the benefits of your nexvortex SIP Trunking Service: Internet Connectivity Specs for Desired Performance: ISP Upload Speed: ISP Latency Enough Broadband for SIP Channels and Local LAN Traffic Less than 70 MS ISP Packet Loss Less than ½ % ISP Jitter Less than 5 MS http://www.speedtest.net and http://www.pingtest.net are popular web sites for testing upload speed, latency, packet loss, and jitter on a specific internet circuit. Bandwidth Utilization: Codecs: nexvortex supports two Codecs G.711µ and G.729a. If your network is NOT bandwidth constrained, you should be using G.711µ ONLY. nexvortex will recognize the codecs you set at the PBX level. For planning purposes it is best to plan 85k upload/download for each concurrent call using G.711µ. Plan 35k upload/download per concurrent call when using G.729a. Bandwidth Utilization: QOS/COS: It is important to note when running SIP Trunks over a bring your own broadband connection using the public internet there is no QOS. This is something to plan for when sizing the appropriate internet connection to use for your SIP Trunks and data traffic. Customers address this by having enough broadband upload and download speed for both their SIP Trunking traffic and LAN traffic. Customers also address this by using a router with traffic shaping/qos features. Many of today s routers have these voice prioritization features built in. Customers who prefer to run two separate internet connections will segment off one connection for their LAN traffic with a separate connection for their voice traffic. The use of two separate internet connections can also give you a level of local redundancy not only from having two separate ISP s but also because you can use the nexvortex auto detecting Disaster Recovery module to fail inbound calls to a separate internet connection in the event the primary connection is down. When using the Disaster Recovery module to fail calls to another ISP or internet connection it is important to ensure your network is set up so that your PBX hardware can receive calls from either ISP. Section 8 of this implementation guide provides more information on the nexvortex Disaster Recovery Module. Implementation Guide V1.5 Page 4
Section 2 Planning & Requirements Continued To get more information on internet connectivity requirements or if you would like a free internet access quote please contact the nexvortex sales team by emailing sales@nexvortex.com. Section 3 Network Infrastructure Network Infrastructure is a critical component to your SIP Implementation. Routers, Switches and the Firewall will need to be set up with respect to SIP signaling and RTP. In your SIP signaling, you are specifying a lot of information about how the call is to proceed. This information includes your IP address, the audio port you are using, your DTMF configuration, etc. All of this is controlled by how you configure your PBX. Your edge device (router and/or firewall) must be configured in concert with these PBX settings. Some edge devices can change the port ranges dynamically during calls as a security measure. This can cause dropped calls, loss of signaling, loss of two way audio mid call or other problems if the firewall configuration is not correct for your particular PBX. When using an edge device (firewall/network router/security application etc), support for the particular device/application is critical. nexvortex does not configure your firewall, edge devices, security devices, etc. As a general rule, all edge devices should be configured to always allow UDP port 5060 traffic from the following IPs: 66.23.129.253 66.23.138.162 66.23.190.100 66.23.190.200 Implementation Guide V1.5 Page 5
Section 3 Network Infrastructure Continued nexvortex does not use Session Border Controllers (SBCs). For this reason, you MUST allow ALL IP addresses access to the UDP port range that your PBX uses for RTP. This UDP range depends on the configuration of your particular PBX and is configurable on most PBXs. Failure to do so may result in one way audio issues Section 4 SIP Service Specifications SIP is a powerful protocol that enables the enduser to control many aspects of their service delivery. Although there are many ways to handle SIP, the following information covers nexvortex SIP Trunking Specifications and how your PBX should be configured to provide you with the best experience. Codecs: G.711µ and G.729a are the two main codecs supported by nexvortex. If your network is NOT bandwidth constrained, you should be using G.711µ ONLY. DTMF: RFC2833 is the only DTMF type officially supported by nexvortex. Your PBX must use RFC2833 to communicate DTMF to nexvortex gateways. The DTMF type that you use to communicate between your PBX and your IP phones may be different. This will depend on the manufacturer of your IP PBX and Phones. DTMF Payload: This should be 101 Protocol: nexvortex only supports SIP via UDP, at present. TCP support is being developed, but not yet supported in production. NAT: nexvortex does not perform ALG or SIP transformations on your traffic. You must present your public IP address in the c= portion of your SDP content. Ports: UDP port 5060 is the SIP standard and is the only port to which you should send communications to nexvortex. You may use any local UDP port that you prefer, but must account for this in the configurations of both your edge device (router and/or firewall) and your PBX. Implementation Guide V1.5 Page 6
Section 4 SIP Service Specifications Continued Fax: nexvortex supports fax over IP via G.711µ passthrough and T.38. T.38 is the recommended format for reliability. This service is provided as best effort by nexvortex as fax over IP is extremely dependent on your IP connection and thus, cannot be guaranteed. Section 5 Security SIP, unfortunately, is a high value target for hackers. There are a few things you should do to ensure that your PBX installation is secure and well protected against the normal attack vectors for this technology. PBX Extensions: If your PBX is configured to allow external extensions (outside the private LAN), you must configure your extensions with strong passwords. Password extensions should NEVER be the same as the extension number itself. GUI Access: If your PBX is configurable via a web browser GUI, it should NOT be accessible via a public IP. If you MUST make changes to your PBX configuration from outside your network, you should only enable remote access while you are working on the configuration and then immediately remove access when your updates are complete. Access Lists: If your PBX supports access lists for IP authorization, these should be extremely conservative. Allowing unauthorized users to place calls through your network is a good way to rack up thousands of dollars in fraudulent charges if someone identifies this weakness in your configuration. Dialplan restrictions: An effective way to keep unauthorized users from using your PBX to place fraudulent calls is to restrict your dialplan. If you do not make International calls, do not allow users to dial 011 as their first three digits. If you do make International calls, consider restricting allowable dial strings to only the country codes to which you place calls. Don t forget to protect your dialplan against Caribbean dialing (Check here for Caribbean area codes http://www.everythinglongdistance/caribbean area codes.htm ) Section 6 E911 The first thing that you need to identify when considering E911 service for your installation is the number of E911 sites that need to be supported. Any physical location where a user is making outbound calls using the nexvortex service and could potentially need to dial 911 is considered a site. This does not necessarily apply for users with soft phones who will be mobile, but is rather a consideration for remote employees who have fixed locations outside of the normal corporate offices. Implementation Guide V1.5 Page 7
Section 6 E911 Continued The following instructions will help you set up E911. Instructions: 1. Log into your account portal at http://www.nexvortex.com 2. If this is your first time logging into your account you will be required to configure E911 service before you can do anything else. 3. If this is not your first time logging into your account, you can find your existing E911 details by following the links for Settings > E911. 4. If you only have one physical location, you only need ONE E911 DID entry regardless of the number of DIDs that you have on your account. The number that you use for this entry should be your main number, or a common number that is answered by a LIVE person. This is the number that emergency services will use to call you back if your call is disconnected. 5. You can test that your E911 is set up correctly by dialing 311 or 933 from any SIP phone in your network that sends traffic through nexvortex. You must ensure that at least one of these dial strings is configured in your PBX. These test calls will result in a recording that will read back both the E911 call back number and associated physical address. Please do NOT call 911 unless you are having an actual emergency. Multi Site E911: For Multi Site E911 the first step is to register each physical site s address in your accounts web portal. This is done by clicking on My Account > My Account Settings > Add new Record. The second step will be to open a ticket with nexvortex support to review your Multi Site E911 configuration. Your Multi Site E911 configuration may be different depending if you are using an IP PBX at each location or if you are using remote phones. To open a ticket with nexvortex support please email support@nexvortex.com. It is best to list your account number in the subject line along with the words Multi Site E911. Also if you need to add additional E911 emergency locations to your account or delete an existing 911 emergency location, please contact us at support@nexvortex.com. There is additional information on E911 and Multi Site E911 in your web portal under Support > Set Up Guides. Implementation Guide V1.5 Page 8
Section 7 Number Routing To set your inbound number routes you will need to log into your web portal and select Settings > Number Routing. Your DID numbers and Toll Free numbers(if applicable) will be loaded in this section of your portal. The number routing feature in your web portal enables you to add or change your inbound call routes. You can also change the way the call is presented to your PBX equipment. To change or add a number route for one of your DID numbers or Toll Free numbers simply select a number from your routing table and select edit. You will see a pop up window that will let you set up your inbound routes and preferences for that given number. The changes you make are in real time. You can choose to use a Static IP (preferred) or a dynamic IP set up. Static IP for Inbound number routing : With the term type set to static, many variations can be entered into the IP Address/Contact field. Some of the more commonly used entries are: Static IP (eg. 66.23.129.253), Dynamic DNS (eg. nexvortex.dyndns.com), DNS (eg. sip.nexvortex.com), DNS SRV domain (eg. nexvortex.com). It is important that this field corresponds to the LAN where the phone system is installed. The translation field must match a configured inbound route on the enduser PBX. What is entered in this field will be populated as the USER part of SIP URI, also known as the request URI, of the INVITE delivered to the enduser PBX for an inbound call. In order to support standard North American numbering, as well as E.164 numbering formats (a plus sign + will appear in the sip_uri of the Request URI, To, and From headers), whenever possible, the inbound routes that you configure on your PBX should utilize wildcarding for DID recognition. For example, if your DID is 17035790200, you would want to configure your Inbound Route on your PBX as *7035790200. This will match both 17035790200 and +17035790200. Dynamic IP for Inbound number routing: Based on the enduser s registration message FROM header whatever is presented as the USER part of the header field is what the customer needs to enter as both translation and IP Address/Contact. This is typically the username nexvortex provided with your new account or the default phone number on your account. Inbound DID Registration: If your public IP is DYNAMIC, you will need to register with nexvortex to receive inbound traffic. The Registrar IP you configure in your PBX should be reg.nexvortex.com and your timer expiry for this registration should be NO LESS than 300 seconds. If your public IP is STATIC, you should NOT register at all, as this information is completely unused for your service delivery with nexvortex. Implementation Guide V1.5 Page 9
Section 8 Disaster Recovery Disaster Recovery Routing with automatic detection allows incoming calls to be forwarded to an alternate destination in the event the call(s) could not be delivered to the intended location due to a problem with your phone system or your internet access connection. Each number is individually configurable and you can specify up to three alternate locations. Each alternate location can be either a standard telephone number or an IP end point. For example, you can forward calls to your cell phone, analog lines, PRI number or a different internet connection. (Note, calls routed back out to the traditional phone network will be treated as normal outbound calls for billing purposes). To setup Disaster Recovery, login to your nexvortex webportal and then click on Settings > Disaster Recovery. In the picture above, it shows the different routes you can set your numbers to. Using the tabs you can set up your numbers to fail over to another number, such as a cell phone or another land line. This feature comes standard with nexvortex Elite Plans and Custom Plans or can be ordered for small account plans through your account portal under Order Services > Disaster Recovery". Section 9 Redundancy In order to provide the highest level of service availability possible, nexvortex utilizes an N+1 architectural model for our call processing. You will need to ensure that your PBX and your network edge (router and/or firewall) is configured to accommodate this architecture. Inbound service As noted above in Section 3 of this document, you may receive SIP signaling from nexvortex from any of the four following IP addresses: 66.23.129.253 66.23.138.162 66.23.190.100 66.23.190.200 Implementation Guide V1.5 Page 10
Section 9 Redundancy - Continued You must ensure that each of these IPs is allowed to pass UDP 5060 traffic into your network and that this traffic is port forwarded (if necessary) to the internal IP of your PBX. Your PBX, in turn, should be configured with as many trunks as necessary to field traffic from these four IPs. If you need additional assistance ensuring your local PBX configuration meets this requirement, please contact technical support for your equipment directly. Outbound service The most efficient way to ensure redundancy for outbound calling is to utilize DNS SRV for routing traffic to nexvortex. At present, if your PBX supports DNS SRV, pointing to nexvortex.com as your Proxy IP address is all that should be necessary to ensure outbound redundancy. If your PBX does not support DNS SRV, hopefully it supports configuration of multiple outbound proxies. If so, you should configured px1.nexvortex.com as your primary proxy IP address, and px3.nexvortex.com as your secondary IP address. If you need additional assistance with DNS SRV or configuring multiple outbound proxy IPs on your PBX, please contact technical support for your equipment directly. Section 10 Troubleshooting Check to see if your service is enabled. In your account portal at the top of your screen you will see a real time status bar. Your account should be in an Active Status to use service. Customer System outbound call failure: Check the system is pointing at nexvortex.com Check port 5060 is open on the firewall Check NAT translation is correct between LAN private IP address and public IP address Check you have the correct proxy user name and password configured If you are utilizing 7 digit dialing, ensure that the DialPlan in your PBX is configured to prepend 1+area code before the 7 digit number, as all domestic calls presented to nexvortex must be 1+10 digits or 10 digits. Customer System inbound call failure: Some systems require nexvortex.com for verification to be configured. Check port 5060 is open on the firewall Check NAT translation is correct between LAN private IP address and public IP address Check that you have setup the IP route for the number correctly with nexvortex. This is done through the customer or reseller Partner Connect portal by selecting Settings > Number Routing Check that the dial plan is configured to route the number to a valid location on the customer system. One way audio or no audio after call is setup: Check the RTP audio ports are open on the firewall. Confirm that NAT translation is being handled correctly and that PUBLIC IP addresses are being sent in the SDP data of INVITE messages sent to nexvortex. Implementation Guide V1.5 Page 11