multi-site unmanaged VPN and IPO

[Don91LX]

New to the forum, so no flaming please. We have 4 offices that we're looking at deploying the IPO to (actually 6 but one is connect via PTP T1, and the other is connect via DSL/wireless bridge out of my control).

Office A - Cisco 2651XM w/ VPN card IP+/FW ios w/ T1 to Verio ISP
Office B - Cisco 1720 w/ VPN card IP+/FW ios w/ T1 to Verio ISP
Office C - Cisco 1720 w/ VPN card IP+/FW ios w/ T1 to Verio ISP
Office D - Cisco 1720 w/ VPN card IP+/FW ios w/ FR T1 (CIR 1.5) to Speakeasy ISP

We currently have no QOS running. Ping times vary w/ 32 byte packet -
Office A-B 41ms up to 250ms avg. 68(7 hops over public route)
Office A-C 60ms up to 450ms avg. 57 (8 hops over public route)
Office A-D 85ms up to 255ms avg. 98 (14 hops over public route)

We do some file sharing, printing, and video conferencing site-site, central db in Office A accessed frequently.

I understand the need for QOS, no problem. But I know it isnt going to help latency. We just had the tech out today to do the network assessment, he wasnt real positive. I understand what we're up against, but Im thinking we cant be the only ones who have tried this. Can anyone throw me a bone here? The tech said he's only worked one other job with VPN links??? All the others were using PTP links to other offices across the country! Thats some serious cash. If I propose that, it'll go over like a brick ****house.

Any ideas?
TIA

 

[IPGuru]

This is a flame free forum, always happy to help.

Trying to run VOiP using an internet VPN is asking for trouble.

1) You will get no Qos garantee, you may not often see degradation so for internal communication it may be ok

2) the ping time you are showing are not good, If you can get a connection established I would expect problems with echo & probibly call cut off.


I would rather install an IPO with V2.1(15) VM Pro & CCC than try to get this configuration to work reliably.

I believe there are some docs in the avaya tool tips that detail ping times etc. for Voip Connections

 

[kflounders]

You might want to look at a solution from a company like Masergy that can provide true Fiber Ring MPLS all over the world with very generous sla's for jitter packet loss and packet order. Their sla's for round trip latency are respectable as well. I will be implementing a Philadelphia-Sydney-London network with them shortly and will post the results, good or bad.

I would explore other options like MPLS or even frame before I would try to implement using a VPN through the public internet.

 

[Morrack]

Since you're new here, you should know that by suggesting he'd rather install 2.1(15) with VMPro and CCC, IPGuru is clearly of the opinion your odds of success are about on par with convincing your CFO to spring for frame relay to all your locations


Do you already have an IPO at one of your locations? You might try a light investment and deploy a single IP hardphone and see how it goes first. You could rotate it around the various locations to get a feel for the quality you can expect at each site.

Peter

 

[Don91LX]

Morrack - yeah, thats pretty much what I thought.

Thats not a bad idea to use an IP phone. Technically I have no equipment yet. I have a proposal for 6 offices (400 digital phones). The first office for deployment is moving to a new location in 6 weeks (didnt want to spend the cash to re-locate and upgrade/expand the Legend). After that another office is moving and we're opening another in 2 months. This is happening real fast. For the new/moving offices it makes financial sense to go with a new system, and the IPO isnt priced much higher than say a Magix. So here I am.

What rubs me about this whole thing is I've spoken with two different vendors, each designed two systems, they each knew we were running a public VPN, and neither mentioned that this isnt recommended by Avaya as stated in a doc I found yesterday. Wish I had found this forum earlier too.

I know Im off track so thanks for letting me vent. But Im in a jam. My CEO thinks he's getting a system that we can 4 digit dial to each office and do least cost routing. I didnt budget for a dedicated frame or managed VPN. ARRRRRGHHHHH!

 

[Morrack]

All is not lost, Don. There are ways around this IF conditions are right. Can you get the same ISP at all locations, preferably a smaller provider? Sometimes you can get the little guys to do things the big goliaths would laugh at you for suggesting. I have a client running voip across the public internet, and it works quite well. However, they've had to make a minor security compromise and send the voice packets unencrypted (ie no vpn). The ISP was able to guarantee QoS for packets that only traversed their networks - which was fine since they were able to provide the adsl to all locations. The key is they cannot pass through a VPN or those voice packets suddenly become data packets - not to mention the latency overhead the vpn adds.

If you aren't planning any super-sensitive conversations over your voip links (you could provide an alternate dialout code that would dial long distance for any such conversations - perhaps good to share with your CFO and CEO) then you might be able to salvage the situation.

Peter

 

[sizbut]

Go with Morrack's advice. The only times I've heard of this working really well over the Internet have been with all sites on the same ISP and that ISP actively supporting the QoS end to end (ie. its not really the Internet, just an internet).

For ping times you need to be aiming for under 150ms to avoid users percieving something odd about the line.