Difference between revisions of "Network guidelines"
From Zenitel Wiki
(→Power over Ethernet (PoE)) |
(→AlphaWeb - Integrated web server) |
||
(48 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | {{ | + | {{AI}} |
− | + | This article describes the network guidelines of the [[:Category:ICX-AlphaCom Platform|ICX-AlphaCom]] and [[:Category:AlphaCom XE|AlphaCom XE]] platforms. | |
− | The AlphaCom XE | + | ==The ICX-AlphaCom and AlphaCom XE servers== |
+ | ICX-AlphaCom and AlphaCom XE offer advanced communication and control capabilities. They provide the voice of security. This article includes descriptions of setup and configuration, operation, and any limitations and/or notes surrounding the solution. The network guidelines of ICX-AlphaCom and AlphaCom XE are very similar, as ICX-AlphaCom is built on the AlphaCom XE application software. Where this does not cause any confusion, the only reference will be made to the ICX-AlphaCom. | ||
===Separate management interface=== | ===Separate management interface=== | ||
− | + | The [[ICX-500 Gateway]] comes with two Ethernet interfaces. A separate Ethernet interface which can be dedicated to management. This allows the administrator to build a separate administration VLAN that is dedicated only to administrators. | |
+ | |||
+ | ==Network guidelines== | ||
+ | |||
+ | === Network Conditions === | ||
− | |||
− | |||
*Maximum one way latency 150ms | *Maximum one way latency 150ms | ||
*Maximum one way jitter <30ms | *Maximum one way jitter <30ms | ||
*Maximum Loss <1% | *Maximum Loss <1% | ||
+ | === Network Layout === | ||
+ | |||
+ | * End to End connectivity via private LAN or WAN | ||
+ | * Full routing between subnets | ||
+ | * All ports required available across routers | ||
+ | * No Network Address Translation (NAT) allowed at routers | ||
+ | * Use VPN or MPLS to bridge disparate networks across the internet | ||
+ | |||
+ | [[Image:BandwidthUsage.PNG|thumb|right|700px|Bandwidth usage]] | ||
===Bandwidth usage=== | ===Bandwidth usage=== | ||
A VoIP audio stream is using: | A VoIP audio stream is using: | ||
− | *On a LAN network: 85.6 kbps | + | |
+ | *On a LAN network: 85.6 kbps | ||
*On a WAN network (IPSec encrypted): 106.4 kbps | *On a WAN network (IPSec encrypted): 106.4 kbps | ||
Examples: | Examples: | ||
+ | |||
*A '''conversation''' between to IP stations is using 2 VoIP streams, one to each station. Bandwidth usage: 2 x 85,6 = <u>171,2 kbps</u> | *A '''conversation''' between to IP stations is using 2 VoIP streams, one to each station. Bandwidth usage: 2 x 85,6 = <u>171,2 kbps</u> | ||
*A '''group call''' (''unicast'') from one IP station to 10 receiving devices (IP stations, IP Speakers), is using one VoIP stream to each of the stations. Bandwidth usage: 11 x 85,6 kbps = <u>941,6 kbps</u> | *A '''group call''' (''unicast'') from one IP station to 10 receiving devices (IP stations, IP Speakers), is using one VoIP stream to each of the stations. Bandwidth usage: 11 x 85,6 kbps = <u>941,6 kbps</u> | ||
Line 26: | Line 40: | ||
The bandwidth usage is the same for all codecs G.722, G.711u and G.711a. | The bandwidth usage is the same for all codecs G.722, G.711u and G.711a. | ||
− | Here is a link to the [[ | + | Here is a link to the [[Video_Settings#Bandwidth_usage|bandwidth usage for video stream from TCIV+ stations]]. |
===Unicast/Multicast=== | ===Unicast/Multicast=== | ||
The network should support Multicast (IGMP Snooping). | The network should support Multicast (IGMP Snooping). | ||
− | + | ICX is by default using Unicast for Group audio (group calls, alarm messages etc), sending one VoIP stream to each receiving device. The maximum number of receivers is 200 (50 in AlphaCom) when using Unicast. | |
− | If more than | + | If more than 200 receiving devices, multicast must be used. Multicast is also recommended with less devices to lower the bandwidth usage. |
A group call with Muliticast is using 2 VoIP channels, regardless of the number of receivers. | A group call with Muliticast is using 2 VoIP channels, regardless of the number of receivers. | ||
Line 37: | Line 51: | ||
===VLAN=== | ===VLAN=== | ||
It is recommended to use a dedicated VLAN for the intercom system. Grouping users into logical networks will increase performance by limiting broadcast traffic to users performing similar functions or within individual workgroups. Additionally, less traffic will need to be routed, and the latency added by routers will be reduced. | It is recommended to use a dedicated VLAN for the intercom system. Grouping users into logical networks will increase performance by limiting broadcast traffic to users performing similar functions or within individual workgroups. Additionally, less traffic will need to be routed, and the latency added by routers will be reduced. | ||
+ | |||
+ | ===802.1X Authentication=== | ||
+ | IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC) | ||
+ | |||
+ | [[IEEE 802.1X|802.1X is supported]] in: | ||
+ | |||
+ | *All station and device types | ||
+ | *In ICX-AlphaCom (software v. 1.1.3.0 and later) | ||
+ | |||
+ | 802.1X is not supported in the AlphaCom series of servers. | ||
===Quality of Service=== | ===Quality of Service=== | ||
− | The | + | The ICX uses the UDP ports 61000 to 62000 for VoIP audio. |
Quality of Service (QoS) is by default set on all VoIP audio packages, using Diffserv bit class EF. | Quality of Service (QoS) is by default set on all VoIP audio packages, using Diffserv bit class EF. | ||
− | === Power over Ethernet (PoE)=== | + | ===Power over Ethernet (PoE)=== |
All [[:Category:Stations#INCA_stations|INCA devices]] and [[:Category:Stations#Turbine_stations|Turbine devices]] from Zenitel supports PoE (IEEE 802.3af standard, Class 0). | All [[:Category:Stations#INCA_stations|INCA devices]] and [[:Category:Stations#Turbine_stations|Turbine devices]] from Zenitel supports PoE (IEEE 802.3af standard, Class 0). | ||
− | Most stations (except the desktop models) can alternatively be | + | Most stations (except the desktop models) can alternatively be powered from a local 24VDC power supply. |
− | The AlphaCom XE | + | The ICX-500 and AlphaCom XE servers do not support PoE. |
===Port use=== | ===Port use=== | ||
+ | |||
All devices (servers and stations) are using port 80 (http) or 443 (https) for web services. | All devices (servers and stations) are using port 80 (http) or 443 (https) for web services. | ||
'''VoIP communication''' is using the following ports: | '''VoIP communication''' is using the following ports: | ||
− | ====IP | + | ====Zenitel IP Devices==== |
+ | |||
*Signaling: TCP port 50001 | *Signaling: TCP port 50001 | ||
− | *Voice: UDP port 61000 - 61150 | + | *Voice: |
+ | **UDP port 61000 – 62000 for ICX-AlphaCom | ||
+ | **UDP port 61000 – 61150 for AlphaCom XE | ||
+ | |||
+ | * Video | ||
+ | ** HTTP MJPG: TCP port 80. Optionally TCP port 8090 | ||
+ | ** RTSP MJPG and RTSP H264: | ||
+ | *** RTSP Control = TCP port 554 | ||
+ | *** Media = ephemeral UDP ports 32768-60999 | ||
+ | |||
+ | Note: The video is not going through the ICX-AlphaCom server, but peer to peer from e.g. TCIV+ intercom to ITSV video phone. | ||
+ | |||
+ | ====AlphaNet (interconnecting ICX-AlphaCom and/or AlphaCom XE servers)==== | ||
− | |||
*Signaling: TCP port 50000 | *Signaling: TCP port 50000 | ||
− | *Voice: UDP port 61000 - 61150 | + | *Voice: |
+ | **UDP port 61000 – 62000 for ICX-AlphaCom | ||
+ | **UDP port 61000 – 61150 for AlphaCom XE | ||
+ | |||
+ | ====MultiModule (interconnecting AlphaCom servers in Master-Slave, available only for AlphaCom XE servers)==== | ||
− | |||
*Signaling: TCP port 50010 | *Signaling: TCP port 50010 | ||
*Voice: UDP port 61000 – 61150 | *Voice: UDP port 61000 – 61150 | ||
====SIP communication==== | ====SIP communication==== | ||
+ | |||
*Signaling: UDP port 5060 | *Signaling: UDP port 5060 | ||
− | *Voice: UDP port 61000 – 61150 | + | *Voice: |
+ | **UDP port 61000 – 62000 for ICX-AlphaCom | ||
+ | **UDP port 61000 – 61150 for AlphaCom XE | ||
'''Management Tools''' are using the following ports: | '''Management Tools''' are using the following ports: | ||
− | ==== AlphaPro PC configuration tool ==== | + | ====AlphaPro PC configuration tool==== |
− | |||
− | ==== AlphaWeb - Integrated web server ==== | + | *TCP Port 80 (or 443) for AlphaPro 12.0 and later |
− | * TCP port 80 (http) or TCP port 443 (https) | + | *TCP port 60001 for AlphaPro 11.7 and earlier |
+ | |||
+ | See also [[TCP ports used by AlphaPro]] | ||
+ | |||
+ | ====AlphaWeb - Integrated web server==== | ||
+ | |||
+ | *TCP port 80 (http) or TCP port 443 (https) | ||
+ | |||
+ | ==== IMT - Intercom Management Tool ==== | ||
+ | The IMT tool is using the following ports in the network: | ||
+ | * UDP port 69: Used by the embedded TFTP server during the Upgrade process | ||
+ | * TCP port 80: Use to read/write XML files to/from the devices | ||
+ | * TCP port 50001: Identification process | ||
+ | * TCP port 50004: Use to read/write Zenitel Application Protocol (ZAP) data. | ||
+ | |||
+ | HTTPS using UDP port 443 instead of UDP port 80 is supported from IMT version 2.0. HTTPS is automatically used if HTTP is disabled in device firewall. | ||
<br> | <br> | ||
− | ==AlphaCom firewall and port usage== | + | ==ICX-AlphaCom firewall and port usage== |
− | |||
− | |||
− | + | The ICX-AlphaCom has an internal firewall allowing the network administrator to open and close IP services that should be able to access the ICX-AlphaCom from the different networks. | |
+ | [[File:ICX Web Filters.png|thumb|left|700px|The ICX-AlphaCom firewall]] | ||
− | [[Category: | + | [[Category: ICX-AlphaCom Platform]] |
+ | [[Category:Network]] |
Latest revision as of 09:42, 24 January 2024
This article describes the network guidelines of the ICX-AlphaCom and AlphaCom XE platforms.
Contents
- 1 The ICX-AlphaCom and AlphaCom XE servers
- 2 Network guidelines
- 2.1 Network Conditions
- 2.2 Network Layout
- 2.3 Bandwidth usage
- 2.4 Unicast/Multicast
- 2.5 VLAN
- 2.6 802.1X Authentication
- 2.7 Quality of Service
- 2.8 Power over Ethernet (PoE)
- 2.9 Port use
- 2.9.1 Zenitel IP Devices
- 2.9.2 AlphaNet (interconnecting ICX-AlphaCom and/or AlphaCom XE servers)
- 2.9.3 MultiModule (interconnecting AlphaCom servers in Master-Slave, available only for AlphaCom XE servers)
- 2.9.4 SIP communication
- 2.9.5 AlphaPro PC configuration tool
- 2.9.6 AlphaWeb - Integrated web server
- 2.9.7 IMT - Intercom Management Tool
- 3 ICX-AlphaCom firewall and port usage
The ICX-AlphaCom and AlphaCom XE servers
ICX-AlphaCom and AlphaCom XE offer advanced communication and control capabilities. They provide the voice of security. This article includes descriptions of setup and configuration, operation, and any limitations and/or notes surrounding the solution. The network guidelines of ICX-AlphaCom and AlphaCom XE are very similar, as ICX-AlphaCom is built on the AlphaCom XE application software. Where this does not cause any confusion, the only reference will be made to the ICX-AlphaCom.
Separate management interface
The ICX-500 Gateway comes with two Ethernet interfaces. A separate Ethernet interface which can be dedicated to management. This allows the administrator to build a separate administration VLAN that is dedicated only to administrators.
Network guidelines
Network Conditions
- Maximum one way latency 150ms
- Maximum one way jitter <30ms
- Maximum Loss <1%
Network Layout
- End to End connectivity via private LAN or WAN
- Full routing between subnets
- All ports required available across routers
- No Network Address Translation (NAT) allowed at routers
- Use VPN or MPLS to bridge disparate networks across the internet
Bandwidth usage
A VoIP audio stream is using:
- On a LAN network: 85.6 kbps
- On a WAN network (IPSec encrypted): 106.4 kbps
Examples:
- A conversation between to IP stations is using 2 VoIP streams, one to each station. Bandwidth usage: 2 x 85,6 = 171,2 kbps
- A group call (unicast) from one IP station to 10 receiving devices (IP stations, IP Speakers), is using one VoIP stream to each of the stations. Bandwidth usage: 11 x 85,6 kbps = 941,6 kbps
- A group call (multicast) from one IP station to 10 receiving devices (IP stations, IP Speakers), is using one VoIP stream from the calling station, and one VoIP stream to the group. Bandwidth usage: 2 x 85,6 kbps = 171,2 kbps
The bandwidth usage is the same for all codecs G.722, G.711u and G.711a.
Here is a link to the bandwidth usage for video stream from TCIV+ stations.
Unicast/Multicast
The network should support Multicast (IGMP Snooping). ICX is by default using Unicast for Group audio (group calls, alarm messages etc), sending one VoIP stream to each receiving device. The maximum number of receivers is 200 (50 in AlphaCom) when using Unicast. If more than 200 receiving devices, multicast must be used. Multicast is also recommended with less devices to lower the bandwidth usage.
A group call with Muliticast is using 2 VoIP channels, regardless of the number of receivers.
VLAN
It is recommended to use a dedicated VLAN for the intercom system. Grouping users into logical networks will increase performance by limiting broadcast traffic to users performing similar functions or within individual workgroups. Additionally, less traffic will need to be routed, and the latency added by routers will be reduced.
802.1X Authentication
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC)
- All station and device types
- In ICX-AlphaCom (software v. 1.1.3.0 and later)
802.1X is not supported in the AlphaCom series of servers.
Quality of Service
The ICX uses the UDP ports 61000 to 62000 for VoIP audio. Quality of Service (QoS) is by default set on all VoIP audio packages, using Diffserv bit class EF.
Power over Ethernet (PoE)
All INCA devices and Turbine devices from Zenitel supports PoE (IEEE 802.3af standard, Class 0). Most stations (except the desktop models) can alternatively be powered from a local 24VDC power supply.
The ICX-500 and AlphaCom XE servers do not support PoE.
Port use
All devices (servers and stations) are using port 80 (http) or 443 (https) for web services.
VoIP communication is using the following ports:
Zenitel IP Devices
- Signaling: TCP port 50001
- Voice:
- UDP port 61000 – 62000 for ICX-AlphaCom
- UDP port 61000 – 61150 for AlphaCom XE
- Video
- HTTP MJPG: TCP port 80. Optionally TCP port 8090
- RTSP MJPG and RTSP H264:
- RTSP Control = TCP port 554
- Media = ephemeral UDP ports 32768-60999
Note: The video is not going through the ICX-AlphaCom server, but peer to peer from e.g. TCIV+ intercom to ITSV video phone.
AlphaNet (interconnecting ICX-AlphaCom and/or AlphaCom XE servers)
- Signaling: TCP port 50000
- Voice:
- UDP port 61000 – 62000 for ICX-AlphaCom
- UDP port 61000 – 61150 for AlphaCom XE
MultiModule (interconnecting AlphaCom servers in Master-Slave, available only for AlphaCom XE servers)
- Signaling: TCP port 50010
- Voice: UDP port 61000 – 61150
SIP communication
- Signaling: UDP port 5060
- Voice:
- UDP port 61000 – 62000 for ICX-AlphaCom
- UDP port 61000 – 61150 for AlphaCom XE
Management Tools are using the following ports:
AlphaPro PC configuration tool
- TCP Port 80 (or 443) for AlphaPro 12.0 and later
- TCP port 60001 for AlphaPro 11.7 and earlier
See also TCP ports used by AlphaPro
AlphaWeb - Integrated web server
- TCP port 80 (http) or TCP port 443 (https)
IMT - Intercom Management Tool
The IMT tool is using the following ports in the network:
- UDP port 69: Used by the embedded TFTP server during the Upgrade process
- TCP port 80: Use to read/write XML files to/from the devices
- TCP port 50001: Identification process
- TCP port 50004: Use to read/write Zenitel Application Protocol (ZAP) data.
HTTPS using UDP port 443 instead of UDP port 80 is supported from IMT version 2.0. HTTPS is automatically used if HTTP is disabled in device firewall.
ICX-AlphaCom firewall and port usage
The ICX-AlphaCom has an internal firewall allowing the network administrator to open and close IP services that should be able to access the ICX-AlphaCom from the different networks.