Actions

Difference between revisions of "Network guidelines"

From Zenitel Wiki

(802.1X Authentication)
(AlphaWeb - Integrated web server)
 
(40 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{AI}}
 
{{AI}}
==ICX and AlphaCom XE==
+
This article describes the network guidelines of the [[:Category:ICX-AlphaCom Platform|ICX-AlphaCom]] and [[:Category:AlphaCom XE|AlphaCom XE]] platforms.
  
This article describes the network guidelines of Vingtor-Stentofon ICX and AlphaCom XE platforms
+
==The ICX-AlphaCom and AlphaCom XE servers==
 +
ICX-AlphaCom and AlphaCom XE offer advanced communication and control capabilities. They provide the voice of security. This article includes descriptions of setup and configuration, operation, and any limitations and/or notes surrounding the solution. The network guidelines of ICX-AlphaCom and AlphaCom XE are very similar, as ICX-AlphaCom is built on the AlphaCom XE application software. Where this does not cause any confusion, the only reference will be made to the ICX-AlphaCom.
  
ICX and AlphaCom XE offer advanced communication and control capabilities. They provide the voice of security. This article includes descriptions of setup and configuration, operation, and any limitations and/or notes surrounding the solution. The network guidelines of ICX and AlphaCom XE are very similar, as ICX is built on the AlphaCom XE application software. Where this does not cause any confusion, the only reference will be made to the ICX.
+
===Separate management interface===
  
===Separate management interface===
+
The [[ICX-500 Gateway]] comes with two Ethernet interfaces. A separate Ethernet interface which can be dedicated to management. This allows the administrator to build a separate administration VLAN that is dedicated only to administrators.
 +
 
 +
==Network guidelines==
  
ICX comes with two Ethernet interfaces. A separate Ethernet interface which can be dedicated to management. This allows the administrator to build a separate administration VLAN that is dedicated only to administrators.
+
=== Network Conditions ===
  
==Network guidelines ==
 
[[Image:BandwidthUsage.PNG|thumb|right|700px|Bandwidth usage]]
 
 
*Maximum one way latency 150ms
 
*Maximum one way latency 150ms
 
*Maximum one way jitter <30ms
 
*Maximum one way jitter <30ms
 
*Maximum Loss <1%
 
*Maximum Loss <1%
  
 +
=== Network Layout ===
 +
 +
* End to End connectivity via private LAN or WAN
 +
* Full routing between subnets
 +
* All ports required available across routers
 +
* No Network Address Translation (NAT) allowed at routers
 +
* Use VPN or MPLS to bridge disparate networks across the internet
 +
 +
[[Image:BandwidthUsage.PNG|thumb|right|700px|Bandwidth usage]]
 
===Bandwidth usage===
 
===Bandwidth usage===
 
A VoIP audio stream is using:
 
A VoIP audio stream is using:
*On a LAN network: 85.6 kbps  
+
 
 +
*On a LAN network: 85.6 kbps
 
*On a WAN network (IPSec encrypted): 106.4 kbps
 
*On a WAN network (IPSec encrypted): 106.4 kbps
  
 
Examples:
 
Examples:
 +
 
*A '''conversation''' between to IP stations is using 2 VoIP streams, one to each station. Bandwidth usage: 2 x 85,6 = <u>171,2 kbps</u>
 
*A '''conversation''' between to IP stations is using 2 VoIP streams, one to each station. Bandwidth usage: 2 x 85,6 = <u>171,2 kbps</u>
 
*A '''group call''' (''unicast'') from one IP station to 10 receiving devices (IP stations, IP Speakers), is using one VoIP stream to each of the stations. Bandwidth usage: 11 x 85,6 kbps = <u>941,6 kbps</u>
 
*A '''group call''' (''unicast'') from one IP station to 10 receiving devices (IP stations, IP Speakers), is using one VoIP stream to each of the stations. Bandwidth usage: 11 x 85,6 kbps = <u>941,6 kbps</u>
Line 40: Line 52:
 
It is recommended to use a dedicated VLAN for the intercom system. Grouping users into logical networks will increase performance by limiting broadcast traffic to users performing similar functions or within individual workgroups. Additionally, less traffic will need to be routed, and the latency added by routers will be reduced.
 
It is recommended to use a dedicated VLAN for the intercom system. Grouping users into logical networks will increase performance by limiting broadcast traffic to users performing similar functions or within individual workgroups. Additionally, less traffic will need to be routed, and the latency added by routers will be reduced.
  
=== 802.1X Authentication ===
+
===802.1X Authentication===
 
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC)
 
IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC)
  
802.1X is supported in:
+
[[IEEE 802.1X|802.1X is supported]] in:
* All station and device types
+
 
* In ICX-AlphaCom (software v. 1.1.3.0 and later)
+
*All station and device types
 +
*In ICX-AlphaCom (software v. 1.1.3.0 and later)
  
 
802.1X is not supported in the AlphaCom series of servers.
 
802.1X is not supported in the AlphaCom series of servers.
Line 53: Line 66:
 
Quality of Service (QoS) is by default set on all VoIP audio packages, using Diffserv bit class EF.
 
Quality of Service (QoS) is by default set on all VoIP audio packages, using Diffserv bit class EF.
  
=== Power over Ethernet (PoE)===
+
===Power over Ethernet (PoE)===
  
 
All [[:Category:Stations#INCA_stations|INCA devices]] and [[:Category:Stations#Turbine_stations|Turbine devices]] from Zenitel supports PoE (IEEE 802.3af standard, Class 0).
 
All [[:Category:Stations#INCA_stations|INCA devices]] and [[:Category:Stations#Turbine_stations|Turbine devices]] from Zenitel supports PoE (IEEE 802.3af standard, Class 0).
 
Most stations (except the desktop models) can alternatively be powered from a local 24VDC power supply.
 
Most stations (except the desktop models) can alternatively be powered from a local 24VDC power supply.
  
The ICX server does not support PoE.
+
The ICX-500 and AlphaCom XE servers do not support PoE.
  
 
===Port use===
 
===Port use===
 +
 
All devices (servers and stations) are using port 80 (http) or 443 (https) for web services.
 
All devices (servers and stations) are using port 80 (http) or 443 (https) for web services.
  
 
'''VoIP communication''' is using the following ports:
 
'''VoIP communication''' is using the following ports:
  
====IP Stations====
+
====Zenitel IP Devices====
 +
 
 
*Signaling: TCP port 50001
 
*Signaling: TCP port 50001
 
*Voice:
 
*Voice:
** UDP port 61000 – 62000 for ICX
+
**UDP port 61000 – 62000 for ICX-AlphaCom
** UDP port 61000 – 61150 for AlphaCom XE
+
**UDP port 61000 – 61150 for AlphaCom XE
 +
 
 +
* Video
 +
** HTTP MJPG: TCP port 80. Optionally TCP port 8090
 +
** RTSP MJPG and RTSP H264:
 +
*** RTSP Control = TCP port 554
 +
*** Media = ephemeral UDP ports 32768-60999
 +
 
 +
Note: The video is not going through the ICX-AlphaCom server, but peer to peer from e.g. TCIV+ intercom to ITSV video phone.
 +
 
 +
====AlphaNet (interconnecting ICX-AlphaCom and/or AlphaCom XE servers)====
  
====AlphaNet (interconnecting ICX and AlphaCom servers)====
 
 
*Signaling: TCP port 50000
 
*Signaling: TCP port 50000
 
*Voice:
 
*Voice:
** UDP port 61000 – 62000 for ICX
+
**UDP port 61000 – 62000 for ICX-AlphaCom
** UDP port 61000 – 61150 for AlphaCom XE
+
**UDP port 61000 – 61150 for AlphaCom XE
 +
 
 +
====MultiModule (interconnecting AlphaCom servers in Master-Slave, available only for AlphaCom XE servers)====
  
====MultiModule (interconnecting AlphaCom servers in Master-Slave, available only in AlphaCom XE)====
 
 
*Signaling: TCP port 50010
 
*Signaling: TCP port 50010
 
*Voice: UDP port 61000 – 61150
 
*Voice: UDP port 61000 – 61150
  
 
====SIP communication====
 
====SIP communication====
 +
 
*Signaling: UDP port 5060
 
*Signaling: UDP port 5060
 
*Voice:  
 
*Voice:  
** UDP port 61000 – 62000 for ICX
+
**UDP port 61000 – 62000 for ICX-AlphaCom
** UDP port 61000 – 61150 for AlphaCom XE
+
**UDP port 61000 – 61150 for AlphaCom XE
  
 
'''Management Tools''' are using the following ports:
 
'''Management Tools''' are using the following ports:
  
==== AlphaPro PC configuration tool ====
+
====AlphaPro PC configuration tool====
* TCP Port 80 (or 443) for AlphaPro 12.0 and later
 
* TCP port 60001 for AlphaPro 11.7 and earlier
 
  
==== AlphaWeb - Integrated web server ====
+
*TCP Port 80 (or 443) for AlphaPro 12.0 and later
* TCP port 80 (http) or TCP port 443 (https)
+
*TCP port 60001 for AlphaPro 11.7 and earlier
 +
 
 +
See also [[TCP ports used by AlphaPro]]
 +
 
 +
====AlphaWeb - Integrated web server====
 +
 
 +
*TCP port 80 (http) or TCP port 443 (https)
 +
 
 +
==== IMT - Intercom Management Tool ====
 +
The IMT tool is using the following ports in the network:
 +
* UDP port 69: Used by the embedded TFTP server during the Upgrade process
 +
* TCP port 80: Use to read/write XML files to/from the devices
 +
* TCP port 50001: Identification process
 +
* TCP port 50004: Use to read/write Zenitel Application Protocol (ZAP) data.
 +
 
 +
HTTPS using UDP port 443 instead of  UDP port 80 is supported from IMT version 2.0. HTTPS is automatically used if HTTP is disabled in device firewall.
  
 
<br>
 
<br>
  
==ICX firewall and port usage==
+
==ICX-AlphaCom firewall and port usage==
 
 
ICX has an internal firewall allowing the network administrator to open and close IP services that should be able to access the ICX from the different networks.
 
  
[[File:ICX Web Filters.png|thumb|left|500px|The ICX firewall]]
+
The ICX-AlphaCom has an internal firewall allowing the network administrator to open and close IP services that should be able to access the ICX-AlphaCom from the different networks.
  
 +
[[File:ICX Web Filters.png|thumb|left|700px|The ICX-AlphaCom firewall]]
  
[[Category:AMC Software]]
+
[[Category: ICX-AlphaCom Platform]]
 +
[[Category:Network]]

Latest revision as of 09:42, 24 January 2024

AI.png

This article describes the network guidelines of the ICX-AlphaCom and AlphaCom XE platforms.

The ICX-AlphaCom and AlphaCom XE servers

ICX-AlphaCom and AlphaCom XE offer advanced communication and control capabilities. They provide the voice of security. This article includes descriptions of setup and configuration, operation, and any limitations and/or notes surrounding the solution. The network guidelines of ICX-AlphaCom and AlphaCom XE are very similar, as ICX-AlphaCom is built on the AlphaCom XE application software. Where this does not cause any confusion, the only reference will be made to the ICX-AlphaCom.

Separate management interface

The ICX-500 Gateway comes with two Ethernet interfaces. A separate Ethernet interface which can be dedicated to management. This allows the administrator to build a separate administration VLAN that is dedicated only to administrators.

Network guidelines

Network Conditions

  • Maximum one way latency 150ms
  • Maximum one way jitter <30ms
  • Maximum Loss <1%

Network Layout

  • End to End connectivity via private LAN or WAN
  • Full routing between subnets
  • All ports required available across routers
  • No Network Address Translation (NAT) allowed at routers
  • Use VPN or MPLS to bridge disparate networks across the internet
Bandwidth usage

Bandwidth usage

A VoIP audio stream is using:

  • On a LAN network: 85.6 kbps
  • On a WAN network (IPSec encrypted): 106.4 kbps

Examples:

  • A conversation between to IP stations is using 2 VoIP streams, one to each station. Bandwidth usage: 2 x 85,6 = 171,2 kbps
  • A group call (unicast) from one IP station to 10 receiving devices (IP stations, IP Speakers), is using one VoIP stream to each of the stations. Bandwidth usage: 11 x 85,6 kbps = 941,6 kbps
  • A group call (multicast) from one IP station to 10 receiving devices (IP stations, IP Speakers), is using one VoIP stream from the calling station, and one VoIP stream to the group. Bandwidth usage: 2 x 85,6 kbps = 171,2 kbps

The bandwidth usage is the same for all codecs G.722, G.711u and G.711a.

Here is a link to the bandwidth usage for video stream from TCIV+ stations.

Unicast/Multicast

The network should support Multicast (IGMP Snooping). ICX is by default using Unicast for Group audio (group calls, alarm messages etc), sending one VoIP stream to each receiving device. The maximum number of receivers is 200 (50 in AlphaCom) when using Unicast. If more than 200 receiving devices, multicast must be used. Multicast is also recommended with less devices to lower the bandwidth usage.

A group call with Muliticast is using 2 VoIP channels, regardless of the number of receivers.

VLAN

It is recommended to use a dedicated VLAN for the intercom system. Grouping users into logical networks will increase performance by limiting broadcast traffic to users performing similar functions or within individual workgroups. Additionally, less traffic will need to be routed, and the latency added by routers will be reduced.

802.1X Authentication

IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC)

802.1X is supported in:

  • All station and device types
  • In ICX-AlphaCom (software v. 1.1.3.0 and later)

802.1X is not supported in the AlphaCom series of servers.

Quality of Service

The ICX uses the UDP ports 61000 to 62000 for VoIP audio. Quality of Service (QoS) is by default set on all VoIP audio packages, using Diffserv bit class EF.

Power over Ethernet (PoE)

All INCA devices and Turbine devices from Zenitel supports PoE (IEEE 802.3af standard, Class 0). Most stations (except the desktop models) can alternatively be powered from a local 24VDC power supply.

The ICX-500 and AlphaCom XE servers do not support PoE.

Port use

All devices (servers and stations) are using port 80 (http) or 443 (https) for web services.

VoIP communication is using the following ports:

Zenitel IP Devices

  • Signaling: TCP port 50001
  • Voice:
    • UDP port 61000 – 62000 for ICX-AlphaCom
    • UDP port 61000 – 61150 for AlphaCom XE
  • Video
    • HTTP MJPG: TCP port 80. Optionally TCP port 8090
    • RTSP MJPG and RTSP H264:
      • RTSP Control = TCP port 554
      • Media = ephemeral UDP ports 32768-60999

Note: The video is not going through the ICX-AlphaCom server, but peer to peer from e.g. TCIV+ intercom to ITSV video phone.

AlphaNet (interconnecting ICX-AlphaCom and/or AlphaCom XE servers)

  • Signaling: TCP port 50000
  • Voice:
    • UDP port 61000 – 62000 for ICX-AlphaCom
    • UDP port 61000 – 61150 for AlphaCom XE

MultiModule (interconnecting AlphaCom servers in Master-Slave, available only for AlphaCom XE servers)

  • Signaling: TCP port 50010
  • Voice: UDP port 61000 – 61150

SIP communication

  • Signaling: UDP port 5060
  • Voice:
    • UDP port 61000 – 62000 for ICX-AlphaCom
    • UDP port 61000 – 61150 for AlphaCom XE

Management Tools are using the following ports:

AlphaPro PC configuration tool

  • TCP Port 80 (or 443) for AlphaPro 12.0 and later
  • TCP port 60001 for AlphaPro 11.7 and earlier

See also TCP ports used by AlphaPro

AlphaWeb - Integrated web server

  • TCP port 80 (http) or TCP port 443 (https)

IMT - Intercom Management Tool

The IMT tool is using the following ports in the network:

  • UDP port 69: Used by the embedded TFTP server during the Upgrade process
  • TCP port 80: Use to read/write XML files to/from the devices
  • TCP port 50001: Identification process
  • TCP port 50004: Use to read/write Zenitel Application Protocol (ZAP) data.

HTTPS using UDP port 443 instead of UDP port 80 is supported from IMT version 2.0. HTTPS is automatically used if HTTP is disabled in device firewall.


ICX-AlphaCom firewall and port usage

The ICX-AlphaCom has an internal firewall allowing the network administrator to open and close IP services that should be able to access the ICX-AlphaCom from the different networks.

The ICX-AlphaCom firewall