Mitel MiVoice Manual
  1. Manuals
  2. Brands
  3. Mitel Manuals
  4. Gateway
  5. MiVOICE BUSINESS
  6. Manual
Mitel MiVoice Manual

Mitel MiVoice Manual

Border gateway
Hide thumbs Also See for MiVoice:
Table of Contents

Advertisement

Quick Links

See also: User Manual , Quick Reference Manual
MiVoice Border Gateway
Engineering Guidelines
January, 2017
Release 9.4
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the MiVoice and is the answer not in the manual?

Questions and answers

Related Manuals for Mitel MiVoice

Summary of Contents for Mitel MiVoice

  • Page 1 MiVoice Border Gateway Engineering Guidelines January, 2017 Release 9.4...
  • Page 2 Mitel Networks™ Corporation (MITEL®). The information is subject to change without notice and should not be construed in any way as a commitment by Mitel or any of its affiliates or subsidiaries. Mitel and its affiliates and subsidiaries assume no responsibility for any errors or omissions in this document. Revisions of this document or new editions of it may be issued to incorporate such changes.

  • Page 3: Table Of Contents

    About the MBG Documentation Set ..................5 Supported Configurations ......................... 5 Services ............................5 Teleworkers and Remote Offices ....................6 NAT Traversal for Multi-instance MiVoice Business ..............9 Secure Gateway for Broadview Networks Silhouette HKS ............. 10 Secure Recording Environment....................11 SIP Trunking ..........................13 Daisy Chain Deployments ......................
  • Page 4 Web Real-Time Communication (WebRTC) .................. 30 WebRTC Gateway Supported Configurations ................30 WebRTC Architecture and Topology ..................31 Firewall Configuration for WebRTC Gateway ................. 33 Additional Application Requirements ..................... 33 MiCollab Client v6.0+ ......................33 MiContact Center ........................34 Web Proxy ..........................34 Remote Management Service ....................
  • Page 5 13.5 Web Proxy and Remote Management Service Requirements ..........48 13.6 MiCollab Client and MiCollab AWV Conferencing Requirements ........48 13.7 MiContact Center Softphone Requirements ................. 49 14 Virtual MBG Considerations ......................50 14.1 Licensing ..........................51 14.2 Upgrades ..........................51 14.3 Host Server Requirements ....................

  • Page 6: About This Document

    The purpose of this document is to describe configuration rules, provisioning, and performance information for the MiVoice Border Gateway, and associated products in order to assist in sales and support of this product. This information is intended for Training, Sales and Product support staff and complements other sales material and product documentation.

  • Page 7: Teleworkers And Remote Offices

    • Remote Management Service: administrative access from the WAN to applications hosted inside the firewall Please refer to the Remote Proxy Services documentation for details. MBG can be deployed in several ways depending on the services required. 2.2 Teleworkers and Remote Offices Overview The original design intent of MBG is to provide a Teleworker solution.
  • Page 8 Figure 1: MBG in traditional Teleworker configuration MiVoice Border Gateway as Internet Gateway Mitel recommends deploying the Mitel Standard Linux server with MiVoice Border Gateway as the Internet gateway and firewall for any enterprise without an existing firewall. Figure 2 shows an example of this configuration using the MiVoice Border Gateway and a MiVoice Business (3300 ICP).
  • Page 9 MiVoice Border Gateway in a DMZ Limited support is provided for PPPoA. Mitel recommends the use of a D-Link DSL 300T modem at the enterprise site if PPPoA connectivity is required in gateway mode. Configure the modem to provide DHCP on the internal interface, and use DHCP on the MSL server...

  • Page 10: Nat Traversal For Multi-Instance Mivoice Business

    It should also be noted that some “DSL routers” with “DMZ” port forwarding are simply two-port NAT devices and should be treated as any other two-port firewall. Deployment of the MiVoice Border Gateway behind such devices is not supported.

  • Page 11: Secure Gateway For Broadview Networks Silhouette Hks

    Figure 4: MBG providing NAT traversal for Multi-instance MiVoice Business 2.4 Secure Gateway for Broadview Networks Silhouette HKS The Broadview Networks hosted key system provides service to various tenants across leased lines, MPLS circuits, or the Internet from a common carrier. Customers are provided with either MiNet or SIP sets, and the MBG acts as a Session Border Controller for both protocols.

  • Page 12: Secure Recording Environment

    MBG Deployed on the LAN for Call Recording When possible, Mitel recommends deploying the MBG call recording server on the same LAN segment as the ICP(s) with which it will be working. However, it is often practical to use a separate segment if not all devices...
  • Page 13 MBG to an MBG server for call recording (and finally to the MiVoice Business), so that it can be recorded along with the sets on the Recorded LAN. To configure this scenario, an “ICP”...

  • Page 14: Sip Trunking

    2.6 SIP Trunking MBG introduced support for SIP trunks in release 5.1. The SIP trunk is established from the MiVoice Business to the SIP trunk provider, using MBG as a SIP-aware firewall and proxy, as shown in Figure 8 below. MBG's SIP trunk service provides: •...

  • Page 15: Daisy Chain Deployments

    • Protection from malformed & malicious requests, various types of attack, and request flooding When providing SIP trunk service, MBG can be deployed either in the DMZ of, in parallel with, or in place of an existing firewall. Some of the key benefits of using SIP trunks are: •...
  • Page 16 Warning: Daisy-chaining is only supported for MiNet phones. SIP phones, SIP trunking and remote applications such as MiCollab Client are not supported with MBG daisy-chain deployments. The two main applications of daisy-chaining are to comply with certain IT deployment policies and to reduce bandwidth for remote sites.
  • Page 17 Figure 10: Daisy-chained MBGs to save bandwidth The upstream server can be deployed in either a Gateway or a DMZ configuration. Warning: Management of all remote office sets must be done on the upstream (main office) server only. When the downstream server is put into mode, it will automatically disable all MiNet and SIP connection restrictions, and pass all connection attempts up to the upstream server for authentication.

  • Page 18: Mbg In Micollab

    MBG. Refer to the MiCollab documentation set for details on clustering MBG with MiCollab. MiCollab on the Network Edge Although Mitel recommends the dual server approach for maximum security, a single MiCollab server with all applications can be deployed in Gateway mode at the network edge. In this configuration, all administrative and end-user web interfaces and all services are directly reachable from the public network;...

  • Page 19: Partial Service Configurations

    MiVoice Business Express Deployment Guide for a description of supported MiVoice Business Express configurations. Support for an additional MBG deployment configuration is introduced for MiVoice Business Express environments only because of specific IT constraints imposed by some cloud providers. For MiVoice Business Express deployments only, MBG in server-gateway behind an existing firewall is supported with the constraint that phones must not connect to the MBG from the LAN side of the firewall.

  • Page 20: Firewalls (Dmz Deployment)

    Some troubleshooting or advanced configuration requires command-line access. SSH is the only supported mechanism to reach the MSL command line remotely. On Microsoft Windows, Mitel recommends the use of PuTTY (a small, free SSH client). Open SSH is included with Apple Mac OS X (open Terminal and type “ssh”), and is included with or available for most flavors of Unix.

  • Page 21: Remote Phone Access

    Use of MBG server with a port-forwarding firewall (where the external address of the firewall is shared between the MiVoice Border Gateway and other applications) is supported by MBG version 3.0 and higher. The firewall device must have at least 3 interfaces (external, internal, DMZ). This allows for a single external IP address to be assigned to the firewall.

  • Page 22: Remote Site Requirements

    NAT router that provides access to the Internet, typically through a DSL or cable modem. Mitel IP and SIP phones generally require a 10/100/1000 Mbps Ethernet connection, although some models can be configured for WiFi. (Refer to the device's documentation for configuration details.) All devices expect a TCP/IP network regardless of the link-layer technology.
  • Page 23 Connecting a PC to the second Ethernet port on the back of a Mitel IP phone does not provide the PC with a VPN connection to the office network. That connection must still be made by use of the organization's supported VPN client software.
  • Page 24 For example, a MiCollab Client on the Internet will receive video at the rate configured on a MiVoice Video Unit on the LAN even if the MiCollab Client is configured to use low bandwidth.

  • Page 25: Behavior

    ICP instead. When an IP phone connects to its ICP, the ICP (MiVoice Business) may issue a File Download directive over the SAC protocol connection. MBG intercepts these directives and downloads the file on behalf of the remote set. It...

  • Page 26: Firewall Configuration For Remote Minet Devices

    MiVoice Business. MBG will check periodically for updated HTML application files at the ICP. The frequency of checks depends on the feature set supported by the ICP. It could be as often as 10 minutes, and as infrequent as 24 hours.

  • Page 27: Firewall Configuration For Remote Sip Devices

    A “SIP trunk” in the context of MBG is simply a pair of endpoints, defined by their IP addresses and signaling ports. One of the endpoints is usually your ICP (MiVoice Business/3300 ICP or MiVoice Office), and the other is your SIP provider’s firewall or SBC.

  • Page 28: Send Options Keepalives

    23 simultaneous calls. This would be equivalent to a SIP trunk with 23 channel licenses. Note: On the MiVoice Business (3300 ICP), the MBG is configured as an outbound proxy in the Network Element form.
  • Page 29 Provision each element in the cluster with IP trunks with route lists to ICP A and ICP B. • Alternative Programming If you cannot use an FQDN to reach MBG "A" and "B", do the following to achieve resiliency: 1. On ICP A, create a Network Element Assignment for MBG A (as Type: Outbound Proxy) and another for the SIP provider’s SBC (as Type: Other).

  • Page 30: Dns Support

    5.5 DNS Support While the ICP can address MBG by its IP address, Mitel recommends the use of a fully-qualified domain name (FQDN) in the public Domain Name System (DNS) that resolves to the public IP of the MBG server.

  • Page 31: Indirect Call Recording

    6.2 Indirect Call Recording Indirect Call Recording (ICR), introduced in MBG 7.1, is a feature supported by Mitel's 53XX series and 69XX series IP sets and MiVoice Business software release 5.0 SP1 and later. It also has only limited support from CRE vendors.

  • Page 32: Webrtc Architecture And Topology

    calls over a SIP trunk, log in as subscribers in order to place and receive calls, and access the company directory from an LDAP database. 7.2 WebRTC Architecture and Topology The WebRTC solution consists of a gateway and a web application. WebRTC Gateway (on MBG) The WebRTC gateway is co-located with MBG and has two interfaces, LAN and WAN.

  • Page 34: Firewall Configuration For Webrtc Gateway

    UDP, source port 5064 for unencrypted SIP trunk connection to MiVoice Business or MiVoice 5000 (anonymous calls) • allow protocol TCP, source port 5065 for encrypted SIP trunk connection to MiVoice 5000 (anonymous calls) • allow protocol TCP, source port 5066 for encrypted SIP user connections to MiVoice 5000 (subscriber...

  • Page 35: Micontact Center

    MiVoice Business systems on the LAN. This feature requires enabling an FTP server on the MBG. Remote FTP clients on the external network upload MiVoice Business software to the FTP server on MBG. A MiVoice Business FTP client on the internal network downloads MiVoice Business software from the FTP server on MBG.

  • Page 36: Additional Security Considerations

    Due to the broad range of application types that can be deployed on the MSL operating system (formerly Managed Application Server), Mitel suggests that you read the Security section of the MSL Installation and Administration Guide before installing this application on the same server with other applications, 9.1 SIP Security...

  • Page 37: Clustering

    1. Source IP Address: If the source IP address of the traffic belongs to any of the network interfaces on the MBG server, then it matches the first criteria. In other words, MBG must originate the traffic. 2. DSCP value: The second criteria of high priority traffic is a DSCP value of 46 decimal, 0x2E hex (Expedited Forwarding).

  • Page 38: Cluster Zones

    NAT will break the trust model. A summary of the steps to create a three-node cluster are shown below. Refer to the MiVoice Border Gateway Blade Installation and Maintenance Guide for full instructions on creating a cluster.

  • Page 39: Additional Considerations

    If the server should handle less, lower the weight. For instance, assume there is a cluster of three nodes with weights of 50, 50, and 100. The two smaller servers (lower weights) will each handle roughly one quarter of the total load, while the third server handles the remaining half of the load.

  • Page 40: Advanced Options

    Teleworker IP address. If the Teleworker IP address has not been configured, the device will obtain an IP address from a DHCP server. Notes: Boot time resiliency can be used in either a clustered or non-clustered environment. • • In a clustered environment, Mitel recommends populating the Resiliency List with nodes in the cluster. If...

  • Page 41: Ip Translations

    the cluster is spread across a subnet boundary, include nodes from each subnet to prevent a single point of failure. 12.2 IP Translations Multiple servers deployed on the same DMZ need to each be addressable by individual public IPs so Teleworker clients can reach them.

  • Page 42: Rtp Frame Size

    12.5 TFTP Block Size MiNet devices use the TFTP protocol to fetch their firmware from the MBG server. The Mitel TFTP server is slightly non-standard – it uses symmetric UDP to traverse NAT devices, and a “sliding window” to improve performance –...

  • Page 43: Compression Codecs

    12.6 Compression Codecs MiNet devices If you are doing secure call recording and the 3rd-party call recording equipment (CRE) only supports G.711 or G.729, you can restrict MBG to using those codecs. If you are not operating under these limitations, you should allow MBG to use an unrestricted range of codecs.

  • Page 44: Sizing Your Installation

    MBG installations come in many sizes, from a handful of remote workers, to large call centers with recording requirements, to service providers with hundreds of SIP trunks routed to customer Virtual MiVoice Businesses. This section provides guidelines for selecting appropriate hardware and network capacity for any size of installation.

  • Page 45: Determine Call Equivalents

    VoIP devices, including phones and SIP trunks, use RTP/SRTP for voice communication. The bandwidth required for the RTP stream depends on the codec selected by the device. MiVoice Border Gateway supports the use of G.711, G.729, and G.722.1. Typically, there will be other requirements for Internet access, and these...
  • Page 46 • Whenever possible, transcoding should be performed by the ICP rather than the MiVoice Border Gateway, as this typically provides improved voice quality. If the mix of codecs in use cannot be reliably estimated, it is safest to assume G.711 for all calls.
  • Page 47 When a MiVoice Video Unit initiates a video conference it will also serve as the video bridge for the conference. For example, a MiVoice Video Unit that is acting as a video bridge for a 4 party conference will require three times the video bandwidth and three times the audio bandwidth required by a MiVoice Video Unit that is only a participant in the conference.
  • Page 48 Teleworker phones hosted on a MiVoice Business at the main office. Remote phones are configured for G.729 to save bandwidth, and all SIP trunk calls are G.711. (MiVoice Business handles any transcoding.) In addition, the site records up to 10 remote office calls at any given time.

  • Page 49: Hardware Selection

    Step two: Remote office calls; voice WAN BW = 75 * 24 kbps = 1800 kbps LAN BW = 75 * 24 kbps = 1800 kbps Step three: Remote office calls; video 10% of 75 users = 7.5 WAN BW = 7.5 * 512 kbps = 3840 kbps LAN BW = 7.5 * 512 kbps = 3840 kbps...

  • Page 50: Micontact Center Softphone Requirements

    MBG release 4.5 introduced support for the MiContact Center Softphone version 5.3. The softphone has multiple components. Bandwidth requirements of the voice component are identical to any other Mitel set using G.711 or G.729 (compression). In addition to voice, MiContact Center Softphone supports the following connections...

  • Page 51: Virtual Mbg Considerations

    Note: This is a guideline only. Actual results may differ depending on the MiContact Center configuration. 14 Virtual MBG Considerations Virtual MiVoice Border Gateway (vMBG) is the MBG software and supported Mitel Standard Linux (MSL) operating system bundled in a VMware Virtual appliance, to run in the VMware vSphere/ESX(i) hypervisor. The software is packaged in Open Virtualization Format (OVF) for deployment into a VMware environment.

  • Page 52: Licensing

    ServiceLink blade upgrade in the MSL Blades panel. From time to time, Mitel releases new OVA files on Mitel OnLine. The OVA must be used for initial deployment of a vMBG, but can also be used for upgrades by following the procedure below:...

  • Page 53: Solutions To Common Problems

    Network: Gigabit (For details, see the note following the “MBG Capacities” table on the next page) OS: Mitel Standard Linux For information concerning supported hardware servers for the MiVoice Border Gateway, refer to the MSL Qualified Hardware List that is available from http://edocs.mitel.com.

  • Page 54: Mbg Capacities - Device (Minet & Sip) And Trunking (Sip)

    Two deployment configurations are available—Small Business and Enterprise. For information concerning the capacities available with each configuration, refer to the Virtual Appliance Deployment Guide. 16.1 MBG Capacities – Device (MiNet & SIP) and Trunking (SIP) System Server Size Protocol Registered Concurrent Call Rate Network Network Card*...

  • Page 55: Mbg Capacities - Webrtc

    NIC that is installed on the server. In performance testing done by Mitel, bandwidth was typically not an issue (i.e. a 1GB NIC of any type was able to sustain 6 ccs and testing was done successfully with various 1GB and 10GB NICs).

  • Page 56: Mbg System Capacities

    Gateway in DMZ deployment. This configuration is automatic in the "MBG server as the gateway" deployment. In all cases below, "server" refers to the MiVoice Border Gateway server (that is, the MSL server). In the Direction column, the direction of the arrow indicates permission to initiate new connections in that direction. These rules assume a firewall that will permit return traffic on an existing established connection.
  • Page 57 • MiCollab (MiCollab, MiCollab Client, MiCollab Unified Messaging, MiCollab Client Deployment Unit, MiCollab AWV Conferencing, Google TCP 443 Internet -> Server Calendar Integration to AWV) (HTTPS) MiVoice Business • • MiCollab Client MiCollab Unified Messaging • Open Integration Gateway •...
  • Page 58 ConnectionPoint traffic (Optional). If using MiCollab AWV Conferencing TCP 4443 Server -> LAN through the Web Proxy, traffic to this destination port must be permitted between the proxy on the DMZ and the server on the LAN. Certificate Management (Optional). On any server hosting clients that make use of MiSSL Tunnel with a client certificate (MiCollab Client, CIS, etc), this Internet ->...
  • Page 59 WebRTC Anonymous Mode Support with Security Profile Public and Private TCP 5065 Server <-> LAN (Optional and only supported with MiVoice 5000). This port is required for encrypted SIP signaling for the SIP trunk between MBG and the ICP. WebRTC Subscriber Support with Security Profile Public (Optional). This UDP 5066 Server <->...
  • Page 60 Internet -> Server internet to the MBG server on port 6881 to support avatars on 6920, 6930, 6940. MiNet 69xx series IP Phones avatar support. Allow MiVoice Border Server -> MiCollab TCP 80 Gateway to connect to the MiCollab server to retrieve avatars for 6920, Server 6930, 6940.
  • Page 61 TCP 1606 Server -> LAN IP Console Support (Optional). TCP 6807 Internet -> Server IP Console and MiVoice Business Console Support for presence (Optional). Server -> LAN TCP 18100 IP Console and MiVoice Business Console Support for presence (Optional). (MiCollab Server) TCP 443 Server ->...
  • Page 62 Internet <-> Server required). Failure to do so will result in the federation features failing to function. Support for Mitel 68xx phones with MX-ONE (Optional). This port must be TCP 22222 Server -> LAN permitted to enable unencrypted XML connections from the server to the LAN-based MiVoice MX-ONE ICP.
  • Page 63 Group (IESG ). These specifications are recorded and published as standards track RFCs. (See RFC). Internet Protocol (RFC 1122 Section 3.) IPSec Internet Protocol Security Internet Service Provider MiVoice Border Gateway Mitel Collaboration Advanced; now named MiCollab Audio, Web and Video Conferencing...
  • Page 64 Mitel Network Layer Protocol. A signaling protocol used to transport messages between the PBX and all Mitel IP phones. MiNet is encapsulated in TCP. Mitel Standard Linux. The standard Linux distribution used and maintained by Mitel as a platform for all applications Network Address Translation.
  • Page 65 MiCollab Client ........................22, 30, 49, 56, 57 MiCollab NuPoint UM ..........................56, 57 MiContact Center..........................9, 50, 51 MiNet ........................2, 6, 7, 12, 14, 16, 18, 21, 22 Mitel Standard Linux ......................1, 3, 19, 32, 49, 52...
  • Page 66 MiVoice Business ......................... 3, 8, 10, 15, 22, 25 MiVoice Office ............................15, 25 Monitor ................................51 MSL ........................1, 3-5, 8, 15, 16, 19, 33, 48, 52 Multi-instance MiVoice Business ........................ 6, 15 NAT ............................3-6, 10, 15, 16, 18 NAT traversal ............................

Table of Contents