NEC UNIVERGE SV9100 Manual page 25

QoS:
As discussed earlier, it is essential to have some form of Quality of Service implemented. With
internet based connections, we are not in control of the many routers, switches and other network
hardware that reside between our two VoIP endpoints. This means that we are unable to specify any
QoS parameters on these devices.
The only point in which we can control the QoS is at the VPN or firewall. This allows us to prioritise
VoIP traffic over any other data that we send out to the internet. This helps to maintain reasonable
quality speech - but once the data has exited the local router/cable modem it is at the mercy of the
internet.
Summary:
When implementing VoIP using internet based connections it is very important that these factors are
considered, and that the customer is made aware that you (the installer) or NEC cannot be held
responsible for any quality issues experienced.
4.2 Firewalls
Network security is always a concern when connecting the LAN (Local Area Network) to the WAN
(Wide Area Network). There are many ways to integrate security within the network - the most
popular of which at Firewalls and Proxy servers.
Firewalls
Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are
frequently used to prevent unauthorised Internet users from accessing private networks connected to
the Internet, especially intranets. All messages entering or leaving the intranet pass through the
firewall, which examines each message and blocks those that do not meet the specified security
criteria.
Proxy Server
Proxy server intercepts all messages entering and leaving the network. The proxy server effectively
hides the true network address.
What should be noted is that no matter which security measure is implemented, the VoIP will have
to have TCP/UDP ports open within the security wall (e.g. firewall/proxy) in order for the media and
control streams to flow. If any of the points within the network prevent the ports from flowing from end
to end, the VoIP application will not work.
The ports that need to be "open" on the firewall/proxy vary depending on the particular application
being used, and the manufacturer of the equipment. A list of these ports is available in the relevant
NEC product manual, however it should be noted that the preferred solution would be to allow all
ports for the VoIP device to be open, or for the VoIP device to be located outside of the firewall.
4.3 Network Address Translation (NAT)
Network Address Translation is a technology that has been developed to enable several users to
share one single Public IP address. This is partially in response to the lack of Public IP addresses.
Most of our home networks are NAT enabled. For example, you may have a DSL connection with
one Public IP address, but want to have multiple computers/devices connected to the Internet. NAT
integration within your switch or router provides a mapping of internal (private) IP addresses to public
addresses (routable addresses) therefore allowing you the capability of having a multitude of different
devices (nodes) connected to one routable address.
Part 1: VoIP Reference Manual 25