VoIP:101 — Getting started with your VoIP Network — Part 1

VoIP networks, VoIP phones, VoIP extensions, VoIP everything. VoIP seems to be one of those black box buzz words that IT pros toss around, like the “CLOUD!” But what is really going on behind the scenes? How does VoIP protocols actually work? How can I setup a Call System? How do I get an outside number people can use to dial me?

thejimmahknows.com VoIP

This next series of blog posts (Part1, Part2, Part3) are dedicated to walking through the many aspects related to VoIP(Voice over Internet Protocol) and it’s features.

PART #1 — Laying the foundation for our VoIP network
  • The Lab — Our Network pieces.
  • SIP — Life blood of VoIP
  • FreePBX/Asterisk — Call System Exchange
  • Phone Provisioning (Manual/Auto)
    • Manual Provisioning with Zoiper, Liphone, UbiPhone
    • Auto-provisioning with Cisco 7941G and 7945G (7961G,7965G)
  • Making your first VoIP call!
PART #2 — Call routing, Call numbers, SIP Trunks
  • VoIP SIP Termination — Where VoIP ends and PSTN begins
  • SIP Trunks and DID(external PTSN numbers)
  • Outbound and Inbound Call Routing
  • Optional: Install g729 codec
PART #3 — Ring Groups, Extension Shortcuts, Call Centers, Voicemails, Secure SIP with TLS, etc
  • Ring Groups
  • Extension Speed Dialing
  • IVR (Interactive Voice Response) — useful for Business Directory Prompt
  • Advanced Voicemail Services
  • Securing SIP (TLS and SRTP)
  • Other Cool Features

Part#1

Our Goal and Network Lab

Our goal for this Article is to create a small office VoIP network that consists of the following; A few VoIP phones (both Manual and Auto provisioned) running SIP with an extension schema of our choosing, an outside PTSN line where we can call out of and others can call into, an Interactive Voice Response(IVR) for incoming calls, and other features( secure calling, security banning, hold music, etc). Below is our lab where we will accomplish this.

  • Internal VLAN = 10.55.55.0/24, gate 10.55.55.1, nameservers 10.55.55.1
  • Our FreePBX box = 10.55.55.135
  • Extension Schema x86000 – x86999
  • A picture speaks a thousand words
    http://postimg.org/image/7amjiq9a5/

    • Please excuse my diagram :-p
  • So as you can see, this is a very flat network, however the principals are the same regardless of size. We have separated our Data and Voice networks, just to demonstrate good practice, when in reality it wouldn’t matter for this small of a site. Our WiFi network is just an extension of the Data VLAN (10.55.55.0/24). The only firewall is between our internal VLANs (Data, Voice) and the Internet.

SIP (Session Initiation Protocol)

What is SIP? SIP is the life blood of the VoIP network, our transport protocol. SIP allows us to signal a remote VoIP phone to start the call process, SIP transports the audio/videio payload between VoIP phones to maintain a call session, SIP also handles the registration of our VoIP extensions, and much much more. SIP like most audio/video network transport protocols uses UDP natively to ensure minimal network overhead and reduces bandwidth requirements. SIP relies on a SDP(Session Description Protocol) to negotiate each endpoints capabilities for a call. SIP then relies on RTP(Real-Time Transport Protocol) , SRTP(Secure Real-Time Transport Protocol), or TLS for media stream transmission.

who.rocq.inria.fr

REGISTER sip:192.168.0.1:5060 SIP/2.0
Content-Length: 0
Contact: ;events="message-summary"
Call-ID: 1DBDA84B-37E9-4F05-BE8B-E3A0F6BBEE91@192.168.0.2
Max-Forwards: 70
From: ;tag=220587183498
CSeq: 3 REGISTER
To: 
Via: SIP/2.0/UDP 192.168.0.2;rport;branch=z9hG4bK805d2fa50131c9b1434671010000391200000013

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.0.2;rport;branch=z9hG4bK805d2fa50131c9b1434671010000391200000013;received=192.168.0.2
From: ;tag=220587183498
To: ;tag=as6d76ba1b
Call-ID: 1DBDA84B-37E9-4F05-BE8B-E3A0F6BBEE91@192.168.0.2
CSeq: 3 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Contact: 
WWW-Authenticate: Digest realm="asterisk", nonce="4f87b95d" 
Content-Length: 0

REGISTER sip:192.168.0.1:5060 SIP/2.0
Content-Length: 0
Contact: ;events="message-summary"
Call-ID: 1DBDA84B-37E9-4F05-BE8B-E3A0F6BBEE91@192.168.0.2
Max-Forwards: 70
From: ;tag=2205872822811
CSeq: 4 REGISTER
To: 
Via: SIP/2.0/UDP 192.168.0.2;rport;branch=z9hG4bK805d2fa50131c9b14346710100004e6d00000016
Authorization: Digest username="sultan",realm="asterisk",nonce="4f87b95d",uri="sip:192.168.0.1:5060",response="fed6890f44712fbaef17c704e6e30eac"

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.0.2;rport;branch=z9hG4bK805d2fa50131c9b14346710100004e6d00000016;received=192.168.0.2
From: ;tag=2205872822811
To: ;tag=as6d76ba1b
Call-ID: 1DBDA84B-37E9-4F05-BE8B-E3A0F6BBEE91@192.168.0.2
CSeq: 4 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Expires: 120
Contact: ;expires=120
Date: Fri, 07 Oct 2005 12:57:55 GMT
Content-Length: 0

**The Excerpt Above is owned by https://who.rocq.inria.fr/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html

  1. The process starts with VoIP phones running the SIP protocol issuing a REGISTER command to register with a PBX (Asterisk).
  2. The PBX response with a Unauthorized back to the SIP User Agent attempting to register.
  3. the SIP User Agent submits another REGISTER command, but this time containing the Authorization section.
    Authorization: Digest username="sultan",realm="asterisk",nonce="4f87b95d",uri="sip:192.168.0.1:5060",response="fed6890f44712fbaef17c704e6e30eac"
    
  4. PBX sends back a OK 200 with what SIP features SIP User Agent is allowed to perform.
    Authorization: Digest username="sultan",realm="asterisk",nonce="4f87b95d",uri="sip:192.168.0.1:5060",response="fed6890f44712fbaef17c704e6e30eac"
    

 

SIP Request commands: Before we get any further let’s go over the different ones.

  • REGISTER = you just read the process above of how a SIP User Agent, such as a VoIP phone registers itself with a PBX (Asterisk). A VoIP phone needs to be registered in order to make and receive calls.
  • INVITE = this command is used either directly from SIP User Agents (more on this later) or by the PBX to “invite” SIP clients to a call session.
  • ACK = used to Acknowledge INVITE messages and join the call session
  • BYE = terminates the connection between users and the call session
  • And much more.

SIP Call Sessions basics: How a call gets setup.

Cisco Documentation **Owned by Cisco.com

  1. Calling phone sends out INVITE
  2. Called phone receives INVITE and sends an 100 response back “Trying”
  3. Called phone starts ringing and sends a 180 response “Ringing” back to the Calling phone.
  4. A 200 “OK” is sent from the Called station once the phone is picked up.
  5. Calling stations responds with a ACK request
  6. RTP takes over to handling the audio back and forth “Media Session”.
  7. A BYE is sent by which ever phone hangs up first.

There is another alternative to SIP called Skinny which is a Cisco proprietary protocol. You will most like find this running as the Signally protocol in a VoIP network which is predominately Cisco. Keep in mind Cisco equipment can run SIP as well. So if your environment/equipment is mixed you will want to go with SIP.

FreePBX/Asterisk — Call System Exchange

FreePBX is a Linux distro that includes Asterisk and a Web Management GUI. Asterisk being the PBX(Private Branch Exchange) software that is used to manage your VoIP logic. A PBX is responsible for your extension numbering plan (x1234), dial plans routing (like when you have to dial *9 to get an outside line), VoIP trunking (merging PBXs together), voicemail boxes, etc. A PBX is also where your VoIP capable phones will register themselves with and receive INVITEs. All in all, just remember the PBX has many features, but it’s primary function is to set up and destroy SIP Call sessions.

Installing…

Let’s get started by installing FreePBX by following the official documentation here(http://wiki.freepbx.org/display/FD/Installing+FreePBX+Official+Distro);

  • I chose IPv4 Manual Configuration and set the IP to 10.55.55.135 with a gateway of 10.55.55.1 and DNS to 10.55.55.3+4
  • Once the install has completed and you rebooted, go to the Web Admin GUI http://10.55.55.135
  • Change the default password to whatever you want.
  • Click on FreePBX Administrator
  • Run an update by going to Admin –> Module Admin, then click Check Online and at the far right click Upgrade all and Process. (this will only work if you FreePBX server has access to the internet.
Setting up a few extensions…
  1. Go to Applications –> Extensions
  2. Select Generic SIP Device and click Submit.
  3. User Extension = The unique extension , I picked 86555.
  4. Display Name = The CallerID name that will display on the Called phone when calling from this Extension, TestUser1
  5. CID Num Alias = This is a masquerade alias that will display when calling from this extension to anyone internally. Used for call centers so the user can’t call you back directly because they are presented with the call centers number. I left this blank.
  6. Emergency CID = This is the CallerID that will be used when calling outbound routes flagged as Emergency, such as 911 so they will get a number to reach you back at. I left this blank, you will have to set up the logic for this if you want to use it properly.
  7. Secret = This is the SIP password to be used during the SIP authentication piece. i set it to testpassword123
  8. NAT Mode = O NAT, this confuses so many people when dealling with SIP.Set this to No, see below.
  9. Link to Default User = Here we can link this extension to a username. This is handy if you want to support Emailing of Voicemail message and the ability of users to log into the Voicemail port to listen to there voicemail’s over the web. I created a new user with Username = testuser123, Password = testpassword123.
  10. Voicemail = Enable/Disable voicemail on this extension.
    • Voicemail password = Number password for voicemail box when dialing from this extension.
    • Require from same Extension = whether the Voicemail box is available to reach to check message from anywhere.
    • Email Address = Email address to send Voicemail notifications to
    • Email Attachment = Attaches Voicemail message as a WAV and sends it to the email address specified.
    • Delete Voicemail = Voicemail message will be deleted once it is sent to email address as an attachment.
  11. Optional Destinations = Here is where you can choose what to do with an incoming call under the following conditions, No Anwser (max rings attempted), Busy (extension is busy), Not reachable (phone is not currently reachable by the PBX to send an INVITE for this call)
  12. Click Submit.
  13. Now create a few more extensions, 86444, 86777, and 86888.

Advanced Options:

  • Can Reinvite = By default this is set to No, which means the Call session “media session” between two extensions or more is all done through the PBX system. PhoneA talking to PhoneB through the PBX acting like a proxy. When re-invite is set to Yes, after the initial Call session is set up, each phone in the session will try to send a INVITE directly to each other. This is helpful in terms of taking the load off of the PBX, however re-INVITEs get complicated when SIP Call Sessions are not Internal to Internal extensions within the same IP network.
  • Qualify = Enabled by default, will send OPTION SIP requests periodically to check that the extension is still available by the device the registered with it. Turning this feature off will help performance, but service will be less resilient to network changes. For instance the PBX only know where the phone is with the extension based on the initial REGISTER request. If this is WiFi phone or LTE…this would not work.
  • Transport = UDP, TCP, or TLS for SIP signally (not for the actually audio/video). So for SIP request and responses like REGISTER, AUTH, INVITE, etc. UDP is the best performance but has not security. Use UDP on private and protected networks. TCP is the same just TCP with no security. TLS is just like HTTPS, all SIP signally commands are sent over TLS, meaning you will need a SSL certificate and private key.
  • Enable Encryption = This will enable media encryption. Use this in conjunction with TLS transport from above to make SIP signalling and media encrypted. SRTP is the only option. Does not require a certificate as the initial encryption stream is set up in plain text, hence why you need TLS above to blanket this SRTP initiation.
  • Deny/Permit IP = Just a little bit more added security. Here you can set what IP ranges devices can be coming from when trying to REGISTER this extension. So like in our lab we know they will be coming from 10.55.55.0/24, we can put Permit 10.55.55.0 255.255.255.0.
To NAT or not to NAT, that is the Question…

SIP NAT’ing. If you recall from the SIP registration messages above you can see in the SIP payload sip:192.168.0.2:5060 SIP/2.0 , so when a call is being setup each phone has been registered with that syntax sip:{address}{port}. Now what happens if my phone is behind a NAT where the real IP address of phone does not match the IP packet that arrives at the PBX server. For example, my phones IP is 192.168.55.5, but my IP packet gets SNAT’d and changed to 1.1.1.10 on it’s way to the PBX server. The IP packet will arrive correctly, but the SIP payload message will contain the line sip:192.168.55.5:5060 SIP/2.0. The PBX will then try to send ACK, and INVITEs for calls to 192.168.55.5:5060 which it cannot get to. SIP breaks. Setting the PBX server up with the NAT mode to yes, tells the server, when this extension registers, ignore IP address in the sip:192.168.55.5:5060 SIP/2.0 message and use the IP Source in the IP packet instead.

Phone Provisioning

There are mostly two types of provision when working with VoIP phones. Manual provisioning and Auto-provisioning. There are pros and cons for each. For example Manual provisioning is easier to get working right away because these phones have a configuration menu on them. I’ve seen most WiFi VoIP phones and VoIP Apps on Smartphones (like UbiPhone or Zoiper or Linphone for apple users) to be this way. You can also find some desktop phones that have manual provisioning, like the Nortel IP1535. On the other side of the coin, Auto-Provisioning is automatic! and best used for larger deployments. It is however a more sophisticated setup. Auto-Provisioning deployments are most common in the business or corporate world where you have many VoIP phones that get their configuration from centralized place upon bootup. These are the Cisco or Avaya phones you may have seen.

Manual Provisioning.
  1. Start by using your computer/laptop (hopefully with a Microphone, and download MicroSIP which is super easy. I downloaded the Lite version portalable ZIP file.
  2. Extract it and Run the MicroSIP executable.
  3. Goto Menu –> Add Account
  4. Filling in the Following:
    • SIP Server = 10.55.55.135 {IP or DNS name of your PBX server}
    • User = 86555, or whatever extension you create in the previous steps.
    • Domain = local
    • Password = password for x86555
    • Your name = testuser123
    • Transport = UDP
  5. Click Save and you should see MicroSIP Connecting… and eventually Online.
  6. Now let’s set it up on a Android Smart Phone using UbiPhone
  7. Once installed open the app.
    • Click Let’s Go at the Welcome screen
    • Select I already have a SIP account
    • Type in Extension/User = 86888, password = testpassword123, domain = 10.55.55.135 (your PBX DNS/IP)
    • You’ll see registration in progress, but you need to put in a password. So click on Settings bottom right, Click on the account (86888@10.55.55.135), find the password field and type in the password. Hit Settings button again to back out to main dialer menu.
      password
    • Registration Successful
Try a Test Call.

x86555 to x86888.

Auto-Provisioning.

So here comes the fun part! Auto-Provisioning of SIP phones! This will be a little more sophisticated than Manual provisioning as more pieces are involved and need to be configured to get it all to work. Each Phone type/brand may also be different. I am going to use two Cisco phones; 1x Cisco 7941G and 1x Cisco 7945G, the G stands for Global not gigabit!.
7941 G nolabel7945 G nolabel

The basic process for auto provisioning Cisco 7940s and 7960s series phones is through DHCP boot options and TFTP server housing the specific config files for the phones.

  1. Power starts the Phones boot up process
  2. Phone detects firmware, if no firmware detected goes into Firmware download mode.
    7945 G booting Normal Booting Screen cisco Phone Firmware Download ModeFirmware Loading Screen
  3. Phone receives IP via DHCP and DHCP option is set telling the phone where the location of the TFTP server is with the config files
  4. Cisco 7940 and 7960 series phones config file name format is SEP{MAC Address}.cnf.xml, so for example a phone with the MAC address of AAAA.BBBB.CCCC would look for a file named SEPAAAABBBBCCCC.cnf.xml
    Excerpt from my TFTP server upon Cisco 7941G boot.
    Aug 27 14:29:44 FreePBX xinetd[1108]: START: tftp pid=8382 from=10.55.55.151

    Aug 27 14:29:44 FreePBX in.tftpd[8384]: RRQ from 10.55.55.151 filename SEP001C5BBDDCAA.cnf.xml
    Aug 27 14:29:56 FreePBX in.tftpd[8385]: RRQ from 10.55.55.151 filename English_United_States/mk-sip.jar
    Aug 27 14:30:16 FreePBX in.tftpd[8459]: RRQ from 10.55.55.151 filename dialplan.xml
    
  5. As long as the config file has no issues the phone will continue to boot using the configuration items in the file.

Luckly, our FreePBX server by default installs a TFTP service. Located at /tftpboot on the box itself.

Important Files:

  • OS79xx.txt = Older series Cisco phones 7940s and 7960s will look for this file for what firmware version to be running, if mitmatch will drop into Firmware Download Mode. This file is not used in SIP, perhaps Skinny?
    P0S30202
  • XMLDefault.cnf.xml = Global Configuration File used durning Firmware Download Mode. The phone will look for its Firmware version it should download. Firmware Package consists of 8 Files. Download Cisco Firmware here.For example cmterm-7941_7961-sip.9.4.2.zip consists of SIP41.9-4-2SR1.loads, term41.defaults.loads, term61.defaults.loads, jar45sip.9-4-2ES9.sbn,cnu45.9-4-2ES9.sbn,apps45.9-4-2ES9.sbn,dsp45.9-4-2ES9.sbn, and cvm45sip.9-4-2ES9.sbn )
    
    
    
    
    
    
    2000
    
    2427
    2428
    
    
    
    
    
    
    
    SIP41.9-4-2SR1-1S
    SIP41.9-4-2SR1-1S
    SIP45.9-4-2SR1-1S
    SIP45.9-4-2SR1-1S
    SIP70.8-0-3S
    
    
    
    
    
    
    
  • dialplan.xml = Cisco phones use this file to create their dialplans, meaning when you start dialing a number on the  phone, how does the phone know hwo long your extensions are? How does it know to signal a outbound call with *9, etc.