Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

multi-site unmanaged VPN and IPO

multi-site unmanaged VPN and IPO

multi-site unmanaged VPN and IPO

New to the forum, so no flaming please. We have 4 offices that we're looking at deploying the IPO to (actually 6 but one is connect via PTP T1, and the other is connect via DSL/wireless bridge out of my control).

Office A - Cisco 2651XM w/ VPN card IP+/FW ios w/ T1 to Verio ISP
Office B - Cisco 1720 w/ VPN card IP+/FW ios w/ T1 to Verio ISP
Office C - Cisco 1720 w/ VPN card IP+/FW ios w/ T1 to Verio ISP
Office D - Cisco 1720 w/ VPN card IP+/FW ios w/ FR T1 (CIR 1.5) to Speakeasy ISP

We currently have no QOS running. Ping times vary w/ 32 byte packet -
Office A-B 41ms up to 250ms avg. 68(7 hops over public route)
Office A-C 60ms up to 450ms avg. 57 (8 hops over public route)
Office A-D 85ms up to 255ms avg. 98 (14 hops over public route)

We do some file sharing, printing, and video conferencing site-site, central db in Office A accessed frequently.

I understand the need for QOS, no problem. But I know it isnt going to help latency. We just had the tech out today to do the network assessment, he wasnt real positive. I understand what we're up against, but Im thinking we cant be the only ones who have tried this. Can anyone throw me a bone here? The tech said he's only worked one other job with VPN links??? All the others were using PTP links to other offices across the country! Thats some serious cash. If I propose that, it'll go over like a brick ****house.

Any ideas?

RE: multi-site unmanaged VPN and IPO

This is a flame free forum, always happy to help.

Trying to run VOiP using an internet VPN is asking for trouble.

 1) You will get no Qos garantee, you may not often see degradation so for internal communication it may be ok

2) the ping time you are showing are not good, If you can get a connection established I would expect problems with echo & probibly call cut off.

I would rather install an IPO with V2.1(15) VM Pro & CCC than try to get this configuration to work reliably.

I believe there are some docs in the avaya tool tips that detail ping times etc. for Voip Connections

RE: multi-site unmanaged VPN and IPO

You might want to look at a solution from a company like Masergy that can provide true Fiber Ring MPLS all over the world with very generous sla's for jitter packet loss and packet order.  Their sla's for round trip latency are respectable as well.  I will be implementing a Philadelphia-Sydney-London network with them shortly and will post the results, good or bad.

I would explore other options like MPLS or even frame before I would try to implement using a VPN through the public internet.

RE: multi-site unmanaged VPN and IPO

Since you're new here, you should know that by suggesting he'd rather install 2.1(15) with VMPro and CCC, IPGuru is clearly of the opinion your odds of success are about on par with convincing your CFO to spring for frame relay to all your locations

Do you already have an IPO at one of your locations?  You might try a light investment and deploy a single IP hardphone and see how it goes first.  You could rotate it around the various locations to get a feel for the quality you can expect at each site.


RE: multi-site unmanaged VPN and IPO

Morrack - yeah, thats pretty much what I thought.

Thats not a bad idea to use an IP phone. Technically I have no equipment yet. I have a proposal for 6 offices (400 digital phones). The first office for deployment is moving to a new location in 6 weeks (didnt want to spend the cash to re-locate and upgrade/expand the Legend). After that another office is moving and we're opening another in 2 months. This is happening real fast. For the new/moving offices it makes financial sense to go with a new system, and the IPO isnt priced much higher than say a Magix. So here I am.

What rubs me about this whole thing is I've spoken with two different vendors, each designed two systems, they each knew we were running a public VPN, and neither mentioned that this isnt recommended by Avaya as stated in a doc I found yesterday. Wish I had found this forum earlier too.

I know Im off track so thanks for letting me vent. But Im in a jam. My CEO thinks he's getting a system that we can 4 digit dial to each office and do least cost routing. I didnt budget for a dedicated frame or managed VPN. ARRRRRGHHHHH!

RE: multi-site unmanaged VPN and IPO

All is not lost, Don.  There are ways around this IF conditions are right.  Can you get the same ISP at all locations, preferably a smaller provider?  Sometimes you can get the little guys to do things the big goliaths would laugh at you for suggesting.  I have a client running voip across the public internet, and it works quite well.  However, they've had to make a minor security compromise and send the voice packets unencrypted (ie no vpn).  The ISP was able to guarantee QoS for packets that only traversed their networks - which was fine since they were able to provide the adsl to all locations.  The key is they cannot pass through a VPN or those voice packets suddenly become data packets - not to mention the latency overhead the vpn adds.

If you aren't planning any super-sensitive conversations over your voip links (you could provide an alternate dialout code that would dial long distance for any such conversations - perhaps good to share with your CFO and CEO) then you might be able to salvage the situation.


RE: multi-site unmanaged VPN and IPO

Go with Morrack's advice. The only times I've heard of this working really well over the Internet have been with all sites on the same ISP and that ISP actively supporting the QoS end to end (ie. its not really the Internet, just an internet).

For ping times you need to be aiming for under 150ms to avoid users percieving something odd about the line.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close