It seems like one of the major tasks that I have been doing on a daily basis for the last ten years is creating network designs for people. Since a large part of the business that my company does is put in place a complete IP phone system into organizations that have between 50 and 3000 users, me and the other design guys create a lot of designs.
Most organizations do not upgrade their LAN to prepare for the future – most of them don’t touch the network as long as it is running properly and supporting the user’s applications. When starting the planning process for putting a secure voice system on the network, that takes the network requirements to another level.
There is a lot more to consider than QoS for putting voice on the LAN, although that is what the discussion is usually centered around. The LAN also has to have a number of other attributes:
Secure – with voice on the LAN, the switches must have security features that can prevent them from getting attacked with MAC address floods, rogue DHCP servers, gratuitous ARP’s changing the default gateway, and other attacks that can be launched by malware.
Fast – If voice goes through multiple switches, each hop can add latency. Instead of store and forward of the ethernet frames, switches should use cut-through to move things along. Server and uplink speeds should be gigabit, while for most organizations 10/100 Mbsp to the desktop is just fine.
QoS – As discussed above. This comes into play mostly in uplinks. When remote access layer closets are connected back to the distribution layer, there is a choke point in the LAN. Any choke points require queuing to prioritize the voice.
Reliable – Long Mean Time Between Failure, well tested code to limit bugs, good support from the manufacturer in case there is a software or hardware issue.
Managable – The switches have to be able to be managed remotely, have SNMP information, be able to log, and be configurable. GUI interfaces are ok, but there is nothing like a solid command line interface for rapid configuration, troubleshooting, and repair.
Power Density– Switches have to be able to support the power density of the planned devices. Most switches can not power all ports at the highest levels.
Power and Cooling – Since IP phones are powered from the switches, all access layer switches will require properly sized UPS’s. A basic switch consumes about 60 Watts. A 48 port switch with 15 Watt phones plugged into every port will require at least 600 Watts. Put a few of those switches in the closet an you are looking at not only a much bigger UPS, but also better cooling.
Redundant Design – The only place that there should be a single point of failure is at the access layer in the closets. If a switch fails, only the devices connected to that switch should lose connectivity – all others should work around the issue. In most cases that means dual uplinks from each closet to a redundant distribution layer at the core.