S8700 Multi-Connect
Issue 3.4.1 June 2005
339
When tying the control network into the corporate network, strong access lists or firewalls
should be used to prevent Denial of Service (DoS) attacks and broadcast storms from
interfering with control network traffic. Appendix B identifies the ports that must be opened for
IPSI-controlled port networks.
A low latency queuing mechanism should be implemented on network elements in the control
network path. Control traffic should be tagged with DSCP 46 and 802.1p COS 6 Section 3
provides guidelines on setting up a LLQ or other suitable QoS design.
Security Concerns
The private control LAN has historically been a feature of the Multi-Connect configuration that
has added significant security and protection against network flooding attacks, viruses, and
unauthorized access. Naturally, with the control network and public network combined, this
protection is no longer inherently provided. Avaya recommends isolating the control network
from the enterprise network as much as possible.
Should an enterprise decide to combine the control and public networks, Avaya recommends
implementing firewalls or access control lists in order to protect the system from attacks and
unwanted traffic.
●
Firewalls should be placed between the enterprise network and control network segments
to protect the server against network attacks.
●
Firewalls should be implemented to prevent unauthorized access to the server from the
enterprise network in the case of a compromise of the enterprise network.
●
Firewalls should be implemented to prevent unauthorized access to the enterprise network
from the server in the case of a server compromise.
●
Firewalls should enforce protection rules that prevent the propagation of ANY traffic that is
not needed for VoIP communications. For a list of recommended settings in this area,
consult
Appendix B: Access list
.
Other IP interfaces
The C-LAN and Media Processor connect directly to the customer’s data network (that is, not
the control network). They must be reachable by IP Telephones on the network, so they should
be placed in the voice VLAN, should one exist, or should at least be reachable by all subnets
containing voice endpoints. The architecture of the system is such that traffic entering either the
C-LAN or MedPro cannot cross into the control network.
The IPSI connects to the control network and provide an interface between the S8700 servers
and the port network. It does not need to be reachable from the enterprise network.
Содержание Application Solutions
Страница 1: ...Avaya Application Solutions IP Telephony Deployment Guide 555 245 600 Issue 3 4 1 June 2005 ...
Страница 20: ...About This Book 20 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 21: ...Issue 3 4 1 June 2005 21 Section 1 Avaya Application Solutions product guide ...
Страница 22: ...22 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 74: ...Avaya Application Solutions platforms 74 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 106: ...Call processing 106 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 124: ...Avaya LAN switching products 124 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 139: ...Issue 3 4 1 June 2005 139 Section 2 Deploying IP Telephony ...
Страница 140: ...140 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 186: ...Traffic engineering 186 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 204: ...Security 204 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 214: ...Voice quality network requirements 214 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 228: ...Avaya Integrated Management 228 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 239: ...Reliability Issue 3 4 1 June 2005 239 Figure 69 S8700 Media Server in a high reliability configuration ...
Страница 274: ...Reliability and Recovery 274 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 275: ...Issue 3 4 1 June 2005 275 Section 3 Getting the IP network ready for telephony ...
Страница 276: ...276 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 350: ...Implementing Communication Manager on a data network 350 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 356: ...Network recovery 356 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 366: ...Network assessment offer 366 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 367: ...Issue 3 4 1 June 2005 367 Appendixes ...
Страница 368: ...Appendixes 368 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 394: ...Access list 394 Avaya Application Solutions IP Telephony Deployment Guide ...
Страница 414: ...DHCP TFTP 414 Avaya Application Solutions IP Telephony Deployment Guide ...