VLAN & IP Range for VOIP system across 3 sites

[sidewinder]

We are having a VOIP system installed later this year, and I need to prepare by reserving an address range and setting up a VLAN.
We are on 3 seperate sites connected via leased fibre (100mb between sites) with a Watchguard at each site and branch office VPNs connecting them all.
Details:

Main School
192.168.1.0/24
DG - 192.168.1.1

Junior School
192.168.5.0/24
DG - 192.168.5.1

Nursery
192.168.10.0/24
DG - 192.168.10.1

Those address ranges were chosen because there are currently less than 254 devices at each site, but the space in between the ranges is reserved in case we ever need to expand, in which case I would change the subnet mask.

So should I choose a single range for the IP phones across all 3 sites (eg 192.168.15.0/24) or a different range for each site, but distinct from the current range, and keeping the subnet mask the same?

[twin--turbo]

1st question is why have you got a VPN on a leased line?

Are you having a Voice server at each location or a single voice server.

Rob

[sidewinder]

Because rightly or wrongly, that's how we have it setup! It was how the provider had set it up when I arrived, so over time I have upgraded the links and firewalls but kept the same system. So the leased lines are publicly accessible, hence the need for the VPNs. It works well so never really questioned it tbh

networkoverview.jpg

I see what you mean though, we could easily have a single firewall in front of the internet connection, then have the rest open and VLANed.

Also there will only be a voice server at the senior site. Only 4-5 phones at each of the others

[twin--turbo]

if there is only one server and a few clients then just use one subnet and vlan.


Rob

[glennda]

You can easily setup a Vlan Interface on the watchguard alternatively you can just use a third interface and connect this to an untagged phone vlan port on the switch.

You then just need to add the IP Subnets to the VPN's. If you are only having 4-5 phones at the remote sites I wouldn't even bother setting up QOS (too much effort).

If you are going to do it over the VPN's I believe on the watchguard's you will need separate subnets for the different sites as the BOVPN will not support sending the same subnet over it (from my experience).

If you need any help with the watchguard config's PM me and I'll give you more info.

[SchoolsBroadband]

Yes stick them on a separate VLAN unless you plan to use the Ethernet pass through ports on them?

Also what ever you do please make sure you use QOS on your Watchguard otherwise you'll likely have no ends of problems if someone does a huge upload / download.

We've done a lot of VoIP installs so feel free to PM if you want any more technical advice.

Dave

[glennda]

Yes stick them on a separate VLAN unless you plan to use the Ethernet pass through ports on them?

Also what ever you do please make sure you use QOS on your Watchguard otherwise you'll likely have no ends of problems if someone does a huge upload / download.

We've done a lot of VoIP installs so feel free to PM if you want any more technical advice.

Dave

Most phones with ethernet pass through will do and support the vlan tagging. (you untag the port for voice and tag for data - or vice versa depending on the system).

IMHO if they are only going to be having 4-5 phones at each remote site and the likely hood that all 5 are going to be used is minimal and even at max 5 x 80Kbs = 0.4mb of bandwidth required. If needs be later on QOS can be setup but QOS can be a pita to setup.

[SchoolsBroadband]

Oh yes thanks Glennda I'm aware it's tiny amount of bandwidth. I meant it's very east to saturate your line if you do a big upload / backup and you don't reserve any bandwidth for VoIP calls.

Classic example was for myself, I changed my router to test IPv6 from home to a newer model, forgot to put QOS on, call came in via the VoIP phone back to the office, I sent a big visio drawing and my calls were like when you go out of signal on a mobile. Not good!

FYI the Drayteks are great routers for home workers, love em....

Dave

[glennda]

Oh yes thanks Glennda I'm aware it's tiny amount of bandwidth. I meant it's very east to saturate your line if you do a big upload / backup and you don't reserve any bandwidth for VoIP calls.

Classic example was for myself, I changed my router to test IPv6 from home to a newer model, forgot to put QOS on, call came in via the VoIP phone back to the office, I sent a big visio drawing and my calls were like when you go out of signal on a mobile. Not good!

FYI the Drayteks are great routers for home workers, love em....

Dave

Should have a decent internet connection then....

<this is a joke >

I run 10 VOIP phones over our line to Natterbox and have no problems with it. We had 4 calls on the go I had the cricket streaming to my laptop and two colleagues were involved in a webinar - had no issues on that at all. If it fails over to the ADSL then yes we get problems with the phone but EFM and leased lines should be fine.

I can't see there being bandwidth problems - unless they are sending huge amounts of data from clients to servers - but in a building with 5 phones I can't imagine it being loads.

[twin--turbo]

No need to push G711 (87Kb) over wan links, G729 will do fine at (41Kb). I can't tell the difference when calling between sites. Not that we need to save bandwidth on a 1Gb Pipe .

Rob