Newbie 3CX WAN setup design question

Discussion in '3CX Phone System - General' started by MTBrooklyn, May 13, 2016.

Thread Status:
Not open for further replies.
  1. MTBrooklyn

    Joined:
    May 13, 2016
    Messages:
    4
    Likes Received:
    0
    We are an IT/Managed Services company thinking about replacing our hosted VoIP system (provided by a third party) with a 3CX.

    Our thought is to put 3CX on a Windows VM in our colo, then deploy apx 30 phones to our main office, 5 to a branch office, and 5-6 to individual home offices. We would use Yealink phones, but a few of the home offices may just use a windows or mobile softphone client. We would also buy SIP trunks from a provider who has their SIP server somewhere within 300 miles of our datacenter so there are very few hops and low latency, to keep quality good.


    Our network setup is as follows:
    Colo: 3 GB connectivity (multiple carriers, BGP), going through a Juniper core and then into Sonicwall firewalls doing NAT (so the 3CX server would be behind a sonicwall 2600 with a dedicated WAN IP). All VM's run on VMWare on multiple hosts with EMC SAN storage and full redundancy.

    Main office: 100 meg fiber internet, single WAN IP, Sonicwall firewall. also have a 10 meg copper backup (separate IP's) with failover configured on the sonicwall. Site-site VPN to the Colo and branch offices (via Sonicwalls)

    Branch office: same config as main office, only 50 meg for main internet.

    home offices: cable modem or fios at each, apx 20 meg download, 5-10 meg upload.

    All locations have <20 ms latency to the colo.



    I've been reading about the SBC and STUN configurations and am not sure what the best route is... Do we:

    1. let each phone just look at the WAN IP of the 3cx and send traffic over the open internet (i've heard pushing voice over a VPN messes with quality)?
    or
    2. point phones to the internal IP and let the traffic run over the VPN? If so, what about the home office users?
    or
    3. put a SBC device in the main and branch offices, point phones to them? if so, does that SBC communicate with the 3cx via VPN, or WAN IP's (does the SBC need its own WAN IP)?
    or
    4. configure Open VPN on each individual phone and let the phones, wherever they are, make their own VPN tunnel to something in the colo (maybe a linux VM set to accept the connections)? I've heard that Yealink phones can be configured to open a VPN tunnel first, and then establish the SIP session over the VPN.


    While it probably is simpler to put the 3CX in our main office, I prefer to keep it in the colo for uptime and DR planning. any feedback is welcome here. Like I said, i'm a newbie...
     
  2. ian.watts

    ian.watts Active Member

    Joined:
    Apr 8, 2011
    Messages:
    532
    Likes Received:
    1
    SBC the offices.
    STUN the rest.

    As for your specs.. overkill needs for voip, it will be fine.
     
  3. MTBrooklyn

    Joined:
    May 13, 2016
    Messages:
    4
    Likes Received:
    0
    Ian, SBC's connect to PBX over VPN or WAN, or doesn't matter?
    Does the SBC become a point of failure, and if so, can i have redundant ones?
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,757
    Likes Received:
    286
    If you use VPN, then in essence, the remote office is on the same network as the 3CX server, so no need for a SBC.

    Yes, the SBC becomes a point of failure, but, so is everything else in the network, router, modem switch, server, power supplies, gateways, ISP...

    Nothing is infallible. You do what you can afford to do to have replacement hardware readily available, use a UPS where feasible and always do backups.
     
  5. ian.watts

    ian.watts Active Member

    Joined:
    Apr 8, 2011
    Messages:
    532
    Likes Received:
    1
    SBC to the WAN, will still be better than VPN or SBC over VPN.
    Given a RasPi runs the thing, I suppose while it "could" be a failure, I have set three and otherwise forgotten about them. During that time.. the point of failure has been the friggin' ISP (Comcast) screwing things up for them, not the SBC.
     
  6. MTBrooklyn

    Joined:
    May 13, 2016
    Messages:
    4
    Likes Received:
    0
    I read that the ras pi SBC is for up to 5 simultaneous calls. For the office with 30 phones it sounds too small. Of course i prefer it to a PC, as no moving parts or a Windows OS to maintain....
     
Thread Status:
Not open for further replies.