redundant internet connections supporting (2) 3CX systems

Discussion in '3CX Phone System - General' started by bytesmart, Dec 4, 2012.

Thread Status:
Not open for further replies.
  1. bytesmart

    Joined:
    Feb 17, 2010
    Messages:
    6
    Likes Received:
    0
    I have 2 main questions regarding what amounts to 2 small business clients...
    - that share office space, local computer network subnet (including a single Server 2003 domain), and internet connection
    - that are adding a 2nd internet connection for redundancy
    - that both want 3CX phone systems connected to SIP trunks, but they want them fully separate
    - that both have remote users who will need either hard or soft phones

    Client A is 5 internal users and 4 remote users. Client B is 12 internal users and 5 remote users. Encumbent ISP is Verizon FIOS with single static IP. Newly-added ISP is Comcast cable internet at something like 300Mb down with 5 static IPs. SIP trunking will most likely be through NexVortex.

    I've already sold them a new Fortinet Fortigate 80C UTM firewall to handle the ISP redundant connection and whatever subnetting or VLAN'ing may be necessary.

    Question #1: On the internal network and for local phones - can (2) separate 3CX systems play nicely on the same local subnet? I have visions of IP phones on that subnet rebooting and looking for the provisioning server- how do they know which one to connect to? I'm open to suggestions on how best to migrate these 2 companies to 3CX-based phone systems, just not quite sure what is the best path.

    Question #2: For remote phones/ extensions - how can I get them working through a redundant internet connection configuration? And then add on the complexity - how to do that for both the remote phones for Company A and Company B?

    Any help would be appreciated,

    Ben Ahlquist
    ByteSmart Services
     
  2. RichardCrabb1

    RichardCrabb1 New Member

    Joined:
    Mar 7, 2009
    Messages:
    196
    Likes Received:
    0
    Re: redundant internet connections supporting (2) 3CX system

    Hi,
    I hope to try to answer both of your questions:-
    1) In my experience it is better to use separate LANs or VLANs for each 3CX. However, we have succeeded in connecting them on one subnet. Here are a couple of ways around it. The first issue is option 66 that points to the 3CX server. If there are a small number of phones and you are using Microsoft's DHCP server you can set up static allocations per MAC address. For a larger company there were too many phones, so we got around this by scripting in IIS. As you can see, it is best to use different subnets if you can

    2) For redundancy of Internet connection you need multiple public IP addresses per connection. I would not recommend changing default port numbers. Although 3CX don't recommend it we have used STUN to allow different public IP addresses to be used.

    I am not sure what the Fortigate is capable of. We tend to us Draytek 2830 routers. These support multiple WAN ports and multiple LAN subnets with routing between them.
    I hope that helps?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. bytesmart

    Joined:
    Feb 17, 2010
    Messages:
    6
    Likes Received:
    0
    Re: redundant internet connections supporting (2) 3CX system

    That does help, especially with regard to the local side of things, thank you!

    With regard to the redundant internet connections, multiple public IPs for both circuits make sense I think, so it would look something like the .jpg attached?

    With redundant internet connections (even if only considering 1 3CX phone system), how do you manage getting remote phones connected? Do you use a 3rd-party DNS service that manages the fail-over and then point the remote phones at that instead of an IP, or something else?
     

    Attached Files:

  4. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Re: redundant internet connections supporting (2) 3CX system

    Ben:

    The most important question, what router will you use? I would encourage you to not have multiple trunks and rely on STUN and registration, perhaps often.

    Some routers will not handle your NAT well after a failover, the remote phones should use DNS to locate the 3CX server, your router may be able to use a dynamic DNS service. While I certainly understand your end goal, there are so many factors to consider and having done several setups of this kind, the router is key to not having a nightmare on your hands.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. bytesmart

    Joined:
    Feb 17, 2010
    Messages:
    6
    Likes Received:
    0
    Re: redundant internet connections supporting (2) 3CX system

    Hello Charles,

    Thank you for your reply. The router that was spec'd and purchased (but not installed yet) before the larger of the 2 clients decided they wanted to upgrade as well -- is a Fortinet Fortigate 80C. It advertises it can handle redundant internet connections.

    "I would encourage you to not have multiple trunks and rely on STUN and registration, perhaps often" When you say trunks, do you mean SIP trunks? I am not sure how to eliminate the 2nd SIP trunk, as the 2 companies want to have separate 3CX phone systems. I am not aware of a way to simultaneously connect the same SIP trunk to 2 different 3CX systems. Maybe I misunderstood you.

    "Some routers will not handle your NAT well after a failover" What issues have you seen or heard of, for routers that do claim they can manage redundant internet connections?

    I have found from the SIP trunk provider (Nexvortex) that I can just add in the 2nd public IP as the secondary place it will connect to should the primary IP fail, so as far as connecting the SIP trunk to 3CX, it appears that it will not have to depend upon a dynamically-updated DNS record.

    I believe the Fortigate series supports DDNS, but if not I was thinking about using a 3rd-party service like Easy DNS or DNS Made Easy, that can monitor your public IPs and dynamically update the DNS record should the primary go down. Do you have any thoughts about using a 3rd-party service in this way, as it relates to 3CX and connecting remote phones?
     
  6. RichardCrabb1

    RichardCrabb1 New Member

    Joined:
    Mar 7, 2009
    Messages:
    196
    Likes Received:
    0
    Re: redundant internet connections supporting (2) 3CX system

    Hi,
    Unfortunately I have no experience of running DDNS on the 3CX machine. There was must be some good clients out there which you could test. The good thing about having DDNS on the router is that the router knows when a WAN connection goes down, so will re-check the IP address automatically. On the Windows machine it can only work by timed checks. Whichever router you use you need to be careful to make sure that the correct outbound IP address and WAN are used by testing it. You also need to make sure that if the SIP provider locks the trunk down to a given IP address, then you need to make sure that their filter is set for both IP addresses.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Re: redundant internet connections supporting (2) 3CX system

    Good luck, very good luck, not ideal at all, DNS TTL issues, in order. I suggest you engage a real network whiz to get that to work correctly.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Re: redundant internet connections supporting (2) 3CX system

    Just a hint, get a Mikrotik RB1200, make sure that you have a good understanding of SRCNAT and use STUN. Do not setup a backup IP on the secondary ISP IP address, let the router do the work of redundancy and STUN re-registering. Make sure you understand packet marking and route metric/cost. don't overcomplicate the 3CX server side, leave that as a simple trunk on each machine and use STUN to determine your PUBLIC IP at re-registration time.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. RichardCrabb1

    RichardCrabb1 New Member

    Joined:
    Mar 7, 2009
    Messages:
    196
    Likes Received:
    0
    Re: redundant internet connections supporting (2) 3CX system

    Hi,
    This week we have setup a 3CX with 3 redundant Internet connections - and can support upto 4 using STUN. This is using a Draytek 3200. If you disconnect the main connection used for VoIP it re-configures quickly to use one of the others. The configuration is actually quite simple. There are also bridged connections to other 3CXs.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. netswork

    netswork Active Member

    Joined:
    Mar 11, 2011
    Messages:
    577
    Likes Received:
    1
    Re: redundant internet connections supporting (2) 3CX system

    In your fortigate you will need a static IP for each system on each ISP. You will create two virtual IP''s for each 3cx server. You will then need to create a set of firewall policies for each VIP in and out.

    Use ECMP load balancing to detect the dead gateway for internet fail-over. You need this because the internet circuit could go down but the link could still be up. This will use a ping test to determine if the route is still valid.

    Since each 3cx will have 2 static IP's you will need to use STUN. I use nexvortex with fortigates exclusively and it will work...Don't scrap your fortigate for, what I feel is a lesser device (personal opinion), like a microtik or draytek.

    You will need to disable SIP ALG on the fortigate which must be done from the CLI. You could also setup the fortigate with VDOM's and have 2 virtual firewalls if you want to truly separate the two clients but that shouldn't be necessary.

    For the internal network the best thing to do would be to separate the two voice networks into their own vlan with a DHCP server (which could be the fortigate) to hand out DHCP options to the respected vlan. You can do this with a trunk/vlan interface on the fortigate/switch if you have a managed switch. You can also setup the fortigate in interface mode rather than switch mode so you can configured the 6 lan ports individually. Each phone vlan would then get their own physical network interface on the fgate.

    If you don't have a managed switch to setup Vlan's on there is no reason you cant have 2 3cx servers on the same LAN you would just have to manually configure the provisioning URL on the Phones. You don't have many phones so that wouldn't be hard to configure or manage.

    You will also want to setup traffic shapers for the voice traffic to your remote phones and nexvortex, that way you get dedicated bandwidth and priority for voice through the fortigate.

    I can help you with the fortigate if needed, we have installed 100's of them.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.