[cisco-voip] CUBE Network Design

Derek Andrew Derek.Andrew at usask.ca
Tue Apr 21 15:46:53 EDT 2015


So the CUBE connects to a provider on the Internet? Hmmm. Interesting.

Around here, the CUBE is on our network on one side, and the other is on a
a dedicated, private network to the provider. No traffic on the Internet
and no firewall.

The CUBE should not be an IP router.

Of course, this is just me talking.

d



On Tue, Apr 21, 2015 at 11:59 AM, Brian Meade <bmeade90 at vt.edu> wrote:

>  Ideally you can rely on SIP inspection on the FW to handle opening the
> RTP pinholes.
>
> On Tue, Apr 21, 2015 at 1:38 PM, Jason Aarons (AM) <
> jason.aarons at dimensiondata.com> wrote:
>
>>  Would you open almost all your UDP RTP ports from CUBE in DMZ to inside
>> phones?
>>
>>
>>
>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>> Behalf Of *harbor235
>> *Sent:* Tuesday, April 21, 2015 1:35 PM
>> *To:* Cisco VOIP
>> *Subject:* [cisco-voip] CUBE Network Design
>>
>>
>>
>>
>>
>> I have infrastructure setup to provide VOIP services as well as other
>> services to a multi-tenacy  environment. I want to segregate those services
>> as much as possible for security reasons.
>>
>> My question, customer resources are behind a edge router and a firewall,
>> I want my cube positioned as close to the edge as possible for performance
>> reasons. Cisco design docs have suggested that for larger sites terminating
>> SIP traffic on a CUBE that best practice is to position the CUBE inside of
>> the firewall. My thoughts are a DMZ like structure that connects to the
>> firewall via two interfaces, inside and outside. This provides several
>> controlled interfaces for policy enforcement.
>>
>> I wanted thoughts from the community on real world network design best
>> practices when aggregating multiple tenancy environments providing VOIP
>> with CUBE services.
>>
>>   thanks in advance,
>>
>>
>>
>> Mike
>>
>>
>>
>> itevomcid
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>


-- 
Copyright 2015 Derek Andrew (excluding quotations)

+1 306 966 4808
University of Saskatchewan
Peterson 120; 54 Innovation Boulevard
Saskatoon,Saskatchewan,Canada. S7N 2V3
Timezone GMT-6

Typed but not read.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150421/707f8ba1/attachment.html>


More information about the cisco-voip mailing list