VoIP 101: Voice over IP for BeginnersWritten by Rich McIver
For those who have never heard about potential of VoIP, be prepared to radically change way you think about your current long-distance calling plan. VoIP (Voice over Internet Protocol) is very simply, a method for taking ordinary analog audio signals and turning them into digital signals that can be sent over Internet.
So what? Well, for those of you who are already paying a monthly fee for an Internet connection, this means that you can use that same connection to place free long distance phone calls. This process works by using already available VoIP software to make phone calls over Internet, essentially circumventing phone companies and their service charges.
Interestingly, VoIP is not an entirely new thing. In fact, a number of providing companies have been around for some time. But it has only been with more recent explosion of high-speed internet access usage, that VoIP has gotten any attention. Now major telephone carriers are setting up their own VoIP calling plans throughout US, another testament to potential of technology.
How VoIP Is Used
While there are a number of ways that VoIP is currently being used, most individual callers fall into one of three categories: ATA, IP Phones, and Computer-to-Computer.
ATA or Analog Telephone Adaptor, is most common way of using VoIP. This adaptor actually allows you to hook up phone that is already in your house, to your computer, and then your Internet connection. What ATA does, is turn analog signals your phone sends out into digital signals that can be sent over Internet. Setting up this system is quite simple. It simply requires that you order an ATA (its an adaptor remember), plug cable from your phone which would normally go into wall socket into ATA, and then ATA gets plugged into your computer, which is connected to internet. Some ATAs include software that has to be installed on your computer before its ready, but basically it's quite a simple process. Then you are ready to make some calls.
The next type of VoIP usage utilizes IP Phones instead of your home phone. The IP Phone looks just like a normal phone, with all same buttons and cradle, only difference is that instead of having a normal wall jack connector, it has an Ethernet connector. This means, that instead of plugging in your IP phone to wall jack like you would with a regular analog phone, it gets plugged directly into your router. This option allows you to circumvent your personal computer, and it also means that you will not have to install any software, because its all built in to handset. In addition, fact that Wi-Fi IP phones will soon be available, which will allow subscribing callers to make VoIP calls from any Wi-Fi hot spot, make this option an exciting possibility.
The simplest and cheapest way to use VoIP is through computer-to-computer calls. These calls are entirely free, meaning no calling plan whatsoever. The only thing you need, is software which can be found for free on internet, a good internet connection, a microphone, speakers, and a sound card. Except for your monthly internet service fee, there is literally no cost for making these calls, no matter how many you make.
For large companies, VoIP also offers some very unique possibilities. Some larger companies are already utilizing technology by conducting all intra-office calls through a VoIP network. Because quality of sound is comparable to and in some cases surpasses that of analog service, some international companies are using VoIP to route international calls through branch of their company nearest call's destination and then completing it on an analog system. This allows them to pay local rates internationally and still utilize same intra-office VoIP network that they would if they were calling someone in next cubicle over.
Other Advantages of VoIP
While your current long-distance plan covers you for only one location, say calls made from your office, with VoIP, you can make a call anywhere that you can get a broadband connection. That is because all three methods above, unlike analog calls, send call information via Internet. This means you can make calls from home, on vacation, on business trips, and almost anywhere else. Anywhere you go, with VoIP you can bring your home phone along with you. In same way, computer-to-computer connections mean that as long as you have your laptop and a connection, you're ready to go.
VPN over Satellite: A comparison of approachesWritten by Richard McKinney and Russell Lambert
As awareness of VSAT Systems satellite Internet access (www.vsat-systems.com) becomes more wide spread, demand for secure connections from remote locations to corporate local area networks continues to increase. The high latency inherent in geo-synchronous satellite connections has presented a significant obstacle to efficient virtual private network (VPN) connections over satellite.
Various solutions to carrying IP traffic over satellite have been proposed, but each one has had some limitation that prevented it from becoming widely adopted. Recently Encore Networks released their VSR-30 3DES VPN device, which offers most popular features of IPSEC appliances, but leaves IP header unencrypted. This feature makes VSR-30 attractive for satellite-based VPN applications because visible headers allow VSAT Systems to optimize throughput.
The Problem In order for a two-way satellite service to perform properly in conjunction with traditional terrestrial networks (Internet, Intranet), satellite data networks must employ special techniques to deal with extra 44,600-mile space segment of connection. Without those steps, increased latency, time required to traverse extra distance, means that TCP severely limits performance.
The Internet relies on Transmission Control Protocol (TCP) to ensure packet delivery without errors. TCP works by sending a certain amount of data, “window size,” then waiting for receiver to send an acknowledgment of receipt. With TCP, sender cannot transmit more data until it has received an acknowledgment. If an acknowledgment does not arrive in a timely manner, TCP assumes packet was lost (discarded due to network congestion) and resends it. When packets go unacknowledged, TCP also slows transmission rate to reduce congestion and to minimize need for retransmissions.
TCP/IP sessions start out sending data slowly. Speed builds as rate of acknowledgments verifies network’s capacity to carry more traffic. This is known as slow-start, followed by a ramp-up in speed. The speed of connection builds until sender detects packet loss from a lack of an acknowledgment. This allows TCP to achieve fastest practical data transfer rate for conditions present on network.
Terrestrial networks typically have round-trip latencies in range of 35 to 100 ms. Satellite networks, due to distance of geo-synchronous satellites above equator, require 550 ms or more. Some satellite connections have much higher latencies. Depending upon satellite hardware and subscription policy of service provider, latencies of 800 ms to as much at 2,000 ms or more can occur. TCP interprets additional satellite transit time as network congestion. If uncorrected, this effect causes network to send all additional packets at slow-start rate.
Current satellite data networks employ a technique referred to as TCP acceleration or IP spoofing to compensate for extra time required to transit space segment. Special equipment at carrier’s main satellite hub appears to terminate TCP session, so it appears to sender as remote location. In actuality device at satellite hub acts as a relay or forwarder between originating terrestrial location and remote satellite unit. When spoofing equipment receives Internet traffic destined for a remote satellite location, it immediately acknowledges receipt of packet to sender so more data packets will follow promptly. This way sender never experiences actual latency to remote site because acknowledgments return rapidly. As a result, TCP moves out of slow-start mode quickly and builds to highest practical speed.
To prevent packets from being acknowledged twice, spoofing equipment suppresses acknowledgments from remote site. In this way, computers behind a satellite link communicate seamlessly and efficiently with servers on terrestrial Internet.
IPsec VPNs not only encrypt data portion of packets, they also encrypt TCP port number and IP address of sender’s computer. (Think of TCP port as apartment number while IP address is that of building.) Consequently, only VPN software at remote site can decipher where packets originated and acknowledge receipt of data.
Popular IPsec VPNs, therefore, defeat TCP acceleration over satellite links because ground stations cannot adjust fields in header when those fields are encrypted. This situation requires that acknowledgments transit space segment twice (over and back) and results in substantial performance degradation. The impact on performance increases as latency rises. To determine effect of latency on performance and to measure effectiveness of an alternative VPN device, engineers at VSAT Systems transferred a variety of data files over a high-quality satellite link under controlled conditions and measured results.
Test Procedure The test compared transfer rates over a Cisco 1711 IPsec VPN and an Encore VSR-30 Selective Layer Encryption (SLE) appliance to each other and to speed of file transfers over open Internet (unencrypted). The data moved from remote to server, then from server to remote using FTP. Transfer rates were measured in kilobits per second (Kbps). The test utilized six different files to measure data transfers rates: 500 kilobyte, 5 megabyte, and 10 megabyte files in both compressible (text) and non-compressible (binary)forms.
Both Cisco and Encore equipment used 3DES encryption. However, Encore unit’s SLE encrypted only data, leaving IP and TCP headers accessible. With headers accessible, encrypted packets are compatible with all types of satellite modems and all methods of TCP acceleration.
The test transferred files between two similarly configured Free BSD computers containing three identical network cards. With three cards in each system, computers could multi-home and physically separate data. The resulting three data paths facilitated near simultaneous testing of two VPN circuits and unencrypted, clear connection.