[This is pre-release documentation and subject to change in future releases. This topic's current status is: Milestone-Ready]

Topic Last Modified: 2010-03-11

This topic provides guidelines for designing a SIP trunking topology to meet your specific needs.

Figure 1: Example SIP Trunking Topology

SIP Trunking Topology Components

The following components are used in SIP trunking topologies.

Important:
Contact your service provider to determine whether they provide failover and high availability support. If so, what are the procedures for setting it up? For example, do you have to configure only one IP address and one SIP trunk on each Mediations Server, or do you have to configure multiple SIP trunks on each Mediation Server?

Consolidated Configuration Pools

In the Communications Server 2010 Enterprise Edition consolidated configuration, all server components except the back-end database server can be collocated on each of the Front End servers in a pool. The back-end database server must reside on a separate dedicated computer. Consolidated configuration provides scalability and high availability.

Router-to-Server Connections

In the perimeter network (sometimes called the DMZ) a router serves as the first landing of the connection. The router in the perimeter network connects to a router behind the inner firewall. The router behind the inner firewall connects to the Front End servers.

Securing SIP Trunking Network Connections

For security purposes, you should set up a virtual LAN (VLAN) for each connection between the two routers. The actual process for setting up a VLAN varies from one make of router to another. Contact your router vendor for information.

We recommend that you follow these guidelines:

  • Set up a virtual LAN (VLAN) with static routing between the Mediation Server and the router.

  • Do not allow broadcast or multicast packets to be transferred from the router to the VLAN.

  • Block any routing rules that route traffic from the router to anywhere but the Mediation Server.

If you use a VPN server, we recommend that you follow these guidelines:

  • Set up a VLAN between the VPN server and the Mediation Server.

  • Do not allow broadcast or multicast packets to be transmitted from the VPN server to the VLAN.

  • Block any routing rule that routes VPN server traffic to anywhere but the Mediation Server.

  • Encrypt data on the VPN by using Generic Routing Encapsulation (GRE).