Professional Documents
Culture Documents
Alcatel Omnipcx Enterprise: VPN Overflow
Alcatel Omnipcx Enterprise: VPN Overflow
VPN Overflow
NOTE:
Copyright (c) 2006 Alcatel. All rights reserved for all countries. This
document may not be reproduced in whole or in part without the express
written permission of Alcatel.
Alcatel® and the Alcatel logo are registered trademarks of Alcatel. All other
trademarks are the property of their respective owners.
The CE mark indicates that this product conforms to the following Council
Directives:
- 89/336/CEE (concerning electro-magnetic compatibility)
- 73/23/CEE (concerning electrical safety)
- 1999/5/CE (R&TTE)
Chapter 1
Overview
Chapter 2
Detailed description
0-1
Chapter 3
Configuration procedure
Chapter 4
Configuration examples
0-2
Chapter 5
Maintenance
0-3
0-4
1
1.1 General
The virtual private network (VPN) service is used in addition to a homogeneous ABC private
network. It allows ABC calls to overflow on the public network in the event of ABC logical link
congestion. This is a means of by-passing B channel congestion in an ABC network. This
service is more complex and completes the existing offer:
- private/public overflow,
- automatic call-back on congested logical link,
- trunk group overflow
The number of VPN overflows used by a call is limited to 2.
The VPN overflow is also used for the particular case of voice on IP (see module ABC link
through IP - Overview ).
1.1.2 Use
The possible uses of the service include:
Bandwidth optimisation
In the case of an ABC-F network where the inter-node traffic presents peak periods, the
network administrator can select to lease from the operator only the amount of bandwidth
required for nominal traffic (E1 type split operator service) and to implement the VPN overflow
service. The excess traffic corresponding to the peak period times is then routed by VPN
overflow. The inherent cost of the leased link is therefore optimised as regards the nominal
2
2.1 Principle
In a homogeneous ABC network, VPN overflow consists in using public network B channels
for the voice part of a communication, while the signaling part transits over the private network
in the same way as for an ordinary ABC communication. This means the communication
retains an ABC-F2 service level.
the one used in ARS. It is used to obtain the numbering sequence which will be used (as a
priority) to reach the destination node and must be completed in management.
Phase Description
5 The call is carried to the called
subscriber.
2.1.4 Example
The establishment of a private call with ABC-F2 service quality, between a node A user and a
node D user while there is a B channel congestion on one or more logical links on the path
between A and D, is possible using the VPN overflow service.
2.2.1 Principle
Each VPN hop defined in an ABC network has an associated VPN cost in management. This
cost is proportional to the financial cost of an average duration communication between nodes
located at the two ends of the VPN link. They are static, included between 1 and 254, and are
used by the routing application to calculate the global cost of a route including one or two
(maximum) VPN overflows.
Each subscriber has, in his public network access category, a VPN cost threshold completed.
This parameter is used to determine the VPN hops that are authorized for the subscriber. A
user can only use a VPN hop for his call if the VPN cost threshold that has been allocated to
him is greater than the VPN cost of the hop.
VPN threshold VPN Overflow
-1 VPN overflow never authorized.
0 Authorized overflow on VPN uncontrolled arcs.
254 VPN overflow always authorized
0<Threshold<254 Authorized VPN overflow on the arcs with a cost lower than the
threshold.
The public trunk groups also have a VPN threshold used to define the VPN overflow
authorization for calls incoming via this trunk group.
On establishing a call that implements a VPN overflow, the caller (user or trunk) VPN cost
threshold is compared with the VPN cost of the route. The call is accepted if the caller VPN
cost threshold is greater than the VPN cost of the route.
The access control mechanism can be inhibited for a given VPN hop. In certain cases, it may
prove essential to authorize systematic overflow regardless of the threshold cost of the users.
This is the case for a node connected via a hybrid logical link with no B channels (signaling
only) and where the communications are systematically obtained by VPN overflow. In this
case, the communications coming from the node connected by this type of logical link have no
other solution than to perform a VPN overflow.
A management data item for VPN hops is used to validate or inhibit the access control
mechanism. This operation can be carried out selectively for the voice or data qualities of a
communication.
- When the access authorization is operational, a controlled VPN hop is obtained.
- When the access authorization is not operational, a uncontrolled VPN hop is obtained.
• For a VPN hop on IP, the advantage is that the number of calls can be limited by
direction (to a given node) to take network bandwidth limitations into account. This is
because managing % IT VPN on the IP network does not allow limitation by direction
as the same trunk group can be used for overflow to several nodes.
• For a VPN hop on a support other than IP, another advantage is that limitation by
direction can be configured and trunk group resources distributed on the different
directions. A minimum number of calls (by direction) can thus be ensured.
Counters are used to monitor these thresholds. When a limit is reached, an incident is
generated and the standard overflow mechanisms are used (see § Interaction with the
overflow services ).
routed over the public network. The ABC-F service level is not maintained.
2.6 Charging
For each VPN hop, a charging ticket is generated on the node where the VPN overflow took
place. An attribute on the charging ticket is used to identify the VPN character of the call.
To recognise a call using VPN overflow, analyze the Network Service attribute ((K)).
Network Service
This attribute is used to know the network services used during the call. It comprises six fields:
Field Meaning Value
V VPN I:ISVPN V:VPN
S ARS S :ARS
A Abbrev. C:central I:individual
T Charge unit D: during E: end S: start
M Mini Messaging M:mini mess.
R Forwarding B: busy R: no reply U:
unconditional
If the service is not used for the call, the corresponding field is left blank.
Therefore, if the VPN overflow has been implemented for the call, the V field in the network
service attribute will contain the letter V.
3.1 General
VPN overflow management includes the following actions:
- declaration of the VPN timer,
- VPN hop declaration, used to take into account VPN links by the routing application,
- declaration of the trunk groups,
- VPN number declaration, a small quantity of numbers must be reserved in the local
numbering plan to route the calls that are overflowing,
- management of service access authorizations,
- validation of the VPN service.
When the service has been correctly parametered, it must then be authorized on the node.
Note: For the particular case of voice on IP, see module ABC link through IP - Overview
Maximum number of other : Used for VPN overflow on a non IP trunk group.
calls Enter the maximum number of calls allowed on the trunk
group.
Default value: -1 (no check).
During a call establishment on the public network, the usual procedure implies that there is a
connection followed by data exchange on the B channel. To call certain subscribers or
services, information may be sent in the B channel before the "connection" message. This is
the case of the "Minitel" in France. This procedure offers the advantage of delaying the start of
charging, since it begins as soon as the "connection" message has been sent.
In this case, and when there is a VPN overflow to reach the trunk group providing access to
these types of service, the VPN hop must be connected immediately. In this way, the
originating node can listen to the B channel.
Object name: Trunk Groups > Trunk Group
Attributes:
Immediat Trk Listening if VPN hop : Yes, used to connect the VPN hop immediately
when the trunk group sends information on the B
channel before the "connection" message.
IP compression type : Select "Default", except in case of a VPN
overflow used for voice on IP.
The DPN associated with the VPN number must be described and its Installation Number
(NDI) and Additional installation number entered.
In fact, the installation number (NDI) will be transported to the signaling at the same time as
the local VPN number, and if no route list has been declared on the node which initiated the
VPN call, it will be used to construct the numbering sequence which will be dialed to establish
the VPN hop.
The NDI is generated and introduced systematically by the ISDN in the call establishment
message if the subscriber has not used the secret identity. It corresponds to the directory
number of the user installation from where the ISDN connection request was sent. This is a
number from the ISDN numbering plan.
The aditional installation number is used in the event of an inverse DDI translation failure. The
complete ISDN number is obtained by adding the number to the installation number (NDI).
Object name: Translator > External Numbering Scheme > Numbering Plan Description
Attributes:
Name : Give a name to the NPD.
Install. number source : Select “NPD source" as the installation number
source, i.e. this NPD (NPD: Numbering Plan
Descriptor = DPN : Numbering Plan Descriptor).
Installation number : Give the installation number, i.e. the the root of the
installations DDI number. This parameter appears only
if "Install number source = NPD source."
Default number source : Select the source of the default number or the
additional installation number; the entity, NPD or No
default number.
Default number (num. inst. sup.) : Give an additional installation number, i.e. the number
of an accessible SDA set (e.g.: Attendant). This
parameter only appears if “Default number = NPD
source".
If necessary, complete the “Installation No (ISDN)" and “Num. inst. sup (ISDN)" parameters in
the Entities object.
VPN Type : Select “Remote (Route list No.)" for the remote VPN overflow
management.
Object name: Categories > Access Category > Public Access Category
Attributes:
Public Network : Enter a value between 1 and 31.
Category
Area Number : Choose an area number between 1 and 64.
External accesses
Night / Day / : 1 : indicates that the set can use VPN hops,
Mode1 / Mode2 0 : Indicates that the set cannot use VPN hops.
4
4.1 Description
The hop must be declared between two nodes which have incoming and outgoing access to
an external network. These hops must be declared in all the nodes of the sub-network where
the VPN hop is possible. The broadcast mechanism will update all the databases with this
table.
Declaration of VPN hops
Node X - Node Y: 1-2
Network 1: 10
Network 2: 10
In order to define the VPN number, you must select the method, either with or without routing.
The method with routing uses the ARS functions to select the outgoing overflow trunk group. In
the event of a fault, it is used to go to the next route, and therefore to another trunk group.
The method without routing directly gives the number to be called in the local node.
The selection of the method with routing also uses the method without routing. In fact, the
method without routing is always the last possibility when all the routes have failed.
The following operation describes a VPN hop from node B to node A.
Configuration of VPN numbers
Declaration of the local VPN number: Node A Declaration of the remote VPN number: Node
B
Number: 0009 Number: 0009
Prefix meaning: VPN Overflow Prefix meaning: VPN Overflow
Prefix information: 11 * Prefix information: 1 (Route list)
VPN type: Local (NPD No.) VPN type: Remote (Route list No.)
5
5.1 Incidents
In the event of VPN service abnormal operation, incidents will be output. These incidents are
used to diagnose the operation of the VPN service.
Incident 4099: B channel choice error
This incident occurs during an attempt to establish a call by the ABC-F trunk if the remote
node rejects the proposed B channel. In normal operation, this incident should not occur since
the same number of B channels must be declared at each end of the link.
Three parameters are given:
- the number of the B channel that has been refused, used to verify link management,
- the number of the link, used to identify the remote node,
- the call direction (incoming or outgoing).
If this incident occurs, there is a problem in B channel management. The problem must be
resolved before implementing VPN overflow.
Incident 4100: Inconsistency of VPN node list
This incident indicates an incompatibility between the call to be established and the path
returned by the routing application. One parameter is given:
- the number of the remote node.
If this incident occurs, you must identify the operation which is concerned.
Incident 4101: Maximum number of trunks on an access is overflown
This incident is output if the number of equipments accessing the resources (B channels) is
greater than the number of resources.
If this incident occurs, it means that the link is under configured. It can occur even if VPN
overflow is not authorised on the system.
Incident 4102: Lack of VPN resources
VPN numbers are required for call establishment in VPN overflow. They are used from the
moment when the terminating node assigns this number to the originating node, up to the
moment of correlation (used to link the ABC signalling to the public network B channel) in the
terminating node. Call establishment can be of varying length depending on the overflow
medium (analog, ISDN, PCM, etc.).
This incident occurs if all the VPN numbers are being used when a VPN overflow occurs.
Three parameters are given:
- the value of the VPN service authorisation parameter on the node,
- the number of local VPN numbers declared on the node,
- the number of local VPN numbers being used on the node when the incident occurs. This
must be equal to the previous parameter, conditioning the incident.
If this incident occurs, check that VPN overflow is authorised on the node and increase the
To display all the local VPN numbers, enter the command: lookvpn -l all.
+)( < ) 9
# - 2 5 #
# 50 50 2 2 #
2 # 2 2 2 2 #
5 # 50 50 2 2 #
# 2 2 2 2 #
8 # 2 2 2 2 #
0 # 2 2 2 2 #
1 # 2 2 2 2 #
4 # 2 2 2 2 #
A # 2 2 2 2 #
B # 2 2 2 2 #
2 # 2 2 2 2 #
22 # 2 2 2 2 #
25 # 2 2 2 2 #
2 # 2 2 2 2 #
28 # 2 2 2 2 #
20 # 2 2 2 2 #
21 # 2 2 2 2 #
24 # 2 2 2 2 #
2A # 2 2 2 2 #
2B # 2 2 2 2 #
5 # 2 2 2 2 #
52 # 2 2 2 2 #
55 # 2 2 2 2 #
5 # 2 2 2 2 #
58 # 2 2 2 2 #
50 # 2 2 2 2 #
51 # 2 2 2 2 #
54 # 2 2 2 2 #
5A # 2 2 2 2 #
5B # 2 2 2 2 #
# 2 2 2 2 #
+)( =,,CD%*
8 . 5 . 5 2
- & 3 E &2 3 E
9
8
F
3 7 +)( 3 /<%%
;- ";
;
7 2
5
"50 > < 7 2
/
+ 7 2
! " # $ # %&'
# ()* # +)( , (
# %">
> # +)( **! (