Avaya Communication Manager 3.

0
Control Network Architecture
Job Aid

Rick Olmedo
Copilot Convergence Engineer- NAR
rolmedo@avaya.com
(303) 538-5197

1.0 Introduction
2.0 Control Network Architecture
2.1 Best Practices for Network Design
3.0 Main Site Private CNA, CNB with Remote PNs on Public LAN
4.0 Multi Site CONCL using merged customer and control network.
5.0 Multi Site Critical Reliability using extended private networks
6.0 Appendix A: Sample Configurations
7.0 References

1.0 Introduction

This job aid provides implementation and installation recommendations for implementing the
Control Networks for an S87x0 Media Server series system on customer LAN/WAN.

Prior to Avaya CM 2.0, the S87x0 Media Server series Multi-Connect Control Network was
required to be implemented on a private, dedicated network (see figure 1). With the introduction
of Avaya Communication Manager 2.0, customers had the option of implementing the Control
Network on their existing enterprise LAN infrastructure. It should be noted however, and taken
into serious consideration that a private, dedicated Control Network provides the highest level of
system reliability and availability. In addition since the system is isolated this interface is less
prone to security issues. A non-dedicated network has the potential of being vulnerable to certain
attacks, which in turn could impact the entire IP Telephony system.

Avaya CM 2.0 also introduced the S87x0 Media Server series IP-Connect systems in High
Reliability configuration (figure 1). In this configuration the Control Network is duplicated,
(typically referred to as Control Network A and Control Network B). The same configuration
rules as the S87x0 Media Server series Multi-Connect system, apply to the S87x0 Media Server
series IP-Connect system, in particular the customer has the option implementing their IP
Connect System Control Network on a dedicated, private LAN.

AVAYA - PROPRIETARY
rolmedo Page 1 12/09/2021
 S8700 Server A S8700 Server A

CN-A CN-B CN-B

CN-A
Ethernet Sw A Ethernet Sw B Ethernet Switch
Customer or Avaya
Provided

T T T T T
N N N N N
2 7 2 Network Region 1 2 2
9 G650 3 G650 3
3 3
9 Carrier 0 Carrier 0
1 1
D A 2 B 2
2 2
B P A B A
P P P P

Provided
WAN

CLANs reccomended
at Remote Locations

CN-A Network Region 2 CN-B

Ethernet Switch
Ethernet Sw A Ethernet Sw B Customer or Avaya
Provided

T T T T T
N N N N N
2 7 2 2 2
9 G650 3 G650
3 3 3
9 Carrier 0 Carrier
1 1 0
D A 2 B
2 2 2
B P A B A
P P P P

Figure 1. S8700 IP Connect High Reliability system – Private Control Network

Avaya CM 3.0 now introduced Mixed-PNC along with an optional ESS as a backup strategy.
Mixed Port Network Connectivity (M-PNC) allows customers to combine traditional bearer
connectivity within a Center Stage Switch (CSS) or ATM-PNC with IP bearer-connected port
networks. Customers are able to have some of their port networks remain fiber connected, while
converting/adding other port networks as IP-bearer connected.
Note that a single system cannot consist of both a CSS and an ATM-PNC. Mixed PNC support
includes the following configurations:

 ATM-PNC and IP Connect

 CSS and IP Connect
 Direct Connect EI and IP Connect

Each S87x0 Media Server series Multi-Connect system is configured in one of three reliability
options: Duplex, High and Critical. Each S87x0 Media Server series IP-Connect system is
configured in one of the two reliability options: Duplex, and High.
With CM 3.0 and the introduction of Mixed-PNC, mixed reliabilities are allowed to co-exist such
that a customer’s main location that is a critically duplicated system can co-exist with a remote
location consisting of simplex IP control and bearer connected port network. For example, a
remote non-duplicated IP port network (single IPSI, single MedPro) may be added to a Critically
Reliable CSS configuration. See the examples in figure 2 & 3 below.
AVAYA - PROPRIETARY
rolmedo Page 2 12/09/2021
 Remote Merged to
Prior to CM3 Main with CM 3.0

Main Location
Remote System ESS
S87XX S87XX S87XX S87XX S8500B
S8500B
Control Network
Control Network Control Network Control Network
Control Network Co ntrol Network

IPSI
IPSI IPSI IPSI IPSI IPSI IPSI IPSI IPSI IPSI

G650 G650
MCC1 or MCC1 or
MCC1 or SCC1 EPN MCC1 or SCC1 EPN IPSI
SCC1 EPN IPSI SCC1 EPN
DS1 IP Media
G650 IP Media
G650
EI EI EI EI EI EI IP Media
DS1
IP Media

ATM Switch
IP PNC ATM Switch
IP Bearer Network
IP Bearer Network
Multi- Connect PNC System
Critical Availability Mixed PNC for High or
Critical Availability

Figure 2. Merge Remote IP PNC System into Main

Mixed PNC Leveraging

Converged Network with
Prior to CM3 CM3 Optional
Main Location Adding Main Location
Remote Port
Network S87XX S87XX ESS
S87XX S87XX
Control Network
Control Network Control Network Control Network
Control Network

IPSI
IPSI IPSI IPSI IPSI IPSI
IPSI IPSI IPSI IPSI
G650 MCC1 or G650
MCC1 or MCC1 or SCC1 EPN
MCC1 or SCC1 EPN SCC1 EPN IPSI
SCC1 EPN
DS1C
G650
IP Media
G650
DS1C EI EI
EI EI IP Media
EI

ATM Switch ATM Switch IP Bearer Network

From 1 to 4
T1s
Multi- Connect PNC Mixed PNC
High Availability High Availability

Figure 3. Adding a Remote Port Network

Note that within a Mixed-PNC environment, there can only be one CSS. That
is, one center stage switch with up to three (3) switch nodes. Customers
with more than one CSS system who wish to combine them will need to
designate only one as the main CSS. The remaining servers may be
used/converted to Enterprise Survivable Servers (ESS).
AVAYA - PROPRIETARY
rolmedo Page 3 12/09/2021
2.0 Control Network Architecture

The Control Network is the network that carries control messages between the S87x0 servers and
the IP Server Interface (IPSI) Boards (TN2312). In a High or Critical Reliability system, the
Control Network is duplicated – providing redundant Control Network A and Control Network B
configurations. Pre- CM 2.0 had isolated “private control” networks, and had non-IP paths (i.e.
fiber) for the bearer (voice) traffic between networks. With the introduction of “Control
Networks on Customer LAN” or CNOCL we now have the possibility of control signaling traffic
between the S87x0 Media Server series call controller and the IP Server Interface board(s)
(IPSI), which reside(s) in the Port network now sharing resources with other data network
processes and activities (i.e. computer data traffic). Implementing a Control Network on
customer LAN also allowed for WAN remoted IPSI Port Networks.

CNOCL introduces several new problems with were not present previously with private control
networks and requires best practices network engineering and design to provide a highly reliable
link between the servers and the port networks.

 Best Practices – Network Engineering

o Network tolerances: Minimize Jitter, delay, & packet loss. For all VOIP
installations, Avaya recommends the following network requirements:
 Average packet loss less than 1%
 One-way packet delay less than 80 msec
 Less than 20 msec of packet jitter (RFC 1889)
o Implement VLANs/subnets to separate voice and data
o Implement a network QOS strategy (QOS Checklist)
o Design sufficient bandwidth for control & bearer traffic (ESS & Signaling)

 Best Practices - WAN remoted IPSIs

o Minimize short, intermittent outages < 3 sec
o Minimize route flaps
o Plan a strategy for prolonged outages
 Back-up Servers (ESS)
 Redundant Links

Remember that if the active IPSI connection is lost for more than three (3) seconds, the system
will attempt to migrate the links to another connection and result in a port network outage. This
can be either another IPSI in the same PN as in the case of duplicated IPSIs, or the links can be
routed from the EI board through the center stage switch (or ATM switch) to an IPSI in another
PN, which will cause a PN warm reset.

An interchange between IPSIs will be transparent to the user. It will take approximately 2
seconds to move links from an IPSI to an EI. These links will reach the Call Server through
another IPSI in the system. IPSIs that are in fiber connected PNs and will be chosen
preferentially. They will be load balanced up to five PNs per IPSI. The DS1-Converter (DS1C,

AVAYA - PROPRIETARY
rolmedo Page 4 12/09/2021
TN1654) connected PNs with IPSIs can handle two PNs and will be used after all IPSIs in fiber
Connected PNs are loaded with their maximum. There is no way to steer the links in a system to
a known state. The assignment is dynamic at boot time.
When links are transitioned to an EI, the PN will be “warm” started. The warm reset of the PNs
also causes CLAN links to teardown and re-establish. Even though this behavior assures that
active calls will stay up, it might cause loss of data for transient calls (in the process of set-up or
tear-down), missed lamp updates, and critically re-registration of IP-phones. The result is that
even a very “short” data network outage (three seconds or more) can cause links to migrate to EI
connections.

2.1 Best Practices

Although there are many choices for control network architecture, this job aid will address only
the most common configurations (refer to Appendix A for other configurations).

The following sections illustrate common methods for establishing the control connection
between S87x0 servers and IPSI-connected Port Networks. They identify advantages and
disadvantages of each, so customers can select the appropriate solution for their environment.

3.0 Main Site Private Control Network A & B with Remote PNs on Public LAN

Location 1 Location 2
IP WAN
#1
CNA CNA

Community 1

IP WAN
#2
S8500 ESS
S8710 Local Only
Primary Servers = ETH0/Default Gateway
= ETH0 = ETH2
= ETH3 = ETH3
= ETH4/Default Gateway/
Firewall allows control signaling (“CNC”)

I
P B
S Carrier
I

I
I P A
P A S Carrier
S Carrier I
I

Signaling Analysis:
Eth4 (S8710) signaling networks extended across WAN
Linux bash command (cnc on) executed to change firewall rules to allow signaling across Eth4
Eth0 (ESS) signaling network for local LAN only
Eth0 and Eth3 (S8710) signaling network isolated from Corporate LAN
Failure or disruptions > 3 seconds of the active WAN network will result in PKINT failure
Updates and browser access over Eth4 (S8710) and Eth0 (ESS) which is the default gateway

Figure 4. Private Control Network A & B with Remote PN

AVAYA - PROPRIETARY
rolmedo Page 5 12/09/2021
This example shows the connection of a local private control networks using the customers
existing public enterprise network and redundant WAN links to provide connectivity to a remote
site with a IPSI controlled gateway and a 8500 ESS server. The Local Control networks are
designated as private in this case because the IP addressing of these control networks will not be
routable through the Enterprise network. The control network at the remote site is designated as
public because it is fully routable through the Customers Enterprise network. The Control
connection from the S87x0 to the remote IPSI is established through the “Public” or the third
interface connected to the customers public Enterprise space (Eth4). This configuration is
particularly appropriate for large main sites which require a fully redundant architecture, with
smaller remote sites that do not require the same level of redundancy.

This design provides for total protection of the local control networks from any enterprise
network failures. But the remote site may be affected by enterprise network issues. Configuration
is simplified, because the default route of the “CNC” interface (Eth4) will allow the CNC
interface to communicate across the enterprise routed network infrastructure, without requiring
static routes. It must be noted that in using this design, it is NOT possible for the ESS to take
control of the primary site PNs, since there is no IP path.

Advantages: The dedicated Control network provides total isolation from outages in the
Customer network, so all Local TDM communication can remain active during total Enterprise
network failure. There are no static routes to maintain.

Disadvantages: The Remote site can be affected by Public Enterprise Network issues. The
Remote ESS server cannot Control the port networks at the S8700 controlled location.

4.0 Multi-Site CONCL using merged customer and control network.

AVAYA - PROPRIETARY
rolmedo Page 6 12/09/2021
 Location 1 Location 2

Community 1

S8500 ESS
Local Only
= ETH0/Default Gateway
IP WAN = ETH2
= ETH3
S8710
Primary Servers
= ETH0/Default Gateway
= ETH3
= ETH4

I I
P B P A
S Carrier S Carrier
I I

I
P A
S Carrier
I Signaling Analysis:
Eth0 (S8710) signaling networks extended across WAN
Eth0 (ESS) signaling network for local LAN only
Eth3 (S8710 signaling network isolated from Corporate LAN
Failure or disruptions > 3 seconds of the active WAN network will result in PKINT failure
Updates and browser access over Eth0 (S8710) and Eth0 (ESS) which is the default gateway
ESS (local only) can see and control local IPSIs (cannot see B carrier IPSIs at location 1)

Figure 5. Merged customer and control network

This example shows the connection of the two private control networks to the customers
Enterprise network through Eth0 making them public. They are designated public in this case
because the IP addressing of these control networks must be routable through the Enterprise
network. This design is a common ESS strategy because it allows the remote site to gain control
of the primary sites port networks. But it opens the control networks to all network issues
experienced in the enterprise. Firewalls or strong access lists should be used to protect each sites
control network, but inter-site connectivity cannot truly be protected. The use of the third
interface (Eth4) connecting to the customer infrastructure for management is no longer
necessary, and can be collapsed on the one of the other two networks (Eth0 or Eth3). Reliability
can be improved by maintaining dedicated layer 2 switches for the local control network at each
location. Static routes are not required when Control Network functionality is combined with
“Corporate LAN” functionality on the same physical interface. This is because the Maintenance
Web allows the user to specify a “default gateway” for this interface, and hence the user does not
need to specify any static routes.

Advantages: Provides a control point to limit traffic allowed on the control network. Uses the
customers, existing network infrastructure.

Disadvantages: This will not allow TDM connections to continue during most network failures.
Static routing is required on both Main and ESS servers, and may become complex depending
on the network architecture. Changes in network architecture will have to be synchronized with
changes in the static route, and will be service affecting.

AVAYA - PROPRIETARY
rolmedo Page 7 12/09/2021
5.0 Multi-Site Critical Reliability using extended private networks
Location 1 Location 2
IP WAN Community 1
#3

IP WAN S8500 ESS

System Preferred
#1 = ETH0
= ETH2
= ETH3/default gateway
S8710
Primary Servers
= ETH0
= ETH3
= ETH4/Default Gateway
IP WAN
Community 1 #2

I
I P B
P B S Carrier
S Carrier I
I

I
I P A
P A S Carrier
S Carrier I
I

Signaling Analysis:
Eth0 and Eth3 (S8710) signaling networks extended across WAN
Eth0 and Eth2 (ESS) signaling networks extended across WAN
Separate signaling networks isolated from Corporate LAN
Failure or disruptions > 3 seconds of the active WAN network will result in IPSI interchange
Static routes administered on servers to communicate with IPSIs across routed network via Eth0 and Eth3 (S8710 and Eth0 and Eth2 (ESS)
Updates and browser access over Eth4 (S8710) and Eth3 (ESS) which is the default gateway
ESS can see and control all IPSIs

Figure 6. Multi-Site Reliability with extended Private Control Network

This example shows the connection of the two private control networks using a dedicated routed
infrastructure. They are designated private in this case because the IP addressing of these control
networks will not be routable through the Enterprise network. This design provides for total
protection of the control networks from any enterprise network failures, and allows remote site
control of the primary sites PNs. In general, static routes and their gateways need to be specified
for IPSIs that are not on the same subnet as their Control Network interface on the Media
servers. With proper architecture, the static routing for CNA and CNB can use a single summary
route.

Example: route 192.168.0.0 255.255.128.0 CNA

route 192.168.128.0 255.255.128.0 CNB

Note of Caution: Whenever possible, Avaya recommends forgoing the configuration of static
routes on the S8700 server. The use of static routes in a dynamically changing environment or
the use of mis-administered static routes will provide inconsistent connectivity.

Advantages: The dedicated Control network provides total isolation from outages in the
Customer network, so all TDM communication can remain active during total Enterprise
network failure. The use of simple summary routes instead of possibly complex static routing
provides for a more reliable system. The synchronization of network changes with
Communication Manger can be logistically difficult.

AVAYA - PROPRIETARY
rolmedo Page 8 12/09/2021
Disadvantages: Requires a dedicated infrastructure.

AVAYA - PROPRIETARY
rolmedo Page 9 12/09/2021
6.0 Appendix A: Sample Configurations
Location 1 Location 2

IP WAN
#1
CNA CNA
Community 2

S8710
Primary Servers
= ETH0/Default Gateway
S8500 ESS
= ETH3
Local Only
IP WAN = ETH0/Default Gateway
= ETH4
#2 = ETH2
= ETH3
Community 1

I
P B
S Carrier
I I
P A
S Carrier
I

I
P A
S Carrier
I

Signaling Analysis:
Eth0 (S8710 Primary) signaling network extended across WAN
Eth0 (S8500 ESS) used for local signaling, browser access, and updates
Multiple WAN Networks for redundancy utilizing Converged Network Analyst
S8500 ESS S8710 Eth3 is not connected to WAN network
System Preferred
= ETH0/Default Gateway
= ETH2
= ETH3

Figure A.1
Location 1 Location 2

Community 1
IP WAN
CNA #1 CNA

S8500 ESS
System Preferred
Priority 50
S8710 = ETH0/Default Gateway
= ETH2
Primary Servers
= ETH3
= ETH0/Default Gateway
= ETH3
IP WAN
= ETH4
#2

Community 1

I
P B I
S Carrier P B
I S Carrier
I

I
P A I
S Carrier P A
I S Carrier
I

Signaling Analysis:
Eth0 and Eth3 (S8710) signaling networks extended across WAN
S8500 ESS Eth0 and Eth2 (ESS) signaling networks extended across WAN
System Preferred Eth0 and Eth3 signaling traffic take same path through WAN
Priority 100 Static routes need to be administered in Servers to support traffic to the IPSIs in the B Carriers
= ETH0/Default Gateway
Multiple WAN Networks for redundancy utilizing Converged Network Analyst
= ETH2
= ETH3

AVAYA - PROPRIETARY
rolmedo Page 10 12/09/2021
 Figure A.2

Location 1 Location 2

IP WAN Community 2
CNA CNA
#1

S8500 ESS
Local Only
= ETH0/Default Gateway
S8710
= ETH2
Primary Servers = ETH3
= ETH0/Default Gateway
= ETH3 IP WAN
= ETH4
#2

Community 1

I
P B
I
S Carrier
P B
I
S Carrier
I

I
P A
I
S Carrier
P A
I
S Carrier
I

Signaling Analysis:
Eth0 (S8710 Primary) signaling network extended across WAN
Eth0 (S8500 ESS) used for local signaling, browser access, and updates
S8500 ESS Multiple WAN Networks for redundancy
System Preferred S8710 Eth3 is not connected to WAN network
= ETH0/Default Gateway
= ETH2
= ETH3

Figure A.3

Location 1 Location 2
IP WAN
#1
CNA CNA

Community 1

IP WAN
#2
S8500 ESS
S8710 Local Only
Primary Servers = ETH0/Default Gateway
= ETH0 = ETH2
= ETH3 = ETH3
= ETH4/Default Gateway/
Firewall allows control signaling (“CNC”)

I
P B
S Carrier
I

I
I P A
P A S Carrier
S Carrier I
I

Signaling Analysis:
Eth4 (S8710) signaling networks extended across WAN
Linux bash command (cnc on) executed to change firewall rules to allow signaling across Eth4
Eth0 (ESS) signaling network for local LAN only
Eth0 and Eth3 (S8710) signaling network isolated from Corporate LAN
Failure or disruptions > 3 seconds of the active WAN network will result in PKINT failure
Updates and browser access over Eth4 (S8710) and Eth0 (ESS) which is the default gateway

Figure A.4

AVAYA - PROPRIETARY
rolmedo Page 11 12/09/2021
 Location 1 Location 2

IP WAN
#1
CNA CNA
Community 1

S8500 ESS
IP WAN Local Only
= ETH0/Default Gateway
#2
= ETH2
= ETH3
S8710
Primary Servers
= ETH0 I
P B
= ETH3
S Carrier
= ETH4/Default Gateway/ I
Firewall allows control signaling (“CNC”)

I
I P A
P B S Carrier
S Carrier I
I

I
P A
S Carrier
I Signaling Analysis:
Eth4 (S8710) signaling networks extended across WAN
Linux bash command (cnc on) executed to change firewall rules to allow signaling across
Eth4
Eth0 (ESS) signaling network for local LAN only
Eth0 and Eth3 (S8710) signaling network isolated from Corporate LAN
Failure or disruptions > 3 seconds of the active WAN network will result in PKINT failure
Updates and browser access over Eth4 (S8710) and Eth0 (ESS) which is the default gateway

Figure A.5

7.0 References

1. Avaya Communication Manager 3.0, Control Network architectural options for

resiliency, Tobey Shipley, COMPASS ID: 109928
2. Best Practices: ESS and Signaling, Timothy Kaye, Copilot Presentation , March 2006

AVAYA - PROPRIETARY
rolmedo Page 12 12/09/2021