🧱 QOS & Firewall Configuration
🧱

QOS & Firewall Configuration




What Is VoIP QoS & How It Boosts Call Quality?

What is the main concern for businesses thinking about switching to Voice over Internet Protocol (VoIP) from traditional analog phones? The quality of internet-based calls.
When selecting a VoIP provider for business, reliability is crucial, influencing buyer decisions.
Interested in VoIP QoS (Quality of Service) and its impact on call quality? Continue reading to learn more.

Key Takeaways

  • Ensuring VoIP Quality of Service is essential to avoid packet loss and latency, enabling seamless communication during peak network times, especially for video conferencing.
  • Quality of Service (QoS) includes processes such as classifying, marking, shaping, and queueing data packets, prioritizing real-time data like voice and video for smoother transmission.
  • For optimal call quality and user experience, it is best to select a dependable provider, utilize wired connections, and monitor network performance.


What is the Quality of Service for VoIP?

QoS manages data packets to prioritize important ones,  reducing packet loss, jitter, and latency. 

Boost Call Quality with VoIP QoS Components

QoS consists of 6 key components that address specific issues and offer significant benefits for your calls:

ElementMeaningProblems AddressedBenefits
Bandwidth AllocationEnsures there’s enough data capacity for smooth voice calls.Call drops and quality issues during high traffic.Reliable voice communication in high demand.

Managing LatencyControls wait time before data transfer begins.Delays in conversations.Minimizes lag, improving user experience.

Jitter ControlManages variation in data arrival times.Choppy or dropped audio.Consistent and high-quality voice transmissions.

Packet Loss PreventionPrevents loss of voice data in the network.Interruptions in conversations.Reliable voice transmission without data loss.
Traffic PrioritisationPrioritises voice traffic over other data types.Call quality issues during peak usage.
Ensures clear voice communications.

QoS Policies and MechanismsRules and techniques for managing voice service quality.Interrupted meetings, poor audio, delays, dropped calls.Reliable and high-quality communication.

Recommended Practices for VoIP Quality of Service

Adopting these practices will ensure consistently excellent call quality:

  • Frequently verify your internet connection to ensure your network provides adequate bandwidth for VoIP calls.
  • Use reliable Ethernet cables : Choose CAT6 Ethernet cables to improve data transfer and reduce latency.
  • Disable VPN : If you're using a VPN, please either disable it completely or refrain from using it while accessing CloudOne Services.
  • Use wired instead of wireless networks: Wireless (WiFi) networks deal with increased latency due to wireless interference, distance between devices, and lack of stability (walls can slow down your WiFi, for example). Consider the benefits of using wired connections where possible.
  • Monitor your network: Keep an eye on metrics such as latency, ping, and jitter, as these can indicate potential network congestion.

  • ISP Plan: ISPs offer business-class & home internet. Business Class & Dedicated Internet connection are preferred. Most ISPs (Internet Service Providers) prioritise services such as web surfing while neglecting VoIP. Transporting voice packets requires an additional set of Internet Protocols that your ISP may not be providing. Ask your ISP to Prioritise VoIP

  • Router does not support VoIP. Ensure network routers support VoIP prioritisation. Small businesses often use one internet connection for both voice and other data traffic. Therefore, if the router is not configured to prioritize VoIP traffic, call quality can be impacted by other interactions taking place over the network. For example, a file download could downgrade the quality of a phone call taking place if the router doesn't have the instructions or capability to allocate resources for the phone call.

  • Best VoIP Hardware for High-Quality Calls:

      •  Example: A business upgraded to QoS-compatible VoIP routers and experienced a 30% improvement in call clarity.
      •  Takeaway: The right VoIP hardware improves reliability and reduces call issues.
    • QoS-Enabled Routers â†’ Support VoIP traffic prioritization
    • Gigabit Ethernet Switches â†’ Ensure stable network connectivity for VoIP.
    • Noise-Canceling VoIP Headsets ie Yealink Headsets→ Reduce background interference.

    • It is recommended to consider the following recommended Mobile specifications:

      • iOS 15+ | Android: Version 8+ with 4GB RAM 

    • It is recommended to consider the following recommended User PC specifications:

        • Intel i3 / AMD Ryzen 3 or higher (Processor)

        • RAM 4GB (memory)

        • Disk Type = SSD (Solid State Drive)

        • Windows 10/11 or macOS Operating System

        • Google Chrome requires Version 87 or later

        • USB Port or Audio Port for Mic Headset

      • Please note that this is the minimum recommended specification.

      If the customer's PC is not to it’s optimum performance, it can be upgraded with some components, like additional RAM (Memory), Hard Disk type, and others. With this, VOIP quality is not guaranteed if other installed applications require a lot of resources.


    • Required Client System Permissions

      • Microphone: Mandatory for making and receiving audio and video calls.
      • Contacts: Required to synchronize your phone's native contacts with the Linkus app, allowing you to call mobile contacts through the PBX system.
      • Nearby Devices (Bluetooth): Required on Android 12 and later to use Bluetooth headsets or earphones for calls. The app may refuse to place calls if this is not granted.
      • Phone/Call Logs: Necessary for the app to manage calls, view call history, and set Calling App as your default phone application.
      • Notifications: Essential for receiving alerts for incoming calls and instant messages

      • Feature-Specific Permissions

        • Camera: Only required if you intend to use video conferencing or one-on-one video calls.
        • Storage/Files: Needed for Instant Messaging (IM) if you plan to send or receive images and files through the app's chat feature.
        • Location: While not always strictly mandatory for calling, some network-related features or advanced security settings may request this.


Do I need to configure my on-premise firewall for Cloud One SIP Trunks?

Yes , The customer is responsible for a firewall & quality of service configuration at customer site as per the router or firewall vendor recommendations

The following recommendations are guidelines for your router or firewall for Cloud One SIP Trunks

  1. Use multiple reliable DNS servers in your networks i.e 1.1.1.1 , 1.0.0.1 , 8.8.8.8, 8.8.4.4
  2. Cloud One Voice Switch signal & media server host are cs01.cloudone.co.ke or ls02.cloudone.co.ke with UDP port 5060 as signaling
  3. Give priority to voice packets on your network using the DSCP tag with the value 46 (EF 101110).
  4. Whitelist Cloud One Voice Switch signal & media server host on your firewall
  5. Prioritise VoIP packets (SIP UDP Port 5060 & RTP UDP Ports as per you IP PBX Vendor requirements) & reserve 128 kbps (High Definition Voice) for each voice channel to Cloud One Voice Switch for QOS
  6. Disable SIP ALG on your firewall - This is mandatory

  7. Multiple ISP Connections should be configured correctly to handle VoIP connectivity

    1. Use failover for VoIP packets instead of load balancing to connect to Cloud One Voice Switch
    2. Use manual outbound NAT for each ISP connection
  8. Firewall should be in conservative mode to preserve VoIP session states
  9. Static IP or a Dynamic DNS Service is mandatory for your ISP Connection for whitelisting on our Cloud One central firewall
  10. SIP & RTP port forwarding & inbound NAT for each ISP connection from our Voice Switch host to your IP PBX Local IP for Peer based SIP Trunk
  11. It is Mandatory to inform Cloud One every time on your new or change of ISP static public IP or DDNS hostname for whitelisting on Cloud One's Central firewall. Failure to inform Cloud One will result in your connection getting blacklisted on our network & service becoming unavailable.

  12. Whitelist Cloud One Remote Management Host on your firewall for Cloud One SIP Trunk remote support or paid support tickets

    1. saachi.cloudone.co
    2. remote.cloudone.co
    3. mgmt.cloudone.co
  13. Configure remote management port forwarding for each ISP connection from Cloud One Remote Management Host to IP PBX Local IP.
  14. There are instances where you do not have access to your firewall,  Contact your ISP , managed firewall service provider or firewall vendor for assistance 
    • ISP is managing your firewall
    • You have a managed firewall service from a 3rd party
    • Lost admin access to your firewall

If you are unable to configure your firewall with the above guidelines then your voice connection will not be optimised & voice quality affected

Firewall configuration service is a chargeable  support  service & will be quoted separately depending on the firewall.  We will require admin access to the firewall


Do I need to configure my on-premise firewall for Cloud One hosted phone system?

Yes , Customer is responsible for your voice optimised firewall & QOS configuration at customer site as per the router or firewall vendor recommendations

The following recommendations are guidelines for your router or firewall for the hosted phone system.

  1. Use multiple reliable DNS servers in your networks i.e 1.1.1.1 , 1.0.0.1 , 8.8.8.8, 8.8.4.4
  2. To ensure quality of service - Prioritise voice packets (TCP 443 , SIP 5060-5061, Tunnel 5090/8111 & RTP 9000-12000 Ports & reserve 128 kbps for each voice user to your phone system host FQDN i.e customer.cloudone.co.ke or customer.3cx.uk or customer.cloudone.co
  3. Give priority to voice packets on your network using the DSCP tag with the value 46 (EF 101110). This tag is carried by all packets coming in and out of the Cloud One Simu Connect app.
  4. Whitelist the phone system host on your firewall
  5. Disable SIP ALG on your firewall

  6. Multiple ISP Connections should be configured correctly to handle VoIP connectivity

    1. Use Failover instead of load balancing to connect to your phone system host  
    2. Use Manual outbound NAT
  7. Firewall should be in conservative mode to preserve VoIP session states

  8. If you are connecting your telephone lines using a VoIP Gateway at your premise. you will also need to do the following:

    1. This setup requires a static IP from your ISP or subscribe to a Dynamic DNS Service for all your ISP connections 
    2. Configure SIP & RTP port forwarding & inbound NAT for each ISP connection from your phone system host to VoIP Gateway Local IP
    3. It is Mandatory to inform Cloud One every time on your new or change of ISP static public IP or DDNS hostname for whitelisting on Cloud One's Central firewall & phone system host. Failure to inform Cloud One may result in your connection getting blacklisted on our network & service becoming unavailable.
    4. To ensure quality of service for your telephone lines - Prioritise voice packets (Both SIP & RTP) & reserve 128 kbps for each line to your phone system host ---VoIP Gateway Local IP & VoIP Gateway Local IP -- phone system host
    5. If you are using a VoIP GSM Gateway, ensure it is installed where there is maximum signal reception from the mobile operator. Bad signal reception will result in bad quality telephone line connections. You can improve signal reception by installing an external GSM antenna for for GSM line

  9. 3rd Party SIP Trunk Support or paid support tickets requires the below configuration on your firewall

    1. Whitelist Cloud One Remote Management Host on your firewall.

      • saachi.cloudone.co
      • mgmt.cloudone.co
      • remote.cloudone.co
    2. Configure remote management port forwarding for each ISP connection from Cloud One Remote Management Host to VoIP Gateway Local IP

There are instances where you do not have access to your firewall

Contact your ISP , managed firewall service provider or firewall vendor for assistance 

  • ISP is managing your firewall
  • You have a managed firewall service from a 3rd party
  • Lost admin access to your firewall

If you are unable to configure your firewall with the above guidelines then your voice connection will not be optimised & voice quality affected

Firewall configuration service is a chargeable  support  service & will be quoted separately depending on the firewall.  We will require admin access to the firewall