With so many employees working from home for the foreseeable future, many IT professionals might decide to route Voice-over-IP (VoIP) traffic across a virtual private network (VPN) along with all the user’s other data. But because VoIP is so sensitive to overall network performance, there are important things you should consider before making this move. Sure, when it comes to improving the Session Initiation Protocol’s (SIP) security, using a VPN is definitely a viable tactic. Doing it right, however, is all in the details.
For example, if all you want to do is to make an occasional Microsoft Skype call to some place where Skype isn’t allowed, such as to some countries in the Middle East or to China, then most consumer-grade VPN services will do the trick. However, if your business uses a VoIP communication service, like RingCentral Office, for routine calling, then using a VPN service where you need to set up the connection each time you want to make the call might be impractical. Likewise, using a VPN intended for low-volume use from a home or small business network may not be up to the task. Instead, it’s time to look for a VPN that’s intended to be used in a VoIP environment.
And this brings us to a short tangent: while a more specialized VPN certainly sounds good, what makes it more complicated these days is the pervasive work-from-home trend. That’s forcing IT managers to rely on home-oriented wireless routers to manage much of their traffic load. Though these routers are often a lot more sophisticated than people think (as long as they’re willing to dig into the management interface a bit), the problem for IT is that they’re likely looking at a dozen or more different kinds of such routers across the entire workforce. That can make advanced configuration extremely tricky, since it’ll vary from router to router and IT will need to support all of them. If VoIP performance is key to your business, then whether or not you’re looking to add a VPN into the mix, it’s probably a good idea to consider having the business bear the expense of standardizing on one or two router models for home workers.
Back to VPNs. The reason for a specialized VPN has to do with the nature of voice traffic and with the specific requirements to make such traffic work efficiently across a business network. Those requirements include the ability to understand and leverage advanced network management tactics, like Quality of Service (QoS), which not only protects specific kinds of traffic but can also help reduce latency. That’s a key capability for VoIP so you can enjoy freedom from undesirable network characteristics (such as jitter), and the ability to maintain a reliable connection so that users don’t experience drops in service.
Why You Need QoS
QoS is necessary because you need to ensure that your voice traffic consistently has the bandwidth it needs to function. Without it, network congestion may interrupt voice calls or it may degrade service to the point that it’s unacceptable. And on the flip side, your VoIP traffic may also disrupt other applications that your workers need to do their jobs. Unfortunately, QoS settings don’t normally survive once your connection leaves your internal network and reaches the internet.
With a VPN connection, however, the virtual LAN (VLAN) you’re using to ensure proper treatment of your VoIP connection can extend outside of your premises, at least to the other end of that connection at the VPN server. For this to work, you need to make sure that your VPN service will handle your VLAN and QoS appropriately. This is generally not a problem if the other end of your VPN connection is in one of your remote offices. Otherwise, it could be a problem.
Low and consistent latency is a bigger deal than you may think, until you remember the last time you spoke with someone who was using a satellite phone. Then the delays involved made conversation difficult because you repeatedly had to pause your conversation to gauge whether or not the other person was speaking. It doesn’t mean you can’t communicate, but the conversation isn’t natural.
That’s enough of a problem that the International Telecommunications Union (ITU) set a standard for maximum latency, which is 150 milliseconds (ms) for each direction of a call. This means it’s 300 ms for a round trip. This 300 ms is long enough that conversation is already starting to become difficult so a shorter transit time is better.
This 150 ms needs to include the entire trip, from the time a sound is uttered by one caller until it’s heard on the receiving end. This means it must include the time required to digitize the voice content, the time to encrypt it, the time for the sound to propagate through the network, the time to decrypt it, and finally the time to turn it back into sound. While a casual call (such as you would make on Skype) might probably survive longer latency than that, this is not something you’d want to experience in a business environment.
And, of course, you also need to avoid network problems such as jitter, which can make a voice call unintelligible. Jitter happens when packets arrive with differing latency, meaning that packets may arrive out of order, some may be dropped, and some parts of the voice communication may have delays when others don’t. If you’ve ever heard a cell phone call when the caller’s voice on the other end suddenly sounds broken up, with the voice making “burbling” sounds, then that’s what jitter sounds like. And, of course, you want to avoid drops in service, but since you already use a cell phone, you know what that’s like.
For your business VoIP implementation, you’ll need a VPN gateway that’s designed to connect your network to another network. That other network can be a remote office or it could be in the office of an employee working remotely. What’s important is that the VPN gateway be optimized for voice service. On most networks, whether you’re running voice over your data network or whether you have a separate VoIP network, you should have a dedicated gateway for the VoIP VPN and nothing else.
In addition, you should consider using a VPN service that’s engineered specifically for VoIP communications. This is likely available from the VPN services we’ve reviewed, but you’ll need to contact the company to ensure that the VPN service will meet your needs for the call quality you want. In addition, you will need to discuss the goals of your VoIP VPN with prospective providers. Do you need to make VoIP calls to countries where VoIP isn’t permitted or are you simply trying to make sure your VoIP connection is secure?
Addressing Security Concerns
If what you’re looking for is better security across your VoIP connections, then you may not need a VPN provider at all, as long as you can set up your own encrypted tunnel between offices. On the other hand, if you have remote workers who will be making VoIP calls from the field, then you may need a VPN provider that can handle such calls since you won’t have full control over both ends of the connection.
And, of course, if you’re trying to make VoIP calls where they aren’t permitted, then you’ll need to find a provider with a server in your target country. But even that may not be enough. Some state-owned postal telegraph and telephone (PTT) companies won’t allow VoIP traffic on their internet services at all. In these cases, you may be stuck with old-fashioned telephone services.