CiscoTips

Although this is a Cisco networks dedicated blog, I decided to start a series of tutorial posts about a general technology which is not directly related to Cisco but it is a field in which Cisco is again a major player. This is IP Telephony and Voice over IP (VoIP). The two terms, IP Telephony and VoIP, are related around the same concept but in my opinion they are not exactly the same thing. Many people refer to these two terms interchangeably but they are not exactly the same. So, before moving on lets clarify the difference between IP Telephony and VoIP.

IP Telephony Vs VoIP

IP telephony has to do mainly with digital telephony systems (LAN based IP PBX systems) which use the IP protocol entirely for voice communication. All components of the IP telephony system use digitized voice which is transferred as IP packets through an IP network (usually the LAN network). The telephone handsets (VoIP phones) translate the analogue voice signal into digital voice (binary voice) which is transferred as IP packets from one phone to another. The call control system is usually a software based (softswitch) server which handles all call signaling, call routing, IP phone management etc, again using IP protocol for transport. So think about IP telephony as a bigger concept.

VoIP on the other hand is a subset of IP Telephony. Basically, VoIP is the technology which is used by IP Telephony as the vehicle to transport phone calls. VoIP is the technology in which the analogue voice signal is digitized (analog to digital conversion) and becomes binary numbers in order to be transferred by the IP protocol. VoIP is the basis for the implementation and functionality of an IP Telephony system. VoIP can also be used by legacy TDM based PBX systems to transport voice calls over an IP WAN network or even over the Internet. Special voice gateways are used to connect to the legacy PBX telephone system on one end and to the IP network on the other end in order to translate the TDM voice stream into IP voice packets.

So to summarize, IP Telephony is the overall concept of the modern form of voice communication which harnesses the power and features of VoIP technology in order to offer the overall experience of communicating effectively and with lots of extra features.

Now that we described the difference between IP Telephony and VoIP, let’s see more details about the two concepts:

1. More details about Voice over IP

The term VoIP or Voice over IP refers to the transfer of voice packets over networks based on Internet technology and, more specifically, the IP Protocol. The IP protocol on which the whole Internet is based on was created to implement the transmission of data in the form of data packets. This means that when a data document is transferred over the Internet is cut into small IP packets and sent over the network. When the document reaches its destination, the packets are joined again thus recreating the original document. The same logic applies if the data transferred corresponds to a voice conversation. The voice is digitized, chopped into packets of data transferred over the network via the IP protocol. At the destination the packets are rejoined to recreate the voice stream. Here we should make clear that VoIP refers to the transfer of voice over any IP network. Such a network is the Internet of course, but when considering VoIP it does not necessarily mean that we carry voice over the Internet only. It can be any IP-based network (such as a private corporate WAN network).

2. Packet based (IP Telephony) Vs Circuit Switched Telephone Systems

IP Telephony systems are those using entirely IP packets for voice communication, as explained before. In contrast to packet switched telephone systems (those based on IP protocol), conventional telephone systems apply the logic of direct connection between the two communicating voice parties through a dedicated circuit reserved exclusively for each contact. Thus the term Circuit switched telephone systems. In packet switched systems, however, the same communication line can be used to simultaneously pass different kinds of packets. Thus, the voice packets of one or more conversations may travel through the same route as other packets transferring data, video etc. This is the main difference between traditional telephony which is implemented to the public switched telephone network (PSTN) and telephony implementation on IP networks (or more generally to packet switched networks).

More on IP telephony and VoIP on a future post. Stay tuned.

A common attack found on TCP/IP networks is IP spoofing. This is usually used for Denial-of-Service, Identity hiding, or even to bypass firewalls or Access-Lists security rules. The spoofing attack works like that:

• A malicious attacker sends packets towards a target host.
• The attacker disguises itself by inserting a fake source IP into the packet. This fake source IP address in the packet either does not exist at all or it might be a legitimate IP address of some other host located on some other network.
• The reply traffic from the target will never reach the attacker because the attacker’s source address is bogus. Therefore the identity of the attacker remains unknown.
• This can cause resource-exhaustion on the target host because it will create several “incomplete” TCP connections in its memory.

A Cisco ASA Firewall can identify a spoofed packet by using Reverse Path Forwarding (RPF). RPF can be enabled on a per interface basis. As soon as RPF is enabled on a specific interface, the ASA firewall will examine the source IP address (in addition to the destination address) of each packet arriving at this interface. Normally, any Layer 3 network device examines only the destination address of packets in order to know how to route the packet. By examining also the source IP address of the packet, the firewall can verify if the packet is spoofed or not. The firewall will try to find the reverse route (the path back towards the source) in its routing table. If a reverse route is not found on the interface where the packet arrived, it means that the packet is spoofed and will be dropped immediately.

Lets see the diagram below to clarify the concept of Reverse Path Forwarding:

From the diagram above, an attacker tries to spoof the inside network 192.168.1.0 by using a fake source IP in the packet (fake source IP 192.168.1.1). It sends the packet towards its target host which is 192.168.1.10 (destination address in packet).

On the ASA we have configured RPF on the outside interface as following:

Ciscoasa(config)# ip verify reverse-path interface outside

The ASA will examine the source address of the spoofed inbound packet and will see that source IP 192.168.1.1 belongs to its internal network. A packet with such a source IP should never arrive from the outside interface. Therefore the packet will be dropped. The ASA performs the RPF check by using its routing table. The routing table shows that network 192.168.1.0/24 is towards the inside interface of ASA (assume that we have already configured a static route for this internal network).

The world of technology moves at a rapid pace. Once you learn one thing, you can expect that knowledge to be obsolete in a couple of years. The only fields that probably compete with technology in how fast they change is probably being a scientist or maybe even a doctor. If you are a professional in the tech field, it is your job to be on top of new and up coming technologies. This is not to say that you must master everyone of them, but you should at the very least be aware that they are out there. The first time you stop attempting to gain new knowledge in your chosen field, is when you start to become obsolete. The people behind Cisco Certifications reinforce these ideals. Their certifications are only valid for three years. After that you have to be re certified.

When a company decides to back something, they are putting their good name at risk. This is the same when it comes to certifications. The company is basically backing you with their reputation. If you walk around with a badge, advertising that you are Cisco Certified, they want to make sure that you know your stuff. Getting a certification ten years ago and never retaking the test, doesn’t show that you are knowledgeable about the latest technology. If you go to a potential employer and you know nothing about the questions that they are asking you, this makes them have a dim view of the certification itself. A bad reputation then makes the certification useless. Certifications are mostly about impressing the employer, in addition to getting the tech knowledge. If you are not able to do that, then it is worthless.

Some people will complain about too many new trends in technology and not all of them will last. Of course most of them will not last, but that is not the point. You should have known going in that technology is an ever changing field. This is not an unknown fact. It will not stop, just because you wish it to. The field is all about growth and taking ideas to the next level.

Cisco truly cares about their certification process. So much so, that they have set their certifications up with levels. There are five different levels of certifications, they are Entry, Associate, Professional, Expert, and Architect. If you are able to keep up with their technology, you will be able to rise up in levels. Becoming re certified every three years is a perfect way to do this. In that three years span of time, you should have been able to gain a lot more knowledge in your chosen section, so that you would be able to rise a level or two. This takes a large amount of discipline and future employers will recognize that.

Achieving a Cisco Certification every three years will help weed out the people who are not willing to keep up with the latest technology. In the world of tech, it is your job to be able to keep up with the latest developments. If you do not, then you will only be qualified for taking care of older technology. This can help you earn a steady paycheck but not in the most exciting way.

When it comes to the world of certifications there are many to choose from. It doesn’t matter what area of expertise that you are going in, there will always be sub sections that you will have to know more than others. It is the same in technology. When a company hires you for a tech position, they want to know if you have a broad range of knowledge but also if you are a specialist in the field that they are hiring you for. The one way to show that you are a specialist is by getting a certification in that area. Besides an actual demonstration, there is no better way to prove that you can do what you say you can. The only problem is, what do you want to be your specialty?

When you sit down and decide to get a job in the tech field, you have to really think about what you like the best. Luckily, Cisco offers a wide range of technology that you can specialize in. Their certifications are considered top notch in the industry. Once you have one, there will be a lot of doors opened to you.

Some of the areas that Cisco offers a certification in includes, Data Center, Advanced Routing, Video, Network security, Voice, Wireless and a whole lot of others. There will be something in the group, that you will like more than the others. You have to look at yourself and figure out what you like the best. You will also have to weigh that decision with what employers are looking for in your area. If you are in a major tech hub, then you can most likely study any of these areas and find a job in it. But if you are in a smaller town, then you should really look at the local newspaper and see what the employers in the area are looking for. There is no need to waste time studying for a certification that employers are not hiring for in your area. That is, unless you are willing to move.

There are a lot of Cisco Certifications that are available for you to achieve. It all comes down to two major factors. What are you interested in? Also, what are the employers looking for in your area? If you are able to answer these two questions, then you will be on the road to getting the proper certification that fits best to your own situation.