Data Center & Cloud Infrastructure VMUG Community

I have a customer that wants to use VMC to host their VM's. Several of their VM's handle some type of VoIP workload traffic. The VoIP VM's are public facing VM's without a NAT, currently on vCD w/NSX-V (not sure which exact version). I'm not a VoiP expert by any means but from my understanding, NAT'ing doesn't pass VoIP or SIP type traffic. In VMC/NSX-T, a public IP is required to be routed through the CGW using NAT. My question is if anyone is using VMC for VoIP traffic, how are they handling the NAT configuration?

------------------------------
Edwin Arcilla
VMware Solutions Architect
Rackspace
San Diego CA
------------------------------

Edwin,

That's probably not the whole picture - a public IP is not required to be routed through the CGW, the CGW is where you land a tunneled interface from your premises. Internal addresses will flow through the tunnel, which means that the VoIP traffic in question shouldn't need to NAT, as long as it knows how to get to VMC on AWS.

Are you landing the CGW on a NSX-V ESG, or on their perimeter device?
If so, is the NSX-V ESG configured to use a route-based VPN or policy based?
Is the NSX-V ESG advertising the VMC networks to the greater network?

Another side note - you may want to run jitter/latency testing before putting a VoIP workload on AWS - if the customer is not well placed for that, they may want to consider a public VIF direct connect to ensure that it doesn't fall out of tolerance.

------------------------------
Nicholas Schmidt
Engineer
AK
------------------------------

Original Message:
Sent: 01-30-2020 09:16 PM
From: Edwin Arcilla
Subject: Anyone using VMC for hosting VoIP workloads?

I have a customer that wants to use VMC to host their VM's. Several of their VM's handle some type of VoIP workload traffic. The VoIP VM's are public facing VM's without a NAT, currently on vCD w/NSX-V (not sure which exact version). I'm not a VoiP expert by any means but from my understanding, NAT'ing doesn't pass VoIP or SIP type traffic. In VMC/NSX-T, a public IP is required to be routed through the CGW using NAT. My question is if anyone is using VMC for VoIP traffic, how are they handling the NAT configuration?

------------------------------
Edwin Arcilla
VMware Solutions Architect
Rackspace
San Diego CA
------------------------------

Ah - so you're trying to migrate the public-facing service -> VMC.

For the most part, the "no-NAT" rule with SIP isn't really true, and if it's on a public IP, odds are they may be NATing it already.

Here's a guide on how - https://cloud.vmware.com/community/2019/07/24/vmware-cloud-aws-internet-access-design-deep-dive/

This uses AWS EIP - which is NAT, but not NAT overload, which is usually what breaks telephony services - no privacy, but easy access.

Another option would be to create a public segment and use it internally, but that would introduce a dependency on the CGW tunnel for all sites - which depending on scale, may be problematic.

Perhaps we're asking the wrong question here as well - what telephony platform are they using? Most SIP-based platforms handle NAT just fine, but require application-specific tweaks.

------------------------------
Nicholas Schmidt
Engineer
AK
------------------------------

Original Message:
Sent: 01-31-2020 12:20 PM
From: Nicholas Schmidt
Subject: Anyone using VMC for hosting VoIP workloads?

Edwin,

That's probably not the whole picture - a public IP is not required to be routed through the CGW, the CGW is where you land a tunneled interface from your premises. Internal addresses will flow through the tunnel, which means that the VoIP traffic in question shouldn't need to NAT, as long as it knows how to get to VMC on AWS.

Are you landing the CGW on a NSX-V ESG, or on their perimeter device?
If so, is the NSX-V ESG configured to use a route-based VPN or policy based?
Is the NSX-V ESG advertising the VMC networks to the greater network?

Another side note - you may want to run jitter/latency testing before putting a VoIP workload on AWS - if the customer is not well placed for that, they may want to consider a public VIF direct connect to ensure that it doesn't fall out of tolerance.

------------------------------
Nicholas Schmidt
Engineer
AK

Original Message:
Sent: 01-30-2020 09:16 PM
From: Edwin Arcilla
Subject: Anyone using VMC for hosting VoIP workloads?

I have a customer that wants to use VMC to host their VM's. Several of their VM's handle some type of VoIP workload traffic. The VoIP VM's are public facing VM's without a NAT, currently on vCD w/NSX-V (not sure which exact version). I'm not a VoiP expert by any means but from my understanding, NAT'ing doesn't pass VoIP or SIP type traffic. In VMC/NSX-T, a public IP is required to be routed through the CGW using NAT. My question is if anyone is using VMC for VoIP traffic, how are they handling the NAT configuration?

------------------------------
Edwin Arcilla
VMware Solutions Architect
Rackspace
San Diego CA
------------------------------