NBX MULTICAST TUNNEL (for Windows 2000/XP)
 By Per Holmes
 
  1. Introduction
2. Features
3. How it works
4. What you can't do
5. How to use it
5. VPN Primer
6. Main Office Setup
7. QoS (Quality of Service)
8. Paging and Conferencing
9. How to purchase
10. System Requirements
SETUP EXAMPLES:

#1: Phone(s) in a Home Office using any VPN Router
#2: Phone(s) in a Home Office using any non-VPN Router
#3: Hooking up a phone at a Wi-Fi hotspot.
#4: ET Phone Home (from anywhere on the internet)
#5: Re-multicasting		  
  If you have a 3Com NBX or V3000 Phone System, and you've attempted to get remote phones to work like they do at the office, you'll know that they really only work properly if you spend yourself silly on high-end routers and VPN solutions that support the NBX's multicast traffic.

The problem is that even when 3Com Business Phones are hooked up remotely over a Virtual Private Network, none of the Line/Extension Buttons light up. This means that you can't see what line you're using, and if you put people on hold you can't even find the previous call again because the LEDs don't light up or blink, which makes using a remote phone fairly disappointing.

This is because the NBX uses Multicast Groups, which are only fully supported by the most expensive routers and VPNs.

A small company (Hollywood Camera) was faced with the prospect of spending a ton of money on IGMP Multicast capable routers to fix this, so they decided to write a small program to tunnel the NBX's multicasts to a different network.

  
 

    FEATURES - WITH THE NBX MULTICAST TUNNEL YOU CAN:

  1. Set up any number of remote phones using any $60 off-the-shelf VPN router.
     
  2. Hook up an NBX Business Phone to a laptop, and make calls from any Wi-Fi hotspot or network
    connection!
     
  3. Also use pcXSet from any Wi-Fi hotspot or network connection.
     
  4. Set up a small solution so you can plug your Business Phone into any network connection in the world
    and have it "ET Phone Home" to your NBX.
     
  5. With our router suggestions below, you can even get QoS (Quality of Service) for your remote phones, so they take bandwidth precedence over normal internet traffic!

     *** all with phones that operate and feel like they do at the main office***

  
 

HOW IT WORKS

Every second, the NBX multicasts System State messages on multicast channel 224.0.1.59. These messages cause the Business Phones to operate correctly, including lighting up the Line/Extension Buttons and syncing to System Time. Without Multicast capable routers/VPNs, these messages CAN NOT LEAVE your network, and therefore never arrive at the remote phone.

The NBX Multicast Tunnel listens for these messages, and re-transmits them to any number of IP addresses and ports, which can easily travel over the internet just like normal traffic.

At the other end, the Business Phones either receive these messages directly (which makes them look and feel like you're used to at the office), or you can run another copy of NBX Multicast Tunnel (free), which listens for the messages and creates a brand new Multicast on the new network, which all phones on that network can then hear.

WHAT YOU CAN'T DO

The NBX Multicast Tunnel only forwards System State messages, which in our case is 99% of what you need. However, it does not forward Conference or Paging audio. We almost never Page or have Conference calls (at least outside the office), so we didn't want to put in the effort to write this.

To get Paging or Conference for remote phones offices, you need a full-blown Multicast Tunnel such as www.livegate.com. However, please be aware that with a number of remote phones/offices, this can easily cost you several thousand dollars in order to license every end-point, so the best use is if you have two main offices that you want to link together, which would cost you $500 for a transmitter and a receiver. But if you have 10 remote phones, that would be $2,300 just in licenses.

But you can use NBX Multicast Tunnel at the same time! So if this is your case, you could use LiveGate to link the two main offices including Paging and Conferencing, and then use the NBX Multicast Tunnel for every other remote phone. When you buy an NBX Multicast Tunnel at $70, it can broadcast to any number of remote phones. And if you need to re-multicast at a remote site, you can do it with the same program which you can install for free, so no matter how complex your scenario, the cost is a flat $70, which in our humble opinion is basically free.

HOW TO USE IT

We'll do a lot of setup examples later on this page, so we'll assume for now that you already have VPN connections set up to any remote offices / remote phones.

The NBX Multicast tunnel really has two modes which are contained in the same user-interface. The first mode is to tunnel multicast data to another network, and the second mode (which is not always necessary), is to receive the data on the remote network and re-multicast it.

  
  So looking first at the tunneling side, the program should be installed on any Windows computer/server on your office network. When the Listen Port is set to 2096, it will pick up any System State multicasts. In the "Forward to Specific IPs:Ports" field, you then enter all the places you want the data sent.

This must be entered as a very specific format of IP address (colon) Port, for example:

192.168.0.5:2098
12.65.154.18:2096
(etc. etc.)

There's almost no error checking, so you have to enter it correctly with no preceding or following spaces, no empty lines, and no other characters. When you're done entering data, click "Save & Start Over". Settings are saved in c:/nbxmulticastprefs.hcw.

Now, you can easily forward the data to another computer using port 2096, which means that if you're running pcXSet on that computer, it'll receive the multicasts with nothing else needing to be done. You can forward multicasts this way to any specific remote phone.

 
 
  The second use is if you want to re-multicast NBX multicast data on a second network. In this case you should instead transmit from the original network using another port (for example Port 2097, which is outside the range of ports used by the NBX).

You then install NBX Multicast Tunnel on a server on the second network, set it to listen for Port 2097, and enable "MultiCast to IP 224.0.1.59 Port 2096", and don't write any specific IPs:Ports in the the text-field. Click "Save & Start Over", and the System State messages are now being re-multicast on the second network.

WARNING: Never enable "MultiCast to IP 224.0.1.59 Port 2096" on the NBX's own network. This would cause two copies of the same multicast to float around (the NBX has already made one multicast on this network), which could cause undesired results.

VPN PRIMER

Before some setup examples, let's just quickly summarize how to set up VPNs (there are so many different routers that support VPN that this will be very general, and most people reading this probably already know how).

Basically, a VPN is a way to bridge two networks, so that if one network is on the subnet 192.168.0.0, and the other network is on the subnet 192.168.10.0, a VPN establishes a tunnel between them, so that:

1.) If a computer on the 192.168.0.0 network asks to communicate with any computer on the 192.168.10.0 network, this traffic moves through the tunnel.

2.) If a computer on the 192.168.10.0 network asks to talk with a computer on the 192.168.0.0 network, this traffic also moves through the tunnel.

3.) Any other traffic doesn't move through the tunnel.

There are 4 basic protocols used to set up VPN: PPTP (Microsoft's VPN standard), L2TP, IPSec, and L2TP using IPSec.These must match on both ends of the tunnel, but many VPN routers allow you to select a number of preferences, and whichever one works during authentication is the one that ends up being used.

Most newer VPN routers support mainly IPSec, and that is fine as long as you're communicating Router-to-Router. But if you want to log in from a notebook PC, that also has to be set up for IPSec, which is a major headache. You basically have to have a degree in network engineering to get it to work. www.draytek.com have a free program called Smart VPN Client, which helps set up the myriad of settings for IPSec to work on Windows. It can be used even if you don't have Draytek routers. But trust that IPSec on Windows is not easy.

3Com argue that phones can now also be connected with NAPT (Network Address Port Translation), which is what you're using if several computers are using one IP Address. But this requires the NBX system to be exposed to the internet (which is not only a science in itself, it's also very dangerous). So hooking up a phone directly over the internet is really not an option -- you have to go through a VPN, and with NBX Multicast Tunnel, you can use ANY VPN router, not just the very few ones that support IGMP Multicasting.

MAIN OFFICE SETUP

In these examples, the setup at the Main Office will be basically the same. We'll assume that the Main Office is on the 192.168.10.0 subnet, and that the NBX-100 (or V3000 or whatever) is on the IP address 192.168.10.200. Of all the routers we've played with, we really like the Draytek Vigor2900 (www.guideband.com), because it supports a lot of VPN tunnels in all kinds of shapes and sizes, and also has built-in QoS (Quality of Service), so you can give high-priority to VPN traffic (which dramatically enhances the audio-quality of remote phones). This also helps if some of your CO lines are VoIP lines (e.g. Vonage), because you can have the Draytek Vigor2900 as the main gateway, and still have QoS even though the Linksys router(s) are not the main gateway. The best part is that it's only $160 for a fairly sophisticated router.

No port-forwarding needs to be set up because we'll be able to access the network directly through the tunnel, so the phone will essentially be on the same network.

The remote network we'll set up will be on the 192.168.0.0 subnet, so we'll set up NBX Multicast Tunnel on a computer at the Main Office the following way:

1.) It will listen on Port 2096.

2.) It will NOT be multicasting.

3.) It will forward to IP/Port 192.168.0.40:2096 (0.40 will be the remote IP address of the phone in the following example).

SETUP EXAMPLE #1: A PHONE IN A HOME OFFICE USING ANY VPN ROUTER

This example requires you to have a VPN capable router at home as well (any will do, as long as it can connect to the Main Office's VPN gateway).

Before doing anything, make sure that the remote phone has already been hooked up to the Main Office network at least once for auto-discovery. So with the phone now at the Home Office, plug in the power, press the Program button, and set it up like this:

1.) Phone IP: 192.168.0.40 (same as we configured above for NBX Multicast Tunnel).

2.) Phone subnet mask: 255.255.255.0

3.) Gateway: 192.168.0.1 (this really doesn't matter since we'll basically be on the same network as the Main Office).

4.) NBX IP Address: 192.168.10.200 (substitute your NBX's real Main Office local IP address).

Set up a VPN connection between your Home VPN Router and the Main Office VPN Router (this will take some time to figure out, but when it works, it works.) Then plug in your phone at home, let it download the software from the NBX, and you're good to go!

Now, what happens is that any traffic from NBX Multicast Tunnel at the Main Office will move to the phone at your Home Office directly. So will any voice traffic in both directions. And it's done without any special equipment, giving you full functionality (except Paging and Conferencing).

Also, if you have 20 remote phones in all in various places, just set up NBX Multicast Tunnel to transmit to all 20 phones. What will happen is that when they're not connected at home, or the VPN connection is down, the router at the Main Office simply won't know where the phones are, and therefore won't send out the multicast forwards to those phones while they're disconnected.

The only warning is that you have to be the only one using whichever subnet you choose. So it would be better to pick a subnet in the 192.168.48.0 range for example. If your phone is then set as 192.168.48.40, simply make sure that you're sending multicast traffic to 192.168.48.40. Everything else will work without a hitch.

NOTE: The following examples will assume that you have no firewall enabled on any remote computers, which makes it a lot easier to test. When you finally apply a firewall, be sure to open TCP ports 1040-1044 and UDP ports 2093-2096, or none of the following will work.

SETUP EXAMPLE #2: A PHONE IN A HOME OFFICE USING ANY NON-VPN ROUTER

This solution is even cheaper to carry out, because you can use whichever router you already have at home (or if your computer is hooked up to the internet directly, you don't even need a router). However, you do need an extra Ethernet card ($10). Install the ethernet card, and plug the phone into it.

This method will use Microsofts built-in VPN client to connect to the main office, and then share that connection with the second Ethernet card in your computer, which is where your phone is plugged in.

IMPORTANT: Internet Connection Sharing in Windows will insist that the second Ethernet card be on the 192.168.0.0 subnet, so if you have a home network, it can't also be on the 192.168.0.0 subnet, or the computer won't know where to direct the traffic. Set up your home network to use the 192.168.3.0 subnet or something else. If your DSL/cable modem is connected directly to your computer, this doesn't matter, as your computer will have whatever IP address your ISP gives you, which is definitely not on any of these subnets.

There are so many ways to set up VPN connections via a Microsoft Windows PC that it doesn't make sense to provide instructions here, but let it be noted that PPTP and L2TP connections are WAY easier to set up than IPSec. However, PPTP is less secure (but still encrypted if asked for).

The example we'll use here will involve the Draytek Vigor2900 as your Main Office gateway, because it can function as a PPTP server, and when you dial in with the Microsoft VPN client, it's assigned an IP address directly from a special VPN DHCP pool (from the Main Office subnet), and your computer will actually be on the exact same subnet. So if you dial-in, the Main Office gateway will actually assign f.ex. the IP address 192.168.10.153 to the VPN connection on your home computer.

In NBX Multicast Tunnel at the Main Office, set it to transmit to 192.168.10.153:2096, which to the Main Office router will be your IP address when you're dialed in using the Microsoft VPN Client. Since you won't know in advance which DHCP address you'll get, it's actually better to set up NBX Multicast Tunnel to send to all the IP addresses you MIGHT get, e.g.

192.168.10.150:2096
192.168.10.151:2096
192.168.10.152:2096
192.168.10.153:2096
192.168.10.154:2096
192.168.10.155:2096
192.168.10.156:2096

The advantage again of using a Draytek Vigor2900 router is that is has a separate DHCP range for dial-in connections, so you have a pretty clear idea of which IP address your home computer will get on the VPN dial-in in advance. And remember that even though this also means that you're sending to a lot of addresses that don't exist unless someone is dialed in, the Main Office router won't actually send the data anywhere, so there will be almost no extra load on your Main Office network (each System State packet is 72 bytes, and having 10x72 bytes = 720 bytes per second extra on the Main Office network really doesn't matter, especially with gigabit networks).

Now, with a working VPN connection, disconnect the VPN client again, go to Properties, Advanced, and share the VPN connection with the second Ethernet card. This will create a second network on the second Ethernet adapter, which will ALWAYS be in the 192.168.0.0-192.168.0.255 range (this is a Microsoft default).

Next, on the same tab, click "Settings", and forward the following ports to 192.168.0.40 (which is the address you've coded on your phone's front panel, you can pick any other):

TCP 1040-1044
USP 2093-2096

Notice that UDP port 2096 also is being forwarded to the phone. This means that any System State traffic we're sending from NBX Multicast Tunnel to your computer at home is also forwarded to the phone.

Turn on the phone, allow it to download software, and you're good to go!

SETUP EXAMPLE #3: HOOKING UP A PHONE AT A WI-FI HOTSPOT

Most notebooks have both built-in Wi-Fi, and also an Ethernet port. So just hook up your phone to the Ethernet port, share the VPN connection to the Ethernet port as per the above instructions -- except the VPN connection will happen over Wi-Fi instead of a physical Ethernet port.

This works great when a Wi-Fi hotspot isn't too crowded.

SETUP EXAMPLE #4: ET PHONE HOME (FROM ANYWHERE ON THE INTERNET)

Nothing would be cooler than to be able to bring your business phone with you, and just plug it in and be connected. This example uses a stand-alone router that can automatically establish a VPN connection when needed.

All you really have to decide on is which subnet you want this solution to have -- make sure to pick one nobody else is using, for example 192.168.48.0. Code your phone to have the IP address 192.168.48.40 (or something else, just reprogram the phone for this new address). And configure NBX Multicast Tunnel at the main office to send to 192.168.48.40. Then, as soon as the VPN connection is dialed in, this traffic will move out of the office network into the mobile VPN router.

Now set up the router to automatically establish the VPN tunnel whenever it's needed (and be sure to configure the Main Office gateway to expect the connection as well by setting up matching security credentials). Again, the Draytek Vigor2900 router is very friendly to dial-in connections from unknown/dynamic IP addresses, something neither Linksys or D-Link routers can be proud of.

Finally, to make this work, set the WAN port of the VPN router to Dynamic IP. Now, any time you plug the WAN port into almost any network connection, as soon as the phone asks to communicate with the NBX, it will establish a VPN connection to the Main Office, and traffic will begin to flow in both directions. ET Phone Home.

SETUP EXAMPLE #5: RE-MULTICASTING

If you have more than one phone at a Home Office (behind a remote VPN router), you could of course send the multicast traffic to each phone at the site. But it would be much easier to re-multicast the traffic at the Home Office, because then only one packet per second has to travel the internet. The bandwidth we're spending is 0.1 KB per second, but why spend 0.2 KB extra per second if you don't have to?

To set this up, configure NBX Multicast Tunnel at the Main Office to send to a specific computer at the Home Office using another port, f.ex. Port 2097, and this is of course still going through a VPN tunnel so there's no port forwarding to deal with. So if your server at the Home Office is 192.168.0.45, set up NBX Multicast Tunnel to send to 192.168.0.45:2097.

Next, install another copy of NBX Multicast Tunnel on this computer at the Home Office (free), set it to Listen on Port 2097, enable "MultiCast to IP 224.0.1.59 Port 2096". Leave the "Forward to Specific IPs:Ports" text-field empty.

The server at the Home Office will now receive all the multicast traffic on Port 2097, and re-multicast it on Port 2096 for all computers at the Home Office to hear.

QoS: QUALITY OF SERVICE

The reason we're suggesting the Draytek Vigor2900 router is that it has QoS built-in, and it allows you to set QoS priority for VPN traffic as well. If you have QoS enabled for VPN traffic at both the Main Office and the Home Office, voice calls will sound much better, even if you're maxing out the connection on both ends with hefty internet activity.

PAGING AND CONFERENCING

When you enter a Conference or you Page, the NBX Phone System switches all voice traffic over to multicasts, which is a real bandwidth saver because the same audio doesn't have to be transmitted to many phones individually. NBX Multicast Tunnel doesn't support this, and for a Home Office / Telecommuter this is something you can easily live without.

However, if you're linking two offices with many phones, you'll probably want it. We again refer you to www.livegate.com, which is great for linking a couple of sites, but perhaps too expensive for installing a large number of remote phones.

HOW TO PURCHASE

This small program was developed by an NBX customer (Hollywood Camera) because we really needed it.

The price of the program is $70, and they are only trying to recoup some of the time spent on creating it. The program doesn't contain any serial numbering or activation codes, and you can run as many copies as you want. But for this reason, there's also no demo version. However, if you buy the program, and can present a convincing argument (at our discretion) that it doesn't work for you, we'll give you your money back.

Order by clicking here.  - Email delivery.

System Requirements: Windows 2000/XP/Server with .NET Framework installed. We've tested this with 3102 Business Phones and pcXSet, but since the protocol is the same for all phones, it should work with other phones as well.

  

 Copyright MTMnet, Inc. 2007 All rights reserved

Privacy Statement | Return Policy | Terms & Conditions

Asset Recovery - Sell To Us!