When you're connecting to the rest of the world to make and receive phone calls, you have several design options available. Or, more precisely, your Voice Service Providers have many options available.
VoIP via Layer-3 VPN
In this case, a Layer-3 VPN, such as MPLS over the Voice Provider’s own equipment, is used to connect a Voice customer to the Voice service provider. Shared infrastructure is used, but the traffic from the Internet cannot route to the Voice equipment. The same physical links might carry Internet traffic as well, as shown on black hairline from the Internet Service Providers to the Customer Data Network.
MPLS is the way we see this implemented most commonly. In this case, the customer has a location and an MPLS or Ethernet VPN path back to the Voice Service Provider.
Pros
+ Protection against bad days on the Internet. E.g., if global BGP is working poorly. Or if "Cyber Warriors" in a despotic regime decide to launch a Denial of Service (DoS) attack against voice networks.
+ Usually it's easier to prioritize traffic in a VPN.
+ The Voice Service Provider can ensure end-to-end quality of service if they want to because they own or manage all the queues (i.e., routers and switches) along the path from their equipment to the enterprise.
Cons
- You have to depend on the reliability of the MPLS path; it's usually harder to have redundant links to the Voice service provider.
VoIP via Internet Infrastructure
The Voice Service Provider and the Customer both connect to the Internet and exchange the IP addresses of their equipment. SIP and RTP are unencrypted. Devices accept or reject SIP calls based on the incoming IP address.
No special MPLS is used here, but we depend on the same shared routers.
Pros
+ The Voice Service Provider is also an ISP, and they manage all of the queues. So if they want to, they can provide high Quality of Service.
+ Usually there is no congestion inside Service provider networks. They can upgrade their links easily an inexpensively to get adequate capacity.
+ Potential for backup options via the public Internet.
Cons
- Bad things on the Internet might affect this; e.g., DoS attacks, or BGP malfunctions. However, within a service provider's own network, the effects can often be mitigate.
- Sometimes harder to do QoS; not for technical reasons, but because ISPs are sometimes no good at prioritizing packets or guaranteeing bandwidth.
VoIP via VPN Over the Internet
In this model, the Voice Service Provider and the customer both connect to the Internet. A VPN, such as IPSEC VPN or permanent TLS connection, is setup across the Internet between the two parties. At least the SIP Signaling traverses the VPN.
Pros
+ Get to choose from among any ISP
+ Assuming the Customer has Internet access, there's no construction time required to setup
+ Protection against IP address spoofing in either direction; so if you receive a SIP packet you can trust it was genuinely sent from the service provider
Cons
- No protection against unreliability on the Internet
- No quality of service can be guaranteed
- The links between the Voice service provider and the ISP may be questionable. For example, if a streaming video service, like Netflix, goes into business, certain Internet links that worked in the past may become saturated.
- IPSEC tunnels add extra complexity to the system.
VoIP via Internet
The Voice Service Provider and the Customer both connect to the Internet and exchange the IP addresses of their equipment. SIP and RTP are unencrypted. Devices accept or reject SIP calls based on the incoming IP address.
The Voice Service Provider may not have a ”Provider-Edge” router at all.
Pros
+ Get to choose from among any ISP
+ Assuming the Customer has Internet access, there's no construction time required to setup
Cons
- No protection against unreliability on the Internet
- No quality of service can be guaranteed
- Risks of poor quality due to congestion on the Internet.
