Telos Z/IP ONE - Managing Connections

Scope

This document covers the Z/IP ONE network codec transceiver. Here we will go over the functions of the Z/IP directory server, port forwarding, and other considerations when using Z/IP on a network.

Description

The Z/IP ONE, with its Agile Connection Technology™, offers the best experience with point-to-point codec calls over the Internet. As the world of Internet Protocol (IP) replaces the traditional Public Switched Telephone Network (PSTN), we've developed the Z/IP ONE as a solution. One of the benefits of using the public Internet versus the PSTN is the amount of control you, the user, have over the connection to the rest of the world. With IP technology, every device connects to all other devices all the time and the data is filtered based on IP address (and a few other things). The main player in this role is your router.

The Router

A router (or firewall) is a separate device that may have a modem and an Ethernet switch built-in. Its job is to interface a private network with the public Internet and route data from the public Internet to the appropriate locations on the private network. With a router, you can house one or more Z/IP ONEs on a private network and manage their connections to the Public Internet on a single public-facing IP address using port forwarding.

The ZIP Directory Server

In most installations, absolutely no adjustments to the router are necessary. The Z/IP ONE, along with the ZIP directory server, works with the router to make connections without your help. Here's how it works:

Every 10 seconds or so, the Z/IP will send a message to the directory server. This message will go out carrying your router's public-facing IP address and a random, high port number to respond on. When the ZIP Server sees the message, it will respond and the ZIP indicator on the Z/IP ONE's front panel status window will light up.

In the most simple of terms, a server-assisted call works just like a ‘411’ directory assistance call:

"Information, how can I direct your call?"

"Hi Operator, I want to call WXYZ_ZIP@public."

"Thank you, that's at this address 202.55.192.112:21011.  Would you like me to connect you?"

"Yes!"

"Thank you."

The operator (directory server) hands the connection off and the Z/IPs will be directly connected. The server steps entirely out of the picture and moves on to its next task.

Server Relay Calls

In situations when the connection hand-off is unsuccessful, the server will allow a route for the audio through it's already established connection with the Z/IP ONE. When this happens, a message to this effect will display on the front panel of the Z/IP ONE. Connection status in the web UI will also reflect this condition by indicating that it's connected to the other side "thru server"

This is a failsafe, and it has its problems like bandwidth limiting which reduces audio quality and increased latency. This problem is usually the result of a firewall or router getting in the way and rejecting the connection hand-off. This is when an adjustment or some configuration at the router is needed.

Read on: See the section below concerning Firewall Considerations

First, you will want to find out which firewall (local or remote) is the one rejecting the connection hand-off. You can try to call other Z/IPs, including ZephyrIP10@public (the Telos Z/IP Test line), and if you only get the message when you call certain Z/IPs, the firewalling is at the far end. If you get it every time, the firewalling could be local. The Z/IP ONE has a configurable UDP port that can be used to manage this with the help of a port forward.

Listen Port

Each Z/IP ONE behind the router should have a different listen port assigned to it. We recommend a port in the 21000 or so range to keep the Z/IP away from other network traffic. This port is specified in the STREAMING page of the Z/IP's GUI or in the front panel SETUP / ZIP SERVER menu.

In this example, we are using port 21011 for this Z/IP ONE.  If we had another Z/IP ONE on this network, we would give it a different port, like 21012, etc.

Once you configure the Listen port and save the changes, you will need to set up a UDP port forward for port 21011 in the router. In this example, we are using a Linksys router made by Cisco and the Z/IP ONE we just configured has its streaming interface set to a private static IP address of 192.168.1.102:

When the listen port is specified and forwarded in this manner, the Z/IP Server will be able to hand the connection off without negotiation, and it can be much more reliable.

A bonus to this is the ability to connect to this Z/IP ONE without the help of the directory server. The server's main task is to keep track of which Z/IP is using which IP address on which port. If the public IP is dynamic and changes, the server will be aware and will make adjustments to its records. If we already know this information and if the public IP address is static, the server doesn't need to be involved at all! You can enter this information directly into the call setup and dial the unit directly.

Dialing a Z/IP ONE directly

Once the public IP address for the router is made static by the ISP and once the Z/IP ONE's listen port is specified and forwarded at the router, you can dial this Z/IP ONE dialed directly using the router's public-facing IP address and this port.

To dial this Z/IP ONE, use the MANUAL tab on the web GUI connection page and select “TSCP Direct” for PROTOCOL and enter the information.

You can also use the front panel and strip the GROUP NAME and enter the IP and port in this manner:

Obviously, this will be a challenge if the unit you are calling is on an Internet connection with a dynamic IP.  The IP address will be a moving target, which is why the name-based directory server is handy.

With no port forward and a listen port of 0 (default), the Z/IP relies on the open communication that it has with the server instead of the router for completing the call. So the server is critical in these cases.

Other management is possible with firewalls and routers like VPN (Virtual Private Network), which creates a "tunnel" over the public IP address to another router. This has benefits like the restriction of general traffic from the interface but is slightly beyond the scope of this discussion. More information about setting up a VPN will be provided with the setup information that comes with your particular router or firewall.

The Z/IP you are trying to reach is not answering

This is a message you may see from time to time, and it has a double meaning. The first one is the most obvious: the Z/IP ONE at the far end is not set up to auto-answer, and it is not answering the call.

The second, not-so-obvious situation is if the request was rejected by the router at the other side, and the request never made it to the Z/IP ONE.

The Z/IP ONE trying to make the call doesn't know the difference between these two states. With confidence, however, we can say that it's either number one or number two. Number two indicates the need to create a port forward for the TSCP listen port. In this case, a port forward is probably needed. If you've set up port forwards and still have issues connecting, there are some considerations to make regarding the firewall in addition to a port forward.

Firewall Considerations with TSCP calls

Just in case a port forward alone isn't enough, there is one more thing to consider here.

When using the directory server to make TSCP calls, the request to connect will originate at the directory server (3rd party connection) and not from within the local network. Some firewalls block this activity, which will cause the "The Z/IP you are trying to reach is not answering" message to appear.

If you know the public IP address and port of the Z/IP you are trying to call, you may find that dialing the Z/IP manually (TSCP-Direct / TSCPD) is successful. This is because the request originated at the Z/IP ONE this time and not the server.

Making exceptions in the firewall to allow connections from the server will help with this. At the time of this writing (updated 1/2023), here are the IP addresses of the directory servers your Z/IP ONE may use:

  • 173.233.141.18

  • 23.109.160.108

  • 188.42.124.236

If the System Info section of your Z/IP ONE's Status page is showing a different IP address for Z/IP Server than the ones shown here, please reboot your Z/IP ONE.

Final Considerations

If all else fails, keep in mind that the Z/IP ONE is a network codec transceiver. Just like a radio transceiver, the Z/IP ONE won't be able to perform at its peak ability if the atmosphere around it, the network in this case, contains a lot of interference or stability issues.

Some networks may be so tightly secure and regulated that a Z/IP ONE will have trouble performing. For example, some residential-class Internet connections can impose what's called a "Fair Use Policy." Under these restrictions, you'll receive full bandwidth for a certain amount of time. Then as the streams age on the network, the Internet connection starts to throttle back to give nearby Internet subscribers "fair use" of the available bandwidth over the connection. In these cases, you'll find that the first 5-or-so minutes of a call has good quality, but will get worse over time and eventually disconnect. When that happens, wait 10-20 minutes and try again. If the call is perfect again for another 5-or-so minutes and then degrades again, this is the classic sign of a fair use policy.

Finally, remember that 98% of the issues experienced with a network transceiver are caused by the network itself. So when in doubt, try another network, another provider, or another mode of Internet connection.

Let us know how we can help

If you have further questions on this topic or have ideas about how we can improve this document, please contact us.