Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3184 posts

Uber Geek
+1 received by user: 990

Subscriber

Topic # 225403 16-Nov-2017 20:46
Send private message quote this post

So I have a super random fault with a SIP trunk. It's only cropping up very randomly and been really hard to get any decent info..

 

But I finally managed to make it fault with a packet capture running. My only annoyance was I did the capture off the PPPoE interface and not LAN bridge so I don't know what actually got to the LAN.

 

So the PBX receives an INVITE from the SIP proxy, but then right after that, the router "replies" with an "ICMP 590 Destination unreachable (port unreachable)"

 

I kind of take that for what it is, the port was unreachable. My thought process goes there was no state in the sessions table that matched so it couldn't get through the NAT.

 

Do people agree? Maybe just pull my registration timer (currently 120) and notfy timer (currently 30s) right down? Increase the UDP timeout (currently 1m) in the sessions table?

 

My main annoyance is this is my standard router config and a standard PBX config in use on 300+ other sites. Also a VERY basic network.


Create new topic
655 posts

Ultimate Geek
+1 received by user: 105


  Reply # 1903071 17-Nov-2017 00:52
Send private message quote this post

It’s late and havent really had much of a think on it but in the interest of helping I’ll throw my initial thoughts below:

My first thought is that you could be right, if the Nat is timing out just before it re-establishes the session it could mean the majority of calls work but the odd one drops.

Unreachable may not mean the Nat translation has expired it could also mean the packet couldn’t reach the destination, maybe the switch inbetween went down? Maybe there is a loop?

In order to narrow it down further we’ll need to know more about the problem.

What exactly happens? What specifically are you trying to fix?


655 posts

Ultimate Geek
+1 received by user: 105


  Reply # 1903072 17-Nov-2017 01:05
Send private message quote this post

Also, when you say he PBX receives the invite did you packet capture this on the PBX?

What are you doing while packet capturing? Initiating a incoming call?

The ICMP590 message in reply, is that going out the WAN to your SIP trunk provider? Where is this destined?

 
 
 
 




3184 posts

Uber Geek
+1 received by user: 990

Subscriber

  Reply # 1903114 17-Nov-2017 08:20
Send private message quote this post

ArcticSilver: Also, when you say he PBX receives the invite did you packet capture this on the PBX?

What are you doing while packet capturing? Initiating a incoming call?

The ICMP590 message in reply, is that going out the WAN to your SIP trunk provider? Where is this destined?

 

The issue is incoming calls are failing - but only very randomly which is why I think it may be a timing issue.

 

Yea sorry should have been clearer. I only got a capture from the PPPoE interface. And I really wish I had something running on the PBX interface too because that probably would have been more interesting. The problem has been trying to actually capture the behavior because it is so random.

 

So I know the WAN interface of the router receives the INVITE, and the the router replies with the ICMP 590.


402 posts

Ultimate Geek
+1 received by user: 74


  Reply # 1903119 17-Nov-2017 08:38
Send private message quote this post

Without a packet capture from the PABX ethernet port it's hard to say exactly what the issue is. The ICMP unreachable message could be being generated by the PABX, obviously it will always come from the router when looking at a packet capture on the WAN port.




3184 posts

Uber Geek
+1 received by user: 990

Subscriber

  Reply # 1903128 17-Nov-2017 09:14
One person supports this post
Send private message quote this post

Mattmannz:

 

Without a packet capture from the PABX ethernet port it's hard to say exactly what the issue is. The ICMP unreachable message could be being generated by the PABX, obviously it will always come from the router when looking at a packet capture on the WAN port.

 

 

 

 

Yep agreed. I've got a raspberry Pi with a network monitoring package on it that is going to let me run much more prolonged captures than I can do on the router. So will get that in place on a mirrored port to the PBX and see what's happening there.


837 posts

Ultimate Geek
+1 received by user: 46

Subscriber

  Reply # 1903147 17-Nov-2017 10:22
Send private message quote this post

If you can - set your NAT Session timeout timeout to 90 seconds on the router.

 

set qualify on your sip trunk - the default is 60 seconds for most devices when qualify is enabled. This will keep the UDP session in the nat translation table on your router.  Trying to set qualify below 60 seconds often wont help - because it wont be accepted in many cases its easier to set the Nat Session timeout higher. 


1457 posts

Uber Geek
+1 received by user: 353


  Reply # 1903150 17-Nov-2017 10:24
Send private message quote this post

Does the router have an IP helper for the SIP protocol?

837 posts

Ultimate Geek
+1 received by user: 46

Subscriber

  Reply # 1903152 17-Nov-2017 10:27
Send private message quote this post

MadEngineer: Does the router have an IP helper for the SIP protocol?
Agreed look for this if you havent already SIP ALG is always the first thing you should turn off.


1457 posts

Uber Geek
+1 received by user: 353


  Reply # 1903161 17-Nov-2017 10:50
Send private message quote this post

This is mikrotik specific but may be of interest: https://mum.mikrotik.com/presentations/US17/presentation_4321_1496084451.pdf as it has good explanations and example sniffs

180 posts

Master Geek
+1 received by user: 23


  Reply # 1903166 17-Nov-2017 10:59
One person supports this post
Send private message quote this post

rphenix:

 

MadEngineer: Does the router have an IP helper for the SIP protocol?
Agreed look for this if you havent already SIP ALG is always the first thing you should turn off.

 

 

Turning off the SIP ALG is not a smart idea unless you known that is the issue. Turning off the SIP ALG may result in things like NAPT being applied to SIP traffic which will break everything SIP related. 


1457 posts

Uber Geek
+1 received by user: 353


  Reply # 1903172 17-Nov-2017 11:28
Send private message quote this post

^+1

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39


UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.