Balance 30 Packet Flood / Limit setting


#1

Hi, I’m trying to troubleshoot an intermittent voip issue (disconnects, one way audio, etc.). My voip provider asked if the router has any packet flood settings, or a UDP packet limit setting. Does anyone know if the Balance 30 has anything like this?


#2
  1. What Firmware are you running?
  2. Is balance in compatibility mode?
  3. Do you have Qos custom rules for both RTP and SIP on HIGH?
  4. Is your WAN traffic shaping accurate?
  5. Is MTU set to auto?
  6. Is your WAN and LAN DNS from ISP or a public set?
  7. What are your health check settings?
  8. Is Intrusive Detection and Dos Prevention turned on?
  9. Does your sip provider use 5060 UDP?
  10. What type of IP phones do you use and what RTP ports do they perform on?
  11. What is the destination RTP port range for your sip provider?
  12. What type of internet access do you have and how much bandwidth?
  13. Are you double natting?
  14. What Firewall Rules do you have in place if any?
  15. Is balance being used for both VoIP and computer traffic or strictly VoIP?
  16. How do you have your outbound policy configured?

#3

After MANGA/support.cgi hit enter and download a few pcaps and analyze in wireshark as well, after you have thought through and made all necessary changes. Hope this can help. Good luck.


#4

Thanks for the response.

  1. The router is running 5.3.12
  2. Compatibility mode is enabled in the SIP service passthrough section
  3. The only QOS rule I have is the “All supported voip protocols” on high.
  4. I don’t know anything about traffic shaping
  5. MTU is set to the default 1440
  6. WAN dns is from the ISP, LAN is set to “assign DNS server automatically”
  7. Health check is on DNS lookup using the ISP dns servers
  8. Intrusion and DDoS is off
  9. I think they mostly use 5060 UDP but there are exceptions to that. I will double check on that though.
  10. We user polycom soundpoint 550s. I don’t know how to check the RTP ports
  11. I don’t know about the destination RTP port range
  12. We have 50/50 fios, 0.6 ms jitter
  13. I don’t think we’re double natting? I don’t really know about that
  14. At first we only had Outgoing requests are allowed and incoming requests are denied. Our voip provider suggested that we add specific rules for our phones’ internal IP addresses to be allowed out and in.
  15. The router is used for voip and computer traffic
  16. Outbound policy is just on default / auto. We have a second 10/10 copper connection that is just a backup right now, so it’s inactive unless there’s a problem with our primary.

Thanks again for the response, maybe you can help point me in the right direction.


#5

Also how do you download pcaps from support.cgi?


#6
  1. Update to 6.2.2 latest version off the website but I think you need a team member to send you a firmware earlier than 6.2.2 to be safe.
  2. Make Qos for SIP and RTP on HIGH.
  3. Make your upload and download speeds under WAN to 50 meg and not the default.
  4. Set MTU to Auto.
  5. I use OpenDNS for all my WAN connections and my LAN for my VoIP networks. ISP DNS don’t update as often.
  6. Health Check, try PING and make your numbers: 5, 5, 10, 15
  7. It’s probably UDP 5060 if your in a hosted environment but def double check.
  8. Are you connected via Ethernet directly from the Verizon ONT box to your Balance WAN port? If not then do that if you can. Find out if you have a public static IP from verizon, block of 5 statics, or reg dynamic connection? You should know based on what you plugged into your balance if your double natting. Fios routers suck and I wouldn’t let that give your Balance an internal IP, giving you a double nat environment.
  9. Create a VLAN just for your VoIP network (/24) and tag all ports in your managed switch for the VLAN ID number that you created in your balance. This is assuming you have a decent managed switch. If not then I would suggest buying one and saving yourself hassle. Cisco SG200’s are great.
  10. Outbound policy should be:
    Source: Network IP of your VoIP subnet
    Destination: IP address of the feature server that the phones communicate with.
    Protocol: UDP
    Port: ANY
    Algorithm: Priority
    FIOS
    Copper
    Terminate sessions on link recovery: Enable

*You will need to create other outbound Policies for your other traffic such as HTTPS, HTTP, etc depending on your environment and what you need to do.
*At bare minimum you definitely need to do thee things trust me and save yourself the time and frustration.
*VoIP in my opinion needs much more attention then other traffic because of the sensitivity and nature of the entire environment it works within. Keep that in mind and you’ll do better than the 90% of whats out there.


#7

Hi tjvoip45,

:up: Very impressive work there. Keep it up!

Hi Anthony,

You may get latest firmware here.


#8

I know right? Very helpful, thank you so much. Any suggestions for managed switches with PoE and at least 16 ports? I may also need some guidance with some of the other suggestions that may be over my head, but I’ll check out the new firmware and try to get everything done myself.

Thanks again


#9

Do I need some sort of unlock key for this firmware?


#10

You should check out the Cisco SG200-26FP or 50FP. Reliable and easy use with web interface the SG300’s and 500’s are also solid.


#11

You can obtain the firmware unlock key by following the instructions here:


#12

Thank you. And that key will work even if the device is not manageable because of warranty? Thanks


#13

It sure will :up: