atcomsystems.ca/forum Forums TDM Business Telephone Systems Vodavi Telephones & Systems XTS-IP VoIP Problems

We have the XTS system at 4 sites all of which are connected using Voip. For the past few months, about 3-4 times per week, we will get a busy signal when dialing a remote site.

Resetting the Voip card fixes the problem. I know it is not a connectivity problem because I can ping the Voip interface even when the calls won't go through.

All Voip cards are outside of the firewalls with public static IP's. I am an IT guy and I know networking but the XTS system is a "black box" to me and I don't know the intricacies of how it works. From what I can find using Google, it appears to use H.323 for Voip.

My questions:
- Has anyone experienced this before and found a solution?
- Would the cards work if I put them behind my firewall and routed them * over my VPN tunnel * that I have established between the sites?
- I know they typically would not work behind a firewall, but the VPN should be transparent and would not block any ports/traffic between the cards. Almost like having a dedicated data circuit between the 2 locations.

Any help or insight is greatly appreciated.

Thanks

I suggest you not put the cards inside your vpn, it won't help and you will have to open a lot of ports for the H.323 voip compression protocol to work. It's not worth it believe me. I think you might have packet latency which can confuse and lock up a LANB card. The for sure cure is to install managed, dedicated circuits that provide stable bandwidth and QOS but it will be costly. The other choice is to install a second modem at each site just for the voip. Another suggestion is to make sure your present configuration has enough speed...considering each voip connection needs a base of 256k and then 112k per call at each end, with a Docsis 3 modem. Also realizing that a cable public internet connection can degrade by as much as 40 percent depending on total node traffic. I am assuming that is what you are using of course. I have quite a few XTSs networked together and have faced this same situation many times. I had to move a large voip network from dedicated 15/5 cable to shared 5meg metro-e, the advantage is we are running both voice and data over the connections now with less problems. Notice I said less. We sitll get the old underwater sound every now and then but no lan card lockups.

Derrick,

Thanks for the feedback, a couple of notes about your reply:

- The main site does have its own modem totally separate from data and still locks up
- When all of the systems are behind the firewalls and talking to each other using the VPN there are no ports blocked, therefore no ports to open
- The lockups typically happens overnight when no one would be using the voip.
- I suspect the cards are getting flooded with traffic from outside sources (port scanners, etc...) and that is why I am considering moving them all behind the firewall

Sounds like its worth making the change.

I have spent many years on this exact topic. I think Derrick is an awsome tech and certinly more experianced than I. I had some of my voip systems locking up as well. Reseting voip etc. All that is in the past. Firmware upgrades and qos has solved most all troubles. I use vpn's with linux routers (homegrown) as well as sb swiches from cisco or some IOS with enhanced images. mark the packets with 0x14 or decimal 5. Here is a snip of packets leaving layer 2 from interface to ipsec tunnel. Notice the depreciated TOS bit area
Gate:~ # tcpdump -nevvi eth3 host 172.16.10.100
tcpdump: listening on eth3, link-type EN10MB (Ethernet), capture size 96 bytes
05:48:21.454478 00:0f:1f:6a:b3:37 > 00:40:5a:2c:c1:8e, ethertype IPv4 (0x0800), length 82: (tos 0x14, ttl 252, id 18797, offset 0, flags [DF], proto UDP (17), length 68)
10.10.182.240.2055 > 172.16.10.100.2093: [udp sum ok] UDP, length 40
05:48:22.138710 00:0f:1f:6a:b3:37 > 00:40:5a:2c:c1:8e, ethertype IPv4 (0x0800), length 82: (tos 0x14, ttl 252, id 18799, offset 0, flags [DF], proto UDP (17), length 68)
10.10.182.240.2071 > 172.16.10.100.2049: [udp sum ok] UDP, length 40
05:48:22.370982 00:0d:65:8f:92:f1 > 00:40:5a:2c:c1:8e, ethertype IPv4 (0x0800), length 82: (tos 0x14, ttl 252, id 11083, offset 0, flags [DF], proto UDP (17), length 68)
172.16.50.100.2059 > 172.16.10.100.2085: [udp sum ok] UDP, length 40

True, as long as everything including any ip phones are inside the vpn and I am always thinking outside the box (vpn)

Mikelan, thanks for the compliment, I really appreciate it.

NP Derrick, you guys are all awesome in this bb. I really appreciate this Board. I have had the privilege of being hired to network Vodavi's many times. Spent a lot of time reasearch on this. Qos can be daunting esp in switches. The trouble I have had over the years is encapsulated vpn's strip the tos bit when undergoing layer two to layer 3 transformation. It is kinda deep what I have built. Linux Suse,Ubuntu and I formerly used Fedora does a good job finally with Ipsec being kept up with strongswan formly openswan has was my final solution to qos to branch offfice's. I used openvpn many years. More so the switches do the job but you have to have qos at the edge of the network as well. Lately other Vodavi techs hear have had to jump because it seems Comcast was blocking something with the H323 stuff all of a sudden voip quit if you had the voip cards or phones assinged with a public Ip. So it sure keeps it simple to go public if you can like your advice said. Any way I could go on and on about this like I said many times between 2000 and 2006 I was reseting voip or trying to solve voip issues. I think I have a "zipper on it now"
Mike