SIP Show peers

Discussion in 'General' started by sababa, Dec 1, 2010.

  1. sababa

    Joined:
    Jul 28, 2010
    Messages:
    63
    Likes Received:
    0
    Hi Everyone,

    Can someone please help me I have been going crazy with this problem for a month.

    I have a network that has a 50 by 5 cable connection going to a DD-WRT that is now split via VLANS to voice and data. The data goes to a Wireless access point and to a switch for a server and the voice goes to a PoE Switch. They are now completely separated but I am having lag issues. When someone calls in and the phone is answered the call continues to ring on other phones.
    In SIP show peers I am getting latency of 50ms and up on my yealink phones and on a linksys pap2t I am getting around 15ms.

    Has anyone run into this problem before?

    I have replaced the switches, routers and ran new cables. I am not sure what else to try.

    Any suggestions would be great.

    Thanks
    Gill

    Below is my SIP show peers results

    Name/username Host Dyn Nat ACL Port Status
    1001/1001 10.0.100.11 D N A 5062 OK (53 ms)
    1002/1002 10.0.100.12 D N A 5062 OK (55 ms)
    1003/1003 10.0.100.13 D N A 5062 OK (52 ms)
    1004/1004 10.0.100.14 D N A 5062 OK (60 ms)
    1005/1005 10.0.100.15 D N A 5062 OK (52 ms)
    1006/1006 10.0.100.16 D N A 5062 OK (58 ms)
    1007/1007 10.0.100.17 D N A 5062 OK (55 ms)
    1008/1008 10.0.100.18 D N A 5062 OK (50 ms)
    1009/1009 10.0.100.19 D N A 5062 OK (57 ms)
    1010/1010 10.0.100.20 D N A 5062 OK (52 ms)
    1011/1011 10.0.100.21 D N A 5062 OK (52 ms)
    1012/1012 10.0.100.22 D N A 5062 OK (83 ms)
    1013/1013 10.0.100.23 D N A 5062 OK (51 ms)
    1014/1014 10.0.100.24 D N A 5062 OK (52 ms)
    1015/1015 10.0.100.25 D N A 5060 OK (15 ms)
    1016/1016 10.0.100.25 D N A 5061 OK (16 ms)
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    DD-WRT especially on underpowered hardware (linksys or whatever) is not a great solution for VOIP, especially if doing QOS et al. the 200MHz cpu just craps out. OPEN-WRT is marginally faster if supported on your hardware. Think of using the box itself as the firewall, it is probably powerful enough.
     
  3. sababa

    Joined:
    Jul 28, 2010
    Messages:
    63
    Likes Received:
    0
    Thanks for the quick reply.
    What hardware would you recommend to use instead?

    Think OPEN-WRT would fix the issues on the current wrt54G? (I started off with a buffalo WHR-G300N but it doesn't support VLAN.

    Thanks so much
    Gill
     
  4. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Your asterisk box already natently supports routing, vlans, qos, firewalling and ids, why waste electricity? add a nic and go for broke ( a little RTFMing needed however)
     
  5. sababa

    Joined:
    Jul 28, 2010
    Messages:
    63
    Likes Received:
    0
    Cool I'll look into it more
    Thanks for the help.
    Any chance you can point me to a starting point to learn how to do this?
    Thanks again
     
  6. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    yum install -y vconfig # for vlan function, then man vconfig for WTF next.


    http://www.configserver.com/cp/csf.html # for an effective Firewall/IDS

    Webmin for a "cheap and cheerful" Router config (and csf frontend)

    google for any remaining problems
     
  7. sababa

    Joined:
    Jul 28, 2010
    Messages:
    63
    Likes Received:
    0
    haha
    awesome
    thank you so much!
     
  8. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Also I notice you are a RoadRunner( presumably TimeWarner) customer, I have experienced them destructively messing with my RTP connections before I dumped them, (they of course denied it even with tcpdump proof) caveat emptor.
     
  9. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    As a long time dev for m0n0wall and a former active dev for Untangle, I do not recommend just tacking a gateway on your PBX. If the PBX is on the net, you do have some hardening to look at, and it is significant.

    But, I am paranoid. :)
     
  10. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    I agree Lee but:-

    Also as a long time user of Monowall and PFsense

    .
    .
    www.configserver.com/cp/csf.html # for an effective Firewall/IDS
    .
    .

    does indeed IMHO replace effectively the Firewalls in the above two offerings for something as simple as a two nic Asterisk box, at least for a WAN/LAN type scenario, and further adds a level of IDS that I have been unable to match in the freebsd addons that can be added to the aforementioned.

    After all iptables is iptables no matter what platform you run it on, in this case it will run much better on a megaGHZ Linux box than a 200MHz cheap-ass linksys/buffalo/whatever add QOS and IPSec and you are now officially SOL on those boxen.

    As with any firewall , start off with deny all, then add what is allowed, by port, IP space, protocol, connection status, direction etc. It really isn't rocket science, just a logical brick by brick removal from the firewall to allow the minimum transparency necessary.
     
  11. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    We can agree that those WRT54G systems will not cut it anymore. Get a real system and you will notice a real difference. I use old Dell GX110 SFF systems with p3 128 meg of ram, and it is night and day.

    But I still say separating application and security is a good thing. Not always needed, but never bad.

    PS: pfsense does not use iptables... ;)
     
  12. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    The good thing about modern linuces is that all that ip stuff is now kernel based, it's a gozzinta/gozzouta thing, fast as you want and way before the application layer. sysctl.conf and iptables are your friend, pf, less so.

    Personally I'm a greenie and see no reason to waste electricity on two boxes that are basically as vulnerable as each other. What protection you put on a freebsd box are simply equally valid on the downline linux box. A simple fanless atom box with two nics will happily sit under your utility closet and service several dozen or more hosts and Asdterisk with all the protections of your own efforts.

    I hope we can agree to disagree.


    regards

    dicko
     
  13. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    We surprisingly disagree very little when you come down to it. :) (like when I came around to your side on the latvian codes with no tool chain)

    I am not un-green. I use old Dells for firewalls because they are cheap, already tested long term, last forever, and would otherwise go to a landfill. And you are correct that 2 boxes will use more power than one. But you can scope the boxes down enough to make it minimal. My firewall at home runs on an old Geode box off e-bay... There is also the advantage of having to crack two different platforms. A Linux kernel vuln will hit elastix, but not m0n0wall.

    But that said, it is a sliding scale, not an absolute. A good ipchains ruleset is not a bad way to go at all. But to lock it down tighter, have a VPN, have easy traffic shaping, and a captive portal for the wireless... No way I want all that on my phone server. Too many things to go wrong and take it all down. Then again, my mothers house does not need all that. :)

    Lastly, I have found that a good discussion teaches more than a one sided instruction. I really enjoy having someone who can do this professionally and not take things personal. (Or invoke Goodwin) :) And you have a lot of nice links to old and very valid info. I love it! Funny how often that same old wheel needs reinventing, ain't it?
     
  14. sababa

    Joined:
    Jul 28, 2010
    Messages:
    63
    Likes Received:
    0
    What do you guys think of ClearOS?
    They seem to have more documentation and may be easier to implement.
    I want to make it as easy as possible for my techs.

    Thanks so much guys.
     
  15. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    Clear OS is a MS SBS replacement. It has a lot of gateway functionality, and a web server and so on... Untangle is strictly a filtering gateway. Untangle is quite good with the fully open product, and they have paid components that add functionality if needed. (Like Kaperski AV as opposed to Clam)

    So what do you need?

    A solid firewall? (m0n0wall or Elastix as a router)
    A loaded firewall with VPN and QOS? (m0n0wall)
    A filtering gateway? (Untangle or CearOS)
    A filtering gateway with webserver and more? (ClearOS)

    http://hardforum.com/showthread.php?t=1496543
     
  16. sababa

    Joined:
    Jul 28, 2010
    Messages:
    63
    Likes Received:
    0
    Hi Lee,

    I am looking for a firewall with qos basically dd-wrt has all the functionality I need but given what dicko has said I need a more powerful platform to run it on.

    What would you recommend?

    Thanks for the help
    gill
     
  17. Lee Sharp

    Joined:
    Sep 28, 2010
    Messages:
    332
    Likes Received:
    0
    I really like m0n0wall. I am a dev, so I am biased... :) But it runs well on small hardware from an old PC, to a new Atom mini. You can also set the hard drive to sleep, and it runs from ram, so it will only spin up on boot. It also has some of the most granular QOS of any product out there. That does make it a tad complex, however. :) Best yet, you can have elastix on a routed segment with no NAT! All the protection and none of the hassle. It does, however, require a block of IPs.
     
  18. sababa

    Joined:
    Jul 28, 2010
    Messages:
    63
    Likes Received:
    0
    can I use dyndns and port forwards with m0n0wall?
    How hard would it be to set up? The nice part about dd-wrt is I can just restore a backup and change the WAN settings and I am set.
    Any similar features with m0n0wall?

    I do really really simple stuff. The most complex is the QoS and separating the voice and data netowkrs with VLANs.
     
  19. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    There is both a DDNS client and a system state backup built into monowall.
     
  20. ramoncio

    Joined:
    May 12, 2010
    Messages:
    1,663
    Likes Received:
    0
    This ClearOS looks very nice indeed!

    And unlike untangle, m0n0wall, Zentyal (former eBox) or some other well known firewall distros, it is CentOS based, so I think it might be quite doable to integrate it with Elastix.
    I have had a look at the demo and it looks very nice, I'm downloading the iso right now.

    I wish they used Zarafa as email gateway!
     

Share This Page