Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SIP Failover redundant ISPs 3

Status
Not open for further replies.

teletechman

Technical User
Aug 27, 2008
1,685
US
I have a customer that has 2 internet feeds one from cable one from Wireless for internet that have 2 different public IPs. We are using SIP and I have it set up and working off the main internet feed, but when it fails over to the backup there is no voice. It seems that this is because of the network topology that has the main ISP public address so the voice packets get sent back to that from the provider. Does anyone have any suggestions on this?
Mike
 
you could try changing the network topology for the SIP trunk to "None", also make sure keep-alives are enabled on the System>LAN>VoIP tab
 
@gknight1 But that doesn't fix the public IP being pointed at the wrong ISP.

Will your provider let you register to them twice? If so you could use both the LAN and WAN port with the network topology setup for each ISP. That is about the only way I can think of making this work and that is only if your SIP provider would let you register twice from both public IPs at the same time.

The truth is just an excuse for lack of imagination.
 
if you leave the public IP blank it should work I believe
 
I thought that if you leave it blank it sends the LAN 1 address instead which is private, not sure if the firewall can adjust for that?
Mike
 
Configure a STUN server address, it should automatically discover the public IP being used and send with the requests
 
But won't STUN only happen on a reboot? This failover is on the fly where the primary internet circuit goes down.
Mike
 
Leaving the public IP blank and enabling SIP ALG (yuck I know) might work but I can say I have never tried that that setup.

Conversely TTT is right (surprise surprise lol). It seems that the Run STUN on startup not only runs it on reboot it also runs it on lose of connection to the SIP server (I did not know that!)

From Manager help (which is pretty helpful)
"This option is used in conjunction with values automatically discovered using Run STUN. When selected, the system will rerun STUN discovery whenever the system is rebooted or connection failure to the SIP server occurs."

Pink for TTT

The truth is just an excuse for lack of imagination.
 
I would say you need a SBC for this, this way IP Office doesn't need to know which trunk is currently used.

"Trying is the first step to failure..." - Homer
 
I just ran the test to see if the stun would find the correct public IP address. I can watch the SIP trunks go out of service for about 45 seconds then reconnect. The problem is STUN never reran when the trunks came back up so the IPO is still using the main public IP not the back up.
Mike
 
I've had this running multiple ways.

1) Use BGP or similar failover IP routing. Always had same ISP, different trunks to do this. May not be possible with different ISP's.
2) Mentioned already - Have SIP provider have second setup for alternate link. Some providers will do this without question as long as you explain it is for failover only. I've had others that needed convincing. I've only had one that wouldn't/couldn't do it.
3) Have SIP provider use a VPN tunnel with failover to the 2 gateways on your end - This one is the cleanest. Your PBX doesn't know its a different link, but will require something that can do VPN with a redundant gateway.

I believe you'd still need #2 setup to use an SBC, but it would be a great setup. Depending on your requirements, may be more than needed.
For the STUN option, your SIP provider may still need to know your 2nd IP. i.e. #2. With #2 and STUN you can use a single SIP config in your PBX. Or just #2 and 2nd SIP config and failover routing in the PBX.

 
I tried to set the topology to none to test and it would not even allow a call if I removed the public IP address as the provider was seeing my private address. I am talking to the IT Provider to see if the Watchguard Firewall can do the address translation in ALG. What I need done is when I send the private address from the IPO to the firewall it will change it to the public that is available at that time, meaning primary or back up ISP address.
Mike
 
Well if the IPO is sending the internal IP that means your firewall is not re-writing the SIP packet as intended. I am not real familiar with Watchguard but I have seen some firewalls handle the SIP ALG(or transformations or helper or whatever they want to call it) and have it work with no public IP entered in the IPO. In fact in those cases entering the public IP broke it and removing it fixed it.

The truth is just an excuse for lack of imagination.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top