Softphone Direct Media Path - I can't disable it, no audio on internal calls - HELP!!

[jeffstev]

So I've got 50 remote workers making calls no problem. when we try to call each other we get no audio. We solved this problem in our remote sites before by unchecking "Allow direct Media Path" on each physical extn. but this is greyed out for all my SIP Softphone extns. I have plenty of VCM channels available and everything else is working great. we've tried opening up all ports & all traffic between two PF Sense VPN endpoints as a test and that didn't work.

Anyone have any ideas? the SIP Softphone extns were auto generated it appears and they are assigned an IP address of each VPN user.

HELP!!!

Routes

 

[rlsabin]

I ran into this yesterday on some softphone clients at a customer site. There is a No User Source Number that disables direct media system wide. It fixed the issue I was having. The NUSN is DISABLE_DIRECT_MEDIA. Hope it works for you as well.

Rick

 

[jeffstev]

Ok that's super interesting and I really appreciate the info. We've been working nonstop on this for 2 solid days getting nowhere and my CTO and I are no slouches when it comes to routing, sniffers, software,etc. The Avaya folks are clueless.

Can you explain how that no user source number works? Where is it defined, what do I assign it to, etc?

We have to keep all of our users user login extensions as is. They are coded and referenced in literally dozens of places in our CRM, accounting, dialers, games, leaderboards, etc.

Jeff

 

[sizbut]

NUSN stands for 'NoUser Source Number'. In your system's configuration, look for the user called 'NoUser'. On their Source Number tab, add DISABLE_DIRECT_MEDIA. You may have to reboot the system for the new value to take effect.

Stuck in a never ending cycle of file copying.

 

[jeffstev]

OK, found it. It rang a bell before. For those others reading this thread it's here:

I'll be testing as soon as my CTO wakes up. I'm totally leaving him alone this AM - it's been a BRUTAL week, but we are now 100% remote in all offices in 3 states now. Absolutely heroic efforts by my entire management and tech teams.


EDIT: I tested w/ one of my mgrs who couldn't call me all last week and it works for him, so Im assuming its resolved. If not, I'll post here again.

Jeff

 

[janni78]

It should fix your issues.

The main problem is that your IPO is acting like a router and that is why you can't do Direct Media.
You should never need more than a default route in the IPO and let your network equipment handle all the routing, there are only a few very rare cases where I would allow to have more than a default route in the PBX.

"Trying is the first step to failure..." - Homer

 

[jeffstev]

What would that default route look like? Let’s get this thread to be totally accurate for others. There are lots of questions on this site regarding this specific problem and no other answers that mention this particular solution.

Jeff

 

[janni78]

Normally you would only have the 0.0.0.0 route pointing to your router, and that would handle routing to all other networks.
You want all routing to be handled by your routers/firewalls and not by specific devices (in this case IP Office).

In this case 10.222.1.0 and 10.223.0.0 points to another router, 10.201.1.0 and 10.207.1.0 points to a third router connected on LAN2.
There's no simple answer on how this can be fixed since it requires insight in how the network is configured to know what needs to be changed.
Basically you want to treat the IP Office as any other server placed in LAN, Server Network, VoIP Network or DMZ and let the firewalls handle who and what can connect to it.

"Trying is the first step to failure..." - Homer

 

[jeffstev]

In other words, use LAN1 for everything and don't use LAN2.

Would this be true when we have VPN's to 2 remote offices as well as other locations? the LAN2 connection is where all our VPN's traffic terminate. Not for any particular reason, I might add.

Also, what benefit is there to direct media paths from station to station? Assume I have plenty of VCMs available and I want the best possible quality on voice calls that I can get.

Jeff

 

[gwebster]

For an IP to IP connection, you want direct media path as much as possible. Every conversion from IP <-> digital adds delay and losses. Delays and losses degrade audio performance. This is especially true if you are using low-bandwidth codecs such as G729. You can take a connection which is already marginal audio quality into a poor quality range. [pre][/pre]

 

[janni78]

You would want all you external connections to terminate on your main firewall, internet, remote offices, vpn etc.


"Trying is the first step to failure..." - Homer

 

[jeffstev]

I know enough to be dangerous when it comes to IP routing (I installed the very first cisco router at Chevron with 55,000 employees in 1990), but complex VPN's are on a whole new technical level.

We have one centrally located IP Office500V2

If our end stations are using a point to point VPN to reach our corp network, then routed to the switch to dial out which uses a SIP trunk line to call out over our SIP provider's network - by definition, aren't they are using a VCM in the switch? would direct media path benefit us in any way in this scenario?

Also, Once we started adding remote locations over site to site VPNs, we had to disable direct media path on all our deskphone extensions for audio to work on all internal calls to those remote site deskphones. We never did go further than that in investigating why, but clearly, it is a routing problem as described above.

I've been assured (not a strong enough word) by my CTO that he knows what he's doing wrt routing and keeping things more simple with each endpoint now using a personal VPN on their desktops, so many to one, hence why he says he set the routing entries on the switch on LAN2.

If we don't derive any benefit other than my internal calls being "better" then I'm going to recommend we leave well enough alone and not slay this dragon today as we already use the G711 codec on all calls as we have plenty of BW for it and they sound ok.

I'm curious as to why we even need to have LAN2 enabled to begin with rather than just using one default route as Janni78 points out.

I know this is complex, and to get it working, each VPN endpoint would need the ability to pass RTP to each other to establish that direct media path, not a trivial exercise. I personally find this topic very interesting, and I'm sure others are battling the same issues, either today or soon.

Jeff

Interesting info I found on comparing G729 and G711 codecs and bandwidth usage

https://fitsmallbusiness.com/g729-vs-g711-voip-codecs/

 

[derfloh]

With many site to site VPNs from branches to Central usually only connections to the subnets of the central site are routed through the tunnel. But routing between different branch sites is usually not configured.

That's why direct media will not work in that case.

IP Office remote service
Fixed price SIP trunk configuration
CLI based call blocking
SCN fallback over PSTN

 

[janni78]

If I'm gonna allow traffic from one remote site to another I might as well allow it directly in the firewall/VPN router than anchor all my calls through the IP Office.
Bypassing this by disabling direct media is just fixing something the network team didn't think about.

In reality in some cases you need to disable direct media cause it's not possible to get direct routing to work in the current setup and the work it would require is to much.

"Trying is the first step to failure..." - Homer