Author |
Message |
nico-adenc Brekeke Member
Joined: 27 Sep 2017 Posts: 24
Location: NL
|
Posted: Mon Jun 04, 2018 2:42 pm Post subject: problem with don't fragment marked packets. |
|
|
1. Brekeke Product Name and Version:
Brekeke PBX, Version 3.2.4.3 , Pro
2. Java version:
openjdk version "1.8.0_161"
3. OS type and the version:
Linux, ClearOS release 7.4.0 (Final)
4. UA (phone), gateway or other hardware/software involved:
na.
5. Your problem:
When connecting to an ISP some people cannot reach us.
Another ISP (behind the isp involved...) sends bigger lists of CODEC's
causing non delivery because packets are marked don't fragment.
(packets become: ~1680 bytes in size, this was verifyied using a simple SIP sip phone that DOES work on the same connection.)
So how to prevent setting the Don't fragment bit from our (brekeke) side.
The only matches i found with "Fragment" & Brekeke point to some PCAP dumps on this forum. without any hint.
I also tried Registring using TCP but it doesn't seem to work either.
(at least we don't see calls coming in.)
Note this is only for a certain VOIP provider and only from a certain range of numbers from them. Other number can just call no problem at all. (And it all worked until somewhere 6 weeks ago..., we now seem to have found why it doesn't work, >1500 byte sized UDP frame seem to get dropped.)
Last edited by nico-adenc on Wed Jun 06, 2018 12:16 pm; edited 1 time in total |
|
Back to top |
|
janP Brekeke Master Guru
Joined: 25 Nov 2007 Posts: 336
|
Posted: Tue Jun 05, 2018 1:41 am Post subject: |
|
|
Have you tuned [Maximum UDP packet size] setting at [Configuration]->[SIP] page?
If the issue persists, try TCP again. It should be one of solutions.
Also I recommend that you update Java and Brekeke PBX version.
The latest version of Brekeke PBX is 3.8.5.2. |
|
Back to top |
|
nico-adenc Brekeke Member
Joined: 27 Sep 2017 Posts: 24
Location: NL
|
Posted: Tue Jun 05, 2018 2:15 am Post subject: |
|
|
Ok didn't realize that one [SIP packet size] because "Check Packet size" above it is off.
Does it clear the "Don't fragment" bit..?
Appearantly not:
Internet Protocol Version 4, Src: 192.168.98.30 (192.168.98.30), Dst: xx.xx.xx.xx
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x04 (DSCP 0x01: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 01.. = Differentiated Services Codepoint: Unknown (0x01)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 497
Identification: 0x4b41 (19265)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x14a4 [validation disabled]
[Good: False]
[Bad: False]
Source: 192.168.98.30 (192.168.98.30)
Destination: xx.xx.xx.xx
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
So any router it will pass won't fragment it but drop the frame if too large.
The actual MTU on this link is more around 1468 because at least one PPPoE is used somewhere.
OpenJDK has no newer VM yet.
:: java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64 |
|
Back to top |
|
nico-adenc Brekeke Member
Joined: 27 Sep 2017 Posts: 24
Location: NL
|
Posted: Wed Jun 06, 2018 1:53 am Post subject: |
|
|
TCP gives upstream problems, after a while no calls come in anymore.
(upstream problem somewhere as i see REGISTER packet leave every 5 minutes.)
The UDP packets are from both sides, marked as Don't fragment. |
|
Back to top |
|
Mohney Brekeke Talented
Joined: 20 Nov 2007 Posts: 79
|
Posted: Thu Jun 07, 2018 2:00 pm Post subject: |
|
|
> TCP gives upstream problems, after a while no calls come in anymore.
It seems there is another issue with TCP...
> The UDP packets are from both sides, marked as Don't fragment.
For Linux, you may need to tune iptables or use sysctl command for resetting DF flag. You will find some solutions by googling.
If the issue still persists, contact Brekeke's tech support and ask them to analyze pcap file. |
|
Back to top |
|
nico-adenc Brekeke Member
Joined: 27 Sep 2017 Posts: 24
Location: NL
|
Posted: Thu Jun 07, 2018 4:20 pm Post subject: |
|
|
I might be able to Send packet without Don't fragment...
(mangle and mask a few bits...)
But i will NEVER receive packets that are larger > 1492 (MTU) and have don't fragment set. as the upstream router will drop those before sending them down the ppp link.
Which was the original cause of problems. Some ISP beyond our ISP created larger packets by adding more codecs to the mix.
That's why TCP was tried, it works for a while... and then fails (most probably a firewall forgetting a session after a few (10-30) minutes of inactivity (which will happen when only once per hour is registered).
That's why i had register intervals at 5 minutes, but that still fails after a few hours. |
|
Back to top |
|
Mohney Brekeke Talented
Joined: 20 Nov 2007 Posts: 79
|
|
Back to top |
|
|