[AusNOG] Cisco ISR4431 SIP ALG causing SIP registration drops
rhys at nexusone.com.au
Wed Dec 9 15:49:34 EST 2020
We've just deployed a Cisco ISR4431 for a customer, but have noticed issues with SIP registrations dropping out. We are using our own Hosted VOIP platform that is external to the customer, and if we roll back to their old 891F there are no issues. I haven't deployed an ISR 4000 series before, but have already tried turning off the SIP ALG as below.
Does any know how I can ask the router nicely to please leave our SIP traffic alone?
It seems like the 4431 has a more involved SIP ALG (I've never had to disable it before on Cisco IOS). I've already done the following to turn it off (supposedly) but while this did help quite a bit we're still seeing weird issues (mostly registrations dropping, other issues likely related to that). From what I can tell the Cisco is still processing SIP traffic to some degree, despite disabling the ALG.
>From what I've seen in pcaps _some_ phones are not responding to SIP OPTIONS packets.
How I'm disabling the SIP ALG - we do use TCP and UDP 5060 for SIP, but no other ports.
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
Still seeing the SIP ALG feature doing things:
office#show hardware qfp active feature alg statistics sip l7data
SIP info pool used chunk entries number: 281
Hashindex: 93 l7_data: 0x34d02940 callid: 57ea4a7744cb82c675b5197167234e0d wlock_cnt: 0
Hashindex: 94 l7_data: 0x34cf4800 callid: 1_1541420790 wlock_cnt: 0
Hashindex: 97 l7_data: 0x34cde520 callid: 0_1697534698 wlock_cnt: 0
Hashindex: 99 l7_data: 0x34cf6180 callid: 39a414f04770bd18394131045cf911fe wlock_cnt: 0
Hashindex: 111 l7_data: 0x34cd1920 callid: 0_1733741690 wlock_cnt: 0
The config is largely identical to what we ran on the 891F, just some minor changes to interface names and some syntax changes.
This is what we're running:
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.8.3, RELEASE SOFTWARE (fc2)
I can't find anything else to go on right now, so a firmware upgrade is next but hoping someone else has seen this before.
Chief Information Officer
Nexus One Pty Ltd
E: support at nexusone.com.au<mailto:support at nexusone.com.au>
P: +61 2 9191 0606
M: PO Box A356 Sydney South, NSW 1235
A: Suite 12.03, Level 12, 227 Elizabeth Street, Sydney NSW 2000
The information in this email and or any of the attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd, or third parties; and or b. Legally privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd, or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties.
If you are not an authorised recipient of this email, please contact the sender immediately by return email or by telephone on 02 91910600 and delete the email from your system.
We do not accept any liability in connection with any computer virus, data corruption, interruption or any damage generally as a result of transmission of this email.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG