Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME VoIP (Asterisk, SAIL etc)
  4. Topic: Vigor Routers - beware
« previous next »
Pages: [1]   Go Down

Vigor Routers - beware

  • 3 Replies
  • 1701 Views

Offline SARK devs

  • *****
  • 2,806
  • +1/-0
    • http://sarkpbx.com
Vigor Routers - beware
« on: August 31, 2007, 07:07:00 PM »
HI all,

Just a heads up for those of you who are installing asterisk based systems in the field.  We almost lost an account last week because we were randomly (apparently) dropping calls.  Looking at the logs, it looked as though we were losing communication with the carrier (carrier was going UNREACHABLE).  Fortunately, we were using a carrier who we know well and they kindly agreed to log the IP traffic in to them for us.  We also had a trace put onto the DSL line by the provider. Unfortunately, everyone came up blank.  Neither we, nor the carrier nor the DSL provider could see why we were going off-line.     Major head-scratching time.  In all the time we've worked with Asterisk, we have NEVER known it to drop a call.  Eventually, we decided to look at the router (which had been supplied by a third party, who knew we were running VoIP operations and who had set the router up for us and the customer)... 

Turns out that the Vigor router has a not-so-smart DoS detection and prevention mechanism.  Every time the packet rate exceeds a preset DoSattack threshold (which was co-incidentally, or maybe accidentally,  set by our "Voip expert" networking partner to happen at about 2 simultaneous calls), the router assumes it is under attack and shuts itself down for 10 seconds.  Wonderful.  We turned off the mechanism (might have been smarter to have simply upped the packet rate, but we were so pissed off with the Vigor that we didn't bother).  Problem solved.  :)

Kind Regards

S

 

Logged

Offline hervep

  • ***
  • 70
  • +0/-0
Re: Vigor Routers - beware
« Reply #1 on: September 01, 2007, 07:17:34 AM »
... you can also ask the router to log everything you want/need onto the SME directly. In case of trouble, it makes debugging easier :

1) Open your SME as Syslog server ( http://wiki.contribs.org/Syslog ).

2) Ask your router to send events to port 514 of the SME ( Router menu / system maintenance / Syslog & mail alert ).

Best,

Hervé
Logged

Offline SARK devs

  • *****
  • 2,806
  • +1/-0
    • http://sarkpbx.com
Re: Vigor Routers - beware
« Reply #2 on: September 01, 2007, 01:28:28 PM »
Thanks Herve,

That was how we caught it in the end. Don't get me wrong, these are very good routers, I just wanted to make sure no-one else got caught out the same way. :-)

Best

J
Logged

Offline rcasado

  • **
  • 24
  • +0/-0
Re: Vigor Routers - beware
« Reply #3 on: September 01, 2007, 03:15:21 PM »
Flood defense (Firewall >> DoS Defense) settings are set for one SIP connection (by default, if enabled). You'll probably want to increase the settings by 100% (per channel) if you're using a multi channel SIP setup. I agree that it would be nice to have a "trusted IP" section somewhere in the Firewall but there isn't. All things considered, SIP is a sloppy protocol at best and vulnerabilities / problems are bound to occur because of its nature.

You didn't specify the model... Did you update to the latest firmware?
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME VoIP (Asterisk, SAIL etc)
  4. Topic: Vigor Routers - beware