Solved

Request for suggestions for network traffic analysis for VOIP call quality issues

Posted on 2016-09-14
4
40 Views
Last Modified: 2016-10-14
Greetings,

I have a client who has been experiencing severe VOIP call quality issues at a small branch office for some time.  A summary of the voice/data configuration at that office is as follows:

Cable-modem circuit is from a local NYC provider, 35 X 5 speed
The cable modem circuit provides voice and data feeds, and connects via coax into an Arris cable-modem-router.
The circuit has a static IP assigned to the router, last octet .225, and a block of 5 public IP's.
The data interface from the Arris connects to a Sonicwall TZ100 firewall, which has the first available public IP at .226.
The Sonicwall LAN connects to an 8-port managed HP GB speed switch.

A secondary interface on the Arris connects to a Cisco 1841 router.  The 1841 handles the VOIP / Voice traffic, and has the next available public IP address assigned to it, at .227.
The Cisco 1841 router connects into a Cisco Catalyst switch.
The Cisco 1841 and the Catalyst are both provided and managed by the VOIP provider, which is a separate company from the cablemodem ISP.

There are 6 or 7 VOIP phones connected into the Cisco catalyst switch.
There are 2 PC's on the data circuit which are connected into the HP managed switch.
FYI the office is a building engineering office.  Engineers on different shifts work out of the office and take care of the building's electrical, HVAC, plumbing and all other aspects of commercial building operations.

The problem they've been experiencing is that when anyone in the office is using the VOIP phones, whether for outgoing or incoming calls, they intermittently experience severe dropouts.  During a typical conversation, there are invariably 1- or 2-second losses of any given conversation.  The person's speech just blanks out for that 1- or 2-second period.  The noise level on the calls is also noticeable, even when the dropouts aren't occurring.  Call quality has been so poor that the users at the branch office only make outgoing calls with their cell phones, and request that outside callers call into their cell phones whenever possible.

I've spoken to the main cablemodem circuit ISP, but they're unable to do any type of packet loss or traffic analysis monitoring.  The VOIP provider has told me that if their are line issues, it's probably the main ISP's issue.  Typical finger-pointing for these types of situations.

I've had the main ISP run health checks for a full week on the cablemodem circuit.  They found that the signal to the cablemodem was stable and at a good level.  On 2 to 3 occasions during the week, they saw that there was a traffic overage on the upstream side, which is somewhat strange, since there are maybe 3 or 4 calls taking place at one time, and only a couple of PC's.  The users on the PC's are using Citrix to access email remotely, so there is very little upstream traffic they should be generating.  I understand from conversations I've had with various VOIP professionals that a typical VOIP call takes max c. 125K of bandwidth, so between say 4 or 5 calls going on and limited upstream data traffic, I don't know how that ends up generating traffic overages on a circuit with 5 MB upstream capacity.  

I checked the HP switch on the data side, and don't see any bad packets or errors accumulated after 2 months of that switch monitoring the data traffic.  I've had the main circuit ISP check and confirm that ALG and H225 are disabled on the Arris cablemodem.

My career professional experience has been pretty much all on the data side, but I've been asked to see if I can assist on this and locate the source of the voice issues.  If this can't be resolved, they've told me that they want to put in a T1 for the voice connectivity.  I believe a T1 will be much more expensive, and although proven technology, it's also somewhat dated.  So I'm hoping I can get the current configuration working properly and save them the expense of a T1.

I'm requesting anyone's suggestions on what is the most effective way to diagnose this type of issue.  Can you please suggest:

1) Network monitoring software you'd recommend
2) General methodology / approach towards locating the issue source

Any and all suggestions would be appreciated.   Thanks.
0
Comment
Question by:jkirman
  • 2
4 Comments
 
LVL 5

Expert Comment

by:JSpoor
Comment Utility
Did you try to use the SonicWALL's bandwidth management features?



View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on http://apt-demo.com or http://atp.demo.com

You can also view the Next-Generation Firewalls via
http://next-generation-firewall.com or http://next-generation-firewall-demo.com
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 500 total points
Comment Utility
If I read it all correctly, it's the Sonicwall for all data, and the Cisco for all VOIP. Therefore, ruling out data traffic is only a matter of disconnecting the Sonicwall, and placing a few phone calls.
If the calls are suddenly clear and non-dropping, it IS the data connection causing the problem (please note, Windows Update on newer PC's use peer-to-peer to the internet by default. but could also be other things, but at least you know where to look next)
If the calls are just as bad, the finger pointing could still go on for eternity (since you can't really figure out if the VOIP provider is providing bad service, or the routing of your ISP is causing the bad traffic, both cannot be tested by your properly, other than having the same VOIP provider in the same region on anotter network)
0
 

Author Comment

by:jkirman
Comment Utility
Kimputer thanks for the thoughts.  I'll be doing that basic voice-train only (i.e. shutting down/disconnecting the firewall) test early next week and will post results here.
0
 

Author Closing Comment

by:jkirman
Comment Utility
Kimputer sorry for the delay in closing this out and rewarding the points.  I did isolate the voice communications by pulling out the data, but there was not much difference.  The carriers involved were basically useless in doing anything besides saying that their tests showed no issues from their respective sides.  In the end the client will be replacing the combined voice + data lines with separate circuits for voice and data.  Thanks again for your input.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
Article by: user_n
How Sip Phone (User Agent) works and communicates with sip servers 1.  There is a sip server and a sip registrar.  The sip server and sip registrar can be one server or two different servers. The sip registrar is the server on which it is record…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now