Link to home
Create AccountLog in
Avatar of jkirman
jkirmanFlag for United States of America

asked on

Request for suggestions for network traffic analysis for VOIP call quality issues


I have a client who has been experiencing severe VOIP call quality issues at a small branch office for some time.  A summary of the voice/data configuration at that office is as follows:

Cable-modem circuit is from a local NYC provider, 35 X 5 speed
The cable modem circuit provides voice and data feeds, and connects via coax into an Arris cable-modem-router.
The circuit has a static IP assigned to the router, last octet .225, and a block of 5 public IP's.
The data interface from the Arris connects to a Sonicwall TZ100 firewall, which has the first available public IP at .226.
The Sonicwall LAN connects to an 8-port managed HP GB speed switch.

A secondary interface on the Arris connects to a Cisco 1841 router.  The 1841 handles the VOIP / Voice traffic, and has the next available public IP address assigned to it, at .227.
The Cisco 1841 router connects into a Cisco Catalyst switch.
The Cisco 1841 and the Catalyst are both provided and managed by the VOIP provider, which is a separate company from the cablemodem ISP.

There are 6 or 7 VOIP phones connected into the Cisco catalyst switch.
There are 2 PC's on the data circuit which are connected into the HP managed switch.
FYI the office is a building engineering office.  Engineers on different shifts work out of the office and take care of the building's electrical, HVAC, plumbing and all other aspects of commercial building operations.

The problem they've been experiencing is that when anyone in the office is using the VOIP phones, whether for outgoing or incoming calls, they intermittently experience severe dropouts.  During a typical conversation, there are invariably 1- or 2-second losses of any given conversation.  The person's speech just blanks out for that 1- or 2-second period.  The noise level on the calls is also noticeable, even when the dropouts aren't occurring.  Call quality has been so poor that the users at the branch office only make outgoing calls with their cell phones, and request that outside callers call into their cell phones whenever possible.

I've spoken to the main cablemodem circuit ISP, but they're unable to do any type of packet loss or traffic analysis monitoring.  The VOIP provider has told me that if their are line issues, it's probably the main ISP's issue.  Typical finger-pointing for these types of situations.

I've had the main ISP run health checks for a full week on the cablemodem circuit.  They found that the signal to the cablemodem was stable and at a good level.  On 2 to 3 occasions during the week, they saw that there was a traffic overage on the upstream side, which is somewhat strange, since there are maybe 3 or 4 calls taking place at one time, and only a couple of PC's.  The users on the PC's are using Citrix to access email remotely, so there is very little upstream traffic they should be generating.  I understand from conversations I've had with various VOIP professionals that a typical VOIP call takes max c. 125K of bandwidth, so between say 4 or 5 calls going on and limited upstream data traffic, I don't know how that ends up generating traffic overages on a circuit with 5 MB upstream capacity.  

I checked the HP switch on the data side, and don't see any bad packets or errors accumulated after 2 months of that switch monitoring the data traffic.  I've had the main circuit ISP check and confirm that ALG and H225 are disabled on the Arris cablemodem.

My career professional experience has been pretty much all on the data side, but I've been asked to see if I can assist on this and locate the source of the voice issues.  If this can't be resolved, they've told me that they want to put in a T1 for the voice connectivity.  I believe a T1 will be much more expensive, and although proven technology, it's also somewhat dated.  So I'm hoping I can get the current configuration working properly and save them the expense of a T1.

I'm requesting anyone's suggestions on what is the most effective way to diagnose this type of issue.  Can you please suggest:

1) Network monitoring software you'd recommend
2) General methodology / approach towards locating the issue source

Any and all suggestions would be appreciated.   Thanks.
Avatar of J Spoor
J Spoor
Flag of Netherlands image

Did you try to use the SonicWALL's bandwidth management features?

View example configurations and the SonicWALL webui and features on or

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on or

You can also view the Next-Generation Firewalls via or
Avatar of Kimputer

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of jkirman


Kimputer thanks for the thoughts.  I'll be doing that basic voice-train only (i.e. shutting down/disconnecting the firewall) test early next week and will post results here.
Avatar of jkirman


Kimputer sorry for the delay in closing this out and rewarding the points.  I did isolate the voice communications by pulling out the data, but there was not much difference.  The carriers involved were basically useless in doing anything besides saying that their tests showed no issues from their respective sides.  In the end the client will be replacing the combined voice + data lines with separate circuits for voice and data.  Thanks again for your input.