Request for suggestions for network traffic analysis for VOIP call quality issues

Posted on 2016-09-14
Medium Priority
Last Modified: 2016-10-14

I have a client who has been experiencing severe VOIP call quality issues at a small branch office for some time.  A summary of the voice/data configuration at that office is as follows:

Cable-modem circuit is from a local NYC provider, 35 X 5 speed
The cable modem circuit provides voice and data feeds, and connects via coax into an Arris cable-modem-router.
The circuit has a static IP assigned to the router, last octet .225, and a block of 5 public IP's.
The data interface from the Arris connects to a Sonicwall TZ100 firewall, which has the first available public IP at .226.
The Sonicwall LAN connects to an 8-port managed HP GB speed switch.

A secondary interface on the Arris connects to a Cisco 1841 router.  The 1841 handles the VOIP / Voice traffic, and has the next available public IP address assigned to it, at .227.
The Cisco 1841 router connects into a Cisco Catalyst switch.
The Cisco 1841 and the Catalyst are both provided and managed by the VOIP provider, which is a separate company from the cablemodem ISP.

There are 6 or 7 VOIP phones connected into the Cisco catalyst switch.
There are 2 PC's on the data circuit which are connected into the HP managed switch.
FYI the office is a building engineering office.  Engineers on different shifts work out of the office and take care of the building's electrical, HVAC, plumbing and all other aspects of commercial building operations.

The problem they've been experiencing is that when anyone in the office is using the VOIP phones, whether for outgoing or incoming calls, they intermittently experience severe dropouts.  During a typical conversation, there are invariably 1- or 2-second losses of any given conversation.  The person's speech just blanks out for that 1- or 2-second period.  The noise level on the calls is also noticeable, even when the dropouts aren't occurring.  Call quality has been so poor that the users at the branch office only make outgoing calls with their cell phones, and request that outside callers call into their cell phones whenever possible.

I've spoken to the main cablemodem circuit ISP, but they're unable to do any type of packet loss or traffic analysis monitoring.  The VOIP provider has told me that if their are line issues, it's probably the main ISP's issue.  Typical finger-pointing for these types of situations.

I've had the main ISP run health checks for a full week on the cablemodem circuit.  They found that the signal to the cablemodem was stable and at a good level.  On 2 to 3 occasions during the week, they saw that there was a traffic overage on the upstream side, which is somewhat strange, since there are maybe 3 or 4 calls taking place at one time, and only a couple of PC's.  The users on the PC's are using Citrix to access email remotely, so there is very little upstream traffic they should be generating.  I understand from conversations I've had with various VOIP professionals that a typical VOIP call takes max c. 125K of bandwidth, so between say 4 or 5 calls going on and limited upstream data traffic, I don't know how that ends up generating traffic overages on a circuit with 5 MB upstream capacity.  

I checked the HP switch on the data side, and don't see any bad packets or errors accumulated after 2 months of that switch monitoring the data traffic.  I've had the main circuit ISP check and confirm that ALG and H225 are disabled on the Arris cablemodem.

My career professional experience has been pretty much all on the data side, but I've been asked to see if I can assist on this and locate the source of the voice issues.  If this can't be resolved, they've told me that they want to put in a T1 for the voice connectivity.  I believe a T1 will be much more expensive, and although proven technology, it's also somewhat dated.  So I'm hoping I can get the current configuration working properly and save them the expense of a T1.

I'm requesting anyone's suggestions on what is the most effective way to diagnose this type of issue.  Can you please suggest:

1) Network monitoring software you'd recommend
2) General methodology / approach towards locating the issue source

Any and all suggestions would be appreciated.   Thanks.
Question by:jkirman
  • 2
LVL 10

Expert Comment

by:J Spoor
ID: 41799291
Did you try to use the SonicWALL's bandwidth management features?

View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com

Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on http://apt-demo.com or http://atp.demo.com

You can also view the Next-Generation Firewalls via
http://next-generation-firewall.com or http://next-generation-firewall-demo.com
LVL 37

Accepted Solution

Kimputer earned 2000 total points
ID: 41799506
If I read it all correctly, it's the Sonicwall for all data, and the Cisco for all VOIP. Therefore, ruling out data traffic is only a matter of disconnecting the Sonicwall, and placing a few phone calls.
If the calls are suddenly clear and non-dropping, it IS the data connection causing the problem (please note, Windows Update on newer PC's use peer-to-peer to the internet by default. but could also be other things, but at least you know where to look next)
If the calls are just as bad, the finger pointing could still go on for eternity (since you can't really figure out if the VOIP provider is providing bad service, or the routing of your ISP is causing the bad traffic, both cannot be tested by your properly, other than having the same VOIP provider in the same region on anotter network)

Author Comment

ID: 41801989
Kimputer thanks for the thoughts.  I'll be doing that basic voice-train only (i.e. shutting down/disconnecting the firewall) test early next week and will post results here.

Author Closing Comment

ID: 41843971
Kimputer sorry for the delay in closing this out and rewarding the points.  I did isolate the voice communications by pulling out the data, but there was not much difference.  The carriers involved were basically useless in doing anything besides saying that their tests showed no issues from their respective sides.  In the end the client will be replacing the combined voice + data lines with separate circuits for voice and data.  Thanks again for your input.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question