Dual NIC PBX vs Mikrotik setup

Discussion in '3CX Phone System - General' started by h2009, Nov 11, 2010.

Thread Status:
Not open for further replies.
  1. h2009

    h2009 Member

    Joined:
    Mar 15, 2008
    Messages:
    447
    Likes Received:
    0
    Hi there,
    I'm looking for some information before I change one of our setup's from thoses that have done this before.
    A the moment one of the biggest offices that we supply has the following setup:

    2x cable connections - 50mb & 10mb.
    Controlled by Mikrotik RB450G, with failover routing and QoS.
    eth1 = 10mb line is for remote management and VOIP (public IP routing directly to the PBX - stun off)
    eth2 = 50mb line is for all internet traffic
    eth3 = LAN (to switch)

    At the moment we have facing a strange intermitting issues:
    1) Sometime incoming calls are not routed to the PBX (random; I've never seen it occur, but the users have)
    2) All calls after 15-25 minutes have one way audio
    3) After an internet/power failure - all outbound SIP registrations do not work - If I disable the 50mb connection; for a few minutes allowing the PBX to send a SIP registration, it will work and then enable the 50mb line and normal configuration works again.

    Now I'm sure the PBX is working fine; but it has to be something with the mikrotik configuration, but I've hired a few experts which cant see why its occuring.
    For that reason I'm looking into a using a dual NICs on the server - one facing the internal side of LAN and one for WAN connection to the 10mb line. But before I go about this, what is the best way of changing the setup? Shall I do a reinstall of the 3CX?
    Also in terms of security; the PBX is running on windows 7 (company requested); what would be the most suitable method to secure the PC? Would you recommend using dual NICs?

    Alternatively; what hardware do you use when have separate WAN's for general traffic and VOIP traffic?

    Thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. LeonidasG

    LeonidasG Support Team
    Staff Member 3CX Support

    Joined:
    Nov 19, 2008
    Messages:
    1,455
    Likes Received:
    92
    Hi,

    Your experts may not be what they seem to be :mrgreen:

    This all just sounds like you're having routing issues with your Network cards.
    Try doing the following for all of your network cards:





    Alternatively your experts should be able to configure the correct routing settings for each Network Interface.
     

    Attached Files:

    • hint.JPG
      hint.JPG
      File size:
      106.2 KB
      Views:
      1,734
    • 2.jpg
      2.jpg
      File size:
      29.5 KB
      Views:
      1,733
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. h2009

    h2009 Member

    Joined:
    Mar 15, 2008
    Messages:
    447
    Likes Received:
    0
    Hi thanks for your post. I think there is a slight confusion on this....
    The current setup is only using 1 network card, directly plugged into the routerboard.

    I was simply thinking about switching to using dual NICs as a replacement.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. LeonidasG

    LeonidasG Support Team
    Staff Member 3CX Support

    Joined:
    Nov 19, 2008
    Messages:
    1,455
    Likes Received:
    92
    If you've got no audio for 15-25 minutes each time i'd suggest checking any firewalls you might have enabled on the network for proper port configuration/Sip Modifying settings in the firewall it's self.

    Although what you want to do sounds nice, there's the chance that the issue may be somewhere else and you might end up doing the upgrade for nothing.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. h2009

    h2009 Member

    Joined:
    Mar 15, 2008
    Messages:
    447
    Likes Received:
    0
    Well the audio issues only occur 15-25 minutes into a fully working call; so it seems the inital call setup is fine. I think the only message received on the 3CX logs is 'no audio received'.

    The firewalls have packet marking (sip packet inspection, IP address marking) - and the ports are fully open in accordance to the blog page. Its almost like the connections are being dropped after X amount of time. I did have an issues in the past whereby STUN was used; and every 300 seconds the call would drop; when STUN check was issued by the PBX. Now that STUN is off that fixed the issue back then and calls worked for hours. Now the issue is back again; but STUN is still off.

    Also the PC's firewall (Microsofts) is turned off and there is no other software protection.
    3CX firewall checker passes through without delay or any issues.

    For this reason, I was thinking that a direct connection to the internet would remove any issues with the router (if its at fault).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Interesting issue. The RB450G is our #1 choice for clients for the reason of flexibility and load balancing/failover. Not a very user friendly beast but a very good one. From what you described your configuration may have issues. You certainly have a ton of CPU and RAM power on the 450 (especially if you are not using VPN heavily).
    Dual NIC is a bad idea unless you know how to configure it perfectly and with 7 I would be 100% against it.

    ENABLE STUN and take a look at how you setup your failover. You could be intermittently using WAN1/WAN2 causing the issues. Enable keep-alives. There are a lot of "MikroTik Experts" out there... (sarcasm)

    Get Winbox and keep an eye on the IP>FIREWALL>CONNECTIONS TAB.

    Often "Experts" create an inbound rules DSTNAT and forget to use a SRCNAT correctly for outbound (or NETMAP)

    99% of the issues are with the failover setups on the router....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. h2009

    h2009 Member

    Joined:
    Mar 15, 2008
    Messages:
    447
    Likes Received:
    0
    Hi thanks for your reply; I love using mikrotik - I've never had such a good router before; its just I'm having these little issues.
    So you would recommend enabling stun? My current configuration is designed so that, either if either WAN goes down, the ports will be open on the other WAN. Would you personally use a short stun update time like 100secs or something like 3000 secs?
    You mention that the WANs could be causing the issues - I somewhat agree with that - but the question is, how to solve that issue? As you know, during the failover; the PBX is still registered to the old WAN IP; hence the main reason why incoming calls fail sometimes. Is there away to force the PBX to update/re-register the SIP connection on this event?

    On the connections tab, I take it the main thing I need to look out for is the doubling of the same connections via different WANs?

    Do you know of any that truly understands how to setup failovers correctly; that wouldn't mind help sort out the rules?

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Stun with short timing will aid in ensuring that 3CX supplies an accurate public IP.
    Turn on keep alives and try and keep your registration time as low as allowed by your SIP trunk provider. Some will block you if you re-register too often.

    Please take a look at this: http://wiki.mikrotik.com/wiki/ECMP_load_balancing_with_masquerade
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.