H.323 video blackouts - RB450G v5.4

bgraham · June 9, 2011, 7:45pm

I have 2 buildings connected together via fiber. Each building has it’s own subnet so I used a new Mikrotik RB450G (ROS v5.4) to connect them. The router is used solely to provide connectivity for video conferencing. We are using the Polycom PVX client and are experiencing intermittent video blackouts (usually 3-5 seconds at a time) and occasional call disconnects. If I bypass the router and plug the local workstation directly into the remote network switch we have no issues. If I plug the local workstation directly into the 450G the issue still occurs.

To configure the 450G I did a reset-configuration, set the admin password, then ran the following commands:

/interface ethernet
set 0 disabled=yes
set 1 name=2-8THJD disabled=no
set 2 name=3-JCKS disabled=no
set 3 disabled=yes
set 4 disabled=yes

/ip address
add address=192.168.1.195/24 disabled=no interface=2-8THJD network=192.168.1.0
add address=10.0.0.189/24 disabled=no interface=3-JCKS network=10.0.0.0

/ip firewall address-list
add address=10.0.0.22 list=JCKS
add address=10.0.0.33 list=JCKS
add address=192.168.1.221 list=8THJD
add address=192.168.1.222 list=8THJD
add address=192.168.1.223 list=8THJD

/ip firewall filter
add action=accept chain=forward disabled=no dst-address-list=JCKS src-address-list=8THJD
add action=accept chain=forward disabled=no dst-address-list=8THJD src-address-list=JCKS
add action=drop chain=forward disabled=no

I didn’t touch any other settings. The purpose of the firewall access-lists and filters is to prevent unauthorized workstations from accessing the remote network. The Polycom PVX client uses TCP 1720 for H.323 and TCP/UDP 3230-3237 for media (video/audio). Torch shows UDP 3232 being used the heaviest during calls.

Any ideas why I’m experiencing these issues? Is there something else I need to configure on the Mikrotik to resolve this issue?

Brent

PS - I originally tried to use an old RB532 (ROS v3.30) but experienced the same symptoms so I replaced it with the 450G, thinking it was a router speed issue. I plan to leave the 450G in place which is why I based the question around it.

bgraham · June 13, 2011, 2:18pm

For further testing, I’ve plugged the PCs directly into the 450G (eliminating all switches, fiber, etc) and the issue still remains. However, if I plug the PCs into the same switch (bypassing the router) and put them on the same subnet, the issue goes away, again indicating it has to be something in the 450G causing the delay.

Any ideas? I really need to get this working ASAP.

vlad8 · June 14, 2011, 9:46am

try to disable firewall rules and repeat the test

bgraham · June 20, 2011, 1:10pm

I ended up replacing the router with an old D-Link DI-604 (with equivalent firewall rules) and have had zero issues. I would have liked to get the Mikrotik working but I just ran out of time and had to get a solution.

mangust · June 20, 2011, 1:35pm

/ip firewall service-port
try to disable h323
Or try to disable connection tracking (in case if you do not going to use src/dst NAT)

bgraham · June 20, 2011, 3:53pm

I disabled the firewall rules, all service ports, and connection tracking on the RB532 and it didn’t make any difference. I can’t try them on the 450G now because I’ve already returned it.

I would prefer to have a Mikrotik vs the D-Link because of the management and torch capabilities. If we can get the RB532 working that’d be awesome. Otherwise I’ll leave the D-Link there.