UDP SIP INVITEs fragmenting through EoIP

Kaeltis · January 22, 2019, 10:28pm

Hi,

we have the following setup:

Yealink phones set to 1500 MTU at the local office, connecting to remote 3CX phone system via UDP over EoIP + IPsec tunnel
Hardware MikroTik router at the local office, default of 1500 MTU on all physical interfaces running an EoIP + IPsec tunnel with 1500 MTU
Virtual MikroTik router in a remote OpenStack VXLAN environemnt, 1450 MTU on all virtual interfaces (VXLAN limitation), running the other side of the EoIP + IPsec tunnel with 1500 MTU as well
3CX phone system in OpenStack VXLAN environment, connected to CHR, 1450 MTU on interface as well

The problem is, when using UDP for the connection from the phones to the phone system, the SIP INVITEs fragment so badly, they basically don’t work anymore.
With TCP for the connection everything works without any issues.

Some fragmentation should be normal when going from 1500 to 1450 MTU, but why is it completely breaking any calls? Am I doing the MTU change at wrong place or are my values messed up?
Is there any way of fixing this without decreasing the MTU of the phones? (would require manually changing the provision file) I tried it with one and setting the MTU to 1300 fixed the issues with the calls. My knowledge of all things networking related is pretty basic, so maybe I’m just missing something obvious.

Edit: Is there a way to see where the fragmentation occurs? No matter where I capture the packets (directly on the phone, local mikrotik, remote mikrotik), they always show as fragmented.

jkyawesome · January 23, 2019, 12:30am

Try using Bridge Control Protocol. Full video from USA MUM Steve Discher.

You will Love IT!

pcunite · January 23, 2019, 4:00am

Using BCP to Create Layer 2 Networks Over the Internet by Steve Discher. The video and pdf.

Kaeltis · January 23, 2019, 11:22am

Thanks, I changed the tunnel from EoIP to BCP, however the problem still exists.

What I don’t understand: no matter where I capture the packets (directly on the phone, on the local router or the remote router) they always show as fragmented - does this mean the packets are already fragmenting ON the phone?

msatter · January 23, 2019, 11:59am

Is connection tracking enabled? There is in mangle also a option to accept fragmentend (following) packages.

Matches fragmented packets. First (starting) fragment does not count. If connection tracking is enabled there will be no fragments as system automatically assembles every packet

Kaeltis · January 23, 2019, 3:11pm

It’s on auto and it’s showing connections, so it should be on according to the docs.

Kaeltis · January 23, 2019, 7:34pm

I found the Issue - the INVITEs some yealink phones create are always larger than their set MTU, for example with MTU set to 1500, my invites are 1652 bytes, since it sends all the enabled audio/video codecs there, making the packets way too big. With the additional limit of 1450 MTU in the OpenStack environment, this fragments them so badly, they basically become useless.

Thanks everyone for the help!

Redmor · January 23, 2019, 8:13pm

Stay with default MTU (1458 for EoIP 1438 if running PPPoE through it) or use VPLS tunnels, with them you can set MTU to 1500 or higher.

pcunite · January 23, 2019, 8:17pm

Nice, thanks for the follow up.