Community discussions

MikroTik App
 
User avatar
Hominidae
Member
Member
Topic Author
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

?? How to renew SIP registration / connection from PBX after WAN failover ??

Sat Sep 11, 2021 1:16 pm

Hi Folks,

I do have a DUAL-WAN setup, with failover working fine for "normal" clients, wanting to reach out to the internet.
However, I added some additional "Phone lines" via an external SIP-Provider.
For this purpose, I deployed a small, embedded hybrid PBX (one landline + VOIP/SIP connections).

Now, when there is a failover of my WAN, the PBX will not follow, meaning it will not (re-)register with the external, cloud based SIP-Provider.
My understanding is, that this is a flaw in the way SIP is designed so basically, this "works as designed" or better a well known challenge.

This is how my setup looks like:
Image

My question is, if there are any ways to "solve" that problem?!?!

I noticed, that my PBX, when I do a restart, it will - of course - re-register fine via the active WAN, no matter which WAN is the default at that time.
Also, when I toggle its ethernet port on my RB4011 it will refresh its DHCP lease with the DHCP-Server (the PBX is a non-PoE unit, but still) and also perform a re-registration!

So, any hints on a script that can toggle (10secs downtime / flap) that ethernet port the PBX is connected to, when a WAN failover occurs? Or is there a smarter solution?
Note: WAN-Failover is very simple atm, as the default route to WAN1 is dynamic (via DHCP) and the one for WAN2 is static, with a higher distance...so no scripting foo involved, yet.

Edit: did some more tests and noticed, that when WAN1 comes back, the PBX will not re-register, but stays on the connection via WAN2 and then fails after some time.
I think one has to delete all existing connections in the RB4011 for that unit between toggling the eth10-port or even better, hand out a new IP to the PBX (i.e move it into a seperate VLAN).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: ?? How to renew SIP registration / connection from PBX after WAN failover ??

Sat Sep 11, 2021 3:23 pm

Each time the WAN change, you must delete all expired connection tracking:
/ip fire conn
:foreach idc in=[find where timeout>60] do={
 remove [find where .id=$idc]
}
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: ?? How to renew SIP registration / connection from PBX after WAN failover ??

Sat Sep 11, 2021 3:46 pm

So, any hints on a script that can toggle (10secs downtime / flap) that ethernet port the PBX is connected to, when a WAN failover occurs? Or is there a smarter solution?
There is no standardized way to tell an ordinary SIP UA "please re-register now", so your one (disable the Ethernet port so that L1 went down and then re-enable it) is the only way. And, of course, the SIP UA must be connected to that Ethernet port directly.

The command itself is /interface ethernet disable etherX ; :delay 10s ; /interface ethernet enable etherX

Note: WAN-Failover is very simple atm, as the default route to WAN1 is dynamic (via DHCP) and the one for WAN2 is static, with a higher distance...so no scripting foo involved, yet.
The last time I've seen everything to work inside the ISP network but no connection to the internet was a few hours ago. So it is really useful not to check just that the uplink interface is up but to ping some "immortal" addresses in the internet via the primary uplink. Better more than one IP because I've even heard about some regional issues with Google DNS recently. See this topic for details. But as this method is scripting-free, it doesn't provide any hook points for triggering the ethernet port toggling, so you need e.g. /tool netwatch to monitor the "immortal" addresses as well - with a pair of dedicated routes per each immortal address, one with lower distance value via WAN1 and a blackhole one with higher distance, to prevent the netwatch probes from using WAN2. If monitoring multiple immortal addresses, the down-script of each netwatch would have to both publish its own state and check the state of the other one(s) in some global variables, so maybe a scheduled custom script is a better tool than the netwatch.

did some more tests and noticed, that when WAN1 comes back, the PBX will not re-register, but stays on the connection via WAN2 and then fails after some time.
That's normal as nothing bad happens to WAN2 when WAN1 comes back to life, so the connections that established via WAN2 stay active; however, unless you use policy routing with connection marking to make these connections keep routing via WAN2 although the WAN1 path is available, they fail because they send packets with WAN2 address via WAN1, which typically leads to these packets being dropped somewhere.

I think one has to delete all existing connections in the RB4011 for that unit between toggling the eth10-port or even better, hand out a new IP to the PBX (i.e move it into a seperate VLAN).
If you want the connections to start using WAN1 again, you indeed have to forcifully remove those that run via WAN2. But you may want to do that selectively, like /ip firewall connection remove [find where dst-address~"ip.of.the.sip.exchange" reply-dst-address~"ip.of.wan2"]
If using the netwatch, you'd put this into up-script.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ?? How to renew SIP registration / connection from PBX after WAN failover ??

Sat Sep 11, 2021 3:56 pm

Something funky also happens on my VOIP obihai modem when the WANs change or go down and come back up.
The old address is stuck in the system and take awhile to reset and sometimes I have to manually unplug the modem from power to reset it.

So Im not sure if the issue is RESETTABLE on the Mikrotik, if the issue is on the MODEM or VOIP device ??

What does this actually do......... (is this even available in winbox)
/ip fire conn
:foreach idc in=[find where timeout>60] do={
remove [find where .id=$idc]
}

State in a sentence as though the router was talking.
I am .................
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: ?? How to renew SIP registration / connection from PBX after WAN failover ??

Sat Sep 11, 2021 5:04 pm

This close all tracked connection to previous WAN on connection-tracking,
because often SIP use only UDP and until the connection is tracked to old WAN IP, do not work.

This is wrong:
/ip firewall connection remove [find]


This is correct because prevent errors for tracking already closed during run the "remove [find]".
/ip firewall connection
:foreach idc in=[find where timeout>60] do={
    remove [find where .id=$idc]
}

For do the same on winbox, select all on firewall / connection and press "remove" or "delete" on keyboard.
 
User avatar
Hominidae
Member
Member
Topic Author
Posts: 309
Joined: Thu Oct 19, 2017 12:50 am

Re: ?? How to renew SIP registration / connection from PBX after WAN failover ??

Sat Sep 11, 2021 9:22 pm

Each time the WAN change, you must delete all expired connection tracking:
OK, this will remove all tracked connections, that are still listed, won*t it?
As both WANs are normally up and swapping the default route occurs very fast, there is the risk that some connections are already established on the other WAN, before that script fires
Is there a way to be more selective, to the connections related to the WAN that went down or is there no need to?


There is no standardized way to tell an ordinary SIP UA "please re-register now", so your one (disable the Ethernet port so that L1 went down and then re-enable it) is the only way. And, of course, the SIP UA must be connected to that Ethernet port directly.

The command itself is /interface ethernet disable etherX ; :delay 10s ; /interface ethernet enable etherX

Ahh, looks simple enough....thanks for confirming my thoughts on the way to go.

The last time I've seen everything to work inside the ISP network but no connection to the internet was a few hours ago. So it is really useful not to check just that the uplink interface is up but to ping some "immortal" addresses in the internet via the primary uplink. Better more than one IP [...]
OK, thanks..I'll add that to the list
That's normal as nothing bad happens to WAN2 when WAN1 comes back to life, so the connections that established via WAN2 stay active; however, unless you use policy routing with connection marking to make these connections keep routing via WAN2 although the WAN1 path is available, they fail because they send packets with WAN2 address via WAN1, which typically leads to these packets being dropped somewhere.

[...]

If you want the connections to start using WAN1 again, you indeed have to forcifully remove those that run via WAN2. But you may want to do that selectively, like /ip firewall connection remove [find where dst-address~"ip.of.the.sip.exchange" reply-dst-address~"ip.of.wan2"]
If using the netwatch, you'd put this into up-script.

OK, thanks everyone for your responses. Very helpful indeed!

I am still thinking if not only making the eth-port at the PBX flap once but rather move the port into another VLAN (disable, change PVID, re-enable), forcing the PBX to claim a totally different IP, would be even better and more robust?

Who is online

Users browsing this forum: ItchyAnkle, JDF, RobertsN and 71 guests