The Planet still being used / blocked UDP traffic

[sr98user]

Russell,

Since Voipo does not use SRV records anymore, I don't think the ATA is initiating the traffic to these SIP servers. I wonder why the other SIP servers are sending packets to your router unless they think that you are registered with that server.

You might want to shutdown your router and ATA (and probably your softphone too) for 5-10 minutes until the connections clear in the "Devices" page and then see if you are getting the packets from all the SIP servers.

[Russell]

Russell,

Since Voipo does not use SRV records anymore, I don't think the ATA is initiating the traffic to these SIP servers. I wonder why the other SIP servers are sending packets to your router unless they think that you are registered with that server.

You might want to shutdown your router and ATA (and probably your softphone too) for 5-10 minutes until the connections clear in the "Devices" page and then see if you are getting the packets from all the SIP servers.

I thought based on what Tim says it was for failover and keep-alive purposes for non-cooperative routers. This means (unless I'm special) we're all being sent these packets (no registered softphone running). Since my phone service appear to work and I'm rejecting the packets I suspect I wont be very "failover" tolerant and I must have a cooperative router. I'd be most interested in anything Brandon may have to say.

[sr98user]

I thought based on what Tim says it was for failover and keep-alive purposes for non-cooperative routers. This means (unless I'm special) we're all being sent these packets (no registered softphone running). Since my phone service appear to work and I'm rejecting the packets I suspect I wont be very "failover" tolerant and I must have a cooperative router. I'd be most interested in anything Brandon may have to say.

I think Tim was talking about the keep alive packets being sent often. Of course, he can correct me if I am wrong.

But I don't think multiple SIP servers trying to talk to your adapter at the same time is normal. I don't see that kind of a behavior on my setup.

[Russell]

I think Tim was talking about the keep alive packets being sent often. Of course, he can correct me if I am wrong.

But I don't think multiple SIP servers trying to talk to your adapter at the same time is normal. I don't see that kind of a behavior on my setup.

I would tend to agree. Approx 10 requests a minute is 10 * 60 * 24 * 30 request a month. Wonder how many bytes each request is. Anyone know? It'll be interesting to hear Brandon's take on this.

[VOIPoJustin]

The keep alive requests are very small, ~1.5 bytes/request.

At 10 requests a minute, you're looking at:

1.5 bytes * 10 * 60 minutes * 24 hours = 21600 bytes (21.094 kilobytes) sent in a day, or approximately .61 megabytes per month.

[Russell]

The keep alive requests are very small, ~1.5 bytes/request.

At 10 requests a minute, you're looking at:

1.5 bytes * 10 * 60 minutes * 24 hours = 21600 bytes (21.094 kilobytes) sent in a day, or approximately .61 megabytes per month.

While the actually request is small, do remember it gets packetized at multiple layers due to the nature of the model. UDP is lightweight (as Brandon also points out) - UDP over IP4 is 20 bytes + the data (the ~1.5 bytes you mention). Then all this becomes data to the next lower level, etc. So the actual impact is at least an order or two of magnitude more.

[VOIPoBrandon]

I would tend to agree. Approx 10 requests a minute is 10 * 60 * 24 * 30 request a month. Wonder how many bytes each request is. Anyone know? It'll be interesting to hear Brandon's take on this.

As Justin stated quite accurately, the requests are very small and not intensive nor intrusive, as the traffic is UDP which in itself is a very lightweight protocol, unfortunately these push requests that we send are required to keep the nat pinhole open between your network and ours, otherwise as soon as your router closes its connection, calls will "fail over".
________
O530 citaro

[Russell]

As Justin stated quite accurately, the requests are very small and not intensive nor intrusive, as the traffic is UDP which in itself is a very lightweight protocol, unfortunately these push requests that we send are required to keep the nat pinhole open between your network and ours, otherwise as soon as your router closes its connection, calls will "fail over".

I did what sr98user suggested: shut down my ATA and restarted early this morning. I still am getting traffic from 4 distinct IP addresses - as you can see about 10 per minute. I just want to be sure that what I'm experiencing is normal behavior for a single VOIPo supplied ATA.

2009/05/18 21:05:07 : Blocked access attempt : UDP from 67.23.11.26:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:12 : Blocked access attempt : UDP from 174.132.131.131:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:12 : Blocked access attempt : UDP from 74.52.58.50:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:13 : Blocked access attempt : UDP from 174.132.131.131:5060 to MY.IP.ADDR:5061
2009/05/18 21:05:13 : Blocked access attempt : UDP from 74.52.58.50:5060 to MY.IP.ADDR:5061
2009/05/18 21:05:35 : Blocked access attempt : UDP from 67.228.251.106:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:53 : Blocked access attempt : UDP from 67.23.11.26:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:56 : Blocked access attempt : UDP from 211.99.122.18:1070 to MY.IP.ADDR:1434
2009/05/18 21:05:57 : Blocked access attempt : UDP from 74.52.58.50:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:57 : Blocked access attempt : UDP from 174.132.131.131:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:58 : Blocked access attempt : UDP from 74.52.58.50:5060 to MY.IP.ADDR:5061
2009/05/18 21:05:58 : Blocked access attempt : UDP from 174.132.131.131:5060 to MY.IP.ADDR:5061

Brandon, I do hear what you're saying. Just that in my particular case, as you can see, the traffic is being blocked by my router and yet all appears to work fine - I presume the router is doing it's normal function and rejecting unsolicited traffic.

My expectation is similar to that mentioned by Burris - I'd like to place my ATA behind my router and not DMZ or forward ports. If that's a reasonable expectation then isn't your typical NAT router going to reject unsolicited traffic? I understand the need to keep the pin-hole open ... presumably the pin-hole will be open for the one IP address the ATA is pinging on a regular basis and I presume it's not pinging 4 different IP addresses.

Please understand I'm not trying to be argumentative. I'm, for the most part, happy with the service. Just curious about all this blocked traffic. I'm also curious if this is standard for other providers or something peculiar to VOIPo.

[NY Tel Guy]

F Y I Using this tool:

http://robtex.com/dns

It shows:

174.132.131.131 = The Planet
74.52.58.50 = The Planet
67.228.251.106= Voipo.net
67.23.11.26 = Slicehost.net
211.99.122.18 = nomorefunn.moensted.dk ??

Perhaps these are not all Voipo initiated?

[Xponder1]

I did what sr98user suggested: shut down my ATA and restarted early this morning. I still am getting traffic from 4 distinct IP addresses - as you can see about 10 per minute. I just want to be sure that what I'm experiencing is normal behavior for a single VOIPo supplied ATA.

2009/05/18 21:05:07 : Blocked access attempt : UDP from 67.23.11.26:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:12 : Blocked access attempt : UDP from 174.132.131.131:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:12 : Blocked access attempt : UDP from 74.52.58.50:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:13 : Blocked access attempt : UDP from 174.132.131.131:5060 to MY.IP.ADDR:5061
2009/05/18 21:05:13 : Blocked access attempt : UDP from 74.52.58.50:5060 to MY.IP.ADDR:5061
2009/05/18 21:05:35 : Blocked access attempt : UDP from 67.228.251.106:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:53 : Blocked access attempt : UDP from 67.23.11.26:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:56 : Blocked access attempt : UDP from 211.99.122.18:1070 to MY.IP.ADDR:1434
2009/05/18 21:05:57 : Blocked access attempt : UDP from 74.52.58.50:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:57 : Blocked access attempt : UDP from 174.132.131.131:5060 to MY.IP.ADDR:5060
2009/05/18 21:05:58 : Blocked access attempt : UDP from 74.52.58.50:5060 to MY.IP.ADDR:5061
2009/05/18 21:05:58 : Blocked access attempt : UDP from 174.132.131.131:5060 to MY.IP.ADDR:5061

Brandon, I do hear what you're saying. Just that in my particular case, as you can see, the traffic is being blocked by my router and yet all appears to work fine - I presume the router is doing it's normal function and rejecting unsolicited traffic.

My expectation is similar to that mentioned by Burris - I'd like to place my ATA behind my router and not DMZ or forward ports. If that's a reasonable expectation then isn't your typical NAT router going to reject unsolicited traffic? I understand the need to keep the pin-hole open ... presumably the pin-hole will be open for the one IP address the ATA is pinging on a regular basis and I presume it's not pinging 4 different IP addresses.

Please understand I'm not trying to be argumentative. I'm, for the most part, happy with the service. Just curious about all this blocked traffic. I'm also curious if this is standard for other providers or something peculiar to VOIPo.

The problem your having is your router (or its firmware anyway). If it is blocking any of your VOIP related traffic you need to forward ports. It's not like someone would benefit from hacking your ATA and nothing is behind the ATA to be affected anyway.

To answer your question the answer is NO its not normal but it is your router that is causing the issue not the ATA or the service itself. VOIPo can not help you with this issue. Just because your not noticing a problem at this time does not mean that your router blocking their traffic is not causing some kind of problem.

I have a Linksys WRT54GS V6 running DD-WRT and run a SYSLOG to monitor it and my router does not block any traffic to or from the ATA at all. If it did the first thing I would do would be to either forward the ports (or you can DMZ the ATA) regardless of if I noticed a issue. It just makes since.