I've installed a EgeRouter Pro this weekend at our office. We have a pretty simple setup, the main thing the router has to do is loadbalance/fail over our two WAN connections as we extensively use RDP and webtools to do our work. Furthermore we use VOIP for our calls using 3 Gigaset basestations.
As you can see in the config below I have done the following things:
- Created a group so that all the traffic to our RDP servers and VOIP (labelled as VOYS our VOIP povider) goes through eth0 (our fiber connection) unless its down then it fails over to our eth1 WAN connection
- I disabled the SIP helper (as per this forum and our VOIP provider).
- And thats about it.
Now I get complaints that this morning only serveral calls where dropped in the middle of a conversation. And I don't really know how to troubleshoot it on the EdgeMax router. I see low utilsation on bandwith, CPU and mem and have no idea why the connection drops.
Do you guys/girls have any idea or tips to troubleshoot this issue.
firewall {
all-ping enable
broadcast-ping disable
group {
network-group PRIVATE_NETS {
network 192.168.0.0/16
network 172.16.0.0/12
network 10.0.0.0/8
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 10 {
action modify
description "do NOT load balance lan to lan"
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth0
}
}
modify {
table main
}
}
rule 30 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth1
}
}
modify {
table main
}
}
rule 40 {
action modify
destination {
address 85.17.*.*/28
}
modify {
lb-group RDP
}
protocol all
}
rule 41 {
description Voys
destination {
address 195.35.114.0/23
}
modify {
lb-group RDP
}
protocol all
}
rule 100 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 84.53.*.*/30
description "WAN 1"
}
ethernet eth1 {
address 92.*.*.*/30
description "WAN 2"
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
address 192.168.1.1/24
description DGW
duplex auto
firewall {
in {
modify balance
}
}
speed auto
}
ethernet eth3 {
address dhcp
duplex auto
speed auto
}
ethernet eth4 {
duplex auto
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
ethernet eth6 {
duplex auto
speed auto
}
ethernet eth7 {
duplex auto
speed auto
}
loopback lo {
}
}
load-balance {
group G {
interface eth0 {
route-test {
type {
ping {
target 84.53.*.*
}
}
}
}
interface eth1 {
route-test {
type {
ping {
target 92.111.*.*
}
}
}
}
sticky {
dest-addr enable
dest-port enable
source-addr enable
}
}
group RDP {
interface eth0 {
route-test {
count {
failure 2
success 5
}
type {
ping {
target 85.17.*.*
}
}
}
}
interface eth1 {
failover-only
route-test {
count {
failure 2
success 5
}
type {
ping {
target 85.17.*.*
}
}
}
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 84.53.*.*{
}
next-hop 92.111.*.*{
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth2
listen-on br0
}
}
gui {
https-port 443
}
nat {
rule 5000 {
description "masquerade for WAN"
outbound-interface eth0
type masquerade
}
rule 5002 {
description "masquerade for WAN 2"
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
ubnt-discover {
disable
}
}
system {
config-management {
commit-revisions 150
}
conntrack {
expect-table-size 4096
hash-size 4096
modules {
h323 {
disable
}
sip {
disable
}
}
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
domain-name XX
host-name rt01
login {
user admin {
authentication {
encrypted-password ****************
}
level admin
}
}
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Amsterdam
traffic-analysis {
dpi enable
export enable
}
}