Icmp-type=8 icmp-code=0 icmp-id=521 timeout=49m38s orig-packets=4 The reason is because the new ICMP packets adds a new NAT entry (via the second ISP) but the SIP NAT still uses the NAT via the first ISP (the router NATs the package using the IP of the ether1 although it sends the package via ether2). We will notice that ICMP ping works, but the SIP message doesn't returns. Now, in the client, we will ping (ICMP) the SIP server and send a SIP message to the SIP server again. The new scenario is showed in the image below: To reproduce the problem, let's change the active default route to the second ISP:Ĭode: Select all > /ip route print where dst-address=0.0.0.0/0įlags: X - disabled, A - active, D - dynamic,Ĭ - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,ī - blackhole, U - unreachable, P - prohibitġ S 0.0.0.0/0 10.10.2.1 > /ip route set > /ip route print where dst-address=0.0.0.0/0 Repl-bytes=927 repl-fasttrack-packets=0 repl-fasttrack-bytes=0
Orig-fasttrack-packets=0 orig-fasttrack-bytes=0 repl-packets=3 Timeout=58m21s orig-packets=3 orig-bytes=1 347 Repl-fasttrack-bytes=0 orig-rate=0bps > /ip firewall connection print detail where connection-type=sipĠ SAC s protocol=udp src-address=192.168.0.100:5060 Repl-packets=3 repl-bytes=252 repl-fasttrack-packets=0 Orig-bytes=336 orig-fasttrack-packets=0 orig-fasttrack-bytes=0 Icmp-type=8 icmp-code=0 icmp-id=521 timeout=58m16s orig-packets=4 The implementation of the router node is:Ĭode: Select all > /ip firewall connection print detail where protocol=icmpįlags: E - expected, S - seen-reply, A - assured, C - confirmed, D - dying,Ġ S C s protocol=icmp src-address=192.168.0.100 dst-address=199.87.121.233 Our router ( router) is connected to both ISPs and also to the sip-client node (an Ubuntu 14.04 docker node that simulates a SIP client). They connect to the Internet via GNS3 NAT nodes (if you doesn't know how GNS3 works, just consider that the isp1 and isp2 nodes just behave as real ISPs routers). The isp1 and isp2 nodes simulate the two different ISPs. The screenshot of my GNS3 setup is above:
So, I'm showing this simplified setup here. However, I run a much more simple setup using GNS3. I have a production setup somebit complicated. Network setup and detailed how to reproduce: Check the NAT table and run a sniffer in the router and you will see that the router is routing the package via the second ISP but it's still applying the old NAT rule (for the first ISP) instead of the correct NAT rule. Try to re-register the SIP client in the SIP server and you will see that no SIP message returns and the re-register fails Change the distance of the default routes so the second ISP will be the active route (smaller distance) Set up a SIP client (in the internal network) to register in an external SIP server and do the register Create proper default routes (static routes) for each ISP (the first ISP with the smaller distance) Plug a router to two different ISPs (each one giving you a different real IP) and to an internal network Note: We have tested some real Mikrotiks (mibspe) and run some simulations in GNS3 with routerosx86 Mikrotik virtual machines (chr). If we clean the NAT table or even reboot the router, everything is gonna be ok again.Ħ.38(mibspe),6.38.5(chr),6.39.3(mibspe),6.41(chr) Because of this, the SIP register messages cannot reach the SIP server and the SIP connection drops. When changing the default route from one ISP provider to the another one (manually, or because the ISP link goes down), the Mikrotik applies the wrong NAT rule. In our setup we have two ISP providers, a SIP client with a private IP, and we're using NATs (a different NAT for each ISP provider) with SIG ALG translation, aka SIP nat helper. SIP client cannot re-register in the SIP server after switching ISP (different NAT).
0 kommentar(er)
