Has a SIP ALG Ever worked for anyone ever? I was using a SIP trunk that uses re-invites for calling and T.38 - Inbound was working fine because the Asterisk was not re-inviting, but on outbound calls we were getting 1-Way Audio because their Broadsoft was immediately re-inviting the audio stream and after MANY Wireshark captures we finally found that there was a SIP ALG on the Comcast Router.
The SIP ALG on the Cisco DPC3939 can not be turned off by the User and Comcast WILL NOT TURN IT OFF - EVEN THOUGH THEY CAN! Why they are putting these in businesses when it clearly says Residential Gateway is beyond me. Here is the page for it:
So I went and got my own Modem/Router and was able to turn off the SIP ALG and like magic, all the problems went away. If you have this problem with any other customer, and they have Comcast, this is probably the problem.
You know out here in New Mexico, Comcast is actually the premier choice for High-Speed Internet. If you live in a State with better choices, feel lucky!
Very interesting post!!! Were in South Florida are struggling with a Comcast client that has some poor quality and other “anomalies” that we haven’t been able to nail down. First we have packet loss with an SMC modem so we had them replace it with a Netgear. Then they told us that the Netgear has known VoIP issues… we were surprised they told us since were the VoIP carrier and not them. They replaced it with a Cisco DPC3939 but we can still hear some artifacts and clipping in the quality. We have turned off all the wireless items and tweaked the few items we can. Would love to use our own modem but we currently have a block of 5 statics and they said we can’t use our own modem.
Were frustrated and may have to change to UVerse just for the voice
FYI… Even Intermedia recognizes the ALG issue:
Two things I thought of after posting, and then reading OPTN’s post:
The problem revealed with a carrier that uses re-invites - inbound Voice worked fine but Inbound FAX failed because the Asterisk was immediately trying to do a T.38 re-invite. In this case BluIP which supports T.38 failed on any Re-Invite, but Vitelity, which does not use any re-inviting worked fine in any scenario - inbound and outbound Voice and FAX.
This problem only came up for us on this modem when we were NOT using any Static IP’s - we have a couple of customers with these modems that are working fine, but one of them has a single Static and the other one has 5 - for both of them, everything is working fine so I think that when it is routing a static subnet (even a single address) the SIP ALG does not kick in.
that is exactly the reason we always get a static ip with Comcast and put our own router/firewall behind it.
We actually always do the same… a static IP is mandatory and frankly its never been an issue since these are business setups and then we have just a few “certified” routers we use on our voice circuits behind the modems. I still really wish we could use our own modem since I would never use this Cisco DPC3939.
This particular site has a Ubiquity Edge router behind it with QOS functioning, has a 10/50 Comcast service with very light data usage, currently no packet loss, modem signals look good yet we still have call quality that just isn’t as good as it should be and we hear the difference.
interesting - most of the new Comcast installs here in CA use a rebadged netgear cable modem.
and yes if you don’t use static ip’s the Comcast modem is sip aware. the only option to get around this if your itsp supports it is to move off of port 5060 as the control port. try 5090 or 5080 instead but remember that your itsp also allow you to change the port on their end as wells. most of the new internet devices being installed by carriers are sip aware as they are all getting into the hosted phone service business. we have had success in using alternate ports as a way to bypass the carrier stuff.
as to fax, the easiest fix is to use something like the audiocodes 202 together with a fax service. there are a number of providers offering a fax service that pairs with these devices. the device i think uses https to transmit fax and works amazingly well. there is nothing to configure in the box or on your local network. we have been using the Vitelity VFax service which when paired with the audiocodes boxes just simply works. these are truly an install and forget device. you can chose to have inbound faxes go to email or to the fax machine or both. the audiocodes box plugs into the lan and requires no special firewall configuration. it also allows the customer to continue to use their fax machine as they always have - throw in the paper, enter the destination phone number and hit send. i just re-read your post and see that you are also using vitelity - look at what they call their vfax enable device.
We ran some call tests at this site yesterday and sure enough we still have some “clipping” so were going to run some additional tests and see if we can determine where the fault may be. My partner says that he has seen 2x before where a Comcast service simply wouldn’t work for VoIP and they had to abandon there service and switch to AT&T
Clipping sounds like a circuit stability issue to me - My carrier has a very nice tool, open to the public here:
It will give you a very nice estimation of your circuit, although it only tests against their POP’s in Chicago and LA - Still, it’s worth looking at. Needs Java.
Here is the list of what Comcast modems are compatible at what speeds and service types:
Make sure you pick the actual speed you are trying to achieve - the first Modem/Router I bought (SBG6850) is in the lowest tier of Comcast business so I was getting 30Mbit, but they were paying for 75Mbit and when you move the slider up, the modem drops off - thanks Comcast. It’s funny too because that modem will go all the way to the top of the residential offerings - wankers!
Since we have been converting most of our IT customers to Cloud-Based E-Mail and Collaboration solutions for years, Static IP’s are not nearly as important as they used to - and remember with a Modem, and decent router that supports Dynamic DNS, you can be found for any type of remote access - even better, make an alias record in your actual domain refer to the dynamic address you use and you don’t even have to make your people remember weird Dynamic DNS host names.
Greg thanks for the info… that is certainly a very cool set of tools… I had actually looked into the Visualware suite but $2500.00/yr is currently out of my price range… We’re actually trying to develop a method of testing an existing or prospective clients connectivity directly to the data center we have our servers in. That way it would be the most realistic analysis for the services we provide. We trying to couple that with a robust but cost effective quality monitoring system but its taking us a lot of time to find the pieces and test them.
While you can run your speed tests and such for basic testing, It’s not easy because testing doesn’t provide a realistic snapshot of the clients environment. You can have everything clean for pockets of time and then the rest of the day, it’s not good.
I like the simple tests, take a test phone, drop it on your PBX and allow the client to test it for a couple of days. Tell them use this phone for all your outbound calls and lets see how it works.