The Planet still being used / blocked UDP traffic

[Russell]

These connections are related to keepalive and failover systems.

While we're not using The Planet for any core equipment now, it is still used in failover situations. If the traffic is blocked and anything on your account is routed to them in a failover or load scenario, your calls could fail. We highly recommend not blocking any VOIPo traffic since it could cause service issues or failure. You should see a connection from each SIP server that your traffic could come from every 20 seconds.

In terms of the keep alives, it is a little more aggressive than some since we had the Grandstream issue and wanted to be sure that our system had nothing to do with their constant connection losses. So it may be tweaked some later, but currently it's working extremely well.

We've found that even slowing it some so there's only a connection every minute causes a bunch of routers out there to close their NAT bindings and stop allowing traffic to come through.

Sure, that shouldn't be the case, but many new routers on the market want to micromanage all traffic as they see fit.

If we start decreasing it, we would need to structure it so that it could be increased to this level on a per-user basis and determine the appropriate number for some hyper-sensitive routers. Alot of providers simply rely on the devices to initiate the keepalives. Given the Grandstream situation, we could not rely on the devices to do anything at all.

So this will likely be redesigned in the future, but is a pretty sensitive area since we've seen a small decrease in the rate of it cause a surge in support tickets almost instantly in the past since a lot of routers begin blocking traffic or not accepting any incoming connections from a server besides the one the user is registered to causing some calls to fail.

Forwarding ports just make sure all this traffic is simply redirected directly to the ATA. Again it may not be needed for some users, but those with new routers that like to filter anything and everything run into issues without forwarding ports. Ultimately at least 95% of service issues with audio, dead air, or calls not completing that come through our helpdesk are resolved with port forwarding. That's the main reason it's one of our first recommendations.

What happens is that if a connection comes in on an audio port, sometimes the router won't accept it if it doesn't know exactly what it is.

Sounds crazy, but if everyone used a 2 year old router, all of this would be a non-issue.

I appreciate your response, Tim. Quite honestly, I feel for you guys having to provide a service where just one of the variables (the router) can behave so differently!

1) From a consumer perspective, I was quite surprised by the blast of packets from 4 different IP addresses every few seconds. Since I'd never examined the traffic with any of my previous providers I can't comment on whether this is typical or not. I'm curious as to exactly what this adds to bandwidth consumption? I realize each "probe" by itself is probably small, but cannot help but wonder what it adds up to cumulatively. Whether I port forward or not, I'm still going to have this traffic.

2) Port forwarding: as I mentioned, I like the ability to have multiple ATA's behind my router. If I port forward, wouldn't this kill the ability of my other ATA's to handle calls? In a case like this will DMZing be a better option? Or, ideally, would a device that acted like a router and ATA (like the 2102?) be the solution? Were the Grandstream's (that I keep hearing mentioned) similar devices (ATA + router)?

[Xponder1]

I appreciate your response, Tim. Quite honestly, I feel for you guys having to provide a service where just one of the variables (the router) can behave so differently!

1) From a consumer perspective, I was quite surprised by the blast of packets from 4 different IP addresses every few seconds. Since I'd never examined the traffic with any of my previous providers I can't comment on whether this is typical or not. I'm curious as to exactly what this adds to bandwidth consumption? I realize each "probe" by itself is probably small, but cannot help but wonder what it adds up to cumulatively. Whether I port forward or not, I'm still going to have this traffic.

2) Port forwarding: as I mentioned, I like the ability to have multiple ATA's behind my router. If I port forward, wouldn't this kill the ability of my other ATA's to handle calls? In a case like this will DMZing be a better option? Or, ideally, would a device that acted like a router and ATA (like the 2102?) be the solution? Were the Grandstream's (that I keep hearing mentioned) similar devices (ATA + router)?

It's not that much traffic. It just looks like it.

[burris]

I appreciate your response, Tim. Quite honestly, I feel for you guys having to provide a service where just one of the variables (the router) can behave so differently!

1) From a consumer perspective, I was quite surprised by the blast of packets from 4 different IP addresses every few seconds. Since I'd never examined the traffic with any of my previous providers I can't comment on whether this is typical or not. I'm curious as to exactly what this adds to bandwidth consumption? I realize each "probe" by itself is probably small, but cannot help but wonder what it adds up to cumulatively. Whether I port forward or not, I'm still going to have this traffic.

2) Port forwarding: as I mentioned, I like the ability to have multiple ATA's behind my router. If I port forward, wouldn't this kill the ability of my other ATA's to handle calls? In a case like this will DMZing be a better option? Or, ideally, would a device that acted like a router and ATA (like the 2102?) be the solution? Were the Grandstream's (that I keep hearing mentioned) similar devices (ATA + router)?

For the longest time I have 2 PAP2Ts behind my router--no DMZ--No Port Forwarding--not the first problem. My router, of course, provides PPPoE for my DSL--router firewall disabled.

[Russell]

For the longest time I have 2 PAP2Ts behind my router--no DMZ--No Port Forwarding--not the first problem. My router, of course, provides PPPoE for my DSL--router firewall disabled.

Burris, I'm not sure I understand what you mean by "not the first problem". Do you mean that you don't have issue #1 in my message that you quoted? I believe PPPoE provides the credentials your DSL modem needs to let a device PC or router connect to it, so I'm not sure it's germane. My gut feeling is if you disable your router's firewall you're opening yourself up to being hacked - I believe, besides allowing multiple devices access the internet, providing that firewall is another advantage of using the router - I'm no expert. Others more knowledgeable may have a comment you disabling your router firewall.

Anyway, based on Tim's response it appears it's normal for us to be sent those messages (also, see my other response).

[burris]

Burris, I'm not sure I understand what you mean by "not the first problem". Do you mean that you don't have issue #1 in my message that you quoted? I believe PPPoE provides the credentials your DSL modem needs to let a device PC or router connect to it, so I'm not sure it's germane. My gut feeling is if you disable your router's firewall you're opening yourself up to being hacked - I believe, besides allowing multiple devices access the internet, providing that firewall is another advantage of using the router - I'm no expert. Others more knowledgeable may have a comment you disabling your router firewall.

Anyway, based on Tim's response it appears it's normal for us to be sent those messages (also, see my other response).

I believe that the router firewall causes problems. My third party firewall along with the NAT I believe takes good care of me. At the same time, my anti-virus scans real time.
I think that port forwarding and DMZ and keeping the ATA in front of the router is far more risky for intrusion.

Mind you, I'm no expert,but from my reading and real time experiences, I feel comfortable that my set up is ok and most important, it works.

[Xponder1]

I believe that the router firewall causes problems. My third party firewall along with the NAT I believe takes good care of me. At the same time, my anti-virus scans real time.
I think that port forwarding and DMZ and keeping the ATA in front of the router is far more risky for intrusion.

Mind you, I'm no expert,but from my reading and real time experiences, I feel comfortable that my set up is ok and most important, it works.

DD-WRT is the only way to go

[chpalmer]

DD-WRT is the only way to go

Naw- pfSense

[Russell]

I believe that the router firewall causes problems. My third party firewall along with the NAT I believe takes good care of me. At the same time, my anti-virus scans real time.
I think that port forwarding and DMZ and keeping the ATA in front of the router is far more risky for intrusion.

Mind you, I'm no expert,but from my reading and real time experiences, I feel comfortable that my set up is ok and most important, it works.

I think we're on the same page here. I think of the NAT function as providing the firewall since by its nature devices on the private side are hidden from the public Internet by the router and (at a naive level) only responses to solicited requests are allowed through the NAT device back to the requester.

I do agree that the measures you have in place are very reasonable. I have similar measures in place with one exception. I've put another router between my first router and my main computer.

I also agree with you about port forwarding, putting a device in the DMZ and keeping the ATA in front of the router as all those are equivalent to exposing the device on the Internet.