Ports to be blocked for Signaling Link Backup

[smileyman]

Hello OXE-Gurus,

which ports must be blocked to activate a signaling link backup?
Our data-backup-connection should not used for signaling. Instead a singnaling link backup should be established. Which ports must blocked at the router?

Baseport (32000 + 255) (yes it's the old baseport) an 32614 are not enough.

Thank your for your response.

smileyman

[freedom]

I'm not sure this is possible.
In normal operation you need the ports to work, so the system is able to use the ip-network for signaling.

In case the network isn't available, you want the backup signaling to do its job.
BUT if there is a data-backup mechanism, the network will be available (according to the pbx) and backup signaling will not work.

If you should block the ports needed, the pbx will not be able to check if the network is available at all.
It will start using the backup signaling, even if the network is up and running....

Why is the pbx not allowed to use your data backup link?
The signaling will only use about 9k6.
The voice itself (80-100K for one uncompressed call) can be routed using the public network.

[smileyman]

Hi freedom,

thankyou for the answer.

Our data center can't prioritise over the backup link. So the response time over data-backup-link is very bad - at most locations too bad to hold the OXE on the run.
But they can config the backup router to block some ports. In backup case the Gateway shouldn't see the Callserver and vice versa.
If the main line is back, the ports are automatical open throgh the main router.

At the moment the OXE is configured to open the signaling link at lost a of the main line. The voice routed than over the public network. I had testet it with disable the switchport. - Its ok.
But at a real failure it dosn't work.

smileyman

[frank]

Why don't you make the backup link the primary one then ..?

[smileyman]

Hi frank,
sorry, i don't understand.

The primary connection is a leased line (2 Mbit or so). - There is voip an signaling besided the normal data traffic ok.
But if the leased line is broken a dial-up Router connect via ISDN-data line (costs per minute) temporarely. - There is voip and signaling to much. The 128k a very slow The backup router is configured to block some traffic per IP-ports. (so 32000 - 32255 and 32640) - A voip and signaling traffic is than blocked. But the GD is not booting into rescue mode because probably the Keep-alive-Packets are not droped. But which IP-Port should we block too to drop the Keep-alive-Packets?

Thankyou
smileyman

[patmul39]

Try these ports:
32512+128/udp

[smileyman]

Hi patmul39,

thankyou for your response. - But this are the new baseports. The OXE is running on the old baseports (<R5.1): 32000 - 32255.

But i have tested it. - It's not working

smileyman

EDIT: I have looked into the OXE-Portlist: Probably it is the 'Autodiagnostic'-entry. The Connection-Lost will be detected via ICMP.
I will test it next week.

smileyman

[smileyman]

Now the problem is solved.
It was not the ICMP-Protokoll. It was the Port TFTP-Port.
Now i have blocked 32000 - 32255 + 69. - Then the MG can rescued probably.

smileyman

[krzysioD]

Why is the pbx not allowed to use your data backup link?
The signaling will only use about 9k6.
The voice itself (80-100K for one uncompressed call) can be routed using the public network.

But, in case of IP-Network failure there is no way to say to OXE: use only 9600 bps for signalling and do a private over public + use ars only on trunks that reside on this particular MG.
OXE is not a router, so it does not know about anything else on IP networking that default gateway.
When i've faced similar problem, i've got two solutions for bigger sites use PCS per MG, for smaller ones use router that (in case of network failure) could insert a rule to block any other network (CS, MG, INTIPs etc..) BUT not local IP for local 40x8 phones.
Config of DHCP for ALU ip-phones in backup mode is VERY hard thing to do it the right way.