Third Party VoIP Over Xfinity
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes. These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues. She was fine, until she switched to XFinity. Of course, XFinity support is absolutely worthless. Anyone from XFinity Tier 3 or such that might be able to offer assistance? I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open. I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after. Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Well this is curious.... Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing On 9/10/24 3:25 PM, Norman Jester wrote:
Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after.
Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Saint Helena, CA near Napa Norman Jester
On Sep 10, 2024, at 12:52 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote: Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after. Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
So not even the same area then. We've now spent 2 hours on the phone and have gotten nowhere with support. Hoping someone here at XFinity can chime in and provide some offline assistance. On 9/10/24 3:59 PM, Norman Jester wrote:
Saint Helena, CA near Napa
Norman Jester
On Sep 10, 2024, at 12:52 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote: Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after. Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Are you aware of whether or not Xfinity is doing CGNAT for either of you? Googling, I get conflicting results, some saying they use CGNAT, some saying they don't. If they do, I wonder if their CGNAT routers have SIP ALG enabled or disabled. Unfortunately, these are the sorts of questions I suspect first level support can't help you with. On Tue, 10 Sep 2024, Matt Hoppes wrote:
So not even the same area then.
We've now spent 2 hours on the phone and have gotten nowhere with support.
Hoping someone here at XFinity can chime in and provide some offline assistance.
On 9/10/24 3:59 PM, Norman Jester wrote:
Saint Helena, CA near Napa
Norman Jester
On Sep 10, 2024, at 12:52 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote: Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after. Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Blue Stream Fiber, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
For me there does not *appear* to be CGNAT as I can ping the client IP and if we kill power to the modem the pings stop. On 9/10/24 4:27 PM, Jon Lewis wrote:
Are you aware of whether or not Xfinity is doing CGNAT for either of you? Googling, I get conflicting results, some saying they use CGNAT, some saying they don't. If they do, I wonder if their CGNAT routers have SIP ALG enabled or disabled. Unfortunately, these are the sorts of questions I suspect first level support can't help you with.
On Tue, 10 Sep 2024, Matt Hoppes wrote:
So not even the same area then.
We've now spent 2 hours on the phone and have gotten nowhere with support.
Hoping someone here at XFinity can chime in and provide some offline assistance.
On 9/10/24 3:59 PM, Norman Jester wrote:
Saint Helena, CA near Napa
Norman Jester
On Sep 10, 2024, at 12:52 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote: Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after. Norman Jester
> On Sep 10, 2024, at 12:18 PM, Matt Hoppes > <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Blue Stream Fiber, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On 2024-09-10 13:27, Jon Lewis wrote:
Are you aware of whether or not Xfinity is doing CGNAT for either of you? Googling, I get conflicting results, some saying they use CGNAT, some saying they don't. If they do,
I wonder if their CGNAT routers have SIP ALG enabled or
disabled. Unfortunately, these are the sorts of questions I suspect first level support can't help you with.
HA! I just ran into this; albeit Wave (Astound). While dealing with a (mis)configured router/modem situation. The support person said; What's the sip ALG setting? I wonder what that setting should be? I had to answer; It's primarily used for VIOP. It has no affect on our current problem. So yes. They probably have no idea.
On Tue, 10 Sep 2024, Matt Hoppes wrote:
So not even the same area then.
We've now spent 2 hours on the phone and have gotten nowhere with support.
Hoping someone here at XFinity can chime in and provide some offline assistance.
On 9/10/24 3:59 PM, Norman Jester wrote:
Saint Helena, CA near Napa
Norman Jester
On Sep 10, 2024, at 12:52 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote: Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after. Norman Jester
> On Sep 10, 2024, at 12:18 PM, Matt Hoppes > <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Blue Stream Fiber, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
I did the same…. No progress at all. Norman Jester
On Sep 10, 2024, at 1:00 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
So not even the same area then.
We've now spent 2 hours on the phone and have gotten nowhere with support.
Hoping someone here at XFinity can chime in and provide some offline assistance.
On 9/10/24 3:59 PM, Norman Jester wrote: Saint Helena, CA near Napa Norman Jester
On Sep 10, 2024, at 12:52 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote: Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after. Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
End user switched back to the old ISP. We couldn't have work stoppage any more for something as simple as SIP registration. On 9/10/24 5:57 PM, Norman Jester wrote:
I did the same…. No progress at all.
Norman Jester
On Sep 10, 2024, at 1:00 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
So not even the same area then.
We've now spent 2 hours on the phone and have gotten nowhere with support.
Hoping someone here at XFinity can chime in and provide some offline assistance.
On 9/10/24 3:59 PM, Norman Jester wrote: Saint Helena, CA near Napa Norman Jester
On Sep 10, 2024, at 12:52 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote: Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after. Norman Jester
> On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
What happens when you decrease your registration frequency? Do the phones stay registered? Have you tried TLS for the SIP transport by chance? I manage a few phones on comcast across the country and have no problems. On 9/10/2024 3:52 PM, Matt Hoppes wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote:
Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after.
Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Have not tried TLS... but yes I reduced the registration frequency to something absurd like 60 seconds and it still would timeout after about 3 minutes. On 9/10/24 4:36 PM, Mark Wiater wrote:
What happens when you decrease your registration frequency? Do the phones stay registered? Have you tried TLS for the SIP transport by chance?
I manage a few phones on comcast across the country and have no problems.
On 9/10/2024 3:52 PM, Matt Hoppes wrote:
Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote:
Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after.
Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Mine will not longer register at all. They registered maybe three times and then just stopped. Norman Jester
On Sep 10, 2024, at 1:43 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Have not tried TLS... but yes I reduced the registration frequency to something absurd like 60 seconds and it still would timeout after about 3 minutes.
On 9/10/24 4:36 PM, Mark Wiater wrote: What happens when you decrease your registration frequency? Do the phones stay registered? Have you tried TLS for the SIP transport by chance? I manage a few phones on comcast across the country and have no problems.
On 9/10/2024 3:52 PM, Matt Hoppes wrote: Well this is curious....
Same issue... they are breaking something with registration. What region are you in? We are in North Central PA so we're routing
On 9/10/24 3:25 PM, Norman Jester wrote:
Your message is timely for me. I literally have the exact same issue. I setup phones for my daughter’s home and she got Xfinity. Everything worked for a few minutes then I could not keep phones registered after.
Norman Jester
On Sep 10, 2024, at 12:18 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
On 9/10/24 1:36 PM, Mark Wiater wrote:
What happens when you decrease your registration frequency? Do the phones stay registered? Have you tried TLS for the SIP transport by chance?
I manage a few phones on comcast across the country and have no problems.
In this day and age TLS isn't the default if not only choice? Mike
At my previous MSP $dayjob, I ran into a few clients with Xfinity and Spectrum who both would mess with our VoIP solution UNLESS we enabled TLS SIP registration, we already used TCP on a non 5060 port by default to help with UDP timeouts and such. Now the RTP traffic could stay clear UDP, this was just the SIP part. ---------------------------------- Brandon Jackson bjackson@napshome.net On Tue, Sep 10, 2024 at 5:01 PM Michael Thomas <mike@mtcc.com> wrote:
On 9/10/24 1:36 PM, Mark Wiater wrote:
What happens when you decrease your registration frequency? Do the phones stay registered? Have you tried TLS for the SIP transport by chance?
I manage a few phones on comcast across the country and have no problems.
In this day and age TLS isn't the default if not only choice?
Mike
If you're using SRTP and passing keys in the SDP announcement, it would be rather pointless. I don't know how common it is to do the inline keying for SRTP which I understand is how VoLTE works, but seriously I can't imagine why anybody would not use SIPS: Nothing good came come of that. Mike On 9/10/24 2:06 PM, Brandon Jackson wrote:
At my previous MSP $dayjob, I ran into a few clients with Xfinity and Spectrum who both would mess with our VoIP solution UNLESS we enabled TLS SIP registration, we already used TCP on a non 5060 port by default to help with UDP timeouts and such.
Now the RTP traffic could stay clear UDP, this was just the SIP part.
---------------------------------- Brandon Jackson bjackson@napshome.net
On Tue, Sep 10, 2024 at 5:01 PM Michael Thomas <mike@mtcc.com> wrote:
On 9/10/24 1:36 PM, Mark Wiater wrote:
What happens when you decrease your registration frequency? Do the phones stay registered? Have you tried TLS for the SIP transport by chance?
I manage a few phones on comcast across the country and have no problems. In this day and age TLS isn't the default if not only choice?
Mike
Two things that seem to help whenever I'm dealing with bizarre Comcast issues....have her call in and: * Ask for "Security Edge" to be disabled if it's enabled (last time we did this Comcast told us they couldn't permanently disable it unless we paid a lot more per month for service and it would automatically enable every reboot, but another rep permanently disabled it for us) * Ask them to disable "Smart Packet Detection" if she's using a router that has that feature Those two features seem to mess with a lot of traffic--specifically DNS (re-routing any unencrypted DNS request to Comcast's own servers) and SIP. Of course enabling TLS for your SIP connections would probably help significantly--not just with connectivity, but security. -A On Tue, Sep 10, 2024 at 12:20 PM Matt Hoppes < mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
None of this should be a surprise to anyone. Remember that Comcast was one of the earliest isps to do DPI at large scale with Sandvine in the early days. Today's Comcast network has "smartedge" which is the latest flavor of deep packet interception and manipulation. Also remember isps are in the data aggregation business too. https://downloads.comcast.net/docs/Attachment_A_Current_Practices.pdf On Tue, Sep 10, 2024, 4:53 PM Aaron C. de Bruyn via NANOG <nanog@nanog.org> wrote:
Two things that seem to help whenever I'm dealing with bizarre Comcast issues....have her call in and: * Ask for "Security Edge" to be disabled if it's enabled (last time we did this Comcast told us they couldn't permanently disable it unless we paid a lot more per month for service and it would automatically enable every reboot, but another rep permanently disabled it for us) * Ask them to disable "Smart Packet Detection" if she's using a router that has that feature
Those two features seem to mess with a lot of traffic--specifically DNS (re-routing any unencrypted DNS request to Comcast's own servers) and SIP.
Of course enabling TLS for your SIP connections would probably help significantly--not just with connectivity, but security.
-A
On Tue, Sep 10, 2024 at 12:20 PM Matt Hoppes < mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
We've just moved to tunneling anything VoIP if on Comcast's network. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Matt Hoppes" <mattlists@rivervalleyinternet.net> To: nanog@nanog.org Sent: Tuesday, September 10, 2024 2:17:37 PM Subject: Third Party VoIP Over Xfinity I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes. These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues. She was fine, until she switched to XFinity. Of course, XFinity support is absolutely worthless. Anyone from XFinity Tier 3 or such that might be able to offer assistance? I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open. I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Same experience here, with Comcast, at least 15 years ago. What was striking was that the tunnel had to be encrypted; plain old GRE tunneling worked for everything else, but GRE-encapsulated VoIP packets never arrived at the other end of the tunnel. We ended up just backhauling all traffic from (and to) that office over an encrypted tunnel to our nearby datacenter. Go figure. This was Comcast business service, with a publicly routed (i.e., not RFC 1918) /27 allocated to it. Jim Shankland On 9/10/24 2:22 PM, Mike Hammett wrote:
We've just moved to tunneling anything VoIP if on Comcast's network.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------------------------------------------------ *From: *"Matt Hoppes" <mattlists@rivervalleyinternet.net> *To: *nanog@nanog.org *Sent: *Tuesday, September 10, 2024 2:17:37 PM *Subject: *Third Party VoIP Over Xfinity
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
How can such a large company have something so simple as SIP registration mangled up? On 9/10/24 5:22 PM, Mike Hammett wrote:
We've just moved to tunneling anything VoIP if on Comcast's network.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------------------------------------------------ *From: *"Matt Hoppes" <mattlists@rivervalleyinternet.net> *To: *nanog@nanog.org *Sent: *Tuesday, September 10, 2024 2:17:37 PM *Subject: *Third Party VoIP Over Xfinity
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
How can such a large company have something so simple as SIP registration mangled up?
Very little incentive to fix it. The number of customers that are able to switch providers when something like this doesn't work is a fractional percentage of overall customer churn. The MBAs say it's cheaper to ignore it, so that's how it goes. On Wed, Sep 11, 2024 at 10:38 AM Matt Hoppes < mattlists@rivervalleyinternet.net> wrote:
How can such a large company have something so simple as SIP registration mangled up?
On 9/10/24 5:22 PM, Mike Hammett wrote:
We've just moved to tunneling anything VoIP if on Comcast's network.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL><; https://plus.google.com/+IntelligentComputingSolutionsDeKalb><; https://www.linkedin.com/company/intelligent-computing-solutions><; https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix><; https://www.linkedin.com/company/midwest-internet-exchange><; https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp><; https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------------------------------------------------ *From: *"Matt Hoppes" <mattlists@rivervalleyinternet.net> *To: *nanog@nanog.org *Sent: *Tuesday, September 10, 2024 2:17:37 PM *Subject: *Third Party VoIP Over Xfinity
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Of course, Comcast sells its own VoIP services, which I'll bet work just fine; so they don't have a huge incentive to go out of their way to make their competitors' product work on their network. Jim Shankland On 9/11/24 2:19 PM, Tom Beecher wrote:
How can such a large company have something so simple as SIP registration mangled up?
Very little incentive to fix it. The number of customers that are able to switch providers when something like this doesn't work is a fractional percentage of overall customer churn.
The MBAs say it's cheaper to ignore it, so that's how it goes.
On Wed, Sep 11, 2024 at 10:38 AM Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
How can such a large company have something so simple as SIP registration mangled up?
On 9/10/24 5:22 PM, Mike Hammett wrote: > We've just moved to tunneling anything VoIP if on Comcast's network. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------------------------------------------------ > *From: *"Matt Hoppes" <mattlists@rivervalleyinternet.net> > *To: *nanog@nanog.org > *Sent: *Tuesday, September 10, 2024 2:17:37 PM > *Subject: *Third Party VoIP Over Xfinity > > I have an employee who has recently switched to Xfinity cable service. > Ever since they switched their internet service their work phones will > not stay registered for more than about 3 minutes. > > These same phones have been used on many ISPs without issues. The same > config has been used behind multiple levels of NAT without issues. > > She was fine, until she switched to XFinity. > > Of course, XFinity support is absolutely worthless. > > Anyone from XFinity Tier 3 or such that might be able to offer assistance? > > I suspect it's something stupid with either NAT overload in the modem or > the modem not keeping the SIP channels open. > > I've tried playing around with registration times without any success. > And again, we've never had issues with these phones or this setup with > any other ISP. > > >
Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router.
On Sep 10, 2024, at 2:17 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
I have not, but we've run these phones with SIP ALG devices before without issue. I'll have them check. On 9/10/24 9:17 PM, Tim Burke wrote:
Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router.
On Sep 10, 2024, at 2:17 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Does this apply only to customers using their proprietary gateway or customers on a CGNAT service with them? I have been a Comcast customer for years, with my own equipment, and have never had issues using Polycom SIP phones on RingCentral. This is getting a little concerning for me as we are planning to roll out SIP phones direct to users at home soon. Brandon Ambrose Network Administrator On Sep 11, 2024 at 6:15 PM -0400, Matt Hoppes <mattlists@rivervalleyinternet.net>, wrote:
I have not, but we've run these phones with SIP ALG devices before without issue. I'll have them check.
On 9/10/24 9:17 PM, Tim Burke wrote:
Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router.
On Sep 10, 2024, at 2:17 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
We run into it all the time when using the Comcast-provided "business class" equipment and a non-Comcast SIP provider. When we had a fiber hand-off from Comcast (about 3 years ago) and used a non-Comcast SIP provider we had no issues. -A On Wed, Sep 11, 2024 at 3:46 PM Brandon Ambrose <bpambrose97@gmail.com> wrote:
Does this apply only to customers using their proprietary gateway or customers on a CGNAT service with them?
I have been a Comcast customer for years, with my own equipment, and have never had issues using Polycom SIP phones on RingCentral.
This is getting a little concerning for me as we are planning to roll out SIP phones direct to users at home soon.
Brandon Ambrose Network Administrator On Sep 11, 2024 at 6:15 PM -0400, Matt Hoppes < mattlists@rivervalleyinternet.net>, wrote:
I have not, but we've run these phones with SIP ALG devices before without issue. I'll have them check.
On 9/10/24 9:17 PM, Tim Burke wrote:
Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router.
On Sep 10, 2024, at 2:17 PM, Matt Hoppes < mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
They do not do CGNAT, as far as I know. (Fixed wired broadband should never be behind CGNAT, but that’s a topic for another thread :-) ) Should only apply if you are using Comcast’s CPE for NAT. I had Comcast service some time ago, using their rental CPE in bridged mode, and had no issues with third party SIP. Sent from my iPhone
On Sep 11, 2024, at 17:44, Brandon Ambrose <bpambrose97@gmail.com> wrote:
Does this apply only to customers using their proprietary gateway or customers on a CGNAT service with them?
I have been a Comcast customer for years, with my own equipment, and have never had issues using Polycom SIP phones on RingCentral.
This is getting a little concerning for me as we are planning to roll out SIP phones direct to users at home soon.
Brandon Ambrose Network Administrator
On Sep 11, 2024 at 6:15 PM -0400, Matt Hoppes <mattlists@rivervalleyinternet.net>, wrote: I have not, but we've run these phones with SIP ALG devices before without issue. I'll have them check.
On 9/10/24 9:17 PM, Tim Burke wrote: Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router.
On Sep 10, 2024, at 2:17 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
My recent experience with Comcast Business is that it does not permit fixed-IPs with either bridged mode or customer modems. Also they have a 'feature' called SecurityEdge which is now on by default (didn't used to be). It blocks all sorts of things but currently it is possible to go to the account website and turn it back off. It's pretty evil for anyone that wants to, e.g., run a DNS server (evil = not possible due to a number of things including caching things it shouldn't etc.). I don't know about SIP as I have not attempted to run SIP over that particular connection, but I wonder if it might interfere. On 9/11/2024 16:06, Tim Burke wrote:
They do not do CGNAT, as far as I know. (Fixed wired broadband should never be behind CGNAT, but that’s a topic for another thread :-) )
Should only apply if you are using Comcast’s CPE for NAT. I had Comcast service some time ago, using their rental CPE in bridged mode, and had no issues with third party SIP.
Sent from my iPhone
On Sep 11, 2024, at 17:44, Brandon Ambrose<bpambrose97@gmail.com> wrote:
Does this apply only to customers using their proprietary gateway or customers on a CGNAT service with them?
I have been a Comcast customer for years, with my own equipment, and have never had issues using Polycom SIP phones on RingCentral.
This is getting a little concerning for me as we are planning to roll out SIP phones direct to users at home soon.
Brandon Ambrose Network Administrator
On Sep 11, 2024 at 6:15 PM -0400, Matt Hoppes<mattlists@rivervalleyinternet.net>, wrote: I have not, but we've run these phones with SIP ALG devices before without issue. I'll have them check.
On 9/10/24 9:17 PM, Tim Burke wrote: Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router.
On Sep 10, 2024, at 2:17 PM, Matt Hoppes<mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Just push these end users to use softphones. There are very few use cases where a hard phone is necessary. [cid:21269279-6110-4616-9613-75a9c81f099c] Robert DeVita CEO and Founder t: (469) 581-2160<tel:(469)%20581-2160> | m: (469) 441-8864<tel:(469)%20441-8864> e: radevita@mejeticks.com<mailto:radevita@mejeticks.com> | w: mejeticks.com<https://www.mejeticks.com/> a: 2323 N Akard Street , Dallas , 75201 [LinkedIn]<https://www.linkedin.com/company/mejeticks/> [Twitter]<https://twitter.com/mejeticks> [Facebook]<https://www.facebook.com/mejeticks> [cid:454fadba-30cb-410f-84b6-e956685869c3]<https://linktr.ee/mejeticks> [cid:389d0240-b611-4377-96f5-2054322dfcfd]<https://www.mejeticks.com/articles> ________________________________ From: NANOG <nanog-bounces+radevita=mejeticks.com@nanog.org> on behalf of Al Whaley <awnanog@sunnyside.com> Sent: Wednesday, September 11, 2024 6:50 PM To: nanog@nanog.org <nanog@nanog.org> Subject: Re: Third Party VoIP Over Xfinity You don't often get email from awnanog@sunnyside.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> My recent experience with Comcast Business is that it does not permit fixed-IPs with either bridged mode or customer modems. Also they have a 'feature' called SecurityEdge which is now on by default (didn't used to be). It blocks all sorts of things but currently it is possible to go to the account website and turn it back off. It's pretty evil for anyone that wants to, e.g., run a DNS server (evil = not possible due to a number of things including caching things it shouldn't etc.). I don't know about SIP as I have not attempted to run SIP over that particular connection, but I wonder if it might interfere. On 9/11/2024 16:06, Tim Burke wrote: They do not do CGNAT, as far as I know. (Fixed wired broadband should never be behind CGNAT, but that’s a topic for another thread :-) ) Should only apply if you are using Comcast’s CPE for NAT. I had Comcast service some time ago, using their rental CPE in bridged mode, and had no issues with third party SIP. Sent from my iPhone On Sep 11, 2024, at 17:44, Brandon Ambrose <bpambrose97@gmail.com><mailto:bpambrose97@gmail.com> wrote: Does this apply only to customers using their proprietary gateway or customers on a CGNAT service with them? I have been a Comcast customer for years, with my own equipment, and have never had issues using Polycom SIP phones on RingCentral. This is getting a little concerning for me as we are planning to roll out SIP phones direct to users at home soon. Brandon Ambrose Network Administrator On Sep 11, 2024 at 6:15 PM -0400, Matt Hoppes <mattlists@rivervalleyinternet.net><mailto:mattlists@rivervalleyinternet.net>, wrote: I have not, but we've run these phones with SIP ALG devices before without issue. I'll have them check. On 9/10/24 9:17 PM, Tim Burke wrote: Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router. On Sep 10, 2024, at 2:17 PM, Matt Hoppes <mattlists@rivervalleyinternet.net><mailto:mattlists@rivervalleyinternet.net> wrote: I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes. These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues. She was fine, until she switched to XFinity. Of course, XFinity support is absolutely worthless. Anyone from XFinity Tier 3 or such that might be able to offer assistance? I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open. I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
Hell, we still convert people with 1980s Meridian phone systems. Those are not candidates to do anything but move to an IP handset. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Robert DeVita" <radevita@mejeticks.com> To: "Al Whaley" <awnanog@sunnyside.com>, nanog@nanog.org Sent: Thursday, September 12, 2024 10:44:08 AM Subject: Re: Third Party VoIP Over Xfinity Just push these end users to use softphones. There are very few use cases where a hard phone is necessary. Robert DeVita CEO and Founder t: (469) 581-2160 | m: (469) 441-8864 e: radevita@mejeticks.com | w: mejeticks.com a: 2323 N Akard Street , Dallas , 75201 LinkedIn Twitter Facebook From: NANOG <nanog-bounces+radevita=mejeticks.com@nanog.org> on behalf of Al Whaley <awnanog@sunnyside.com> Sent: Wednesday, September 11, 2024 6:50 PM To: nanog@nanog.org <nanog@nanog.org> Subject: Re: Third Party VoIP Over Xfinity You don't often get email from awnanog@sunnyside.com. Learn why this is important My recent experience with Comcast Business is that it does not permit fixed-IPs with either bridged mode or customer modems. Also they have a 'feature' called SecurityEdge which is now on by default (didn't used to be). It blocks all sorts of things but currently it is possible to go to the account website and turn it back off. It's pretty evil for anyone that wants to, e.g., run a DNS server (evil = not possible due to a number of things including caching things it shouldn't etc.). I don't know about SIP as I have not attempted to run SIP over that particular connection, but I wonder if it might interfere. On 9/11/2024 16:06, Tim Burke wrote: They do not do CGNAT, as far as I know. (Fixed wired broadband should never be behind CGNAT, but that’s a topic for another thread :-) ) Should only apply if you are using Comcast’s CPE for NAT. I had Comcast service some time ago, using their rental CPE in bridged mode, and had no issues with third party SIP. Sent from my iPhone <blockquote> On Sep 11, 2024, at 17:44, Brandon Ambrose <bpambrose97@gmail.com> wrote: Does this apply only to customers using their proprietary gateway or customers on a CGNAT service with them? I have been a Comcast customer for years, with my own equipment, and have never had issues using Polycom SIP phones on RingCentral. This is getting a little concerning for me as we are planning to roll out SIP phones direct to users at home soon. Brandon Ambrose Network Administrator <blockquote> On Sep 11, 2024 at 6:15 PM -0400, Matt Hoppes <mattlists@rivervalleyinternet.net> , wrote: I have not, but we've run these phones with SIP ALG devices before without issue. I'll have them check. <blockquote> On 9/10/24 9:17 PM, Tim Burke wrote: Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router. <blockquote> On Sep 10, 2024, at 2:17 PM, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote: I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes. These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues. She was fine, until she switched to XFinity. Of course, XFinity support is absolutely worthless. Anyone from XFinity Tier 3 or such that might be able to offer assistance? I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open. I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP. </blockquote> </blockquote> </blockquote> </blockquote>
What about a single mom who is working from home and so needs a wireless phone to keep with her while she's moving around the house taking care of the kids or doing some house hold activities during the day? How would you implement that into a soft phone? That aside though.... how would a softphone be any different for registration from a hardware phone? It's not a device issue, it's a protocol issue. On 9/12/24 11:44 AM, Robert DeVita wrote:
Just push these end users to use softphones. There are very few use cases where a hard phone is necessary.
Robert DeVita CEO and Founder
t: (469) 581-2160 <tel:(469)%20581-2160> | m: (469) 441-8864 <tel:(469)%20441-8864>
e: radevita@mejeticks.com <mailto:radevita@mejeticks.com> | w: mejeticks.com <https://www.mejeticks.com/>
a: 2323 N Akard Street , Dallas , 75201
LinkedIn <https://www.linkedin.com/company/mejeticks/>
Twitter <https://twitter.com/mejeticks>
Facebook <https://www.facebook.com/mejeticks>
<https://www.mejeticks.com/articles>
------------------------------------------------------------------------ *From:* NANOG <nanog-bounces+radevita=mejeticks.com@nanog.org> on behalf of Al Whaley <awnanog@sunnyside.com> *Sent:* Wednesday, September 11, 2024 6:50 PM *To:* nanog@nanog.org <nanog@nanog.org> *Subject:* Re: Third Party VoIP Over Xfinity
You don't often get email from awnanog@sunnyside.com. Learn why this is important <https://aka.ms/LearnAboutSenderIdentification>
My recent experience with Comcast Business is that it does not permit fixed-IPs with either bridged mode or customer modems.
Also they have a 'feature' called SecurityEdge which is now on by default (didn't used to be). It blocks all sorts of things but currently it is possible to go to the account website and turn it back off. It's pretty evil for anyone that wants to, e.g., run a DNS server (evil = not possible due to a number of things including caching things it shouldn't etc.). I don't know about SIP as I have not attempted to run SIP over that particular connection, but I wonder if it might interfere.
On 9/11/2024 16:06, Tim Burke wrote:
They do not do CGNAT, as far as I know. (Fixed wired broadband should never be behind CGNAT, but that’s a topic for another thread :-) )
Should only apply if you are using Comcast’s CPE for NAT. I had Comcast service some time ago, using their rental CPE in bridged mode, and had no issues with third party SIP.
Sent from my iPhone
On Sep 11, 2024, at 17:44, Brandon Ambrose<bpambrose97@gmail.com> <mailto:bpambrose97@gmail.com> wrote:
Does this apply only to customers using their proprietary gateway or customers on a CGNAT service with them?
I have been a Comcast customer for years, with my own equipment, and have never had issues using Polycom SIP phones on RingCentral.
This is getting a little concerning for me as we are planning to roll out SIP phones direct to users at home soon.
Brandon Ambrose Network Administrator
On Sep 11, 2024 at 6:15 PM -0400, Matt Hoppes<mattlists@rivervalleyinternet.net> <mailto:mattlists@rivervalleyinternet.net>, wrote: I have not, but we've run these phones with SIP ALG devices before without issue. I'll have them check.
On 9/10/24 9:17 PM, Tim Burke wrote: Have you tried placing the CPE in “bridged" mode? It’s been a while since I’ve done anything with Comcast CPE, but I remember their CPE doing SIP ALG when acting as a router.
On Sep 10, 2024, at 2:17 PM, Matt Hoppes<mattlists@rivervalleyinternet.net> <mailto:mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
What kinds of third party SIP are you all having so much issue with? I manage a lot of accounts using the big, hosted providers and plenty of the endpoints sit behind Xfinity/Comcast boxes without issue. The dropping registrations just sound like timer and firewall configurations. By rule, I try to always go bridged mode with Comcast provided boxes, but even when not I can't recall having an issue like this except via the normal things like ALG being enabled or some type of security inspections causing trouble. And TLS is the way 100% On Tue, Sep 10, 2024 at 12:19 PM Matt Hoppes < mattlists@rivervalleyinternet.net> wrote:
I have an employee who has recently switched to Xfinity cable service. Ever since they switched their internet service their work phones will not stay registered for more than about 3 minutes.
These same phones have been used on many ISPs without issues. The same config has been used behind multiple levels of NAT without issues.
She was fine, until she switched to XFinity.
Of course, XFinity support is absolutely worthless.
Anyone from XFinity Tier 3 or such that might be able to offer assistance?
I suspect it's something stupid with either NAT overload in the modem or the modem not keeping the SIP channels open.
I've tried playing around with registration times without any success. And again, we've never had issues with these phones or this setup with any other ISP.
On 9/12/24 9:08 AM, Brandon Svec via NANOG wrote:
What kinds of third party SIP are you all having so much issue with? I manage a lot of accounts using the big, hosted providers and plenty of the endpoints sit behind Xfinity/Comcast boxes without issue.
The dropping registrations just sound like timer and firewall configurations. By rule, I try to always go bridged mode with Comcast provided boxes, but even when not I can't recall having an issue like this except via the normal things like ALG being enabled or some type of security inspections causing trouble. And TLS is the way 100%
Is it possible it's being run over UDP? Is UDP even practical with SIP these days given bloat? Mike
Yes. We run lots of SIP UDP over many networks without issue. I feel like bloat is exactly an application for using UDP? With TCP won't that cause more bloat/delay? That being said, we generally see about 3-6 ms between end points and our PBX systems, so I'm not really worried about delay or bloat... just the XFinity firewall trashing active sessions. On 9/12/24 12:15 PM, Michael Thomas wrote:
On 9/12/24 9:08 AM, Brandon Svec via NANOG wrote:
What kinds of third party SIP are you all having so much issue with? I manage a lot of accounts using the big, hosted providers and plenty of the endpoints sit behind Xfinity/Comcast boxes without issue.
The dropping registrations just sound like timer and firewall configurations. By rule, I try to always go bridged mode with Comcast provided boxes, but even when not I can't recall having an issue like this except via the normal things like ALG being enabled or some type of security inspections causing trouble. And TLS is the way 100%
Is it possible it's being run over UDP? Is UDP even practical with SIP these days given bloat?
Mike
On 9/13/24 7:19 AM, Matt Hoppes wrote:
Yes. We run lots of SIP UDP over many networks without issue. I feel like bloat is exactly an application for using UDP?
With TCP won't that cause more bloat/delay? That being said, we generally see about 3-6 ms between end points and our PBX systems, so I'm not really worried about delay or bloat... just the XFinity firewall trashing active sessions.
I'm was just wondering if UDP is still viable for SIP these days. I'm talking about the bloat of accreted features in SIP blowing out MTU on a message basis. In any case, running it over UDP sounds suspiciously like it could be tickling firewall timeouts. SIP is so low volume that it hardly matters for the client side and even for the server side it's not like TCP is a big deal. You really should be running TLS in any case. Who knows how well DTLS is support on proxies, or whether it's supported at all. Mike
On 9/13/24 11:20, Michael Thomas wrote:
On 9/13/24 7:19 AM, Matt Hoppes wrote:
Yes. We run lots of SIP UDP over many networks without issue. I feel like bloat is exactly an application for using UDP?
With TCP won't that cause more bloat/delay? That being said, we generally see about 3-6 ms between end points and our PBX systems, so I'm not really worried about delay or bloat... just the XFinity firewall trashing active sessions.
I'm was just wondering if UDP is still viable for SIP these days. I'm talking about the bloat of accreted features in SIP blowing out MTU on a message basis. In any case, running it over UDP sounds suspiciously like it could be tickling firewall timeouts. SIP is so low volume that it hardly matters for the client side and even for the server side it's not like TCP is a big deal. You really should be running TLS in any case. Who knows how well DTLS is support on proxies, or whether it's supported at all.
My understanding is that some of the "really big boys" still prefer to run SIP over UDP because it allows them to somewhat seamlessly handle signaling endpoint failover without a ton of TCP connection state tracking by delegating it to the routing layer. I don't think most of those folks (aside from maybe the 1st-party bundled consumer network operators who obviously won't break their own product) are handling a ton of registrations, though, and are instead just passing around INVITEs between largely statically- (or otherwise pre-) configured places. If your SIP messages blow up the MTU, it should resort to IP-layer fragmentation. Of course we all know how well this works in practice. Do any IPv4 routers actually fragment in-path, anymore? For consumer endpoints, I do think SIP over TLS over TCP is the way to go. Nothing's going to unintentionally break that. If it does break, it's probably just outright blocked, and even then you can probably just run it over port 443 and have it work outside of TLS MITM environments like larger enterprises. Obviously the media is still UDP and subject to meddling. -- Brandon Martin
On 9/14/24 9:04 AM, Brandon Martin wrote:
On 9/13/24 11:20, Michael Thomas wrote:
On 9/13/24 7:19 AM, Matt Hoppes wrote:
Yes. We run lots of SIP UDP over many networks without issue. I feel like bloat is exactly an application for using UDP?
With TCP won't that cause more bloat/delay? That being said, we generally see about 3-6 ms between end points and our PBX systems, so I'm not really worried about delay or bloat... just the XFinity firewall trashing active sessions.
I'm was just wondering if UDP is still viable for SIP these days. I'm talking about the bloat of accreted features in SIP blowing out MTU on a message basis. In any case, running it over UDP sounds suspiciously like it could be tickling firewall timeouts. SIP is so low volume that it hardly matters for the client side and even for the server side it's not like TCP is a big deal. You really should be running TLS in any case. Who knows how well DTLS is support on proxies, or whether it's supported at all.
My understanding is that some of the "really big boys" still prefer to run SIP over UDP because it allows them to somewhat seamlessly handle signaling endpoint failover without a ton of TCP connection state tracking by delegating it to the routing layer. I don't think most of those folks (aside from maybe the 1st-party bundled consumer network operators who obviously won't break their own product) are handling a ton of registrations, though, and are instead just passing around INVITEs between largely statically- (or otherwise pre-) configured places.
If your SIP messages blow up the MTU, it should resort to IP-layer fragmentation. Of course we all know how well this works in practice. Do any IPv4 routers actually fragment in-path, anymore?
For consumer endpoints, I do think SIP over TLS over TCP is the way to go. Nothing's going to unintentionally break that. If it does break, it's probably just outright blocked, and even then you can probably just run it over port 443 and have it work outside of TLS MITM environments like larger enterprises.
Obviously the media is still UDP and subject to meddling.
My understanding is that RTP in VoLTE uses DTLS for SRTP. I only know this second hand and not from an operator, so feel free to correct me. But it would all be rather pointless if the signaling traffic was unencrypted and more importantly unauthenticated -- if they're using DTLS I can't imagine that they are actually using real certs for identity for the endpoints, and are just using it to do key exchange. My google-fu has been pretty bad trying to figure out how this is implemented though. If they aren't authenticating end to end for SRTP, it seems like it would make for a trivial MITM attack against the signaling layer, especially given UDP. I wonder if QUIC would change people's attitudes about this. Honestly I'd rather have the security over the few extra milliseconds of signaling latency. By failover are you talking about a proxy going down or something? Isn't that something well understood in HTTP-land? I wonder if SIP over HTTP is a thing yet :) Mike
participants (20)
-
Aaron C. de Bruyn -
Al Whaley -
Brandon Ambrose -
Brandon Jackson -
Brandon Martin -
Brandon Svec -
Chris -
chris -
Jay Hennigan -
Jim Shankland -
Jon Lewis -
Mark Wiater -
Matt Hoppes -
Michael Thomas -
Mike Hammett -
Norman Jester -
Robert DeVita -
sronan@ronan-online.com -
Tim Burke -
Tom Beecher