dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10711
share rss forum feed

whisper1

join:2007-11-28
Schomberg, ON

SIP BWM for Zywall USG 20W V3.00

Hi,

In the new manual (for V3.00 of firmware) on page 104 it states that there should be a tick box to enable highest priority for SIP traffic but I don't see it at the user interface.

Should be: Configuration > BWM > Enable Highest Bandwidth Priority for SIP Traffic

Can anyone confirm whether this is a error in the user manual or a bug.

Thanks,
W.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

I see it there on USG 200.

Clear your browser's cache and cookies, restart the browser and re-open the page. See if that helps.


whisper1

join:2007-11-28
Schomberg, ON

No change in IE9. I also tried Chrome and no change.

The other issue I have is the inability to delete some of the BWM entries from the list. After the upgrade I noticed that a load of BWM entries had been created automatically. I was able to delete 2/3rds of them but the entries with a custom address entry in the source field would not allow deletion. Attempting to delete generates the following error: 'Invalid address object' -93007 CLI Number 0

W.


whisper1

join:2007-11-28
Schomberg, ON

I was able to resolve the 'Invalid address object' problem by reverting back to the old firmware and removing all BWM entries then upgrade again.

I still don't see the 'Enable Highest Bandwidth Priority for SIP Traffic' tick box after re upgrading.

W.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

Nothing like this?




Chances are that ZyXEL didn't implement this on USG20 and didn't update the manual.

If you really want to be sure, do this.
1) Backup your current config
2) Reset the unit to defaults and check
If it does appear reconfigure from scratch (don't load the old config). If it doesn't appear then it's not there. Load your old config.


Otto58

join:2001-02-26
Germany

4 edits

Yes, nothing at USG20.

whisper1

join:2007-11-28
Schomberg, ON

Yes, its probably not available for the USG20 series by the looks of it. I shot off an email to support regarding the 'Invalid address object' error and asked about the SIP option at the same time. I'll repost once I get an answer.

Thanks,
W.



Otto58

join:2001-02-26
Germany

'Invalid address object' -> try to clear the browsers cache.

IE 9 - during the cleaning the first option must be unchecked!
Chrome ?
Try Firefox!



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to whisper1

That checkbox is on the USG100 as well.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to whisper1

Ok, the GUI checkbox is missing, check if the CLI is implemented.

enable

app highest sip bandwidth priority
 

disable
no app highest sip bandwidth priority
 

check
show bwm highest sip bandwidth priority
 

whisper1

join:2007-11-28
Schomberg, ON

I'm seeing a parse error 'command not found' after trying to run any of those statements in the console.

Does the "Application Patrol" service need to be registered to gain access to these functions? Perhaps that is the issue.
I noticed this from the user guide: "Note: You must register for the IDP/AppPatrol signature service (at least the trial) before you can use it."



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

Did you do "configure terminal" first?


whisper1

join:2007-11-28
Schomberg, ON

yes, I came to command line: Router (Config)#
and then ran the statements.

It doesn't appear I have the 'IDP Signature' option, but I could be on the wrong track here.

show service-register status all

Service Status Type Count Expiration
===============================================================================
Anti-Spam Not Licensed None N/A 0
CF Commtouch Not Licensed None N/A 0
CF Bluecoat Expired Trial N/A 0
SSL VPN Not Licensed None 1 N/A

whisper1

join:2007-11-28
Schomberg, ON

Just following on with the idea I had that to run any of the 'app' commands we would need application patrol registered on the Zywall.

I note on the following web site it says that application patrol is only available for versions USG 50 and above.

Note : Application Patrol is available in USG 50 and above
»www.itechcare.com.my/sme_USG2050.php

ON Zyxels site under the USG20W page it talks about it having Application Patrol in the third paragraph.
»us.zyxel.com/Products/Details.as···D45BB7EA

"ZyWALL’s Application Patrol gives you detailed control over the applications allowed to run on your network, while the built-in 150Mbps throughput firewall and web-content filtering protect your network from DoS attacks, phishing, and other threats."



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

OK, then that's the answer why this is not available on USG 20.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

whisper1 See Profile and Otto58 See Profile can you please confirm that firmware 3.0 brought L2TP VPN to USG20W and USG20? ...thank you.



Otto58

join:2001-02-26
Germany

Click for full size
Means this yes?


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

Yes, thanks!


whisper1

join:2007-11-28
Schomberg, ON

1 recommendation

reply to whisper1

Brano, thanks for you help on this topic.

Just spoke with support and they confirmed that it was a mistake on the web page to state that app patrol was part of the Zywall USG 20W. He said app patrol (and hence the BWM SIP option) was only availabe in the 50 and above due to CPU capacity, which is the conclusion we came to.
He also assisted me in configuring the BWM to enable the traffic from my VOIP device priority over all other traffic and it seems to work much better now.

thanks again W.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Whisper can you post your config settings to this thread please(minus any revealing bits like WANIP etc)? Focus on the key changes made to maximize bandwidth for SIP.


whisper1

join:2007-11-28
Schomberg, ON

Some of the settings are from what the support tech helped with, others are what I came to from trial and error but it works for both outgoing and incoming traffic.
The way I tested it was by using the speedtest.net site to detemine whether the BW actually changed according to the rules. I also checked the actual line quality with and without these settings using Youtube videos to see if it helped or not.
The tech suggested to use a policy route (with BWM) for the outgoing and I basically set up the entries in the BWM section myself. The bandwidth from ISP is 1024kbps down and 512kps up. All my traffic is going through a bridge so you will have to replace the relevant settings if you don't have a bridge.

If anyone has improvements or notices flaws in the setup please post here.

Regards W.

BWM Settings:






Policy Route setting:



whisper1

join:2007-11-28
Schomberg, ON

I've noticed that when BWM is enabled the speed from the printer SD card to the computer is limited to approx 112KB's. If I disable BWM it jumps into the MB's. I've tried adding additional entries into BWM to allow for this but nothing seems to make a difference. I've even tried creating a single entry with maximum speed and it still doesn't work. Some ideas and help would be appreciated.

Many thanks.


whisper1

join:2007-11-28
Schomberg, ON

The latest firmware update (3.00BDR.1) fixed the issues I have been having with VOIP operations, it also resoved the issue in the post above this one.
VOIP now works perfectly.

[BUGFIX] SPR:120221266
Symptom:
USG20/20W SIP ALG cannot work.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 edit

You need to ensure you have proper line speed set on your wan interface(s) otherwise your BWM will not work properly.

Go to your WAN interface settings, enable Show Advanced Settings and go to Interface Parameters and configure (example):
Egress Bandwidth: 512 kbps
Ingress Bandwidth: 1024kbps (not really used today as per below, but doesn't hurt to set it properly for future. Anyway USG can't really manage the ingress bandwidth from WAN, only egress. It can manage internal traffic both ways though).

You should do some speed test and put real values there. This is mainly important on DSL lines where your actual speed is typically lower than the sync rate. If you're getting various speeds then put the lower number there, otherwise the BWM algorithm will "think" there's still bandwidth available and won't act properly.

Quote from PDF manual

quote:
5.1.2 Setting the Interface's Bandwith
Use the Configuration > Interface screens to set the WAN1 interface's upstream (egress) bandwith to beequal to (or slightly less than) what the connected device can support.

Quote from on-line help
quote:
Egress Bandwidth Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can send through the interface to the network. Allowed values are 0 - 1048576.
Ingress Bandwidth This is reserved for future use.
Enter the maximum amount of traffic, in kilobits per second, the ZyWALL can receive from the network through the interface. Allowed values are 0 - 1048576.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

2 edits
reply to whisper1

You should also consider using proper DiffServ/DSCP markings for your VoIP traffic. You can use DSCP to shape the traffic on your LAN instead of source and/or destination IPs.

If you have ATA device on your LAN (i.e. Linksys PAP2) that device is most likely already marking the outbound packets with DSCP. There's not really a standard but VoIP is typically marked with highest priority.

The highest priority DiffServ value is EF (Expedited Forwarding) and you want all your RTP packets to be tagged with this. Actual SIP is just signalling channel and does not need to be EF.

I've my PAP2 configured to:
SIP: 0x68 hex or 104 dec (DiffServ) same as 0x1A hex or 26 dec (DSCP) ~ CS3
RTP: 0xB8 hex or 184 dec (DiffServ) same as 0x2E or 46 dec (DSCP) ~ EF

Now, what I'm trying to say.
1) If you have your VoIP properly DSCP tagged, you can use DSCP in BWM for prioritization instead of source and destination IP/Port.
2) If you don't have your VoIP properly tagged (mainly your egress VoIP to ISP) you should tag it so all DSCP configured/aware routers on the path can act on the requested priority. (Not that any will, but you'll have a warm feeling that you've done everything you could for your poor little RTP packets).
You can do the DSCP tagging in Policy Routes. Instead of preserve DSCP for outbound traffic, tag it with EF (user define = 46). You'd do this only if your ATA does not tag. If it does, leave it to preserve.
Make sure you crate separate policy route for VoIP, don't tag all your egress traffic with EF.

If you have SW VoIP client check it's settings if it supports DSCP tagging.

Recommended reading:
»www.cisco.com/en/US/tech/tk543/t···f2.shtml
»www.cisco.com/en/US/technologies···per.html


whisper1

join:2007-11-28
Schomberg, ON

1 edit
reply to Brano

said by Brano:

You need to ensure you have proper line speed set on your wan interface(s) otherwise your BWM will not work properly.

Quote from PDF manual

quote:
5.1.2 Setting the Interface's Bandwith
Use the Configuration > Interface screens to set the WAN1 interface's upstream (egress) bandwith to beequal to (or slightly less than) what the connected device can support.

Brano,

Thank you for all this detail. I'm using PPPoE for my ISP connection. Using trial and error I found that I had to put the egress and ingress info into the PPPoE interface, adding it to the WAN interface didn't seem to affect the BWM. As per the manual I entered slightly less than my actual available BW. My ISP provides 1024 kbps down and 512 kbps up so I set the interface to 950 kbps and 500 kbps respectively, which is slightly less than the actual available BW.

Just so its clearer I was initially having 2 problems. The first was an issue with the way the USG 20W was handling the calls, calls were dropping, not ringing, caller could not hear us speaking etc and the second was with BWM and getting that to work as required. The recent update seemed to fix everything, it all started working perfectly after the update. I may have some tweaking to do as per your second post on DSCP marking which is going to require some reading to understand what you have written.

Your help is much appreciated as I've been working in the dark here with trial and error. I'll post back once I've had a chance to put in place your suggestions in that second post.

Many thanks,
W.

whisper1

join:2007-11-28
Schomberg, ON

3 edits
reply to Brano

said by Brano:

If you have ATA device on your LAN (i.e. Linksys PAP2) that device is most likely already marking the outbound packets with DSCP. There's not really a standard but VoIP is typically marked with highest priority.

I have a Linksys SPA2102R VOIP phone adaptor and after doing a little reading I believe the it does tag the packets as per your post. If I understand you correctly that means I dont have to tag anything from the Zyxel.
I did notice a field in both BWM and policy routing that enables me to specify the type of tagging used (see screen prints below.) Should I have entered this info or am I off track?
Also is there a way I can inspect the packets to check that it actually is being tagged just to make absolutely sure. I logged ito the Linksys and it doesn't allow me to see those settings as I have only user access to the box.



whisper1

join:2007-11-28
Schomberg, ON

If I'm reading this correctly it appears that the outgoing packets are being tagged with 0xB8 (0x2E).



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

You don't have to do the tagging in policy routes, leave them to preserve.

The only change you really needed was to set the wan1_ppp to proper speeds.

You can (not necessary) to change your BWM though, instead of using incoming/outgoing interface/IP you can match traffic by DSCP. That should be more generic and work without a change let's say when your Linksys ATA's address changes.


whisper1

join:2007-11-28
Schomberg, ON

Understand re policy routes, the field that I changed in the policy route screen shot (above) is a *criteria* field not a tagging field. As you say I dont need to tag anything the Linksys seems to be doing that.

The PPPoE interface is set to the correct speeds.

Thanks for the tip on how to make it more generic.

Best, W.