Environment:
The system is quite new, having launched in production in June 2019 with current software/firmware on all components. Initially each phone was configured with SIP TCP port 5060 and 120s expiry. However after about 2 weeks the server experienced critically high CPU and continuous failing registrations; these eventually hammered the CPU so badly that it would drop registrations, lose connection to SIP trunk, poor call quality, dropped calls, the list goes on. I've tried both AWS and Vultr as VPS providers to host the server with the same result. Also tried doubling the processors & memory - same result.
When looking at sngrep ^REG during the CPU spikes, phones were trying to register with a new port every second or two - the sngrep message count would just increment relentlessly. Not on all phones at once, but quite a few (I have about 30 in total).
We reconfigured the phones so every line had its own TCP port (5111, 5112, 5113, etc.). This stabilised the system for 1.5 to 2 weeks then the same problems, CPU spike etc., came back without any obvious trigger.
We reconfigured the phones so that, in addition to keeping the unique ports, they would use SIP UDP with an expiry of 800s. This has mostly stabilised the system but I still see the odd unexpected sngrep message 401 Unauthorized in phone registrations. I would like to further stabilise the system with an improved configuration, if possible.
The following settings are in use:
My question: does anyone out there have a stable configuration they are willing to share for this specific combination of freeswitch + multiple Cisco SPA5xxG phones behind pfsense with a DSL connection? Other suggestions welcome!
- Freeswitch + FusionPBX hosted on a VPS with a public IP, so no NAT at server end.
- 3 local offices each with multiple Cisco SPA504G phones (provisioned from Freeswitch) behind a pfSense router/firewall/VDSL connection.
- IP v4 only.
The system is quite new, having launched in production in June 2019 with current software/firmware on all components. Initially each phone was configured with SIP TCP port 5060 and 120s expiry. However after about 2 weeks the server experienced critically high CPU and continuous failing registrations; these eventually hammered the CPU so badly that it would drop registrations, lose connection to SIP trunk, poor call quality, dropped calls, the list goes on. I've tried both AWS and Vultr as VPS providers to host the server with the same result. Also tried doubling the processors & memory - same result.
When looking at sngrep ^REG during the CPU spikes, phones were trying to register with a new port every second or two - the sngrep message count would just increment relentlessly. Not on all phones at once, but quite a few (I have about 30 in total).
We reconfigured the phones so every line had its own TCP port (5111, 5112, 5113, etc.). This stabilised the system for 1.5 to 2 weeks then the same problems, CPU spike etc., came back without any obvious trigger.
We reconfigured the phones so that, in addition to keeping the unique ports, they would use SIP UDP with an expiry of 800s. This has mostly stabilised the system but I still see the odd unexpected sngrep message 401 Unauthorized in phone registrations. I would like to further stabilise the system with an improved configuration, if possible.
The following settings are in use:
- STUN server: not currently used
- NDLB-broken-auth-hash true
- NDLB-force-rport true
- NDLB-received-in-nat-reg-contact true
- Settings as recommended by DigitalDaz in Cisco Tips and Tricks forum (RTP Packet Size 0.020, Handle VIA rport = Insert VIA rport = Yes)
My question: does anyone out there have a stable configuration they are willing to share for this specific combination of freeswitch + multiple Cisco SPA5xxG phones behind pfsense with a DSL connection? Other suggestions welcome!
