2 Replies Latest reply on Apr 19, 2019 7:54 AM by jander

    SIP Proxy not working with VRRP VIP

    jander New Member

      I am working on putting together a dual WAN, "high availability" topology with a pair of 3140's. This will be to support our hosted IP phones, leveraging the SIP proxy functionality. I am using VRRP on my LAN interfaces to facilitate failover for the voice LAN. We have used the SIP proxy functionality on the 3140 for single box, single WAN, and dual WAN builds, but this is the first time we've tried to grow the built to leverage two 3140's.

       

      In my lab, I have successfully achieved IP failover from one box to the other using track statements on my primary 3140's VRRP instance to decrement the VRRP priority. Everything was working swimmingly until I actually went to connect a phone.

       

      I found that with VRRP enabled, the Adtran will not intercept and proxy the SIP traffic. I confirmed this by rebooting the phone several times, watching "debug sip stack messages" and IP policy-sessions. It's as if the Adtran completely ignores SIP traffic sent to the VRRP VIP. As soon as I tear down the VRRP instance and place the default gateway IP on the interface (like I would in a single box build), everything works fine.

       

      Below is my interface config with VRRP:

       

      interface gigabit-eth 0/1.20

        description VOIP LAN

        vlan-id 20

        ip address  10.10.20.252  255.255.255.0

        no ip proxy-arp

        ip access-policy VOIP-Private

        vrrp 1 ip 10.10.20.254

        vrrp 1 priority 110

        vrrp 1 track HA_FAILOVER decrement 30

        media-gateway ip primary

        no shutdown

       

      When my phone attempts to register, I see SIP traffic hitting the VRRP VIP on the firewall, but "debug sip stack messages" captures no messages. All I see is:

       

      Policy class "VOIP-Private":

      udp (60) -> self

        10.10.20.1      5060 10.10.20.254    5060

       

      As soon as I modify the config to a standard, single box interface IP config, the Adtran intercepts and proxies SIP traffic as normal.

       

      interface gigabit-eth 0/1.20

        description VOIP LAN

        vlan-id 20

        ip address  10.10.20.254  255.255.255.0

        no ip proxy-arp

        ip access-policy VOIP-Private

        media-gateway ip primary

        no shutdown

       

      Policy class "VOIP-Private":

      udp (60) -> self

        10.10.20.1      5060     10.10.20.254    5060

       

      udp (39) -> Public-WAN2

        192.168.2.252   5060     <my sip server>  5060

       

      Again, this is impacting only SIP traffic. All other standard NAT traffic works great. Does Adtran not support SIP proxy with VRRP?


      I can post a more full config if necessary, but my build is fairly cookie cutter based on Adtran's published stateful SIP proxy, dual WAN failover, and VRRP guides.

       

      Thanks!