[VoiceOps] Explaining router/NAT problems to customers

Scott Berkman scott at sberkman.net
Fri Jan 29 11:03:12 EST 2010

This is a very common case.  I actually am more concerned about trying to go
through an enterprise-class router than SOHO class Linksys type device
because of ALG functions.  A misconfigured or default ALG is a sure fire way
to mess things up.

There was a common case we had along these lines with the Netopia routers
ATT was deploying for a long time with its business DSL customers (really
anyone with static/multiple IPs).  The Netopia had an undocumented SIP ALG
that was enabled by default and not mentioned or configurable via the web
interface.  We had to get into the CLI and disable the ALG every time we
tried to set a customer up behind one of these.  Basically what happens in
the ALG replaces the IPs in the packets with whatever IP is on the router,
but didn't translate correctly on the way back in.

As for router configurations, there are 3 ways to handle that.  Either you
manage the router and make the changes for the customer, give them access
and say "you break you fix", or segment and pass off a different public IP
address to them so they can manage their own firewall.  I am big fan of
segmentation, but something like that obviously adds complexities and costs.


-----Original Message-----
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Carlos Alvarez
Sent: Thursday, January 28, 2010 10:00 PM
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Explaining router/NAT problems to customers

On 1/28/10 7:19 PM, Ujjval Karihaloo wrote:
> I recommend enabling Voip ALG on junipers, given u r on a pretty
> recent os load.

I think that's what started the issues on that one.  Today the customer 
finally told us they upgraded the Juniper two weeks ago.  Coincidentally 
around the time the phone issues started.

The BYOI model is for the smallest customers so cost is always an issue. 
  We're talking the under 25 handset customer, often 5-10 handsets.  At 
some point I do realize that cheap creates problems.  I just have to 
find the balance.

I'm really leaning towards telling these customers that they have to use 
a router we provide.  Like I said, even the WRT has a great track record 
in this small-company space.  The company with the Juniper has ten 
phones, the Juniper was just a big money-maker for their IT consultants.

For those of you who provide a router, what do you tell the customer if 
they want port forwarding or NAT configurations?

Carlos Alvarez

Advanced phone services simplified
VoiceOps mailing list
VoiceOps at voiceops.org

More information about the VoiceOps mailing list