RTP packet losts after passing through SE2200.
Here is network structure : PBX-----SE2200------NGN network, customer reported that if there are many simultanious calls (from PBX to SE2200)then RTP packets are dropped after SBC, the captured packets show that there are high packet lost rates on the direction from SE2200 to PBX, but there is no packet lost from PBX to SE2200 and there is no packet lost between SE2200 and NGN network.
if the traffic is low, there is no packet lost from SE2200 to PBX.
after analyzed the captured packets, the traffic from SE2200 to PBX is lower than from PBX to SE2200, so the packet lost is not caused by shortage of bandwidth.
the captured packets show that sometimes there is on none RTP packet from SE2200 to PBX, while there are packets from NGN network to SE2200, so it shows us that SE2200 doesn't forward the RTP packets by some reason sometimes.
check the configuration of SE2200, there is such a record: "firewall udp-flood defend", without parameters, so it means the system will apply the default parameters. and the default threshold of udp-flood defend is 1000 packets per second, if the flow exceeds the threshold, the system will think it is a udp-flood attack and take action.
for one call it sends around 50 RTP packets per second ( if the packing time is 20ms), so the defual threshold of udp-flood, 1000 packets per second, can only support 20 calls (between the same IP address pair of SE2200 and PBX), when there are more simultanious calls the packet lost problem will happen.
after undo the udp-flood defend, there is no RTP packet lost any more.
1. the problem of packet lost doesn't happen when traffic is low, so it has relationship with traffic.
2. if the bandwidth is not enough for high traffic flow, it may cause packet lost.
3. the incorrect work mode (speed and duplex) of network interface may cause packet lost.
4. the fireware defend may discard packet which cause the packet lost problem.