No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


default setting of firewall udp-flood defend on SE2200 causes RTP packet lost

Publication Date:  2012-08-09 Views:  121 Downloads:  0
Issue Description
RTP packet losts after passing through SE2200.
Here is network structure :  PBX-----SE2200------NGN network,  customer reported that if there are many simultanious calls (from PBX to SE2200)then RTP packets are dropped after SBC, the captured packets show that there are high packet lost rates on the direction from SE2200 to PBX, but there is no packet lost from PBX to SE2200 and there is no packet lost between SE2200 and NGN network.
if the traffic is low, there is no packet lost from SE2200 to PBX.
Alarm Information
Handling Process
after analyzed the captured packets,  the traffic from SE2200 to PBX is lower than from PBX to SE2200, so the packet lost is not caused by shortage of bandwidth.
the captured packets show that sometimes there is on none RTP packet from SE2200 to PBX, while there are packets from NGN network to SE2200, so it shows us that SE2200 doesn't forward the RTP packets by some reason sometimes.
check the configuration of SE2200, there is  such a record: "firewall udp-flood defend", without parameters, so it means the system will apply the default parameters.  and the default threshold of udp-flood defend is 1000 packets per second, if the flow exceeds the threshold,  the system will think it is a udp-flood attack and take action.
for one call it sends around 50 RTP packets per second ( if the packing time is 20ms), so the defual threshold of udp-flood, 1000 packets per second, can only support 20 calls (between the same IP address pair of SE2200 and PBX),  when there are more simultanious  calls the packet lost problem will happen.
after undo the udp-flood defend, there is no RTP packet lost any more.
Root Cause
1. the problem of packet lost doesn't happen when traffic is low, so it has relationship with traffic.
2. if the bandwidth is not enough for high traffic flow, it may cause packet lost.
3. the incorrect work mode (speed and duplex) of network interface may cause packet lost.
4. the fireware defend may discard packet which cause the packet lost problem.
disabling flood attack defense does not affect the se2200/2300 security. udp flood attack defense is a feature inherited from the firewall. udp flood attack defense is not applicable to se2200/2300's scenarios. therefore, the se2200/2300 supports signaling attack defense and media pinhole firewalls in replace of udp flood attack defense. the two functions can defend against udp attacks more effectively.

refer to :