If anyone is interested in helping create a new site logo please email webmaster@allworxforums.com

PLEASE NOTE: Allworxforums.com is not owned, nor run by Allworx Corp. The views and opinions found on this forum are not necessarily the views of Allworx or the forum moderators. Neither Allworx nor the forum will be held liable for any information found on the forum. The Allworx logo and name is a registered trademark of Allworx Corp.

48X locking up--excessive traffic?

General installation and configuration help.
Post Reply
doom1701
Posts: 69
Joined: Tue Sep 20, 2011 6:52 pm

48X locking up--excessive traffic?

Post by doom1701 »

We're trying to track down the root cause of our core 48X (we have 4 throughout the country, all setup for Multisite, the "core" is just the biggest one--about 180 users, 270 handsets) locking up about one a week lately. Version 7.6.14.6. The first time we experienced it was when we had one of the other systems experience a hardware failure and we redirected inbound traffic from the SIP trunk of the failed system to our core system. I was able to telnet into the system (still hoping to redirect all of that Telnet output in some other way, I've got another thread about that) after restarting it and saw a ton of messages like the ones below:
tSip: +++ IEC [7.6.14.6:sipInvite.c,3832]
tSip: +++ IEC [7.6.14.6:sipInvite.c,3832]
tSip: +++ IEC [7.6.14.6:sipInvite.c,3832]
tSip: +++ IEC [7.6.14.6:ccbCall.c,1927]
tSip: +++ IEC [7.6.14.6:sipInvite.c,1630]
tSip: +++ IEC [7.6.14.6:sipCancel.c,311]
tSip: +++ IEC [7.6.14.6:sipCancel.c,311]
Pages and pages of them. At some point the web interface of the phone system stopped responding, phone call processing stopped, Telnet disconnected, but we could still ping the system. Only resolution was to bounce the system, and ultimately we redirected the failed system's trunk to another system and the problem went away.

Three times since it's shown the same symptoms (other than we haven't been telnetted in so I can't verify those messages). We had one other instance today where I was telnetted in, we saw very similar symptoms (web interface hung, outbound calls were failing) and it was the same messages as above, page after page. I would keep hitting enter on the telnet window and see that it was still responding, and then after about a minute everything started responding again (and the messages stopped).

We've had a lot of growth lately, and while we aren't maxed out to the licensed and stated abilities of the system, we're wondering if either we have too much usage on the 48X, if there's something that our SIP provider (Windstream) might be doing that is leading to this, or if it might be a DoS attack. We've had DoS attacks in the past (prior to the software upgrade that fixed the vulnerability), but those caused ping results to be spotty with high latency; ping has been consistent with no latency for these most recent issues.
Top
doom1701
Posts: 69
Joined: Tue Sep 20, 2011 6:52 pm

Re: 48X locking up--excessive traffic?

Post by doom1701 »

We were able to get a little more information today (it happened again). The last messages generated before all phone and web traffic to the 48X stopped are below.

eCos> tSip: +++ IEC [7.6.14.6:sipInvite.c,3832]
tSip: +++ IEC [7.6.14.6:sipInvite.c,3832]
tSip: TokenPipe 37 blocked (7388652 ticks)(msg proxy.c:223)
tAlarm: TokenPipe 37 blocked (7388693 ticks)(msg proxy.c:223)
tRca: TokenPipe 37 blocked (7388749 ticks)(msg proxy.c:223)
tCaa: +++ IEC [7.6.14.6:ccbCall.c,2930]

We also unplugged the WAN cable during the message storm, and they kept coming--so whatever it is that is causing it appears to be coming from inside of the network.
Top
doom1701
Posts: 69
Joined: Tue Sep 20, 2011 6:52 pm

Re: 48X locking up--excessive traffic?

Post by doom1701 »

After being stable for a week and a half, we think we know what happened. Windstream DoS'ed us.

We had Trunk Group Overflow setup on three of our SIP Trunks with Windstream. They were setup in a round robin fashion; if Site 1 became unavailable, Windstream routes the call to Site 2. Site 2 is configured for all of the DIDs of Site 1 (all the sites, actually), and knows the internal extension at Site 1 to route the call back to. It's saved our butts when we've had a circuit at a core site go down. Being round robin, if Site 2 is unavailable, calls go to Site 3, and Site 3 calls go to Site 1 if unavailable.

We were able to document two situations two weeks ago where a call would ring an extension (8 phones in the ring group) at Site 1. While that was happening, Windstream for some reason failed the call to Site 2. That call would ring the same extension by pushing the call back to the Site 1 48X. Windstream then failed the call again to Site 3, which pushed the call back to Site 1 again, as designed. This looped rapidly until the Site 1 48X was attempting to process the same call so many times that the system failed.

We have turned off the automatic failover and we haven't had an issue since.
Top
Post Reply

Return to “Installation and Configuration Help”