Showing results for 
Search instead for 
Did you mean: 


SIP phones lose registration status to CCM servers when traffic goes over MPLS-based mGRE overlay

Here's the basic background:
The remote site as two connections back to the data centers.  Single DMVPN cloud per transport.  Transports are MPLS and Internet.  On the Internet side there is a device, inline, that encrypts the GRE traffic (long story, don't ask).  In neither case does the GRE traffic get encrypted.  The routing is basic.  All voice destinations have been identified and all voice destinations route over the MPLS-based tunnel and all other traffic goes over the Internet-based tunnel.  This particular remote site has a mix of SIP and SKINNY phones (both Cisco).  When traffic goes over the MPLS-based tunnel ONLY the SIP phones lose registration and they all register with the local router (SRST mode I think this is called - not a voice engineer so my knowledge is spotty).  If the MPLS-based BGP peers are taken down and all of the traffic is forced over the Internet-based tunnel then the SIP phones reregister with the CCM servers.  In looking at packet captures I can see that some packets are lost somewhere either in the MPLS cloud or coming into the remote site router BUT I'm not able to reproduce packet loss using ICMP traffic marked with the same DSCP as the SIP control traffic.  No matter how much traffic I send I get 100%.  No packet loss.  We have thousands of sites using the architecture and this is the only site that's exhibiting this behavior (that I know of).  Cisco TAC has asked that we add crypto to the MPLS-based tunnel but that's work I'm hoping to avoid.  I don't know why they're suggesting this other than that they're implying that somehow the MPLS carrier is looking into the bowels of the GRE traffic and deciding, for some reason, to discard a small % of packets.  IDK.  If that's the case it sounds bizarre to me.  In any case, I'm not sure where to go with this next.  I thought that maybe the router was consuming some of the packets so I just captured traffic destined for router and didn't see the router taking any packets.  Ops claims that this started after a power outage at the site.  The router has been rebooted as part of the troubleshooting history. Any suggestions other than to add crypto to the MPLS-based tunnel?

This widget could not be displayed.