Friday, 27 January 2012

Differences Between Cisco SPA2102 and Linksys PAP2T


I myself have been testing and using the Linksys-Cisco PAP2T-NA and SPA2102-NA ATA's (Analog Telephone Adapter) for a few years now.

When I bought my first PAP2T, I knew nothing about user configurable ATA's (unlocked and open), but I was determined to learn... the hard way, through Internet research and trial and error.

When I first skimmed through the web-based user interface of these ATA's, I became a bit dizzy from the maze of configuration options.  Quite overwhelming and intimidating to the novice, which I was.  Even now, over two years later, I'm still intimidated by some of the advanced options available in these units.

The good news is that the average user doesn't really need to understand anything about most of the options provided.  What you do need to know though is how to navigate to the options that are essential.  And, I will be providing future posts on just that - how to configure the PAP2T-NA and SPA2102-NA with the basic minimum configuration options possible.  And, to keep it simple, I will be specifically illustrating how to configure them with my current preferred VoIP carrier, CallCentric.

What's the difference between PAP2T and SPA2102?
The primary differences of most importance is that the PAP2T does not have a built-in NAT-Router or QOS.  So the PAP2T is really just a configurable Telephone Adapter.  So, from this perspective, it is simpler to configure than the SPA2102 (but, only marginally simpler).  However, because it does not have its own built-in NAT-Router, you will generally be using it behind your existing network router.  And, this very fact does have some drawbacks of its own (VoIP firewall traversal issues).  So, now you may have to fiddle with your local network NAT-Router gateway firewall to port-forward, or port-trigger, SIP and RTP ports required for VoIP services to work behind a firewall.

Whereas, the SPA2102 does have its own built-in NAT-Router and QOS.  This very fact is a huge bonus for the SPA2102 because it automatically takes care of opening SIP and RTP ports and default QOS settings required for your ATA to function without any fiddling with the firewall and QOS options.

How do you decide which ATA is best for you?
If you already have a NAT-Router integral to your Internet Modem gateway, then you may have no choice but to pick the PAP2T-NA.

However, if your Modem does not have a built-in NAT-Router, then I highly recommend you pick the SPA2102-NA.

Even if you already have a separate 4-port NAT-Router, after the Modem, you don't need to stop using it.... just use it "after" the SPA2102.

For the SPA2102 to function at its best, you definitely want it connected "directly after" your Modem.  This way you will benefit from the QOS packet management the SPA2102 provides.  And, you won't have to worry about firewalls blocking the essential SIP and RTP VoIP ports required by the ATA.... the SPA2102 will open the necessary SIP and RTP ports it needs for your VoIP calls.

The SPA2102 does provide one Ethernet LAN port.  So, you can connect your PC directly to this LAN port.  Or, you could connect another 4-port router, or switch, to this port if you have multiple devices on your LAN side.  This is the way I recommend most people use the SPA2102.

However, for myself, I have settled for the following configuration that works quite satisfactory for me:
  • I connect a 4-port Switch directly to my Modem LAN gateway.
  • I connect my SPA2102 to port-1 of the switch.
  • I connect my Linksys WRT54G to port-2 of the switch.
  • All other devices on my LAN are connected via the WRT54G LAN ports.
In the above configuration, the switch is acting as a kind of Internet access splitter between my Modem, SPA2102, and WRT54G.  However, this configuration requires that each device connected to the switch be assigned a unique WAN IP address (public IP).

With my high-speed Internet service, I am allowed to be assigned two dynamic WAN IP addresses.  Therefore, I get one IP address assigned to my SPA2102 and the other IP address assigned to the WRT54G.  Most high-speed Internet services allow up to two dynamic IP addresses with high-speed service... but, you may have to contact their Customer Support to enable the 2nd IP address, which may not be enabled, by default (as it was in my case).

Then, I have my desktop PC connected to one of the WRT54G LAN ports and my wife's laptop through its Wireless-G link.  I then set the WRT54G to limit its "uplink speed" to be 150 Kbps less than my ISP allowed uplink speed.  This ensures that I leave enough uplink bandwidth left over for the SPA2102 VoIP packets to traverse the Modem uplink without being bottlenecked by simultaneous data from the WRT54G data through the Modem.

I do not have any other devices connected to my SPA2102 LAN port... but, I could if I wanted to.  The QOS settings in the SPA2102 throttles "upload" LAN traffic through its LAN port to 128 Kbps (by default).  This is to ensure that there is always enough upload bandwidth available for the VoIP packet traffic.  You can adjust its "uplink speed" to suit your permissible upload bandwidth provided by your ISP.  Actually, I do sometimes connect my PC to the SPA2102 LAN port when I need to view or change any of its web-based configuration settings.

So, if you are only going to be using your ATA behind an existing NAT-Router, the PAP2T-NA is probably your best choice for that scenario.

If you want much more flexibility, go for the SPA2102-NA.  It is also small and compact enough to use as a travel NAT-Router for your laptop.... with the added bonus of being  able to make cheap VoIP calls from your travel NAT-Router while on the road (assuming you have high-speed Internet access).  However, this would also require you to have a small standard telephone to plug into the ATA to make those calls.

In previous articles, I explain and illustrate the basics of configuring the Linksys-Cisco PAP2T-NA and SPA2102-NA with CallCentric VoIP services.
Posted by at 13:28
Labels: , , , ,

How To Configure Cisco Linksys SPA2102 VoIP ATA With CallCentric


The focus of this article is to illustrate how to configure the Cisco Linksys  SPA2102-NA  with a BYOD (bring your own device) VoIP carrier, such as CallCentric.


To keep things as simple as possible, I will start from the factory default settings and only change configuration settings that are most important to get started connecting to CallCentric on Line-1, which is my primary VoIP carrier I have been using for years.

NOTE:  These instructions only work on UNLOCKED versions of SPA2102-NA.
If you purchased your ATA from an authorized Cisco-Linksys reseller, it will likely be an unlocked -NA version.

My examples are based on SPA2102-NA Firmware Version = 5.2.10 and Hardware Version 1.3.5(a).
My SPA2102-NA is directly connected to my ISP high-speed Modem. (Recommended)

I will be following these basic steps:
  1. Reset SPA2102 to Factory Defaults using its IVR interface
  2. Login to the SPA2102 web-based configuration interface
  3. Configure primary/secondary DNS servers and NTP Time Servers
  4. Set your local Time Zone clock offset
  5. Configure Line-1:  VoIP Proxy, User ID, Password, Codec, Dial-Plan
I recommend using the SPA2102 directly on the output of your Internet Modem.  For best performance and reliability, there should not be any NAT-Routers before the SPA2102.  This also means that your Modem should not have a NAT-Router built into it.  The SPA2102 has its own built-in NAT-Router and Firewall.  So, the rest of your network is protected when connected to the LAN port of the SPA2102.  If you have multiple LAN devices that need to be connected, you can connect your router, or Ethernet Switch,  "after" the SPA2102 through its LAN port.

Reset to Factory Defaults
The reason I am beginning with Reset to Factory Defaults is to ensure that we are on the same page with all the same default settings.  If it works for me, I presume it will work for you too.

To reset to factory defaults requires that I access the SPA2102 IVR system (Interactive Voice Response) using a regular telephone plugged into the Line-1 phone jack (RJ-11 jack).  Then, power up the adapter.  It will only take about 15 seconds to power-up to the "ready" state.
  1. To activate the SPA2102 IVR, lift the phone handset and press the Star key four (4) times (* * * *).
  2. After the IVR voice prompt, enter the Factory Reset code:  73738, followed by the # key (73738#).
  3. The IVR will prompt you to "press 1 to confirm".
  4. As soon as you press "1", the unit will perform the factory reset.
Now that we are at a known default starting point, we can proceed to configure only those settings that are required, or otherwise recommended.

Connect and Login to the SPA2102 Web Based Configuration Interface
Connect your PC to the SPA2102 using its LAN-side gateway:
  1. Connect your PC Ethernet LAN cable directly to the yellow Ethernet LAN port of the SPA2102.
  2. Connect to the SPA2102 web interface by entering its LAN gateway IP address into your Web Browser using the default address of 192.168.0.1
  3. By default, you will be viewing the SPA2102 "Status" page, in "Basic" view.  By default, there is no password required to connect and login to Basic view.


The screen captures I'm currently posting here are based on firmware version 5.2.10.
In previous articles I posted the procedures for upgrading firmware in the SPA2102-NA and PAP2T-NA VoIP adapters.  It is advisable to always use the latest firmware version available.

To begin configuration of the SPA2102, you need to switch to "Admin" and "Advanced" view. 
By default, the SPA2102 does not require an admin password. 

Now, navigate to the WAN Setup tab. 


Configure Primary/Secondary DNS Servers and NTP Time Servers
DNS servers lookup the IP address of an Internet resource based on domain name to IP address cross referencing. Typically, we configure a VoIP proxy based on its domain name (i.e. callcentric.com ).  DNS servers will redirect your Internet traffic to the appropriate IP address of the VoIP proxy.  The same goes for the NTP (Network Time Protocol) time servers.  Your ATA uses NTP time servers for tagging and maintaining the correct device time.  NTP time servers are listed by domain names.  The DNS servers will direct the NTP requests to the appropriate NTP time server IP addresses.

By default, the SPA2102-NA should retrieve the DNS server info from your Internet Modem DHCP server. However, I prefer to ensure that the DNS servers are hard coded, as well as automatically retrieved via DHCP, to ensure reliability, redundancy, and backup.

In my examples, I have configured my SPA2102-NA Primary and Secondary DNS servers to point to the new Google DNS servers at 8.8.8.8 and 8.8.4.4.  I also use NTP time servers at time-nw.nist.gov and time.nist.gov.  If you have different server preferences, feel free to use them instead of the ones I use.  As well, you can set the DNS Server Order = "Manual, DHCP" to use DHCP DNS servers as backup to your manually set primary/secondary servers.


For now, the default QOS settings should be suitable to begin with.

Click the Submit All Changes button to SAVE your custom settings.

Next, navigate to the Voice and Regional tab page.  Scroll to the bottom of the page.
Set your local Time Zone offset, depending on where you live.


Click the Submit All Changes button to SAVE your custom settings.

Configure Line-1:   VoIP Proxy, User ID, Password, Codec, and Dial-Plan, etc...
Navigate to the Voice and Line-1 tab page.

The Line-1 page is where you will be configuring VoIP service with your primary line (Line-1) and carrier.

While you can configure any SIP based VoIP carrier here, that allows BYOD (bring your own device), I will be using  CallCentric to illustrate the CallCentric "required settings".  If you are configuring with another VoIP carrier, it is essential that you consult their support pages for their specific settings required by that specific service.


The following settings must be set as specified by  CallCentric:
  • NAT Mapping Enable:  No
  • Nat Keep Alive Enable:  No
  • Proxy:  callcentric.com
  • Use Outbound Proxy:  Yes
  • Outbound Proxy:  callcentric.com
  • Use OB Proxy in Dialog:  Yes
  • Register:  Yes
  • Make Call Without Reg:  No
  • Ans Call Without Reg:  No
  • Register Expires:  3600
  • Use DNS SRV:  Yes
  • DNS SRV Auto Prefix:  Yes
  • User ID:  1777XXXXXXX  (use your CallCentric UserID)
  • Auth ID:  1777XXXXXXX  (use same as UserID)
  • Use Auth ID:  Yes
  • Password:  **********  (use as set in your CallCentric user account - Preferences - Phone Password; SIP Password)  (By default, it's the same as your web login password)

Remember to save all new settings when finished making changes.
Click the Submit All Changes button to SAVE your custom settings.


At this point, you have set all the basic requirements to connect to a VoIP service provider.

Following, are some additional suggestions and reminders:

Codecs
While the SPA2102 defaults to use G.711u Codec, CallCentric recommends using G.729a to save bandwidth.  If you want the best voice fidelity, I would stick with G.711u.  But, if you do have QOS or data bottlenecking problems, it may be prudent to switch to G.729a to reduce bandwidth requirements of your VoIP calls.

Dial Plans
While the SPA2102 default dial plan will work, you may want to replace the default with the dial plan recommended by CallCentric:

(*xx.|*xxx|*75xx|[3469]11|0|00|1xxx[2-9]xxxxxxS0|xxxxxxxxxxxx.|**275*x.)

First, completely clear the default plan, then copy and paste this plan in its place.
Save your changes.

There are three reasons to use the CallCentric enhanced dial plan:
  • It accepts *xxx numbers, such as accessing your CallCentric Voice Mail using *123 command
  • It accepts CallCentric Speed Dial numbers such as *75xx (*7500 - *7599).  Your CallCentric user control panel allows you to pre-program 100 predefined speed-dial numbers accessible from your VoIP ATA (i.e. SPA2102).
  • It accepts **275*x. number dialing to allow network peering calls through the Sip Broker network.

Disable Line-2
If you will only be using Line-1 on the SPA2102, I recommend disabling Line-2.  You can always re-enable it in the future if you connect to another account or another VoIP service (like I do).


Disable Provisioning
As the SPA2102-NA is an "Open", "Unlocked", and "User Configurable" VoIP ATA, there is no reason to leave the default Provisioning service enabled.  I recommend setting the "Provision Enable" = NO.
Remember to save any changes.


Before exiting the web administration pages, I recommend that you go back and review all settings and changes just to confirm that all values were entered correctly and saved.

I hope you enjoy using the SPA2102-NA with the CallCentric VoIP service as much as I have.
Happy VoIPing...
Posted by at 13:22
Labels: , , , ,

How To Configure Cisco Linksys PAP2T VoIP ATA With CallCentric


The focus of this article is to illustrate how to configure the Cisco Linksys PAP2T-NA  with a BYOD (bring your own device) VoIP carrier, such as CallCentric.

  
To keep things as simple as possible, I will start from the factory default settings and only change configuration settings that are most important to get started connecting to CallCentric on Line-1, which is my primary VoIP carrier I have been using for years.

NOTE:  These instructions only work on UNLOCKED versions of PAP2T-NA.

If you purchased your ATA from an authorized Cisco-Linksys reseller, it will likely be an unlocked -NA version.



My examples are based on PAP2T-NA Firmware Version = 5.1.6 and Hardware Version 0.1.5

I'm also using the PAP2T behind my Linksys WRT54G NAT-Router.


I will be following these basic steps:
  1. Reset PAP2T to Factory Defaults using its IVR interface
  2. Login to the PAP2T web-based configuration interface
  3. Configure Line-1:  VoIP Proxy, User ID, Password, etc.

Reset to Factory Defaults
The reason I am beginning with Reset to Factory Defaults is to ensure that we are on the same page with all the same default settings.  If it works for me, I presume it will work for you too.

To reset to factory defaults requires that I access the PAP2T IVR system (Interactive Voice Response) using a regular telephone plugged into the Line-1 phone jack (RJ-11 jack).  Then, power up the adapter.  It will only take about 15 seconds to power-up to ready state.

  1. To activate the PAP2T IVR, lift the phone handset and press the Star key four (4) times (* * * *).
  2. After the IVR voice prompt, enter the Factory Reset code:  73738, followed by the # key (73738#).
  3. The IVR will prompt you to "press 1 to confirm".
  4. As soon as you press "1", the unit will perform the factory reset.

Connect and Login to the PAP2T Web Based Configuration Interface
Connect to the PAP2T using its DHCP assigned IP address, assigned by your router.  In my case, I'm using the WRT-54G as my LAN NAT-Router.  My PC is connected to port-1 and the PAP2T is connected to port-2 of the router.

Typically, you will determine the IP address assigned to the PAP2T by  using its IVR system:
  1. To activate the PAP2T IVR, lift the connected phone handset and press the Star key four (4) times (* * * *).
  2. After the IVR voice prompt, enter the Check IP Address code:  110, followed by the # key (110#).
  3. Write down or remember this IP address.
  4. Hang-up to end IVR.
  5. Connect to the PAP2T by entering its assigned IP address, using your Web Browser
    (In my case, I'm using Google Chrome browser)
  6. By default, you will be viewing the PAP2T "Info" page, in "Basic" view.  By default, there is no password required to connect and login.

Configure Line-1:   VoIP Proxy, User ID, Password, etc...
To begin configuration of the PAP2T, you need to switch to "Admin" and "Advanced" view.
By default, the PAP2T does not require an admin password.


Click on Line 1 to go to Line 1 configuration page:


The Line-1 page is where you will be configuring VoIP service for your primary line and carrier. While you can configure any SIP based VoIP carrier here, that allows BYOD (bring your own device), I will be using CallCentric to illustrate the CallCentric "required settings".  If you are configuring with another VoIP carrier, it is essential that you consult their support pages for their specific settings required by that specific service.

The following settings must be set as required by CallCentric:
  • NAT Mapping Enable:  No
  • Nat Keep Alive Enable:  No
  • Proxy:  callcentric.com
  • Use Outbound Proxy:  Yes
  • Outbound Proxy:  callcentric.com
  • Use OB Proxy in Dialog:  Yes
  • Register:  Yes
  • Make Call Without Reg:  No
  • Ans Call Without Reg:  No
  • Register Expires:  3600
  • Use DNS SRV:  Yes
  • DNS SRV Auto Prefix:  Yes
  • User ID:  1777XXXXXXX  (use your CallCentric assigned UserID)
  • Auth ID:  1777XXXXXXX  (use same as UserID)
  • Use Auth ID:  Yes
  • Password:  **********  (use PW as set in your CallCentric user account Preferences page)
    (by default, SIP PW is the same as your CallCentric web account login, but can be changed in Preferences)

Remember to "Save Settings" when finished making changes.
At this point, you have set all the basic requirements to connect to a VoIP service provider.

Following, are some additional suggestions and reminders:
Codecs
While the PAP2T defaults to use G.711u Codec, CallCentric recommends using G.729a to save bandwidth.  If you want the best voice fidelity, I would stick with G.711u.  But, if you do have QOS or data bottlenecking problems, it may be prudent to switch to G.729a to reduce bandwidth requirements of your VoIP calls.

Dial Plans
While the PAP2T default dial plan will work, you may want to replace the default with the dial plan recommended by CallCentric:
(*xx.|*xxx|*75xx|[3469]11|0|00|1xxx[2-9]xxxxxxS0|xxxxxxxxxxxx.|**275*x.)
Just copy and paste this plan over the default plan.

There are three reasons to use the CallCentric enhanced dial plan:
  • It accepts *xxx numbers, such as accessing your CallCentric Voice Mail using *123 command
  • It accepts CallCentric Speed Dial numbers such as *75xx (*7500 - *7599).  Your CallCentric user control panel allows you to pre-program 100 predefined speed-dial numbers accessible from your VoIP ATA (i.e. PAP2T).
  • It accepts **275*x number dialing to allow network peering calls through the Sip Broker network.

Disable Line-2
If you will only be using Line-1 on the PAP2T, I recommend disabling Line-2.  You can always re-enable it in the future if you connect to another account or another VoIP service (like I do).


Disable Provisioning
As the PAP2T-NA is an "Open", "Unlocked", and "User Configurable" VoIP ATA, there is no reason to leave the default Provisioning service enabled.  I recommend setting the "Provision Enable" = NO.
Remember to save any changes.


Allow VoIP to Pass Through Firewalls
Remember, the PAP2T is designed to function behind a router and firewall.  For VoIP behind NAT-Routers to function "reliably", you need to Port Forward or Port Trigger the required VoIP SIP and RTP ports that carry the VoIP traffic.

Note:
If you use "port forwarding" (vs. port triggering) through your router, this usually requires forwarding to a fixed IP address.  Thus, you would need to fix the IP address of the PAP2T to a static value, and then set port forwarding address in the router to match the static IP address of the PAP2T.

Initially, I recommend that you try using Port Triggering of SIP and RTP ports through your router and leave your PAP2T in DHCP mode.  If triggering isn't working for you, then resort to Port Forwarding SIP/RTP ports to a fixed IP address on the PAP2T.

Enjoy your VoIP calls from your PAP2T-NA configurable ATA.

Posted by at 13:14
Labels: , , , ,

How to Update Firmware on the Linksys WRT54G Wireless Router

(Article originally posted in August 2010)

In this article, I will cover how to update firmware on the WRT54G NAT-Router.

I'm using the WRT54G for this example because I use it on my home network, and the PC that I use VoIP Softphones with is also behind this router.  In my previous articles on VoIP, Port Forwarding, and Port Triggering, I also used the WRT54G as my example router to illustrate configuration settings.icon

In the following examples I will be upgrading from firmware version 8.00.4 to 8.00.7
  1. Login to the WRT54G using IP address 192.168.1.1
  2. The default User Name is empty (no entry)
  3. The default Password is "admin"
    I myself have previously changed the UserName and PW to my own personal settings, so those are the values I used to login.

     OR 

  4. After logging in, you will land on the "Setup" page:


  5. Navigate to the "Administration" page.
  6. Navigate to "Firmware Upgrade" page.

  7. Before you proceed beyond this point, you need to visit the Cisco Linksys support website and download the latest version available for you WRT54G hardware version at:



  8. Select your hardware version from the drop-down list.  Once selected, you will see the latest download version in the lower left corner of the Downloads section.


  9. Click on the Download link to commence download of the update file.
    Select the location to store the update file, and then proceed the download Save.


  10. Once you have completed downloading the latest firmware file, go back to Administration and Firmware Upgrade page in the WRT54G.
  11. Click on the "Choose File" button on the Upgrade Firmware page and navigate to the previously downloaded firmware file and select it.


  12. This file name will now show up next to the "Choose File" button:


  13. Click on the "Upgrade" button.
    You will see the "progress" bar incrementing...


    Be patient and do not interrupt the process until prompted that it has completed and rebooted:

    When you see this screen "Upgrade is successful, Rebooting....", all is well !
Not only has Linksys upgraded the firmware (in my case versions from V8.00.4 to V8.00.7), but they have given the interface an obvious face lift in color, and a little more emphasis on the name Cisco:


Good luck with your WRT54G firmware upgrade.

(As of August 10, 2010 the latest firmware version for HW Version 8 was FW version V8.00.8)

Posted by at 12:55
Labels: , ,

Port Triggering with the Linksys WRT54G

As I use the Linksys WRT54G wireless NAT-Router as my LAN gateway, I will use it as a reference guide for examples of Port Triggering as related to VoIP.

I login to the WRT54G using IP address 192.168.1.1 from the LAN side.  By default I believe the username and password are both "admin". This may or may not be the same for your Router.



For greater security, I do not use the default password.  I have reset it to use a password with greater security.  Check your user documentation for the specific login information that came with your router.

OR

Once logged in, navigate to the "Port Triggering" page.  Typically, it will be found under the "Applications and Gaming" tab section.

Basically, what you want to do here is decide what application you wish to trigger ports open with.  Assign the Application box the name of the application you will be triggering with.



If your application only requires a single port, enter that port as the Start Port and End Port in the "Triggered Range" section.

If the Triggered Range is also the Forwarded Range, enter that same port range in the Start Port and End Port under the "Forwarded Range" section.  And, be sure to "Enable" the triggering by checking the Enable box.

For example, if you use Google Talk, you will only need to open port 5222 .
I give the Application section name "GTalk".  Then, I assign the Trigger Range as Start Port = 5222 and End Port = 5222.  Then, I set the triggered Forwarded Range Start Port = 5222 and End Port = 5222 and then check Enable.

Skype picks a random port to use.  So if you are a Skype user, you will need to navigate to Skypes Tools Options Advanced Connection window to find out what random port it has selected for you.  I myself pick my own personally specified port, which Skype allows you to do.  Whatever port is selected, you will need to configure your NAT-Router to "trigger" on this port.

I use two separate settings for standard SIP based VoIP.
One for triggering SIP ports 5060-5065, and another trigger for the SIP RTP ports 16384 - 16482.  In the first case, I use SIP triggers to open SIP ports.  In the second case, I use the SIP triggers to open the RTP ports.
Posted by at 12:12
Labels: , , , ,

How to Port Forward with the Linksys WRT54G

Port Forwarding will permanently open specified ports on your NAT-Router, where as Port Triggering only opens ports on an as needed basis, for a period of time.

I will use my WRT54G to illustrate examples of how I set Port Forwarding for my VoIP services.

First, use your web browser on its LAN side to access the router using its default LAN Gateway address:  192.168.1.1

By default, the User Name is blank, or empty.  Password by default is "admin".  Otherwise, use whatever values you may have changed it to for your personal preference.

 or 

Once you have logged in to the WRT54G, navigate to the "Applications and Gaming" page and then click on the "Port Range Forward" tab.



One primary difference I note for Port Forwarding (vs. Port Triggering) is that forwarding requires fixed IP addresses on the LAN side to be known.  If your device your are forwarding to has a DHCP assigned dynamic address, the forwarding may not be reliable.  Thus, it may be necessary to give your LAN devices a fixed IP address assignment for reliable port forwarding.

Another difference with Port Forwarding is that you also have to decide to forward UPD, TCP, or Both.  It is considered safest to only use UDP protocol forwarding, unless you know that your services explicitly require TCP protocol.  Skype is one service that seems to want to use TCP when possible, so you may want to set Skype's forwarding to use Both.

Skype picks a random port to use.  So if you are a Skype user, you will need to navigate to Skypes Tools Options Advanced Connection window to find out what random port it has selected for you.  I myself pick my own personally specified port, which Skype allows you to do.  Whatever port is selected, you will need to configure your NAT-Router to Forward this port.

As far as I know, Google Talk currently only requires port 5222 UDP for voice calls.

SIP VoIP services like CallCentric can be triggered with SIP Ports 5060 - 5065 and RTP Ports 10,000 - 20,000.  I tend to use RTP ports 16384 - 16482 only because that is the range my Linksys PAP2T and SPA2102 ATA's default to for RTP ports.

Port Forwarding can make all the difference when it comes to getting your VoIP services to work on your home network.
Posted by at 12:08
Labels: , , , ,

Thursday, 29 December 2011

Skype Super Nodes - Are You One?

I'd like to keep this article as simple as possible without getting into a long draw-out discussion on Skype Super Nodes, Relay Hosts, or the technical methods of detecting if your bandwidth is being eaten-up by your PC acting as a Skype Super Node, or Relay Host.

I'm certainly not an expert on this subject.  But, I have done some homework and have come up with some basic understanding of who potentially becomes a Super Node or Relay Host for Skype.

More importantly, I'd like to convey just the two basic steps you can take to prevent your PC from becoming one of Skype's Super Node networks.

What Is A Skype Super Node?
"A Super Node is a Skype client that has a public IP address and enough spare CPU
cycles, RAM, and bandwidth to take on additional duties for the Skype P2P network. Super
Nodes hold a portion (up to several hundred users) of the distributed Skype directory."

Super Nodes essentially act as look-up directories allowing Skype users (Skype clients) to find and connect to other Skype users (other Skype clients).

What is a Skype Relay Host?
"A relay host is a Skype client that has a public IP address and enough spare CPU
cycles, RAM, and bandwidth to relay Skype content for other Skype users who are behind
restrictive firewalls or are otherwise unable to communicate with each other directly."

The Relay Host acts as an intermediary for relaying audio, video, etc. content between Skype clients who are unable to make direct connections between themselves.  This is usually because the two Skype clients who want to connect, but can't due to being behind a NAT/Firewall network Router.

What's The Bottom Line Here?
The bottom line is that if your PC becomes a Super Node or Relay Host, your PC could potentially be using significantly more Internet bandwidth that you should be using (or, want to be using).

Two Basic Steps To Help Prevent Becoming A Super Node, or Relay Host:
  1. Make sure your PC is behind a hardware NAT/Router/Firewall.
  2. Disable Skype's use of Ports 80 and 443.

1) - Make Sure You Are Behind a hardware enabled NAT/Router/Firewall
Now days, everyone should be behind a hardware enabled NAT/Router/Firewall, for security reasons, if for no other reason.  This step alone may be all it takes to ensure you don't become a Super Node.

2) - Disable Skype's use of Ports 80 and 443
This step is easily done by navigating to Skype's Options -->Advanced-->Connections settings.
In this dialog box, "uncheck" the option "Use Port 80 and 443 as alternate incoming connections".  This step is crucial, if you are not behind a NAT/Router/Firewall (but, you really should be).  If you are behind a NAT/Router/Firewall, this step may be optional.  However, I always do this myself, just for the added peace of mind.  (But, it does mean doing some extra work, like Port-Triggering in your router to pass on (trigger Open) Skype's randomly set port.)

2a) - While here, also note the port value randomly set by Skype to use instead of ports 80 and 443.


2b) - Be sure to Port-Forward, or Port Trigger on the port value used as the primary port for Skype to listen for incoming connections.  To do this, you will need to know how to administer the settings in your NAT/Router/Firewall connected between your PC and the Internet modem.

In Conclusion
If you are able to perform the steps listed above, it appears to be unlikely that your PC will become one of Skype's notorious Super Nodes or Relay Hosts.

P.S.
It is also possible to restrict Skype's ability to act as a Super Node by use of Windows Policies using registry keys and Skype's config files.  Skype's Network Admin Guide reveals what the settings are.

References:
Skype:  A Practical Security Analysis   -  by Bert Hayes, SANS Institute
Guide For Network Administrators  -  by Skype Biz
Skype Relay Calls: Measurements and Experiments  - by Dept. of Computer Science, Columbia University

Posted by at 17:23
Labels:
Subscribe to: Posts (Atom)