We are having issues with our VC conferencing system where we will freeze up during a meeting. We are using Cisco Telepresence SX20 at our locations. When a conference is taking place we can see latency and packets loss. We have gone in and setup SPAN on two ports to mirror the traffic that is passing through the endpoints and have attached laptops running wireshark to collect the data. The VC data is encrypted when it goes over the link so the data will just show UDP traffic in the PCAP files. I need to prove this from a packet level if possible. There is QOS enabled on the switches and this has been verified to be configured properly between endpoints by Cisco TAC. We also had a third party come in and verify that our VC system was optimally setup. What is the best way to disseminate the information in the pcap files to determine if we are having WAN issues? asked 19 Oct '15, 15:37  fairview |
2 Answers:
to prove what?
What I have done in similar cases:
Caveats are: If the frames are being modified (NAT, etc.) it might be hard to identify identical frames, as important parameters, required to identify the frames, might change, like IP, ports, IP.ID. If that is the case, all you can do is to create a hash value of the UDP payload and try to match identical frames within a sliding window. Sounds easy, but it is not, if you're not pretty familiar with some scripting language. Maybe the easiest way for you to start with is this: Compare the number of frames on both sides. If there is a delta, you are loosing frames somewhere. Could be your switches, routers, firewalls, the ISP, the Internet, etc. Then, try to work your way from the VC client up to the ISP, by sniffing at the VC clients, then in front and after the router (in parallel), in front an after the firewall (in parallel). If you compare the number of frames in those capture files and there is a delta, you know where you are loosing frames. If it's not in your network, it's within the network of the ISP or 'the Internet'. In that case, there is little you can do to figure out where you are loosing frames. All you can do is to measure the connection with iperf of similar tools and 'confront' the ISP with the measured packet loss. BTW: In a few of the similar cases I was working on, the IPS and/or rate control (QoS) of the corporate firewall kicked in and dropped enough frames to cause video stream freezes etc. Did you check that? Regards answered 19 Oct '15, 16:03  Kurt Knochner ♦ |
here some question
VC with 1% packet drop is disasters; Provide PCAP should able to tell do ur ISP taging any DSCP answered 26 Oct '15, 06:51  limvuihan |
@fairview: You just awarded an extra point to me. I'm not sure if you really wanted to do that.
Here is what you probably wanted to do...
Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up).