I haven't seen such a clear and precise answer in a long time. thanks Phil, you rock!
Sabio Ibérica, S.A.
Original Message:
Sent: 11-14-2023 14:28
From: Phil Whitener
Subject: Intra-edge communication
1.... There are a few variables including how your Phone or Phone Base is configured for "Provision Source" https://help.mypurecloud.com/articles/use-genesys-cloud-provisioning-service-phone-configuration/, in your configuration check Phone Base > Network > Provisioning > Provision Source on whether you use "From Edges within Site" or "From the Genesys Cloud provisioning service". You can still direct provisioning requests at your Edges, but they will choose to proxy either the Phone's primary Edge assignment (tcp/8088, tcp/8089) or the cloud provisioning service. Depending on if you have phones provision across Edges within one core site or across Core sites will depend on how this traffic is routed.
2.... Any Edge should accept the provisioning request but will either proxy or redirect that request to the responsible party -- either the primary or secondary assigned Edge (which can change due to Edges in service) or the cloud provisioning service.
3.... The Edge phone service manages assigning phones (stations) with primary and secondary Edge assignments based on Site (Core Site and Branch Site) configuration. All phones will be given Edge assignments (primary and secondary if enabled or supported by the phone type). The phones will then try to register to one or both of its assigned Edges. The number of phones per Edge is determined by the resources of the Edge, but I think we will give all phones requested Edge assignments even if that oversubscribes an Edge -- there are further factors, such as active calls and call rate that may imped the Edges ability to handle volume besides just the number of phones.
------------------------------
Phil Whitener
Genesys - Employees
Original Message:
Sent: 11-14-2023 04:32
From: David Fradejas Tomás
Subject: Intra-edge communication
Hi @Phil Whitener
Now we have all edges in service,
The communication between edges is via WAN port.
As soon as we put in service the rest of the Edges, we started to having problem with the provisioning.
We started to recieve HTTP 404 Not Found, and HTTP 500 server errors, so the Softphone was unable to provisioning.
We have some doubts regarding this:
1) do we need the 8088 and 8089 provisioning ports opened between intra- edges?
2) Should the Softphones's provisioning file (.i3sipcfg) be created in ALL the Edges?
3) How many phones per Edge could be registered simultaniously?
Thanks in advance.
------------------------------
David Fradejas Tomás
Sabio Ibérica, S.A.
Original Message:
Sent: 11-13-2023 12:22
From: David Fradejas Tomás
Subject: Intra-edge communication
Thanks a lot Phil!!!!👍
------------------------------
David Fradejas Tomás
Sabio Ibérica, S.A.
Original Message:
Sent: 11-13-2023 12:12
From: Phil Whitener
Subject: Intra-edge communication
Yes, it does not look like an issue with the "ACL" as the basic TCP communication is showing to get through - but it looks like something is either explicitly dropping the TLS handshake attempts. It is possible that the firewall or other device is setup to inspect TLS connections and it is causing those to get dropped. I added markings to highlight the connection and missing TLS packet; your network engineers should review this...
------------------------------
Phil Whitener
Genesys - Employees
Original Message:
Sent: 11-13-2023 12:00
From: David Fradejas Tomás
Subject: Intra-edge communication
So it seems to be a firewall related, isn't it??? Thanks in advance
David Fradejas
Genesys Consultant
+++DESCARGO DE RESPONSABILIDAD+++ Este correo electrónico ha sido enviado desde una empresa del Grupo Sabio que figura en
http://sabiogroup.com/privacy-policy. Este correo electrónico, incluido cualquier archivo transmitido con él, es privado y confidencial y está destinado únicamente a la persona a la que va dirigido. En caso de haber recibido este email por, notifique al autor de inmediato, destruya cualquier copia y elimínela de su sistema informático. Si usted no es el destinatario previsto, no debe utilizar, divulgar, imprimir ni confiar en este correo electrónico. Aunque Sabio examina todos los correos electrónicos y archivos adjuntos en busca de virus, usted debe realizar sus propias comprobaciones de virus antes de abrir este correo electrónico o cualquier archivo adjunto. Sabio no acepta responsabilidad por asuntos de esta naturaleza ni por sus consecuencias. Las opiniones, conclusiones y otra información contenida en este mensaje y archivos adjuntos que no se relacionan con los asuntos oficiales de Sabio no son proporcionadas ni respaldadas por esta empresa. Sabio puede monitorear los correos electrónicos entrantes y salientes y otras telecomunicaciones en sus sistemas de correo electrónico y telecomunicaciones para detectar usos no autorizados.
Original Message:
Sent: 11/13/2023 11:56:00 AM
From: Phil Whitener
Subject: RE: Intra-edge communication
I assumed those images where of two captures, one from each site -- I overlooked that each one only shows the egress Client Hellos and not the ingress of either.
------------------------------
Phil Whitener
Genesys - Employees
Original Message:
Sent: 11-13-2023 11:29
From: David Fradejas Tomás
Subject: Intra-edge communication
Hi Phil,
Thank you very much for your quick response.
I have my doubts that it is not a firewall problem, because I don't see the "Client Hello" packet reaching the other server.
------------------------------
David Fradejas Tomás
Sabio Ibérica, S.A.
Original Message:
Sent: 11-13-2023 11:04
From: Phil Whitener
Subject: Intra-edge communication
For "Direct" communication between Core sites, SIP-TLS over tcp/8063 and SRTP over ephemeral media ports (16384+) is used. Note that since the release of Hybrid Media configurations (those that allow adding Cloud Media and Premise Media within the same org) you can also select different peering types between premise Core sites using Site Link configuration (Direct, Indirect, and Cloud Proxy). https://help.mypurecloud.com/faqs/what-are-site-links/. I assume for this model you want to use Direct connections on Site Links using SIP-TLS using tcp/8063.
In the screenshot I see the 10.154.6.195 "154" Edge reaching out to the 10.26.6.195 "26" Edge on tcp/8063 and the connection appears to at least be open and we see sending and receiving packets confirming communication -- however there is a reset immediately following the attempt to negotiate the TLS handshake. Similar is seen when the "26" Edge attempts the same to the "154" Edge. I can't deduce much more because I can't see the details of the "Client Hello" - I would suggest comparing the messages sent from each Edge to see if they are each attempting a compatible handshake (same TLS version, compatible ciphers, etc).
I would definitely be curious if any level of Hybrid Media is enabled, ensure both Edges are in the same Edge Group, ensure the expected Edge interfaces are selected for your interlinks, ensure the Sites have the Direct Site Interconnect selected. Your issue does not appear to be firewall related at this point.
------------------------------
Phil Whitener
Genesys - Employees
Original Message:
Sent: 11-13-2023 10:42
From: David Fradejas Tomás
Subject: Intra-edge communication
Hi @Phil Whitener,
Could you confim me only 8063 TLS and UDP (sRTP) ports are need for intra edge communication?
I try to update all the info and give you context.
Note that we have 8 Edges. 4 Edges in CPD1 and the other 4 edges in CPD2(other location).
all edges in CPD1 are in same VLAN and same location
all edges in CPD2 are in same VLAN and same location.
there is a firewall between CPD1 and CPD2. Port 8063 and UDP ports (sRTP) are bidirectional opened in the firewall between locations.
Now we only have 2 edges in service, Edge1(CPD1) and egde5(CPD2). rest of them are out of service, we expect to put them on service next monday evening.
CD1 PRO 10.26.6.195 --> In service
CD1 PRO 10.26.6.198
CD1 PRO 10.26.6.201
CD1 PRO 10.26.8.204
CD2 PRO 10.154.6.195 --> In service
CD2 PRO 10.154.6.198
CD2 PRO 10.154.6.201
CD2 PRO 10.154.6.204
the communication between edges is via WAN port.
We suspect the comunication between edges in different locations IS NOT OK as per traces we get.
Upload the traces and evidences of the WAN port of Edge 1 and Edge5. we see same problem in both.
we see the RESET ACK after the TLS "client hello" packet.
Thanks in advance.
------------------------------
David Fradejas Tomás
Sabio Ibérica, S.A.
Original Message:
Sent: 12-08-2020 04:29
From: Charis Sideridis
Subject: Intra-edge communication
Hello,
We have 2 edges within a Site and each edge has a separate SIP trunk. The WAN ports are used for communication with the Cloud and Port 2 for SIP trunking. WAN port is the Network Interface for Internal Edge Communication too. We had some issues recently with inbound calls ( one edge offline and the other edge sending 404 no trunks available, SIP error messages towards the provider) and I would like some clarification concerning the intra-edge communication.
In order to have both edges, that belong to different networks, communicating with each other, what is needed?
According to Ports and services to configure on your company firewall - Genesys Cloud Resource Center
The port range 16384-32768 (SRTP) must be available for incoming requests at each edge in order to have intra-edge communication. Since they do not belong to the same network, this communication will go through the Cloud. Is it possible to add a static route at each WAN interface in order to bypass the cloud? Will that work?
Moreover, is it possible to use the third port of each edge for intra-edge communication only, lying on the same network?
Thanks
#Implementation
#Telephony
------------------------------
Charis Sideridis
Intracom S.A. Telecom Solutions
------------------------------