We've been dealing with lots of QOS issues to our remote workers. I am down multiple rabbit holes trying to figure out a means to gain more stability in the connection. I have my ISP involved as I believe it is the ISP. The end users who is remote are typically customer support folks on the phones. They will let us know their connection to the phone system indicates it dropped or they lose a call etc. When this happens we are noticing in many cases the primary uplink is changing. We've also noticed our uplink statistics show small packet loss .5, .8,1,1.5,2. This morning I have seem 8 instances of packet loss. We were measuring to 18.104.22.168 and 22.214.171.124 but have since change it to our ISP's gateway and Umbrella's DNS. Called Meraki 3 times and said they believe i need to get in contact with the ISP to run tests on our circuit. That was scheduled last night but have not head back from them yet. One thing I've noticed is our uplinks are not load balanced and I asked my manager why and he said they never enabled it because our primary uplink is a 500mbps circuit and secondary is 70mbps with burstable options. The circuit that has been the problems for us is the 500mbps. There is no saturation of the link, it is under utilized. Also the change over from primary to secondary is so quick, that I wish that it wouldn't switch over because i wonder if it would at least keep our phone calls and VOIP server established and just create a little bit of noise on the line.
Hi @ktv-meraki , are you able to provide some details on your phone system and WAN architecture? Is the phone system on prem or in the cloud? How are your remote users connected? Is your WAN MPLS?
The phone system is on-prem. We have about 80 remote users who VPN into meraki and connect to the LANs. Our remote users are on Windows laptops using an Always On VPN. As for WAN, we used to be on an MPLS WAN service but switched to just internet when our ISP learned we were going to use Meraki for a full IPsec VPN Mesh.
I hope this helps.
I’m afraid you’ll be troubleshooting this one forever as there are elements waaayyy out of the Enterprise’s control here.
Do you own or manage the end user’s internet connection? Unless the answers yes you simply can’t help the end user. Whilst they may be connecting via a vpn their traffic is traversing the public internet. Add to that the end users home environment which is also out of your control
Yeah I agree. I really want to wrap my head around this. What is interesting to me is that the past few days with these issues is that we will have user VPN sessions stay connected but the phone system logs show users disconnected.
If I load balance the WAN links, do you happen to know if the MX will take into account the difference in WAN through-put capacity?
Hi @ktv-meraki , you should be able to configure flow preferences for high priority traffic and voice:
Are any of your internal users experiencing telephony issues? By internal I mean users on site local to the PBX?
I appreciate the suggestion. We have already configured all the QOS we can on the MX. We also have no issues with phone users on site. We are a organization that have about 10 or so branch office locations that participate in the mesh with no issues.
That’s fine but you can’t control QoS on your home workers connections. Once those packets hit the wire they’re battling with every Tom, Dick and Harry that their ISP is also serving.
Absolutely fine amount of packet loss and delay.
I’ve worked on telephony solutions over Satellite links with at least 250ms delay and had no issues 😁
This could easily be the end user's Internet connection. It would be their WiFi connection.
You don't mention the type of VPN you are using.
If you are not using AutoVPN, could you buy a Z4 for one of the users? This will collect a lot of stats about the connection BETWEEN you, and also let you see the quality of the end users Internet circuit.
Below is an example of the kind of statistics that can be reported on when doing this.
Of interest is MOS - which is a measure of voice quality. You can also define performance classes when you do this.