Microsoft Teams bad Network quality / drops out of meeting

gnordli

@koenh I have been having issues with Teams as well.

did you run the network assessment tool?

https://www.microsoft.com/en-us/download/details.aspx?id=103017

did you open up the required UDP ports as well?

KoenH

@gnordli thank you for the tip!

im running the tool and get:

Connectivity check source port range: 50000 - 50019

Relay : 52.114.93.15 is the relay load balancer (VIP)
Relay : 52.114.93.15 is reachable using Protocol UDP and Port 3478
Relay : 52.114.93.15 is QOS (Media Priority) enabled

Starting Service Connectivity Check:
Relay : 52.114.93.15 is the relay load balancer (VIP)
Relay : 52.114.93.15 is reachable using Protocol PseudoTLS and Port 443
Relay : 52.114.93.15 is the relay load balancer (VIP)
Relay : 52.114.93.15 is reachable using Protocol FullTLS and Port 443
Relay : 52.114.93.15 is the relay load balancer (VIP)
Relay : 52.114.93.15 is reachable using Protocol HTTPS and Port 443
Relay : 52.112.212.14 is the actual relay instance (DIP)
Relay : 52.112.212.14 is reachable using Protocol UDP and Port 3478
Relay : 52.112.212.14 is the actual relay instance (DIP)
Relay : 52.112.212.14 is reachable using Protocol UDP and Port 3479
Relay : 52.112.212.14 is the actual relay instance (DIP)
Relay : 52.112.212.14 is reachable using Protocol UDP and Port 3480
Relay : 52.112.212.14 is the actual relay instance (DIP)
Relay : 52.112.212.14 is reachable using Protocol UDP and Port 3481

Relay connectivity and Qos (Media Priority) check is successful for all relays.
Service verifications completed successfully

---

When running the tool with /qualitycheck:

Reflexive IP is my WAN

Result:

2022-02-08 21:41:58 Loss Rate: 0 Latency: 26,06 Jitter: 15,59 Protocol: UDP
Local IP: IP-LAPTOP:50016 Remote IP: 52.113.203.106:3478
Is Proxied Path: False Last Known Reflexive IP: ...:36796

---

The firewall rules on my VLAN are:

Or do i have to port forward the UDP ports ?

SteveITS

@koenh You don't need to forward any inbound ports to the PC running Teams.

Does the Traffic Graph show high traffic while this is happening?

300/20 should be way more than enough unless something is maxing out the connection. Have you run the speed test from her computer?

stephenw10

Are you still monitoring the gateway IP or have you set something external yet?

KoenH

@steveits

This is during the /qualitycheck.

Yes i have run multiple speedtests and all are looking stable and providing enough speed.
Most tests returned +- 150/15 (wifi), should be enough for Teams.

KoenH

@stephenw10

Could you explain me how i monitor the gateway IP?
Especially how to monitor an external one?

stephenw10

In System > Routing > Gateways edit the gateway and set an alternative monitoring IP.

https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html

Steve

netblues

@koenh said in Microsoft Teams bad Network quality / drops out of meeting:

Since the switch to pfsense, my girlfriend noticed she get’s kicked from teamsmeetings with video and screensharing. Before the kick she receives a pop up of “Bad network quality”.
Her laptop is placed in the Guest-network.

Teams rarely needs more that 2-3 mbits of traffic both ways.
Is the laptop connected wifi? Have you tried ethernet cable?
How is the wifi neighborhood?
5g? 2.4g?

And as a last resort, have you tried swapping girlfriends?

KoenH

@netblues

Indeed, doesn't require a lot of speed.
The laptop is connected to wifi and she uses 2.4GHz, because the room she is working don't have a network cable / distance is too long (don't have that cable length).
I have switched my USG for a pfSense and before the switch everything was running fine. So my only guess is that something is not functioning right with in my setup.

And i woodn't dare (last question) ;-).

KoenH

@stephenw10

I'm a bit confused now.
The gateways are showing my WAN gateway, do i need to configure every gateway for every VLAN here?

(WAN IP hidden, just left the .1)

I've added the gateway of the Guest network and will look at the monitoring tonight.

Gertjan

@koenh said in Microsoft Teams bad Network quality / drops out of meeting:

uses 2.4GHz

Some observations :

That's the 'legacy' band, the historical one with close to 11 canals (really usable 1,5 and 11).
The legacy band is often a mess ..... but, as you can't see or smell it, people tend to say 'Internet is bad".
Not all APs are equal, neither.
Even in 2022, when you suspect a network issue, the very first thing you should do : remove Wifi from the equitation. We can't see or measure easily the quality of a radio connection.
Cable-up and retest.

Next step : monitor bandwidth closely.
Try to download and upload "huge" files to a known server with way more bandwidth as at your place. The bottleneck will be : your ISP, and the route to this server.
Be aware that every uplink technology (cable, fibre, adsl, satellite etc) has its advantages and disadvantages.

Do some speed tests. This one is shows more then just the speed. And do them regularly.

And remember : ISPs will give you the bandwidth available. What's available at instance X doesn't even depend on them (exception : you hired a uplink with a guaranteed bandwidth - this is very $$$ or €€€ ).

ISP's 'peering' (POPs) to the 'backbone' of the Internet, or directly the the big players, like FB, Twitter, Google, Netflix, etc. These peerings (the actual interconnections) are expensive. ISP's main goal will always be : sell as much subscriptions as possible, buy as less peering possible.

If all the above factors are (somewhat) excluded, then you can focus on pfSense.
Using the defaults settings, a pfSense box with a sub 25 $ ( ? ) processor can do several hundreds of Megabit / sec. There is always the chance you've a bad cable/switch or NIC somewhere. These local issue can be determined easily and rapidly : just swap stuff.
A worst case scenario is : make your own pfSense from scratch. You'll be needing a (very) old ancient desktop PC - a Ethernet adapter with two ports ans an USB drive. You system, based upon some Intel or AMD, will do close to (or even more) a Gigabit / sec. It will be big, ugly and a power drain, but it will work. It will take you 15 minutes, inserting the NIC included. If the issue persists, you will know the issue is not your original pfSense box - or pfSense for that matter.

KoenH

@gertjan

The pfSense i configured is actually a build one. I’ve installed pfSense on a Minisforum GK41.
The Specs it is showing are more then good.

Also like i mentoined before, i was a UniFy USG before my pfSense. With the USG i had no troubles with Teams. Now using pfSense and there are issues.

johnpoz

@koenh I use teams and webex pretty much every day, been work from home since very start covid.. Like 2 years going on - and have never seen any issues..

I'm not using any sort of shaping or limiting..

stephenw10

@koenh said in Microsoft Teams bad Network quality / drops out of meeting:

The gateways are showing my WAN gateway, do i need to configure every gateway for every VLAN here?

No. That's showing the gateways pfSense is using so seeing only one there is expected. You would have more if you have multiple WANs or other gateway types such as VPNs or on internal router with subnets behind it.

@koenh said in Microsoft Teams bad Network quality / drops out of meeting:

I've added the gateway of the Guest network

Not sure exactly what you mean there. What I expect is to edit the WAN_DHCP gateway and set the monitoring IP to 8.8.8.8 or some other external pingable IP.

Steve

KoenH

@johnpoz

I had the Traffic Sharper applied after reading simular issues with teams and zoom. It has been removed 2 days ago but the issue still persist.

I’m running quite a vanilla version with just some vlans and little rules on them. The only blocks they have is that they can’t reach each other.

So i don’t understand the issue.

If you guys would have even more screenshots as for proof or troubleshooting, i would more be happy to send them.

netblues

@koenh Hate to suggest it, but here it goes.
Why don't you swap back the unify USG for a couple of days?
(especially when other options of "swappiness" are considered inappopriate.) ;-)

KoenH

@netblues

I understand your suggestion.
But the reason why i'm avoiding the return of the USG is because i can't run any Threat Management on it.
If i turn it on, the USG would crash after a few days (well known issue of the USG).

So i would like to make the pfSense work.

I it super silly, i know. The pfSense is doing his work very well.
But just this small issue about Teams drives me crazy and makes me want to solve it.

SteveITS

@koenh If there are no limiters or traffic shaping it seems it's something else. Hard to know what though since speed tests are fine on the laptop.

The time I had issues with Teams/voice/video at my home was when using CBQ shaping and the defaults don't let borrowing work as expected so it was getting throttled (parent queue needs to be set to borrow). Currently I do have shaping on, but went back to PRIQ for whatever that's worth. Teams should work without shaping though, especially on an idle Internet connection.

I tried to skim the thread again quickly...did you try moving the laptop by the router/switch and use a cable? If it works that would rule out pfSense.

KoenH

@steveits

Yeah i think i should try even more testing.
So next plan would be: Let her have meetings on my main network, try to borrow a long network cable :).

I'll update this topic next week probably after i done some more testing.
Anyway, thanks all for checking and testing!
Already have a great experience about this community!

SteveITS

@koenh How fast does she get kicked out? A few seconds? An hour?