Send VoiceOps mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/voiceops
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of VoiceOps digest..."
Today's Topics:
1. Re: What does an ALG actually do? (Scott Berkman)
2. Re: What does an ALG actually do? (Alex Balashov)
----------------------------------------------------------------------
Message: 1
Date: Sat, 2 Mar 2013 17:11:25 -0500
From: "Scott Berkman" <[email protected]>
To: "'Tim Bray'" <[email protected]>, <[email protected]>
Subject: Re: [VoiceOps] What does an ALG actually do?
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"
How reliable and predictable an ALG is really varies vendor by vendor. Most
standard firewalls' and routers' ALG do cause more problems (for example
most Cisco stuff), but the SIP specific vendors usually do a much better
job. My personal favorite is Edgewater Edgemarcs.
Most generally what they do is provide layer 5+ (OSI) NAT, intelligently
replacing addresses in the SIP and SDP headers. In most cases they will
also handle RTP, doing things like making sure outside ports are unique and
open based on following the SDP on the signaling side.
-Scott
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Tim Bray
Sent: Thursday, February 28, 2013 6:45 AM
To: [email protected]
Subject: Re: [VoiceOps] What does an ALG actually do?
On 27/02/13 21:33, John Levine wrote:
> I realize that an ALG is a hack in a router that is supposed to allow
> SIP packets to go through a NAT router. I also realize that for
> modern SIP equipment, ALG usually causes more problems than it solves,
> and that it's described in RFCs 2663, 3424, and others.
>
> What I can't find anywhere is what a SIP ALG actually does to the
> packets. Is that written down anywhere, or is it just network
> folklore?
>
The simple answer is `break stuff`.
The marketing answer is `Sip is the next big thing, and we want to say we
are "SIP READY" so we put an ALG in`.
Technically.
The OKish ALGs are passive and sniff the ports for Qos etc.
Most NAT passing ones just search and replace the IP addresses in the
SIP and SDP. Mainly though, I've seen them swap one IP, but not the
other. Or misread the port number. Very basic search and replace rather
than properly parsing the messages. Bad idea.
--
Tim Bray
[email protected] | +44 7966 479015 | http://www.kooky.org
Huddersfield, UK
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
------------------------------
Message: 2
Date: Sat, 02 Mar 2013 23:17:35 +0100
From: Alex Balashov <[email protected]>
To: Scott Berkman <[email protected]>, "'Tim Bray'" <[email protected]>,
[email protected]
Subject: Re: [VoiceOps] What does an ALG actually do?
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
Correct me if I'm wrong, but last time I looked, Linux's netfilter kernel
module for SIP, ip_conntrack_sip, still is ignorant of SDP entirely.
Scott Berkman <[email protected]> wrote:
>How reliable and predictable an ALG is really varies vendor by vendor.
>Most
>standard firewalls' and routers' ALG do cause more problems (for
>example
>most Cisco stuff), but the SIP specific vendors usually do a much
>better
>job. My personal favorite is Edgewater Edgemarcs.
>
>Most generally what they do is provide layer 5+ (OSI) NAT,
>intelligently
>replacing addresses in the SIP and SDP headers. In most cases they
>will
>also handle RTP, doing things like making sure outside ports are unique
>and
>open based on following the SDP on the signaling side.
>
>-Scott
>
>-----Original Message-----
>From: [email protected]
>[mailto:[email protected]]
>On Behalf Of Tim Bray
>Sent: Thursday, February 28, 2013 6:45 AM
>To: [email protected]
>Subject: Re: [VoiceOps] What does an ALG actually do?
>
>On 27/02/13 21:33, John Levine wrote:
>> I realize that an ALG is a hack in a router that is supposed to allow
>
>> SIP packets to go through a NAT router. I also realize that for
>> modern SIP equipment, ALG usually causes more problems than it
>solves,
>> and that it's described in RFCs 2663, 3424, and others.
>>
>> What I can't find anywhere is what a SIP ALG actually does to the
>> packets. Is that written down anywhere, or is it just network
>> folklore?
>>
>
>The simple answer is `break stuff`.
>
>The marketing answer is `Sip is the next big thing, and we want to say
>we
>are "SIP READY" so we put an ALG in`.
>
>Technically.
>
>The OKish ALGs are passive and sniff the ports for Qos etc.
>
>Most NAT passing ones just search and replace the IP addresses in the
>SIP and SDP. Mainly though, I've seen them swap one IP, but not the
>other. Or misread the port number. Very basic search and replace
>rather
>than properly parsing the messages. Bad idea.
--
Sent from my mobile, and thus lacking in the refinement one might expect from a
fully-fledged keyboard.
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Decatur, GA 30030
United States
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
------------------------------
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
End of VoiceOps Digest, Vol 45, Issue 2
***************************************
