Snom 4S manual Multiple 2xx Handling

Page 36

4.

[ S N O M 4 S N A T F I L T E R ]

The Hide Routing flag will replace route sets with a unique route index when requests or responses are sent to a registered user agent. Via headers are also replaced with one Via header. This feature has sev- eral advantages. First of all, it will reduce the packet size significantly, especially when your core network uses several proxies or when it loops requests through the proxy several times. Usually, UDP packets will have a size significantly below the MTU size of 1492 bytes for Ethernet. This is a tremendous advantage that solves many problems with equipment that does not support UDP fragmentation.

Secondly, it hides important information about your network to- pology from the user agents. For example, when you are terminating calls with a PSTN gateway, the users are not able to see the IP address of the PSTN gateway in the routing path (if you turn “always relay” on, this ad- dress will also not occur in the SDP). Users will only “see” the filter as the only window to the outside world. This makes attacks much more difficult. It is much easier to protect only the filter against attacks than your whole SIP network.

The third big advantage is that it solves many problems with poor SIP implementations. Typically, immature SIP implementations can- not deal properly with strict and loose routing which results in compli- cated routing problems. The filter will take care of the routing problems; the user agent just has to route the request to the filter, which even the poorest implementations are able to do.

The disadvantage with this flag is that it adds more stateful information to the filter. The stateful does not affect the scalability of the overall system, but when restarting the filter, the information gets lost. However, we recommend turning this flag on.

4.3.8 Multiple 2xx Handling

The Filter INVITE 2xx deals with another problem that many poor SIP implementations have. In SIP, it is allowed to fork requests to several user agent servers. Several user agents sending a 2xx response back to the UAC at the same time typically creates a race condition. The proxy involved in this transaction cannot cancel the pending requests fast enough to solve this situation. The SIP designers have made the design decision that in this situation all 2xx responses must be sent back to the UAC which has to resolve the condition.

36 • Configuration

Image 36
Contents Snom 4S NAT Filter Admin Manual Snom 4S NAT Filter Version Table of Contents Snmp Overview Features ApplicationsSnom technology AG Overview Architecture NAT Filter and SIPNAT Signalling SIP How does NAT work?Symmetrical RTP Media RTP Classification of User AgentsProbing Media Paths Role of the NAT FilterOptimizing the Media Path for Symmetrical NATSBC Behaviour RegisteringRTP Relay Snom technology AG Scaling and Redundancy NATDetecting the right NAT Filter Requirements on User Agents Non NAT-Aware User AgentsSTUN/ICE-Aware User Agents Defining the Maximum Session Time Architecture Installation WindowsInstallation Snom technology AG Installation Snom technology AG Linux Rpm -ihv snomnatf-2.10.*.rpm Installation Logging Port BindingStandard Port Random Port System Settings LoggingPreparing Recovery General Outound ProxyMedia Ports Port BudgetsMedia Relay Controlling RoutingMultiple 2xx Handling Challenging Trusted AddressesMaximum Packet Size Silence Suppression Connection Oriented MediaRemoving Headers Codec Control Web Server IntegrationClir Addresses Timeout Settings Register TimeoutsCall Timeouts Security Settings Snom technology AG Outbound Proxy List System Information Server LogTrace Call History Current Ports Currently Handled UA Memory StatisticsConfiguration Web Server Integration Authentication Interface to the Web ServerSnom technology AG Web Server Integration Registration Call Initiation Snom technology AG Call Termination Snom technology AG Web Server Integration Setup of the SBC Setup of the ToolsAvailable OID OIDSnom technology AG Snmp Checklist for Installation Checklist for Installation Reader‘s Feedback Snom technology AG All rights reserved