At 07:45 PM 8/25/2004, Richard wrote:
Hi,
I hate to argue with a guru whose product benefits us a lot... :)
Anyway, if you can program your ALG and fix any problem one might have, why isn't it a better choice? Some routers give away source code. They are linux kernel 2.4 with netfilter. It tracks various protocols besides SIP. I checked their code, it is no different than the methods used in nathelper, mangle the ip address embedded in SIP message. I'd think that it is definitely better than reducing registration interval, using voice proxy and sending pings.
Security does not work -- SIP/TLS will fail.
Secondly, I don't share your optimism on that ALG vendors will get the application logic right. Field experience shows that my pesimistic attitude is quite realistic. There were even bizzar products that claimed support for SIP but actually mangled it in a way which broke all communication. (Till this firewall was removed, SIP was running at port 5070.)
Btw, I don't think that one can find out a lot consumer based router working with NAT ping. 80% of products in the market are based on linux kernel/netfilter which only refreshes binding with outbound traffic and the timer for binding in 30 seconds by default.
Thanks -- that's interesting information. Anyhow -- I think that's an argument for making end-devices to resend keep-alives frequently.
-jiri