Hi Daniel!
The more I use UDP for SIP the less I like it:
- it is spoofable
- many NATs are insecure (except symmetric NAT)
- SIP packets for growing with new features, headers, codecs ... thus
fragmentation is an issue
IMO TCP is much more secure. For NAT traversal of course it also
requires keep alive and the session must be kept open to allow incoming
calls.
I'm not familiar with opensers TCP part, but I thought that requests the
the SIP clients will always be routed through existing TCP connections.
Wouldn't it be possible to store a socked id in the location table to
avoid searching for the existing TCP connection.
Lots of people argue that keeping the TCP connections open is bad and
puts heavy load on the server. I also saw some other statements that
thousands of TCP connection is no problem on Unix (Solaris, BSD).
Are there some people having experience with SIP+TCP or thousands of TCP
connections on one server? Please speak now.
regards
klaus
Daniel-Constantin Mierla wrote:
On 10/10/05 17:42, Klaus Darilion wrote:
Daniel-Constantin Mierla wrote:
[...]
TCP and NAT will not work in most of the cases,
and when there is no
nat, the UA has no excuse to behave wrongly during registration.
If I would implement a SIP client using TCP the client would:
- open the TCP connection
- send keep alive (CRLF)
- if the connection is terminated by the proxy or there is a delivery
failure the client would immediately reconnect to the proxy.
I am not sure if this helps in any meaning, since most of the servers
will open a new connection when the call comes towards the tcp user.
Otherwise, the registrar must keep the tcp connection id in the usrloc
database which will not be valid upon a restart or close+re-connection.
Going through all tcp connection opened in the server to figure out if
it is one linking the user, may be more time consuming that opening a
new one. Since I have not tested tcp too much in my environment, I do
not know how specific nat situations can be dealt.
IMO a SIP proxy should be able to keep >thousand TCP sessions open
I agree, but if they are no longer useful for the server, makes no much
sense to keep them, in my opinion.
Cheers,
Daniel
regards
klaus
Cheers,
Daniel
This can be avoided using the call-id as identifier.
regards
klaus