tag:blogger.com,1999:blog-4021538910772685248.post6461895538676890169..comments2022-03-27T04:55:40.459-04:00Comments on The whole “9” yards!!: Routers and NATSIP SIP SIPhttp://www.blogger.com/profile/16901301353101600663noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4021538910772685248.post-52151228970163575152011-11-12T11:48:31.761-05:002011-11-12T11:48:31.761-05:00,,No-one wanted to give full inbound internet acce...,,No-one wanted to give full inbound internet access toward local network resources'' <br />Why not? Every device will get its own public address, not without reason and making use of it. Only the necessary UDP ports will be opened and I think the relative simplicity of a SIP device makes it easy to secure? <br /><br />NAT is such an aggravation. Please let the big IPv6 transition begin!SIPNoviceMehttp://www.nothingthere.comnoreply@blogger.comtag:blogger.com,1999:blog-4021538910772685248.post-12330583748312999992011-11-08T20:37:39.244-05:002011-11-08T20:37:39.244-05:00Well designed routers are not the problem. Poor de...Well designed routers are not the problem. Poor design routers are. And those can just pass the traffic through, no need to have a table at all! They'll call that 64-bit security.<br /><br />IAX is the answer for Digium as much as Skinny is the answer for Cisco. SIP might have many problems, but seems to be the only thing people could agree upon in the industry. This is political, not technical.<br /><br />I had a router that had 32 entries and no timeout at all. The price was right, though.snom m9http://snom-m9.blogspot.comnoreply@blogger.comtag:blogger.com,1999:blog-4021538910772685248.post-63871748746302248612011-11-08T20:03:48.217-05:002011-11-08T20:03:48.217-05:00I am a bit perplex with the whole IPv6 is going to...I am a bit perplex with the whole IPv6 is going to sort all issues in regards of the 'nating' issues which is induced by this post. <br /><br />IPv4 -> IPv6 will sort anything for SIP, reason being the current devices that are currently providing IPv4 NAT will be replaced by IPv6 firewalls (No-one wanted to give full inbound internet access toward local network resources). <br /><br />The current issue that you are in fact having is with the connection tracking. In an IPv4, or IPv6, the connection tracking table allows to follow the state of the connection so all packet outside the session are dropped/ignore avoiding attackers to bypass firewall policies. <br />Now for SIP the connection tracking is difficult as the SIP channels does not carry voice/video but just controls, tracking the data requires a much more complicated rules which understand what ports to which server are going to be used, not to say that all SIP product are perfectly respecting all RFCs to the letter.<br />This complexity will not decrease with IPv6 as it is inherent of the SIP protocol. <br /><br />To make the point even further, protocols like IAX2 have been designed to use this in consideration and never ever created issue related to connection tracking on IPv4 or even IPv6.<br /><br /><br />So here's my question why not supporting protocols that do work by design ?<br /><br /><br /><br /><br />side questions: I will be interested to know which internet router only allow 32 sessions at anyone time :)Anonymousnoreply@blogger.com