The Peeredge Switch/SBC supports UDP, TCP and TLS v1.2 as transport protocols for SIP signaling. The Peeredge Switch supports RTP and SRTP protocols for media sessions. Both RTP and SRTP use UDP as the transport protocol.
Transport protocols provide essential services to voice applications, including:
Multiplexing - Assigning port numbers to each application, which enables the IP network to carry thousands of application messages between hosts simultaneously
Reliable message delivery - The receiver verifies the transmission of each packet using a checksum to ensure contents are not corrupted. The receiver acknowledges the verified packet or requests retransmission of the corrupted packet. If the transmitter doesn’t receive an acknowledgement, it assumes the packet is lost and retransmits it. The transport layer also ensures packets arrive in sequence by inserting a sequence number.
Flow control - The receiver uses a transmission window value to provide feedback to the sender about buffer space to avoid buffer overruns and underruns.
Congestion management - When multiple losses occur, the transport layer implements a back-off algorithm that allows congestion to clear before resuming transmission.
Recommendations
If any portion of the end-to-end network transport is not considered secure (i.e. direct Internet), then 46Labs recommends using TLS.
If the end-to-end network transport is already secure (i.e. SD-WAN or MPLS), then 46Labs recommends either TCP or UDP. If any customer networking devices in the SIP signaling path between the customer SBCs/PBXs and the Peeredge Switches do not properly handle UDP message fragmentation and assembly, then 46Labs recommends TCP.
The Peeredge Switch supports RTP and SRTP protocols for media sessions. Both RTP and SRTP use UDP as the transport protocol.
Recommendations for TLS
If the customer SBCs/PBXs support the selection of crypto cipher’s when using TLS/SRTP then 46Labs recommends using the AES_CM_128_HMAC_SHA1_80 crypto cipher suite since it is considered the most secure suite supported by the Peeredge Switches.
The Peeredge Switch currently supports the following crypto cipher suites for the encryption of RTP media:
AES_CM_128_HMAC_SHA1_80
AES_CM_128_HMAC_SHA1_32
AES_192_CM_HMAC_SHA1_80
AES_192_CM_HMAC_SHA1_32
AES_256_CM_HMAC_SHA1_80
AES_256_CM_HMAC_SHA1_32
F8_128_HMAC_SH1_80
F8_128_HMAC_SH1_32
NULL_MHAC_SHA1_80
NULL_MHAC_SHA1_80