Transport Protocol Selection

Owned by Kelly Evans (Unlicensed)
Last updated: Oct 23, 2022 by Rob Whyte (Unlicensed)
2 min read

The Peeredge SBC supports UDP, TCP, and TLS v1.2 as transport protocols for SIP signaling. The Peeredge SBC supports RTP and SRTP protocols for media sessions. Both RTP and SRTP use UDP as the transport protocol.

 Transport protocols provide essential services to voice applications, including: 

  • Multiplexing Assign port numbers to each application, which enables the IP network to carry thousands of application messages between hosts simultaneously.

  • Reliable message delivery The receiver verifies the transmission of each packet using a checksum to ensure contents are not corrupted. The receiver acknowledges the verified packet or requests retransmission of the corrupted packet. If the transmitter doesn’t receive an acknowledgment, it assumes the packet is lost and retransmits it. The transport layer also ensures packets arrive in sequence by inserting a sequence number.

  • Flow control The receiver uses a transmission window value to provide feedback to the sender about buffer space to avoid buffer overruns and underruns.

  • Congestion management When multiple losses occur, the transport layer implements a back-off algorithm that allows congestion to clear before resuming transmission. 

Recommendations

If any portion of the end-to-end network transport is considered not secure (i.e. direct Internet), then 46 Labs recommends using TLS.

If the end-to-end network transport is already secure (i.e. SD-WAN or MPLS), then 46 Labs recommends either TCP or UDP. If any customer networking devices in the SIP signaling path between the customer SBCs/PBXs and the Peeredge SBC do not properly handle UDP message fragmentation and assembly, then 46 Labs recommends TCP.

The Peeredge SBC supports RTP and SRTP protocols for media sessions. Both RTP and SRTP use UDP as the transport protocol.

Recommendations for TLS

If the customer’s SBCs/PBXs support the selection of crypto ciphers when using TLS/SRTP, then 46 Labs recommends using the AES_CM_128_HMAC_SHA1_80 crypto cipher suite since it is considered the most secure suite supported by the Peeredge SBC.

The Peeredge SBC currently supports the following crypto cipher suites for the encryption of RTP media:

 AES_CM_128_HMAC_SHA1_80

AES_CM_128_HMAC_SHA1_32

AES_192_CM_HMAC_SHA1_80

AES_192_CM_HMAC_SHA1_32

AES_256_CM_HMAC_SHA1_80

AES_256_CM_HMAC_SHA1_32

F8_128_HMAC_SH1_80

F8_128_HMAC_SH1_32

NULL_MHAC_SHA1_80

NULL_MHAC_SHA1_80