Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The Peeredge Switch/SBC supports UDP, TCP and TLS v1.2 as transport protocols for SIP signaling. The Peeredge Switch supports RTP and SRTP protocols for media sessions.  Both RTP and SRTP use UDP as the transport protocol.

 Transport protocols provide essential services to voice applications, including: 

  • Multiplexing - Assigning port numbers to each application, which enables the IP network to carry thousands of application messages between hosts simultaneously

  • Reliable message delivery - The receiver verifies the transmission of each packet using a checksum to ensure contents are not corrupted. The receiver acknowledges the verified packet or requests retransmission of the corrupted packet. If the transmitter doesn’t receive an acknowledgement, it assumes the packet is lost and retransmits it. The transport layer also ensures packets arrive in sequence by inserting a sequence number.

  • Flow control - The receiver uses a transmission window value to provide feedback to the sender about buffer space to avoid buffer overruns and underruns.

  • Congestion management - When multiple losses occur, the transport layer implements a back-off algorithm that allows congestion to clear before resuming transmission.

 

Recommendations

If any portion of the end-to-end network transport is not considered secure (i.e. direct Internet), then 46Labs recommends using TLS.

 If the end-to-end network transport is already secure (i.e. SD-WAN or MPLS), then 46Labs recommends either TCP or UDP.  If any customer networking devices in the SIP signaling path between the customer SBCs/PBXs and the Peeredge Switches do not properly handle UDP message fragmentation and assembly, then 46Labs recommends TCP.

 The Peeredge Switch supports RTP and SRTP protocols for media sessions.  Both RTP and SRTP use UDP as the transport protocol.

 Recommendations for TLS

 If the customer SBCs/PBXs support the selection of crypto cipher’s when using TLS/SRTP then 46Labs recommends using the AES_CM_128_HMAC_SHA1_80 crypto cipher suite since it is considered the most secure suite supported by the Peeredge Switches.

 The Peeredge Switch currently supports the following crypto cipher suites for the encryption of RTP media:

 AES_CM_128_HMAC_SHA1_80

AES_CM_128_HMAC_SHA1_32

AES_192_CM_HMAC_SHA1_80

AES_192_CM_HMAC_SHA1_32

AES_256_CM_HMAC_SHA1_80

AES_256_CM_HMAC_SHA1_32

F8_128_HMAC_SH1_80

F8_128_HMAC_SH1_32

NULL_MHAC_SHA1_80

NULL_MHAC_SHA1_80

  • No labels