[SIPForum-discussion] SIPForum-Firewall influence on SIP

Sun Jul 13 09:33:28 UTC 2008

Hi all. I am new to this forum and am also new in the SIP world. I have a
long background in traditional PSTN networks but is now ready to embrace
SIP. I am currently involved in studying how we can migrate around 5,000
concurrent inbound calls to our IVR systems using SIP technology.

I am looking at a firewall for our application and found Cisco ASA 5540.
This firewall is rated with a maximum throughput of 650 Mbps and 25,000
firewall connections.

I would imagine that these parameters is something that you would be looking
at when dimensioning a firewall. For the SIP gurus, please correct me if I'm
wrong. I'm also roughly estimating, with G711 at 64Kbps, you divide the
throughput with that and you get an estimate number of concurrent calls it
can handle.

Regards,

Fortunato Lacson

On Fri, Jul 11, 2008 at 11:56 PM, Jason L. Nesheim <jnesheim at cytek.biz>
wrote:

> That would depend on the firewall or router in question and whether NAT is
> being used.
>
> Some firewalls such as the Cisco PIX, ASA, and routers with NAT have SIP
> Application Layer Gateways enabled by default.  These ALG engines will
> manipulate SIP packet contents with the intent to allow NAT traversal to
> function.  Another situation to consider are firewalls with built in back to
> back user agents that have a licensed call capacity.  The Ingate Firewall (
> http://www.ingate.com/firewalls.php) would be an example of this case.
>
> The DSCP/ToS code points on SIP packets may be manipulated by policy maps
> on routers in the network.  Many service providers remark SIP and RTP
> packets at the network edge with what they use to designate the priority
> queue.  It is also possible in some networks that the bandwidth allocated to
> SIP and RTP queues becomes exhausted as load increases and leads to dropped
> packets.  This typically only occurs if the QoS policies on the routers are
> improperly configured but is something to be aware of.
>
> --
> Jason Nesheim, Senior Network Design Engineer
> Cytek
> www.cytek.biz / 702-885-0815
>
>
> ----- Original Message -----
> From: "AMIT ANAND" <amiit.anand at gmail.com>
> To: "sri kuma" <cyberdyne at mail.com>
> Cc: discussion at sipforum.org
> Sent: Friday, July 11, 2008 10:07:32 AM GMT -08:00 US/Canada Pacific
> Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP
>
> Hi Sri,
>
> There should be no effect as such but the Packet Forwarding Rate of that
> firewall must be appropriate as per the simultaneous call you want to run.
>
> Amit Anand
> 91-9910211901
>
> On Sun, Jul 6, 2008 at 11:11 AM, sri kuma <cyberdyne at mail.com> wrote:
>
>> hi ,
>>         I woulld like to know whether a firewall(SIP aware) would  affect
>> the SIP packets traversal if the number of calls  increases  and is there
>> any influence of the intermediate routers on the SIP ie does the QOS
>> settings in the routers affect the SIP packets
>>
>> thank you
>>
>> -- Be Yourself @ mail.com!
>> Choose From 200+ Email Addresses
>> Get a *Free* Account at www.mail.com <http://www.mail.com/Product.aspx>!
>>
>> _______________________________________________
>> This is the SIP Forum discussion mailing list
>> TO UNSUBSCRIBE, or edit your delivery options, please visit
>> http://sipforum.org/mailman/listinfo/discussion
>> Post to the list at discussion at sipforum.org
>>
>>
>
> _______________________________________________ This is the SIP Forum
> discussion mailing list TO UNSUBSCRIBE, or edit your delivery options,
> please visit http://sipforum.org/mailman/listinfo/discussion Post to the
> list at discussion at sipforum.org
>
> _______________________________________________
> This is the SIP Forum discussion mailing list
> TO UNSUBSCRIBE, or edit your delivery options, please visit
> http://sipforum.org/mailman/listinfo/discussion
> Post to the list at discussion at sipforum.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20080713/05ffedf8/attachment-0002.html>