[SIPForum-discussion] SIPForum-Firewall influence on SIP

Neill Wilkinsonj neill.wilkinson at quortex.com
Sun Jul 13 23:52:43 UTC 2008 

You're nearly there - you just need to add the packet overhead alas G711
needs some RTP, UDP and IP to get it across the IP network.

 

SIP is the signalling protocol like SS7 is the signalling protocol.
RTP/UDP/IP is the bearer, if you will, it's like the framing that allows
timeslots of 64kbps speech to be transported over E1 links.

 

So once you've added the overhead you end up with around 80kbps. Now take
this value and divide 650Mbps and you get closer to the number of concurrent
RTP streams - or calls. Now remember just like an E1 has a TX and RX paths,
VoIP does too - so if the value of the ASA5540 is the total throughput -
then you need to half the value you get by dividing 80kbps in to 650Mbps to
get the number of concurrent calls.

 

Also be careful as routers and firewalls are rated based on "average" size
packets this can be around 570 bytes, overall performance of firewalls and
routers are generally better with bigger packets. Alas RTP encoded G711 is
rather small - 160 bytes plus headers for a 20ms sample. So it is likely
that the real throughput is less than the performance figure quoted by a
manufacturer.

 

Also be careful about the word connections as this may well relate to TCP
traffic, not UDP traffic and VoIP is carried over UDP.

Neill...;o)

 



Neill Wilkinson
Principal Consultant
  

Aeonvista Ltd - opening up new ideas

 

 <http://www.linkedin.com/in/neillwilkinson> View Neill Wilkinson's profile
on LinkedIn

Aeonvista Ltd <http://aeonvista.com/> 


 

 

 

 

 

 

From: discussion-bounces at sipforum.org
[mailto:discussion-bounces at sipforum.org] On Behalf Of Fortunato Lacson
Sent: 13 July 2008 10:33
To: Jason L. Nesheim
Cc: discussion at sipforum.org
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP

 

Hi all. I am new to this forum and am also new in the SIP world. I have a
long background in traditional PSTN networks but is now ready to embrace
SIP. I am currently involved in studying how we can migrate around 5,000
concurrent inbound calls to our IVR systems using SIP technology.

I am looking at a firewall for our application and found Cisco ASA 5540.
This firewall is rated with a maximum throughput of 650 Mbps and 25,000
firewall connections.

I would imagine that these parameters is something that you would be looking
at when dimensioning a firewall. For the SIP gurus, please correct me if I'm
wrong. I'm also roughly estimating, with G711 at 64Kbps, you divide the
throughput with that and you get an estimate number of concurrent calls it
can handle.

Regards,


Fortunato Lacson




On Fri, Jul 11, 2008 at 11:56 PM, Jason L. Nesheim <jnesheim at cytek.biz>
wrote:

That would depend on the firewall or router in question and whether NAT is
being used.  

Some firewalls such as the Cisco PIX, ASA, and routers with NAT have SIP
Application Layer Gateways enabled by default.  These ALG engines will
manipulate SIP packet contents with the intent to allow NAT traversal to
function.  Another situation to consider are firewalls with built in back to
back user agents that have a licensed call capacity.  The Ingate Firewall
(http://www.ingate.com/firewalls.php) would be an example of this case.

The DSCP/ToS code points on SIP packets may be manipulated by policy maps on
routers in the network.  Many service providers remark SIP and RTP packets
at the network edge with what they use to designate the priority queue.  It
is also possible in some networks that the bandwidth allocated to SIP and
RTP queues becomes exhausted as load increases and leads to dropped packets.
This typically only occurs if the QoS policies on the routers are improperly
configured but is something to be aware of.

-- 
Jason Nesheim, Senior Network Design Engineer
Cytek
www.cytek.biz / 702-885-0815



----- Original Message -----
From: "AMIT ANAND" <amiit.anand at gmail.com>
To: "sri kuma" <cyberdyne at mail.com>
Cc: discussion at sipforum.org
Sent: Friday, July 11, 2008 10:07:32 AM GMT -08:00 US/Canada Pacific
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP

Hi Sri,

There should be no effect as such but the Packet Forwarding Rate of that
firewall must be appropriate as per the simultaneous call you want to run.

Amit Anand
91-9910211901

On Sun, Jul 6, 2008 at 11:11 AM, sri kuma <cyberdyne at mail.com> wrote:

hi ,
        I woulld like to know whether a firewall(SIP aware) would  affect
the SIP packets traversal if the number of calls  increases  and is there 
any influence of the intermediate routers on the SIP ie does the QOS
settings in the routers affect the SIP packets

thank you


-- 

Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com <http://www.mail.com/Product.aspx> !


_______________________________________________
This is the SIP Forum discussion mailing list
TO UNSUBSCRIBE, or edit your delivery options, please visit
http://sipforum.org/mailman/listinfo/discussion
Post to the list at discussion at sipforum.org



_______________________________________________ This is the SIP Forum
discussion mailing list TO UNSUBSCRIBE, or edit your delivery options,
please visit http://sipforum.org/mailman/listinfo/discussion Post to the
list at discussion at sipforum.org 


_______________________________________________
This is the SIP Forum discussion mailing list
TO UNSUBSCRIBE, or edit your delivery options, please visit
http://sipforum.org/mailman/listinfo/discussion
Post to the list at discussion at sipforum.org

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20080714/68721ef7/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 577 bytes
Desc: not available
URL: <http://sipforum.org/pipermail/discussion/attachments/20080714/68721ef7/attachment-0002.gif>

More information about the discussion mailing list