[SIPForum-discussion] SIPForum-Firewall influence on SIP

Mon Jul 14 01:46:16 UTC 2008

Hi Neil,

Just a few comments, if Jason would be transporting the voice via IP via
E1, then would he also consider the following:

-          Ethernet frames - since IP will go down to the layer 2 level
and or

-          PPP - for E1

Regards,

richard

________________________________

From: discussion-bounces at sipforum.org
[mailto:discussion-bounces at sipforum.org] On Behalf Of Neill Wilkinsonj
Sent: Monday, July 14, 2008 7:53 AM
To: 'Fortunato Lacson'
Cc: discussion at sipforum.org
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP

You're nearly there - you just need to add the packet overhead alas G711
needs some RTP, UDP and IP to get it across the IP network.

SIP is the signalling protocol like SS7 is the signalling protocol.
RTP/UDP/IP is the bearer, if you will, it's like the framing that allows
timeslots of 64kbps speech to be transported over E1 links.

So once you've added the overhead you end up with around 80kbps. Now
take this value and divide 650Mbps and you get closer to the number of
concurrent RTP streams - or calls. Now remember just like an E1 has a TX
and RX paths, VoIP does too - so if the value of the ASA5540 is the
total throughput - then you need to half the value you get by dividing
80kbps in to 650Mbps to get the number of concurrent calls.

Also be careful as routers and firewalls are rated based on "average"
size packets this can be around 570 bytes, overall performance of
firewalls and routers are generally better with bigger packets. Alas RTP
encoded G711 is rather small - 160 bytes plus headers for a 20ms sample.
So it is likely that the real throughput is less than the performance
figure quoted by a manufacturer.

Also be careful about the word connections as this may well relate to
TCP traffic, not UDP traffic and VoIP is carried over UDP.

Neill...;o)

Neill Wilkinson
Principal Consultant

Aeonvista Ltd - opening up new ideas

  <http://www.linkedin.com/in/neillwilkinson> 

Aeonvista Ltd <http://aeonvista.com/> 

From: discussion-bounces at sipforum.org
[mailto:discussion-bounces at sipforum.org] On Behalf Of Fortunato Lacson
Sent: 13 July 2008 10:33
To: Jason L. Nesheim
Cc: discussion at sipforum.org
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP

Hi all. I am new to this forum and am also new in the SIP world. I have
a long background in traditional PSTN networks but is now ready to
embrace SIP. I am currently involved in studying how we can migrate
around 5,000 concurrent inbound calls to our IVR systems using SIP
technology.

I am looking at a firewall for our application and found Cisco ASA 5540.
This firewall is rated with a maximum throughput of 650 Mbps and 25,000
firewall connections.

I would imagine that these parameters is something that you would be
looking at when dimensioning a firewall. For the SIP gurus, please
correct me if I'm wrong. I'm also roughly estimating, with G711 at
64Kbps, you divide the throughput with that and you get an estimate
number of concurrent calls it can handle.

Regards,

Fortunato Lacson

On Fri, Jul 11, 2008 at 11:56 PM, Jason L. Nesheim <jnesheim at cytek.biz>
wrote:

That would depend on the firewall or router in question and whether NAT
is being used.  

Some firewalls such as the Cisco PIX, ASA, and routers with NAT have SIP
Application Layer Gateways enabled by default.  These ALG engines will
manipulate SIP packet contents with the intent to allow NAT traversal to
function.  Another situation to consider are firewalls with built in
back to back user agents that have a licensed call capacity.  The Ingate
Firewall (http://www.ingate.com/firewalls.php) would be an example of
this case.

The DSCP/ToS code points on SIP packets may be manipulated by policy
maps on routers in the network.  Many service providers remark SIP and
RTP packets at the network edge with what they use to designate the
priority queue.  It is also possible in some networks that the bandwidth
allocated to SIP and RTP queues becomes exhausted as load increases and
leads to dropped packets.  This typically only occurs if the QoS
policies on the routers are improperly configured but is something to be
aware of.

-- 
Jason Nesheim, Senior Network Design Engineer
Cytek
www.cytek.biz / 702-885-0815

----- Original Message -----
From: "AMIT ANAND" <amiit.anand at gmail.com>
To: "sri kuma" <cyberdyne at mail.com>
Cc: discussion at sipforum.org
Sent: Friday, July 11, 2008 10:07:32 AM GMT -08:00 US/Canada Pacific
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP

Hi Sri,

There should be no effect as such but the Packet Forwarding Rate of that
firewall must be appropriate as per the simultaneous call you want to
run.

Amit Anand
91-9910211901

On Sun, Jul 6, 2008 at 11:11 AM, sri kuma <cyberdyne at mail.com> wrote:

hi ,
        I woulld like to know whether a firewall(SIP aware) would
affect  the SIP packets traversal if the number of calls  increases  and
is there 
any influence of the intermediate routers on the SIP ie does the QOS
settings in the routers affect the SIP packets

thank you

-- 

Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com <http://www.mail.com/Product.aspx> !

_______________________________________________
This is the SIP Forum discussion mailing list
TO UNSUBSCRIBE, or edit your delivery options, please visit 
http://sipforum.org/mailman/listinfo/discussion
Post to the list at discussion at sipforum.org

_______________________________________________ This is the SIP Forum
discussion mailing list TO UNSUBSCRIBE, or edit your delivery options,
please visit http://sipforum.org/mailman/listinfo/discussion Post to the
list at discussion at sipforum.org 

_______________________________________________
This is the SIP Forum discussion mailing list
TO UNSUBSCRIBE, or edit your delivery options, please visit 
http://sipforum.org/mailman/listinfo/discussion
Post to the list at discussion at sipforum.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20080714/e02acd9c/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 577 bytes
Desc: image001.gif
URL: <http://sipforum.org/pipermail/discussion/attachments/20080714/e02acd9c/attachment-0002.gif>