[SIPForum-discussion] SIPForum-Firewall influence on SIP

Jason L. Nesheim jnesheim at cytek.biz
Mon Jul 14 06:46:59 UTC 2008 

I believe this document should help you with this: http://www.cisco.com/en/US/tech/tk652/tk698/technologies_tech_note09186a0080094ae2.shtml 




-- 
Jason Nesheim, Senior Network Design Engineer 
Cytek 
www.cytek.biz / 702-885-0815 


----- Original Message ----- 
From: "Richard L. Agonias (Digitel-GSM)" <Richard.Agonias at digitel.ph> 
To: "Neill Wilkinsonj" <neill.wilkinson at quortex.com>, "Fortunato Lacson" <junlacson at gmail.com> 
Cc: discussion at sipforum.org 
Sent: Sunday, July 13, 2008 6:46:16 PM GMT -08:00 US/Canada Pacific 
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP 




Hi Neil, 



Just a few comments, if Jason would be transporting the voice via IP via E1, then would he also consider the following: 



- Ethernet frames – since IP will go down to the layer 2 level and or 

- PPP – for E1 



Regards, 



richard 






From: discussion-bounces at sipforum.org [mailto:discussion-bounces at sipforum.org] On Behalf Of Neill Wilkinsonj 
Sent: Monday, July 14, 2008 7:53 AM 
To: 'Fortunato Lacson' 
Cc: discussion at sipforum.org 
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP 



You’re nearly there – you just need to add the packet overhead alas G711 needs some RTP, UDP and IP to get it across the IP network. 



SIP is the signalling protocol like SS7 is the signalling protocol. RTP/UDP/IP is the bearer, if you will, it’s like the framing that allows timeslots of 64kbps speech to be transported over E1 links. 



So once you’ve added the overhead you end up with around 80kbps. Now take this value and divide 650Mbps and you get closer to the number of concurrent RTP streams – or calls. Now remember just like an E1 has a TX and RX paths, VoIP does too – so if the value of the ASA5540 is the total throughput – then you need to half the value you get by dividing 80kbps in to 650Mbps to get the number of concurrent calls. 



Also be careful as routers and firewalls are rated based on “average” size packets this can be around 570 bytes, overall performance of firewalls and routers are generally better with bigger packets. Alas RTP encoded G711 is rather small – 160 bytes plus headers for a 20ms sample. So it is likely that the real throughput is less than the performance figure quoted by a manufacturer. 



Also be careful about the word connections as this may well relate to TCP traffic, not UDP traffic and VoIP is carried over UDP. 

Neill...;o) 

		

Neill Wilkinson 
Principal Consultant 


Aeonvista Ltd - opening up new ideas 




View Neill Wilkinson's profile on LinkedIn

Aeonvista Ltd 


	

	












From: discussion-bounces at sipforum.org [mailto:discussion-bounces at sipforum.org] On Behalf Of Fortunato Lacson 
Sent: 13 July 2008 10:33 
To: Jason L. Nesheim 
Cc: discussion at sipforum.org 
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP 



Hi all. I am new to this forum and am also new in the SIP world. I have a long background in traditional PSTN networks but is now ready to embrace SIP. I am currently involved in studying how we can migrate around 5,000 concurrent inbound calls to our IVR systems using SIP technology. 

I am looking at a firewall for our application and found Cisco ASA 5540. This firewall is rated with a maximum throughput of 650 Mbps and 25,000 firewall connections. 

I would imagine that these parameters is something that you would be looking at when dimensioning a firewall. For the SIP gurus, please correct me if I'm wrong. I'm also roughly estimating, with G711 at 64Kbps, you divide the throughput with that and you get an estimate number of concurrent calls it can handle. 

Regards, 


Fortunato Lacson 




On Fri, Jul 11, 2008 at 11:56 PM, Jason L. Nesheim < jnesheim at cytek.biz > wrote: 


That would depend on the firewall or router in question and whether NAT is being used. 

Some firewalls such as the Cisco PIX, ASA, and routers with NAT have SIP Application Layer Gateways enabled by default. These ALG engines will manipulate SIP packet contents with the intent to allow NAT traversal to function. Another situation to consider are firewalls with built in back to back user agents that have a licensed call capacity. The Ingate Firewall ( http://www.ingate.com/firewalls.php ) would be an example of this case. 

The DSCP/ToS code points on SIP packets may be manipulated by policy maps on routers in the network. Many service providers remark SIP and RTP packets at the network edge with what they use to designate the priority queue. It is also possible in some networks that the bandwidth allocated to SIP and RTP queues becomes exhausted as load increases and leads to dropped packets. This typically only occurs if the QoS policies on the routers are improperly configured but is something to be aware of. 




-- 
Jason Nesheim, Senior Network Design Engineer 
Cytek 
www.cytek.biz / 702-885-0815 



----- Original Message ----- 
From: "AMIT ANAND" < amiit.anand at gmail.com > 
To: "sri kuma" < cyberdyne at mail.com > 
Cc: discussion at sipforum.org 
Sent: Friday, July 11, 2008 10:07:32 AM GMT -08:00 US/Canada Pacific 
Subject: Re: [SIPForum-discussion] SIPForum-Firewall influence on SIP 

Hi Sri, 

There should be no effect as such but the Packet Forwarding Rate of that firewall must be appropriate as per the simultaneous call you want to run. 

Amit Anand 
91-9910211901 


On Sun, Jul 6, 2008 at 11:11 AM, sri kuma < cyberdyne at mail.com > wrote: 

hi , 
I woulld like to know whether a firewall(SIP aware) would affect the SIP packets traversal if the number of calls increases and is there 
any influence of the intermediate routers on the SIP ie does the QOS settings in the routers affect the SIP packets 

thank you 


-- 


Be Yourself @ mail.com ! 
Choose From 200+ Email Addresses 
Get a Free Account at www.mail.com ! 


_______________________________________________ 
This is the SIP Forum discussion mailing list 
TO UNSUBSCRIBE, or edit your delivery options, please visit http://sipforum.org/mailman/listinfo/discussion 
Post to the list at discussion at sipforum.org 



_______________________________________________ This is the SIP Forum discussion mailing list TO UNSUBSCRIBE, or edit your delivery options, please visit http://sipforum.org/mailman/listinfo/discussion Post to the list at discussion at sipforum.org 


_______________________________________________ 
This is the SIP Forum discussion mailing list 
TO UNSUBSCRIBE, or edit your delivery options, please visit http://sipforum.org/mailman/listinfo/discussion 
Post to the list at discussion at sipforum.org 


_______________________________________________ This is the SIP Forum discussion mailing list TO UNSUBSCRIBE, or edit your delivery options, please visit http://sipforum.org/mailman/listinfo/discussion Post to the list at discussion at sipforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20080713/5b20557a/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 577 bytes
Desc: image001.gif
URL: <http://sipforum.org/pipermail/discussion/attachments/20080713/5b20557a/attachment-0002.gif>

More information about the discussion mailing list