Multiple 2Xx Handling; Trusted Addresses - Snom 4S NAT Filter Admin Manual
Version 2.09
Hide thumbs
Also See for 4S NAT Filter:
- Admin manual (68 pages) ,
- Admin manual (56 pages) ,
- Admin manual (64 pages)
Table of Contents
Advertisement
deal properly with strict and loose routing which results in complicated
routing problems. The filter will take care about the routing problems,
the user agent just has to route the request to the filter, which even the
poorest implementations are able to do.
The disadvantage with this flag is that it adds more stateful
information to the filter. The stateful does not affect the scalability of the
overall system, but when restarting the filter, the information gets lost.
However, we recommend turning this flag on.
4.3.7 Multiple 2xx Handling
The Filter INVITE 2xx deals with another problem that many
poor SIP implementations have. In SIP, it is allowed to fork requests to
several user agent servers. Several user agents sending a 2xx response
back to the UAC at the same time typically creates a race condition.
The proxy that is involved in this transaction cannot cancel the pending
requests fast enough to solve this situation. The SIP designers have made
the design decision that in this situation, all 2xx responses must be sent
back to the UAC which has to resolve the condition.
Unfortunately, only a small percentage of existing user agents
deal properly with this situation. When you turn the flag on, the filter will
only let the first 2xx response pass through to the user agent. Subsequent
2xx responses will be blocked by the filter; instead the filter will send an
ACK to the response and immediately terminate the dialog with a BYE
message. This is the behaviour that most user agents do when receiving
multiple 2xx. However, if you are sure that the user agents in your network
handle multiple 2xx properly and implement a different behaviour, you
should turn this behaviour off.
4.3.8 Trusted Addresses
The list of Trusted IP Addresses is used when sensitive
information is extracted from SIP packets. For example, the filter may
get an explicit hint on how long the conversation may last at maximum.
If a user agent would send this information, it could easily bypass AAA
and make telephone calls even when the prepaid card already expired. If
you list the IP addresses of your proxies, you can enhance the security
significantly.
38 • Confi guration
[
4 S N A T F
S N O M
]
I L T E R
Advertisement
Table of Contents
