如何處理大型SIP資料包?
網路將對負載大於1480位元組的UDP資料包進行分段,以確保重疊的資料包不會超過MTU。
阻塞分段的UDP資料包是常見的路由器策略。路由器必須將UDP報文的每個資料段儲存在記憶體中,直到收到最後一個資料段,然後才能轉發該報文。可通過向路由器傳送不完整消息來利用此漏洞,直到其記憶體已滿導致路由器故障。因此,不包含此條件的修復程式的路由器通常不允許分段的UDP資料包。
對於不處理(或無法處理)UDP分段的路由器,一種解決方法是通過TCP轉換為SIP。BroadWorks可以在不同位置設定,以通過UDP、TCP或其中之一(未指定)傳送和/或期望接收。 以下是進行這些設定的各個位置:
AS_CLI/Interface/SIP> get
[…]
supportTcp = true
AS_CLI/System/Device/NetworkServers/Routing> get
Net Address Port Transport Poll OpState Description
=====================================================================
ns1.ihs.broadsoft.com tcp false enabled ns1
ns2.ihs.broadsoft.com tcp false enabled ns2
AS_CLI/System/CallP/Routing/MediaServerSelection/MediaServerDevice> get
Net Address Port Transport Description
=====================================================
ms1.ihs.broadsoft.com 5060 tcp ms1
ms2.ihs.broadsoft.com 5060 tcp ms2
NS_CLI/System/Device/RoutingNE/Address> get
About to access 22 entries. Continue?
Please confirm (Yes, Y, No, N): y
Retrieving data... Please wait...
Routing NE Address Cost Weight Port Transport
=======================================================================
[…]
test3 10.2.2.2 1 99 5060 tcp
test1 10.6.6.6 1 90 5060 tcp
test2 10.1.1.1 1 90 5060 tcp
22 entries found.
許多SBC也同時支援UDP和TCP。有些SBC甚至可以將UDP轉換為TCP。以下是ACME SD(可以指定協定的不同位置)的配置示例。
sip-interface
state enabled
realm-id access
description Public to IHS ACCESS SIP Interface
sip-port
address 64.212.220.94
port 5060
transport-protocol UDP
tls-profile
allow-anonymous all
sip-port
address 64.212.220.94
port 5060
transport-protocol TCP
tls-profile
allow-anonymous all
session-agent
hostname 10.48.7.56
ip-address 10.48.7.56
port 5060
state enabled
app-protocol SIP
app-type
transport-method TCP
還可以設定裝置以指定協定。例如,可以將Polycom設定為TCPonly、TCPpreferred或甚至允許DNS響應指定協定(DNSnaptr)
大型SIP UDP消息示例
2010.08.17 08:22:44:815 EDT | Info | Sip | +12403645153 | callhalf-171159287:1
udp 1580 Bytes OUT to 10.10.10.1:5060
INVITE sip:2403640001@10.10.10.1:5060;user=phone;transport=udp SIP/2.0
Via:SIP/2.0/UDP 10.10.10.2;branch=z9hG4bKBroadWorks.11l7pom-10.10.10.1V5060-0-13480-1064780560-1282047764815-
From:\"test-cc1 travis\";tag=1064780560-1282047764815-
To:\"Mike - Test Acct Inmon\"
Call-ID:BW082244815170810-243190739@10.10.10.2
CSeq:13480 INVITE
Contact:
Remote-Party-ID:\"test-cc1 travis\";screen=yes;party=calling;privacy=off;id-type=subscriber
RPID-Privacy:party=calling;privacy=off;id-type=subscriber
Proxy-Require:privacy
Diversion:\"Mike - Test Acct Inmon\";privacy=off;diversion-inhibited;reason=follow-me;counter=5,\"Mike - Test Acct Inmon\";privacy=off;reason=follow-me;counter=1,\"test-cc1 travis\";privacy=off;hg-cc;delay-ccm;reason=unknown;counter=1
Supported: Allow:ACK,BYE,CANCEL,INFO,INVITE,OPTIONS,PRACK,REFER,NOTIFY,UPDATE
Accept:multipart/mixed,application/dtmf-relay,application/media_control+xml,application/sdp,application/x-broadworks-call-center+xml
Max-Forwards:5
Content-Type:application/sdp
Content-Length:283
v=0
o=BroadWorks 1618137 1 IN IP4 10.10.10.2
s=-
c=IN IP4 10.10.10.2
t=0 0
m=audio 16580 RTP/AVP 0 8 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=rtpmap:101 telephone-event/8000
a=silenceSupp:on - - - -
a=fmtp:101 0-15
a=ptime:20
a=sendrecv
意見