[cisco-voip] Nbar missing some RTP traffic
Ellington, Chris
Chris.Ellington at inin.com
Thu Apr 17 09:42:50 EDT 2008
Why not just pick the exact traffic you are looking to match and match
it? Don't worry about nbar messing it up - just grab the ports you're
seeking and mark as such?
Chris
Christopher Ellington | VoIP/SIP Engineer
phone & fax +1.317.715.8578 | chris.ellington at inin.com
CCIE #6814
Interactive Intelligence Inc.
Deliberately Innovative
www.inin.com
-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Jeffrey Ollie
Sent: Thursday, April 17, 2008 9:15 AM
To: Jorge L. Rodriguez Aguila
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Nbar missing some RTP traffic
On Thu, Apr 17, 2008 at 7:34 AM, Jorge L. Rodriguez Aguila
<jorge.rodriguez at netxar.com> wrote:
> That is correct. The RTP match is for even port numbers as Cisco uses
even RTP ports in that range for voice payload and the corresponding odd
ports for RTCP.
It's more complex than that. "match protocol rtp audio" looks at the
RTP payload type to determine what's RTP audio and video.
Unfortunately, it only "knows" about the audio and video payload types
defined in the RFCs:
http://www.cisco.com/en/US/products/ps6616/products_white_paper09186a008
0110040.shtml#wp39290
If your VoIP traffic is negotiating dynamic RTP payload types in the
SIP SDP, which is necessary for some of the newer audio and video
codecs, "match protocol rtp audio" and "match protocol rtp video" will
not work. There are probably even some VoIP implementations that
negotiate dynamic RTP payload types for audio/video codecs that have
static payload types like G.711.
nBAR does not appear to parse SIP/SDPs to learn about dynamic RTP
payload types.
Personally, this has made "match protocol rtp audio" and "match
protocol rtp video" useless for my needs.
> If you want to be extra sure you could convert your match-all voice
class to match-any and add access-group XXX with an access-list XXX
permit udp any any range 16384 32767 to pick up any packets the match
RTP might miss.
That's not necessary when using "match protocol rtp" and in fact may
pick up unintended traffic (like matching RTP video traffic or just
about any other UDP traffic).
Jeff
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
More information about the cisco-voip
mailing list