[VoiceOps] What does an ALG actually do?

Scott Berkman scott at sberkman.net
Sat Mar 2 17:11:25 EST 2013

How reliable and predictable an ALG is really varies vendor by vendor.  Most
standard firewalls' and routers' ALG do cause more problems (for example
most Cisco stuff), but the SIP specific vendors usually do a much better
job.  My personal favorite is Edgewater Edgemarcs. 

Most generally what they do is provide layer 5+ (OSI) NAT, intelligently
replacing addresses in the SIP and SDP headers.  In most cases they will
also handle RTP, doing things like making sure outside ports are unique and
open based on following the SDP on the signaling side.


-----Original Message-----
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Tim Bray
Sent: Thursday, February 28, 2013 6:45 AM
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] What does an ALG actually do?

On 27/02/13 21:33, John Levine wrote:
> I realize that an ALG is a hack in a router that is supposed to allow 
> SIP packets to go through a NAT router.  I also realize that for 
> modern SIP equipment, ALG usually causes more problems than it solves, 
> and that it's described in RFCs 2663, 3424, and others.
> What I can't find anywhere is what a SIP ALG actually does to the 
> packets.  Is that written down anywhere, or is it just network 
> folklore?

The simple answer is `break stuff`.

The marketing answer is `Sip is the next big thing, and we want to say we
are "SIP READY" so we put an ALG in`.


The OKish ALGs are passive and sniff the ports for Qos etc.

Most NAT passing ones just search and replace the IP addresses in the 
SIP and SDP.   Mainly though, I've seen them swap one IP, but not the 
other.  Or misread the port number.  Very basic search and replace rather
than properly parsing the messages.  Bad idea.

Tim Bray
tim at kooky.org | +44 7966 479015 | http://www.kooky.org
Huddersfield, UK

VoiceOps mailing list
VoiceOps at voiceops.org

More information about the VoiceOps mailing list