[VoiceOps] What does an ALG actually do?

Alex Balashov abalashov at evaristesys.com
Sat Mar 2 17:17:35 EST 2013 

Correct me if I'm wrong, but last time I looked, Linux's netfilter kernel module for SIP, ip_conntrack_sip, still is ignorant of SDP entirely. 


Scott Berkman <scott at sberkman.net> wrote:

>How reliable and predictable an ALG is really varies vendor by vendor. 
>Most
>standard firewalls' and routers' ALG do cause more problems (for
>example
>most Cisco stuff), but the SIP specific vendors usually do a much
>better
>job.  My personal favorite is Edgewater Edgemarcs. 
>
>Most generally what they do is provide layer 5+ (OSI) NAT,
>intelligently
>replacing addresses in the SIP and SDP headers.  In most cases they
>will
>also handle RTP, doing things like making sure outside ports are unique
>and
>open based on following the SDP on the signaling side.
>
>-Scott
>
>-----Original Message-----
>From: voiceops-bounces at voiceops.org
>[mailto:voiceops-bounces at voiceops.org]
>On Behalf Of Tim Bray
>Sent: Thursday, February 28, 2013 6:45 AM
>To: voiceops at voiceops.org
>Subject: Re: [VoiceOps] What does an ALG actually do?
>
>On 27/02/13 21:33, John Levine wrote:
>> I realize that an ALG is a hack in a router that is supposed to allow
>
>> SIP packets to go through a NAT router.  I also realize that for 
>> modern SIP equipment, ALG usually causes more problems than it
>solves, 
>> and that it's described in RFCs 2663, 3424, and others.
>>
>> What I can't find anywhere is what a SIP ALG actually does to the 
>> packets.  Is that written down anywhere, or is it just network 
>> folklore?
>>
>
>The simple answer is `break stuff`.
>
>The marketing answer is `Sip is the next big thing, and we want to say
>we
>are "SIP READY" so we put an ALG in`.
>
>Technically.
>
>The OKish ALGs are passive and sniff the ports for Qos etc.
>
>Most NAT passing ones just search and replace the IP addresses in the 
>SIP and SDP.   Mainly though, I've seen them swap one IP, but not the 
>other.  Or misread the port number.  Very basic search and replace
>rather
>than properly parsing the messages.  Bad idea.

-- 
Sent from my mobile, and thus lacking in the refinement one might expect from a fully-fledged keyboard. 

Alex Balashov - Principal 
Evariste Systems LLC 
235 E Ponce de Leon Ave 
Suite 106 
Decatur, GA 30030 
United States
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/

More information about the VoiceOps mailing list