[VoiceOps] Issues with ISPs blocking SIP 5060 - 5061

Mike Ray mike at astrocompanies.com
Thu Nov 21 13:23:12 EST 2013


We've found with both Bright House and Verizon that at least in Florida they
impose a 5% to 40% packet loss on any PPTP tunnel.  We did migrate several
customers' SIP service to encrypted tunnels, and this is how BH and Verizon
responded.  We have not been able to get them to admit that they are shaping
traffic this way, but we can perfectly see them do it.  Traffic between the
two routers outside the tunnel is 100% perfect, but inside the tunnel
traffic takes this consistent loss.

It seemed like the FCC's Comcast wrist-slapping got reversed, and they are
therefore becoming more bold about doing things like this.

Mike Ray, MBA, CNE, CTE
Astro Companies, LLC
11523 Palm Brush Trail #401
Lakewood Ranch, FL  34202
DIRECT: 941 600-0207
http://www.astrocompanies.com


-----Original Message-----
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Matt
Yaklin
Sent: Thursday, November 21, 2013 12:55 PM
To: J. Oquendo
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Issues with ISPs blocking SIP 5060 - 5061



On Thu, 21 Nov 2013, J. Oquendo wrote:

> On Thu, 21 Nov 2013, Matt Yaklin wrote:
>
>>
>>
>> Will tunneling the sip/rtp packets be more common in the near future 
>> for SIP phone providers?
>>
>> matt
>>
>
>> From the ITSP side (where we provide trunks). Tunnels would
> be a nightmare, so they are a no-no. Now you're throwing in too many 
> variables (Aggressive, Main, set ups, different equipment). Not to 
> mention the overhead it would add to an SBC.
>
>> From the Managed PBX side of the equation... NO, but before
> I ramble on, define tunneling. Tunneling as in VPN? If the



Yes, a VPN tunnel that the CPE/SBC would have to handle and connect back to
a centralized location that the SIP provider controls. Every SIP device
behind the CPE/SBC would have to go through the CPE/SBC.

The reason I mention it was recent SBC installs I did at customer sites had
tunnel options but I am unsure at the moment if it was for site to site
(full mesh setup) connectivity for security reasons or more for getting back
to the provider for alternative reasons.

But the more I think about it... it does add complexity that we would all
like to avoid.

matt



> concern is security, TLS is suitable from the managed PBX side as we 
> can firewall trusted CIDRs on the firewall to prevent 
> recording/tampering.
>
> If you meant VPN tunneling... Would only work on a softphone because I 
> have YET to see any VoIP device (phone, ATA, FXO,
> FXS) have any parameters to set up a tunnel. So I am unsure how one 
> would truly call a VoIP Tunnel in a VPN sense, any kind of true 
> tunneling. (Tunnel in Tunnel maybe, been a while since I dove into 
> CCIP/IE like material.
>
> --
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>
> "Where ignorance is our master, there is no possibility of real peace" 
> - Dalai Lama
>
> 42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF 
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
>
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops



More information about the VoiceOps mailing list