<div dir="ltr">So those of you using TCP, are you also using TLS?<div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Aug 8, 2018 at 12:36 PM Alex Balashov <<a href="mailto:abalashov@evaristesys.com">abalashov@evaristesys.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Aug 08, 2018 at 12:21:09PM -0700, Carlos Alvarez wrote:<br>
<br>
> So...who else on the list uses TCP and has any comments about it?<br>
<br>
We are not an ITSP and are Polycom-only with a trivial number of<br>
endpoints, but we do use it and it works just fine. <br>
<br>
However, we have numerous customers, some of whom use TCP predominantly<br>
for thousands of endpoints. It works just fine.<br>
<br>
In terms of downsides:<br>
<br>
In addition to a historical lack of (RFC 3261-mandated) support, there<br>
are of course theoretical trade-offs involved in using TCP. There's<br>
more overhead, and connection state to be maintained on the server side,<br>
which of course consumes resources — resources considered trivial<br>
nowadays, but once upon a time, when RFC 3261 was ratified (2002),<br>
perhaps not. As with all things TCP, it can also present a DoS vector if<br>
you don't limit the number of connections somewhere. <br>
<br>
The congestion control/end-to-end delay aspects of TCP are certainly not<br>
as important now as they were at a time when the public IP backbone and<br>
was in an entirely different place in its evolution. Also, nowadays the<br>
congestion/windowing algorithms used in TCP can be tweaked to something<br>
more efficient.<br>
<br>
I think the most damning thing about using TCP is perceived to be the<br>
relative difficulty of failing over TCP session state to a different<br>
host. UDP does not require connection state, so as long as you have some<br>
means of handling requests in a relatively stateless fashion, things can<br>
just carry on as they did before in the event of an IP takeover without<br>
anyone having to "reconnect". This is one area where the big enterprise<br>
boxes certainly trump the open-source ecosystem, where transparent TCP<br>
failover *for SIP* doesn't really exist, although in my opinion the<br>
whole issue is getting a bit moot with the way cloud infrastructure and<br>
virtualisation networking is evolving.<br>
<br>
-- Alex<br>
<br>
-- <br>
Alex Balashov | Principal | Evariste Systems LLC<br>
<br>
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) <br>
Web: <a href="http://www.evaristesys.com/" rel="noreferrer" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.csrpswitch.com/" rel="noreferrer" target="_blank">http://www.csrpswitch.com/</a><br>
</blockquote></div>