[OT] SIP ALG Detector released

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[OT] SIP ALG Detector released

Iñaki Baz Castillo
Hi, as part of my personal battle against SIP ALG routers, I've created an
utility to detect such routers:

  http://dev.sipdoc.net/wiki/sip-stuff/SIP-ALG-Detector

It has two parts: client and server:

Basically, the client node running into the LAN sends an INVITE to the server
node (running in a host with public IP).
The request could be modified by the LAN router if SIP ALG is enabled.
The server encodes the received request in Base64 and appends it to the SIP
response.
The client receives the response, decodes the body and gets the request as it
arrived to the server.
Then it creates a diff between the original request and the the request the
server node received. These differences are displayed in the screen.

Both, UDP and TCP, tests are performed.


The client node is coded in Ruby and should work in any operating system (if
Ruby is installed).

The server node is also coded in Ruby.


For those interested in trying it, I have a server node running in my personal
server:
  87.98.230.161:5060
You can test the client against my server.


Feedback is welcome :)
Regards.


--
Iñaki Baz Castillo <[hidden email]>


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] SIP ALG Detector released

Brett Nemeroff
Neat! Great Idea. I hate ALGs. BTW, Does anyone know of an ALG that actually works?


On Sat, Jun 13, 2009 at 7:19 PM, Iñaki Baz Castillo <[hidden email]> wrote:
Hi, as part of my personal battle against SIP ALG routers, I've created an
utility to detect such routers:

 http://dev.sipdoc.net/wiki/sip-stuff/SIP-ALG-Detector

It has two parts: client and server:

Basically, the client node running into the LAN sends an INVITE to the server
node (running in a host with public IP).
The request could be modified by the LAN router if SIP ALG is enabled.
The server encodes the received request in Base64 and appends it to the SIP
response.
The client receives the response, decodes the body and gets the request as it
arrived to the server.
Then it creates a diff between the original request and the the request the
server node received. These differences are displayed in the screen.

Both, UDP and TCP, tests are performed.


The client node is coded in Ruby and should work in any operating system (if
Ruby is installed).

The server node is also coded in Ruby.


For those interested in trying it, I have a server node running in my personal
server:
 87.98.230.161:5060
You can test the client against my server.


Feedback is welcome :)
Regards.


--
Iñaki Baz Castillo <[hidden email]>


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] SIP ALG Detector released

Iñaki Baz Castillo
El Domingo, 14 de Junio de 2009, Brett Nemeroff escribió:
> Neat! Great Idea. I hate ALGs. BTW, Does anyone know of an ALG that
> actually works?

The only SIP ALG router working *well* I've ever seen is a Cisco (don't know
which model).
However, even if it doesn't break SIP, it overloads the own CPU router when
there is high SIP traffic and stop working (a restart is required).


--
Iñaki Baz Castillo <[hidden email]>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] SIP ALG Detector released

kokoska rokoska



Iñaki Baz Castillo napsal(a):

> El Domingo, 14 de Junio de 2009, Brett Nemeroff escribió:
>> Neat! Great Idea. I hate ALGs. BTW, Does anyone know of an ALG that
>> actually works?
>
> The only SIP ALG router working *well* I've ever seen is a Cisco (don't know
> which model).
> However, even if it doesn't break SIP, it overloads the own CPU router when
> there is high SIP traffic and stop working (a restart is required).
>
>

CISCO ASA 5005, about 400 SIP users behind its NAT (all registered),
approx. 20-100 concurent calls => once (or, sometimes, twice) a week
router died and should be restarted (sometimes helped just clearing nat
table).
Turning off SIP ALG (I spent about month to argue admin into its really
needed) solve the problems...

Best regards,

kokoska.rokoska


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] SIP ALG Detector released

Adrian Georgescu
In reply to this post by Iñaki Baz Castillo
Hi Inaki,

This tool is very useful, as it can automatically detect the problem and can save a lot of time for detection.

This SIP ALG phenomena is however a plague.

I do not know any situation when this works or when somebody would really want to use it. All the efforts of the SIP service providers I know of are directed into disabling them altogether while router manufacturares are in frenzy to tick another checkbox on their packaging 'SIP enabled'. These manufacturers spend without any analysis whatsoever their 8 hour budget on the issue and then move casually forward leaving havoc behind them.

The only way to eradicate this plague is to move towards the use of TLS as a standard transport in SIP. With the new design this will be feasible.

Regards,
Adrian

On Jun 14, 2009, at 2:19 AM, Iñaki Baz Castillo wrote:

Hi, as part of my personal battle against SIP ALG routers, I've created an
utility to detect such routers:

 http://dev.sipdoc.net/wiki/sip-stuff/SIP-ALG-Detector

It has two parts: client and server:

Basically, the client node running into the LAN sends an INVITE to the server
node (running in a host with public IP).
The request could be modified by the LAN router if SIP ALG is enabled.
The server encodes the received request in Base64 and appends it to the SIP
response.
The client receives the response, decodes the body and gets the request as it
arrived to the server.
Then it creates a diff between the original request and the the request the
server node received. These differences are displayed in the screen.

Both, UDP and TCP, tests are performed.


The client node is coded in Ruby and should work in any operating system (if
Ruby is installed).

The server node is also coded in Ruby.


For those interested in trying it, I have a server node running in my personal
server:
 87.98.230.161:5060
You can test the client against my server.


Feedback is welcome :)
Regards.


--
Iñaki Baz Castillo <[hidden email]>


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] SIP ALG Detector released

Jeff Pyle
In reply to this post by Brett Nemeroff
Re: [OpenSIPS-Users] [OT] SIP ALG Detector released We’ve used Edgemarc router/ALGswith great success.  I suppose this is a little different animal, however, as the standard method of configuration has the client register to its IP, passing through to the pre-configured proxy on the outside.

There is a “transparent” mode that works much like the ALGs we all hate.  No pre-configuration.  While I won’t give it an absolute stamp of approval, I am definitely willing to declare it sucks much less than the average, useless ALG.


- Jeff



On 6/13/09 8:31 PM, "Brett Nemeroff" <brett@...> wrote:

Neat! Great Idea. I hate ALGs. BTW, Does anyone know of an ALG that actually works?

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] SIP ALG Detector released

Brett Nemeroff
Jeff,
Thanks for the feedback. I've been tempted to try out that edgemarc device.. Are you just using their edge box? I know they have some sort of device that does central stats collection as well.. Curious about that gizmo..
-Brett


On Mon, Jun 15, 2009 at 7:36 AM, Jeff Pyle <[hidden email]> wrote:
We’ve used Edgemarc router/ALGswith great success.  I suppose this is a little different animal, however, as the standard method of configuration has the client register to its IP, passing through to the pre-configured proxy on the outside.

There is a “transparent” mode that works much like the ALGs we all hate.  No pre-configuration.  While I won’t give it an absolute stamp of approval, I am definitely willing to declare it sucks much less than the average, useless ALG.


- Jeff




On 6/13/09 8:31 PM, "Brett Nemeroff" <brett@...> wrote:

Neat! Great Idea. I hate ALGs. BTW, Does anyone know of an ALG that actually works?


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: [OT] SIP ALG Detector released

Jeff Pyle
Re: [OpenSIPS-Users] [OT] SIP ALG Detector released Brett,

I’ve only used the Edgemarc models.  The older 4200 and 4300s, as well as the current 4500 T1 and non-T1 model.  Great for hosted IP setups where you don’t want to deal with NAT at all.

The Edgemarcs will do MOS scoring based on the network performance at the time, and syslog it out if you like.  The Edgeview central is an overpriced, modified version of Nagios.  It works well enough, but it’s way to expensive.  It’ll handle that syslog info as well as SSH into the devices to grab more stats, configs, etc.

The Edgemarcs themselves are embedded linux boxes so their capability is limited only your creativity... and your time.


- Jeff



On 6/15/09 12:07 PM, "Brett Nemeroff" <brett@...> wrote:

Jeff,
Thanks for the feedback. I've been tempted to try out that edgemarc device.. Are you just using their edge box? I know they have some sort of device that does central stats collection as well.. Curious about that gizmo..
-Brett


On Mon, Jun 15, 2009 at 7:36 AM, Jeff Pyle <jpyle@...> wrote:
We’ve used Edgemarc router/ALGswith great success.  I suppose this is a little different animal, however, as the standard method of configuration has the client register to its IP, passing through to the pre-configured proxy on the outside.

There is a “transparent” mode that works much like the ALGs we all hate.  No pre-configuration.  While I won’t give it an absolute stamp of approval, I am definitely willing to declare it sucks much less than the average, useless ALG.


- Jeff




On 6/13/09 8:31 PM, "Brett Nemeroff" <brett@... <http://brett@...> > wrote:

Neat! Great Idea. I hate ALGs. BTW, Does anyone know of an ALG that actually works?



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users