25 Aug
2004
25 Aug
'04
9:02 p.m.
At 07:45 PM 8/25/2004, Richard wrote:
Hi,
I hate to argue with a guru whose product benefits us a lot... :)
Anyway, if you can program your ALG and fix any problem one might have, why
isn't it a better choice? Some routers give away source code. They are linux
kernel 2.4 with netfilter. It tracks various protocols besides SIP. I
checked their code, it is no different than the methods used in nathelper,
mangle the ip address embedded in SIP message. I'd think that it is
definitely better than reducing registration interval, using voice proxy and
sending pings.
Security does not work -- SIP/TLS will fail.
Secondly, I don't share your optimism on that ALG vendors will get
the application logic right. Field experience shows that my pesimistic
attitude is quite realistic. There were even bizzar products that
claimed support for SIP but actually mangled it in a way which broke
all communication. (Till this firewall was removed, SIP was running
at port 5070.)
Btw, I don't think that one can find out a lot
consumer based router working
with NAT ping. 80% of products in the market are based on linux
kernel/netfilter which only refreshes binding with outbound traffic and the
timer for binding in 30 seconds by default.
Thanks -- that's interesting information. Anyhow -- I think that's an argument
for making end-devices to resend keep-alives frequently.
-jiri