Ingenious, but how scalable?

Story: Secure VoIP, GNU SIP Witch, and replacing Skype with free softwareTotal Replies: 1
Author Content

Aug 27, 2009
4:11 PM EDT
That's pretty ingenious stuff. I like the scenario with ISP WItch and Asterisk sitting next to each other so you can transparently call seure and non-secure depending on the receiver.

Question: How well does it scale? I forsee problems with large deployments if secure callers must be able to establish a direct connection without a relay in between. For example, caller A is in a large LAN at company Foo and caller B is at a different large LAN at company Bar. How does that work?

Aug 27, 2009
4:30 PM EDT
There is a special case being implemented for the 0.6 release, such as for NAT transversal, where you do a one leg RTP packet forward at each site (that is, you forward redirect RTP all your inbound requests to your local subnet's user agent, and the remote site if also behind NAT does the same for his, via SDP rewrite). Since the RTP packet is actually simply forwarded unmodified, it can be possible to do such a redirect to the local user agent entirely through updating firewall rules at the kernel layer of a sipwitch server sitting either at the border itself (such as on a linksys router) or that has a range of ports forwarded from the NAT, rather than running a RTP proxy. That scenario should still scale well for NAT.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!