dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
31900
share rss forum feed


VTMichael

join:2007-01-18
Clifton Park, NY

SIP ALG Problems

Hello everyone,

I just wanted to step in and get a thread started in reference to the issues that we've been seeing here in support caused by routers with SIP ALG enabled by default.

I found a pretty good article on voip-info.org that explains what SIP ALG is, how it works, and the issues it can cause [mostly due to poor implementation]. I hope voip-info doesn't mind, but I'll be copying parts of it here for our reference...

WHAT IS SIP ALG?

"Many of today's commercial routers implement SIP ALG (Application-level gateway), coming with this feature enabled by default. While ALG could help in solving NAT related problems in client LAN side, the fact is that many routers ALG implementation has wrong behaviour and breaks SIP protocol making, more or less, impossible the communication."

WHAT KIND OF PROBLEMS CAN SIP ALG CAUSE?

"The main problem is the poor implementation at SIP protocol level of most commercial routers and the fact that this technology is just useful for outgoing calls, but not for incomings calls:

* Lack of incoming calls: When a UAC is switched on it sends a REGISTER to the proxy in order to be localizable and receive incoming calls. This REGISTER is modified by the ALG feature (if not the user wouldn't be reachable by the proxy since it indicated a private IP in REGISTER "Contact" header). Common routers just mantain the UDP "conntection" open for a while (30-60 seconds) so after that time the port forwarding is ended and incoming packets are discarted by router.
* Breaking SIP signalling: Many of the actual common routers with inbuilt SIP ALG does a wrong job modifying SIP headers and SDP body, breaking SIP protocol and making communication just impossible.
* Dissallows server side solutions: Even if you don't need a client side NAT solution (your SIP proxy gives you a server NAT solution) if your LAN router has SIP ALG enabled that breaks SIP signalling then it will make not possible the communication with your proxy."

I've got this information posted on my in-house tech blog this week for the VT reps information, but I thought it might be a good idea to let everyone know about this problem on the rise.

Anyone up for posting the make and model of their router with SIP ALG?

_Michael

jay_rm

join:2002-04-12
Netville
FWIW, I've found numerous references to solving VoIP problems by turning OFF SIP/ALG.

Sorry - my router is a Buffalo running Tomato firmware - no SIP/ALG and no problems...
--
3500/512 5.7 GHz Motorola Canopy Wireless; FoxValley.net
"Peace through superior firepower"


VTMichael

join:2007-01-18
Clifton Park, NY
My point exactly.

_Michael

GVG

join:2006-09-19
Charlotte, NC
reply to VTMichael
Exactly the behavior I see from my Trendnet Router. If the SIP ALG is on, VOIP fails. Turn it off and it works fine. I would like to add that SPI is also no friend to VOIP.


Nate425
Premium
join:2005-02-03
Charlottesville, VA
reply to VTMichael
I have a Trendnet TEW-611BRP and the first thing I had to do after getting it set up was turn the SIP ALG off. I wish it was off by default.


VTBrendan
Viatalk
Premium
join:2005-06-27
Clifton Park, NY
kudos:1
reply to GVG
said by GVG:

Exactly the behavior I see from my Trendnet Router. If the SIP ALG is on, VOIP fails. Turn it off and it works fine. I would like to add that SPI is also no friend to VOIP.
SPI causes a ton of issues as well. These are frustrating cases for both us and the end user, as just about everything else would work fine (or at least passably) over a router using either of these options, thus making them appear to have no issues.

-Brendan

mogulman
Premium
join:2002-09-09
Parker, CO

1 edit
reply to VTMichael
There are many routers out there these days that use the same chipset. They are characterized by using the Streamengine chipset from Ubicom. Almost all of these routers have a setting for SIP ALG. It is usually listed in the Advanced Settings under Application or Firewall Settings.

I usually disable SIP and IPSEC(VPN) ALGs on these routers first thing. They almost always cause problems.

Some of the manufacturers that use this chipset are:
Trendnet
D-Link
Zyxel
SMC
EnGenius

Most of the newer routers from the above manufacturers use this chipset.

BTW.. The StreamEngine chipset from Ubicom is great. It works really well for upstream router based QoS. It's just the ALG setting that needs to be changed.

My current router is a Trendnet TEW-633GR and I don't have any problems with SPI. I didn't have a problem with my previous Trendnet router and SPI either. One thing that has been a problem with the above chipset and SPI is that with SPI turned on, the MTU on the router gets messed up. That was fixed in later firmwares.


n1zuk
making really tiny tech things
Premium
join:2001-10-24
Malta
kudos:2
reply to VTMichael
Most every 3rd-party firmware running on a Linux based router is using a SPI firewall. That how the IPTABLES are written to do.
--
New to Forum Life? Click here and learn.