Page 216 - Asterisk™: The Future of Telephony
P. 216

single  datagram  header,  that  will  lower  the  overhead  associated  with  individual
               channels. This helps to lower latency and reduce the processing power and bandwidth
               required, allowing the protocol to scale much more easily with a large number of active
               channels between endpoints. If you have a large quantity of IP calls to pass between
               two endpoints, you should take a close look at IAX trunking.

               Future
               Since IAX was optimized for voice, it has received some criticism for not better sup-
               porting video—but in fact, IAX holds the potential to carry pretty much any media
               stream desired. Because it is an open protocol, future media types are certain to be
               incorporated as the community desires them.

               Security considerations
               IAX includes the ability to authenticate in three ways: plain text, MD5 hashing, and
               RSA key exchange. This, of course, does nothing to encrypt the media path or headers
               between endpoints. Many solutions include using a Virtual Private Network (VPN)
               appliance or software to encrypt the stream in another layer of technology, which re-
               quires the endpoints to pre-establish a method of having these tunnels configured and
               operational. However, IAX is now also able to encrypt the streams between endpoints
               with  dynamic  key  exchange  at  call  setup  (using  the  configuration  option  encryp
               tion=aes128), allowing the use of automatic key rollover.

               IAX and NAT
               The IAX2 protocol was deliberately designed to work from behind devices performing
               NAT. The use of a single UDP port for both signaling and transmission of media also
               keeps the number of holes required in your firewall to a minimum. These considerations
               have helped make IAX one of the easiest protocols (if not the easiest) to implement in
               secure networks.

               SIP

               The Session Initiation Protocol (SIP) has taken the telecommunications industry by
               storm. SIP has pretty much dethroned the once-mighty H.323 as the VoIP protocol of
               choice—certainly at the endpoints of the network. The premise of SIP is that each end
               of a connection is a peer; the protocol negotiates capabilities between them. What
               makes SIP compelling is that it is a relatively simple protocol, with a syntax similar to
               that of other familiar protocols such as HTTP and SMTP. SIP is supported in Asterisk
               with the chan_sip.so module. ‖

               History

               SIP was originally submitted to the Internet Engineering Task Force (IETF) in February
               of 1996 as “draft-ietf-mmusic-sip-00.” The initial draft looked nothing like the SIP we


               188 | Chapter 8: Protocols for VoIP
   211   212   213   214   215   216   217   218   219   220   221