Filter
Top Products
36 • Confi guration
[ S N O M 4 S N A T F I L T E R ]
The Hide Routing flag will replace route sets with a unique route
index when requests or responses are sent to a registered user agent.
Via headers are also replaced with one Via header. This feature has sev-
eral advantages. First of all, it will reduce the packet size significantly,
especially when your core network uses several proxies or when it loops
requests through the proxy several times. Usually, UDP packets will have
a size significantly below the MTU size of 1492 bytes for Ethernet. This is
a tremendous advantage that solves many problems with equipment that
does not support UDP fragmentation.
Secondly, it hides important information about your network to
-
pology from the user agents. For example, when you are terminating calls
with a PSTN gateway, the users are not able to see the IP address of the
PSTN gateway in the routing path (if you turn “always relay” on, this ad-
dress will also not occur in the SDP). Users will only “see” the filter as the
only window to the outside world. This makes attacks much more difficult.
It is much easier to protect only the filter against attacks than your whole
SIP network.
The third big advantage is that it solves many problems with
poor SIP implementations. Typically, immature SIP implementations can
-
not deal properly with strict and loose routing which results in compli-
cated routing problems. The filter will take care of the routing problems;
the user agent just has to route the request to the filter, which even the
poorest implementations are able to do.
The disadvantage with this flag is that it adds more stateful
information to the filter. The stateful does not affect the scalability of the
overall system, but when restarting the filter, the information gets lost.
However, we recommend turning this flag on.
4.3.8 Multiple 2xx Handling
The Filter INVITE 2xx deals with another problem that many
poor SIP implementations have. In SIP, it is allowed to fork requests to
several user agent servers. Several user agents sending a 2xx response
back to the UAC at the same time typically creates a race condition. The
proxy involved in this transaction cannot cancel the pending requests fast
enough to solve this situation. The SIP designers have made the design
decision that in this situation all 2xx responses must be sent back to the
UAC which has to resolve the condition.
4.