Hassle with SIP ALG in routers

As part of our services, we perform a lot of videotelephony deployments into homes of private persons. These are connected to the Internet using DSL lines or cable modems. More and more links comes with a router provided by the ISP.
We are starting to notice that more and more of these routers include a SIP Application Gateway Layer which aim is to facilitate NAT traversal for SIP and RTP protocols. In some sophisitcated routers, such ALG also triggers dynamic firewall opening for RTP conversations. Our experience is that such piece of software often prevent the SIP communication to operate. Here are the cases that we encountered:

  • SIP ALG does not support loose routing: the ACK message is not sent back and the SIP dialog cannot be establish. Typically, the communication is only one way and/or it drops after 30 seconds.
  • SIP ALG does not support a call procedure or such or such primitives: ex 183 Session Progress is not supported or in dialog MESSAGES or INFO are dropped.
  • SIP ALG only support SIP infrastructure where SIP and RTP comes from the same IP addresses, which forbid any kind of load balancing on the server side.
  • Some older CISCO firware also corrupt the TCP packets (when using SIP over TCP).

We believe that given the fact that it is very difficult to find some competent people capable of troubleshooting this on the router side. Even though, obtaining a firware correction and applying them to ISP branded modems is nearly impossible. This leaves us with a simple message to all ISP and router vendors:
Please please, Mr router, include a menu tp disable the ALG

Add comment

Security code