-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Eric Gauthier Sent: Tuesday, February 15, 2005 1:45 PM To: nanog@merit.edu Subject: Re: Vonage complains about VoIP-blocking
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How is this any different then blocking port 25 or managing the bandwidth certain applications use.
Something else to consider. We block TFTP at our border for security reasons and we've found that this prevents Vonage from working. Would this mean that LEC's can't block TFTP?
Was that a device trying to phone home and get it's configs? Cisco, Nortel, etc. phone home and get configs via tftp. Vonage doesn't need to phone home for config. The device is programmed (router) and it registers with the call manager. If you analyze the transactions it's about 89% SIP and 11% SDP. -M<
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Something else to consider. We block TFTP at our border for security reasons and we've found that this prevents Vonage from working. Would this mean that LEC's can't block TFTP?
Was that a device trying to phone home and get it's configs? Cisco, Nortel, etc. phone home and get configs via tftp.
Vonage doesn't need to phone home for config. The device is programmed (router) and it registers with the call manager. If you analyze the transactions it's about 89% SIP and 11% SDP.
Vonage devices initiate an outbound TFTP connection back to Vonage to snarf their configs on initial connection and also (presumably) on reboot. Many, many VoIP devices do this, including Cisco phones in all major flavors. If an ISP is blocking TFTP originated by its customers at the border, this will cause numerous problems with many VoIP devices as well as numerous other things where a customer needs to initiate a TFTP session over the Internet. Filtering customer-initiated TFTP will cause problems with many legitimate applications and devices. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
On Tue, 15 Feb 2005, Jay Hennigan wrote:
Vonage devices initiate an outbound TFTP connection back to Vonage to snarf their configs on initial connection and also (presumably) on reboot.
Many, many VoIP devices do this, including Cisco phones in all major flavors. If an ISP is blocking TFTP originated by its customers at the border, this will cause numerous problems with many VoIP devices as well as numerous other things where a customer needs to initiate a TFTP session over the Internet.
Filtering customer-initiated TFTP will cause problems with many legitimate applications and devices.
Most devices have moved to http config, sipura, snom, panasonic, etc. We moved away from tftp because of a lot of NAT and blocking issues. As far as SIP, I don't see it as a major problem since you can use any port.
<> Nathan Stratton BroadVoice, Inc. nathan at robotics.net Talk IS Cheap http://www.robotics.net http://www.broadvoice.com
Was that a device trying to phone home and get it's configs? Cisco, Nortel, etc. phone home and get configs via tftp.
Vonage doesn't need to phone home for config. The device is
programmed
(router) and it registers with the call manager. If you analyze the transactions it's about 89% SIP and 11% SDP.
Vonage devices initiate an outbound TFTP connection back to Vonage to snarf their configs on initial connection and also (presumably) on reboot.
Many, many VoIP devices do this, including Cisco phones in all major flavors. If an ISP is blocking TFTP originated by its customers at the border, this will cause numerous problems with many VoIP devices as well as numerous other things where a customer needs to initiate a TFTP session over the Internet.
Filtering customer-initiated TFTP will cause problems with many legitimate applications and devices.
Consequently, should "unlikely or most likely not :)" be filtered by (I|N)SP, IMHO. Who's (still) using TFTP for fragile tasks...? Cheers, mh
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
participants (4)
-
Hannigan, Martin -
Jay Hennigan -
Michael Hallgren -
Nathan Allen Stratton