VoIP: Symmetric Response Routing

This issue was reported to me by a reader of this Web page. Thank you!

Port open!

You have a Firewall, usually in your Internet-Access Device like your router at home. Or, if you use the Internet access of your mobile network, your mobile operator runs a Firewall for you. When a call comes in, your SIP service sends you a INVITE message. Consequently, a port must be open in the Firewall, so this messages arrives. You open that port (with your SIP REGISTER message). Then, either your local SIP User Agent – your phone – or your remote service provider make sure it does not get closed (in UDP with a double CRLF-Refresh every 30 seconds, or a TCP-Keep-Alive message every five minutes).

Port correct?

Your provider checks whether a TCP connection is establised already and re-uses that.

SIP header Contact

Unfortuantely, some services do not re-use the connection. Instead, they rely on the port in the SIP header Contact. Some try to be clever: They rely on the port (only) if its IP address is public. That happens easily when you use IPv6 for example. Consequently, for such services, the SIP User agent must present the correct port.

Affected TCP/TLS clients

The following SIP User Agents (from my collection) are affected for sure because they allow IPv6:

Service providers, go get one of those (without rPort; for example the Panasonic) and double check your configuration!

Affected TCP/TLS servers

Some implementations try to fix wrong IP ports in the SIP header Contact on default. Does that logic consider a public IP address with a wrong port? By the way, instead of fixing wrong ports, those implementations should have used the existing TCP connection before even looking at the header Contact.