[e2e] signaling performance on TCP
Saikat Guha
saikat at cs.cornell.edu
Wed May 17 02:18:09 PDT 2006
On Tue, 2006-05-16 at 07:14 -0400, Fred Baker wrote:
> Allocating excess capacity to a signaling channel and putting SIP into
> it basically allows SIP to bypass queues that form around file
> transfers. Personally, I think this is a good thing, and RFC 4542
> supports it.
Somewhat related to this, and more along the lines of the '0% NAT -
checkmating the disconnectors' discussion we had earlier is using SIP to
signal all sorts of data.
In particular, using off-path signaling (SIP) for all the heavy-lifting
in data communications such as discovery, mobility, protocol
negotiation, authentication etc., and ultimately negotiating a
light-weight data-path. More details in our recent report here [1].
[1] Towards a Secure Internet Architecture Through Signaling
http://nutss.net/pub/cucs06-nutss/
The primary benefit, as you mention, is that the off-path signaling can
be protected with more ease -- putting it in a separate priority queue,
distributing the off-path components near the attacker (thus absorbing a
DoS on the signaling path with greater ease). Furthermore with SIP, the
"middle" can better understand what is going on at the "ends" and help
accordingly to provide better security.
Somewhat analogous to what SS7 signaling in phone networks (off-path)
buys over DTMF signaling (on-path).
Thoughts?
--
Saikat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060517/79ee0e41/attachment.bin
More information about the end2end-interest
mailing list