Below is example of setting two classes for:
Both have got signaling and media layer. Usually network ports that are used for these purposes are:
1.For SIP:
As example was based on Avaya solution in which there are Communication Manager and Gateway/Gatekeeper.
Iptables should look more or less like this
—
where:
IP_1 and IP_2 – IP’s ranges of endpoints
RTP_RANGE – UDP ports ranges for RTP
—
where:
SIP_ENDPOINT_IP – SIP endpoint
SIP_GW_IP – SIP Proxy/Registrar
where:
AVAYA_ENDPOINT_IP – H.323 endpoint
AVAYA_CM_IP – Avaya Comunication Manager
AVAYA_GW_IP – Avaya Gateway/H.323 Gatekeeper
In example we assumed that there is proper FILTER chain in iptables configured allowing transmission over above TCP/UDP ports
Chains: mark-media, mark-signaling-sip, mark-signaling-h323 should be added to PREROUTING chain in mangle table:
- signaling
- media
Both have got signaling and media layer. Usually network ports that are used for these purposes are:
1.For SIP:
- signaling: TCP/UDP 5060, TCP 5061 (secure TCP)
- media: UDP, depends on configuration
As example was based on Avaya solution in which there are Communication Manager and Gateway/Gatekeeper.
- signaling: TCP/UDP 1719, TCP/UDP 1720
- media: UDP, depends on configuration
Iptables should look more or less like this
—
MEDIA:
#out
iptables -t mangle -A mark-media -p udp -s $IP_1 -d $IP_2 --dport $RTP_RANGE -j DSCP --set-dscp-class ef
#in
iptables -t mangle -A mark-media -p udp -s $IP_2 -d $IP_1 --sport $RTP_RANGE -j DSCP --set-dscp-class efwhere:
IP_1 and IP_2 – IP’s ranges of endpoints
RTP_RANGE – UDP ports ranges for RTP
—
SIGNALING:
#out
iptables -t mangle -A mark-signaling-sip -p tcp -s $SIP_ENDPOINT_IP -d $SIP_GW_IP --dport 5060:5061 -j DSCP --set-dscp-class cs4
#in
iptables -t mangle -A mark-signaling-sip -p tcp -s $SIP_GW_IP --sport 5060:5061 -d $SIP_ENDPOINT_IP -j DSCP --set-dscp-class cs4where:
SIP_ENDPOINT_IP – SIP endpoint
SIP_GW_IP – SIP Proxy/Registrar
#out
iptables -t mangle -A mark-signaling-h323 -p tcp -s $AVAYA_ENDPOINT_IP
-d $AVAYA_CM_IP --dport 1719:1720 -j DSCP --set-dscp-class cs4
iptables -t mangle -A mark-signaling-h323 -p udp -s $AVAYA_ENDPOINT_IP
-d $AVAYA_GW_IP --dport 1719:1720 -j DSCP --set-dscp-class cs4
#in
iptables -t mangle -A mark-signaling-h323 -p tcp -s $AVAYA_CM_IP --sport
1719:1720 -d $AVAYA_ENDPOINT_IP -j DSCP --set-dscp-class cs4
iptables -t mangle -A mark-signaling-h323 -p udp -s $AVAYA_GW_IP --sport
1719:1720 -d $AVAYA_ENDPOINT_IP -j DSCP --set-dscp-class cs4where:
AVAYA_ENDPOINT_IP – H.323 endpoint
AVAYA_CM_IP – Avaya Comunication Manager
AVAYA_GW_IP – Avaya Gateway/H.323 Gatekeeper
In example we assumed that there is proper FILTER chain in iptables configured allowing transmission over above TCP/UDP ports
Chains: mark-media, mark-signaling-sip, mark-signaling-h323 should be added to PREROUTING chain in mangle table:
ptables -t mangle -A PREROUTING -j mark-signaling-sip
iptables -t mangle -A PREROUTING -j mark-signaling-h323
iptables -t mangle -A PREROUTING -j mark-media
Now we are able to distinguish media and signaling for VoIP in our network and we can start dealing with queueing disciplines
Comments