[VOIPSEC] IPSec and VoIP Security
Hadriel Kaplan
HKaplan at acmepacket.com
Mon May 1 10:49:44 CDT 2006
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Geoff Devine
> Sent: Monday, May 01, 2006 11:00 AM
> To: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] IPSec and VoIP Security
>
> The problem is typically the "initialization storm" that happens after
> some kind of large failure. It may "only" be four SIP messages and four
> XML/Diameter/SCTP messages but it becomes a pretty big deal when you
> have a million clients. Parsing text-based SIP and XML messages isn't
> exactly a computer-friendly operation and your network is out of service
> unable to place and accept phone calls until this "initialization storm"
> subsides. In a primary line/lifeline environment, you could kill
> somebody if you engineer this incorrectly. One wrong entry in a routing
> table or a backhoe destroying a fiber wiring conduit that's "supposed"
> to be redundant can take out a network for hours and induce this
> condition.
Which is why providers deploy boxes that can handle this condition through
various means (usually hardware-based means). It doesn't need changes to
standards for those mechanisms, but the IETF is trying to address it
somewhat in sip-outbound as well with randomization timers.
-hadriel
More information about the Voipsec
mailing list