[OpenSIPS-Users] using TCP/TLS in a large scale deployment

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Sep 16 11:54:42 CEST 2014 

SCTP ?

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 16.09.2014 12:41, george wu wrote:
> Bogdan-Andrei Iancu:
>
> One more question, I know there is tls for tcp, is there any similar 
> for udp so that
> the udp package is secure? Thanks.
>
> George
>
>
>
>
>
>
> At 2014-09-16 03:34:27, "Bogdan-Andrei Iancu" <bogdan at opensips.org> wrote:
>
>     Hi George,
>
>     There are advantages and disadvantages for each protocol you use:
>
>     UDP is much lighter as protocol for the OS (100K UDP end points ->
>     only one socket, 100K TCP end points -> 100K sockets) and also for
>     the application (OpenSIPS) - managing TCP connection is more
>     resource intensive rather than UDP sockets
>
>     UDP also have some advantages as it a framed protocol - a SIP
>     packages and delimited at protocol level (in a single datagram),
>     while in TCP, where everything is streamed, the reading
>     application cannot "see" at transport level where a SIP package
>     end and a new one starts - it has to do SIP parsing just to figure
>     out where it ends.
>
>     Nevertheless, TCP has better NAT penetration (as it is connection
>     oriented) - this is why all mobile devices do prefer TCP over UDP.
>     Also UDP has problems when comes to size, as it is limited to 65K
>     (not to mention poor UDP fragmentation on several stacks) - again,
>     TCP solves this problem as it is stream oriented.
>
>     Best regards,
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>     On 12.09.2014 17:13, george wu wrote:
>>     I am not sure if I should start another thread or not.
>>     I have similar question.
>>     The client is android linphone. it says it needs to send
>>     keep-alive message for firewall traversal.
>>     For tcp it only needs to send every 10 minutes while for udp it
>>     needs to send every 10 seconds.
>>     It is obviously tcp is much better for the clients.
>>     However from thread here, it is better to use udp.
>>
>>     Now can anybody give me some clue how to do tradeoff between tcp
>>     and udp.
>>     Thanks.
>>
>>     George
>>
>>
>>
>>
>>
>>     At 2014-09-12 09:38:04, "Bogdan-Andrei Iancu"
>>     <bogdan at opensips.org> wrote:
>>
>>         Hi Jayesh,
>>
>>         There are 2 aspects here :
>>             - first, configure proper limits when starting OpenSIPS -
>>         like max number of fds per process, etc.
>>             - secondly, when comes to opensips itself, you need to
>>         look into :
>>                 * enough memory (TCP uses a lot)
>>                 * set proper timeouts in TCP (connect, write, read
>>         timeouts) to avoid blocking
>>                 * properly handle the TCP lifetime to get to a
>>         compromise between the number of ongoing connections and
>>         seting/closing connections
>>                 * really good control over when OpenSIPS should open
>>         new TCP conns - you can do this from script, depending on the
>>         target (like never try to open conns towards end-user, let
>>         them connect to you).
>>
>>         Regards,
>>
>>         Bogdan-Andrei Iancu
>>         OpenSIPS Founder and Developer
>>         http://www.opensips-solutions.com
>>
>>         On 10.09.2014 14:55, Jayesh Nambiar wrote:
>>>         Hello,
>>>         I am in process of designing opensips which can handle a
>>>         million users, hypothetically 200,000 registrations and
>>>         500CPS capacity. I've been reading a lot and learnt that TCP
>>>         design is blocking and not suitable for huge volumes.
>>>         My requirement was to have TLS between endpoints and
>>>         Opensips and hence riding over TCP is the only option. I
>>>         needed some expert suggestions on what things should be
>>>         taken care of when planning a large deployment over TCP.
>>>         I have built similar stuff on UDP and I trust it heavily as
>>>         it has performed perfectly as expected. But when it comes to
>>>         TCP I'm a bit clueless.
>>>         I've read about lot of global parameters that is now
>>>         available for asynchrous tcp operations. Is it really
>>>         helpful when planning for scalable environments??
>>>
>>>         Thanks for any suggestions !!
>>>
>>>         W/regards,
>>>         Jayesh
>>>
>>>
>>>         _______________________________________________
>>>         Users mailing list
>>>         Users at lists.opensips.org
>>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140916/cdd84e15/attachment-0001.htm>

More information about the Users mailing list