[OpenSIPS-Users] using TCP/TLS in a large scale deployment
bogdan at opensips.org
Tue Sep 16 11:54:42 CEST 2014
OpenSIPS Founder and Developer
On 16.09.2014 12:41, george wu wrote:
> Bogdan-Andrei Iancu:
> One more question, I know there is tls for tcp, is there any similar
> for udp so that
> the udp package is secure? Thanks.
> At 2014-09-16 03:34:27, "Bogdan-Andrei Iancu" <bogdan at opensips.org> wrote:
> Hi George,
> There are advantages and disadvantages for each protocol you use:
> UDP is much lighter as protocol for the OS (100K UDP end points ->
> only one socket, 100K TCP end points -> 100K sockets) and also for
> the application (OpenSIPS) - managing TCP connection is more
> resource intensive rather than UDP sockets
> UDP also have some advantages as it a framed protocol - a SIP
> packages and delimited at protocol level (in a single datagram),
> while in TCP, where everything is streamed, the reading
> application cannot "see" at transport level where a SIP package
> end and a new one starts - it has to do SIP parsing just to figure
> out where it ends.
> Nevertheless, TCP has better NAT penetration (as it is connection
> oriented) - this is why all mobile devices do prefer TCP over UDP.
> Also UDP has problems when comes to size, as it is limited to 65K
> (not to mention poor UDP fragmentation on several stacks) - again,
> TCP solves this problem as it is stream oriented.
> Best regards,
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> On 12.09.2014 17:13, george wu wrote:
>> I am not sure if I should start another thread or not.
>> I have similar question.
>> The client is android linphone. it says it needs to send
>> keep-alive message for firewall traversal.
>> For tcp it only needs to send every 10 minutes while for udp it
>> needs to send every 10 seconds.
>> It is obviously tcp is much better for the clients.
>> However from thread here, it is better to use udp.
>> Now can anybody give me some clue how to do tradeoff between tcp
>> and udp.
>> At 2014-09-12 09:38:04, "Bogdan-Andrei Iancu"
>> <bogdan at opensips.org> wrote:
>> Hi Jayesh,
>> There are 2 aspects here :
>> - first, configure proper limits when starting OpenSIPS -
>> like max number of fds per process, etc.
>> - secondly, when comes to opensips itself, you need to
>> look into :
>> * enough memory (TCP uses a lot)
>> * set proper timeouts in TCP (connect, write, read
>> timeouts) to avoid blocking
>> * properly handle the TCP lifetime to get to a
>> compromise between the number of ongoing connections and
>> seting/closing connections
>> * really good control over when OpenSIPS should open
>> new TCP conns - you can do this from script, depending on the
>> target (like never try to open conns towards end-user, let
>> them connect to you).
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> On 10.09.2014 14:55, Jayesh Nambiar wrote:
>>> I am in process of designing opensips which can handle a
>>> million users, hypothetically 200,000 registrations and
>>> 500CPS capacity. I've been reading a lot and learnt that TCP
>>> design is blocking and not suitable for huge volumes.
>>> My requirement was to have TLS between endpoints and
>>> Opensips and hence riding over TCP is the only option. I
>>> needed some expert suggestions on what things should be
>>> taken care of when planning a large deployment over TCP.
>>> I have built similar stuff on UDP and I trust it heavily as
>>> it has performed perfectly as expected. But when it comes to
>>> TCP I'm a bit clueless.
>>> I've read about lot of global parameters that is now
>>> available for asynchrous tcp operations. Is it really
>>> helpful when planning for scalable environments??
>>> Thanks for any suggestions !!
>>> Users mailing list
>>> Users at lists.opensips.org
>> Users mailing list
>> Users at lists.opensips.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users