[OpenSIPS-Users] using TCP/TLS in a large scale deployment

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Sep 16 16:10:26 CEST 2014


Only one, similar to UDP.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 16.09.2014 13:03, george wu wrote:
> Does SCTP need only one socket for 100K end points?
> Can it be secure?  If so, that's really great.
>
> George Wu
>
>
>
> At 2014-09-16 05:54:42, "Bogdan-Andrei Iancu" <bogdan at opensips.org> wrote:
>
>     SCTP ?
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>     On 16.09.2014 12:41, george wu wrote:
>>     Bogdan-Andrei Iancu:
>>
>>     One more question, I know there is tls for tcp, is there any
>>     similar for udp so that
>>     the udp package is secure? Thanks.
>>
>>     George
>>
>>
>>
>>
>>
>>
>>     At 2014-09-16 03:34:27, "Bogdan-Andrei Iancu"
>>     <bogdan at opensips.org> wrote:
>>
>>         Hi George,
>>
>>         There are advantages and disadvantages for each protocol you use:
>>
>>         UDP is much lighter as protocol for the OS (100K UDP end
>>         points -> only one socket, 100K TCP end points -> 100K
>>         sockets) and also for the application (OpenSIPS) - managing
>>         TCP connection is more resource intensive rather than UDP sockets
>>
>>         UDP also have some advantages as it a framed protocol - a SIP
>>         packages and delimited at protocol level (in a single
>>         datagram), while in TCP, where everything is streamed, the
>>         reading application cannot "see" at transport level where a
>>         SIP package end and a new one starts - it has to do SIP
>>         parsing just to figure out where it ends.
>>
>>         Nevertheless, TCP has better NAT penetration (as it is
>>         connection oriented) - this is why all mobile devices do
>>         prefer TCP over UDP.
>>         Also UDP has problems when comes to size, as it is limited to
>>         65K (not to mention poor UDP fragmentation on several stacks)
>>         - again, TCP solves this problem as it is stream oriented.
>>
>>         Best regards,
>>
>>         Bogdan-Andrei Iancu
>>         OpenSIPS Founder and Developer
>>         http://www.opensips-solutions.com
>>
>>         On 12.09.2014 17:13, george wu wrote:
>>>         I am not sure if I should start another thread or not.
>>>         I have similar question.
>>>         The client is android linphone. it says it needs to send
>>>         keep-alive message for firewall traversal.
>>>         For tcp it only needs to send every 10 minutes while for udp
>>>         it needs to send every 10 seconds.
>>>         It is obviously tcp is much better for the clients.
>>>         However from thread here, it is better to use udp.
>>>
>>>         Now can anybody give me some clue how to do tradeoff between
>>>         tcp and udp.
>>>         Thanks.
>>>
>>>         George
>>>
>>>
>>>
>>>
>>>
>>>         At 2014-09-12 09:38:04, "Bogdan-Andrei Iancu"
>>>         <bogdan at opensips.org> wrote:
>>>
>>>             Hi Jayesh,
>>>
>>>             There are 2 aspects here :
>>>                 - first, configure proper limits when starting
>>>             OpenSIPS - like max number of fds per process, etc.
>>>                 - secondly, when comes to opensips itself, you need
>>>             to look into :
>>>                     * enough memory (TCP uses a lot)
>>>                     * set proper timeouts in TCP (connect, write,
>>>             read timeouts) to avoid blocking
>>>                     * properly handle the TCP lifetime to get to a
>>>             compromise between the number of ongoing connections and
>>>             seting/closing connections
>>>                     * really good control over when OpenSIPS should
>>>             open new TCP conns - you can do this from script,
>>>             depending on the target (like never try to open conns
>>>             towards end-user, let them connect to you).
>>>
>>>             Regards,
>>>
>>>             Bogdan-Andrei Iancu
>>>             OpenSIPS Founder and Developer
>>>             http://www.opensips-solutions.com
>>>
>>>             On 10.09.2014 14:55, Jayesh Nambiar wrote:
>>>>             Hello,
>>>>             I am in process of designing opensips which can handle
>>>>             a million users, hypothetically 200,000 registrations
>>>>             and 500CPS capacity. I've been reading a lot and learnt
>>>>             that TCP design is blocking and not suitable for huge
>>>>             volumes.
>>>>             My requirement was to have TLS between endpoints and
>>>>             Opensips and hence riding over TCP is the only option.
>>>>             I needed some expert suggestions on what things should
>>>>             be taken care of when planning a large deployment over TCP.
>>>>             I have built similar stuff on UDP and I trust it
>>>>             heavily as it has performed perfectly as expected. But
>>>>             when it comes to TCP I'm a bit clueless.
>>>>             I've read about lot of global parameters that is now
>>>>             available for asynchrous tcp operations. Is it really
>>>>             helpful when planning for scalable environments??
>>>>
>>>>             Thanks for any suggestions !!
>>>>
>>>>             W/regards,
>>>>             Jayesh
>>>>
>>>>
>>>>             _______________________________________________
>>>>             Users mailing list
>>>>             Users at lists.opensips.org
>>>>             http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>         Users mailing list
>>>         Users at lists.opensips.org
>>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140916/3665695f/attachment.htm>


More information about the Users mailing list