[AusNOG] Remote Work - (SIP/Security/CGNAT)

Robert Hudson hudrob at gmail.com
Fri Nov 13 17:53:26 EST 2015 

Your biggest hurdle is going to be the latency - at those delays, people
will absolutely hear the delay, and it will cause usability issues.

I would only allow the SIP connections to come via VPN tunnels, or from
known DNS names, and run something like DynDNS. Resolves a few issues (if
your VPN defeats CGNAT, your SIP connections never deal with it as they
come straight down the tunnel).

Consider using G729 encoding rather than G711 - it sacrifices a small
amount of quality for a big improvement in bandwidth utilisation. That
said, a single SIP connection on G711 won't come close to filling the
bandwidth you're talking about (though you may want to implement some QoS
on the client side to ensure SIP connectivity in preference to other
traffic.
On 13 Nov 2015 10:00 am, "Luke Iggleden" <luke at iggleden.com> wrote:

> Hi Noggers,
>
> We've recently been tasked with assisting getting SIP running from
> Australia to the Philippines for remote staff workers on DSL tails. SIP
> server is in Sydney, behind Vocus transit.
>
> It appears that CGNAT is a hurdle, plus 350-450ms of latency, and the
> inability to obtain a static IP on a 'residential' grade tail.
>
> We're now using Fortigate SSL VPN tunnel as a solution, and just routing
> the SIP server down the split tunnel, but not sure if this really makes the
> situation worse or not, and I'm looking to hear other ideas and battle
> stories!
>
> What are people using out there to deliver a reliable service that sounds
> good? -plus:
>
> - Get around CGNat RTP Audio/SIP transport issues
> - Ensure SIP server is not open to the world due to dynamic IP's connecting
> - Keep the bandwidth requirements to a minimum - Assume low speed DSL
> (2M/512k)
>
> Direct carrier links are not a possibility unfortunately as the staff all
> work from home offices.
>
>
>
> Cheers,
>
> Luke
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20151113/12260785/attachment.html>

More information about the AusNOG mailing list