Knowledge Article

< Back
You are here:

SIP ALG Testing

SIP ALG (Application Layer Gateway) is a feature that is commonly found in many routers and firewalls that allows modification of SIP messages in transit, to facilitate the flow of SIP traffic through the device.  While the intent of its use is to correct IP and port addressing in NAT environments, it can often interfere with VoIP QoS performance, call and video quality and is recommended to be in an OFF state on a network where a hosted voice service is active.

Test Methodology

The Reply Cloud test is designed to detect if the SIP header is being modified by any network element between the Sidekick and the HPBX server (Carrier or Reply Cloud ReplyPoint Server).  This element is often the premise router or firewall, however, can be within the WAN path depending on how the transport connection to the Internet is utilized.  The test detects if the IP address associated in the SIP header is the same as the Sidekick WAN IP addresses where the original SIP packets are generated for call testing.

If the Sidekick WAN IP has been modified in the SIP header, then SIP ALG is being applied along the path between the Sidekick and the HPBX server.

NOTE:  When SIP ALG is detected the source IP Address will be noted in the Firewall test results block (above).  This likely is the router / gateway / firewall or can be present upstream if being manipulated by a carrier or ISP.

Examples

In a normal case where a SIP Client has a private IP address and NAT is performed by a CPE edge router, only the IP address in the IP header is replaced by the NAT operation.  In the example below that would be 10.4.12.35 -> 155.166.40.93 being replaced in the IP header.  With SIP-ALG = OFF, the original private IP address will still be seen all the way end-to-end in the SIP INVITE message at the receiving HPBX.  With SIP-ALG = ON, the ALG Gateway (frequently also the CPE edge router) will also place its address into the SIP INVITE as the VIA, From, and Contact address.

SIP ALG is OFF ===========================================================

SIP CLIENT: sent SIP INVITE packet

=> SIP INVITE
=> Message Header

Via: SIP/2.0/UDP 10.4.12.35:5060;branch=z9hG4bK5d6ce427
Max-Forwards: 70
From: “Sidekick” <sip:10547@10.4.12.35>;tag=as746968d6
To: <sip:1000@hpbx.reply-sidekick.com:5060>
Contact: <sip:10547@10.4.12.35:5060>
Call-ID: 595ca43b6e1dc3661b12f6c47ea84bc4@10.4.12.35:5060
CSeq: 102 INVITE
User-Agent: Reply-Sidekick
Date: Wed, 21 Dec 2022 17:02:49 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 319

 

SIP SERVER: received SIP INVITE packet

=> SIP INVITE
=> Message Header

Via: SIP/2.0/UDP 10.4.12.35:5060;branch=z9hG4bK5d6ce427
Max-Forwards: 70
From: “Sidekick” <sip:10547@10.4.12.35:5060>;tag=as746968d6
To: <sip:1000@hpbx.reply-sidekick.com:5060>
Contact: <sip:10547@10.4.12.35:5060>
Call-ID: 595ca43b6e1dc3661b12f6c47ea84bc4@10.4.12.35:5060
CSeq: 102 INVITE
User-Agent: Reply-Sidekick
Date: Wed, 21 Dec 2022 17:02:49 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 325

SIP ALG is ON ===========================================================

SIP CLIENT: sent SIP INVITE packet

=> SIP INVITE
=> Message Header

Via: SIP/2.0/UDP 10.4.12.35:5060;branch=z9hG4bK5d6ce427
Max-Forwards: 70
From: “Sidekick” <sip:10547@10.4.12.35>;tag=as746968d6
To: <sip:1000@hpbx.reply-sidekick.com:5060>
Contact: <sip:10547@10.4.12.35:5060>
Call-ID: 595ca43b6e1dc3661b12f6c47ea8f831@10.4.12.35:5060
CSeq: 102 INVITE
User-Agent: Reply-Sidekick
Date: Wed, 21 Dec 2022 17:02:49 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 319

 

SIP SERVER: received SIP INVITE packet

=> SIP INVITE
=> Message Header

Via: SIP/2.0/UDP 155.166.40.93:5060;branch=z9hG4bK5d6ce427
Max-Forwards: 70
From: “Sidekick” <sip:10547@155.166.40.93:5060>;tag=as746968d6
To: <sip:1000@hpbx.reply-sidekick.com:5060>
Contact: <sip:10547@155.166.40.93:5060>
Call-ID: 595ca43b6e1dc3661b12f6c47ea8f831@10.4.12.35:5060
CSeq: 102 INVITE
User-Agent: Reply-Sidekick
Date: Wed, 21 Dec 2022 17:02:49 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 325

 

Remedy

There are a few ways you can disable SIP ALG on your network:

  1. Check your router’s documentation: Many router models come with SIP ALG enabled by default. You can check your router’s documentation to see if it is enabled and how to disable it, if necessary.
  2. Check your router’s settings: Depending on your router model, you may be able to check the SIP ALG setting through the router’s web interface. To access the web interface, you will need to know the router’s IP address and login credentials. Once you have accessed the web interface, look for a section related to voice over IP (VoIP) or SIP.
  3. Check with your ISP to determine if SIP ALG may be enabled upstream of your router or gateway. There are also cases with some ISPs who provide gateway hardware that has SIP ALG engaged with no method to disable from a portal interface.