OCS 20007: To UDP, or not to UDP

Generically, SIP can use (at least) 3 types of transport. Office Communications Server supports TCP and TLS, with the latter being the default (actually, TLS runs on TCP). Various interactions with some partners and customers of late of have posed the question: "Why doesn’t OCS support SIP over UDP?" Their belief is that UDP is […]

Generically, SIP can use (at least) 3 types of transport. Office Communications Server supports TCP and TLS, with the latter being the default (actually, TLS runs on TCP).

Various interactions with some partners and customers of late of have posed the question: "Why doesn’t OCS support SIP over UDP?" Their belief is that UDP is the ‘lowest common denominator’ SIP transport that is supported by "everyone" and that, by not supporting it, OCS is out of step with the mainstream of SIP implementation and interoperability.

Let’s evaluate that proposition on its merits.

Why doesn’t OCS support UDP?

There are three issues with UDP:

1) It is not encrypted, so you can’t ensure end to end security of SIP messages. There is no shortage of opinions on the security, or the lack thereof, of SIP (e.g. Cert® Advisory, ). As a text based protocol that is human readable (if ‘readable’ is the right word…it is not exactly prose…) there are privacy/security issues of sending SIP ‘in clear’. Furthermore, UDP allows for easier spoofing of packets since connection state doesn’t need to be maintained (remember Slammer?....UDP). This is why OCS customers are strongly recommended to accept TLS over TCP as the default SIP transport within the OCS network.

Full Article