Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Understanding SCCP ALGs
The Skinny Client Control Protocol (SCCP) is a Cisco proprietary protocol for call signaling. Skinny is based on a call-agent-based call-control architecture. The control protocol uses binary-coded frames encoded on TCP frames sent to well-known TCP port number destinations to set up and tear down RTP media sessions.
The SCCP protocol just as other call control protocols, negotiates media endpoint parameters—specifically the Real-Time Transport Protocol (RTP) port number and the IP address of media termination—by embedding information in the control packets. The SCCP Application Layer Gateway (ALG) parses these control packets and facilitates media and control packets to flow through the system.
The SCCP ALG also implements rate limiting of calls and helps protect critical resources from overloading and denial-of-service (DoS) attacks.
The following functions are implemented by the SCCP ALG in Junos OS:
- Validation of SCCP protocol data units
- Translation of embedded IP address and port numbers
- Allocation of firewall resources (pinholes and gates) to pass media
- Aging out idle calls
- Configuration API for SCCP ALG parameters
- Operational mode API for displaying counters, status and statistics
In the SCCP architecture, a proxy, known as the CallManager, does most of the processing. IP phones, also called End Stations, run the SCCP client and connect to a primary (and, if available, a secondary) CallManager over TCP on port 2000 and register with the primary CallManager. This connection is then used to establish calls coming to or from the client.
The SCCP ALG supports the following:
- Call flow from a SCCP client, through the CallManager, to another SCCP client.
- Seamless failover—Switches over all calls in process to the standby firewall during failure of the primary.
- Voice-over-IP (VoIP) signaling payload inspection—Fully inspects the payload of incoming VoIP signaling packets. Any malformed packet attack is blocked by the ALG.
- SCCP signaling payload inspection—Fully inspects the payload of incoming SCCP signaling packets. Any malformed-packet attack is blocked by the ALG.
- Stateful processing—Invokes the corresponding VoIP-based state machines to process the parsed information. Any out-of-state or out-of-transaction packet is identified and properly handled.
- Network Address Translation (NAT)—Translates any embedded IP address and port information in the payload, based on the existing routing information and network topology, with the translated IP address and port number, if necessary.
- Pinhole creation and management for VoIP traffic—Identifies IP address and port information used for media or signaling and dynamically opens (and closes) pinholes to securely stream the media.
This topic includes the following sections:
SCCP Security
The SCCP ALG includes the following security features:
- Stateful inspection of SCCP control messages over TCP and validation of the message format, and message validity for the current call state. Invalid messages are dropped.
- Security policy enforcement between Cisco IP phones and Cisco CallManager.
- Protect against call flooding by rate limiting the number of calls processed by the ALG.
- Seamless failover of calls, including the ones in progress in case of device failure in a clustered deployment.
SCCP Components
The principal components of the SCCP VoIP architecture include the following:
SCCP Client
The SCCP client runs on an IP phone, also called an End Station, which uses SCCP for signaling and for making calls. For an SCCP client to make a call, it must first register with a Primary CallManager (and a secondary, if available). The connection between the client and the CallManager is over TCP on port 2000. This connection is then used to establish calls to or from the client. Transmission of media is over RTP, UDP, and IP.
CallManager
The CallManager implements SCCP call control server software and has overall control of all devices and communication in the SCCP VoIP network. Its functions include defining, monitoring and controlling SCCP groups, regions of numbers, and route plans; providing initialization, admission, and registration of devices on the network; providing a redundant database that contains addresses, phone numbers, and number formats; and initiating contact with called devices or their agents to establish logical sessions in which voice communication can flow.
Cluster
A cluster is a collection of SCCP clients and a CallManager. The CallManager in the cluster detects all SCCP clients in the cluster. There can be more than one CallManager for backup in a cluster. CallManager behavior varies in each of the following cluster scenarios:
- Intra-Cluster, in which the CallManager detects each SCCP client, and the call is between SCCP clients of the same cluster.
- Inter-Cluster, in which the CallManager needs to communicate with another CallManager using H.323 for call setup.
- Inter-Cluster calls using the gatekeeper for admission
control and address resolution.
CallManager behavior also varies with calls between an SCCP client and a phone in a public switched telephone network (PSTN), and with calls between an SCCP client and a phone in another administrative domain that is using H.323.
SCCP Transactions
SCCP transactions are the processes that need to take place in order for an SCCP call to proceed. SCCP transactions include the following processes:
Client Initialization
To initialize, the SCCP client needs to determine the IP address of the CallManager, its own IP address, and other information about the IP gateway and DNS servers. Initialization takes place on the local LAN. The client sends a Dynamic Host Control Protocol (DHCP) request to get an IP address, the DNS server address, and the TFTP server name and address. The client needs the TFTP server name to download the configuration file called sepmacaddr.cnf. If the TFTP name is not given, the client uses the default filename in the IP phone. The client then downloads the .cnf (xml) configuration file from TFTP server. CNF files contain the IP address or addresses of the primary and secondary Cisco CallManager. With this information, the client contacts the CallManager to register.
Client Registration
The SCCP client, after initialization, registers with the CallManager over a TCP connection on well-known default port 2000. The client registers by providing the CallManager with its IP address, the MAC address of the phone, and other information, such as protocol and version. The client cannot initiate or receive calls until it is registered. Keepalive messages keep this TCP connection open between the client and CallManager so that the client can initiate or receive calls at any time, provided that a policy on the device allows this.
Call Setup
IP phone-to-IP phone call setup using SCCP is always handled by the CallManager. Messages for call setup are sent to the CallManager, which returns messages appropriate to the status of the call. If call setup is successful, and a policy on the device allows the call, the CallManager sends the media setup messages to the client.
Media Setup
The CallManager sends the IP address and port number of the called party to the calling party. The CallManager also sends the media IP address and port number of the calling party to the called party. After media setup, media is transmitted directly between clients. When the call ends, the CallManager is informed and terminates the media streams. At no time during this process does the CallManager hand over call-setup function to the client. Media is streamed directly between clients through RTP/UDP/IP.
SCCP Control Messages and RTP Flow
Figure 28 shows the SCCP control messages used to set up and tear down a simple call between Phone 1 and Phone 2. Except for the OffHook message initiating the call from Phone1 and the OnHook message signaling the end of the call, all aspects of the call are controlled by the CallManager.
Figure 28: Call Setup and Teardown
SCCP Messages
Table 31, Table 32, Table 33, and Table 34 list the SCCP call message IDs in the four intervals allowed by the device.
Table 31: Station to CallManager Messages
#define STATION_REGISTER_MESSAGE | 0x00000001 |
#define STATION_IP_PORT_MESSAGE | 0x00000002 |
#define STATION_ALARM_MESSAGE | 0x00000020 |
#define STATION_OPEN_RECEIVE_CHANNEL_ACK | 0x00000022 |
Table 32: CallManager to Station Messages
#define STATION_START_MEDIA_TRANSMISSION | 0x00000001 |
#define STATION_STOP_MEDIA_TRANSMISSION | 0x00000002 |
#define STATION_CALL_INFO_MESSAGE | 0x00000020 |
#define STATION_OPEN_RECEIVE_CHANNEL_ACK | 0x00000022 |
#define STATION_CLOSE_RECEIVE_CHANNEL | 0x00000106 |
Table 33: CallManager 4.0 Messages and Post Sccp 6.2
#define STATION_REGISTER_TOKEN_REQ_MESSAGE | 0x00000029 |
#define STATION_MEDIA_TRANSMISSION_FAILURE | 0x0000002A |
#define STATION_OPEN_MULTIMEDIA_RECEIVE_CHANNEL_ACK | 0x00000031 |
Table 34: CallManager to Station
#define STATION_OPEN_MULTIMEDIA_RECEIVE_CHANNEL | 0x00000131 |
#define STATION_START_MULTIMEDIA_TRANSMISSION | 0x00000132 |
#define STATION_STOP_MULTIMEDIA_TRANSMISSION | 0x00000133 |
#define STATION_CLOSE_MULTIMEDIA_RECEIVE_CHANNEL | 0x00000136 |
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- ALG Overview
- SCCP ALG Configuration Overview
- Example: Configuring the SCCP ALG CallManager/TFTP Server in the Private Zone (CLI)
