Avaya Support Forums

Avaya Support Forums (http://support.avaya.com/forums/index.php)
-   IP Telephony and Convergence (http://support.avaya.com/forums/forumdisplay.php?f=8)
-   -   QOS | IPSI, H323, Encryption question (http://support.avaya.com/forums/showthread.php?t=1640)

bspunt 04-13-2012 09:15 AM

QOS | IPSI, H323, Encryption question
Hello all,

I wanted to know (for QOS identification purposes) if IPSI control traffic and H323 signaling traffic when using encryption, does the encryption only affect the payload, so for example, will IPSI CONTROL traffic still be using TCP 5010 and H323 using all the standard ports it normally uses?, e.g. the header not affected..

In the network I'm working on, we dont have the luxury of identifying via DSCP/COS value, so I have to identify via layer 4 mechanism.

Thanks in advance...basically, I just want to know if turning on encryption only affects the payload and not the header....

aa1 04-16-2012 02:45 AM

QOS | IPSI, H323, Encryption question
Please take a look at this document to see if it will help you:

Avaya AuraŽ Communication Manager Security Design
Release 6.2

The IPSI link is secured using the AES-128-CBC [AES] encryption algorithm to prevent unauthorized access or modification. Inside the encrypted payload, the CRC-16 algorithm is used for error detection and to prevent unauthorized modification of the payload. Since the IPSI link is between only a specific interface card and the Communication Manager server, the key that is used to secure that link needs to be known only by those two entities. AES-128-CBC is dependent on the previous ciphertext block and the current plaintext. Hence, it is unlikely that a cycle of any length is visible unless the transmitted information is identical.


bspunt 04-16-2012 10:39 AM

Hi Arbi,

Thanks for reply... yeah, I've seen/read that info prior, but it's still not 100% clear, so again, can you confirm, is it only the payload that's encrypted? and header not affected, so for example, is control traffic still using TCP port 5010...long story short, I want to know if IPSI control traffic still using TCP 5010 when encryption is enabled? if you can confirm (if known), it would be much appreciated! thanks!:)

All times are GMT -7. The time now is 02:24 AM.