Avaya Support Forums  

Go Back   Avaya Support Forums > IP Telephony and Convergence

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-13-2012, 09:15 AM
bspunt bspunt is offline
Aspiring Member
 
Join Date: Apr 2012
Posts: 2
bspunt has 10 reputation points
Default QOS | IPSI, H323, Encryption question

Hello all,

I wanted to know (for QOS identification purposes) if IPSI control traffic and H323 signaling traffic when using encryption, does the encryption only affect the payload, so for example, will IPSI CONTROL traffic still be using TCP 5010 and H323 using all the standard ports it normally uses?, e.g. the header not affected..

In the network I'm working on, we dont have the luxury of identifying via DSCP/COS value, so I have to identify via layer 4 mechanism.

Thanks in advance...basically, I just want to know if turning on encryption only affects the payload and not the header....
Reply With Quote
  #2  
Old 04-16-2012, 02:45 AM
aa1 aa1 is offline
Guru
.
 
Join Date: Feb 2010
Location: Budapest - Hungary
Posts: 185
aa1 has 24 reputation pointsaa1 has 24 reputation points
Default QOS | IPSI, H323, Encryption question

Please take a look at this document to see if it will help you:

Avaya Aura® Communication Manager Security Design
Release 6.2
http://support.avaya.com/css/P8/documents/100157160


The IPSI link is secured using the AES-128-CBC [AES] encryption algorithm to prevent unauthorized access or modification. Inside the encrypted payload, the CRC-16 algorithm is used for error detection and to prevent unauthorized modification of the payload. Since the IPSI link is between only a specific interface card and the Communication Manager server, the key that is used to secure that link needs to be known only by those two entities. AES-128-CBC is dependent on the previous ciphertext block and the current plaintext. Hence, it is unlikely that a cycle of any length is visible unless the transmitted information is identical.


Arbi
Reply With Quote
  #3  
Old 04-16-2012, 10:39 AM
bspunt bspunt is offline
Aspiring Member
 
Join Date: Apr 2012
Posts: 2
bspunt has 10 reputation points
Default

Hi Arbi,

Thanks for reply... yeah, I've seen/read that info prior, but it's still not 100% clear, so again, can you confirm, is it only the payload that's encrypted? and header not affected, so for example, is control traffic still using TCP port 5010...long story short, I want to know if IPSI control traffic still using TCP 5010 when encryption is enabled? if you can confirm (if known), it would be much appreciated! thanks!
Reply With Quote
Reply

Tags
dscp, h323, ipsi, qos

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 12:56 AM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.