Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Peeredge Orchestrator Authentication Methods

            Created by Kelly Evans, Modified on Wed, 4 Jun at 10:35 AM by Kelly Evans

            The Peeredge Orchestrator supports both IP/FQDN and registration based authentication methods. All inbound SIP Invites to the Orchestrator must be authenticated.


            IP address or FQDN Authentication

            The most common authentication method is to match the source IP address or Fully Qualified Domain Name (FQDN), the source port (UDP only), and the protocol (i.e. UDP, TCP, or TLS).  Note: TCP and TLS use random source ports so they cannot be used for authentication purposes.  For Termination Customer and Origination Vendor trunk groups these random source ports are represented with a value of 1. 



            SIP Trunk Registration

            The Peeredge SBC supports username and password-based registration for SIP Trunks. For Origination Customer and Termination Vendor trunk groups, successful registration of a SIP Trunk results in an Address of Record (AOR) that can be used to route calls to. Terminating Customer and Origination Vendor trunk groups do not use the Address of Records (AORs). 

            The Peeredge SBC responds to all unauthenticated SIP Invites with a SIP 401 Unauthorized message. The SIP 401 message includes a WWW-Authenticate header with a Realm and Nonce. The SBC/PBX uses this information to generate a response (a 32-byte hash of the SIP Digest username, password, realm nc, nounce, cnouce, uri and response) encrypted by the MD5 algorithm. This response and other hashed fields, and encryption algorithms (i.e. MD5) are included in an Authorization Header in a follow-up SIP Invite. If the Peeredge SBC calculated response matches the response in the Authorization Header, the SIP Invite is accepted.

            For Termination Customer and Origination Vendor trunk groups, the Bound IP field can be used to restrict the registration to a specific IP address and the ANI Override field can be used to override the value (often the username) in the From, PAI, and RPID headers with a specific telephone number.

            When configured for username and password-based registration, each SBC or PBX must use a unique username. 

            SIP Trunk registration supports the UDP, TCP and TLS protocols.

            Recommendations

            If the SBC or PBX IP addresses are statically defined, 46 Labs recommends authenticating with the source IP address or FQDN.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0