Introduction

Voice over IP (VoIP) is a service that allows sending voice messages on the IP network. VoIP technology is mainly based on Session Initiation Protocol (SIP), which contains a set of procedures for devices (can be laptops, cell phones, tablets) to initiate, maintain, and terminate a VoIP session.

The SIP clients initially communicate with the SIP server using SIP protocol, which is either TCP or UDP on port 5060. This completes the initiation phase and both the SIP clients are validated by the SIP server. After this, the SIP clients can communicate with each other using Real-time Transport Protocol (RTP) which runs on top of UDP. After the communication has finished, the SIP clients end the session.

VoIP communication without EAA Tunnel Application

The diagram below explains VoIP communication using SIP protocol between SIP clients and SIP server during a SIP session at a high-level when you do not have the EAA Tunnel Application:

1. The SIP Client1 and SIP Client2 communicate with the SIP server using TCP or UDP over port 5060, to start the initiation process.
2. After the initiation is successful, the SIP Client1 and SIP Client2 communicate with each other using Real-time Transit Protocol (RTP), which uses UDP, normally over ports 10000 - 20000.
3. The voice communication finishes. The SIP session ends with the two SIP clients disconnecting from each other.

VoIP communication with EAA Tunnel Application

With the configuration changes in STEP1 and STEP 2 all VoIP communication between SIP clients is re-routed through the SIP server during a SIP session:

VoIP Setup

1. AZT Client (Version: 6.1.4 ) installed on laptop
2. Any SIP Client installed on laptop
3. SIP Server - Asterisk Version 22.1.0

If your VoIP architecture is different, please reach out to Akamai support for assistance.

VoIP Configuration with EAA

To configure an EAA Tunnel Application to support VoIP communication using Asterisk SIP server, follow these steps:

STEP 1: Create an EAA Tunnel Application with Destinations for SIP Server and SIP Clients

1. Log in to Enterprise Center.

2. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

3. Click Add Application (+).

4. In Type select Client-Access App. In Mode select Tunnel mode (multiple ports, UDP and TCP).

5. Enter application name and optional description.

6. Click Add Application.

7. In App Settings > Settings configure the following:

   • Endpoint Host. Enter the external host of your application.
     This is the cloud endpoint for all communications between the client access application and Enterprise Application Access. Additionally, choose one of these domains:

   • Use your domain. If you use your own custom domain, you must provide a certificate configured as a complete bundle with all the subordinates (having the full chain of trust), otherwise you get a web-socket error.
     To use an uploaded certificate, select Use uploaded certificates and select the previously uploaded certificate.

   • Use Akamai domain. If you use an Akamai domain no certificate is needed.

   • Akamai Cloud Zone. The cloud zone should be a geographic location closest to the data center where your application resides.

8. Optionally, you can add an application category for the app.

9. Click Save.

10. Configure the Destinations for the EAA Tunnel Application, to support the SIP server and the SIP Clients communication using the SIP protocol or the RTP protocol:

Typically SIP clients connect over SIP using either TCP or UDP on port 5060. The SIP Clients may have configured the SIP server hostname in their configuration, but the SIP protocol uses IP addresses to communicate between the SIP server and the SIP Client, so you must include both the rules. Similarly the client will need to reach the server using RTP over a range of ports. This is configurable but here we allow connections to ports 10000-20000 which is typical.

📘

Note

a. You must replace IP address 1.2.3.4 and hostname sip-server-host with values appropriate for your environment.

b. You must replace the typical range of ports 10000 to 20000 with the ports in your environment.

11. To add connectors to the application, select Connectors.
12. Click Add connector and select one or more connectors, and click Add connector.
13. Click the Authentication tab.
    1. Enable Authentication.
    2. In Identity provider select an identity provider from the list.
    3. Click Assign Directory and select one or more directories from the list.
    4. Click Associate.
    5. The directory appears in Assigned Directories.
14. Click the Access tab. Add ACLs (optional)
15. Click the Advanced tab. Go to the Miscellaneous section. Enable the Use sticky cookie for connectors. This ensures that the SIP client uses the same connector for the lifetime of a session.
16. Click Save and Deploy, to save and deploy the changes.

STEP 2: Enable Symmetric SIP and Symmetric RTP in Asterisk SIP Server

1. Configure the server to ensure all call media passes through the SIP server. Then using the RTP Symmetric [RFC4961] and SIP Symmetric [RFC3581] settings you allow the server to use the same set of source and destination ports in the response packets that were used by the client when it connected. When using Asterisk server, modify the pjsip.conf endpoint configuration as shown below:

Unset
[my-endpoint]
type=endpoint
direct_media=no
rtp_symmetric=yes
force_rport=yes
rewrite_contact=yes
...

📘

Note

The … indicates any other additional configurations you may have for your environment.

2. Configure the address of record (AoR) settings qualification frequency to 30 seconds. This ensures that SIP Clients frequently update their registrations with the SIP server to ensure that the connector's NAT entry for the client is not removed. For example:

Unset
[my-aor]
type=aor
qualify_frequency=30

This completes the configuration in the Asterisk based VoIP server.

You can use the EAA Tunnel Application for VoIP communication.