Sign in

Forgot Password?

Trouble logging in?

Submit a ticket for Registration Support.

Not a Avaya DevConnect member yet?

Create a DevConnect account to join the program.

register now
^

Avaya Aura® Application Enablement Services

See All Content
X

Release 7.0 - RTP Media and RTCP Encryption Changes

Avaya Aura® Platform Release 7.0 introduces RTP media and RTCP encryption changes that may affect client applications built against earlier releases of Avaya Aura Application Enablement Services (AE Services).

SUMMARY OF RECOMMENDATIONS

Avaya strongly recommends that, going forward, all AE Services client applications support encryption. All new and existing applications should support SRTP for media streams and SRTCP for control streams.



RTP Media Encryption

What's changed?

Client applications that use the AE Services DMCC APIs, and that support encrypted media, may be affected by the following changes introduced in Avaya Aura Platform 7.0 and Avaya Aura Media Server 7.7:

  • Avaya Aura Media Server 7.7 can be deployed as a media gateway in Avaya Aura 7.0 environments.
  • The Advanced Encryption Standard, which is supported by AE Services and legacy media gateways (G430, G450, etc.), is not supported by the Media Server 7.7 media gateway.
  • Avaya Aura Communication Manger 7.0 supports two new RTP media encryption methods (10-srtp-aescm256-hmac80 and 11-srtp-aescm256-hmac32), which can be configured on the ip-codec form. However, these encryption methods are not supported by AE Services 7.0 and therefore cannot be used by DMCC applications.

What do I need to do?

Existing DMCC applications do not need to be updated if they either use NOENCRYPTION (not recommended) or are able to use one or more of the Secure Real-time Transport Protocol (SRTP) encryption methods introduced in AE Services 6.3.

However, to enable DMCC applications that currently use the Advanced Encryption Standard to be deployed in Avaya Aura 7.0 with Media Server 7.7 media gateway environments ...

  • The applications must be updated to be able to use at least one of the supported SRTP encryption methods.
  • Avaya strongly advises that all DMCC applications be able to use all of the recommended SRTP encryption methods.
  • DMCC applications (and all other devices) should gracefully ignore SIP and H.323 call setup/invite requests that are received from Communication Manager 7.0 using unsupported encryption methods.

See Table 1 below for a list of recommended and supported media encryption methods.

  AE Services Release and Media Gateway  
Media Encryption Methods 7.0 +
AAMS
7.0 +
G430/50
6.3 +
G430/50
6.2 and earlier +
G430/50
Notes
NOENCRYPTION Yes Yes Yes Yes  
AES (Advanced Encryption Standard) No Yes Yes Yes  
SRTP_AES128_HMAC32_ENC_AUTH Yes Yes Yes No RECOMMENDED
SRTP_AES128_HMAC32_ENC_UNAUTH Yes Yes Yes No  
SRTP_AES128_HMAC32_UNENC_AUTH Yes Yes Yes No  
SRTP_AES128_HMAC32_UNENC_UNAUTH Yes Yes Yes No  
SRTP_AES128_HMAC80_ENC_AUTH Yes Yes Yes No RECOMMENDED
SRTP_AES128_HMAC80_ENC_UNAUTH Yes Yes Yes No  
SRTP_AES128_HMAC80_UNENC_AUTH Yes Yes Yes No  
SRTP_AES128_HMAC80_UNENC_UNAUTH Yes Yes Yes No  

Table 1: Media encryption methods supported by AE Services and media gateways

RTCP Encryption (SRTCP)

What's changed?

Avaya Aura 7.0 introduces the ability to use SRTCP (Secure RTP Control Protocol) to encrypt RTCP streams from devices in a Communication Manager Network Region. Communication Manager 7.0 supports three modes related to SRTCP on the ip-codec form. If the enforce enc-srtcp mode is specified, devices will not get RTCP information unless they support SRTCP.

What do I need to do?

Applications that currently consume RTCP streams from Avaya devices, such as media gateways and endpoints, must be updated to support SRTCP. For detailed information about SRTCP, see RFC 3711.