Frequently Asked Question

SIP Trunking FAQ - REGISTER and Authentication
Last Updated about an hour ago

Basic Concepts

Q: What is SIP Trunking?

SIP Trunking is a method of connecting your phone system (PBX) to the public telephone network over the internet instead of using traditional phone lines. It uses the SIP (Session Initiation Protocol) to set up and manage phone calls, and RTP (Real-time Transport Protocol) to carry the actual voice data.

Q: What are the two main ways to authenticate with a SIP Trunk provider?

There are two primary authentication methods:

  • REGISTER-based authentication - Your PBX actively registers with the provider and authenticates using a username and password
  • IP-based authentication - Your PBX's public IP address is pre-configured with the provider, and no registration is needed

REGISTER-Based Authentication

Q: How does REGISTER-based authentication work?

When your PBX starts up, it sends a REGISTER message to the SIP trunk provider. This message tells the provider "I'm here, and this is how to reach me." The process works like this:

  1. Your PBX sends a REGISTER request to the provider's SIP server
  2. The provider challenges your PBX with an authentication request (this is the AUTH step)
  3. Your PBX responds with credentials (username and password)
  4. If accepted, the provider records your PBX's public IP address and port number
  5. The provider now knows where to send incoming calls destined for your phone numbers

Q: What is the "Expires" header in REGISTER messages?

The REGISTER message includes an "Expires" header that tells the provider how long the registration should remain valid (typically 300-3600 seconds). Before this time expires, your PBX automatically sends a new REGISTER message to refresh the registration. This is called "re-registration" and ensures the provider always knows your current location.

Q: What information does the REGISTER message contain?

The REGISTER message includes:

  • AOR (Address of Record) - Your SIP identity (like sip:yourcompany@provider.com)
  • Contact address - Your PBX's public IP address and port (like sip:1.2.3.4:5060)
  • Expires time - How long the registration is valid
  • Authentication credentials - Username and password (sent after the initial challenge)

Q: What does AUTH mean in the context of SIP Trunking?

AUTH refers to the authentication challenge-response process. When your PBX tries to REGISTER (or sometimes when making outbound calls), the provider sends back a "401 Unauthorised" or "407 Proxy Authentication Required" response. This challenges your PBX to prove its identity by sending credentials. Your PBX then re-sends the request with an Authorisation header containing the username and password (encrypted using a digest method). If the credentials are correct, the provider accepts the registration or call.

Q: Why would I choose REGISTER-based authentication?

REGISTER-based authentication offers several advantages:

  • Flexibility - You can change your public IP address without contacting the provider; the PBX will simply re-register from the new location
  • Quick failover - If you need to migrate to a backup system or different location during an outage, the new system can register immediately and start receiving calls within seconds
  • Dynamic environments - Works well if your internet connection doesn't have a static IP address
  • Multiple locations - You can have backup PBX systems at different sites that can take over by registering when needed

IP-Based Authentication (No REGISTER)

Q: How does IP-based authentication work?

With IP-based authentication (sometimes called "static trunking"), the provider pre-configures your PBX's public IP address in their system. Your PBX doesn't need to REGISTER at all. The provider simply accepts calls from your IP address and sends incoming calls to that IP address. It's like having your address in the provider's phone book permanently.

Q: What are the requirements for IP-based authentication?

For IP-based authentication to work, you need:

  • Static public IP address - Your internet connection must have a fixed IP address that doesn't change
  • Pre-configuration - You must provide your public IP address to the provider in advance
  • Fixed port - Your PBX must send and receive SIP messages on a consistent port (usually 5060)

Q: When would I use IP-based authentication instead of REGISTER?

IP-based authentication is simpler and has less overhead, but it's less flexible:

  • Pros: No registration traffic, no credentials to manage, slightly simpler configuration
  • Cons: Requires static IP, harder to migrate during outages, must contact provider to change IP address, no automatic failover

It's less common today because most organisations prefer the flexibility of REGISTER-based authentication for disaster recovery scenarios.

NAT and Network Considerations

Q: How does NAT affect SIP Trunking?

Most PBX systems sit behind a firewall performing Network Address Translation (NAT). This means your PBX has a private internal IP address (like 192.168.1.100) but presents a public IP address (like 203.0.113.50) to the internet. Your PBX must be configured to:

  • Include its public IP address in SIP messages (not its private IP)
  • Map its internal IP and port to the public IP and port
  • Keep NAT mappings alive by sending periodic keep-alive messages

Q: How does RTP work through NAT?

RTP carries the actual voice data for calls. Your PBX uses a range of UDP ports for RTP (commonly 10000-20000). These ports are "block NATed," meaning:

  • Your firewall maps a range of public ports to the same range of internal ports
  • When your PBX makes a call, it picks an available port from this range (rotating through them)
  • The PBX includes this public IP and port in the SIP INVITE message (in the SDP body)
  • The provider sends voice data back to that public IP and port
  • Your firewall forwards it to the PBX's internal IP and port

Q: What ports need to be open on my firewall?

For SIP Trunking to work, you typically need:

  • UDP 5060 (or your chosen SIP port) - for SIP signaling
  • UDP 10000-20000 (or your chosen RTP range) - for voice data (RTP)

These should be open for both inbound and outbound traffic to/from your provider's IP addresses.

Inbound Calls

Q: How do inbound calls work with REGISTER-based authentication?

When someone calls one of your phone numbers:

  1. The call arrives at your SIP trunk provider
  2. The provider looks up which PBX has registered for that phone number
  3. The provider sends a SIP INVITE message to the public IP address and port that your PBX provided during registration
  4. Your firewall forwards this to your PBX's internal IP and port
  5. Your PBX answers and the call is established

Q: How do inbound calls work with IP-based authentication?

The process is similar, but simpler:

  1. The call arrives at your SIP trunk provider
  2. The provider looks up the pre-configured IP address for your phone number
  3. The provider sends a SIP INVITE to that IP address and port
  4. Your PBX receives and answers the call

Q: What information is in an inbound INVITE?

The inbound INVITE message contains:

  • Request-URI - The called number (your DID/phone number)
  • To header - Also contains the called number
  • From header - The caller's number (CLI - Calling Line Identity)
  • P-Asserted-Identity header - May also contain verified caller information
  • SDP body - Contains the provider's IP address and port for sending RTP voice data

Outbound Calls

Q: How do outbound calls work?

When someone in your organisation makes an external call:

  1. Your PBX sends a SIP INVITE message to the provider's SIP server
  2. The INVITE includes your public IP address and an RTP port from your range (e.g., 203.0.113.50:15234)
  3. If using REGISTER-based auth, the provider may challenge with AUTH (407 response)
  4. Your PBX re-sends the INVITE with authentication credentials
  5. The provider accepts the call and routes it to the destination
  6. Voice data flows directly between your PBX and the provider using RTP

Q: What information is in an outbound INVITE?

Your outbound INVITE contains:

  • Request-URI - The number you're calling
  • To header - The called number (CLD - Called Line Identity)
  • From header - Your caller ID (CLI - what the recipient will see)
  • Contact header - Your PBX's public IP and port
  • SDP body - Your public IP and RTP port for receiving voice data

Q: Does AUTH apply to outbound calls?

It depends on your provider's configuration:

  • With REGISTER-based authentication, some providers require AUTH on every outbound call, while others only require it during registration
  • With IP-based authentication, AUTH is typically not required for outbound calls since your IP address is already trusted

Common Scenarios and Troubleshooting

Q: What happens if my REGISTER expires and my PBX doesn't re-register?

If your PBX fails to re-register before the Expires time runs out:

  • The provider removes your registration from their database
  • Inbound calls to your numbers will fail (callers may hear "number not in service")
  • Outbound calls may still work if the provider doesn't require active registration for outbound
  • Once your PBX successfully registers again, inbound calls will resume

Q: Can I have both REGISTER-based and IP-based trunks from the same provider?

Yes, many organisations use both:

  • REGISTER-based trunks for their primary PBX (for flexibility and failover)
  • IP-based trunks for specific applications or legacy systems that don't support REGISTER

Q: What's the main advantage of REGISTER for disaster recovery?

The key benefit is speed and simplicity during an outage. If your primary PBX or location goes down:

  • You can quickly activate a backup PBX at a different location
  • The backup PBX registers with the same credentials
  • Within seconds, the provider starts routing calls to the new location
  • No need to contact the provider to update IP addresses
  • No DNS changes or firewall reconfigurations at the provider level

With IP-based authentication, you'd need to contact the provider to update the IP address, which could take minutes or hours during an emergency.

Q: What should I ask my SIP trunk provider?

When setting up SIP Trunking, ask your provider:

  • Do you support REGISTER-based authentication, IP-based authentication, or both?
  • What is your SIP server address for REGISTER messages?
  • What username and password should I use for AUTH?
  • What Expires time do you recommend for REGISTER?
  • Do you require AUTH on outbound calls, or only during REGISTER?
  • What are your SIP server IP addresses (for firewall rules)?
  • What SIP and RTP ports should I use?
  • Do you support failover scenarios with multiple PBX registrations?

Summary

Q: What's the bottom line - REGISTER or IP-based?

REGISTER-based authentication is generally recommended for most organisations because:

  • It provides flexibility to change IP addresses without provider involvement
  • It enables quick failover and disaster recovery
  • It works with dynamic IP addresses
  • It's the modern standard for SIP Trunking

IP-based authentication is simpler but less flexible:

  • Good for stable environments with static IPs that rarely change
  • Slightly less overhead (no registration traffic)
  • Less common today due to lack of failover capabilities

Many providers support both methods, so you can choose based on your specific needs and disaster recovery requirements.

This website relies on temporary cookies to function, but no personal data is ever stored in the cookies.
OK
Powered by GEN UK CLEAN GREEN ENERGY

Loading ...