SIP–RTP

SIP–RTP refers to the combination of two protocols used together to deliver real-time voice and video calls, especially in VoIP, IMS, and telecom networks.

1. Overview

Voice and video calls over IP use two major protocols:

• SIP (Session Initiation Protocol) → Signaling

• RTP (Real-time Transport Protocol) → Media (voice/video)

Because SIP carries only signalling and RTP carries the actual media, correlation is required to associate RTP flows with the corresponding SIP session.

This feature enables ASN-DPI to:

1. Parse SIP and extract SDP parameters

2. Track media endpoints (IP:Port)

3. Correlate live RTP traffic to the SIP session

4. Export SIP and RTP metadata to Kafka topics

2. SIP Processing

2.1 What SIP Does

SIP is responsible for:

• Setting up a call

• Exchanging SDP with codec & media IP/port

• Modifying the session

• Ending the call

Important: SIP does not carry media. It only negotiates media parameters.

3. SDP (Session Description Protocol)

SDP is embedded inside SIP messages (INVITE, 200 OK, ACK).

SDP contains:

• Media types (voice, video, dtmf, etc.)

• Codec formats

• Media IP and port

• Transport protocol (e.g., RTP/AVP)

This is the key information used for SIP→RTP correlation.

4. RTP (Real-time Transport Protocol)

• Carries actual audio/video packets.

• Does not contain SIP identifiers.

• ASN-DPI correlates RTP streams by SrcIP/DstIP/SrcPort/DstPort with SDP parameters.

5. SIP–RTP Correlation

Why is it needed?

RTP packets contain no SIP call ID or SIP headers.

To identify SIP sessions, need to do correlation Thus DPI must match SDP media endpoints: ip:port

SIP Metadata Explanation

Field Name	Explanation
SIP_CALL_ID	Unique identifier of the SIP call (from the Call-ID header). Used to correlate all SIP messages and RTP streams belonging to the same call.
DIRECTION	Direction of this signaling leg relative to the probe (e.g., UPLINK / DOWNLINK). Typically derived from the interface or IP rules.
ExpType	SIP session classification (e.g., NORMAL, ERROR, RETRY). Indicates how the SIP session was processed.
SIP_SDP_MEDIA_COUNT	Number of m= media lines in the SDP body. Each media line represents one media stream (audio/video).
SIP_SDP_MEDIA_TYPE_0	Media type of the first m= line, e.g., “audio” or “video”.
SIP_SDP_MEDIA_PROTOCOL_0	Transport protocol for the media stream from SDP (e.g., RTP/AVP, RTP/SAVP, UDP/TLS/RTP/SAVPF).
SIP_SDP_MEDIA_CONNECTIONS_0	Connection address and port of the media stream: <IP>:<Port> taken from "m=" or "c=" SDP lines.
SIP_SDP_MEDIA_NUMBER_OF_FORMATS_0	Number of payload formats listed for this media stream.
SIP_SDP_MEDIA_FORMAT_0	List of RTP payload types (e.g., 8 13 101) offered or accepted for this media stream.

RTP Metadata Explanation

Field Name	One-Line Explanation
SIP_RTP_SessionID	A SIP-derived unique session identifier linking the RTP media stream to its corresponding SIP call
RTP_AV_SessionID	Internal media stream identifier used to differentiate individual audio/video flows within the same call.
RTP_SenderID	Unique ID representing the endpoint sending the RTP packets, derived from SIP signaling.
RTP_ReceiverID	Unique ID representing the endpoint receiving the RTP packets, used to identify the destination leg of the media stream.
RTP_EncodingName	Codec name negotiated in SDP (e.g., PCMU, PCMA, OPUS, CN), indicating how payload bytes must be interpreted.
RTP_MediaType	Indicates whether the RTP flow carries audio or video, extracted from SDP (m= line).
RTP_ClockRate	The sample clock rate for the codec (e.g., 8000 for G.711) used for timestamp progression.
RTP_Channels	Number of audio channels (mono=1, stereo=2), taken from SDP attribute fields.
RTP_SeqNo	The packet’s RTP sequence number used for packet ordering, loss detection, and OOO detection.
RTP_Timestamp	RTP timestamp that indicates the playback position based on the codec’s clock rate.
RTP_Payload	RTP payload type number identifying the codec or special types like comfort noise (13).
RTP_PacketInterval	The theoretically expected inter-packet spacing in milliseconds based on codec frame size (e.g., 20ms for G.711).
RTP_PacketIntervalMeasured	Actual measured time difference between consecutive RTP packets received, used for jitter detection.
KPI_RTP_PacketLost	Total number of missing sequence numbers indicating RTP packet loss over the flow.
KPI_RTP_Jitter	RTP jitter value, reflecting variation in packet arrival times.
KPI_RTP_JitterMs	Jitter expressed in milliseconds (converted from RTP timestamp units).
KPI_RTP_Frequency	The RTP clock frequency used for jitter and latency calculations (matches RTP_ClockRate).
KPI_RTP_PacketOverhead	Total overhead bytes per RTP packet including IP/UDP/RTP headers (used for bandwidth analysis).
KPI_RTP_PacketOoo	Count of packets arriving out-of-order compared to sequence numbers.
KPI_RTP_PacketDuplicate	Count of duplicate RTP packets with identical sequence numbers.