Inter-Asterisk eXchange (IAX) is a communications protocol native to the Asterisk private branch exchange (PBX) software, and is supported by a few other softswitches, PBX systems, and softphones. It is used for transporting VoIP telephony sessions between servers and to terminal devices.
IAX now most commonly refers to IAX2, the second version of the IAX protocol. The original IAX protocol is deprecated.
IAX2 is a VoIP protocol that carries both signaling and media on the same port. The commands and parameters are sent in binary format and any extension has to have a new numeric code allocated. Historically this was modeled after the internal data passing of Asterisk modules.
IAX2 uses a single UDP data stream (usually on port 4569) to communicate between endpoints, multiplexing signaling and media flow. IAX2 easily traverses firewalls and network address translators. This is in contrast to SIP, H.323 and MGCP which use an out-of-band RTP stream to deliver information.
IAX2 supports trunking, multiplexing channels over a single link. When trunking, data from multiple calls are merged into a single stream of packets between two endpoints, reducing the IP overhead without creating additional latency. This is advantageous in VoIP transmissions, in which IP headers use a large percentage of bandwidth.
IAX2 supports native encryption of both control and media streams using AES-128.
Both versions of the IAX protocol were created by Mark Spencer for Asterisk for VoIP signaling. The protocol sets up internal sessions and these sessions can use various codecs for voice transmission. The Inter-Asterisk Exchange protocol essentially provides control and transmission of streaming media over Internet Protocol (IP) networks. IAX can be used with any type of streaming media including video, however it is mainly designed for IP voice calls.
The primary goals for IAX were to minimize bandwidth used in media transmissions, with particular attention drawn to control individual voice calls, and to provide native network address translation (NAT) transparency. It was intended to be easy to use behind firewalls.
The basic structure of IAX is that it multiplexes signaling and multiple media streams over a single User Datagram Protocol (UDP) stream between two computers. IAX is a binary protocol, designed to reduce overhead especially in regard to voice streams. Bandwidth efficiency in some places is sacrificed in exchange for bandwidth efficiency for individual voice calls. One UDP stream is easier to set up for users that are behind a firewall.
- Awkward extensibility: Due to the lack of a generic extension mechanism, new features have to be added in the protocol specification, which makes the protocol less flexible than H.323, SIP or MGCP.
- Vulnerability: Older implementations of IAX2 were vulnerable to resource exhaustion DoS attacks that are available to the public. While no solutions existed for these issues, the best practices included limiting UDP port access to specific trusted IP addresses. Internet-facing IAX2 ports are considered vulnerable and should be monitored closely. The fuzzer used to detect these application vulnerabilities was posted on milw0rm and is included in the VoIPer development tree. These issues were briefly mentioned in the IAX RFC 5456 on page 94. This flaw does not exist in up-to-date installations of Asterisk or other PBXes.
- SIP connection (aka SIP trunk)
- RFC 5456 page 1: "Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind."
- Cornell, Blake. "udp IAX protocol fuzzer". milw0rm. Archived from the original on 2010-02-14.
- Cornell, Blake (2009-05-19). "udp IAX protocol fuzzer". VoIPER : VoIP Exploit Research toolkit. Retrieved 2013-05-28.
- Russell Bryant (2009-09-03). "Asterisk Project Security Advisory - AST-2009-006". Asterisk. Retrieved 2013-05-28.
- RFC 5456 IAX: Inter-Asterisk eXchange Version 2
- RFC 6315 IANA Registration for Enumservice 'iax'
- Boucadair, Mohamed (February 2009). Inter-Asterisk Exchange (IAX): Deployment Scenarios in SIP-Enabled Networks. Wiley. ISBN 978-0-470-77072-6.
- "Asterisk firewall rules". voip-info.org. 2011-10-31. Retrieved 2013-05-28.