Inter-Asterisk eXchange (IAX) is a communications protocol native to the Asterisk private branch exchange (PBX) software, and is supported by a few other softswitches, PBX systems, and softphones. It is used for transporting VoIP telephony sessions between servers and to terminal devices.
The original IAX protocol is deprecated and has been superseded by a second version, commonly called IAX2. The IAX2 protocol was published as an informational (non-standards-track) RFC 5456 by discretion of the RFC Editor in February 2010.
IAX is a VoIP protocol that can be used for any type of streaming media including video, but is mainly designed for IP voice calls.
IAX uses a single User Datagram Protocol (UDP) data stream between endpoints for both the session signaling and the media payloads. Thus it uses only a single UDP port number, typically 4569. This feature provides benefits for traversing network address translators on network boundaries, as it simplifies firewall configuration. Other VoIP protocols typically use independent streams for signaling and media, such as the Session Initiation Protocol (SIP), H.323, and the Media Gateway Control Protocol (MGCP), which carry media with the Real-time Transport Protocol (RTP).
IAX is a binary-encoded protocol. New extension features must have a new numeric code allocated. Historically, this was modeled after the internal data passing of Asterisk modules.
IAX supports trunking, multiplexing channels over a single link. When trunking, data from multiple sessions are merged into a single stream of packets between two endpoints, reducing the IP overhead without creating additional latency. This is advantageous in VoIP transmissions, in which IP headers use a large percentage of bandwidth.
IAX2 supports native encryption of both control and media streams using AES-128.
Both versions of the IAX protocol were created by Mark Spencer and much of the development was carried out in the Asterisk open-source community.
The primary goals for IAX are to minimize bandwidth used in media transmissions, with particular attention drawn to control individual voice calls, and to provide native network address translation (NAT) transparency. It was intended to be easy to use behind firewalls.
- Awkward extensibility: Due to the lack of a generic extension mechanism, new features have to be added in the protocol specification, which makes the protocol less flexible than H.323, SIP or MGCP.
- Vulnerability: Older implementations of IAX2 were vulnerable to resource exhaustion DoS attacks that are available to the public. While no solutions existed for these issues, the best practices included limiting UDP port access to specific trusted IP addresses. Internet-facing IAX2 ports are considered vulnerable and should be monitored closely. The fuzzer used to detect these application vulnerabilities was posted on milw0rm and is included in the VoIPer development tree. These issues were briefly mentioned in the IAX RFC 5456 on page 94. This flaw does not exist in up-to-date installations of Asterisk or other PBXes.
- SIP connection (aka SIP trunk)
- RFC 5456, page 1: "Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind."
- Cornell, Blake. "udp IAX protocol fuzzer". milw0rm. Archived from the original on 2010-02-14.
- Cornell, Blake (2009-05-19). "udp IAX protocol fuzzer". VoIPER : VoIP Exploit Research toolkit. Retrieved 2013-05-28.
- Russell Bryant (2009-09-03). "Asterisk Project Security Advisory - AST-2009-006". Asterisk. Retrieved 2013-05-28.