|OSI layer||Application layer|
|Internet protocol suite|
Inter-Asterisk eXchange (IAX) is a communications protocol native to the Asterisk private branch exchange (PBX) software, and is supported by a few other softswitches, PBX systems, and softphones. It is used for transporting voice over IP telephony sessions between servers and to terminal devices.
The original IAX protocol is deprecated and has been superseded by a second version, commonly called IAX2. The IAX2 protocol was published as an informational (non-standards-track) RFC 5456 by discretion of the RFC Editor in February 2010.
IAX is a binary-encoded voice over Internet protocol (VoIP) that is used for streaming media, but is primarily designed for IP voice calls.
IAX uses a single User Datagram Protocol (UDP) data stream and port number, by default 4569, between endpoints for both session signaling and media payloads. This feature provides benefits for traversing network address translators at network boundaries, as it simplifies firewall configuration. Other VoIP protocols typically use independent channels for signaling and media, such as the Session Initiation Protocol (SIP), H.323, and the Media Gateway Control Protocol (MGCP), which carry media with the Real-time Transport Protocol (RTP).
IAX supports trunking, multiplexing channels over a single link. When trunking, data from multiple sessions are merged into a single stream of packets between two endpoints, reducing the IP overhead. This is advantageous in VoIP transmissions, in which IP headers use a large fraction of bandwidth.
IAX2 supports native encryption of both control and media streams using AES-128.
Both versions of the IAX protocol were created by Mark Spencer and much of the development was carried out in the Asterisk open-source community.
The primary goals for IAX are to minimize bandwidth used in media transmissions, and to provide native network address translation (NAT) transparency. It was intended to be easy to use behind firewalls.
- Awkward extensibility: Due to the lack of a generic extension mechanism, new features have to be added in the protocol specification, which makes the protocol less flexible than H.323, SIP, and MGCP.
- Vulnerability: Older implementations of IAX2 were vulnerable to resource exhaustion DoS attack methods that are available to the public. While no solutions existed for these issues, the best practices included limiting UDP port access to specific trusted IP addresses. Internet-facing IAX2 ports are considered vulnerable and should be monitored closely. The fuzzer used to detect these application vulnerabilities was posted on milw0rm. and is included in the VoIPer development tree. These issues were briefly mentioned in the IAX RFC 5456 on page 94. This flaw does not exist in up-to-date installations.
- RFC 5456, page 1: "Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind."
- Cornell, Blake. "udp IAX protocol fuzzer". milw0rm. Archived from the original on 2010-02-14.
- Cornell, Blake (2009-05-19). "udp IAX protocol fuzzer". VoIPER : VoIP Exploit Research toolkit. Retrieved 2013-05-28.
- Russell Bryant (2009-09-03). "Asterisk Project Security Advisory - AST-2009-006". Asterisk. Retrieved 2013-05-28.