SRTP is more processing intensive than RTP. As a result, when SRTP calls are routed through the IP Office system, the systems concurrent call capacity is reduced. On an IP500 V2 the reduction is 66%, on a Linux-base server the reduction is 50%. Refer to the Avaya IP Office™ Platform Guidelines: Capacity

These reductions only occur when the media stream terminates or originates on IP Office. For that reason, it is important to use direct media wherever possible.

SRTP direct media only occurs when, in addition to normal direct media requirements, both the external endpoints SRTP capabilities match. If they do not match, the IP Office handles the connection to both endpoints as SRTP non-direct media. This reduces the systems concurrent call capacity by two.

The following recommendations must be followed as a starting point:

• Enable both RTP encryption and authentication. Some endpoints will not negotiate at all if either is off.

• Set RTP encryption/authentications to AES-128/CTR plus SHA-1/80.

• Set RTCP encryption off. Some systems, including Avaya Communication Manager, do not support RTCP encryption.

• If possible, configure all SIP extensions for best effort (capability negotiation or 'cap-neg'). This allows the IP Office settings to dictate SRTP behavior.

  • Note: The auto-generated configuration files that IP Office provides to 1100/1200 Series and B179 phones always indicates to the phones to do best effort, even if the IP Office SRTP configuration is set to Best Effort or Enforce.

• Ensure consistency between the system and per-extension SRTP settings for SIP soft clients that connect to IP Office in simultaneous-registration mode.

• All direct media settings on.

• Ensure that the default codec selections always include G711.

Another performance consideration is the extra bandwidth incurred when SRTP is active; authentication adds 4 or 10 bytes to each packet for both RTP and RTCP. Given a 20ms sample period, active SRTP uses the following approximate IP bandwidth for a single call: