IAX is a VoIP protocol that can be used for any type of streaming media including video, but is mainly designed for IP voice calls. IAX uses a single User Datagram Protocoldata stream between endpoints for both the session signaling and the media payloads. Thus it uses only a single UDP port number, typically 4569. This feature provides benefits for traversing network address translators on network boundaries, as it simplifies firewall configuration. Other VoIP protocols typically use independent streams for signaling and media, such as the Session Initiation Protocol, H.323, and the Media Gateway Control Protocol, which carry media with the Real-time Transport Protocol. IAX is a binary-encoded protocol. New extension features must have a new numeric code allocated. Historically, this was modeled after the internal data passing of Asterisk modules. IAX supports trunking, multiplexing channels over a single link. When trunking, data from multiple sessions are merged into a single stream of packets between two endpoints, reducing the IP overhead without creating additional latency. This is advantageous in VoIP transmissions, in which IP headers use a large percentage of bandwidth. IAX2 supports native encryption of both control and media streams using AES-128.
Origin
Both versions of the IAX protocol were created by Mark Spencer and much of the development was carried out in the Asterisk open-source community.
Goals
The primary goals for IAX are to minimize bandwidth used in media transmissions, with particular attention drawn to control individual voice calls, and to provide native network address translation transparency. It was intended to be easy to use behind firewalls.
Drawbacks
Awkward extensibility: Due to the lack of a generic extension mechanism, new features have to be added in the protocol specification, which makes the protocol less flexible than H.323, SIP or MGCP.
Vulnerability: Older implementations of IAX2 were vulnerable to resource exhaustionDoS attacks that are available to the public. While no solutions existed for these issues, the best practices included limiting UDP port access to specific trusted IP addresses. Internet-facing IAX2 ports are considered vulnerable and should be monitored closely. The fuzzer used to detect these application vulnerabilities was posted on milw0rm and is included in the VoIPer development tree. These issues were briefly mentioned in the IAX RFC 5456 on page 94. This flaw does not exist in up-to-date installations of Asterisk or other PBXes.