Via Header Chains and SIP Loops

1. What Via does

Each SIP request carries one or more Via headers. The Via header chain represents the path the request has traveled. The first Via is the most recent proxy (or the originating UA); the last Via is the originator.

When a proxy receives a request:

1. It checks if its own URI is already in any Via — if so, the request has looped
2. It adds a new Via at the top of the list with its own address and a unique branch parameter
3. It forwards the request to the next hop

When a response arrives, the proxy:

1. Pops its own Via (which is at the top)
2. Forwards the response to the address indicated in the next Via

The chain ensures responses follow the same path as the request, in reverse. This is independent of the Route/Record-Route mechanism, which is for in-dialog request routing.

2. The branch parameter

The branch parameter on the Via header serves two purposes:

Transaction identification

Each transaction has a unique branch. RFC 3261 specifies that branches must start with the magic cookie z9hG4bK followed by a unique value. This combination identifies the transaction across all hops — a proxy can match a response to its transaction by matching the branch.

Loop detection helper

When a proxy receives a request, it computes its own branch deterministically from the Request-URI, To, From, Call-ID, CSeq, and the topmost Via. If a proxy sees its own Via with a matching branch on an incoming request, the request has looped through the same point with the same parameters — a real loop, not just a request that happens to traverse the same proxy twice for legitimate reasons.

The deterministic branch calculation means a proxy can detect loops without keeping persistent state of every request it has seen.

3. Loop detection

Loops happen when SIP routing creates a cycle. Common causes:

• Misconfigured forwarding rules that bounce back to the source
• Failed routing decisions that send the request back through the same proxy
• DNS misconfiguration where two different SIP domains resolve to the same proxy
• Hunt groups that include the originating extension in their target list

Without loop detection, a looped request would be forwarded indefinitely, consuming proxy resources and never delivering. The Via chain provides immediate detection.

When a loop is detected, the proxy responds 482 Loop Detected. The originating UA receives this and stops trying.

4. Max-Forwards as a backstop

Loop detection via Via inspection is reliable when proxies follow RFC behavior, but it can fail if proxies do not properly check Via or if the loop traverses different paths each time (rotating between equivalent proxies).

Max-Forwards is the backstop. Each request starts with Max-Forwards: 70 (the default). Each proxy decrements it by one. If Max-Forwards reaches zero, the proxy responds 483 Too Many Hops without forwarding.

Max-Forwards limits any single SIP path to 70 hops, which is far more than any reasonable network needs. A request that hits 0 has either looped through dozens of intermediaries or traversed an absurdly complex routing topology.

The two mechanisms are complementary: Via detects exact loops, Max-Forwards stops paths that are too long for any reason.

5. rport and received parameters

Real-world SIP runs through NAT, which complicates response routing. Two parameters help:

received

When a proxy receives a request from a source IP that does not match the Via address (because of NAT), it adds received=<actual.source.ip> to the Via. This tells subsequent hops where the request actually came from, regardless of what the originator put in Via.

rport (RFC 3581)

The originator includes rport in its Via. The proxy fills in the actual source port observed when receiving the request. Combined with received, this provides full source IP and port for response routing.

Both parameters are essential for SIP through NAT. Without them, a phone behind NAT could send a request from internal address 192.168.1.50:5060, the request arrives at the proxy with that internal Via, and any response would be sent to 192.168.1.50 — an unroutable address. With received and rport, the proxy knows to send the response to the public IP/port the NAT actually used.

6. Reading Via from a trace

• Count the Via headers. The number of proxies between origin and destination. More than 5 or 6 is unusual; more than 10 suggests a routing problem.
• Check the topmost Via on requests. The most recent proxy. Should match the actual sender of the message.
• Branch starts with z9hG4bK? Yes for any modern stack. Missing the magic cookie indicates a very old or non-compliant stack.
• received= present? Indicates NAT was detected. Useful for understanding the actual source IP.
• rport= present and filled in? Both originator and proxy support RFC 3581. Critical for symmetric SIP through NAT.
• 482 Loop Detected responses? Indicates a routing cycle. Check the Via chain to see where the loop occurred.
• 483 Too Many Hops responses? Max-Forwards expired. Either a long but legitimate path or an undetected loop.
• Same proxy appearing multiple times in Via? Could be legitimate (a proxy that intentionally re-enters the path) or a loop. Check branch parameters — identical branches indicate a true loop.

Frequently asked questions

What is the SIP Via header used for?

The Via header records the path a SIP request has traveled. Each proxy adds its own Via on the way out and uses the chain to route responses back to the requester. The branch parameter on Via uniquely identifies each transaction. Via also serves as the primary mechanism for loop detection — a proxy that sees its own Via on an incoming request knows the request has looped.

What is the branch parameter on a SIP Via header?

The branch parameter uniquely identifies a SIP transaction. RFC 3261 requires it to start with the magic cookie z9hG4bK followed by a unique value. The branch lets proxies match responses to their transactions and detect loops. A proxy receiving a request that contains its own Via with the same branch knows the request has looped through the same point with the same parameters.

What is the difference between Via and Record-Route in SIP?

Via routes responses back to the request originator and is used for transaction-level routing. Each proxy adds a Via on the way and pops it on the way back. Record-Route is for routing in-dialog requests like re-INVITE and BYE — it tells endpoints which proxies to traverse for subsequent messages in the dialog. Via handles request/response, Record-Route handles dialog continuation.