Presentation is loading. Please wait.

Presentation is loading. Please wait.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG

Published byIlda Castelhano Barata Modified over 5 years ago

Similar presentations

Presentation on theme: "Running SIP behind NAT Dr. Christian Stredicke, snom technology AG"— Presentation transcript:

1 Running SIP behind NAT Dr. Christian Stredicke, snom technology AG
Paris, France, January 2002

2 Overview 1 Problem Description 2 STUN: Using Legacy Equipment 3
TURN: Fixing Remaining Problems 4 UPnP: Remote Control for Routers 5 Application Layer Gateways 6 Remaining Problems & Solutions

3 Which information does a client has to set up for port forwarding in NAT equipment?
Router needs information where to send packets in private network Map port to private address and port By default packets will be rejected or sent to DMZ Router needs hint for security checking Accept packets from any destination Accept packets only from associated host Accept packets only from associated host and port Client Client Router

4 How did other applications solve the problem?
HTTP, telnet, … Using TCP DNS, others “Digging holes”: Set up association when client sends out packet from unmapped port for seconds Security policy hardwired by vendor Some offer a DNS proxy (application layer gateway) ftp Does not work! Inexperienced users use http instead Some routers offer applications layer gateway Heterogeneous environment Every vendor does it in a different way “Digging holes” is common denominator

5 snom STUN uses the digging hole trick to set up port associations
Initialization procedure checks environment Goal: Check if STUN is needed Type of NAT does actually not really matter because user is not interested in failure reason SIP port kept alive by sending packets every s RTP ports are allocated dynamically when starting a call Otherwise keep-alive traffic would be double RTCP port can not be allocated because next port allocation is unlikely Long ringing and putting caller on hold is problematic (no port refresh during this time)

6 In cases when NAT is symmetrical, TURN could be a solution
3. SIP/Media Client 2. Activate Request/Response 1. Allocate Request/Response Client STUN/TURN Server Router

7 TURN works in symmetrical NAT environment, but has too many problems
Scalability TURN server becomes “media server” Every call generates about 50 packets per second Delay Sending packets over media server increases transport delay significantly E.g. local call in Tokyo when TURN server is in Frankfurt TURN specification Needs rework (activation message not defined)

8 UPnP is the right approach
Generic protocol to allocate ports on router Works with SIP, can be used with other applications as well Can be integrated with firewalls Not too hard to implement Microsoft Messenger uses UPnP “De facto standard” Virtually all DSL router vendors offer UPnP now Problem: Old Equipment Use STUN Maybe use TURN, even if call duration is terrible Instruct customers to set up ports manually

9 With the increasing availability of UPnP, most home customers can be addressed
2002 2003 STUN STUN UPnP Software Updates New Equipment UPnP Illustrative

10 Application layer gateways (ALG) solve the problem in the business area
Business customers have different requirements than home users Many phones Want to run proxies, media servers, application servers behind their firewall These applications probably will not have UPnP or STUN Therefore, firewalls will probably include SIP-aware ALG Sample SIP NAT ALG available from snom

11 Calling phones in the same network requires ancillary information
1a) Phone A sends to public address of B 1b) Router will not forward packet, call will fail 2) A knows B is in the same NAT and sends packet to private address instead

12 Ancillary information must be placed in contact URI and in SDP
INVITE SIP/2.0 Via: SIP/2.0/UDP :5060;branch=z9hG4bK-6rms4e9tmtsz Max-Forwards: 70 From: To: Call-ID: CSeq: 1 INVITE Contact: Content-Type: application/sdp Content-Length: 311 v=0 o=root IN IP s=SIP Call c=IN IP t=0 0 m=audio RTP/AVP a=rtpmap:0 pcmu/8000 a=rtpmap:101 telephone-event/8000 a=fmtp: a=x-private: : :10004

13 Multi-tier NAT requires a list of private addresses
STUN NAT1 When using STUN, a STUN server is required between the layers STUN NAT2 NAT3 Phone A Phone B A has three identities: :5060 :1234 :5678 B has three identities: :5060 :1234 :5679

14 How should a phone boot up?
Try UPnP UPnP available No response (5 seconds) or not available Use UPnP This step can be done even without STUN, as the registrar returns the response quick Try to Register No problem: either public address, ALG or total private environment Registrar complains about private address Use STUN Use Given Identity

15

16 © 2002 snom technology Aktiengesellschaft Written by:
Dr. Christian Stredicke Version: 1.0 The author has made his best effort to prepare this document. The content is based upon latest information whenever possible. The author makes no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this document. For more information, mail Pascalstr. 10E, Berlin, Germany.

Download ppt "Running SIP behind NAT Dr. Christian Stredicke, snom technology AG"

Similar presentations

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Paris, France, January 2002.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Paris, France, January 2002.
SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.
Phone Product Roadmap snom technology AG, November 2004.

Phone Product Roadmap snom technology AG, November 2004.
NAT Traversal Panasonic Communications Co.,Ltd Office Network Company Network SE Team 2008 Feb 25 th.

NAT Traversal Panasonic Communications Co.,Ltd Office Network Company Network SE Team 2008 Feb 25 th.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
Session Initiation Protocol Winelfred G. Pasamba.

Session Initiation Protocol Winelfred G. Pasamba.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.

RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.
CSc 461/561 CSc 461/561 Multimedia Systems Part C: 2. SIP.

CSc 461/561 CSc 461/561 Multimedia Systems Part C: 2. SIP.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.

SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.
Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.
Via contains the address at which the originator is expecting to receive responses to this request. Mandatory To contains a display name and a SIP URI.

Via contains the address at which the originator is expecting to receive responses to this request. Mandatory To contains a display name and a SIP URI.
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Running SIP behind NAT Dr. Christian Stredicke, snom technology AG, Miami, USA, February 2002.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG, Miami, USA, February 2002.
Running SIP behind NAT Dr. Christian Stredicke, snom technology AG, Voice Over Net, USA, April 2003.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG, Voice Over Net, USA, April 2003.
RTP Relay Support in Intelligent Gateway Author: Pieere Pi

RTP Relay Support in Intelligent Gateway Author: Pieere Pi

Similar presentations

Ads by Google