Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

Published byJocelyn Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and."— Presentation transcript:

1 SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow

2 What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and external public address –Modifies IP Addresses/Ports in Packets –Benefits Avoids network renumbering on change of provider Allows multiplexing of multiple private addresses into a single public address ($$ savings) Maintains privacy of internal addresses Client NATNAT NATNAT S: 1.2.3.4:8877 D: 67.22.3.1:80 Binding Table Internal External 10.0.1.1:6554 -> 1.2.3.4:8877 S: 10.0.1.1:6554 D: 67.22.3.1:80 IP Pkt

3 Problem: Getting SIP Through NATs NATNAT INVITE sip:12345@b.com m=audio 3456 RTP/AVP 0 c=IN IP4 10.0.1.1 RTP to 10.0.1.1

4 Solution Space Application Layer Gateways (ALGs) Session Border Controllers (SBC) Simple Traversal of UDP Through NAT (STUN) Traversal Using Relay NAT (TURN) Interactive Connectivity Establishment (ICE)

5 Application Layer Gateway NATNAT INVITE sip:12345@b.com m=audio 3456 RTP/AVP 0 c=IN IP4 10.0.1.1 RTP to 10.0.1.1 INVITE sip:12345@b.com m=audio 1234 RTP/AVP 0 c=IN IP4 19.1.3.2 ALG NAT also modifies SIP messages to fix them up!

6 ALG Benefits and Drawbacks Drawbacks –Doesn’t work when security turned on –Hard to diagnose problems –Requires network upgrade to support new app –Frequent implementation problems (lack of expertise) –Incentives mismatched Benefits –No change to clients or servers

7 Session Border Controller NATNAT INVITE sip:12345@b.com m=audio 3456 RTP/AVP 0 c=IN IP4 10.0.1.1 SBC 9.8.7.6 INVITE sip:12345@b.com m=audio 3225 RTP/AVP 0 c=IN IP4 9.8.7.6 RTP to 9.8.7.6 SBC relays RTP back to source

8 SBC Benefits and Drawbacks Drawbacks –Expensive media relaying –Interferes with some SIP extensions –Breaks more advanced SIP security Benefits –No change to clients or NATs –Works with basic SIP security mechanisms –Easier to diagnose

9 Simple Traversal of UDP Through NAT (STUN) NATNAT What is my IP address and port please? STUN Server 9.8.7.6 INVITE sip:12345@b.com m=audio 3472 RTP/AVP 0 c=IN IP4 1.2.3.4 RTP to 1.2.3.4 Its 1.2.3.4: 3472

10 STUN Benefits and Drawbacks Drawbacks –Doesn’t always work Benefits –No change to servers or NATs –Works with all SIP security mechanisms –Can support non-VoIP apps (e.g., games)

11 Traversal Using Relay NAT (TURN) NATNAT Give me an IP address and port please? TURN Server 9.8.7.6 INVITE sip:12345@b.com m=audio 2376 RTP/AVP 0 c=IN IP4 9.8.7.6 RTP to 1.2.3.4 9.8.7.6: 2376

12 TURN Benefits and Drawbacks Drawbacks –Expensive Media Relaying Benefits –No change to servers or NATs –Works with all SIP security mechanisms –Can support non-VoIP apps (e.g., games)

13 Interactive Connectivity Establishment (ICE) Hybrid of STUN and TURN P2P NAT Traversal Widely Deployed on Internet Popular with Application Providers

14 ICE Step 1: Allocation Before Making a Call, the Client Gathers Candidates Each candidate is a potential address for receiving media Three different types of candidates – Host Candidates – Server Reflexive Candidates (STUN) – Relayed Candidates (TURN) TURN Host Candidates reside on the agent itself STUN candidates are addresses residing on a NAT NAT TURN candidates reside on a TURN server STUN

15 ICE Step 2: Create Offer Each candidate is placed into an a=candidate attribute of the offer Each candidate line has IP address and port plus other info needed for ICE c=IN IP4 192.0.2.3 t=0 0 m=audio 45664 RTP/AVP 0 a=rtpmap:0 PCMU/8000 a=candidate:1 1 UDP 2130706178 10.0.1.1 8998 typ host a=candidate:2 1 UDP 1694498562 192.0.2.3 45664 typ srflx raddr 10.0.1.1 rport 8998

16 ICE Step 3: Send INVITE Caller sends a SIP INVITE as normal No ICE processing by SIP servers SIP Server INVITE

17 ICE Step 4: Allocation Called party does exactly same processing as caller and obtains its candidates Recommended to not yet ring the phone! TURN NAT STUN

18 ICE Step 5: Provisional Response Callee sends a provisional response containing its SDP with candidates As with INVITE, no processing by proxies Phone has still not rung yet SIP Proxy 1xx

19 ICE Step 6: Verification Each agent pairs up its candidates (local) with its peers (remote) to form candidate pairs Each agent sends a STUN-based ping on each pair, starting at highest priority If a response is received the check has succeeded and we know media can flow on that pair! TURN Server NAT TURN Server NAT 1 2 3 4 5

20 ICE Benefits and Drawbacks Drawbacks –Requires client changes –Requires other side to support it Benefits –Always Works –No change to servers or NATs –Works with all SIP security mechanisms –Minimum Media Relaying –Can support non-VoIP apps (e.g., games) –Built-In Anti-DOS –Eliminates Ghost Rings

Download ppt "SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
www.dynamicsoft.com Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
Interactive Connectivity Establishment: ICE

Interactive Connectivity Establishment: ICE
www.dynamicsoft.com VON Europe 2000 - 06-19-00 SIP Update Jonathan Rosenberg Chief Scientist co-chair, IETF SIP Working Group.

VON Europe SIP Update Jonathan Rosenberg Chief Scientist co-chair, IETF SIP Working Group.
1 © 2005 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID NAT Traversal for VoIP Jonathan Rosenberg Cisco Fellow.

1 © 2005 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID NAT Traversal for VoIP Jonathan Rosenberg Cisco Fellow.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.
Lync 2014 4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
1 SIP IPv6/IPv4 transition solutions 通訊所 鍾國麟. 2 Outline IPV6 transition problem NAT-PT + SIP ALG TZI gateway 3GPP – IMS STUN-Based SIP Proxy.

1 SIP IPv6/IPv4 transition solutions 通訊所 鍾國麟. 2 Outline IPV6 transition problem NAT-PT + SIP ALG TZI gateway 3GPP – IMS STUN-Based SIP Proxy.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.
1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.

1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.
Network Address Translation (NAT) 8.10.2007 Adj. Prof. Sasu Tarkoma.

Network Address Translation (NAT) Adj. Prof. Sasu Tarkoma.

Similar presentations

Ads by Google