Symmetric NAT Traversal

From TBwiki
(Difference between revisions)
Jump to: navigation, search
Line 4: Line 4:
 
A Network Address Translation (NAT) has many functions such as: firewall, hiding the client IP. Usually, a NAT limits the number of "opened" IPs/Ports allowed to communicate with the internal network and ignores all messages addressed to the "closed" IPs/Ports. A typical call can be described as follow:
 
A Network Address Translation (NAT) has many functions such as: firewall, hiding the client IP. Usually, a NAT limits the number of "opened" IPs/Ports allowed to communicate with the internal network and ignores all messages addressed to the "closed" IPs/Ports. A typical call can be described as follow:
 
<br>
 
<br>
[[File:passive_nat_traversal_use_case.jpg|Figure 1: NAT Traversal typical Use-case|Figure 1: NAT Traversal typical Use-case]]
+
[[File:passive_nat_traversal_use_case.jpg|Figure 1: NAT Traversal typical Use-case|alt Figure 1: NAT Traversal typical Use-case]]
 
<br />
 
<br />
 
# When a client (Bob) calls someone (Alice) located outside of the internal network, the messages need to get through the NAT which sends the messages to SBC/Tmedia.
 
# When a client (Bob) calls someone (Alice) located outside of the internal network, the messages need to get through the NAT which sends the messages to SBC/Tmedia.
Line 35: Line 35:
  
 
In a User Datagram Protocol (UDP), a SIP traversal through the NAT can be resumed as follows:<br />
 
In a User Datagram Protocol (UDP), a SIP traversal through the NAT can be resumed as follows:<br />
[[File:Passive_Nat_Traversal_Sip_Sequence_Call.jpg|600px|Figure 2: SIP Traversal Through NAT over UDP|Figure 2: SIP Traversal Through NAT over UDP]]
+
[[File:Passive_Nat_Traversal_Sip_Sequence_Call.jpg|600px|Figure 2: SIP Traversal Through NAT over UDP|alt Figure 2: SIP Traversal Through NAT over UDP]]
  
 
== Important Reminders ==
 
== Important Reminders ==

Revision as of 15:39, 26 March 2018

Tmedia supports NAT (Network Address Translation) Traversal.

Contents

Typical Use-Case

A Network Address Translation (NAT) has many functions such as: firewall, hiding the client IP. Usually, a NAT limits the number of "opened" IPs/Ports allowed to communicate with the internal network and ignores all messages addressed to the "closed" IPs/Ports. A typical call can be described as follow:
alt Figure 1: NAT Traversal typical Use-case

  1. When a client (Bob) calls someone (Alice) located outside of the internal network, the messages need to get through the NAT which sends the messages to SBC/Tmedia.
  2. After their reception, SBC/Tmedia processes and forwards the messages to Alice.
  3. When SBC/Tmedia gets a reply from the Alice, it sends the answer back to the NAT.
  4. The NAT checks if the received messages from SBC/Tmedia are allowed to be forwarded to Bob.


Bob's IP can be addressed only in the internal network. When SBC/Tmedia needs to send the Alice's messages to Bob, it cannot use the internal IP of Bob or any other IP closed by the NAT. Usually, a replied message is addressed to the same IP/Port of the NAT where the previous message came from. In this case, SBC/Tmedia sends Alice's messages to the public IP of the NAT. Then, the NAT maps back the message to Bob's internal IP. This is called a symmetric response.

TelcoBridges and Passive NAT Traversal

Tmedia supports passive NAT Traversal that addresses the need of peer VoIP endpoint having a private network address. This endpoint device is situated behind a NAT device, e.g. Firewall, while the Tmedia VoIP port has a public IP address. For the passive mode, TMG detects the received RTP packet's source IP address and port. In response, Tmedia uses this source IP address and port as the packet destination for RTP.

This is also called Remote NAT traversal or far-end NAT traversal.

TelcoBridges and Active NAT Traversal

Active NAT traversal means the TMG endpoint is behind a NAT. The Tmedia unit can advertise a public IP so that the remote device will know where to send the RTP traffic. It can also send the 'a=direction:active' in SIP SDP attribute so that the remote device puts itself in passive mode.

This is also called Local NAT traversal or near-end NAT traversal.

Call Flow

A typical call is made of a flow of messages and is composed of two parts: Session Initiation Protocol (SIP) and Real-Time Transport Protocol (RTP). The SIP part allows:

  • different connection points (Bob's device, NAT, SBC/Tmedia, Alice's device) to identify themselves;
  • to negotiate the parameters (message format) they will use;
  • Initiation of call states (phone ringing, phone picked up, closing the call);

A call always begins and ends with a SIP traversal (before and after the media transmission). The media is transmitted through RTP.

In a User Datagram Protocol (UDP), a SIP traversal through the NAT can be resumed as follows:
alt Figure 2: SIP Traversal Through NAT over UDP

Important Reminders

  • All devices in the path must support symmetric RTP/RTCP: RFC 4961


Configuration

External Sources

  • RFC 4961 Symmetric RTP / RTP Control Protocol (RTCP)


Personal tools