1 / 36

SIP Traversal over NAT Problems and Solutions

SIP Traversal over NAT Problems and Solutions . Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division). Outline. Before we start NAT SIP Traversal over NAT NAT Check . Before we start…. You have learned VoIP You will try to use VoIP but only write the paper.

hume
Download Presentation

SIP Traversal over NAT Problems and Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006(Taiwan,NICI IPv6 R&D Division)

  2. Outline • Before we start • NAT • SIP Traversal over NAT • NAT Check

  3. Before we start…. • You have learned VoIP • You will try to use VoIP but only write the paper. • Don’t forget the final solution.

  4. Face the music… • VoIP can’t work in most of the IPv4 networks. • Most of the “real network” work with NAT

  5. NAT(RFC2663)IP Network Address Translator (NAT) Terminology and Considerations • Traditional NAT • Basic NAT • NAPT • Bi-directional NAT • Twice NAT • Multi-Home NAT

  6. Bi-directional NAT • With a Bi-directional NAT, sessions can be initiated from hosts in the public network as well as the private network. Private network addresses are bound to globally unique addresses, statically or dynamically as connections are established in either direction. The name space (i.e., their Fully Qualified Domain Names) between hosts in private and external networks is assumed to be end-to-end unique.

  7. Twice NAT • Twice NAT is a variation of NAT in that both the source and destination addresses are modified by NAT as a datagram crosses address realms.

  8. Multi-Home NAT • Multiple NAT boxes or multiple links on the same NAT box, sharing the same NAT configuration can provide fail-safe backup for each other.

  9. Basic NAT Variations (RFC 3489)STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) • Full Cone NAT • Restricted Cone • Port Restricted Cone: • Symmetric

  10. Full Cone • A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.

  11. Restricted Cone • A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X.

  12. Port Restricted Cone • A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.

  13. Symmetric • A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host

  14. APP will get problem with NAT… • From RFC2663.2993.RFC3022.RFC3027.RFC3225.RFC3489.P2P draft.. • Non-port Data flow will be blocked • Packet will be Changed • Forward cause the lower performance • Data flow will be blocked(directional)

  15. Non-port Data flow will be blocked • It will not happen in VoIP

  16. Packet will be Changed • Can’t pass IPsec(ESP)

  17. Forward case the lower performance • It’s easy to see..

  18. Data flow will be blocked (directional) • App need multi-session. • Use IP payload info for connection • P2P

  19. SIP Traversal over NAT • Hole Punching • DNS_ALG • SIP_ALG/RTP Relay Server • STUN • TURN • Tunnel • UPnP • MIDCOM • RFC1335:A Two-Tier Address

  20. Hole Punching • It’s simple . • It’s just a tool.

  21. DNS_ALG • Use DQDN • Cooperate with NAT-BOX to provide Bi-directional .

  22. How DNS_ALG work?

  23. SIP_ALG/RTP Relay Server • SIP_ALG • RTP Relay

  24. SIP_ALG

  25. RTP Relay

  26. STUN • Agent + Hole Punching • Can’t work with Symmetric

  27. Can’t work with Symmetric • http://www.linuxsky.net/html/200512/1781.html

  28. TURN • Use Relay TURN server • It Can work with Symmetric

  29. Tunnel • Use third party Tunnel or VPN..

  30. UPnP • MS~ MS~

  31. MIDCOM(RFC 3304)Middlebox Communications (midcom) Protocol Requirements • http://www.ietf.org/html.charters/midcom-charter.html

  32. RFC1335:A Two-Tier Address • ……forget this solution…

  33. NAT Check • Check Your Network Address Translator for Compatibility with Peer-to-Peer Protocols • http://midcom-p2p.sourceforge.net/

  34. Final Solution IPv6

More Related