NAT Traversal Speaker: Chin-Chang Chang Date:2007.4.9.

21
NAT Traversal Speaker: Chin-Chang Chang Date:2007.4.9

Transcript of NAT Traversal Speaker: Chin-Chang Chang Date:2007.4.9.

NAT Traversal

Speaker: Chin-Chang Chang

Date:2007.4.9

Outline

What is NAT? Private IP address

Handling of NAT with SIP? Nathelper module Process

Register Invite Bye/Cancel

RTPproxy Reference

What is NAT?(1/2)

NAT (Network Address Translation) Re-writing the source and/or destination

addresses of IP packets as they pass through a router or firewall.

Using NAT enables multiple hosts on a private network to access the Internet using a single public IP address.

What is NAT?(2/2)

http://www.microsoft.com/china/windowsxp/pro/techinfo/planning/networking/nattraversal.asp

Private IP address

Defined in RFC 1918 Address Range

10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255

Routers on the Internet are normally configured to discard any traffic using private IP addresses.

Handling of NAT with SIP?(1/3) SIP Server

UA UA

Internet

SIP Server

RTP

SIP Request Message

SIP Response Message

Handling of NAT with SIP?(2/3) SIP Server

NAT

UA UA

UA

Internet

SIP Server

192.168.0.2192.168.0.3

163.22.16.33

RTP

163.22.16.40163.22.16.35

Handling of NAT with SIP?(3/3) We handle NAT with NAThelper module. There are two solutions for SER. One is RTP

proxy, and the other is mediaproxy. We handle all aspects of NAT at the SIP Prox

y location. RTPproxy is called by NAThelper.

Nathelper Module(1/7)

This is a module to help with NAT traversal. Check whether the client is NATed. If it’s NATed, SIP proxy would rewrite the con

tent of SIP and SDP. The module must be loaded before usrloc mo

dule - only if the NATed contacts are to be pinged.

Nathelper Module(2/7)

natping_interval Period of time in seconds between sending the N

AT pings to all currently registered UAs to keep their NAT bindings alive. Default value is 0.

Ex. modparam("nathelper", "natping_interval", 10) ping_nated_only

If this variable is set then only contacts that have "behind_NAT" flag in user location database set will get ping. Default value is 0.

Ex. modparam("nathelper", "ping_nated_only", 1)

Nathelper Module(3/7)

rtpproxy_sock Socket used to connect to RTPProxy. Ex .modpar

am("nathelper", "rtpproxy_sock", " unix:/var/run/rtpproxy.sock ")

Nathelper Module(4/7)

nat_uac_test(flags) Tries to guess if client's request originated behind a

nat. Meaning of the flags is as follows:

1 - Contact header field is searched for occurrence of RFC1918 addresses.

2 - the "received" test is used: address in Via is compared against source IP address of signaling

4 - Top Most VIA is searched for occurrence of RFC1918 addresses

8 - SDP is searched for occurrence of RFC1918 addresses 16 - test if the source port is different from the port in Via

Nathelper Module(5/7)

All flags can be bitwise combined. The test returns true if any of the tests identifi

ed a NAT. Ex. If(nat_uac_test(“19”))

setflag(6);

Nathelper Module(6/7)

force_rtp_proxy() Rewrites SDP body to ensure that media is passe

d through an RTP proxy. unforce_rtp_proxy()

Tears down the RTPProxy session for the current call

fix_nated_contact() Rewrites Contact HF to contain request's source a

ddress:port.

Nathelper Module(7/7)

fix_nated_register() The function creates a URI consisting of the sourc

e IP, port, and protocol and stores the URI. The URI will be appended as "received" parameter to Contact in 200 OK and registrar will store it in the user location database.

Process-REGISTER

nat_uac_test

…….

setflag(6)

fix_nate_register()

Force_rport()

……

REGISTER

YESUA

When SIP client attempt to REGISTER with our SIP proxy, we need a way to tell the registrar module to store NAT information of this particular UA.

Via:SIP/2.0/UDP 192.168.0.2:8345;rport=32770;received=10.10.61.107;branch=z9hG4bK-d87543-b50cb4161d357529-1--d87543-

Contact: <sip:[email protected]:58348;rinstance=897ed11c7300e1c2>;expires=3600;received="sip:10.10.61.107:32787"

Process-INVITE

Isflagset(6)

…….

force_rport()

fix_nate_contact()

force_rtp_proxy()

……

INVITE

YESUA

Nathelper will then communicate to rtpproxy, which will allocate RTP ports and the SDP payload of the INVITE will be rewritting.

Connection Information (c): IN IP4 163.22.16.40

Process-BYE/CANCEL

Signal is BYE or CANCEL?

…….

Unforce_rtp_proxy()

……

BYE or CANCEL

YESUA

Ensure that the call is torn down when a call is hung up (BYE) or cancelled (CANCEL).

RTPproxy(1/2)RTPProxy

NAT NAT

UA UA

RTP

RTPRTP

RTP

163.22.16.3310.10.61.107

192.168.0.2192.168.0.7

163.22.16.40

RTPproxy(2/2)

Reference

RTPproxy http://ftp.iptel.org/pub/rtpproxy/ SER - Getting Started Document

http://www.iptel.org/ser/doc/gettingstarted Nathelper module

http://www.openser.org/docs/modules/1.2.x/nathelper.html