Chin-Hsiung Hsu, Yao-Wen Chang, and Sani Rechard Nassif From ICCAD09.
NAT Traversal Speaker: Chin-Chang Chang Date:2007.4.9.
-
Upload
gervase-weaver -
Category
Documents
-
view
225 -
download
1
Transcript of NAT Traversal Speaker: Chin-Chang Chang Date:2007.4.9.
Outline
What is NAT? Private IP address
Handling of NAT with SIP? Nathelper module Process
Register Invite Bye/Cancel
RTPproxy Reference
What is NAT?(1/2)
NAT (Network Address Translation) Re-writing the source and/or destination
addresses of IP packets as they pass through a router or firewall.
Using NAT enables multiple hosts on a private network to access the Internet using a single public IP address.
What is NAT?(2/2)
http://www.microsoft.com/china/windowsxp/pro/techinfo/planning/networking/nattraversal.asp
Private IP address
Defined in RFC 1918 Address Range
10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
Routers on the Internet are normally configured to discard any traffic using private IP addresses.
Handling of NAT with SIP?(1/3) SIP Server
UA UA
Internet
SIP Server
RTP
SIP Request Message
SIP Response Message
Handling of NAT with SIP?(2/3) SIP Server
NAT
UA UA
UA
Internet
SIP Server
192.168.0.2192.168.0.3
163.22.16.33
RTP
163.22.16.40163.22.16.35
Handling of NAT with SIP?(3/3) We handle NAT with NAThelper module. There are two solutions for SER. One is RTP
proxy, and the other is mediaproxy. We handle all aspects of NAT at the SIP Prox
y location. RTPproxy is called by NAThelper.
Nathelper Module(1/7)
This is a module to help with NAT traversal. Check whether the client is NATed. If it’s NATed, SIP proxy would rewrite the con
tent of SIP and SDP. The module must be loaded before usrloc mo
dule - only if the NATed contacts are to be pinged.
Nathelper Module(2/7)
natping_interval Period of time in seconds between sending the N
AT pings to all currently registered UAs to keep their NAT bindings alive. Default value is 0.
Ex. modparam("nathelper", "natping_interval", 10) ping_nated_only
If this variable is set then only contacts that have "behind_NAT" flag in user location database set will get ping. Default value is 0.
Ex. modparam("nathelper", "ping_nated_only", 1)
Nathelper Module(3/7)
rtpproxy_sock Socket used to connect to RTPProxy. Ex .modpar
am("nathelper", "rtpproxy_sock", " unix:/var/run/rtpproxy.sock ")
Nathelper Module(4/7)
nat_uac_test(flags) Tries to guess if client's request originated behind a
nat. Meaning of the flags is as follows:
1 - Contact header field is searched for occurrence of RFC1918 addresses.
2 - the "received" test is used: address in Via is compared against source IP address of signaling
4 - Top Most VIA is searched for occurrence of RFC1918 addresses
8 - SDP is searched for occurrence of RFC1918 addresses 16 - test if the source port is different from the port in Via
Nathelper Module(5/7)
All flags can be bitwise combined. The test returns true if any of the tests identifi
ed a NAT. Ex. If(nat_uac_test(“19”))
setflag(6);
Nathelper Module(6/7)
force_rtp_proxy() Rewrites SDP body to ensure that media is passe
d through an RTP proxy. unforce_rtp_proxy()
Tears down the RTPProxy session for the current call
fix_nated_contact() Rewrites Contact HF to contain request's source a
ddress:port.
Nathelper Module(7/7)
fix_nated_register() The function creates a URI consisting of the sourc
e IP, port, and protocol and stores the URI. The URI will be appended as "received" parameter to Contact in 200 OK and registrar will store it in the user location database.
Process-REGISTER
nat_uac_test
…….
setflag(6)
fix_nate_register()
Force_rport()
……
REGISTER
YESUA
When SIP client attempt to REGISTER with our SIP proxy, we need a way to tell the registrar module to store NAT information of this particular UA.
Via:SIP/2.0/UDP 192.168.0.2:8345;rport=32770;received=10.10.61.107;branch=z9hG4bK-d87543-b50cb4161d357529-1--d87543-
Contact: <sip:[email protected]:58348;rinstance=897ed11c7300e1c2>;expires=3600;received="sip:10.10.61.107:32787"
Process-INVITE
Isflagset(6)
…….
force_rport()
fix_nate_contact()
force_rtp_proxy()
……
INVITE
YESUA
Nathelper will then communicate to rtpproxy, which will allocate RTP ports and the SDP payload of the INVITE will be rewritting.
Connection Information (c): IN IP4 163.22.16.40
Process-BYE/CANCEL
Signal is BYE or CANCEL?
…….
Unforce_rtp_proxy()
……
BYE or CANCEL
YESUA
Ensure that the call is torn down when a call is hung up (BYE) or cancelled (CANCEL).
RTPproxy(1/2)RTPProxy
NAT NAT
UA UA
RTP
RTPRTP
RTP
163.22.16.3310.10.61.107
192.168.0.2192.168.0.7
163.22.16.40