voip nat references
play

VoIP + NAT References SIP, NAT and Firewalls , Fredrik - PDF document

Jan 11, 2024 •349 likes •637 views

1 VoIP + NAT References SIP, NAT and Firewalls , Fredrik Thernelius Baruch Sterman and David Schwartz, NAT Traversal in SIP , Deltathree STUN Simple Traversal of UDP Through Network Address Translators ,

  1. 1 VoIP + NAT

  2. References � “ SIP, NAT and Firewalls ” , Fredrik Thernelius � Baruch Sterman and David Schwartz, “ NAT Traversal in SIP ” , Deltathree � “ STUN – Simple Traversal of UDP Through Network Address Translators ” , RFC 3489, IETF � “ An Extension to the SIP for Symmetric Response Routing ” , RFC 3581, IETF 2

  3. Outline � Introduction � The Problem of VoIP + NAT � Possible Solutions for VoIP + NAT 3

  4. What is NAT? NAT - Network Address Translation � � RFC 3022 - Traditional IP Network Address Translator (Traditional NAT) � RFC 1918 - Address Allocation for Private Internets (BCP 5) � RFC 2993 - Architectural Implications of NAT � RFC 3027 - Protocol Complications with the IP Network Address Translator � RFC 3235 - Network Address Translator (NAT)-Friendly Application Design Guidelines Convert Network Address (and Port) between private and public � realm Works on IP layer � Transparent to Application � 4

  5. 54.38.54.4 Packet 39.39.88.9 54.38.54.4 8765 80 DA DP SA SP Router Router 39.39.88.9 Packet 54.38.54.4 39.39.88.9 8765 80 DA DP SA SP

  6. DA DA DA DP DP DP SA SA SA SP SP SP 39.39.88.9 80 192.168.5.2 8765 39.39.88.9 80 192.168.5.2 8765 DA 39.39.88.9 SA 54.38.54.49 DP 80 SP 8765 DA 39.39.88.9 DA 54.38.54.49 Packet 39.39.88.9 192.168.5.2 SA SA 39.39.88.9 DP 80 54.38.54.49 54.38.54.49 DP 8765 SP 8765 DA 192.168.5.2 SP 80 Packet Packet SA 39.39.88.9 DP 8765 SP 80 Packet 192.168.5.2

  7. Flavors of NAT [1/3] Static NAT � Requiring same number of globally IP addresses as that of hosts in private environment � Mapping between internal IP addresses and external addresses is set manually � This mapping intends to stay for a long period of time 7

  8. Flavors of NAT [2/3] Dynamic NAT � Collect the public IP addresses into an IP address pool � A host connecting to the outside network is allocated an external IP address from the address pool managed by NAT 8

  9. Flavors of NAT [3/3] NAPT (Network Address and Port Translation) � A special case of Dynamic NAT � Use port numbers as the basics for the address translation � The mechanism most commonly used 9

  10. Types of NAT � Full Cone � Restricted Cone � Port Restricted Cone � Symmetric 10

  11. Full Cone NAT Client sends a packet to public address A. � NAT allocates a public port (12345) for private port (21) on � the client. Any incoming packet (from A or B) to public port (12345) will � dispatch to private port (21) on the client. Computer A IP: 202.123.211.25 IP: 222.111.99.1 Port: 12345 Port: 20202 Client NAT IP: 10.0.0.1 Computer B Port: 21 IP: 222.111.88.2 Port: 10101 Mapping Table 10.0.0.1:21 <-> 12345 11

  12. Restricted Cone NAT [1/2] Client sends a packet to public address A. � NAT allocate a public port (12345) for private port (21) on � the client. Only incoming packet from A to public port (12345) will � dispatch to private port (21) on the client. Computer A IP: 202.123.211.25 IP: 222.111.99.1 Port: 12345 Port: 20202 Client NAT IP: 10.0.0.1 Computer B Port: 21 IP: 222.111.88.2 Port: 10101 Mapping Table 10.0.0.1:21 <-> 12345 (for A) 12

  13. Restricted Cone NAT [2/2] Client sends another packet to public address B. � NAT will reuse allocated public port (12345) for private port � (21) on the client. Incoming packet from B to public port (12345) will now � dispatch to private port (21) on the client. Computer A IP: 202.123.211.25 IP: 222.111.99.1 Port: 12345 Port: 20202 Client NAT IP: 10.0.0.1 Computer B Port: 21 IP: 222.111.88.2 Port: 10101 Mapping Table 10.0.0.1:21 <-> 12345 (for A) 10.0.0.1:21 <-> 12345 (for B) 13

  14. Port Restricted Cone NAT Client sends a packet to public address A at port 20202. � NAT will allocate a public port (12345) for private port (21) � on the client. Only incoming packet from address A and port 20202 to � public port (12345) will dispatch to private port (21) on the client. Computer A IP: 202.123.211.25 Client IP: 222.111.99.1 NAT Port: 12345 IP: 10.0.0.1 Port: 20202 Port: 21 Port: 30303 Mapping Table 10.0.0.1:21 <-> 12345 (for A : 20202) 10.0.0.1:21 <-> 12345 (for A : 30303) 14

  15. Symmetric NAT NAT allocates a public port each time the client sends a � packet to different public address and port Only incoming packet from the original mapped public � address and port will dispatch to private port on client IP: 202.123.211.25 Computer A Port: 12345 IP: 222.111.99.1 Client Port: 20202 IP: 10.0.0.1 NAT Port: 21 Computer B IP: 222.111.88.2 IP: 202.123.211.25 Port: 10101 Port: 45678 Mapping Table 10.0.0.1:21 <-> 12345 (for A : 20202) 10.0.0.1:21 <-> 45678 ( for B : 10101) 15

  16. VoIP Protocol and NAT � NAT converts IP addresses on IP layer � Problem 1: � SIP, H.323, Megaco and MGCP are application layer protocol but contain IP address/port info in messages, which is not translated by NAT � Problem 2: � Private client must send a outgoing packet first (to create a mapping on NAT) to receive incoming packet 16

  17. Solving NAT Traversal Problems � Objectives � Discover mapped public IP & port for private IP & port � Use mapped public IP & port in application layer message � Keep this mapping valid � Issues � NAT will automatically allocate a public port for a private address & port if needed. � NAT will release the mapping if the public port is “ idle ” � No TCP connection on the port � No UDP traffic on the port for a period (1 min~ 5 min) � Keep a TCP connection to destination � Send UDP packets to destination every specified interval 17

  18. NAT Solutions IPv6 (Internet Protocol Version 6) � UPnP (Universal Plug-and-Play) � UPnP Forum - http://www.upnp.org/ � Proprietary protocol by NAT/Firewall � SIP ALG (Application Level Gateway) � No standard now � SIP extensions for NAT traversal � RFC 3581 � Works for SIP only, can not help RTP to pass through NAT � STUN (Simple Traversal of UDP Through Network Address Translators) � RFC 3489 � Works except symmetric NAT � TURN (Traversal Using Relay NAT) � draft-rosenberg-midcom-turn-04 � for symmetric NAT � 18

  19. Two Distinct Cases – NAT Deployment [1/2] Case I : SIP Provider is the IP Network Provider 19

  20. Two Distinct Cases – NAT Deployment [2/2] Case II : SIP Provider is NOT IP Network Provider 20

  21. Solution for Case I – ALG [1/2] Separate Application Layer NAT from I P Layer NAT Decomposed Firewall/NAT � Like MEGACO Decomposition Proxy Firewall/NAT � MG = Packet Filter Server/ALG Packet Filter � MGC = Firewall Control Proxy Control � Advantage � Better scaling SIP � Load balancing RTP � Low cost � Expertise problem solved 21

  22. Solution for Case I – ALG [2/2] � Control Protocol Between INVITE BIND REQ Application Layer NATs BINDING and IP Layer NATs INVITE � Main Requirements 200 OK 200 OK � Binding Request : give a OPEN private address and obtain a public address ACK � Binding Release ACK � Open Hole (firewall) Firewall/NAT � Close Hole (firewall) Proxy PC 22

  23. Proposed Solution for Case II Much harder problem No way to control firewall or NAT � Cascading NATs � Variable firewall NAT behaviors � Proposed Solution Make SIP “ NAT-Friendly ” � Minor extensions � Address the issues for SIP only, not RTP � Accepted by IETF (RFC 3581) � Develop a protocol for traversal of UDP through NAT � Work for RTP � Also support other applications � 23

  24. SIP Extension to NAT Friendly Client Behavior � Include an “ rport ” parameter in the Via header � This parameter MUST have no value � It serves as a flag � The client SHOULD retransmit its INVITE every 20 seconds � Due to UDP NAT binding period and to keep the binding fresh 24

  25. SIP Extension to NAT Friendly [2/2] Server Behavior � Examine the Via header field value of the request. � If it contains an “ rport ” parameter, � A “ received ” parameter � An “ rport ” parameter � The response MUST be sent to the IP address listed in the “ received ” parameter, and the port in the “ rport ” parameter. 25

  26. Example [1/2] Client A: 10.1.1.1 Proxy B: 68.44.10.3 NAT C: 68.44.20.1 A issues request � INVITE sip:user@domain SIP/2.0 Via: SIP/2.0/UDP 10.1.1.1:4540; rport ;branch= z9hG4bKkjshdyff A � C (mapping port 9988) � B � INVITE sip:user@domain SIP/2.0 Via: SIP/2.0/UDP proxy.domain.com;branch= z9hG4bKkjsh77 Via: SIP/2.0/UDP 10.1.1.1:4540; received= 68.44.20.1;rport= 9988 ; branch= z9hG4bKkjshdyff 26

  27. Example [2/2] Server B receives the response 3) SIP/2.0 200 OK Via: SIP/2.0/UDP proxy.domain.com;branch= z9hG4bKkjsh77 Via: SIP/2.0/UDP 10.1.1.1:4540; received= 68.44.20.1 ; rport= 9988 ; branch= z9hG4bKkjshdyff B (68.44.10.3:5060) � C (68.44.20.1:9988) � A 3) SIP/2.0 200 OK Via: SIP/2.0/UDP 10.1.1.1:4540; received= 68.44.20.1 ; rport= 9988 ; branch= z9hG4bKkjshdyff 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for

What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for

Welcome to Business Matters Todays topic: What is VoIP? 1 VoIP What is it and how can it help my business? - VoIP is an acronym for Voice over Internet Protocol - Phone service through your Internet connection 2 Components of

510 views • 29 slides
Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP

Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP

Voice over IP (VoIP) Technology Services 875-4357 cchelpdesk@ccis.edu What is VoIP? VoIP (voice over IP) is an IP telephony term for a set of facilities used to manage the delivery of voice information over the Internet. A major advantage of

1.26k views • 5 slides
Outline References References References References Principles of Complex Systems Course 300,

Outline References References References References Principles of Complex Systems Course 300,

References Outline References References References References Principles of Complex Systems Course 300, Fall, 2008 Prof. Peter Dodds References Department of Mathematics &amp; Statistics University of Vermont Licensed under the Creative

274 views • 5 slides
Outline References References References References Complex Networks, Course 295A, Spring,

Outline References References References References Complex Networks, Course 295A, Spring,

References Outline References References References References Complex Networks, Course 295A, Spring, 2008 Prof. Peter Dodds Department of Mathematics &amp; Statistics References University of Vermont Licensed under the Creative Commons

460 views • 4 slides
VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite components VoIP switch - SIP softswitch based on VoIP switch Opensips significantly re-developed by 5g 5g Future. Future Dynamic or static routing - a

156 views • 11 slides
Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1

Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1

Warm Welcome Matrix SETU VTEP Single Span VoIP to T1/E1 PRI Gateway Introduction VoIP to T1/E1 PRI Gateway Dedicated VoIP-ISDN PRI Gateway Plug-n-Play device VoIP access device for an existing PBX PRI trunking for an

404 views • 27 slides
Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE,

Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE,

Transporting Voice by Using IP NTP VoIP Testbed: A SIP-based VoIP Platform Department of CSIE, NCTU Quincy Wu Email: solomon@ipv6.club.tw 1 Outline Introduction Voice over IP RTP &amp; SIP NTP VoIP Platform Conclusion

1.02k views • 64 slides
VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely,

VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely,

VoIP Hacking Lars Strand PhD student Norwegian Defence Research Establishment (FFI) Jely, 15.-16. January 2009 VoIP? PSTN: 100 year old technology, 99.999% uptime, call anyone anytime can VoIP offer that today? VoIP next

479 views • 15 slides
Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP

Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP

4/3/2015 Introduction (1 of 2) An Empirical Evaluation of VoIP Playout Buffer Dimensioning in VoIP increasingly important Skype, Google Talk, and MSN Started with inexpensive use at home with friends and family Messenger Now businesses

631 views • 7 slides
SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP

SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP

LAB 117 &amp; VoIP LAB SIP- -based Prepaid Mechanism based Prepaid Mechanism SIP on NTP VoIP Platform in on NTP VoIP Platform in Taiwan Taiwan 19th APAN Meeting in Bangkok, January 2005 Ines Sok-Ian Sou and Prof. Quincy Wu Dept. of

293 views • 27 slides
A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Tejmani Sinam, Irengbam Tilokchan Singh, Sukumar Nandi Pradeep Lamabam, Ngasham Nandarani Devi Department of Computer Science and Engineering,

231 views • 6 slides
CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY

CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY

CORPORATE presentation VoIP, SMS, SOFTWARE LICENCED LANDLINE VOIP SMS SOFTWARE TURKEY OPERATOR DATA MVNO OTTs Services that 100% guarantee reliable and lucrative partnerships lead to absolute success. premier global communications

331 views • 7 slides
FCC Releases VoIP E911 Order Highlights: Providers of Interconnected VoIP Services

FCC Releases VoIP E911 Order Highlights: Providers of Interconnected VoIP Services

GLOBAL TELECOMMUNICATIONS AND MEDIA INDUSTRY GROUP E-NEWS JUNE 8, 2005 FCC Releases VoIP E911 Order Highlights: Providers of Interconnected VoIP Services Required to Supply Enhanced 911 (E911) capabilities. Must File Letters

357 views • 4 slides
Athar Shiraz Siddiqui Overview Project Overview System Architecture VOIP Protocols

Athar Shiraz Siddiqui Overview Project Overview System Architecture VOIP Protocols

Embedded System Design (CSEE 4840) Sarfraz Nawaz Mark Niebur Scott Schuff Athar Shiraz Siddiqui Overview Project Overview System Architecture VOIP Protocols Issues and Lessons Learned Future Work and References Project

272 views • 12 slides
VoIP Security Title : Something Old (H.323), Something New (IAX), Something Hallow ( Security ),

VoIP Security Title : Something Old (H.323), Something New (IAX), Something Hallow ( Security ),

VoIP Security Title : Something Old (H.323), Something New (IAX), Something Hallow ( Security ), &amp; Something Blue (VoIP Administrators) BlackHat 2007 Presented by: Himanshu Dwivedi (hdwivedi@isecpartners.com) Zane Lackey

768 views • 58 slides
Requirements for VoIP Header Compression over Multiple-Hop Paths

Requirements for VoIP Header Compression over Multiple-Hop Paths

Requirements for VoIP Header Compression over Multiple-Hop Paths (draft-ash-e2e-voip-hdr-comp-rqmts-01.txt) Jerry Ash Jim Hand AT&amp;T AT&amp;T gash@att.com jameshand@att.com Bur Goode Raymond Zhang AT&amp;T Infonet Services Corporation

325 views • 20 slides
Operating Systems Hadi Salimi Computer Engineering Department Iran University of Science and

Operating Systems Hadi Salimi Computer Engineering Department Iran University of Science and

Operating Systems Hadi Salimi Computer Engineering Department Iran University of Science and Technology y gy Tehran, Iran hsalimi@iust.ac.ir Spring 2009 Course motivation and goals Course motivation and goals Programming computer

314 views • 28 slides
Developing Applications with APR Paul Querna pquerna@apache.org July 21, 2005

Developing Applications with APR Paul Querna pquerna@apache.org July 21, 2005

Developing Applications with APR Paul Querna pquerna@apache.org July 21, 2005 http://www.outoforder.cc/presentations/ A.P.R. Apache Portable Runtime Origin: httpd Platforms: Unix, Netware, OS/2, Windows. Your Application APR-Util

497 views • 34 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration Objectives After reading this chapter and completing the exercises, you will be able to: Describe the enumeration step of security testing Enumerate

265 views • 5 slides
Assessing ELLs in NAEP: To what Should We Aspire? Charlene Rivera crivera@ceee.gwu.edu George

Assessing ELLs in NAEP: To what Should We Aspire? Charlene Rivera crivera@ceee.gwu.edu George

Assessing ELLs in NAEP: To what Should We Aspire? Charlene Rivera crivera@ceee.gwu.edu George Washington University Center for Equity and Excellence in Education NAGB 25 th Anniversary Washington, DC February 26, 2014 Overview Topics

300 views • 16 slides
iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und

iLab NAT / DHCP Florian Wohlfart wohlfart@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 6 14ws 1 Outline IPv4 Address Allocation NAT DHCP 2 Outline IPv4

543 views • 29 slides
1 Indirect Routing (Triangular Routing) Indirect Routing (Triangular Routing) RO (Route

1 Indirect Routing (Triangular Routing) Indirect Routing (Triangular Routing) RO (Route

A IP reference Architecture for A IP reference Architecture for Wireless Mobile System Wireless Mobile System

145 views • 14 slides
Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based

Networking Updates Roopa Prabhu Aug 14, 2020 Linux Kernel dataplane for an Open standards based multihoming protocol 2 Traditional Multihoming peerlink switch2 switch1 Host2 Host1 3 Open Multihoming solution with VxLAN Overlay E-VPN

673 views • 11 slides
1 Prof. S. Ben-Yaakov , DC-DC Converters [8- 4] Gate Current V S 15V L D V in V o t V gs R g

1 Prof. S. Ben-Yaakov , DC-DC Converters [8- 4] Gate Current V S 15V L D V in V o t V gs R g

Prof. S. Ben-Yaakov , DC-DC Converters [8- 1] Drivers Prof. S. Ben-Yaakov , DC-DC Converters [8- 2] Driving a MOSFET L D V o V in R L C Prof. S. Ben-Yaakov , DC-DC Converters [8- 3] Driver Requirements C gd R g I g C ds V s C gs V gs

341 views • 10 slides

More recommend