Snom 4S manual How does NAT work?, Symmetrical RTP, Signalling SIP

Page 11

[ S N O M 4 S N A T F I L T E R ]

2.2.1 How does NAT work?

NAT is essentially a translation table that maps public IP address and ports combinations to private IP address and port combinations.

The translation table is implicitly set up when a packet is sent from the private network to the public network. The association is kept alive for a certain time and is refreshed every time a new packet is sent from the same origin. This fact is used by STUN (RFC3489) to set up an association between a public IP address and a private IP address.

In symmetrical NAT, the router stores the address where the packet was sent. Only packets coming from this address are forwarded to the private address. This algorithm increases the security as it is harder to guess the source IP and port for attackers. Full cone NAT does not per- form this check.

There are some mixed variants between full cone NAT and sym- metrical NAT. Restricted port NAT works similar to symmetrical NAT, but uses only one port association.

Hairpinning is the ability of the NAT to route packets coming from the private network and addressed towards a public IP address binding back to the private network. Not all routers support this feature.

2.2.2 Symmetrical RTP

Real time protocol (RTP) is used to transport media. Symmetrical RTP is a trick to extend the number of cases when communication can be established. A SIP user agent supporting symmetrical RTP waits for the first RTP packet coming in and then sends its media stream back to the IP address from which it received that packet. Symmetrical RTP al- ways works when the user agent doing symmetrical RTP is on a globally routable address. However, this algorithm can easily be cheated (port spraying) and therefore implies a certain security risk.

2.2.3 Signalling SIP

SIP traffic is relatively unproblematic because SIP typically is not as time critical as media. Usually, it is ok to route SIP packets through a longer path than media.

2.

snom technology AG • 11

Image 11
Contents Snom 4S NAT Filter Admin Manual Snom 4S NAT Filter Version Table of Contents Snmp Overview Applications FeaturesSnom technology AG Overview NAT Filter and SIP ArchitectureNAT Symmetrical RTP Signalling SIPHow does NAT work? Classification of User Agents Media RTPRole of the NAT Filter Probing Media PathsNAT Optimizing the Media Path for SymmetricalRegistering SBC BehaviourRTP Relay Snom technology AG NAT Scaling and RedundancyDetecting the right NAT Filter STUN/ICE-Aware User Agents Requirements on User AgentsNon NAT-Aware User Agents Defining the Maximum Session Time Architecture Windows InstallationInstallation Snom technology AG Installation Snom technology AG Linux Rpm -ihv snomnatf-2.10.*.rpm Installation Port Binding LoggingStandard Port Random Port Logging System SettingsGeneral Outound Proxy Preparing RecoveryControlling Routing Media PortsPort Budgets Media RelayMultiple 2xx Handling Maximum Packet Size ChallengingTrusted Addresses Removing Headers Silence SuppressionConnection Oriented Media Clir Addresses Codec ControlWeb Server Integration Register Timeouts Timeout SettingsCall Timeouts Security Settings Snom technology AG Outbound Proxy List Server Log System InformationTrace Call History Current Ports Memory Statistics Currently Handled UAConfiguration Web Server Integration Interface to the Web Server AuthenticationSnom technology AG Web Server Integration Registration Call Initiation Snom technology AG Call Termination Snom technology AG Web Server Integration Setup of the Tools Setup of the SBCOID Available OIDSnom technology AG Snmp Checklist for Installation Checklist for Installation Reader‘s Feedback Snom technology AG All rights reserved