2Architecture
2.1The NAT Filter and SIP
In the SIP architecture, the SBC acts as the first proxy that is contacted by user agents. There are two ways to make sure that the rel- evant traffic gets routed trough the filter:
•User agents can be set up to use the filter as outbound proxy. When using this method, all SIP traffic will flow through the SBC, whether it is destined to the operator or not. That means that service for calls outside of the operator’s domain may also be serviced by the SBC. However, by redirecting all outgoing traffic of the SBC to a proxy the operator can make sure that the authentication, authorization and accounting (AAA) requirements for requiring the service are fulfilled. Alternatively, you can use the application server interface to do the job on the SBC itself.
•User agents resolve the SBC though the RFC3263 DNS resolving process. That means that only the traffic that is destined to the operator’s domain will use the service of the NAT Filter. However, users might be annoyed if they place a call to a domain that does not properly support NAT services. In this case, the SBC can also redirect the traffic to another proxy.
We recommend using the first alternative and to only choose the second alternative if it is too difficult to provision user agents with the outbound proxy or when there are concerns about providing service for foreign operators.
Usually, the SBC acts as stateless proxy. This means, that it just forwards the packets by default and that it does not change the content of the attachments or the headers themselves. The SBC will not interfere with applications (instant messaging, presence, weather report, etc).
There are three exceptions to this rule:
•The first exception is a REGISTER request. When a user agent tries
2.