C H A P T E R 9

Topology Hiding

The Integrated Session Border Controller (SBC) for the Cisco ASR 1000 Series Routers has a primary purpose in protecting the network and providing seamless interworking functions. The SBC can protect the network by hiding the network addresses and names for both the access (customer) side and the backbone (network core) side. The SBC also provides network protection for firewalls or home gateway users with private addresses.

When a user connects to the outside network, its IP address and port needs to be properly translated to protect its identity. The data border element (DBE) performs translation of IP addresses and port numbers via Network Address and Port Translation (NAPT) and Network Address Translation (NAT) Traversal functions in both directions.

The DBE implementation supports the H.248 NAPT package, the IP NAT Traversal Package, and the ETSI TS 102 333 specification for NAT Traversal, but only one package can be active. Latch and Relatch functions of the NAT Traversal are supported by the IP NAT Traversal package. Support for these packages help protect IP addresses of the endpoints going across the other side of the network.

The NAPT implementations on the DBE described in more detail in this chapter are summarized below:

IPv4 Twice NAPT—Where both access side and backbone side addresses are protected. In Twice NAPT, both the IP address and port are translated to a local IP address and port; and both of the end points on each side see the SBC address as a destination address.

IPv6 Single NAPT for signaling packets—This function is useful for protecting the signaling infrastructure part of the backbone side. The backbone side is able to identify the address of the customer; however, for the customer, only the interface address of the DBE is visible.

IPv6 No NAPT for media packets—With this method, there is no privacy on the customer side or backbone side. Both sides know each other’s address and the DBE transparently passes the packets.

For a complete description of commands used in this chapter, see the Cisco IOS Integrated Session Border Controller Command Reference.

Contents

NAPT and NAT Traversal, page 9-2

IP NAPT Traversal Package and Latch and Relatch Support, page 9-2

IPv4 Twice NAPT, page 9-2

IPv6 Inter-Subscriber Blocking, page 9-2

IPv6 Support, page 9-5

No NAPT Pinholes, page 9-9

Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers

 

OL-15421-01

9-1

 

 

 

Page 87
Image 87
Cisco Systems ASR 1000 manual Topology Hiding, Contents