Nortel Networks NN10029-111 manual Network/Address Hiding service

The Converged service adds the following capabilities to the end user's telephony service:

•the ability to manually redirect incoming calls to another party from the PC

•the ability to set up automated enhanced routing and screening of incoming calls based on time of day or based on the calling party's identity

•a call log of all incoming calls

•the ability to send instant messages to the party on the other end of a call

•the ability to start collaborative applications such as shared whiteboard, file transfer, and clipboard transfer with the party on the other end of the call

•the ability to receive a picture ID of the party on the other end of the call

Network/Address Hiding service

The SIP Application Module uses SIP and the Session Description Protocol (SDP) to coordinate the establishment of multimedia sessions for signaling and media, respectively. These protocols embed IP information in their messaging. While Network Address Translation (NAT) devices change port and address information in the IP packet header, most are not currently SIP or SDP aware. IP addresses in these messages are therefore sent out unchanged through the NAT. If the SIP Application Module were to forward these messages on unchanged, sensitive IP information would be given to untrusted clients. In order to remedy this, the SIP Application Module sanitizes the messages before forwarding them.

For IP information in the SIP headers, the SIP Application Module either removes the header (for example, Via headers) or replaces the IP address with the address of the SIP Application Server (for example, Contact header). A media portal is necessary in order to replace the IP information in the SDP headers. The SIP Application Module queries the Media Portal (using MGCP+) for a new IP and port combination to replace the IP and port put there by the client. This effectively anchors the media stream at the Media Portal.

Clients therefore see the SIP Application Module as their signaling endpoint and the Media Portal as their RTP media endpoint. They have no knowledge, and therefore no IP information, about the other client they are in a session with.