NAT Traversal Speaker: Chin-Chang Chang Date:

Outline What is NAT?  Private IP address Handling of NAT with SIP?  Nathelper module  Process Register Invite Bye/Cancel  RTPproxy Reference

What is NAT?(1/2) NAT (Network Address Translation) Re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Using NAT enables multiple hosts on a private network to access the Internet using a single public IP address.

What is NAT?(2/2)

Private IP address Defined in RFC 1918 Address Range Routers on the Internet are normally configured to discard any traffic using private IP addresses.

Handling of NAT with SIP?(1/3) SIP Server UA Internet SIP Server RTP SIP Request Message SIP Response Message

Handling of NAT with SIP?(2/3) SIP Server NAT UA Internet SIP Server RTP

Handling of NAT with SIP?(3/3) We handle NAT with NAThelper module. There are two solutions for SER. One is RTPproxy, and the other is mediaproxy. We handle all aspects of NAT at the SIP Proxy location. RTPproxy is called by NAThelper.

Nathelper Module(1/7) This is a module to help with NAT traversal. Check whether the client is NATed. If it’s NATed, SIP proxy would rewrite the content of SIP and SDP. The module must be loaded before usrloc module - only if the NATed contacts are to be pinged.

Nathelper Module(2/7) natping_interval  Period of time in seconds between sending the NAT pings to all currently registered UAs to keep their NAT bindings alive. Default value is 0.  Ex. modparam("nathelper", "natping_interval", 10) ping_nated_only  If this variable is set then only contacts that have "behind_NAT" flag in user location database set will get ping. Default value is 0.  Ex. modparam("nathelper", "ping_nated_only", 1)

Nathelper Module(3/7) rtpproxy_sock  Socket used to connect to RTPProxy. Ex.modparam("nathelper", "rtpproxy_sock", " unix:/var/run/rtpproxy.sock ")

Nathelper Module(4/7) nat_uac_test(flags) Tries to guess if client's request originated behind a nat. Meaning of the flags is as follows:  1 - Contact header field is searched for occurrence of RFC1918 addresses.  2 - the "received" test is used: address in Via is compared against source IP address of signaling  4 - Top Most VIA is searched for occurrence of RFC1918 addresses  8 - SDP is searched for occurrence of RFC1918 addresses  16 - test if the source port is different from the port in Via

Nathelper Module(5/7) All flags can be bitwise combined. The test returns true if any of the tests identified a NAT. Ex. If(nat_uac_test(“19”)) setflag(6);

Nathelper Module(6/7) force_rtp_proxy()  Rewrites SDP body to ensure that media is passed through an RTP proxy. unforce_rtp_proxy()  Tears down the RTPProxy session for the current call fix_nated_contact()  Rewrites Contact HF to contain request's source address:port.

Nathelper Module(7/7) fix_nated_register()  The function creates a URI consisting of the source IP, port, and protocol and stores the URI. The URI will be appended as "received" parameter to Contact in 200 OK and registrar will store it in the user location database.

Process-REGISTER nat_uac_test ……. setflag(6) fix_nate_register() Force_rport() …… REGISTER YES UA When SIP client attempt to REGISTER with our SIP proxy, we need a way to tell the registrar module to store NAT information of this particular UA. Via:SIP/2.0/UDP :8345;rport=3 2770;received= ;branch=z9hG4bK- d b50cb4161d d Contact: ;expires= 3600;received="sip: :32787"

Process-INVITE Isflagset(6) ……. force_rport() fix_nate_contact() force_rtp_proxy() …… INVITE YES UA Nathelper will then communicate to rtpproxy, which will allocate RTP ports and the SDP payload of the INVITE will be rewritting. Connection Information (c): IN IP

Process-BYE/CANCEL Signal is BYE or CANCEL? ……. Unforce_rtp_proxy() …… BYE or CANCEL YES UA Ensure that the call is torn down when a call is hung up (BYE) or cancelled (CANCEL).

RTPproxy(1/2) RTPProxy NAT UA RTP

RTPproxy(2/2)

Reference RTPproxy SER - Getting Started Document Nathelper module athelper.html