Wikipedia

NAT traversal with session border controllers: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
PrimeBOT (talk | contribs)
Bots
2,129,921 edits
m Replace magic links with templates per local RfC - BRFA
m WP:GenFixes on, typo(s) fixed: ’s → 's (12)
Line 2:
{{Orphan|date=November 2013}}
{{notability|date=November 2013}}
{{jargontechnical|date=November 2013}}
}}
 
[[Network address translation|network address translators]] (NAT) are used to overcome the lack of [[IPv4]] address availability by hiding an enterprise or even an operator’soperator's network behind one or few [[IP address]]es. The devices behind the [[Network address translation|NAT]] use [[private IP address]]es that are not routable in the public Internet.
{{jargon|date=November 2013}}
 
[[Network address translation|network address translators]] (NAT) are used to overcome the lack of [[IPv4]] address availability by hiding an enterprise or even an operator’s network behind one or few [[IP address]]es. The devices behind the [[Network address translation|NAT]] use [[private IP address]]es that are not routable in the public Internet.
The [[Session Initiation Protocol]] (SIP) has established itself as the de facto standard for [[voice over IP]] (VoIP) communication.<ref>Sinnreich, Henry; Johnston, Alan B. (2001), Internet Communication Using SIP, Wiley, p. 180, {{ISBN|0-471-77657-2}}</ref> In order to establish a call, a caller sends a [[Session Initiation Protocol|SIP]] message, which contains its own IP address. The callee is supposed to reply back with a SIP message destined to the IP addresses included in the received SIP message. This will obviously not work if the caller is behind a NAT and is using a private IP address.
 
Line 13 ⟶ 12:
In case a user agent is located behind a NAT then it will use a private IP address as its contact address in the contact and via headers as well as the [[Session Description Protocol|SDP]] part. This information would then be useless for anyone trying to contact this user agent from the public Internet.
There are different NAT traversal solutions such as [[STUN]], [[TURN]] and ICE.<ref>Rosenberg, J. (April 2010). Interactive connectivity establishment (ICE): a protocol for network address translator (NAT) traversal for offer/answer protocols. IETF. RFC 5245</ref> Which solution to use depends on the behavior of the NAT and the call scenario. When using an [[Session Border Controller|SBC]] to solve the NAT traversal issues the most common approach for SBC is to act as the public interface of the user agents.<ref>Hautakorpi, J.; Camarillo, G.; Penfield, R.; Hawrylyshen, A.; Bhatia, M. (April 2010). Requirements from SIP (Session Initiation Protocol) Session Border Control Deployments. IETF. RFC 5853</ref> This is achieved by replacing the user agent’sagent's contact information with those of the SBC.
 
== SBC handling of user registration and NAT traversal ==
Line 21 ⟶ 20:
In order for a user agent to be reachable through the public interfaces of an SBC, the SBC will manipulate the registration information of the user agent. The user includes its private IP address as its contact information in the [[Session Initiation Protocol|REGISTER]] requests. Calls to this address will fail, since it is not publicly routable. The SBC replaces the information in the contact header with its own IP address. This is the information that is then registered at the registrar. Calls destined to the user will then be directed to the SBC.
 
In order for the SBC to know which user agent is actually being contacted the SBC can keep a local copy of the user agent’sagent's registration. The local copy includes the private IP address and the user’suser's [[URI|SIP URI]] as well as the public IP address included in the IP header that was assigned to the SIP message by the NAT.
 
Alternatively the SBC can store this information in the forwarded SIP messages. This is displayed in the figure here. The user’suser's contact information is combined in a special format and added as an additional parameter to the contact header. The contact information include the user’suser's private IP address and SIP URI as well as the public IP address in the IP header of the SIP message. When the registrar receives a request for the user, the registrar will return the complete contact information to the proxy, which will include this information in the SIP message. The SBC can then retrieve this information from the SIP request and use it to properly route the request to the user.
 
Adding the user agent’sagent's contact information to the registered contact information has many advantages. As the SBC does not have to keep local registration information this solution is simple to implement and does not require memory for keeping the information. Further, requests destined to the user agent do not necessarily have to traverse the SBC that has processed the user agent’sagent's registration messages. Any SBC that can reach the user agent can correctly route messages destined to the user agent based on the information included in the SIP request. This advantage applies, however, only in some cases. In case the NAT used in front of the user agent accepts traffic only from the IP addresses which the user agent has contacted previously then only the SBC that has processed the user agent’sagent's REGISTER requests will be able to contact the user agent.
 
The other option is to keep a local copy of the registration information which can, however, increase the processing requirements on the SBC. The SBC will have to manage a local registration database. Beside the memory requirements the SBC will have to replicate this information to a backup system if it is to be highly available. This will further increase the processing requirements on the SBC and increase the bandwidth consumption.
 
However, keeping a local copy of the registration information has its advantages as well. When receiving a message from a user agent a network address translator binds the private IP address of the user agent to a public IP address. This binding will remain active for a period of time –binding period. In case the user agent does not send or receive any messages for a period of time longer than the binding period then the NAT will delete the binding and the user agent will no longer be reachable from the outside. To keep the binding active, the user agent will have to regularly refresh it. This is achieved by sending REGISTER requests at time intervals shorter than the binding period. As REGISTER messages have to be usually authenticated, having to deal with REGISTER messages sent at a high frequency would impose a high performance hit on the operator’soperator's infrastructure. SBCs can help to offload this load. When a user agent sends the first REGISTER request, the SBC forwards the REGISTER request to the operator’soperator's registration servers. Once the registration was successfully authenticated and accepted by the operator, the SBC will keep a local copy of the registration information. Instead of forwarding each incoming REGIETER request to the operator’soperator's registration servers, the SBC will only send REGISTER requests to the registration servers at rather large time intervals (in the range of hours). Registration requests arriving from the user agent that do not change the content registration information will be replied to by the SBC itself. The SBC will also inform the registration server once the local registration expires or changes.
 
== SBC handling of call establishment and NAT traversal ==
Retrieved from "https://en.wikipedia.org/wiki/NAT_traversal_with_session_border_controllers"