Hi,
I have tested cisco ATA186 (private IP) with SER under different circumstances. With Linksys and D-link router, there were no problem. But with Lioncom ADSL router, a strange thing happened. In this case, the ATA is having a private IP 192.168.5.2 and the SIP port number is the default 5060. The public IP of the ADSL connection was 195.226.252.124. The following is the traces from ngrep. As you can see, the Lioncom router forwarded (NAT) the SIP REGISTER with port 30150 while SER sent the response back to port 5060. So the ATA couldn't receive the response at all. What maybe the problem?
# U 195.226.252.124:30150 -> 192.168.3.29:5060 REGISTER sip:sip.abc.com SIP/2.0..Via: SIP/2.0/UDP 192.168.5.2:5060..From: <sip:6701892@si p.abc.com;user=phone>..To: sip:6701892@sip.abc.com;user=phone..Call-ID: 1781909739@1 92.168.5.2..CSeq: 1 REGISTER..Contact: *..Expires: 0..User-Agent: Cisco ATA v2.15 ata18x (0209 27a)..Content-Length: 0.... # U 192.168.3.29:5060 -> 195.226.252.124:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.5.2:5060;received=195.226.252.124..From: <s ip:6701892@sip.abc.com;user=phone>..To: sip:6701892@sip.abc.com;user=phone;tag=d907c 037823644515dfe0ede38ca9976.9b53..Call-ID: 1781909739@192.168.5.2..CSeq: 1 REGISTER..WWW-Authen ticate: Digest realm="sip.abc.com", nonce="3e89f40b00000000e3fd8eedb58e5662ca62981749bb0006 ", algorithm=MD5..Server: Sip EXpress router (0.8.10 (i386/linux))..Content-Length: 0..Warning: 392 192.168.3.29:5060 "Noisy feedback tells: pid=10613 req_src_ip=195.226.252.124 in_uri=sip:s ip.bmx-inc.com out_uri=sip:sip.abc.com via_cnt==1"....
Thanks,
Bo
That's spec-compliant SIP behaviour (I'm not telling it is a good idea, I'm just telling that's what standard mandates). SIP server sends replies to port numbers advertised in Via, i.e., to 5060, and not to port number from which the request came.
It was too late understood in SIP WG that this was quite suboptimal. There is now a bug_fix, which is symmetric signaling. That tells: if UAC likes symmetric forwarding (i.e., is ready to receive at the port from which it sent), it needs to advertise so using "rport". UASs understanding that shall send to origination port number and mirror this in the rport parameter.
To my knowledge, ATAs support symmetric signaling but for some reason don't advertise it. SER's next release supports symmetric signaling, but you will need to special-case ATAs (recognize them and enforce symmetric signaling even if not advertised using "rport").
-Jiri
ps. see http://www.iptel.org/ietf/firewall/nat/#draft-ietf-sip-symmetric-response
At 09:25 PM 4/1/2003, Bo wrote:
Hi,
I have tested cisco ATA186 (private IP) with SER under different circumstances. With Linksys and D-link router, there were no problem. But with Lioncom ADSL router, a strange thing happened. In this case, the ATA is having a private IP 192.168.5.2 and the SIP port number is the default 5060. The public IP of the ADSL connection was 195.226.252.124. The following is the traces from ngrep. As you can see, the Lioncom router forwarded (NAT) the SIP REGISTER with port 30150 while SER sent the response back to port 5060. So the ATA couldn't receive the response at all. What maybe the problem?
# U 195.226.252.124:30150 -> 192.168.3.29:5060 REGISTER sip:sip.abc.com SIP/2.0..Via: SIP/2.0/UDP 192.168.5.2:5060..From: <sip:6701892@si p.abc.com;user=phone>..To: sip:6701892@sip.abc.com;user=phone..Call-ID: mailto:1781909739@11781909739@1 92.168.5.2..CSeq: 1 REGISTER..Contact: *..Expires: 0..User-Agent: Cisco ATA v2.15 ata18x (0209 27a)..Content-Length: 0.... # U 192.168.3.29:5060 -> 195.226.252.124:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.5.2:5060;received=195.226.252.124..From: <s ip:6701892@sip.abc.com;user=phone>..To: sip:6701892@sip.abc.com;user=phone;tag=d907c 037823644515dfe0ede38ca9976.9b53..Call-ID: mailto:1781909739@192.168.5.2..CSeq1781909739@192.168.5.2..CSeq: 1 REGISTER..WWW-Authen ticate: Digest realm="sip.abc.com", nonce="3e89f40b00000000e3fd8eedb58e5662ca62981749bb0006 ", algorithm=MD5..Server: Sip EXpress router (0.8.10 (i386/linux))..Content-Length: 0..Warning: 392 192.168.3.29:5060 "Noisy feedback tells: pid=10613 req_src_ip=195.226.252.124 in_uri=sip:s ip.bmx-inc.com out_uri=sip:sip.abc.com via_cnt==1"....
Thanks,
Bo
-- Jiri Kuthan http://iptel.org/~jiri/
Thanks for the heading up. It's really helpful.
----- Original Message ----- From: "Jiri Kuthan" jiri@iptel.org To: "Bo" boman122@yahoo.com; serusers@lists.iptel.org Sent: Tuesday, April 01, 2003 2:48 PM Subject: Re: [Serusers] Strange response
That's spec-compliant SIP behaviour (I'm not telling it is a good idea,
I'm
just telling that's what standard mandates). SIP server sends replies to
port
numbers advertised in Via, i.e., to 5060, and not to port number from
which
the request came.
It was too late understood in SIP WG that this was quite suboptimal. There
is
now a bug_fix, which is symmetric signaling. That tells: if UAC likes
symmetric
forwarding (i.e., is ready to receive at the port from which it sent), it needs to advertise so using "rport". UASs understanding that shall send to origination port number and mirror this in the rport parameter.
To my knowledge, ATAs support symmetric signaling but for some reason
don't
advertise it. SER's next release supports symmetric signaling, but you
will
need to special-case ATAs (recognize them and enforce symmetric signaling even if not advertised using "rport").
-Jiri
ps. see
http://www.iptel.org/ietf/firewall/nat/#draft-ietf-sip-symmetric-response
At 09:25 PM 4/1/2003, Bo wrote:
Hi,
I have tested cisco ATA186 (private IP) with SER under different
circumstances. With Linksys and D-link router, there were no problem. But with Lioncom ADSL router, a strange thing happened. In this case, the ATA is having a private IP 192.168.5.2 and the SIP port number is the default 5060. The public IP of the ADSL connection was 195.226.252.124. The following is the traces from ngrep. As you can see, the Lioncom router forwarded (NAT) the SIP REGISTER with port 30150 while SER sent the response back to port 5060. So the ATA couldn't receive the response at all. What maybe the problem?
# U 195.226.252.124:30150 -> 192.168.3.29:5060 REGISTER sip:sip.abc.com SIP/2.0..Via: SIP/2.0/UDP
192.168.5.2:5060..From: <sip:6701892@si
p.abc.com;user=phone>..To:
sip:6701892@sip.abc.com;user=phone..Call-ID: mailto:1781909739@11781909739@1
92.168.5.2..CSeq: 1 REGISTER..Contact: *..Expires: 0..User-Agent: Cisco
ATA v2.15 ata18x (0209
27a)..Content-Length: 0.... # U 192.168.3.29:5060 -> 195.226.252.124:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
192.168.5.2:5060;received=195.226.252.124..From: <s
ip:6701892@sip.abc.com;user=phone>..To:
sip:6701892@sip.abc.com;user=phone;tag=d907c
037823644515dfe0ede38ca9976.9b53..Call-ID:
mailto:1781909739@192.168.5.2..CSeq1781909739@192.168.5.2..CSeq: 1 REGISTER..WWW-Authen
ticate: Digest realm="sip.abc.com",
nonce="3e89f40b00000000e3fd8eedb58e5662ca62981749bb0006
", algorithm=MD5..Server: Sip EXpress router (0.8.10
(i386/linux))..Content-Length: 0..Warning:
392 192.168.3.29:5060 "Noisy feedback tells: pid=10613
req_src_ip=195.226.252.124 in_uri=sip:s
ip.bmx-inc.com out_uri=sip:sip.abc.com via_cnt==1"....
Thanks,
Bo
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Westell DSL routers also change the source port. Thats why you need to forward port 5060 on the NAT device to the ATA. ----- Original Message ----- From: Bo To: serusers@lists.iptel.org Sent: Tuesday, April 01, 2003 2:25 PM Subject: [Serusers] Strange response
Hi,
I have tested cisco ATA186 (private IP) with SER under different circumstances. With Linksys and D-link router, there were no problem. But with Lioncom ADSL router, a strange thing happened. In this case, the ATA is having a private IP 192.168.5.2 and the SIP port number is the default 5060. The public IP of the ADSL connection was 195.226.252.124. The following is the traces from ngrep. As you can see, the Lioncom router forwarded (NAT) the SIP REGISTER with port 30150 while SER sent the response back to port 5060. So the ATA couldn't receive the response at all. What maybe the problem?
# U 195.226.252.124:30150 -> 192.168.3.29:5060 REGISTER sip:sip.abc.com SIP/2.0..Via: SIP/2.0/UDP 192.168.5.2:5060..From: <sip:6701892@si p.abc.com;user=phone>..To: sip:6701892@sip.abc.com;user=phone..Call-ID: 1781909739@1 92.168.5.2..CSeq: 1 REGISTER..Contact: *..Expires: 0..User-Agent: Cisco ATA v2.15 ata18x (0209 27a)..Content-Length: 0.... # U 192.168.3.29:5060 -> 195.226.252.124:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.5.2:5060;received=195.226.252.124..From: <s ip:6701892@sip.abc.com;user=phone>..To: sip:6701892@sip.abc.com;user=phone;tag=d907c 037823644515dfe0ede38ca9976.9b53..Call-ID: 1781909739@192.168.5.2..CSeq: 1 REGISTER..WWW-Authen ticate: Digest realm="sip.abc.com", nonce="3e89f40b00000000e3fd8eedb58e5662ca62981749bb0006 ", algorithm=MD5..Server: Sip EXpress router (0.8.10 (i386/linux))..Content-Length: 0..Warning: 392 192.168.3.29:5060 "Noisy feedback tells: pid=10613 req_src_ip=195.226.252.124 in_uri=sip:s ip.bmx-inc.com out_uri=sip:sip.abc.com via_cnt==1"....
Thanks,
Bo
Yes, it's a work around, but not a solution.
Thanks. ----- Original Message ----- From: Ricardo Villa To: Bo Cc: serusers@lists.iptel.org Sent: Tuesday, April 01, 2003 3:13 PM Subject: Re: [Serusers] Strange response
Westell DSL routers also change the source port. Thats why you need to forward port 5060 on the NAT device to the ATA. ----- Original Message ----- From: Bo To: serusers@lists.iptel.org Sent: Tuesday, April 01, 2003 2:25 PM Subject: [Serusers] Strange response
Hi,
I have tested cisco ATA186 (private IP) with SER under different circumstances. With Linksys and D-link router, there were no problem. But with Lioncom ADSL router, a strange thing happened. In this case, the ATA is having a private IP 192.168.5.2 and the SIP port number is the default 5060. The public IP of the ADSL connection was 195.226.252.124. The following is the traces from ngrep. As you can see, the Lioncom router forwarded (NAT) the SIP REGISTER with port 30150 while SER sent the response back to port 5060. So the ATA couldn't receive the response at all. What maybe the problem?
# U 195.226.252.124:30150 -> 192.168.3.29:5060 REGISTER sip:sip.abc.com SIP/2.0..Via: SIP/2.0/UDP 192.168.5.2:5060..From: <sip:6701892@si p.abc.com;user=phone>..To: sip:6701892@sip.abc.com;user=phone..Call-ID: 1781909739@1 92.168.5.2..CSeq: 1 REGISTER..Contact: *..Expires: 0..User-Agent: Cisco ATA v2.15 ata18x (0209 27a)..Content-Length: 0.... # U 192.168.3.29:5060 -> 195.226.252.124:5060 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.5.2:5060;received=195.226.252.124..From: <s ip:6701892@sip.abc.com;user=phone>..To: sip:6701892@sip.abc.com;user=phone;tag=d907c 037823644515dfe0ede38ca9976.9b53..Call-ID: 1781909739@192.168.5.2..CSeq: 1 REGISTER..WWW-Authen ticate: Digest realm="sip.abc.com", nonce="3e89f40b00000000e3fd8eedb58e5662ca62981749bb0006 ", algorithm=MD5..Server: Sip EXpress router (0.8.10 (i386/linux))..Content-Length: 0..Warning: 392 192.168.3.29:5060 "Noisy feedback tells: pid=10613 req_src_ip=195.226.252.124 in_uri=sip:s ip.bmx-inc.com out_uri=sip:sip.abc.com via_cnt==1"....
Thanks,
Bo
-
Bo -
Jiri Kuthan -
Ricardo Villa