[Serusers] NAT ping and consumer router

John Todd jtodd at loligo.com
Mon Aug 23 16:30:07 CEST 2004 

The problem, as I see it from this discussion, is that some devices 
do not work correctly with the simple UDP packet sent to port 5060 of 
the remote UA, because there is no reply packet which is what keeps 
the NAT mapping of some NAT router/translators.  I don't see this as 
a UA problem; if there is no NAT translation, then even the 
best-programmed UA can't receive an inbound INVITE.

The manner in which Asterisk handles this type of keepalive is 
somewhat simple but novel, and may be worth examination.   Every X 
seconds, an OPTIONS request is made to the remote UA by the server. 
Even if the UA does not support the OPTIONS query, it typically hands 
back a SIP error, which serves the purpose of keeping the NAT 
translations open.  If the device supports OPTIONS, then a "normal" 
SIP reply is sent, also serving the intended purpose.

Perhaps instead of a UDP packet with no content, a SIP OPTIONS 
request could be sent by SER.  This could perhaps be an selective 
flag associated with the NAT support in SER, so that either the dummy 
packet or the OPTIONS packet could be transmitted by the module.

There are other solutions here, like reducing the interval of 
REGISTER requests to serve the same purpose of refreshing NAT table 
mappings.  However, one could argue that this method has a much 
higher load than an OPTIONS packet, especially when scaling across 
thousands or tens of thousands of clients in an environment where 
external databases (i.e. Radius, SQL, etc) are used for 
authentication lookups.

Note that there have been numerous examples of such poorly-written 
SIP stacks on UA devices that they would crash on an OPTIONS request. 
Their repair is outside the scope of SER or this discussion.

JT


At 2:56 AM +0200 on 8/23/04, Jiri Kuthan wrote:
>I beg to disagree -- we should not create to much workarounds around
>imperfect clients. In particular, incomplete NAT traversal support
>is a serious shortcoming in a UA and I would discourage people from
>using such devices.
>
>Other front to attack would be NATs -- there is an effort in IETF
>focusing on that, but that's obviously an activity which has no
>impact on currently installed base.
>
>-jiri
>
>At 01:57 AM 8/23/2004, Richard wrote:
>>Hi Jesus,
>>
>>Changing UA is not always a viable solution due to pricing and other
>>technical issues. Every UA has something broken in its implementation and it
>>would be very costly to change it because one thing (in this case, NAT) is
>>broken.
>>
>>Thanks,
>>Richard
>>
>>
>>-----Original Message-----
>>From: Jesus Rodriguez [mailto:jesusr at voztele.com]
>>Sent: Sunday, August 22, 2004 8:59 AM
>>To: Richard
>>Cc: serusers at lists.iptel.org
>>Subject: Re: [Serusers] NAT ping and consumer router
>>
>>
>>Use an UA that supports it (Sipura or Cisco for example).
>>
>>Saludos
>>JesusR.
>  >
>>-------------------------------
>>Jesus Rodriguez
>>VozTelecom Sistemas, S.L.
>>jesusr at voztele.com
>>http://www.voztele.com
>>Tel. 902360305
>  >-------------------------------
>--
>Jiri Kuthan            http://iptel.org/~jiri/

More information about the sr-users mailing list