[Serusers] NAT traversal solution by reinvite?

Federico Giannici giannici at neomedia.it
Thu Sep 1 11:55:32 CEST 2005 

Richard Z wrote:
> I think that the natted rtp port might be changed after the reinvite 
> because the traffic is not going to the original ip:port of the 
> rtpproxy. So it is probably not going to work.


The port will change only with symmetric NATs, but in my experience they 
are relatively rare, and anyway they wouldn't work with STUN too...

Bye.



> On 8/31/05, *Federico Giannici* <giannici at neomedia.it 
> <mailto:giannici at neomedia.it>> wrote:
> 
>     I'd like to ask to somebody with more knowledge of me if a possible
>     solution to NAT traversal is really feasible.
> 
>     For various reasons, we DON'T want to use an RTP proxy.
>     We'd like to avoid the use of STUN because: 1) creates hairpin problems;
>     2) many UAC have a bad STUN client code implementation; 3) it requires
>     additional configuration by the final user.
> 
>     It seems to me that with the nathelper's message rewriting functions it
>     is possible to solve every problem for the SIP protocol.
> 
>     Moreover, as we have the REAL IP of the UA (in the original SIP
>     messages) we could also avoid haipin problems: it is sufficient to use
>     the original IP/Port of the two UAs if both have the same natted IP (ie
>     they are behind the same NAT). This doesn't work when the UAs are behind
>     multiple NATs, but this is a relatively uncommon case.
> 
>     So, the unresolved problem is with the RTP data, because we don't know
>     what will be the NATted port so we cannot correctly mangle the SDP data
>     in the INVITE message.
> 
>     Am I correct up to this point?
> 
>     Now, I'm asking myself if it is feasible to use a "MINI RTP Proxy" that
>     receives the initial INVITEs, discovering the NATted RTP ports, and then
>     IMMEDIATLY RE-INVITE the two UAs to connect directly each other. So only
>     the first RTP packet is actually proxed, all subsequent traffic will be
>     directly between the two UAs.
>     I think that something similar is done by Asterisk.
> 
>     Is this feasible?
> 
>     If it is, then we could have a good solution to NAT Traversal:
>     1) No Hairpin problems (for one NAT cases)
>     2) No problems of the normal RTP proxy (waste of bandwidth, longer
>     delays, bad scalability).
>     3) Will work with all type of NATs except for symmetric ones (the same
>     that work with STUN).
>     4) Simpler UAC configuraton: only username, password and sip server.
> 
> 
>     Thanks.
> 
>     --
>     ___________________________________________________
>          __
>         |-                      giannici at neomedia.it
>     <mailto:giannici at neomedia.it>
>         |ederico Giannici       http://www.neomedia.it
>     ___________________________________________________
> 
>     _______________________________________________
>     Serusers mailing list
>     serusers at lists.iptel.org <mailto:serusers at lists.iptel.org>
>     http://lists.iptel.org/mailman/listinfo/serusers
> 
> 


-- 
___________________________________________________
     __
    |-                      giannici at neomedia.it
    |ederico Giannici      http://www.neomedia.it
___________________________________________________

More information about the sr-users mailing list