[Serusers] NAT: minimise media proxying whilst maximising usability

Tue Sep 19 19:16:52 CEST 2006

I am trying to reach a suitable trade-off between minimising the amount of 
proxied media and minimising one-way/no audio for all clients including 
NATed ones.

When a UA that has been configured to use STUN sends a register message to 
SER the behaviour differs depending on the device. Some, such as a Sipura 
device, send the private address in the Via and the public address in the 
Contact:
U 60.234.nnn.nnn:5060 -> 147.202.nnn.nnn:5060 REGISTER sip:domain.com 
SIP/2.0..Via: SIP/2.0/UDP 192.168.0.14:5060;branch=z9hG4bK-64d76b15..From: 
<sip:6435488773 at domain.com >;tag=4cdc1208fa650916o0..To: 
<sip:6435488773 at domain.com>..Call-ID: 1143f50-45857c6e at 192.168.0.14..CSeq: 1 
REGISTER..Max-Forwards:  70..Contact: 
<sip:6435488773 at 60.234.nnn.nnn:5060>;expires=60..User-Agent: 
Sipura/SPA3000-2.0.13(GWg)..Content-Length: 0..Allow: ACK, BYE,  CANCEL, 
INFO, INVITE, NOTIFY, OPTIONS, REFER..Supported: x-sipura....

Others, such as a Grandstream device, send the public address in both the 
Via and Contact:

U 60.234.nnn.nnn:32483 -> 147.202.nnn.nnn:5060 REGISTER sip:domain.com 
SIP/2.0..Via: SIP/2.0/UDP 
60.234.nnn.nnn:32483;branch=z9hG4bK113cfc09c6acd189..From: "User" <sip: 
5551234 at domain.com>;tag=dede17c9405d4e0e..To: 
<sip:5551234 at domain.com>..Contact: <sip:5551234 at 60.234.nnn.nnn:32483>.. 
Call-ID: fc200867c9a03268 at 192.168.0.10..CSeq: 100 REGISTER..Expires: 
60..User-Agent: Grandstream BT100 1.0.6.7..Max-Forwards: 70..Allow: 
INVITE,ACK,CANCEL,BYE,NOTIFY,REFER,OPTIONS,INFO,SUBSCRIBE..Content-Length: 
0....

I am using the opsip.org configuration file together with mediaproxy. In the 
case of the Sipura, flag(6) is set in route[2] since client_nat_test("7") 
evaluates to true and so any calls with this device will be proxied. From 
ready various posts on the topic I understand this is a very safe 
configuration since it will deal with virtually every scenario. However it 
is also very expensive since it will proxy audio in situations where it is 
not really required. For example a call between two Sipura devices will be 
proxied when, due to STUN, it is unecessary in most cases. As I understand 
it the cases when it would be necessary are:
- both UAs behind the same NAT with the SER proxy outside the NAT and router 
doesn't support hairpinning
- devices behind symmetric NATs

On the other hand, flag(6) will not be set with the Grandstream and so audio 
will not be proxied when this device calls another device that is either not 
behind NAT or is another NATed Grandstream. This is great in most cases but 
audio problems could arise in the cases described above.

What I am therefore thinking is that by default I will not proxy media for 
devices where a public IP address has been determined. But I will create an 
avp that specifies by user whether to enable the standard onsip.org config. 
Also there could even be a dial prefix (e.g. *666) that turns proxying on.

route[2]

#Do this by default
if (!search("^Contact: [ ]*\*") && client_nat_test("1") {
etc

#Do this if avp set or prefix dialled
if (!search("^Contact: [ ]*\*") && client_nat_test("7") {
etc

I would appreciate any comments on the above. Have I understood the issues 
correctly? Will this type of configuration work? What are the disadvantages?

Regards

Cameron 