[Serusers] NAT: minimise media proxying whilst maximising usability

Vamsi Pottangi vamsipottangi at gmail.com
Mon Sep 25 09:20:06 CEST 2006


AFAIK, two UAs (symm) behind two different port restricted cone NATs
can talk to each
other without the mediaproxy, try to fix the SDP using fix_nated_sdp("2").

If the NAT is hairpin enabled then UAs behind the same port restricted NAT
can talk to each other.

~Vamsi

On 9/25/06, kjcsb <kjcsb at orcon.net.nz> wrote:
>
>
>
> > Yes, you are most definitely on to something. NAT-handling is complex
> and
> > it takes some work to fine-tune it the way you want. I few comments:
> > - Look at nathelper's nat_uac_test. It has more options and better
> > control, look at option 16, which is very good for detecting symmetric
> > NATs where STUN or an ALG has tried to fix the message
> > - If you are doing pstn, your gw supporting active media will reduce
> your
> > proxied calls to none
> > - sipura has many nat-handling options and takes some tweaking to get
> them
> > right for your config
> > - The behavior of the UAs will differ depending on the type of NAT they
> > are behind. When behind a symmetric NAT, they should not try to fix the
> > ip:port, but some do. nat_uac_test("16") will in most cases reveal this
> >
> > Good luck! (and I'm sure others would appreciate a how-to on optimizing
> > NAT at iptel.org
> > http://www.iptel.org/node/add/flexinode-4
> > If you create one, I'll help out in making it accurate)
> > Also, make sure you have a look at the new NAT-handling document:
> > http://www.iptel.org/ser/howtos/optimizing_the_use_of_rtp_proxy
> > g-)
> >
> Many thanks. I've read and reread "Optimizing the use of rtp proxy". I've
> also done a lot more reading on SDP & RTP which is most relevant to the
> audio issue. Signalling is not the problem i.e. the messages are passed
> back
> and forward through the proxy and I'm happy with that. It's the audio I
> want
> to offload.
>
> I think the key unanswered question I have is this: in the (seemingly)
> most
> common scenario of two symmetric (signalling and RTP) UAs behind two
> different (port) restricted cone NATs, can two-way audio be established
> without the use of a media proxy? I had previously thought that was
> possible
> but the latest reading I have done indicates not. Why? Because one side
> must
> initiate the audio part of the call and the other side's NAT device will
> not
> know where to send that audio on the LAN side of the network. Could
> someone
> put me out of my misery and confirm one way or the other?
>
> I had thought another alternative was to map the RTP ports on the NAT
> device. This would mean forwarding ranges of ports to specific IP
> addresses
> (each different port range relating to a specific UA) on the NAT device.
> Each UA would then be configured to send RTP traffic on the port range
> relating to its IP address. But if both sides are behind NAT then am I
> right
> in thinking that this won't work either because the callees NAT device
> still
> doesn't know where to send it?
>
> Regarding me documenting my solution it looks to me like it's already been
> done in "Optimizing the use of rtp proxy"! I'm currently using media proxy
> so the main difference would be that the media proxy selection would be
> based on the domain rather than an avp.e.g. west.domain.com goes to one
> proxy and east.domain.com goes to another.
>
> Cameron
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060925/10edfefe/attachment.htm>


More information about the sr-users mailing list