150 likes | 173 Views
This paper discusses various methods like ALG, STUN, TURN, and FCP for integrating SIP with firewalls and NAT, presenting a system to offer SIP services behind NATs. It covers different NAT types, STUN, and TURN technologies with examples for better understanding.
E N D
The SIP-Based System Used in Connection with a Firewall Peter Koski, Jorma Ylinen, Pekka Loula Tampere University of Technology, Pori Pohjoisranta 11 A, P.O.Box 300, FIN-28101 Pori,Finland speaker:Wenping Zhang date:2007.09.07
Outline • Introduction • Types of NAT • Technology • Example • Conclusion • References
Introduction • Different methods, such as ALG, STUN, TURN and FCP have been proposed for using SIP together with firewalls and NAT. • The most suitable solution has to be determined in every situation. • In this paper a system which makes it possible to offer SIP service to customers behind NAT is presented.
Types of NAT • Full Cone • Restricted Cone • Port Restricted Cone • Symmetric
Technology 1/2 • Simple Traversal of UDP through NATs (STUN)
Technology 2/2 • Traversal Using Relay NAT (TURN)
INVITE sip:6229002@193.167.88.44 SIP/2.0 Via: SIP/2.0/UDP 192.168.0.27:5060;branch=z9hG4bK58659f1f From: "6229001" <sip:6229001@193.167.88.44> ;tag=00115c40752 To: <sip:6229002@193.167.88.44> Call-ID: 00115c40-752@192.168.0.27 CSeq: 101 INVITE Contact: <sip:6229001@192.168.0.27:5060> Content-Type: application/sdp Content-Length: 247 v=0 o=Cisco-SIPUA 25800 13441 IN IP4 192.168.0.27 s=SIP Call c=IN IP4 192.168.0.27 m=audio 26324RTP/AVP 8 0 18 101 a=rtpmap:0 PCMU/8000 Example 1/3 INVITE sip:6229002@193.167.88.43:5060 SIP/2.0 Record-Route: <sip:6229002@193.167.88.44;ftag=00115c40752;lr=on> Via: SIP/2.0/UDP 193.167.88.44 Via: SIP/2.0/UDP 192.168.0.27:5060;rport=1162;received=193.167.88.45 From: "6229001" <sip:6229001@193.167.88.44>;tag=00115c40752 To: <sip:6229002@193.167.88.44> Call-ID: 00115c40-752@192.168.0.27 CSeq: 101 INVITE Contact: <sip:6229001@193.167.88.45:1162> Content-Type: application/sdp Content-Length: 286 v=0 o=Cisco-SIPUA 25800 13441 IN IP4 192.168.0.27 s=SIP Call c=IN IP4 193.167.88.44 m=audio 35080RTP/AVP 8 0 18 101 a=rtpmap:0 PCMU/8000
Example 2/3 • Use STUN for SIP Registration
Example 3/3 • Use STUN for RTP
Conclusion • STUN and TURN require client support and this may be a problem in some cases. • TURN can be used with a symmetric NAT, but few clients support TURN.
References • The SIP-Based System Used in Connection with a Firewall • NAT Traversal for VoIP