12 • Architecture
[
S N O M
4 S N A T F
I L T E R
]
In SIP it is legal to send from a different port than the receiving
port. When this is being done, there is no way of supporting these de-
vices behind NAT. However, some phones offer an option that disables this
mechanism so that the sending port is the same as the receiving port.
Typically, the SIP proxy will run on a public IP address where it
is possible to deal with all kinds of NAT. Keep-Alive messages may keep
the NAT binding open (for example, short registration periods or non-SIP
messages).
2.2.4 Media RTP
Media is much more problematic than SIP because users are
sensitive to delay in a voice conversation. When the delay is too long, the
speakers need to be disciplined not to interrupt the other person when
starting to speak. Also, the ear is much more sensitive to echo when the
media delay becomes too long. The effect is known from intercontinental
calls where the speed of light increases the delay for voice transmission.
SIP was designed for peer-to-peer communication. That means
the user agents (telephones) send the media directly to the other user
agent. This approach is the best way to minimize the delay; however, it
becomes a problem when NAT is involved.
2.2.5 Classification of User Agents
From a filter point of view, available user agents can be classified
into the following categories:
•
Public IP devices. These devices operate on public IP addresses and
don’t need any specific support regarding NAT. The true location of
these devices may be in a private network, as they might have al-
located a public identity using mechanisms like UPnP™ [3]. These
devices are most welcome as they don’t cause any additional re-
quirements.
•
STUN devices. Phones that operate behind full cone NAT and allo-
cate public IP addresses themselves fall into this category. The only
support that the proxy needs to give is a STUN server. Apart from
that they act like public IP devices.
•
Non NAT-aware devices. These devices don’t attempt to check the
NAT type or to allocate a public IP address. Often, they are “legacy”
2.