Snom 4S NAT Filter Admin Manual Download

Page: 18 / 56

18 • Architecture

[

S N O M

4 S N A T F

I L T E R

]

2.3.3 RTP Relay

When initiating a call, user agents usually include a Session

Description Protocol (SDP) attachment that describes where they expect

media. If the user agent operates on a public Internet address, there is

no need to interfere in this process. In this case the ﬁlter will just forward

the request.

Operators should encourage customers to use equipment that

operates on a public Internet address or properly allocates a globally

routable Internet address. Because media relay is an expensive operation,

it reduces the overall load on the network and at the same time increases

the quality of the service.

However, when a user agent is behind NAT, it might not be able

to receive media directly. In some cases this is because the user agent is

simply not programmed to allocate an address properly or because it is

behind symmetrical NAT, which makes it impossible to properly allocate

this address. In this case, the help of the media ﬁlter will make sure that

media will always be delivered properly.

The media ﬁlter supports the “interactive connectivity

establishment” (ICE) method that has been published recently in the IETF.

Table 1: NAT conbimations

To/From

Public IP Full Cone

NAT

Restricted

NAT

Symmetrical

NAT

Public IP

Always

When

STUN

support is

available

When STUN

and ICE are

available

When STUN

and ICE are

available

Full Cone NAT

When

STUN is

available

When STUN

and ICE are

available

When STUN

and ICE are

available

Restricted

NAT

When STUN

and ICE are

available

When STUN

and ICE are

available

and no port

checking

Symmetrical

NAT

Needs ﬁlter

Summary of Contents for 4S NAT Filter

Page 1: ...snom 4S NAT Filter Admin Manual snom 4S NAT Filter Version 2 09...

Page 2: ...described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license agreement It is against the law to copy or use this software except...

Page 3: ...imizing the Media Path for Symmetrical NAT 14 2 3 Filter Behaviour 15 2 3 1 Registering without UA Support 15 2 3 2 Registering with UA Support 16 2 3 3 RTP Relay 18 2 4 Scaling and Redundancy 20 2 5...

Page 4: ...4 3 11 Connection Oriented Media 39 4 3 12 Removing Headers 40 4 3 13 Codec Control 40 4 3 14 Web Server Integration 40 4 4 Timeout Settings 42 4 4 1 Register Timeouts 43 4 4 2 Call Timeouts 44 4 5 Se...

Page 5: ...g Through a separate management interface operators can de ne numbers and patterns that are silently recorded Users may explicitly request the recording of a call by pressing a key on the phone in thi...

Page 6: ...SIP equipment and can for example put between a PSTN gateway and SIP phones 1 2 Features The lter offers powerful features based on modern VoIP technology The built in RFC3261 compliant SIP proxy make...

Page 7: ...ll TLS support will be added soon To and From headers may be changed for calls The lter talks to a web application server to get this information Simple request routing feature The web application ser...

Page 8: ...top the UAC from repeating messages These three exceptions make sure that all user agents will work behind NAT no matter what NAT type or how many NAT levels are being used If user agents support ICE...

Page 9: ...ss That means that only the traf c that is destined to the operator s domain will use the service of the NAT Filter However users might be annoyed if they place a call to a domain that does not proper...

Page 10: ...ally nd the shortest media path to the other party peer to peer 2 2 NAT Network Address Translation NAT is a reality in today s networks Many operators save IP addresses by providing only one IP addre...

Page 11: ...s between full cone NAT and sym metrical NAT Restricted port NAT works similar to symmetrical NAT but uses only one port association Hairpinning is the ability of the NAT to route packets coming from...

Page 12: ...eed of light increases the delay for voice transmission SIP was designed for peer to peer communication That means the user agents telephones send the media directly to the other user agent This appro...

Page 13: ...ore addresses allocated with the TURN protocol or an address allocated with UPnP Because in practice it is hard to predict which of these addresses are visible to the other user agent all of the possi...

Page 14: ...ocated in the same network Unfortunately it is not trivial to make the media path shorter There have been some attempts to reduce the problem but it is much easier to address the problem starting at t...

Page 15: ...145 183 113 12975 branch z9hG4bK abx3au3mxb01 rport From denny sip denny snomag de tag k9p6fmeg7h To denny sip denny snomag de Call ID 3c26701d7cb9 pady07b5783t 203 145 183 113 CSeq 14 REGISTER Max F...

Page 16: ...denny snomag de tag k9p6fmeg7h To denny sip denny snomag de tag epuy85kzm5 Call ID 3c26701d7cb9 pady07b5783t 203 145 183 113 CSeq 14 REGISTER Contact sip denny 203 145 183 113 12975 line lhynyb3y exp...

Page 17: ...790b cj4sy7drgp6q 192 168 1 10 CSeq 2 REGISTER Max Forwards 70 Contact sip kk 192 168 1 10 5060 line 5zy4hsui q 0 7 User Agent snom200 2 05h P NAT Refresh 15 Supported gruu Expires 86400 Content Lengt...

Page 18: ...might not be able to receive media directly In some cases this is because the user agent is simply not programmed to allocate an address properly or because it is behind symmetrical NAT which makes it...

Page 19: ...r agent operates without NAT support it will send a SDP like the one below n v 0 o root 19387 19387 IN IP4 192 168 1 10 s call c IN IP4 192 168 1 10 t 0 0 m audio 58146 RTP AVP 0 8 3 18 2 101 a rtpmap...

Page 20: ...able serv ers on DNS level the user agents must perform DNS SRV look ups and pick one of the servers possible using the detection algorithms described below The following table shows an example con gu...

Page 21: ...nd more test packets and take the mean response time for making the decision The snom 4S NAT Filter includes a STUN server that operates on the SIP UDP port User agents should send their test packets...

Page 22: ...minate calls anyway It does not only send BYE messages to both sides of the call it also cuts media relaying which in practice will be used in most cases when the call is ter minated via PSTN This fea...

Page 23: ...gy AG 23 S N O M 4 S N A T F I L T E R If the proxy wants to provide information about how long the call can stay up it should use AOC information snom can help on implementing this feature in network...

Page 24: ...24 Architecture S N O M 4 S N A T F I L T E R 2...

Page 25: ...ou with the necessary information 3 1 Windows The Windows version of the NAT Filter comes with an InstallShield application that should make the installation very simple for you Before you start the i...

Page 26: ...To start the installation simply double click on the installation executable You will see the Welcome screen of the installation dialog To continue the installation read the text and click on the Nex...

Page 27: ...hat the code is correct copy paste If you don t have a license key NAT Filter will automatically gener ate a trial license key for you for a limited period of time If you wish to use this mechanism pl...

Page 28: ...ve entered the necessary information the last dialog will ask you to start the installation You will see a progress indication The installation typically takes only a few seconds The installation incl...

Page 29: ...NAT Filter service go to the Control Panel select Ad ministrative Tools and double click on Services You will see the list of services including the snom 4S NAT Filter If you select the properties men...

Page 30: ...istribution for installing additional software or as root via the command line If you enter the command line rpm ihv snom rpm as user root in the directory where the RPM is stored it should install th...

Page 31: ...ser interaction The software is now installed with default values for the HTTP and SIP ports Please verify rst if the default values in etc sycon g snom match your local requirements before you start...

Page 32: ...32 Installation S N O M 4 S N A T F I L T E R 3...

Page 33: ...ure 2 The default login name is admin and there is no password set you should change this if it has not already been done for you The login creates a session This session will timeout after a cer tain...

Page 34: ...automatically take care about user agents behind NAT Buggy SIP aware rewalls don t introduce new problems by modifying SIP packets Less dangerous for DoS attacks Several SIP services can be run on the...

Page 35: ...4 3 System Settings 4 3 1 Logging The Log Level de nes the granularity with which messages are written into the log A log level 0 means that only the most urgent messages are written a log level of 9...

Page 36: ...lter This allows the continuation of the service without waiting for the user agents to re register This interval should be longer than the maximum time that you give user agents for reregistration 4...

Page 37: ...dard The Hide Routing ag will replace route sets with a unique route index when requests or responses are sent to a registered user agent Via headers are also replaced with one Via header This feature...

Page 38: ...ners have made the design decision that in this situation all 2xx responses must be sent back to the UAC which has to resolve the condition Unfortunately only a small percentage of existing user agent...

Page 39: ...s not send media it might lead to closing of allocated NAT ports on the media Therefore it is usually safer to turn silence suppres sion off We recommend doing this by provisioning the respective sett...

Page 40: ...lists the codecs separated by space that you will allow If you don t set anything here all codecs will be allowed The codecs must be written in their SDP name for example ulaw alaw gsm g729 g723 etc...

Page 41: ...ocating the web server no http proxy is allowed Before the lter sends out the web request to the URI it auto matically appends some parameters to the URI The parameter action is always set to the valu...

Page 42: ...from This parameter contains the new value for the from header It may include the display name therefore the corner bracket style must be used Example from 1234 sip 1234 snom com to Same for to header...

Page 43: ...a much longer time some implementations close their ports after a short timeout Therefore TCP connections must also be refreshed You can use two different methods for refreshing If you use OP TIONS fo...

Page 44: ...t op tions responses might be returned in time The Refresh Interval tell the lter after how many seconds it should send the No Response Timeout tells the lter how long it should wait for a response If...

Page 45: ...ly last for a relatively long time without any signalling refreshes Unfortunately in SIP the session timer is not mandatory and has not been implemented in most of the user agents Therefore the lter c...

Page 46: ...ess the web server after this time you need to log on again If you change the password dur ing a session you do not have to enter the new password for the existing session If you have bought a certi c...

Page 47: ...uest must be routed to the PSTN gateway If you set up a DNS name for the PSTN gateway and set the destination to the lter you can elegantly redirect all outgoing calls to the PSTN gateway trough the l...

Page 48: ...orts RFC3264 that means transport layer tcp tls udp and nal destination are determined through DNS NAPTR SRV and A lookups 4 7 System Information In the system information you can check the exact buil...

Page 49: ...ontains an abstract of the received or sent packet The Time column shows you when the packet has been sent or received The Type shows if the packet has been sent or received in particular Tx means the...

Page 50: ...The start eld shows when the call start ed with its rst packet This time is not identical with the time when the call was established this is usually a little later The reason eld shows the reason wh...

Page 51: ...nformation about one stream The number in bold before the stream shows the stream index If that stream has been mapped to another stream the number in bold behind the colon indicates what stream it ha...

Page 52: ...y indicates that the user agent tries to register several times possibly on different proxies or after rebooting The logic of the lter will make sure that only one refresh per destination occurs Pleas...

Page 53: ...e requests which outbound proxy to use for NAT Filter Please don t run too many other services on the host that can de grade the performance of the server We recommend using the serv er only for NAT F...

Page 54: ...SIP up so that they point to the NAT Filter SIP UDP port Please don t use other transport layers than UDP Do not set up DNS SRV records for TCP or TLS References 1 Rosenberg J Schulzrinne H Camarillo...

Page 55: ......

Page 56: ...2004 snom technology AG All rights reserved snom technology Aktiengesellschaft Pascalstr 10B 10587 Berlin Germany Phone 49 30 39833 0 mailto info snom com http www snom com sip info snom com...

Search results

Summary of Contents for 4S NAT Filter

Reviews:

Related manuals for 4S NAT Filter

Brands by name

Popular brands

Snom 4S NAT Filter, Admin Manual

Search results

Summary of Contents for 4S NAT Filter

Reviews:

Related manuals for 4S NAT Filter

Brands by name

Popular brands