background image

snom technology AG  •  39

[  

S N O M

  4 S   N A T   F

I L T E R

  ]

4.3.9 Maximum Packet Size

The 

Max  MTU 

tells  the  filter  what  the  maximum  packet  size 

should  be.  Typically,  on  Ethernet  networks,  packets  with  more  than 

1492 bytes payload cannot be transported without splitting them up into 

several packets. As described in the hide routing feature, this can lead to 

big problems in today’s DSL networks. 

If you set this variable, the NAT filter will attempt to compress the 

message until it fits into the size. By default, it will use the short names 

(e.g.  “l”  instead  of  “Content-Length”).  If  this  should  not  be  enough,  it 

will start to remove headers. These headers are: “User-Agent”, “Accept-

Language”, “P-Key-Flags”, “Allow”, and “Allow-Events”. If the packet is still 

too big, it will stop compressing the packet and send it as it is. If you want 

to remove other headers, please use the “remove the following headers” 

feature described below.

4.3.10 

Silence Suppression

Silence suppression is a little problematic for the filter. When a 

user agent does not send media, it might lead to closing of allocated NAT 

ports on the media. Therefore, it is usually safer to turn silence suppres-

sion off. We recommend doing this by provisioning the respective setting 

to the user agents; however there is a way to indicate this in the SDP as 

well. If you turn the 

Add silence suppression flag

 on, the filter will add 

this hint to the SDP. Usually it does not cause any additional problems; 

however it makes the packet a little bit bigger which could cause addi-

tional problems with the UDP fragmentation problem.

4.3.11 

Connection Oriented Media

Typically,  you  want  two-way  communication  between  the  same 

ports  in  a  conversation.  Unfortunately,  the  IETF  specifications  do  not 

mandate this. For example, it is allowed to have different ports for send-

ing and for receiving data. This causes big problems when trying to make 

phone calls trough NAT. The comedia approach tries to standardize the 

requirements  on  using  the  same  port  for  sending  and  receiving  and  to 

indicate if two-way communication is really desired. By turning the 

Add 

comedia flag

 feature on, you will make the filter add a suitable flag to 

SDP to indicate that this behaviour is desired. The disadvantage of this 

4.

Содержание 4S NAT Filter

Страница 1: ...snom 4S NAT Filter Admin Manual snom 4S NAT Filter Version 2 09...

Страница 2: ...described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license agreement It is against the law to copy or use this software except...

Страница 3: ...imizing the Media Path for Symmetrical NAT 14 2 3 Filter Behaviour 15 2 3 1 Registering without UA Support 15 2 3 2 Registering with UA Support 16 2 3 3 RTP Relay 18 2 4 Scaling and Redundancy 20 2 5...

Страница 4: ...4 3 11 Connection Oriented Media 39 4 3 12 Removing Headers 40 4 3 13 Codec Control 40 4 3 14 Web Server Integration 40 4 4 Timeout Settings 42 4 4 1 Register Timeouts 43 4 4 2 Call Timeouts 44 4 5 Se...

Страница 5: ...g Through a separate management interface operators can de ne numbers and patterns that are silently recorded Users may explicitly request the recording of a call by pressing a key on the phone in thi...

Страница 6: ...SIP equipment and can for example put between a PSTN gateway and SIP phones 1 2 Features The lter offers powerful features based on modern VoIP technology The built in RFC3261 compliant SIP proxy make...

Страница 7: ...ll TLS support will be added soon To and From headers may be changed for calls The lter talks to a web application server to get this information Simple request routing feature The web application ser...

Страница 8: ...top the UAC from repeating messages These three exceptions make sure that all user agents will work behind NAT no matter what NAT type or how many NAT levels are being used If user agents support ICE...

Страница 9: ...ss That means that only the traf c that is destined to the operator s domain will use the service of the NAT Filter However users might be annoyed if they place a call to a domain that does not proper...

Страница 10: ...ally nd the shortest media path to the other party peer to peer 2 2 NAT Network Address Translation NAT is a reality in today s networks Many operators save IP addresses by providing only one IP addre...

Страница 11: ...s between full cone NAT and sym metrical NAT Restricted port NAT works similar to symmetrical NAT but uses only one port association Hairpinning is the ability of the NAT to route packets coming from...

Страница 12: ...eed of light increases the delay for voice transmission SIP was designed for peer to peer communication That means the user agents telephones send the media directly to the other user agent This appro...

Страница 13: ...ore addresses allocated with the TURN protocol or an address allocated with UPnP Because in practice it is hard to predict which of these addresses are visible to the other user agent all of the possi...

Страница 14: ...ocated in the same network Unfortunately it is not trivial to make the media path shorter There have been some attempts to reduce the problem but it is much easier to address the problem starting at t...

Страница 15: ...145 183 113 12975 branch z9hG4bK abx3au3mxb01 rport From denny sip denny snomag de tag k9p6fmeg7h To denny sip denny snomag de Call ID 3c26701d7cb9 pady07b5783t 203 145 183 113 CSeq 14 REGISTER Max F...

Страница 16: ...denny snomag de tag k9p6fmeg7h To denny sip denny snomag de tag epuy85kzm5 Call ID 3c26701d7cb9 pady07b5783t 203 145 183 113 CSeq 14 REGISTER Contact sip denny 203 145 183 113 12975 line lhynyb3y exp...

Страница 17: ...790b cj4sy7drgp6q 192 168 1 10 CSeq 2 REGISTER Max Forwards 70 Contact sip kk 192 168 1 10 5060 line 5zy4hsui q 0 7 User Agent snom200 2 05h P NAT Refresh 15 Supported gruu Expires 86400 Content Lengt...

Страница 18: ...might not be able to receive media directly In some cases this is because the user agent is simply not programmed to allocate an address properly or because it is behind symmetrical NAT which makes it...

Страница 19: ...r agent operates without NAT support it will send a SDP like the one below n v 0 o root 19387 19387 IN IP4 192 168 1 10 s call c IN IP4 192 168 1 10 t 0 0 m audio 58146 RTP AVP 0 8 3 18 2 101 a rtpmap...

Страница 20: ...able serv ers on DNS level the user agents must perform DNS SRV look ups and pick one of the servers possible using the detection algorithms described below The following table shows an example con gu...

Страница 21: ...nd more test packets and take the mean response time for making the decision The snom 4S NAT Filter includes a STUN server that operates on the SIP UDP port User agents should send their test packets...

Страница 22: ...minate calls anyway It does not only send BYE messages to both sides of the call it also cuts media relaying which in practice will be used in most cases when the call is ter minated via PSTN This fea...

Страница 23: ...gy AG 23 S N O M 4 S N A T F I L T E R If the proxy wants to provide information about how long the call can stay up it should use AOC information snom can help on implementing this feature in network...

Страница 24: ...24 Architecture S N O M 4 S N A T F I L T E R 2...

Страница 25: ...ou with the necessary information 3 1 Windows The Windows version of the NAT Filter comes with an InstallShield application that should make the installation very simple for you Before you start the i...

Страница 26: ...To start the installation simply double click on the installation executable You will see the Welcome screen of the installation dialog To continue the installation read the text and click on the Nex...

Страница 27: ...hat the code is correct copy paste If you don t have a license key NAT Filter will automatically gener ate a trial license key for you for a limited period of time If you wish to use this mechanism pl...

Страница 28: ...ve entered the necessary information the last dialog will ask you to start the installation You will see a progress indication The installation typically takes only a few seconds The installation incl...

Страница 29: ...NAT Filter service go to the Control Panel select Ad ministrative Tools and double click on Services You will see the list of services including the snom 4S NAT Filter If you select the properties men...

Страница 30: ...istribution for installing additional software or as root via the command line If you enter the command line rpm ihv snom rpm as user root in the directory where the RPM is stored it should install th...

Страница 31: ...ser interaction The software is now installed with default values for the HTTP and SIP ports Please verify rst if the default values in etc sycon g snom match your local requirements before you start...

Страница 32: ...32 Installation S N O M 4 S N A T F I L T E R 3...

Страница 33: ...ure 2 The default login name is admin and there is no password set you should change this if it has not already been done for you The login creates a session This session will timeout after a cer tain...

Страница 34: ...automatically take care about user agents behind NAT Buggy SIP aware rewalls don t introduce new problems by modifying SIP packets Less dangerous for DoS attacks Several SIP services can be run on the...

Страница 35: ...4 3 System Settings 4 3 1 Logging The Log Level de nes the granularity with which messages are written into the log A log level 0 means that only the most urgent messages are written a log level of 9...

Страница 36: ...lter This allows the continuation of the service without waiting for the user agents to re register This interval should be longer than the maximum time that you give user agents for reregistration 4...

Страница 37: ...dard The Hide Routing ag will replace route sets with a unique route index when requests or responses are sent to a registered user agent Via headers are also replaced with one Via header This feature...

Страница 38: ...ners have made the design decision that in this situation all 2xx responses must be sent back to the UAC which has to resolve the condition Unfortunately only a small percentage of existing user agent...

Страница 39: ...s not send media it might lead to closing of allocated NAT ports on the media Therefore it is usually safer to turn silence suppres sion off We recommend doing this by provisioning the respective sett...

Страница 40: ...lists the codecs separated by space that you will allow If you don t set anything here all codecs will be allowed The codecs must be written in their SDP name for example ulaw alaw gsm g729 g723 etc...

Страница 41: ...ocating the web server no http proxy is allowed Before the lter sends out the web request to the URI it auto matically appends some parameters to the URI The parameter action is always set to the valu...

Страница 42: ...from This parameter contains the new value for the from header It may include the display name therefore the corner bracket style must be used Example from 1234 sip 1234 snom com to Same for to header...

Страница 43: ...a much longer time some implementations close their ports after a short timeout Therefore TCP connections must also be refreshed You can use two different methods for refreshing If you use OP TIONS fo...

Страница 44: ...t op tions responses might be returned in time The Refresh Interval tell the lter after how many seconds it should send the No Response Timeout tells the lter how long it should wait for a response If...

Страница 45: ...ly last for a relatively long time without any signalling refreshes Unfortunately in SIP the session timer is not mandatory and has not been implemented in most of the user agents Therefore the lter c...

Страница 46: ...ess the web server after this time you need to log on again If you change the password dur ing a session you do not have to enter the new password for the existing session If you have bought a certi c...

Страница 47: ...uest must be routed to the PSTN gateway If you set up a DNS name for the PSTN gateway and set the destination to the lter you can elegantly redirect all outgoing calls to the PSTN gateway trough the l...

Страница 48: ...orts RFC3264 that means transport layer tcp tls udp and nal destination are determined through DNS NAPTR SRV and A lookups 4 7 System Information In the system information you can check the exact buil...

Страница 49: ...ontains an abstract of the received or sent packet The Time column shows you when the packet has been sent or received The Type shows if the packet has been sent or received in particular Tx means the...

Страница 50: ...The start eld shows when the call start ed with its rst packet This time is not identical with the time when the call was established this is usually a little later The reason eld shows the reason wh...

Страница 51: ...nformation about one stream The number in bold before the stream shows the stream index If that stream has been mapped to another stream the number in bold behind the colon indicates what stream it ha...

Страница 52: ...y indicates that the user agent tries to register several times possibly on different proxies or after rebooting The logic of the lter will make sure that only one refresh per destination occurs Pleas...

Страница 53: ...e requests which outbound proxy to use for NAT Filter Please don t run too many other services on the host that can de grade the performance of the server We recommend using the serv er only for NAT F...

Страница 54: ...SIP up so that they point to the NAT Filter SIP UDP port Please don t use other transport layers than UDP Do not set up DNS SRV records for TCP or TLS References 1 Rosenberg J Schulzrinne H Camarillo...

Страница 55: ......

Страница 56: ...2004 snom technology AG All rights reserved snom technology Aktiengesellschaft Pascalstr 10B 10587 Berlin Germany Phone 49 30 39833 0 mailto info snom com http www snom com sip info snom com...

Отзывы: