background image

snom technology AG  •  51

[  

S N O M

  4 S   N A T   F

I L T E R

  ]

was  terminated  because  the  maximum  session  time  has  been 
reached. This time is indicated by the P-Session-Timeout header.

4.11 Current Ports

It  is  important  to  see  which  calls  are  active  on  the  filter.  The 

Current Ports web page lists the calls where the filter performs relaying 

on media.

The from and to-field show which participants are involved in this 

media relay. The start column shows you when the port was created.

In the destinations field the user may see more information about 

how the different streams in the SDP are mapped. Each line consists of 

information  about  one  stream.  The  number  in  bold  before  the  stream 

shows  the  stream  index.  If  that  stream  has  been  mapped  to  another 

stream,  the  number  in  bold  behind  the  colon  indicates  what  stream  it 

has been mapped to. The number behind the space shows the index in 

the SDP. Because a conversation can have more than one SDP, the index 

usually occurs in several places. The indexes are matched by their value, 

according to their position in the SDP. The next number in bold shows the 

port number.

The next field shows the default destination that was indicated in 

the SDP. If the destination has not been locked, that address is shown in 

brackets and the list of learned addresses is shown after it. An address is 

locked when the NAT Filter received a packet on this port from the location 

indicated in the SDP.

4.

Содержание 4S NAT Filter

Страница 1: ...snom 4S NAT Filter Admin Manual snom 4S NAT Filter Version 2 09...

Страница 2: ...described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license agreement It is against the law to copy or use this software except...

Страница 3: ...imizing the Media Path for Symmetrical NAT 14 2 3 Filter Behaviour 15 2 3 1 Registering without UA Support 15 2 3 2 Registering with UA Support 16 2 3 3 RTP Relay 18 2 4 Scaling and Redundancy 20 2 5...

Страница 4: ...4 3 11 Connection Oriented Media 39 4 3 12 Removing Headers 40 4 3 13 Codec Control 40 4 3 14 Web Server Integration 40 4 4 Timeout Settings 42 4 4 1 Register Timeouts 43 4 4 2 Call Timeouts 44 4 5 Se...

Страница 5: ...g Through a separate management interface operators can de ne numbers and patterns that are silently recorded Users may explicitly request the recording of a call by pressing a key on the phone in thi...

Страница 6: ...SIP equipment and can for example put between a PSTN gateway and SIP phones 1 2 Features The lter offers powerful features based on modern VoIP technology The built in RFC3261 compliant SIP proxy make...

Страница 7: ...ll TLS support will be added soon To and From headers may be changed for calls The lter talks to a web application server to get this information Simple request routing feature The web application ser...

Страница 8: ...top the UAC from repeating messages These three exceptions make sure that all user agents will work behind NAT no matter what NAT type or how many NAT levels are being used If user agents support ICE...

Страница 9: ...ss That means that only the traf c that is destined to the operator s domain will use the service of the NAT Filter However users might be annoyed if they place a call to a domain that does not proper...

Страница 10: ...ally nd the shortest media path to the other party peer to peer 2 2 NAT Network Address Translation NAT is a reality in today s networks Many operators save IP addresses by providing only one IP addre...

Страница 11: ...s between full cone NAT and sym metrical NAT Restricted port NAT works similar to symmetrical NAT but uses only one port association Hairpinning is the ability of the NAT to route packets coming from...

Страница 12: ...eed of light increases the delay for voice transmission SIP was designed for peer to peer communication That means the user agents telephones send the media directly to the other user agent This appro...

Страница 13: ...ore addresses allocated with the TURN protocol or an address allocated with UPnP Because in practice it is hard to predict which of these addresses are visible to the other user agent all of the possi...

Страница 14: ...ocated in the same network Unfortunately it is not trivial to make the media path shorter There have been some attempts to reduce the problem but it is much easier to address the problem starting at t...

Страница 15: ...145 183 113 12975 branch z9hG4bK abx3au3mxb01 rport From denny sip denny snomag de tag k9p6fmeg7h To denny sip denny snomag de Call ID 3c26701d7cb9 pady07b5783t 203 145 183 113 CSeq 14 REGISTER Max F...

Страница 16: ...denny snomag de tag k9p6fmeg7h To denny sip denny snomag de tag epuy85kzm5 Call ID 3c26701d7cb9 pady07b5783t 203 145 183 113 CSeq 14 REGISTER Contact sip denny 203 145 183 113 12975 line lhynyb3y exp...

Страница 17: ...790b cj4sy7drgp6q 192 168 1 10 CSeq 2 REGISTER Max Forwards 70 Contact sip kk 192 168 1 10 5060 line 5zy4hsui q 0 7 User Agent snom200 2 05h P NAT Refresh 15 Supported gruu Expires 86400 Content Lengt...

Страница 18: ...might not be able to receive media directly In some cases this is because the user agent is simply not programmed to allocate an address properly or because it is behind symmetrical NAT which makes it...

Страница 19: ...r agent operates without NAT support it will send a SDP like the one below n v 0 o root 19387 19387 IN IP4 192 168 1 10 s call c IN IP4 192 168 1 10 t 0 0 m audio 58146 RTP AVP 0 8 3 18 2 101 a rtpmap...

Страница 20: ...able serv ers on DNS level the user agents must perform DNS SRV look ups and pick one of the servers possible using the detection algorithms described below The following table shows an example con gu...

Страница 21: ...nd more test packets and take the mean response time for making the decision The snom 4S NAT Filter includes a STUN server that operates on the SIP UDP port User agents should send their test packets...

Страница 22: ...minate calls anyway It does not only send BYE messages to both sides of the call it also cuts media relaying which in practice will be used in most cases when the call is ter minated via PSTN This fea...

Страница 23: ...gy AG 23 S N O M 4 S N A T F I L T E R If the proxy wants to provide information about how long the call can stay up it should use AOC information snom can help on implementing this feature in network...

Страница 24: ...24 Architecture S N O M 4 S N A T F I L T E R 2...

Страница 25: ...ou with the necessary information 3 1 Windows The Windows version of the NAT Filter comes with an InstallShield application that should make the installation very simple for you Before you start the i...

Страница 26: ...To start the installation simply double click on the installation executable You will see the Welcome screen of the installation dialog To continue the installation read the text and click on the Nex...

Страница 27: ...hat the code is correct copy paste If you don t have a license key NAT Filter will automatically gener ate a trial license key for you for a limited period of time If you wish to use this mechanism pl...

Страница 28: ...ve entered the necessary information the last dialog will ask you to start the installation You will see a progress indication The installation typically takes only a few seconds The installation incl...

Страница 29: ...NAT Filter service go to the Control Panel select Ad ministrative Tools and double click on Services You will see the list of services including the snom 4S NAT Filter If you select the properties men...

Страница 30: ...istribution for installing additional software or as root via the command line If you enter the command line rpm ihv snom rpm as user root in the directory where the RPM is stored it should install th...

Страница 31: ...ser interaction The software is now installed with default values for the HTTP and SIP ports Please verify rst if the default values in etc sycon g snom match your local requirements before you start...

Страница 32: ...32 Installation S N O M 4 S N A T F I L T E R 3...

Страница 33: ...ure 2 The default login name is admin and there is no password set you should change this if it has not already been done for you The login creates a session This session will timeout after a cer tain...

Страница 34: ...automatically take care about user agents behind NAT Buggy SIP aware rewalls don t introduce new problems by modifying SIP packets Less dangerous for DoS attacks Several SIP services can be run on the...

Страница 35: ...4 3 System Settings 4 3 1 Logging The Log Level de nes the granularity with which messages are written into the log A log level 0 means that only the most urgent messages are written a log level of 9...

Страница 36: ...lter This allows the continuation of the service without waiting for the user agents to re register This interval should be longer than the maximum time that you give user agents for reregistration 4...

Страница 37: ...dard The Hide Routing ag will replace route sets with a unique route index when requests or responses are sent to a registered user agent Via headers are also replaced with one Via header This feature...

Страница 38: ...ners have made the design decision that in this situation all 2xx responses must be sent back to the UAC which has to resolve the condition Unfortunately only a small percentage of existing user agent...

Страница 39: ...s not send media it might lead to closing of allocated NAT ports on the media Therefore it is usually safer to turn silence suppres sion off We recommend doing this by provisioning the respective sett...

Страница 40: ...lists the codecs separated by space that you will allow If you don t set anything here all codecs will be allowed The codecs must be written in their SDP name for example ulaw alaw gsm g729 g723 etc...

Страница 41: ...ocating the web server no http proxy is allowed Before the lter sends out the web request to the URI it auto matically appends some parameters to the URI The parameter action is always set to the valu...

Страница 42: ...from This parameter contains the new value for the from header It may include the display name therefore the corner bracket style must be used Example from 1234 sip 1234 snom com to Same for to header...

Страница 43: ...a much longer time some implementations close their ports after a short timeout Therefore TCP connections must also be refreshed You can use two different methods for refreshing If you use OP TIONS fo...

Страница 44: ...t op tions responses might be returned in time The Refresh Interval tell the lter after how many seconds it should send the No Response Timeout tells the lter how long it should wait for a response If...

Страница 45: ...ly last for a relatively long time without any signalling refreshes Unfortunately in SIP the session timer is not mandatory and has not been implemented in most of the user agents Therefore the lter c...

Страница 46: ...ess the web server after this time you need to log on again If you change the password dur ing a session you do not have to enter the new password for the existing session If you have bought a certi c...

Страница 47: ...uest must be routed to the PSTN gateway If you set up a DNS name for the PSTN gateway and set the destination to the lter you can elegantly redirect all outgoing calls to the PSTN gateway trough the l...

Страница 48: ...orts RFC3264 that means transport layer tcp tls udp and nal destination are determined through DNS NAPTR SRV and A lookups 4 7 System Information In the system information you can check the exact buil...

Страница 49: ...ontains an abstract of the received or sent packet The Time column shows you when the packet has been sent or received The Type shows if the packet has been sent or received in particular Tx means the...

Страница 50: ...The start eld shows when the call start ed with its rst packet This time is not identical with the time when the call was established this is usually a little later The reason eld shows the reason wh...

Страница 51: ...nformation about one stream The number in bold before the stream shows the stream index If that stream has been mapped to another stream the number in bold behind the colon indicates what stream it ha...

Страница 52: ...y indicates that the user agent tries to register several times possibly on different proxies or after rebooting The logic of the lter will make sure that only one refresh per destination occurs Pleas...

Страница 53: ...e requests which outbound proxy to use for NAT Filter Please don t run too many other services on the host that can de grade the performance of the server We recommend using the serv er only for NAT F...

Страница 54: ...SIP up so that they point to the NAT Filter SIP UDP port Please don t use other transport layers than UDP Do not set up DNS SRV records for TCP or TLS References 1 Rosenberg J Schulzrinne H Camarillo...

Страница 55: ......

Страница 56: ...2004 snom technology AG All rights reserved snom technology Aktiengesellschaft Pascalstr 10B 10587 Berlin Germany Phone 49 30 39833 0 mailto info snom com http www snom com sip info snom com...

Отзывы: