1 how does nat work, 2 symmetrical rtp, 3 signalling sip – Snom 4S User Manual

Page 11

Advertising
background image

snom technology AG • 11

[

S N O M

4 S N A T F

I L T E R

]

2.2.1 How does NAT work?

NAT is essentially a translation table that maps public IP address

and ports combinations to private IP address and port combinations.

The translation table is implicitly set up when a packet is sent

from the private network to the public network. The association is kept

alive for a certain time and is refreshed every time a new packet is sent

from the same origin. This fact is used by STUN (RFC3489) to set up an

association between a public IP address and a private IP address.

In symmetrical NAT, the router stores the address where the

packet was sent. Only packets coming from this address are forwarded to

the private address. This algorithm increases the security as it is harder

to guess the source IP and port for attackers. Full cone NAT does not per-

form this check.

There are some mixed variants between full cone NAT and sym-

metrical NAT. Restricted port NAT works similar to symmetrical NAT, but

uses only one port association.

Hairpinning is the ability of the NAT to route packets coming from

the private network and addressed towards a public IP address binding

back to the private network. Not all routers support this feature.

2.2.2 Symmetrical RTP

Real time protocol (RTP) is used to transport media. Symmetrical

RTP is a trick to extend the number of cases when communication can

be established. A SIP user agent supporting symmetrical RTP waits for

the first RTP packet coming in and then sends its media stream back to

the IP address from which it received that packet. Symmetrical RTP al-

ways works when the user agent doing symmetrical RTP is on a globally

routable address. However, this algorithm can easily be cheated (port

spraying) and therefore implies a certain security risk.

2.2.3 Signalling SIP

SIP traffic is relatively unproblematic because SIP typically is not

as time critical as media. Usually, it is ok to route SIP packets through a

longer path than media.

2.

Advertising
Popular Brands
Popular manuals