Research on Nat penetration Based on SIP

Source: Internet
Author: User

1 Introduction
VoIP is the most representative of the development of the new generation of Internet age.
One of the application technologies. As a signaling control protocol in VoIP
There is great potential for growth. Therefore, in order to better promote the development of VoIP services
It will be a major research topic to solve the problem of SIP traversing NAT. This article mainly
Based on the stun method, it aims at its inability to traverse symmetric Nat defects.
After the study, a new improvement plan is proposed.
2 Introduction to the SIP protocol, Nat technologies and stun
2.1 SIP Protocol and related content
SIP is a multimedia communication control proposed by IETF (Internet Engineering Task Group ).
Protocol used to initiate, modify, and terminate a multimedia session.
Session Description Protocol (SDP)
Attributes are set and dynamically modified, and the SIP protocol is simple, easy to expand and
Expansion, which has been selected as the core control protocol of NGN in the industry. There are 2 SIP networks
Factors: the SIP User proxy and the SIP server. The user agent is the end of the call.
The SIP Server is a network device that processes call-related signals. SIP Message
There are two types: the SIP request message sent from the client to the server and the SIP request message sent from the server
The SIP response message to the client. SIP defines invite, bye, and options
, Ack, register, and cancel6 basic methods.
2.2 NAT technology introduction and Nat Classification
Due to the rapid development of the Internet, public IP addresses become very scarce.
For ease of management and network security, many enterprises and organizations
Hosts are organized to form a LAN.
The gateway communicates with the external network, which saves the IP address and protects the internal host from
External attacks use a key technology on the Gateway: Network Address
Translation: Nat. Nat converts the addresses of each LAN node into an IP address location
And vice versa. It can be applied to firewall technology to hide individual IP addresses
It cannot be directly accessed by the outside world.
You can also reasonably arrange the use of public and private addresses in the network. However
Nat has become an area network and enterprise that restricts the wide development of VoIP.
A major problem of application in the industry network.
According to the address translation method, Nat can be divided into three categories: static Nat, dynamic
Nat and network address port translation (napt ). Implemented by address ing
Nat can be divided into four categories: Full cone Nat and limited cone Nat.
NAT (re-stricted cone Nat)
Cone Nat) and symmetric Nat ). The first three Nat methods can be implemented.
Ing and conversion between an internal (IP: Port) pair and multiple external (IP: Port) pairs
Nat activation and port restrictions. 4th types require each internal and external
(IP: Port) is bound to a unique ing.
It is a different public address.
2.3 stun
Stun is a UDP Nat simple traversal (simpletraversal
Udpthrough network address translators), the solution is
The Intranet user knows in advance the public address that will be allocated after Nat is used.
You can enter an external address in SDP to replace the original private address.
The advantage of the stun solution is that it can be used for multiple
The limitation of NAT connection is that stun clients must be installed on the terminal.
At present, the industry is very concerned about NAT traversal and has also put forward a variety of solutions
The solution can be divided into three types based on the location of the processing part: client Solution
Solution, route boundary solution, and server-side solution.
3.1 client Solution
Client solutions mainly include: STUN (Simple Traversal of UDP
Through Nat), turn (traversal Using relay Nat), ice (interactive
Connectivity establishment ).
3.2 route boundary Solution
The routing boundary solutions mainly include: Application Layer Gateway ALG and general plug-and-play
Use UPnP and intermediate box to communicate with midcom.
3.3 server solutions
Server-side solutions mainly include: b2nua (back-to-back User Agent)
And server-side RTP relay.
3.4 summary and comparison of various traversal Solutions
To sum up, there are many solutions to the sip nat traversal problem. Client Solution
Solution, although there is no need to make any changes to the existing Nat, but the requirements for the SIP UA
High, and the corresponding protocols need to be supported.
Each side is in the case of symmetric Nat; all kinds of routing boundary solutions require
You need to upgrade the NAT device, but the network has been deployed a lot of unsupported
NAT devices with related features, so this method is less feasible; server-side Solution
Solution: Relay RTP data packets to solve all types of NAT traversal.
The point is to increase the packet delay and the possibility of packet loss.
Table 3-1 provides a simple comparison of the three typical traversal solutions:
Table 3-1
One of the four methods for implementing sip cross-symmetric Nat
New Solution
4.1 Nat classification in the Improvement Solution
The biggest advantage of the stun method is that you do not need to perform any operation on the existing NAT gateway device.
The change is a popular application solution in the industry. Its defect is that it cannot
Completes symmetric NAT traversal. The turn method supports all types
NAT traversal, but it needs to transfer the media streams of both parties, which inevitably increases
The packet delay and the possibility of packet loss; ice uses stun and turn together
Because of the two protocols, there are also defects in the turn method. Therefore, in order
Retain the advantages of stun to avoid packet delay and packet loss.
To improve the stun method and expand its scope of use.
In the improved stun solution, Nat is divided into three types: Constant
Type, incremental type, and random type.
(1) constant NAT (constant Nat): In this type of NAT
Request messages of the same address and port will be allocated to the same external IP address and
Port. This type of NAT includes the full-cone, restricted-
Cone and port restricted-cone.
(2) incremental NAT (increment Nat): Only
From the same internal IP address and port number, and sent to the same destination address and
The request message of the port is mapped to the same external address and port number. In addition
Allocated in the I-th external address ing,
Addressi = Addressi-1
Porti = Porti-1 + △p (I> 1)
Where △p is a constant. Currently, symmetric Nat is used on the Internet.
This type is the vast majority.
(3) random NAT (random Nat): In this type of NAT
I external address ing allocation,
Addressi = Addressi-1
Porti =Porti-1 + △p (I> 1)
That is to say, the port spacing allocated each time is different, and there is no linear
Link.
4.2 algorithm idea of the Improvement Solution
The improvement solution is to obtain information from the Response Message of the stun server.
Know the NAT type (only constant-type Nat and incremental Nat are considered), so that the corresponding
To complete the NAT traversal. The algorithm IDEA is as follows:
(1) The clienti (I = 1, 2) involved in communication are directed to stunserver1 and stun respectively.
Server2 sends the stun request message and obtains two response messages, RES1 and RES2,
Obtain the assigned external address addressi and
The allocated port number is PI1 and Pi2 (I = 1, 2 ).
(2) clienti (I = 1, 2) is determined based on the allocated port numbers PI1 and Pi2.
Nat type:
1) if the allocated port numbers PI1 and Pi2 meet the requirements of PI1 = Pi2,
If the NAT type is constant, go to step 3;
2) If the allocated port numbers PI1 and Pi2 do not meet PI1 = Pi2,
If the NAT type is incremental and clienti (I = 1, 2 ),
Port number calculation port allocation distance:
△Pi1 = pi2-pi1 (I = 1, 2 ).
(3) clienti (I =) predicts the actual connection time based on Pi1, Pi2, and △pi
Pipre:
1) if the NAT type is constant, pipre = PI1 (I = 1, 2), go to step 4;
2) If the NAT type is incremental, pipre = PI1 + △pi (I = 1, 2 ).
(4) clienti (I = 1, 2) sends its own prediction port to the intermediate Server
Pipre and △pi, and get the prediction port of the other party from intermediateserver
P2-ipre and △p2-I (I = ).
(5) The external IP address address2-
I and the predicted port number pipre sends a packet containing the connection request, thus
Establish a UDP connection. In order to ensure the success rate of connection establishment, repeated failures are adopted.
In the retry policy, clienti sends the number of connections to the destination for N consecutive times (n> 1 ).
Data packets until the connection is established successfully.
(6) The connection is established successfully, and the peer nodes communicate with each other. So far
NAT traversal is completed.
5 conclusion
Innovation point of this article: The biggest advantage of stun mode is that you do not need
The gateway device has made any changes, so it is a popular application solution in the industry.
The defect is that it is impossible to traverse symmetric Nat. This article focuses on stun
Methods cannot cross the drawbacks of symmetric Nat.
To achieve the purpose of traversing symmetric Nat.
Compared with other symmetric Nat solutions (such as turn and ice
Case) is to avoid packet delay and the possibility of packet loss.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.