Post on 16-Dec-2015
STUNDate: 2011-05-25
Speaker: Hui-Hsiung Chung
1
OUTLINE
Introduction NAT VoIP and NAT Demo Reference
2
INTRODUCTION
STUN Simple Traversal of UDP through Network
Address Translators(RFC 3489) Session Traversal Utilities for NAT(RFC
5389) UDP only
A mechanism for a User Agent(UA) behind NAT(s) to get its mapped(IP, Port) on Internet Check whether UA is behind NAT(s) or not UA gets the mapped(IP, Port) from STUN Server UA Replaces the IP and Port of SIP Header 3
NAT
4
IP addr:10.21.10.2
IP addr:10.21.10.3
IP addr:10.21.10.4
IP addr:10.21.10.5
IP addr:163.22.18.21
Internet
NAT TYPES
Full Cone Only IP address translation. Any external host
can send a packet to the internal host. Restricted Cone
An external host can send a packet to the internal host only if the internal host had previously sent a packet to the external host.
5
NAT TYPES CONT.
Port Restricted Cone A Port Restricted Cone NAT is like a Restricted
Cone NAT , but the restriction includes port numbers.
Symmetric Each request from the same internal IP address
and port to a specific destination IP address and port is mapped to a unique external source IP address and port.
6
FULL CONE
7
Mapping Table10.21.0.10:2112345 (for
A)10.21.0.10:2112345(for
B)
ClientIP Address: 10.21.0.10
Port:21 NAT
Host AIP Address:
202.169.175.27 Port:10110
Host BIP Address:
173.227.66.250 Port:20220IP Add:163.22.18.21
Port:12345
RESTRICTED CONE
8
Mapping Table10.21.0.10:2112345 (for
A)
ClientIP Address: 10.21.0.10
Port:21 NAT
Host AIP Address:
202.169.175.27 Port:10110Port:10111
Host BIP Address:
173.227.66.250 Port:20220IP Add:163.22.18.21
Port:12345
PORT RESTRICTED CONE
9
Mapping Table10.21.0.10:2112345 (for
A:10110)10.21.0.10:2112345(for
A:10111)
ClientIP Address: 10.21.0.10
Port:21 NAT
Host AIP Address:
202.169.175.27 Port:10110Port:10111
IP Add:163.22.18.21Port:12345
SYMMETRIC
10
Mapping Table10.21.0.10:211357 (for
A:10110)10.21.0.10:212468 (for
B:20220)
ClientIP Address: 10.21.0.10
Port:21
NAT
Host AIP Address:
202.169.175.27 Port:10110
Host BIP Address:
173.227.66.250 Port:20220
IP Add:163.22.18.21Port:2468
IP Add:163.22.18.21Port:1357
FLOWCHART OF CHECKING NAT TYPES
11
Source from wiki
OUTPUT OF STUN CLIENT
"Open" means Open Internet "Independent Mapping, Independent Filter"
means Full Cone NAT "Independent Mapping, Address Dependent
Filter" means Restricted Cone NAT "Independent Mapping, Port Dependent
Filter" means Port Restricted Cone NAT "Dependent Mapping" means Symmetric NAT
12
VOIP AND NAT
NAT convert IP addresses in IP layerProblem 1:
SIP, is a application layer protocol but contain IP address/port information in messages, which is not translated by NAT.
Problem 2: Private client must send a outgoing packet first (to
create a mapping on NAT) to receive incoming packet.
13
SOLUTION WITH STUN
14
SIP UA with STUN SupportsIP addr:192.168.0.152Port:3468
Binding request from10.21.11.44:63999
STUN Server
Binding reply to SIP UA.Tell him his public Address is 10.21.11.44:63999
NATIP addr:10.21.11.44
SOLUTION WITH STUN CONT.
15
SIP UA with STUN SupportsIP addr:192.168.0.152Port:3468
Register from10.21.11.44:63541
SIP ServerIP addr:163.22.21.167Port:5060
Sending 200 OK to10.21.11.44:63541
NATIP addr:10.21.11.44
SIP UA WITHOUT STUN SUPPORTS
16
SIP UA WITH STUN SUPPORTS
17
DEMO
Experimental environment STUN Server: FreeBSD 8.2 STUN Client: Windows 7
18
REFERENCE
RFC 3489, IETF, Mar. 2003 RFC 5389, IETF, Oct. 2008 Wiki STUN “ VoIP pass through NAT ” Yao-Nan Lien STUN Client and Server library Free STUN Servers
19