Service Provider PAT Port Allocation Enhancement for RTP and RTCP

Similar documents
Configuring Hosted NAT Traversal for Session Border Controller

Quality of Service and Bandwidth Management

Draft Version. Setup Reference guide for KX-HTS Series (Tested with HTS824 Version 1.5) LCR SIP Trunk service with Built-in Router

Draft Version. Setup Reference guide for KX-HTS Series (Tested with HTS32 Version 1.5) VozTelecom SIP Trunk service with Built-in Router

Draft Version. Setup Reference guide for KX-HTS Series (Tested with HTS824 Version 1.5) Netia SIP Trunk service with External Router

Draft Version. Setup Reference guide for KX-HTS Series (Tested with HTS32 Version 1.5) Peoplefone SIP Trunk service with External Router

Abstract. Avaya Solution & Interoperability Test Lab

NAT Support for Multiple Pools Using Route Maps

ICE-Lite Support on CUBE

Stateful Network Address Translation 64

Network Address Translation

Session Border Controller

Firewalls for Secure Unified Communications

Deploying and Troubleshooting Network Address Translation

Chapter 28. Multimedia

Network Address Translation (NAT)

Internet Protocol Version 6 (IPv6)

Chapter 7. IP Addressing Services. IP Addressing Services. Part I

VoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.

IPsec NAT Transparency

ipv6 mobile home-agent (global configuration)

Inspection for Voice and Video Protocols

Restrictions for Disabling Flow Cache Entries in NAT and NAT64

ASA Access Control. Section 3

Using Application Level Gateways with NAT

Internet Protocol Version 6 (IPv6)

Inspection for Voice and Video Protocols

Multimedia networking: outline

ETSF10 Internet Protocols Transport Layer Protocols

Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security

Network Configuration Guide

Carrier Grade Network Address Translation

CCNP Voice (CCVP) Syllabus/Module Details CVOICE Cisco Voice over IP and QoS v8.0 (CVOICE v8.0)

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p.

Having fun with RTP Who is speaking???

Implementing Cisco Voice Communications & QoS (CVOICE) 8.0 COURSE OVERVIEW: WHO SHOULD ATTEND: PREREQUISITES: Running on UC 9.

VPN-1 Power/UTM. Administration guide Version NGX R

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

atl IP Telephone SIP Compatibility

White Paper. SIP Trunking: Deployment Considerations at the Network Edge

Troubleshooting Voice Over IP with WireShark

Technical White Paper for NAT Traversal

VoIP. ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts

Sun RPC ALG Support for Firewalls and NAT

Sun RPC ALG Support for Firewalls and NAT

Implementing SBC QoS (Marking)

Cisco Unified Border Element Enterprise Edition Version 8.5

IP-to-IP Gateway Test Suite

Modular Quality of Service Overview on Cisco IOS XR Software

Cisco 7600 Series Session Border Controller

Bulk Logging and Port Block Allocation

Configuring Network Address Translation

Troubleshooting One Way Voice Issues

Eyeball Any-Firewall Technology. VoIP, video telephony, and the industry s highest call completion rate

SBC Edge 2000 V5.0.1 IOT Skype for Business 2015 Intermedia SIP Trunk Application Notes

Department of Computer Science. Burapha University 6 SIP (I)

Match-in-VRF Support for NAT

SIP-to-SIP Connections on a Cisco Unified Border Element

Configuration guide for Switchvox and PAETEC

NAT Routemaps Outside-to-Inside Support

Virtual Private Networks (VPNs)

OSI Layer OSI Name Units Implementation Description 7 Application Data PCs Network services such as file, print,

IPsec NAT Transparency

PPPoA Baseline Architecture

Introduction. H.323 Basics CHAPTER

Configuring a DHCP Server DHCP Operation

Network+ Guide to Networks 6th Edition. Chapter 12 Voice and Video Over IP

Overview of the Session Initiation Protocol

Cisco 5921 Embedded Services Router

8.4 IMS Network Architecture A Closer Look

H.323-to-H.323 Interworking on CUBE

Implementing SBC Firewall Traversal and NAT

Mobile MOUSe CONVERGENCE+ ONLINE COURSE OUTLINE

Thomas Schmidt haw-hamburg.de. The RTP MIB. > Design of the RTP MIB > Application: Remote Multicast Monitoring

Setup for Cisco Unified Communications Manager

Please note: This release is the final bugfix release for the release version xx.

Mobile MOUSe IMPLEMENTING VOIP ONLINE COURSE OUTLINE

Broadvox Fusion Platform Version 1.2 ITSP Setup Guide

SIP Flex Test Suite. Highlights. IMS and VoIP Network Element and Service Testing

HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls

X-Communicator: Implementing an advanced adaptive SIP-based User Agent for Multimedia Communication

RSVP Scalability Enhancements

Unified Communications Manager Express Toll Fraud Prevention

IT 341: Introduction to System

Transporting Voice by Using IP

ThinkTel ITSP with Registration Setup

IMPLEMENTING CISCO VOICE COMMUNICATIONS AND QOS

EarthLink Business SIP Trunking. ShoreTel 14.2 IP PBX Customer Configuration Guide

Lab10: NATing. addressing conflicts, routers must never route private IP addresses.

Hands-On Advanced Internetworking TCP-IP / IPv6 / VoIP

Overview. Features and Benefits CHAPTER

CCNA VOICE. Course Catalog

Application Notes for Packet One SIP Trunk System Version 3.1 Interoperability with Avaya Software Communication System Release Issue 1.

Journal of Information, Control and Management Systems, Vol. X, (200X), No.X SIP OVER NAT. Pavel Segeč

Configuring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS

Enabling ALGs and AICs in Zone-Based Policy Firewalls

A common issue that affects the QoS of packetized audio is jitter. Voice data requires a constant packet interarrival rate at receivers to convert

Scaling IP Addresses DHCP CCNA 4

Avaya Port Matrix: Avaya Communicator for Microsoft Lync 6.4. Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Transcription:

Service Provider PAT Port Allocation Enhancement for RTP and RTCP Problem Overview With the increase in the use of multimedia and real-time traffic over the Internet, private network administrators face the unique challenge of defending their networks from both internal and external threats, while allowing voice, multimedia, and gaming traffic to flow through transparently. Private residential user networks and small-office/home-office (SOHO) networks connect into the service provider network region using a simple home gateway. Home gateways can perform basic Network Address Translation (NAT), but are not sophisticated enough to perform Port Address Translation (PAT). They must rely on the service provider s session border controller for this capability. One particular challenge is enabling PAT to work in conjunction with Routing Table Protocol (RTP) and Real-Time Control Protocol (RTCP), which have well-defined working port ranges. The home gateway needs to be replaced with an application-level gateway, or the service provider session border controller needs to modify the PAT headers for packets before they reach the private networks. The Cisco IOS Session Border Controller can help in resolving this problem with a new feature: Service Provider PAT Port Allocation Enhancement for RTP and RTCP. This product bulletin outlines this new software feature. Session Border Controller Definition and PAT Traversal Solution for SIP Calls A session border controller works with a variety of multimedia-capable network devices. It is a toolkit of functions, including: H.323 and Session Initiation Protocol (SIP) signaling interworking Codec translation NAT and PAT Billing and call-detail-record (CDR) normalization for authentication, authorization, and accounting (AAA) Quality of service (QoS) and bandwidth management Figure 1 depicts a network scenario in which the private networks connect to the service provider s session border controller. Figure 1. Voice Call with PAT Enhancement Network Scenario All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 5

Consider a scenario in which subscriber A in the private network makes a call to subscriber C, and that call traverses the Internet. The PAT function at the session border controller will translate the RTP port number for the call to 16384 and the RTCP port number to 16385. Subsequently, subscriber B tries to make a call to subscriber D. The PAT function tries to use the same port number 16384 that is already in use. This port is not selected and the next viable port that is picked for the call is 1024. This creates a problem since 1024 is not within the RTP port range based on RFC-1889. The RTP RFC-1889 stipulates that an even port number be used for the RTP stream and the next subsequent odd port number be used for the corresponding RTCP stream. Both the above issues are resolved with the new Service Provider PAT Port Allocation Enhancement for RTP and RTCP feature of the Cisco IOS Session Border Controller. This feature ensures that for SIP, H.323, and Skinny voice calls using Cisco IOS Session Border Controller, the port numbers used for RTP streams are even port numbers and the RTCP streams are the next subsequent odd port number. With this feature, the Cisco IOS Session Border Controller gives the administrator the control to ensure that PAT-enabled voice calls will be guaranteed to get the port number translated to a number within the range specified by the RFC, thereby conforming to RFC-1889. A call with a port number within the range will result in a PAT translation to another port number within this range. Likewise, a PAT translation for a port number outside this range will not result in a translation to a number within the given range. The feature adds a CLI to provide a range that can be used to pick a port for the RTP and RTCP streams comprising a voice call using session protocols H.323, SIP, and Skinny. The following CLI defines a portmap: ip nat portmap A appl skinny-rtp startport 16384 size 128 The port map is applied using the following CLI: ip nat inside source list 1 pool inside_pool overload portmap A The NAT filtering is enabled using the following CLI: access-list 1 permit 192.168.100.0 0.0.0.255 The feature also provides a mechanism for permitting a User Datagram Protocol (UDP) packet stream using the following configuration, irrespective of the voice protocol being used: ip nat portmap A All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 5

appl udp-hdr startport 16384 size 128 The feature ensures that for SIP, H.323, and Skinny voice calls using Cisco IOS Session Border Controller, the port numbers used for RTP streams are even port numbers and the RTCP streams are the next subsequent odd port number. This function can be disabled by using the following CLIs: For SIP calls: no ip nat service allow-sip-even-rtp-port For Skinny calls: no ip nat service allow-skinny-even-rtp-port For H.323 calls no ip nat service allow-h323-even-rtp-port Feature Working on NAT Session Border Controller Consider a private network with two IP phones, IP Phone A (10.1.1.1) and IP Phone B (10.2.2.2). The network has only one public IP address: 171.21.10.1. The network will therefore have to rely on PAT for supporting the two IP phones. Suppose the first caller uses IP Phone A to make a voice call to Phone C. The state information, including the IP address and the port number, are used to create a pinhole with the address and port number that will be used for the RTP stream and the RTCP stream for the voice call. The information is obtained from the embedded protocol headers in the signaling packets. The PAT translation will be performed on all the RTP and RTCP packets that arrive subsequently at the session border controller. The private address for IP Phone A is 10.1.1.1 and the port number is 16384. The configuration has the port map starting at 16500 with a range of 128. For the first call that is established, the internal address and port combination is 10.1.1.1 and 16384. The external mapping for the above combination will be 171.21.10.1 and 16500. Now, the next caller uses IP Phone B to place a call to Phone D. The private address and port combination is 10.2.2.2 and 16384. This combination will be mapped to the external address and port combination 171.20.10.1 and 16502. Note that NAT uses the same IP address since the global IP address pool has just one IP address available. All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 5

We can observe that the two calls can use the same port number internally with the PAT feature. Table 1 shows the details of these call scenarios. Table 1. PAT Translation Details Call Scenario Original Translated Private IP Address Private Port Number Public IP Address Public Port Number IP Phone A calling Phone C IP Phone B calling Phone D 10.1.1.1 16384 171.21.10.1 16500 10.2.2.2 16384 171.21.10.1 16502 Availability The Service Provider PAT Port Allocation Enhancement for RTP and RTCP feature is available starting with Cisco IOS Software Release 12.4(11)T. Platforms Supported The Cisco products that support this feature include the Cisco AS5400XM and AS5350XM Universal Gateways, Cisco 2800 and 3800 Series Integrated Services Routers, Cisco 3700 Series Multiservice Access Routers, Cisco 7200VXR Series Routers, and the Cisco 7301 Router. Restrictions No known restrictions have been identified at this time. For More Information For information about configuring Cisco IOS Hosted NAT Traversal using Cisco IOS Session Border Controller, visit http://www.cisco.com/en/us/products/ps6441/products_configuration_guide_chapter0918 6a008071c4ba.html Marketing Contacts Dax Choksi, product manager, Security Technology Group All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 5

Printed in USA C11-385167-00 12/06 All contents are Copyright 1992 2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback