#13 NAT traversal for media: special support for hairpin NAT

open
nobody
modules (91)
5
2008-10-17
2008-10-17
Kim Vandry
No

fix_nated_sdp() is useful to implement NAT traversal for SDP media without using a media proxy as long as the NAT gateways make an effort to preserve UDP ports across NAT mapping and and SIP media endpoints use symmetric RTP. But there can be problems with this solution because of lack of support for hairpin NAT in many NAT gateways.

A new function unfix_sdp_on_same_ip() is added to the nathelper module to detect and prevent problems with hairpin NAT in multi-proxy environments. The function is documented as follows:

unfix_sdp_on_same_ip(flags)

Restores an SDP that has been previously altered by fix_nated_sdp() to its original state iff the destination URI is set and contains an IP address identical to the one fix_nated_sdp() wrote into the SDP.

The purpose of this function is to annul the rewrite of the SDP if it is discovered that both media endpoints are behind the same NAT gateway.

There are two main reasons to use this function:

- Many NAT gateways do not implement hairpin NAT. That is, they cannot support two endpoints inside the NAT who are attempting to communicate using the NAT's public IP address. This function detects and avoids that condition.

- Even if the NAT gateway supports hairpin NAT, the media path will be more optimal if the media path can be established directly between each other rather than through their NAT gateway.

Discussion

  • Kim Vandry
    Kim Vandry
    2008-10-17

    patch against opensips-1.4.1-tls