[asterisk-dev] Symmetric RTP behaviour and 'nat' peer option.

Alex Balashov abalashov at evaristesys.com
Wed Apr 22 00:25:54 CDT 2009 

I'm just wondering why the behaviour I would expect out of nat=yes vs. 
nat=no seems to be inverted.

I expect nat=no to result in strict adherence to the dictates of SIP and 
SDP protocol mechanics, and nat=yes to pull out various tricks like 
using received IPs and ports for SIP and RTP.  Instead, it seems to be 
the other way around.

Venefax wrote:

> The subject is affecting the whole planet. It would be great if somebody
> would explain how it works. I have awful problems with NATted clients.
> 
> 
> -----Original Message-----
> From: asterisk-dev-bounces at lists.digium.com
> [mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of Alex Balashov
> Sent: Tuesday, April 21, 2009 8:52 PM
> To: Asterisk Developers Mailing List
> Subject: Re: [asterisk-dev] Symmetric RTP behaviour and 'nat' peer option.
> 
> My interpretation seems to be supported by main/rtp.c:ast_rtp_read():
> 
>          /* Send to whoever send to us if NAT is turned on */
>          if (rtp->nat) {
>                  if ((rtp->them.sin_addr.s_addr != sin.sin_addr.s_addr) ||
>                      (rtp->them.sin_port != sin.sin_port)) {
>                          rtp->them = sin;
>                          if (rtp->rtcp) {
>                                  memcpy(&rtp->rtcp->them, &sin, 
> sizeof(rtp->rtcp->them));
>                                  rtp->rtcp->them.sin_port = 
> htons(ntohs(rtp->them.sin_port)+1);
>                          }
>                          rtp->rxseqno = 0;
>                          ast_set_flag(rtp, FLAG_NAT_ACTIVE);
>                          if (option_debug || rtpdebug)
>                                  ast_log(LOG_DEBUG, "RTP NAT: Got audio 
> from other end. Now sending to address %s:%d\n", 
> ast_inet_ntoa(rtp->them.sin_addr), ntohs(rtp->them.sin_port));
>                  }
>          }
> 
> Yet, with nat=no, I would expect that NAT would not be "turned on."
> 
> I would expect the behaviour under nat=no to follow strict protocol 
> mechanics and ignore any received Layer 3 / Layer 4 characteristics, yet 
> that is clearly not the case.
> 
> Perhaps I am missing something about how Packet2Packet bridging works?
> 
> Thanks!
> 
> Alex Balashov wrote:
> 
>> Greetings,
>>
>> I am running Asterisk 1.4.21.2 and seeing some counterintuitive 
>> behaviour with regard to RTP and far-end NAT traversal and could use a 
>> little perspective.
>>
>> The topology looks like this:
>>
>>   endpoint <--NAT GW--> NAT traversal fixup proxy <--> Asterisk
>>
>> The NAT traversal fixup proxy uses the usual far-end traversal 
>> techniques - mangling the Contact header to the received IP, forcing the 
>> use of the received port for replies, and SDP received IP endpoint 
>> mangling.
>>
>> There is a SIP peer built out to the proxy from Asterisk.
>>
>> Anyway, when I initiate a call from the phone to a PSTN gateway through 
>> this chain (Asterisk bridges the call to a PSTN gateway via SIP), I am 
>> seeing the following behaviour.  Here is the scenario:
>>
>>   1) Endpoint sends INVITE to proxy;
>>
>>   2) Proxy does NAT traversal fixups including substitution of received
>>      IP in the m= line of the SDP payload.
>>
>>   3) Proxy statefully forwards call to Asterisk.
>>
>>   4) When the endpoint starts sending RTP toward Asterisk after the
>>      call is established, the source port of the RTP packets is
>>      different from the destination port announced in the endpoint's
>>      initial INVITE's SDP payload.  This is typical of SIP NAT gateways
>>      without SIP-aware ALGs.
>>
>> And here is what I am experiencing:
>>
>> 1) With nat=no on the peer, Asterisk sends RTP toward the endpoint at 
>> the destination port specified in the SDP payload of its INVITE *until* 
>> it receives its first RTP packet from the endpoint.  The first RTP 
>> packet has a different source port than what was advertised in the 
>> endpoint's SDP offer, and from that moment, Asterisk starts sending RTP 
>> to the source port of that first media packet *instead* of what is in 
>> the SDP.
>>
>> 2) With nat=yes, Asterisk ignores the source ports of incoming RTP from 
>> the endpoint and continues sending media to the destination port 
>> specified in the received SDP.
>>
>> ...
>>
>> This seems counterintuitive to me.  I had always thought that nat=yes is 
>> what enables symmetric RTP, but it seems that the opposite is true in 
>> this implementation;  with nat=yes, the received source port of 
>> subsequent RTP is ignored and the SDP is used, while with nat=no, 
>> attention is paid to the actual received source port.
>>
>> What am I missing?
>>
>> Thanks!
>>
> 
> 


-- 
Alex Balashov
Evariste Systems
Web    : http://www.evaristesys.com/
Tel    : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (678) 237-1775

More information about the asterisk-dev mailing list