[asterisk-users] NAT solutions

Brad Templeton brad+aster at templetons.com
Thu Jan 25 10:55:09 MST 2007


On Wed, Jan 24, 2007 at 11:09:21PM -0800, Yuan LIU wrote:
> >From: Brad Templeton <brad+aster at templetons.com>
> >
> >On Mon, Jan 22, 2007 at 09:59:06AM +0000, Tim Panton wrote:
> >> In the meanwhile, use IAX, which understands about NAT pretty well.
> >> If you have multiple SIP phones on a LAN behind a NATing router, just
> >> put a small asterisk box on the LAN. It can manage your hairpin
> >> calls internally, save you bandwidth by trunking the IAX traffic
> >> to the central asterisk and avoid all the NAT hassle by using
> >> a single port (outgoing) and refreshing it often enough for the
> >> router to hold it open.
> >>
> >> Tim Panton
> >>
> >> www.mexuar.net
> >> www.westhawk.co.uk/
> >
> >IAX is a fine protocol as far as it goes, however this answer
> >is really not a workable one.   There are only a few IAX phones,
> >and they are not nearly as solid and full featured as the many
> >SIP phones.   There are some IAX termination and origination
> >providers, but there are far more SIP providers.
> ...
> >IAX is great but SIP is also a reality, and putting
> >Asterisk into the "just works" category is a really
> >important milestone.  One I think that is intended
> >to be improved a lot for 1.6.
> 
> I have a really dumb question.  It appears that Yahoo, MSN, AIM, you name 
> them, they don't have a NAT problem, and some use SIP.  I don't think they 
> all stay in voice path, either.  What takes?

When you control both ends of the path, you can eliminate all NAT
problems.  Skype also deals almost perfectly with NAT (by using
other nodes as relays if necessary) as does IAX.   SIP was designed
without much attention to NAT and it's had to be added on later and
the different phones are all at different levels of implementation.

Some time ago, actually, the SIP and SDP groups devised the ICE
protocol for highly reliable NAT penetration, but it is still some
distance from wide adoption, and I don't know when anybody will code
up Asterisk adoption.

Larger services like you describe often solve NAT by relaying traffic
through their servers.   They use a "trick", that if they suspect
an endpoint is behind NAT, they just ignore what they see in the
SDP, and send all traffic back to the source port/host that the
traffic comes from.  For RTP, they wait for packets to arrive at
the (external, routable) RTP port they provided, and send the
traffic back there instead of the often unroutable address in
the SDP.

Asterisk, if you set nat=yes, will do step 1 (SIP traffic back
to the source it came from, ignoring Contact header) but it does
not yet do the same for the RTP.   If it did, you would be unlikely
to get NAT trouble on phone to Asterisk calls, or calls hairpinned
through Asterisk.

But you don't want to hairpin unless absolutely necessary.  It costs
bandwidth and adds latency.  Latency no only makes calls annoying,
it increases the chance of echo.


More information about the asterisk-users mailing list