[Asterisk-Users] A solution for SIP and NAT

Andrew Radke andrew at radke.iig.com.au
Wed Jul 2 06:06:57 MST 2003


Instead of this make notes of some of the faults in SIP that cause you 
problems and start working towards SIP/2.1 or SIP/3.0. Just because you 
weren't one of the people involved in designing the existing protocol 
doesn't mean you can't work to change it.

SIP 2.0 has some unbeleivably braindead concepts in it. It is so loose 
that you can find one peice of info in half a dozen places in a SIP 
packet. It has no tightly defined structure and has no concept of how to 
work in a real-world network. Security wasn't truly even an afterthought 
which in the modern Internet environment is disgraceful and then there 
are the reasons you've given below.

This should not mean we just kludge everything together. A lot of stuff 
can be tidied up significantly and at least some of it can be thrown 
out. As such we should be working towards getting a new draft out that 
doesn't mean throwing out existing infrastructure but does allow for 
SIP/VoIP to move forward on the Internet not just corporate intranets.

Of course getting IAX accepted as an Internet draft and moving everyone 
on it would probably be easier than fixing SIP :-) but you fight the 
(small) battles you can win. Sorry if this sounds like a rant.

Regards,

Andrew Radke

Michael Kane wrote:

> At the end of the day we all probably can get SIP and NAT to work together
> if we spend  TIME configuring our NAT boxes and SIP devices to negotiate the
> traversal of a NAT.  In the end result, the WAN IP must be is correctly
> added to the contact table(sipd) or location table(SER), allowing the proxy
> to route a call destined for that UA.  Now, my delima as a service provider,
> is how do I document this for every SIP device out there where my mother can
> purchase a UA device, plug it in, and start placing calls without putting on
> a poodle suit and jump through flaming hoops.  That's why(for me) it becomes
> an operational nightmare, not only to document vendor configs(if they
> support NAT traversal), but, then support the end user on how to config
> their devices.  That why I have looked into(implemented) such technologies
> like STUN and probably will be forced to purchase a SIP aware firewall that
> will spoof and re-arrange SIP messages destined for my proxy server.
> 
> 
> 
> Michael Kane
> To-Talk Communications LLC.
> 37 Sandusky Dr.
> Wareham, Ma. 02571
> www.to-talk.com
> 508-295-2826




More information about the asterisk-users mailing list