[Asterisk-Users] A solution for SIP and NAT
Andrew Radke
andrew at radke.iig.com.au
Wed Jul 2 06:06:57 MST 2003
Instead of this make notes of some of the faults in SIP that cause you
problems and start working towards SIP/2.1 or SIP/3.0. Just because you
weren't one of the people involved in designing the existing protocol
doesn't mean you can't work to change it.
SIP 2.0 has some unbeleivably braindead concepts in it. It is so loose
that you can find one peice of info in half a dozen places in a SIP
packet. It has no tightly defined structure and has no concept of how to
work in a real-world network. Security wasn't truly even an afterthought
which in the modern Internet environment is disgraceful and then there
are the reasons you've given below.
This should not mean we just kludge everything together. A lot of stuff
can be tidied up significantly and at least some of it can be thrown
out. As such we should be working towards getting a new draft out that
doesn't mean throwing out existing infrastructure but does allow for
SIP/VoIP to move forward on the Internet not just corporate intranets.
Of course getting IAX accepted as an Internet draft and moving everyone
on it would probably be easier than fixing SIP :-) but you fight the
(small) battles you can win. Sorry if this sounds like a rant.
Regards,
Andrew Radke
Michael Kane wrote:
> At the end of the day we all probably can get SIP and NAT to work together
> if we spend TIME configuring our NAT boxes and SIP devices to negotiate the
> traversal of a NAT. In the end result, the WAN IP must be is correctly
> added to the contact table(sipd) or location table(SER), allowing the proxy
> to route a call destined for that UA. Now, my delima as a service provider,
> is how do I document this for every SIP device out there where my mother can
> purchase a UA device, plug it in, and start placing calls without putting on
> a poodle suit and jump through flaming hoops. That's why(for me) it becomes
> an operational nightmare, not only to document vendor configs(if they
> support NAT traversal), but, then support the end user on how to config
> their devices. That why I have looked into(implemented) such technologies
> like STUN and probably will be forced to purchase a SIP aware firewall that
> will spoof and re-arrange SIP messages destined for my proxy server.
>
>
>
> Michael Kane
> To-Talk Communications LLC.
> 37 Sandusky Dr.
> Wareham, Ma. 02571
> www.to-talk.com
> 508-295-2826
More information about the asterisk-users
mailing list