-
Cisco IOS XR Session Border Controller Configuration Guide Release 3.6
-
About This Guide
-
About SBC Deployment Models
-
SBC Configuration Prerequisites
-
Implementing SBC Adjacencies
-
Configuring SIP Method Profiles
-
Configuring Header Profiles
-
Restricting Codecs
-
SIP Tel URI Support
-
SIP Timer
-
H.323 Support
-
H.323-SIP Interworking
-
Implementing SBC Policies
-
Tracking Policy Failure Statistics
-
Implementing SBC Firewall Traversal and NAT
-
Implementing SBC Interworking DTMF
-
SIP 3xx Redirect Responses
-
SIP Call Hold
-
SIP Call Transfer
-
Encrypted SIP Signaling
-
SIP Outbound Authentication
-
SIP Inbound Authentication
-
SIP-I Transparency and Profile Support
-
SIP Configuration Flexibility
-
Implementing SBC QoS (Marking)
-
DoS Prevention and Dynamic Blacklisting
-
Unexpected Source Address Alerting
-
Implementing SBC Billing
-
Implementing SBC Redundancy (High Availability)
-
Implementing SBC Multi-VRF
-
Implementing SBC Transcoding
-
Configuring DBE Overload Reporting
-
Media Address Pools
-
Early Media
-
Fax Support
-
Nine-Tier Termination Name Hierarchy
-
Multiple Streams in a H.248.1 v3 Termination
-
DBE Signaling Pinhole Support
-
IPv6 Support on the DBE
-
Extension of H.248 Termination Wildcarding
-
Optional H.248 Ginfo Package
-
H.248.1 v3 Support
-
H.248 Traffic Management (Tman)
-
Context Attribute Descriptor Support
-
H.248 Historical Event Notification
-
H.248 Segmentation Package Support
-
H.248 Configurable T-Max
-
H.248 Configurable VRF
-
Implementing H.248 nt/qualert Events
-
H.248 Gateway Profile Configuration
-
Interim Authentication Header Support
-
IP NAPT Traversal Support
-
MGC-Controlled Gateway-Wide Properties
-
MGC-Specified Local Addresses and Ports
-
Optional Local and Remote Descriptors
-
Provisioned Inactivity Timer
-
Disabling RTP Flows
-
Discarded Packet Statistics
-
IPv4/IPv6 Voice Clipping Avoidance
-
Secure Media Support
-
RADIUS VPN Support
-
Configurable Base Root Package
-
MGC Information Package Support
-
Ia Profile Support
-
Integration of Resource Management and SIP
-
P-CSCF Support
-
IBCF Processing Support
-
End-to-End SBC Configuration Example on a Cisco XR 12000 Series Router
-
Additional Information about Billing Support
-
Index
-
Table Of Contents
IP NAPT Traversal and Address Reporting
Restrictions for IP NAPT Traversal Support
Information About IP NAPT Traversal Support
Implementing IP NAPT Traversal Support
IP NAPT Traversal and Address Reporting
The need for IP address translation arises when the internal IP addresses of a network cannot be used outside of that network, either because they are invalid for use outside, or for privacy reasons. The DBE now supports the IP NAPT Traversal package (defined in H.248.37) in addition to its existing support of Network Address Translation (NAT) Traversal package (NTR) (defined in ETSI TS 102 333). NAPT is a variation of NAT and represents a method of mapping IP addresses from one realm to another to provide transparent routing to hosts.
NAT devices connect an isolated address realm with private unregistered addresses to an external realm with globally unique registered addresses. In other words, NAT converts an IP address from a private address to a public address in real time, allowing multiple users to share a single public IP address.
The Address Reporting (ADR) package can be used only in conjunction with the IP NAPT package. The ADR package extends the existing IP NAPT package, adding a new remote source address change (RSAC) event with two parameters:
•
NRSA - new remote source address
•
The media gateway controller (MGC) has to subscribe for the ADR event (this function can be enabled per termination). When media is sent to the termination and the termination latches to this new remote address, the ADR event is generated by the Media Gateway. The ADR event reports the learnt remote address and port. The RSAC event is generated in both LATCH and RELATCH scenarios. DBE reports the event subscription with audit response when (MGC) audits the packages.
Feature History for IP NAPT Traversal Support
Release 3.5.0
The IP NAPT traversal feature introduced.
Release 3.5.1
The address reporting feature added.
Release 3.6.0
No modification.
Contents
This module contains the following sections:
•
•
•
Restrictions for IP NAPT Traversal Support
•
•
•
•
Information About IP NAPT Traversal Support
IP NAPT operates with two signals, latch and relatch, that control how the DBE should learn remote addresses for endpoints behind a NAT. The H.248.37 standard allows a media gateway controller (MGC) to instruct a media gateway (MG) to latch to an address provided by an incoming IP application data stream rather than the address provided by the call/bearer control. This enables the MG to open a pinhole for data flow.
A pinhole is a configuration of two associated H.248 IP terminations within the same context that allows or prohibits unidirectional forwarding of IP packets under specified conditions.
NAPT support can be signal requests on Megaco add or modify requests. While the relatch request is outstanding, an MGC can audit the NAPT state of the termination, and the DBE returns a SignalRequest in the audit response, indicating that a relatch is outstanding. After the relatch takes place, the signal completes and it no longer appears in an audit response.
Turning Off NAPT Support
You may turn off NAPT by entering a NAPT OFF request or by omitting the signal entirely, as required by the package definition. An audit response never returns a signal indicating the NAPT OFF state, because the signal completes immediately after acceptance of the NAPT OFF request.
When issuing a Megaco modify request to update a previously latched termination, you must include the latch signal, assuming that you do not want to either change the remote address and port, or request a relatch. Including the latch signal indicates that the remote address and port to which the termination was previously latched should continue to be used.
The DBE automatically attempts to relearn remote addresses and ports, following any Megaco operation that modifies a termination whose endpoint is behind a NAT, even with the NAT Traversal package (NTR) in use. Relearning is, however, timed out if no packets from a new remote source address and port arrive within a suitable period.
When the IP NAPT Traversal package is used, the DBE does not try to relearn remote addresses and ports unless the MGC explicitly signals a relatch. Relatching is then never timed out.
Address Reporting Package
The address reporting (ADR) package is defined in ITU-T document TD-27 "Draft H.248.37 Amendment 1". The ADR package can be used only in conjunction with the IP NAPT package. The ADR package extends the existing IP NAPT package, adding a new remote source address change (RSAC) event.
This event occurs when the remote source address for the termination has changed. Its parameter is the newly detected (latched) remote address information given by the new remote source address (NRSA) and new remote source port (NRSP). MGC must explicitly subscribe for the event. This event is generated by the MG when a media stream latches, and is used to report the new remote source address and port. The event is generated in both LATCH and RELATCH scenarios. DBE reports the event subscription with audit response when MGC audits the packages.
The NRSA and NRSP values are represented in octet-string format, which essentially reverses the order of bits in every octet. Hexadecimal octet coding serves to represent a string of octets as a string of hexadecimal digits, with two digits representing each octet. This octet encoding should be used to encode octet strings in the text version of the protocol. For each octet, the 8-bit sequence is encoded as two hexadecimal digits. Bit 0 is the first transmitted; bit 7 is the last one. Bits 7-4 are encoded as the first hexadecimal digit, with Bit 7 as MSB and Bit 4 as LSB. Bits 3-0 are encoded as the second hexadecimal digit, with Bit 3 as MSB and Bit 0 as LSB.
For example, if NRSA=26AEF813, the first octet is 26 which is 00100110. Reversing this order gives us 01100100, which is decimal 100. The other bytes follow similar logic.
Implementing IP NAPT Traversal Support
A new IP NAPT Traversal support command, h248-napt-package, defines which H.248 package (either NAPT or NTR) the DBE should use for signaling NAT features:
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Additional References
The following sections provide references related to IP NAPT Traversal support.
Related Documents
Standards
ETSI TS102333 V1.1.2
Network Address Translation (NAT) Traversal Package (NTR)
H248.37
IP NAPT Traversal Package
MIBs
—
To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu:
RFCs
RFC 2663
IP Network Address Translator (NAT) Terminology and Considerations
RFC 3489
STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs).
Technical Assistance