Understanding Network Address Translation (NAT) for use with SIP.
We often hear of problems with NAT Traversal and SIP. This week we provide a short synopsis of Network Address Translation and its purpose on the network and why this is a problem when bringing SIP into a network.
Since the addressing and routing of SIP is done at the application layer, the biggest problem the SIP protocol now has is the disconnect between the IPv4 addressing and routing at the application layer versus the IPv4 addressing and routing at the transport and network layers. Network Address Translation (NAT) occurs at the transport and network layers, and thus the challenge.
The purpose of a Network Address Translation (NAT) firewall for businesses is to provide the translation between a single public IP address on the WAN and multiple private IP addresses for all of the workstations, servers and other IP equipment within the LAN. The router running NAT should never advertise the LAN network addresses to the WAN network backbone. Only the networks with global addresses may be known outside the router. However, global information that NAT receives from the border router can be advertised in the LAN network the usual way. Typical or traditional firewalls apply NAT to the TCP/IP protocol at the transport and network layers.
NAT’s basic operation is as follows. The network addresses inside a private domain can be reused by any other private domain. For instance, a single Class A address could be used by many private domains. At each exit point between a private domain and the public WAN backbone, NAT is installed. If there is more than one exit point it is of great importance that each NAT has the same translation table.
In order for SIP to work effectively, the NAT issue must be resolved, and that is where the Session Border Element such as the firewalls are very important for enabling SIP services to an enterprise network.
