Newport Networks Sesson Border Controller
Home Company Investors Solutions Product News Contact White Papers
Search Site Map

White Papers

IPsec and VoIP
 Security and IMS
 Emergency Calls in VoIP
 UK Interconnect
 Session Control in IMS
 NAT Traversal
 QoS, Bandwidth
 SIP Security
 Lawful Intercept
 VoIP Bandwidth

Resources

What is a Session Border Controller?
 Glossary
 Bandwidth Calculator

White Paper - Solving the Firewall and NAT Traversal Issues for Multimedia over IP Services

Automatic Channel Mapping (ACM)

The Newport Networks 1460 session border controller, equipped with the ACM feature, is specifically designed to address the Firewall and NAT traversal problems - without requiring any changes to the existing security rules or to the clients.

Solving the 'NAT Problem'

Solving the 'NAT problem' means that un-routable private addresses need to be replaced with public, routable ones so that the media flows can find their way through networks (both public and private) to reach the client devices. This is the primary function of the SignallingProxy.

1460 session controller
Figure 9 Newport Networks 1460 session controller

The SignallingProxy acts as a high-performance B2BUA (Back to Back User Agent). It is configured as a transit point for SIP signalling messages between the client (User Agent) and the Call Agent (and vice versa). In this way, it acts as a proxy for both client and server - ensuring that all signalling messages pass through it. This provides complete visibility and control of call establishment. SIP messages from the client are directed to the SignallingProxy by making minor changes to the Service Provider DNS entries for the Call Agent.

The MediaProxy operates under the control of the SignallingProxy to provide a transit point for RTP and RTCP media streams between User Agents. All media is directed to the MediaProxy ensuring that the Service Provider has full visibility and control of the media stream to ensure service quality, and for charging purposes. Finally, the MediaProxy performs dynamic NAPT to hide details of the network and other users from subscribers and other networks - helping to provide protection against Denial of Service attacks.

The SignallingProxy and MediaProxy exchange information using an internal Megaco/H.248 protocol. This approach makes the Newport Networks 1460 'SIP-ready' and compatible with all SIP User Agents and Call Agents. This ensures easy integration with existing SIP systems and fast time to market.

call agent to session controller relationship and interaction
Figure 10 Interaction with External Call Agent

Call Agents that have been suitably enhanced can control the MediaProxy through the Megaco/H.248 interface, which, in turn, controls the media plane. This ensures support for a broad range of call control protocols including H.323, MGCP and of course SIP. Secondly, it means that other call control devices (such as Softswitches) can directly control the MediaProxy. The result is that Service Providers can implement specific features that will differentiate their service from competitors.

Taking Control of the SIP Signalling Path

SIP signalling messages destined for the SignallingProxy exit the private network using a public IP address and port allocated by the NAT. When the SignallingProxy receives the initial REGISTER message from the User Agent, a source address on the SignallingProxy is allocated for signalling messages to this client. A modified REGISTER message is then forwarded on to the Call Agent with the CONTACT and VIA fields indicating that the SignallingProxy is the source.

SignallingProxy controls the signalling path
Figure 11 SignallingProxy controls the signalling path

Taking Control of the Media Path

The consequence of the NAT public port allocation method is that the ports that are allocated for media flow from each client will be unpredictable.

In the Newport Networks solution, based on another IETF draft, the SignallingProxy manipulates the signalling messages to ensure that the media streams are directed to specific, dynamically allocated ports on the MediaProxy.

Ensuring end-to-end media flow
Figure 12 Ensuring end-to-end media flow

When the SignallingProxy receives the INVITE message, it communicates with the MediaProxy to obtain NAT information for this call. It then modifies the source IP address and the SDP fields to define the SignallingProxy™ as the return path for signalling and the MediaProxy address as the return address for the media. The INVITE is then forwarded to the Call Agent. To the Call Agent it appears that the message has originated from a user with a port and IP address belonging to the MediaProxy. The receiving client will return an ACK via the SignallingProxy, which will modify the message so that the originating client directs the media to the port dynamically allocated to this call on the MediaProxy. The IP address and port used by the NAT can now be easily determined by reading the IP address and port from the actual media stream. Thus, all signalling messages flow through the SignallingProxy and all media streams will flow through the MediaProxy allowing the Service Provider to connect, control and charge for the connection.


Continued
1 | 2 | 3 | 4 | 5 | 6 | Next Page

Page 5 of 6
Copyright © 2007 Newport Networks Ltd. All rights reserved. RSS | Site Map | Extranet | Blog | Terms of Use | Privacy