Actually it depends on the NAT implementation. There are four generally known/defined types (in STUN), but a lot of variants. When we talk about the NAT problem, we always talk about the worst-case, which is a symmetric NAT, i.e. only packets from src ipA:portB will be allowed through and only if a previous packet has been going out to dst ipA:portB not longer ago than a defined time-out. Some NATs have timeout of 60 minutes, others (could be) as low as 30 sec. g-)
Natambu Obleton wrote:
Ohh.. I thought the keepalives would allow other ip address, than the one that originally opened the connections, to send in.
I guess that wouldn't be very secure would it.... :)
Natambu Obleton Network Engineer FastTrack Communications nobleton@fasttrackcomm.net (970) 247-3366 office (970) 247-2426 fax
-----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Vitaly Nikolaev Sent: Tuesday, September 19, 2006 8:53 AM To: serusers@iptel.org Subject: RE: [Serusers] Scaling SER
To extend Juha's info:
Only SER server that just received SIP packet from SIP device (either register or keepalive) can send something back in case of NAT
For example you have SER1 and SER2, client A registered on SER1 and client B on SER2, when client B sends call to client A it will first hit SER2 then SER2 to according to replicated location table will try to send it to client A straight and fail in case client A behind the nat (which is quite often in real world)
Trick is to teach SER2 to forward call to SER1 when needed, it can be done when you use b2bua that looks to same location table for example (ser need to be taught to place its IP also in same table).
Can not give you exact howto but can give (out of list) some references to commercial software if interested.
-----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Juha Heinanen Sent: Tuesday, September 19, 2006 8:52 AM To: Andrey Kuprianov Cc: serusers@iptel.org Subject: Re: [Serusers] Scaling SER
Andrey Kuprianov writes:
mediapoxy'll handle it.
mediaproxy does not forward sip requests.
-- juha _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers