Happy near year everybody,
this year started with a surprise: UACs I had behind a NAT would not take calls. Further research revealed, that my INVITE messages would be to large to fit my MTU of 1500 of traversing three proxies. Unfortunately, the fragmented UDP packets would NAT traverse my NATs.
Now, looking at the INVITE messages, my first idea was to strip some header fields which are not strictly required to set up a call at the last proxy - such as 'User-Agent'. Would that be a way to go? If so, is there a way of doing this with ser? Or would I need tunnel those messages through a B2BUA (if so, which one would you use)?
Naturally my favourite option would be to find a univeral solution to force UDP fragments through a NAT. However, my understanding as of now is, that UDP fragments do not carry port information so they will not make it through a NAT which does not keep state, suahc as my D-Link residential router.
Thilo
Hello,
On Friday 02 January 2004 11:29, Thilo Salmon wrote:
Happy near year everybody,
i wish also a happy new year to all the readers here too :)
this year started with a surprise: UACs I had behind a NAT would not take calls. Further research revealed, that my INVITE messages would be to large to fit my MTU of 1500 of traversing three proxies. Unfortunately, the fragmented UDP packets would NAT traverse my NATs.
Now, looking at the INVITE messages, my first idea was to strip some header fields which are not strictly required to set up a call at the last proxy - such as 'User-Agent'. Would that be a way to go? If so, is there a way of doing this with ser? Or would I need tunnel those messages through a B2BUA (if so, which one would you use)?
You can remove header fields with the remove_hf() function from the textops module. You should verify that you do not remove required header fields, but basicly it should be possible to do it that way. Allthough i think this not a very good solution because you will never know to which size the request will grow and if you will be able to strip it down under 1500.
I think the better choice is to switch to TCP to eliminate the MTU problem. Either directly at the starting UA, or you can also switch the transport at SER with forcing the transport for forwarding to TCP.
Naturally my favourite option would be to find a univeral solution to force UDP fragments through a NAT. However, my understanding as of now is, that UDP fragments do not carry port information so they will not make it through a NAT which does not keep state, suahc as my D-Link residential router.
Yes, you are right. But i assume that your router should answer with an ICMP error that fragmentation is not allowed. Maybe this is ignored by the UA. BTW fragmentation is bad for several other reasons :)
Greets Nils
On Fri, 2004-01-02 at 18:42, Nils Ohlmeier wrote: [INVITE messages to large to avoid fragmented UDP packets]
You can remove header fields with the remove_hf() function from the textops module. You should verify that you do not remove required header fields, but basicly it should be possible to do it that way. Allthough i think this not a very good solution because you will never know to which size the request will grow and if you will be able to strip it down under 1500.
Thanks a lot for pointing this out. I was looking for this function. It has not yet been documented, I believe. Do you happen to know, if there is a similar function to determine the size of the current message? That would come in handy, since you could refrain from stripping information unless the message was too large. Or even strip a little more, if you knew for certain that a call could not be set up unless you avoid fragmentation.
I think the better choice is to switch to TCP to eliminate the MTU
problem.
Either directly at the starting UA, or you can also switch the transport at SER with forcing the transport for forwarding to TCP.
I guess I have to read up on SIP over TCP. With regards to NAT it sounds a little like trading lemons, since by the sounds of it you are introducing a whole new set of problems.
That comes hard, since I was just too happy I had solved all my SIP through NAT issues...
Thilo
On Jan 03, 2004 at 23:43, Thilo Salmon salmon@netzquadrat.de wrote:
On Fri, 2004-01-02 at 18:42, Nils Ohlmeier wrote: [INVITE messages to large to avoid fragmented UDP packets]
You can remove header fields with the remove_hf() function from the textops module. You should verify that you do not remove required header fields, but basicly it should be possible to do it that way. Allthough i think this not a very good solution because you will never know to which size the request will grow and if you will be able to strip it down under 1500.
Thanks a lot for pointing this out. I was looking for this function. It has not yet been documented, I believe. Do you happen to know, if there is a similar function to determine the size of the current message? That would come in handy, since you could refrain from stripping information unless the message was too large. Or even strip a little more, if you knew for certain that a call could not be set up unless you avoid fragmentation.
if (msg:len >= 1472 ){ /* 1472 data + 8 (udp header) + 20 (standard ip header) = 1500 */ /* .....*/ }
I think the better choice is to switch to TCP to eliminate the MTU
problem.
Either directly at the starting UA, or you can also switch the transport at SER with forcing the transport for forwarding to TCP.
I guess I have to read up on SIP over TCP. With regards to NAT it sounds a little like trading lemons, since by the sounds of it you are introducing a whole new set of problems.
AFAIK nobody tried this so far, but it should work :-)
That comes hard, since I was just too happy I had solved all my SIP through NAT issues...
If you can, stick to udp.
Andrei
At 11:29 AM 1/2/2004, Thilo Salmon wrote:
Happy near year everybody,
this year started with a surprise: UACs I had behind a NAT would not take calls. Further research revealed, that my INVITE messages would be to large to fit my MTU of 1500 of traversing three proxies. Unfortunately, the fragmented UDP packets would NAT traverse my NATs.
Now, looking at the INVITE messages, my first idea was to strip some header fields which are not strictly required to set up a call at the last proxy - such as 'User-Agent'. Would that be a way to go?
There is a function called remove_hf or so in textops module. Also, you can consume credentials which you no longer need after authentication suceeded. (there is a function for it in auth module)
If so, is there a way of doing this with ser? Or would I need tunnel those messages through a B2BUA (if so, which one would you use)?
Neither stripping header fields nor B2BUA are a systematic help. Someday, body will be large (just think of all the IM bloat), or you will need some large header fields. That's the major reason why SIP implementations are supposed to support TCP now. Unfortunately, TCP does not do any better over NATs. For example, TCP Connections would have to be persistent which will exhaust server's port numbers sooner or later. So it seems to me that you will have to live with hacks for a while.
-jiri
-
Andrei Pelinescu-Onciul -
Jiri Kuthan -
Nils Ohlmeier -
Thilo Salmon