AIO100是语音网关里的瑞士军刀!

IPPBX电话交换机语音网关AIO100

把SIP NAT和ALG讲透彻了的文章,看懂就知道网络防

时间:2018-05-01 17:25来源:未知 作者:admin 点击:
一篇文章看懂 SIP ALG 和 NAT,网络防火墙穿透很简单 网络地址转换协议Network Address Translation (NAT)让局域网里的多台主机(包括手机,电脑等)通过一个公网IP地址来访问Internet。对于出路

一篇文章看懂 SIP ALG 和 NAT,网络防火墙穿透很简单

网络地址转换协议Network Address Translation (NAT)让局域网里的多台主机(包括手机,电脑等)通过一个公网IP地址来访问Internet。对于出路由,NAT会把局域网IP地址转换成公网IP。对于入路由,则公网IP会被转换为内网IP,消息就会被路由到局域网里的对应主机。

在NAT环境下的网络电话协议Session Initiation Protocol (SIP)就更复杂一些。因为SIP消息包里就包含着IP地址信息。 SIP消息头里包括主叫和被叫信息,NAT就会转换这些地址信息,从外网隐藏起来。SIP消息体里包含的Session Description Protocol (SDP) 信息,包括用于传输媒体的IP地址和端口号。NAT就会转换SDP信息来收发媒体。

IP地址和端口号如何被转换,取决于消息的方向。How IP addresses and port numbers in SIP messages are replaced depends on the direction of the message. For an outgoing message, the private IP address and port number of the client are replaced with the public IP address and port number of the Juniper Networks firewall. For an incoming message, the public address of the firewall is replaced with the private address of the client.

When an INVITE message is sent out across the firewall, the SIP Application Layer Gateway (ALG) collects information from the message header into a call table, which it uses to forward subsequent messages to the correct endpoint. When a new message arrives, for example an ACK or 200 OK, the ALG compares the “From:, To:, and Call-ID:” fields against the call table to identify the call context of the message. If a new INVITE message arrives that matches the existing call, the ALG processes it as a REINVITE.

When a message containing SDP information arrives, the ALG allocates ports and creates a NAT mapping between them and the ports in the SDP. Because the SDP requires sequential ports for the Real-Time Transport Protocol (RTP) and Real-Time Control Protocol (RTCP) channels, the ALG provides consecutive even-odd ports. If it is unable to find a pair of ports, it discards the SIP message.

IPv6 is supported on the SIP ALG along with NAT-PT mode and NAT64 address translation.

  (责任编辑:admin)

顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------