Martin Gignac wrote: > > On 10/11/06, Girish Venkatachalam <[EMAIL PROTECTED]> wrote: > >> If my memory serves me right, SIP actually has ALG built into the >> standard itself and www.opensip.org might already give you what you want. > > Hmm, wasn't aware of that. Do you have any specific RFC or 3GPP spec > number that I could check out concerning this? > > -Martin >
The standard? But SIP has so many..... There are some old, long expired drafts that touch on the topic, e.g., http://www1.cs.columbia.edu/sip/drafts/draft-ietf-nat-protocol-complications-00.txt There's a best current practice document for call flow that mentions SIP ALGs: ftp://ftp.rfc-editor.org/in-notes/rfc3665.txt but that's more about proxies than about something that untangles NAT. But the core spec, RFC 3261, http://www.rfc-editor.org/rfc/rfc3261.txt , doesn't touch on the topic at all so far as I've ever noticed. NAT fixup for SIP is a nasty thing and I've seen a number of broken implementations and incompatible solutions. As a hosted IP PBX provider, we've had the best luck using session border controllers at the edge of our network, which are configured to assume that phones are behind NAT. We tell our customers to not even think about STUN ( ftp://ftp.rfc-editor.org/in-notes/rfc3489.txt ), to not even think about putting the phones behind a firewall with any ALG functionality turned on (one ALG works fine until we issue a reinvite upon changing from ringing all the phones in a hunt group to actually establishing RTP streams with the phone that picks up, at which point the ALG drops all the packets; one mostly works except it plays funny games with port numbers sometimes and starts sending registration requests from a single phone using multiple port numbers, leading to confusion about where we're to send invites, etc., etc.) Unfortunately, SIP is nowhere near being "a" standard where you can assume interop just because you implement a bunch of RFCs. Especially if you mix NAT in. See http://en.wikipedia.org/wiki/Session_Border_Controller for more, including some nice references. --Jon Radel [EMAIL PROTECTED] [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
