Session Border Controller (SBC) Deployment Behind a Network Address Translation (NAT) Device
The S-C[xz]6.3.9M4 release provides the Support for SBC Behind NAT SPL plug-in for deploying the Oracle® Enterprise Session Border Controller on the private network side of a NAT device. The Support for SBC Behind NAT SPL plug-in changes information in SIP messages to hide the end point located inside the private network. The specific information that the Support for SBC Behind NAT SPL plug-in changes depends on the direction of the call, for example, from the NAT device to the SBC or from the SBC to the NAT device.
Configure the Support for SBC Behind NAT SPL plug-in for each SIP interface that is connected to a NAT device. One public-private address pair is required for each SIP interface that uses the SPL plug-in, as follows.
- The private IP address must be the same as the SIP Interface IP address.
- The public IP address must be the public IP address of the NAT device.
The following illustrations show the SBC deployed in the private network behind a NAT device, using the Support for SBC Behind NAT SPL plug-in. Examples follow each illustration to show where the Support for SBC Behind NAT SPL plug-in changes the SIP message information.
Call Initiated on the Access Side
In this illustration, UA1 invites UA2 to a session and UA2 responds.
#1. UA1 sends an INVITE through the NAT device to the Oracle® Enterprise Session Border Controller with the following message.
INVITE sip:service@10.0.0.99:5060 SIP/2.0 Via: SIP/2.0/UDP 10.0.0.1:5060;branch=z9hG4bK-3539-1-0 Contact: sip:sipp@10.0.0.1:5060 … Content-Type: application/sdp o=user1 53655765 2353687637 IN IP4 10.0.0.1 c=IN IP4 10.0.0.1 …
The Support for SBC Behind NAT SPL plug-in looks for the public SIP Interface IP address 10.0.0.99 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 10.0.0.99 in R-URI and changes it to the private SIP Interface IP address 192.168.0.1.
INVITE sip:service@192.168.0.1:5060 SIP/2.0 Via: SIP/2.0/UDP 10.0.0.1:5060;branch=z9hG4bK-3539-1-0 Contact: sip:sipp@10.0.0.1:5060 … Content-Type: application/sdp o=user1 53655765 2353687637 IN IP4 10.0.0.1 c=IN IP4 10.0.0.1 …
#2. The Oracle® Enterprise Session Border Controller sends a Reply to UA1.
SIP/2.0 200 OK Via: SIP/2.0/UDP 10.0.0.1:5060;received=192.168.0.70;branch=z9hG4bK-3539-1-0 Contact: <sip:192.168.0.1:5060;transport=udp> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 192.168.0.1 c=IN IP4 192.168.0.1 …
The Support for SBC Behind NAT SPL plug-in looks for the private SIP interface IP address 192.168.0.1 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 192.168.0.1 in Contact and SDP and changes it to the public IP 10.0.0.99.
SIP/2.0 200 OK Via: SIP/2.0/UDP 10.0.0.1:5060;received=192.168.0.70;branch=z9hG4bK-3539-1-0 Contact: <sip:10.0.0.99:5060;transport=udp> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 10.0.0.99 c=IN IP4 10.0.0.99 …
Call Initiated on the Core Side
In this illustration, UA2 invites UA1 to a session and UA1 responds.
#1. The Oracle® Enterprise Session Border Controller sends an Invite to UA1.
INVITE sip:service@10.0.0.1:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.0.1:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1 Contact: <sip:sipp@192.168.0.1:5060;transport=udp> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 192.168.0.1 c=IN IP4 192.168.0.1 …
INVITE sip:service@10.0.0.1:5060 SIP/2.0 Via: SIP/2.0/UDP 10.0.0.99:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1 Contact: <sip:sipp@10.0.0.99:5060;transport=udp> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 10.0.0.99 c=IN IP4 10.0.0.99 …
#2. UA1 sends a Reply to the Oracle® Enterprise Session Border Controller.
SIP/2.0 200 OK Via: SIP/2.0/UDP 10.0.0.99:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1 Contact: <sip: 10.0.0.1:5060;transport=UDP> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 10.0.0.1 c=IN IP4 10.0.0.1 …
The Support for SBC Behind NAT SPL plug-in looks for the private SIP interface IP address 192.168.0.1 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 192.168.0.1 in Via, changes it to the public IP 10.0.0.99.
SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.0.1:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1 Contact: <sip: 10.0.0.1:5060;transport=UDP> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 10.0.0.1 c=IN IP4 10.0.0.1 …
