SBC Deployment Behind a NAT Device
Use the Support for SBC Behind NAT SPL plug-in for deploying the Oracle® Enterprise Session Border Controller (E-SBC) on the private network side of a Network Address Translation (NAT) device. The Support for SBC Behind NAT SPL plug-in changes information in SIP messages to hide the end point located inside the private network. The specific information that the Support for SBC Behind NAT SPL plug-in changes depends on the direction of the call, for example, from the NAT device to the E-SBC or from the E-SBC to the NAT device.
Configure the Support for SBC Behind NAT SPL plug-in for each SIP interface that is connected to a NAT device. One public-private address pair is required for each SIP interface that uses the SPL plug-in, as follows.
- The private IP address must be the same as the SIP Interface IP address.
- The public IP address must be the public IP address of the NAT device.
The following illustrations show the SBC deployed in the private network behind a NAT device, using the Support for SBC Behind NAT SPL plug-in. Examples follow each illustration to show where the Support for SBC Behind NAT SPL plug-in changes the SIP message information.
Call Initiated on the Access Side
In the following illustration, UA1 invites UA2 to a session and UA2 responds.
#1. UA1 sends an INVITE through the NAT device to the Oracle® Enterprise Session Border Controller with the following message.
INVITE sip:service@10.0.0.99:5060 SIP/2.0 Via: SIP/2.0/UDP 10.0.0.1:5060;branch=z9hG4bK-3539-1-0 Contact: sip:sipp@10.0.0.1:5060 … Content-Type: application/sdp o=user1 53655765 2353687637 IN IP4 10.0.0.1 c=IN IP4 10.0.0.1 …
The Support for SBC Behind NAT SPL plug-in looks for the public SIP Interface IP address 10.0.0.99 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 10.0.0.99 in R-URI and changes it to the private SIP Interface IP address 192.168.0.1.
INVITE sip:service@192.168.0.1:5060 SIP/2.0 Via: SIP/2.0/UDP 10.0.0.1:5060;branch=z9hG4bK-3539-1-0 Contact: sip:sipp@10.0.0.1:5060 … Content-Type: application/sdp o=user1 53655765 2353687637 IN IP4 10.0.0.1 c=IN IP4 10.0.0.1 …
#2. The Oracle® Enterprise Session Border Controller sends a Reply to UA1.
SIP/2.0 200 OK Via: SIP/2.0/UDP 10.0.0.1:5060;received=192.168.0.70;branch=z9hG4bK-3539-1-0 Contact: <sip:192.168.0.1:5060;transport=udp> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 192.168.0.1 c=IN IP4 192.168.0.1 …
The Support for SBC Behind NAT SPL plug-in looks for the private SIP interface IP address 192.168.0.1 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 192.168.0.1 in Contact and SDP and changes it to the public IP 10.0.0.99.
SIP/2.0 200 OK Via: SIP/2.0/UDP 10.0.0.1:5060;received=192.168.0.70;branch=z9hG4bK-3539-1-0 Contact: <sip:10.0.0.99:5060;transport=udp> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 10.0.0.99 c=IN IP4 10.0.0.99 …
Call Initiated on the Core Side
In the folowing illustration, UA2 invites UA1 to a session and UA1 responds.
#1. The Oracle® Enterprise Session Border Controller sends an Invite to UA1.
INVITE sip:service@10.0.0.1:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.0.1:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1 Contact: <sip:sipp@192.168.0.1:5060;transport=udp> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 192.168.0.1 c=IN IP4 192.168.0.1 …
INVITE sip:service@10.0.0.1:5060 SIP/2.0 Via: SIP/2.0/UDP 10.0.0.99:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1 Contact: <sip:sipp@10.0.0.99:5060;transport=udp> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 10.0.0.99 c=IN IP4 10.0.0.99 …
#2. UA1 sends a Reply to the Oracle® Enterprise Session Border Controller.
SIP/2.0 200 OK Via: SIP/2.0/UDP 10.0.0.99:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1 Contact: <sip: 10.0.0.1:5060;transport=UDP> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 10.0.0.1 c=IN IP4 10.0.0.1 …
The Support for SBC Behind NAT SPL plug-in looks for the private SIP interface IP address 192.168.0.1 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 192.168.0.1 in Via, changes it to the public IP 10.0.0.99.
SIP/2.0 200 OK Via: SIP/2.0/UDP 192.168.0.1:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1 Contact: <sip: 10.0.0.1:5060;transport=UDP> Content-Type: application/sdp … o=user1 53655765 2353687637 IN IP4 10.0.0.1 c=IN IP4 10.0.0.1 …
