1. ACLI Configuration Guide
  2. Session Plug-In Language
  3. SBC Deployment Behind a NAT Device

SBC Deployment Behind a NAT Device

Use the Support for SBC Behind NAT SPL plug-in for deploying the Oracle® Enterprise Session Border Controller (ESBC) on the private network side of a Network Address Translation (NAT) device. The Support for SBC Behind NAT SPL plug-in changes information in SIP messages to hide the end point located inside the private network. The specific information that the Support for SBC Behind NAT SPL plug-in changes depends on the direction of the call, for example, from the NAT device to the ESBC or from the ESBC to the NAT device.

Configure the Support for SBC Behind NAT SPL plug-in for each SIP interface that is connected to a NAT device. One public-private address pair is required for each SIP interface that uses the SPL plug-in, as follows.

  • The private IP address must be the same as the SIP Interface IP address.
  • The public IP address must be the public IP address of the NAT device.

The following illustrations show the SBC deployed in the private network behind a NAT device, using the Support for SBC Behind NAT SPL plug-in. Examples follow each illustration to show where the Support for SBC Behind NAT SPL plug-in changes the SIP message information.

Call Initiated on the Access Side

In the following illustration, UA1 invites UA2 to a session and UA2 responds.

Illustration of call flow across the NAT from the access side.

  1. UA1 sends an INVITE through the NAT device to the ESBC with the following message. 

    INVITE sip:service@10.0.0.99:5060 SIP/2.0
Via: SIP/2.0/UDP 10.0.0.1:5060;branch=z9hG4bK-3539-1-0
Contact: sip:sipp@10.0.0.1:5060
…
Content-Type: application/sdp

o=user1 53655765 2353687637 IN IP4 10.0.0.1
c=IN IP4 10.0.0.1
…

    The Support for SBC Behind NAT SPL plug-in looks for the public SIP Interface IP address 10.0.0.99 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 10.0.0.99 in R-URI and changes it to the private SIP Interface IP address 192.168.0.1. 

    INVITE sip:service@192.168.0.1:5060 SIP/2.0
Via: SIP/2.0/UDP 10.0.0.1:5060;branch=z9hG4bK-3539-1-0
Contact: sip:sipp@10.0.0.1:5060
…
Content-Type: application/sdp

o=user1 53655765 2353687637 IN IP4 10.0.0.1
c=IN IP4 10.0.0.1
…

  2. The ESBC sends a Reply to UA1. 

    SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.0.0.1:5060;received=192.168.0.70;branch=z9hG4bK-3539-1-0
Contact: <sip:192.168.0.1:5060;transport=udp>
Content-Type: application/sdp
…
o=user1 53655765 2353687637 IN IP4 192.168.0.1
c=IN IP4 192.168.0.1
…

    The Support for SBC Behind NAT SPL plug-in looks for the private SIP interface IP address 192.168.0.1 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 192.168.0.1 in Contact and SDP and changes it to the public IP 10.0.0.99. 

    SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.0.0.1:5060;received=192.168.0.70;branch=z9hG4bK-3539-1-0
Contact: <sip:10.0.0.99:5060;transport=udp>
Content-Type: application/sdp
…
o=user1 53655765 2353687637 IN IP4 10.0.0.99
c=IN IP4 10.0.0.99
…

Call Initiated on the Core Side

In the folowing illustration, UA2 invites UA1 to a session and UA1 responds.

Ilustration of call flow across the NAT from the core side.

  1. The ESBC sends an Invite to UA1. 

    INVITE sip:service@10.0.0.1:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.1:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1
Contact: <sip:sipp@192.168.0.1:5060;transport=udp>
Content-Type: application/sdp
…
o=user1 53655765 2353687637 IN IP4 192.168.0.1
c=IN IP4 192.168.0.1
…

    The Support for SBC Behind NAT SPL plug-in looks for the private IP address 192.168.0.1 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 192.168.0.1 in Via, Contact, and SDP and changes it to the public IP address 10.0.0.99. 

    INVITE sip:service@10.0.0.1:5060 SIP/2.0
Via: SIP/2.0/UDP 10.0.0.99:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1
Contact: <sip:sipp@10.0.0.99:5060;transport=udp>
Content-Type: application/sdp
…
o=user1 53655765 2353687637 IN IP4 10.0.0.99
c=IN IP4 10.0.0.99
…

  2. UA1 sends a Reply to the ESBC. 

    SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.0.0.99:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1
Contact: <sip: 10.0.0.1:5060;transport=UDP>
Content-Type: application/sdp
…
o=user1 53655765 2353687637 IN IP4 10.0.0.1
c=IN IP4 10.0.0.1
…

    The Support for SBC Behind NAT plug-in looks for the public IP 10.0.0.99 in R-URI, Via, Contact, and SDP. The SPL plug-in finds 10.0.0.99 in Via, changes it to the private SIP interface IP address 192.168.0.1. 

    SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.0.1:5060;branch=z9hG4bKbgs21h30a8kh8okcv790.1
Contact: <sip: 10.0.0.1:5060;transport=UDP>
Content-Type: application/sdp
…
o=user1 53655765 2353687637 IN IP4 10.0.0.1
c=IN IP4 10.0.0.1
…