Cloud SBC – Session Border Controller

SIP – Why NAT and/or PAT is Insufficient?

There are a number of fundamental reasons why simple NAT and PAT are insufficient to resolve NAT traversal issues for VoIP traffic in general and for SIP
signaling specifically. A small subset of the reasons:

  1. The SIP Standard requires a number of header fields to be specified, some of which need to contain the IP Address where responses need to be sent to. Since NAT and PAT operate only on the IP headers, and not on the UDP Payload, the WAN-to-LAN device does not address this issue at all.
  2. SIP does not only perform the tasks of setting up, adjusting calls, and tearing down calls, but also incorporates the media codec negotiation phase inside an embedded protocol called SDP (Session Description Protocol). Again, the WAN-to-LAN device does not address this additional content at NAT or PAT level.

Most users own NAT based routers/firewalls that make the roll-out of an IP based network of IP phones or phone adapters a nightmare if you don’t have the right tools. The fact that VoIP protocols encapsulate each device’s IP address in the session layer packet and firewalls won’t allow any session originated
from the public Internet to traverse to internal-protected network. This results in all sorts of problems like no audio or one way audio.

Some attempts to resolve this issue such as STUN or reconfiguring end-users routers or firewalls may not always work and will become a support debacle when facingdifferent types of NAT across different firewall and router manufacturers. Some systems provide a tunnel or SIP Proxy applicationas an “answer” to this issue but this option has limitations, especially when dealing with remote users that need to connect back to a SIP server. Is this really the best answer?


A Better Answer! – SIP proxy/Session Border Controller (SBC)

The SBC is a carrier grade solution that can provide service to tens of thousands of endpoints. Phones or other SIP devices will have a configuration field for a “SIP proxy” server and port – when pointed to the SBC, all SIP packet rewriting for NAT support automatically. This eliminates the need to use STUN, TURN, ICE, VPN, Tunnel or any other method to handle NAT.

The Session Border Controller allows VoIP sessions to succeed when one or more VoIP endpoints (such as analog phone adapters, gateways or IP phones) are in a NAT environment. Our offering takes all of the mess out of connecting remote devices back to a SIP server and greatly simplifies your deployment! This offering is designed to work as an intermediary between endpoint devices made by Yealink, Cisco, Snom, Polycom, Fanvil and more!

In addition to NAT traversal, security is another important issue that is addressed. DOS, DDOS, fast and slow attacks can be controlled by the SBC to help protect the 3CX server from malformed SIP packets and Avalanche Restart effect.