Some project centralized networking distributing as follows: the central site deploys SoftCo5816 device, the remaining sites deploy IAD132E device. Each site were carried out through the public network to interoperability, each site internal devices are private IP addresses. At the premise that the NAT traversal able to ping, IAD could not use the SIP protocol to register to SoftCo device.
There are two solutions:
The first solution is to deploy a SBC device in the central site to achieve proxy function, the SBC device needs to assign public IP address, the disadvantage of this solution is business too high, all site deploy SoftCo devices needs to be deployed SBC devices;
The second solution is to adjust sites network topology, put the SoftCo central site E1000 firewall top in the top, and assign public IP to the firewall. Huawei Symantec firewall has SIP ALG function, for SIP protocol signaling process characteristics, NAT traversal problems can be solved. The solution can supports 800 SIP users registration capacity, completely meet SoftCo5816 design capacity, and greatly reduce the business. In the actual test, the registered address of each IAD SIP Server changed to central site firewall public IP address, and mapped the firewall address to SoftCo private network IP, SIP signaling and call completely normal.
SIP protocol belongs to the application layer protocol. At the premise that each site device can able to ping, it only show that the network layer can be reached. Different from traditional NAT support HTTP data traversal, SIP applications voice and video data require through the IP address and port number in the signaling message to the destination addressable. So the signaling messages in the address traversal requires not only change the port information of the TCP/UCP layer and the IP layer source and destination addresses, but also need to change the correlative address information in the IP packet payload. For SIP application control information dynamic to negotiate media stream port. Signaling protocol IP address is private, so to accurately grasp the address and port information and the correct conversion.
Prove the actual start site SIP ALG can be a good solution to the problem of NAT traversal, and stable operation, interoperability.