■■ Modifications to firewalls and NATs so as to make them SIP-aware
■■ NAT and firewall traversal using peer-to-peer (P2P) techniques such as
Interactivity Connectivity Establishment (ICE), Simple Traversal of
UDP through NAT (STUN), and Traversal Using Relay NAT (TURN)
Network Address Translators
Network address translators (NATs) are devices that modify the IP address
and port numbers, in the case of network address and port translators
(NAPTs), of IP packets as they are forwarded from one network to another.
NATs are commonly used when a local network utilizes IP addresses that are
not globally unique. When an IP packet that originated from this network
needs to traverse the public Internet, the use of NATs is required to replace the
local addresses with globally routable addresses.
The reason the private address space is not routable is that numerous enti-
ties on the public network utilize these addresses on their own internal net-
works. If these addresses were propagated on the public network, core routers
would not know which direction to send the response because of the large
number of locations that may utilize the same address space.
NATs are also used sometimes as security mechanisms to hide the internal
structure of a local network from users outside the network. For example,
internal network topology can be hidden with a NAT by making all internal
users appear to be one external, globally unique IP address to the rest of the
world. NATs typically operate transparently to the application layer, modify-
ing network layer fields as required to provide this transparency.
Many routers designed for home and small office use incorporate NAT
functionality along with a Dynamic Host Configuration Protocol (DHCP)
server often bundled with an Ethernet hub in the same device. As devices are
plugged into the hub, they are assigned a local IP address (typically assigned
from one of the private network address ranges such as 192.168.x.x or 10.x.x.x),
which allows them to communicate with other devices on the local area net-
work (LAN). When the packets leave the router, the NAT functionality allows
multiple internal PCs or devices to share a single external, globally unique IP
address. When used in this fashion, these routers are sometimes called Internet
sharing hubs.
Some network administrators also use private numbering schemes to avoid
having to renumber their networks if they ever have to change Internet service
providers (ISPs). Without a NAT, every IP device would need to be readdressed.
With a NAT-enabled device, only the NAT device must be reconfigured with a
new pool of IP addresses.
174 Chapter 10