Network Working Group B. Zhou Internet-Draft D. Liu Intended status: Informational China Mobile Expires: September 2, 2010 March 1, 2010 ALG consideration of SIP draft-zhou-sip-alg-00 Abstract SIP protocol is widely used in IP communication applications, e.g. VoIP, IM. However, the SIP communications need to do NAT traversal when NAT existed inside the network. ALG can be found as one of NAT traversal solutions. This document addresses the ALG solution for SIP NAT traversal. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 2, 2010. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Zhou & Liu Expires September 2, 2010 [Page 1] Internet-Draft SIP ALG March 2010 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions used in this document . . . . . . . . . . . . . . 4 3. Outline of ALG for SIP communication . . . . . . . . . . . . . 5 4. SIP ALG . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Deployment Considerations . . . . . . . . . . . . . . . . . . 10 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 9. Normative References . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 Zhou & Liu Expires September 2, 2010 [Page 2] Internet-Draft SIP ALG March 2010 1. Introduction SIP protocol is widely used in IP communication applications, e.g. VoIP, IMS. However, the SIP communications need to do NAT traversal when NAT existed inside the network. Multiple NAT traversal solutions have been proposed to IETF, for example ICE and ALG. Although ICE mechanism is an advanced NAT traversal mechanism for SIP applications, it is impossible to know if the applications running on the host implement this advanced NAT traversal mechanism. Thus, ALG for SIP protocol is still necessary. This document addresses the general ALG solution of SIP protocol for NAT traversal. The scope of this document is focus on ALG located in IP address translator, included same IP family translation and different IP family translation. Zhou & Liu Expires September 2, 2010 [Page 3] Internet-Draft SIP ALG March 2010 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Zhou & Liu Expires September 2, 2010 [Page 4] Internet-Draft SIP ALG March 2010 3. Outline of ALG for SIP communication In this section we outline the ALGs for SIP communication. The whole SIP communication procedure is described in section 4 of [RFC 3261] in details. There are two SIP signaling messages include IP address during the communication: INVITE and 200. If the SIP communication needs to traverse the NAT, these two messages need to do ALG if there is no ICE provided. Zhou & Liu Expires September 2, 2010 [Page 5] Internet-Draft SIP ALG March 2010 4. SIP ALG The following figure illustrates an example where SIP Phone A locates in a private network and uses an NAT device between the private network and public network. +-----------+ +----------+ |SIP Phone A|--------------------|SIP Server| +-----------+ +----------+ 192.168.139.100 192.168.0.10:5060 | +----------+ 192.168.0.1:5060 | NAT | +----------+ 210.72.128.100:5061 | +-----------+ +----------+ |SIP Phone B|--------------------|SIP Server| +-----------+ +----------+ 210.72.128.200 210.72.0.100:5060 210.72.128.200 Figure 1 SIP architecture with NAT In the above figure, Phone A with UID:3100 initiates a session with B. NAT device's SIP ALG works as a SIP proxy, it behaves like SIP entity between the SIP servers in the private network and in the public network. The SIP ALG function in the NAT device translates the corresponding section of SIP message and creates an SIP-ALG mapping table. The SIP-ALG mapping table is used during the sip session and will be deleted when the session is terminated. The SIP-ALG mapping table uses Call-ID as index. The call-ID could remain unchanged or changed during the translation. The SIP-ALG mapping table contains the following section: Call-ID_IN Call_-D_OUT Vias.IN Vias.OUT From.IN From.OUT Zhou & Liu Expires September 2, 2010 [Page 6] Internet-Draft SIP ALG March 2010 To.IN To.OUT Contact.IN Contact.OUT SDP.oField.IP_IN SDP.oField.IP.OUT SDP.cField.IP_IN SDP.cField.IP_OUT SDP.mField.port.IN SDP.mField.port.OUT Time_count The translation algorithm is as follows: When the SIP ALG function identifies the SIP messages that need to be translated, it performs the following function: Translate the IP address/domain name in the SIP request message into the SIP server's IP address that locates in the public network. Record the Via section to the SIP-ALG mapping table's Vias_IN entry and translates the proxy's private IP address and port number to its corresponding public IP address and port number. Record From section to the SIP-ALG mapping table's From_IN entry and translates the UE's private IP address and port number to its corresponding public IP address and port number. Record To section to the SIP-ALG mapping table's To_IN entry. Record Call-ID to the SIP-ALG mapping table's Call-ID_IN section and generates a new Call-ID and create a Call-ID_OUT entry in the mapping table. Record the Contact section to the SIP-ALG mapping table's Contact_IN entry and translates the UE's private IP address and port number to its corresponding public IP address and port number. Zhou & Liu Expires September 2, 2010 [Page 7] Internet-Draft SIP ALG March 2010 Translates SDP section's o and c section's IP address into corresponding public IP address. m section's port number to public port number. Then creates SDP_oField_IP_IN, SDP_cField_IP_IN, SDP_mField_port_IN entries. NAT devices forwards the translated SIP message to the next SIP server. Clear the timeout_Count section of the SIP-ALG mapping table. When translates the incoming SIP message that comes from the public network. SIP-ALG function in the NAT device should first query the SIP-ALG mapping table using Call-ID as index to see if there is an mapping entry exists. If there is a mapping entry exists, then translates the Via/Contact section of the SIP message and the m section of the SDP message using the SIP-ALG mapping table. Then forward the translated SIP message to the corresponding SIP entity. As an example, the NAT device should create the following mapping information: Call_ID_IN 1234@192.168.139.100 Call_ID_OUT 5678@210.72.128.100 Vias_IN SIP/2.0/UDP 192.168.0.10:5060 SIP/2.0/UDP 192.168.139.100: 5060 VIas_OUT 192.168.139.100:5060 From_IN 3100@192.168.139.100:5060 From_OUT 0247654321@210.72.128.100:5061 To_IN 02412345678@192.168.0.10 To_OUT 02412345678@210.72.0.100:5060 Contact_IN 192.168.139.100:5060 Contact_OUT 02412345678@210.72.128.200 5060 SDP_oFiled_IP_IN 192.168.139.100 SDP_oFiled_IP_OUT 210.72.128.200 SDP_mField_port_IN: 3456 Zhou & Liu Expires September 2, 2010 [Page 8] Internet-Draft SIP ALG March 2010 SDP_mFild_prot_OUT 7890 Timeout_Count 0 Zhou & Liu Expires September 2, 2010 [Page 9] Internet-Draft SIP ALG March 2010 5. Deployment Considerations SIP ALG always located in the IP address translator. Most SIP networks deploy SBCs to assist with NAT traversal, SIP ALG functionality need to be implemented inside SBC. If there is no SBC present during SIP communication, NAT is the right position to implement ALG in the network side. If the host based translation is provided, ALG need to be implemented in the host side (SIP endpoint) if there is no other advanced NAT traversal solution support such as ICE. Zhou & Liu Expires September 2, 2010 [Page 10] Internet-Draft SIP ALG March 2010 6. Security Considerations TBD Zhou & Liu Expires September 2, 2010 [Page 11] Internet-Draft SIP ALG March 2010 7. IANA Considerations None Zhou & Liu Expires September 2, 2010 [Page 12] Internet-Draft SIP ALG March 2010 8. Acknowledgments TBD Zhou & Liu Expires September 2, 2010 [Page 13] Internet-Draft SIP ALG March 2010 9. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Zhou & Liu Expires September 2, 2010 [Page 14] Internet-Draft SIP ALG March 2010 Authors' Addresses Bo Zhou China Mobile Unit2, 28 Xuanwumenxi Ave,Xuanwu District Beijing 100053 China Email: zhouboyj@gmail.com Dapeng Liu China Mobile Unit2, 28 Xuanwumenxi Ave,Xuanwu District Beijing 100053 China Email: liudapeng@chinamobile.com Zhou & Liu Expires September 2, 2010 [Page 15]