Table of Contents
Advertisement
5 Application level gateways
Introduction
Bundled session
applications
Use of ephemeral
(dynamic and greater
than 1024) ports in the
connection call setup
process
Included IP address and
port information within
the packet payload
E-NIT-CTC-20040716-0004 v1.0
Some of the advanced protocols or applications have more complicated requirements
than other traditional ones and lead to significant problems when deployed in concert
with NAT implementations.
The main structural issues that lead to NAT-unfriendly situations are:
Some advanced applications use several connections for a single call. They exchange
IP address and port parameters within control sessions to establish the subsequent
data sessions. Address translation engines cannot know the inter-dependency of the
bundled sessions and would treat each session as to be unrelated to another one.
As examples,
H.323 uses two Transmission Control Protocol (TCP) connections and
several User Datagram Protocol (UDP) sessions for a single call.
A SIP call may use a TCP control connection or several UDP sessions for
data transfer.
In the FTP protocol, the control messages and the data transfer use
entirely separate TCP connections.
During an RTSP session, an RTSP client may open and close several
sessions to the server to issue RTSP requests.
As examples,
H.323 protocol: the H.245 and the RTP connections use ephemeral ports.
SIP protocol: the RTP connection use momentary ports.
Address translation doesn't typically decode and process payload fields so those
applications would fail because of address translation.
As examples,
H.323 & SIP protocols have addressing information for the data
connections buried in the control packets payload.
Internet Locater Service (ILS): the ILS logins, carried in the packet
payload, conclude the source IP address of the caller.
FTP: the FTP layer 3 connection addressing is embedded within the
payload of a control packet ('PORT', 'PASV' messages).
Internet Relay Chat (IRC) service: Commands carried over the IRC-DCC
(Direct Client To Client Protocol) connection include the IP address and
the TCP port where the Acceptor client should connect to the Initiator
client
For the buildup of a RTSP session, the setup message includes the
expected UDP port for the client and the server.
RealAudio clients set up an outgoing TCP control connection to initiate
conversation with a real-audio server. Audio session parameters, including
the port number on which the incoming audio traffic will be received by
the clients, are embedded in the TCP control session as byte stream.
The IPv6-to-IPv4 protocol defines a mechanism for interconnecting IPv6
sites over an IPv4 network and its implicit tunnel setup requires that IP
addressing information is carried in the IPv6 packet payload.
Application level gateways
25
Advertisement
Table of Contents
