Firewall and NAT Traversal Explained

NAT Traversal Explained


The steadily increasing penetration of broadband Internet access and the proliferation of free mobile Over-the Top (OTT) voice and video applications are driving the rapid adoption of voice over Internet Protocol (VoIP). For both consumer and business markets, it is securing a position as the main mode of multimedia communication.

High quality multimedia communications, rich presence, and lower costs are just some of the benefits VoIP brings to end-users. For operators, it promises revenue streams from new and converged services, increased customer loyalty through extending the service value proposition, and lower capital and operation expenses (capex/opex) through utilizing single IP-based networks for all communications services.

Ironically, one of the main driving forces behind VoIP adoption also poses one of its biggest challenges - VoIP calls do not work well in many broadband and mobile situations. The problem stems from two common network elements: 

  • NAT - More than 90% of wired and mobile devices access broadband networks using private (internal) IP addresses. These private IP addresses get mapped, or translated, into publicly routable, external Internet addresses using a mechanism called Network Address Translation (NAT). NAT is implemented in all broadband access devices (routers), and sometimes again in the service provider network.

  • Firewalls - Most users have one or more packet-filtering firewalls protecting them from hackers and other malicious users on the Internet. Firewall features are implemented into most routers and directly in many of the popular operating systems from providers such as Microsoft, Apple, and others.

Many VoIP solutions, peer-to-peer file sharing applications, and gaming consoles on the market do not work well through NATs and firewalls - endpoints may fail to connect to each other, or the quality and performance may be unacceptable. NAT traversal is the general term for a variety of techniques used to overcome the connectivity challenges posed by NATs.

One widely deployed and trusted NAT traversal technique utilizes the IETF standards Interactive Connectivity Establishment (ICE, RFC 5245), combined with Session Traversal Utilities for NAT (STUN, RFC 5389), and Traversal Using Relay NAT (TURN, RFC 5766). This paper explores NAT traversal using ICE, STUN, and TURN further in sections 3 and 4.

The transition to IPv6, in theory promises to eliminate the need for NAT in the future due to the abundance of new routable IP addresses available within the IPv6 schema. However in reality, IPv6 will create transition related issues that will affect VoIP and video chat technologies in the short to mid term.

This white paper explores the root causes and challenges of the NAT traversal and firewall traversal problem for VoIP and video telephony applications, peer-to-peer file transfer and other applications requiring end-to-end connectivity. It summarizes recent work and progress made by standards-bodies and the industry on NAT traversal, and, finally, presents a comprehensive solution to this problem comprising a client-side SDK and a scalable carrier-grade server.

NAT Traversal Explained
NATs and Firewalls break VoIP and IP Communication

VoIP News

NAT Traversal White Paper

  1. Introduction
  2. NAT Traversal Problem
    2.1 Problem Summary
    2.2 Who is affected?
    2.3 How firewalls & NAT traversal affect connectivity based applications
  3. Solving the NAT Traversal Problem
    3.1 Solution Requirements
    3.2 Application Level Gateway (ALG)
    3.3 Session Border Controller (SBC)
    3.4 IETF STUN, TURN and ICE
    3.5 IPv6
  4. How ICE Methodology Works
    4.1 ICE overview
    4.2 Candidates
  5. AnyFirewall Technology
    5.1 AnyFirewall Engine
    5.2 AnyFirewall Server
    5.3 Sample call using AnyFirewall Engine
  6. Conclusion
  7. Reference

NAT Traversal Featured Articles

10 reasons why businesses should incorporate NAT traversal into their VoIP or internet communication products
The main driving force behind VoIP adoption also poses one of the biggest challenges – VoIP calls do not work well in many broadband situations for NATs and Firewalls break VoIP. This is why I have assembled a top 10 list of reasons why you should incorporate Eyeball’s AnyFirewall solution into your VoIP or internet communication products.
Is Nat Traversal holding back VoIP and IP Communications adoption?
The increased penetration of broadband Internet, the main driving force behind VoIP adoption, also poses one of the biggest challenges – VoIP calls do not work well in many broadband situations for NATs and Firewalls break VoIP. To address my concerns about NAT Traversal and the future of VoIP I had the CTO of Eyeball Networks, a leading software provider for VoIP, video telephony and instant messaging, answer a few questions.
Eyeball Networks Lands VoIP Award from TMC
Technology Marketing Corporation has named AnyFirewall Engine from Eyeball Networks the recipient of the 2007 INTERNET TELEPHONY Excellence Award presented by INTERNET TELEPHONY magazine.