NAT Traversal White Paper

NAT traversal solutions

  
NAT Traversal Software

Download this
VoIP NAT Traversal

Download NAT Traversal Server product sheet.

Download NAT Traversal Engine product sheet.

NAT Traversal Information



 
 
 

Nat Traversal for IP Communications - White Paper

NAT Traversal Technology

Page 5 of 6

Eyeball has developed NAT Traversal Technology to ensure seamless traversal of media across different NATs, firewalls, UPnP gateways, & web proxies. This comprises of two products:

  1. AnyFirewall Engine (AFE) - the industry's leading firewall and NAT traversal SDK offering the most comprehensive implementation of STUN, TURN and ICE.

  2. AnyFirewall Server (AFS) - a carrier-grade STUN and TURN server ready for licensing and mass deployment.

Here are a few highlights about Eyeball’s NAT traversal solution:

  • Developed using industry standard protocols: IETF standards of STUN-bis10 [1], TURN-04 [2], ICE-18 [3], ICE-TCP [4], nat-behaviour-discovery-01 [5] and UPNP[10].

  • 100% call completion: In addition to implementing ICE for NAT/Firewall traversal, UPnP and HTTP Proxy tunneling are provided to ensure 100% call completion.  

  • High peer-to-peer call completion rate: More than 95% of calls are completed peer-to-peer in UDP-enabled networks.  

  • Small SDK footprint: The standard footprint is less than 300kB, but smaller footprints are available for embedded devices and other environments where available memory is limited.  

  • Multiple platforms: AFE is available on Windows, Linux, MacOS, with other platform support available upon request.  

  • Easy to integrate: The AFE socket API is based on the standard Berkeley socket API, which is used in most operating systems. This allows AFE to be integrated quickly into existing products.  

  • Complete solution: The AnyFirewall Server (a standards-based STUN/TURN relay server) and the AnyFirewall Engine (a standards-based ICE client) provide a complete solution for NAT traversal.  

  • Service scalability: A single AnyFirewall Server supports more than 10,000 concurrent calls at one time, with more calls supported by simply adding another server.  

  • Product maturity: Eyeball has been a leader in NAT traversal solutions for over 5 years. Our products are field tested by millions of end-users all over the world.

Sections ‎5.1 and 5.2 presents AnyFirewall Engine and Server solutions respectively and section ‎5.3 provides a typical call completion scenario using the solution.

NAT Traversal Engine (AnyFirewall)

AnyFirewall Engine provides a feature-rich NAT traversal SDK for application developers and device makers. Here are a few technical highlights:

  • Most comprehensive implementation of STUN, TURN, and ICE, plus optional features such as UPnP gateways and HTTP tunneling through web-proxies.

  • Automatic selection of transport modes (UDP or TCP), and transparent translation of UDP to TCP when using TCP relaying. 

  • Supports symmetric RTP and smart keep-alives for signaling and media connections. 

  • Multiparty calls with hybrid UDP, TCP and HTTP streams.  

  • Traversal for voice, video, instant-messages and file-transfer.  

  • Minimized call completion time by pre-fetching and caching candidates.  

  • Simple C/C++ API familiar to TCP/IP socket programmers.  

  • Works with 3rd party SIP/XMPP stacks & voice/video engines.  

  • PC and embedded system support including Microsoft Windows, Linux, and Windows Mobile.

The rich set of APIs offered by AFE enable developers to write VoIP or other peer to peer applications without the concern of firewall traversal problems. Figure 6 shows the diverse kinds of VoIP applications that can be built using the AFE API. AFE integrates with third party application protocol stacks and media engines as well.

VoIP NAT Traversal

Figure 6: VoIP applications built using the AFE API

NAT Traversal Server (AnyFirewall)

The AnyFirewall Server is a carrier-grade server for NAT/Firewall discovery, and signaling and media relay based on STUN and TURN IETF drafts. Here are some of the features highlights of the AnyFirewall Server.

  • The first standards-based NAT and firewall traversal server for VoIP. It incorporates STUN, TURN, supports HTTP tunneling as a fallback and supports traversal of media and signaling including voice, video, IM and file-transfer.

  • Provides scalable firewall traversal for large deployments by completing most calls use peer-to-peer media transport, using load balancing based on DNS SRV lookup and supporting more than 10,000 concurrent calls per CPU.

  • Interoperable with 3rd party clients and end-points, and SIP servers from Cisco, Huawei, Nortel, Tekelec and Ubiquity.  

  • Supports wiretapping of calls by forcing relay usage for certain users (for CALEA requirements).  

  • Ready for deployment in IMS infrastructure (stand-alone server or integrated into CSCF).  

  • Runs on standard Linux systems (Standard PC or carrier-grade servers).
     

  • Easy to setup using either text-based configuration; interactive command line interface; or web-based provisioning, monitoring, and usage statistics.

Figure 7 shows how this solution is deployed in an operator’s network to achieve 100% call completion. AFE and the AnyFirewall Server, together, provide a comprehensive solution meeting all the requirements for solving the NAT/Firewall Traversal problem, as discussed in Section ‎2.2.

Figure 7: Eyeball AnyFirewall Solution deployment
 

VoIP Call Example Using a NAT Traversal Engine

Eyeball AnyFirewall Engine uses the concept of channels to simplify application programming. Figure 8 shows how the AFE fits in a typical VoIP application. Each channel is accessed via a set of functions similar to the socket API. Like sockets, each channel represents an endpoint for sending and receiving data. However, channels hide the underlying complexity required for the firewall traversal process, such as the STUN, TURN, and ICE functionality. To make adding the functionality of AFE to an existing application easy, calls to the socket API are replaced with similar AFE API calls. For example, to send and receive data using AFE, an application calls the Send() or Recv() on a channel, instead of using the send() and recv() functions of the socket. Furthermore, AFE provides the Select() function for channels, which models the behavior of the socket API function, select().



Figure 8: Integration of the AnyFirewall Engine into a VoIP application

Figure 9 shows the sequence of AFE API calls that take place on the caller and callee user agents in order to establish a call. Please note that, the sequence of calls here is similar to the sequence of ICE methodology steps in figure (3). Once a call is completed, the usual Send(), Recv(), and Select() functions are used, as in standard socket API.

SIP NAT Traversal
Figure 9: SIP call setup using AFE API

Continued
1 | 2 | 3 | 4 | 5 | 6 | Next Page
» Productssoftphone windows mobile » Marketsmobile voip phones » Technologiesmobile voip sip » News & Eventsvoip mobile phone » About Ussip softphone windows mobile » Info@eyeball.comsoftphone for windows mobile 5 » 1.604.921.5993
windows mobile voip
© 2008 Eyeball Networks Inc. All rights reserved.
Affiliate Info Sites: