ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells

Feature Article
August 2004

Hosted NAT Traversal Unlocks VoIP Offerings


Carriers and next generation service providers are rolling out VoIP services like IP Centrex and hosted SOHO/residential VoIP services at an increasingly rapid pace. A key enabler for these hosted IP telephony services is an application called Hosted NAT (Network Address Translator) Traversal. The application is usually delivered via a session border controller that is deployed in the carrier/service provider�s network. The goal for service providers and carriers is to be able to seamlessly deliver VoIP services without territorial boundaries or NAT/firewall devices limiting that capability and without changing the IP infrastructure that is typically already in place.

Network Address Translation (NAT) has been in use for years by IT managers and serves a critical, well-understood role as the gatekeeper and point of demarcation between a trusted LAN and the untrusted Internet. NAT provides a solution to several problems, most importantly, IP address preservation and security functions. By using �private� addresses for endpoints and devices on a LAN and by assigning a single public IP address to the firewall, both of these problems are addressed. With a few exceptions, NAT�s role has remained unchanged for years.

The proliferation of VoIP is changing things however, as traditional NAT devices are unable to handle the demands of real time packet traffic. Session Border Control (SBC) has been introduced over the last couple of years to address the nuances embodied in sending point-to-point IP packets across legacy firewalls and other NAT devices. VoIP is the primary application of focus, but video conferencing, online gaming, and other real-time applications suffer from the same problems.

VoIP and Legacy Firewall Issues
VoIP is fundamentally incompatible with traditional firewalls. The key problems are:

� Firewalls admit external traffic only if it was initiated from the private LAN.
� VoIP calls that are initiated from the outside are discarded by the firewall.
� VoIP packets consist of signaling and media packets with embedded signaling that is not understood by the firewall.
� VoIP calls use dynamically assigned UDP ports instead of the statically allocated ones that firewalls usually dedicate to specific users or applications.
� VoIP generates many smaller packets and can easily overwhelm traditional firewalls and NAT devices.

These issues can be addressed by adding SBC functionality. SBCs essentially intercept VoIP packets and change them so that they are recognizable by the legacy firewall or NAT device. The SBC mediates between the LAN and the Internet by modifying the signaling and bearer packets in both directions. This functionality is referred to as network-hosted NAT traversal (aka far-end NAT traversal), since the SBC is located typically in the VoIP service provider�s network and performs the modifications to the incoming and outgoing VoIP packets from a centralized location.

The benefits of network-hosted NAT traversal to VoIP service providers are many:

� No additional customer premise equipment is required thus making this a very cost effective solution.
� No changes are required to existing network infrastructure or to firewalls, IADs, or other NAT devices that are located at the customer site.
� Security is kept intact as private addresses can be utilized for all VoIP end-user devices.
� The solution is compatible with most VoIP end devices and NAT/firewall premise equipment types making it easy and fast to implement.

A VoIP Service Provider Example
New Global Telecom (www.ngt.com) provides telephony solutions to service providers worldwide, including wholesale VoIP telephony services that enable service providers to rapidly and cost-effectively enter the Hosted IP Telephony marketplace. The company�s network includes international gateway switches in New York, Los Angeles, and Miami, a 24x7 voice and data network operations center (NOC), as well as comprehensive tools and systems to monitor/manage TDM and IP telephony networks.

New Global Telecom (NGT) developed its outsourced wholesale IP services suite for service providers seeking entry into the VoIP marketplace. The suite includes Hosted IP PBX and Class 5 feature services, end-customer support, network and facilities management (including NOC), and back office support. New Global Telecom�s customers include ISPs, carriers, and other service providers seeking to expand revenue via a low-risk, low-cost, managed wholesale solution.

NGT needed to solve the NAT issue to deliver its service to its domestic and international customers. The key requirements they were looking for were:
� Remote NAT traversal � the ability to deliver Class 5 services to VoIP endpoints that utilize existing NAT and firewall devices (sometimes more than one NAT device);

� Portability � support for roaming VoIP users;
� Security � utilizing private IP addresses for VoIP users;
� Co-media support � the ability to send media between co-located devices where it does not make sense to route the media back to the IP network; and
� No added equipment, eliminating the need to add any CPE.
They chose to deploy SBC technology to address these issues. The solution is a network-hosted, carrier-grade product supporting both SIP and MGCP in a very secure, fault-tolerant configuration.

Added Hosted NAT Traversal Benefits
In addition to solving the firewall NAT traversal problem, using a session border controller has additional benefits to carriers/service providers like NGT. Security is enhanced since customer VoIP endpoints are utilizing a private address and cannot be hacked or accessed directly from the Internet. Thus, the SBC is actually a �VoIP-enabled firewall� that protects the VoIP endpoints from the public Internet and also protects the service providers VoIP infrastructure elements (softswitch, application server, etc.) from malicious attacks and/or from misbehaving endpoints and other IP security issues.

Another key benefit is support for �roaming� and remote- users. As companies utilize more teleworkers, and as users increasingly need to work remotely, VoIP is becoming the preferred technology to enable total mobility. Hotels and �hotspots� like Starbucks can be accommodated with the use of network NAT traversal.

Hosted NAT traversal is being deployed by service providers like New Global Telecom as well as by most large worldwide carriers who are targeting SOHO/residential or small enterprises with a scalable, VoIP service. The key benefits translate into faster time to market and dramatically lower costs than solutions requiring premise equipment or upgrades or change-out of customers� existing firewall/NAT devices. IP address preservation, enhanced security, no additional CPE or changes to existing NAT/firewall devices, minimal or no configuration and support for roaming users are all advantages afforded by the addition of a SBC that delivers a network-hosted NAT traversal capability.



Jim Greenway is vice president of marketing for Kagoor Networks. For more information, please visit the company online at www.kagoor.com

If you are interested in purchasing reprints of this article (in either print or HTML format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at [email protected] or by phone at 800-290-5460.

[ Return To The April 2004 Table Of Contents ]


Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas