Research And Realization Of SIP NAT/Firewall Transversal

The Next Generation Network (NGN) employs open standards to create integrated communication networks. It carries voice, video and data traffics with a decoupled intelligence. In comparision with traditional Public Switch Telephone Network (PSTN), NGN has lower cost and higher efficiency, and is capable of providing more value-added-services which may be impossible to implement in PSTN. However, the Internet is populated with vast amount of NAT/Firewalls devices, which provide security as well as blocking VoIP traffics. The work presented in this Master's thesis is a research on how to enable SIP signaling and media data to traverse NAT/firewalls devices without modifying their current employment.There are already various kinds of NAT/Firewall traverse solutions such as ALG, MIDCOM, STUN, etc. Each of these solutions has its advantages as well as disadvantages. Properly combining these solutions can extend their abilities to utmost. Thus the HTTP tunnel based SBC (HSBC) is introduced.Session Border Controller (SBC) is widely deployed to allow SIP traffic between Internet and Intranet. It is actually a SIP B2BUA (back to back user agent) entity. SBC usually uses SIP standard port 5060, which, unfortunately, is blocked by most firewalls. However, firewalls generally allow HTTP access. This is the foundation of HTTP tunnel based SBC. Session Border Controller (SBC) is a NAT/ Firewall traversal device which can transmit SIP messages and media data through firewall. But if firewall closes all the UDP ports, the UDP based SBC NAT/ Firewall transversal will useless. Generally, firewall will open HTTP ports to allow behind users visit webs, a HTTP tunnel can transmit SIP messages and media data in this situation.In NGN, security and QoS problem still exist. HSBC plays an important role in Service Level Assure and system security. HSBC use access control and Diff-Serv to ensure QoS, and use NGN topology hiding, signal validity method and user register failed time restriction method to ensure connection system security.The work of this Master's thesis has been focused on analyzing the aforementioned problems with SIP and Firewalls and then designing a HTTP tunnel based SBC firewall transversal for SIP.