Scribd Logo
Upload

Welcome to Scribd!

  • Sip Alg: FW, Snat

    Uploaded by

    mickyminie220695
    7 views11 pages
    SIP preeentation

    Original Title

    SIP

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SIP preeentation

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    7 views11 pages

    Sip Alg: FW, Snat

    Uploaded by

    mickyminie220695
    SIP preeentation

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 11

    SIP ALG

    FW, SNAT
    Contents
    • Introduction
    • Callflow
    • flow diagram
    • UT Use case
    • Show logs with Sleuth Use case
    Introduction
    Application Level Gateway (ALG) mode: facilitates communication between SIP clients and SIP proxies in 2 main
    scenarios
    • network access policy enforcement without SNAT
    • source address translation
    SIP ALG-FW (Without SNAT)

    • no destination and no source address translation


    • no SIP headers are modified,
    • no listeners are automatically created to handle incoming (unsolicited) signaling addressed to end-points in
    the protected network.
    Ingress Call flow
    UT Use case
    call flow : ALG FW send request and receive status on same connection
    Testcase : test_sipmsg_alg.c : test_sipmsg_alg_send_request_receive_status_same_connection_no_snat
    Slueth logs usecase
    • sip_firewall_outbound_call_spdag_16758.py
    We will show logs from BIGIP captured using itec setup.
    SIP ALG-SNAT
    • source addresses on egress flows are translated based on source-address-translation configuration in the
    virtual server (all source address translation methods and all LSN address translation algorithms are
    supported),
    • SIP headers are rewritten in order to hide private addresses,
    • SIP user registrations are tracked and contact information in REGISTER requests rewritten to selected
    translation end-points,
    • Listeners for translated end-points of registered users are automatically created on successful registration,
    • For media reported in SDP a deny listener is created for outgoing INVITE message
    • Deny listeners are deleted when provisional response with SDP is received
    • Unregistered subscribers can make calls but cannot accept calls.
    • LSN NAPT, DNAT, PBA mode are supported,
    • NAT64, NAT44 and 464 Network configuration are supported.
    SIP ALG-SNAT Ingress, Egress call
    processing

    https://docs.f5net.com/pages/viewpage.action?spaceKey=PDTMOSTWIKI&title=SIP+Protocol+Design+Document#SI
    PProtocolDesignDocument-SIPALG-SNATControlmessageProcessing
    UT outbound call flow with GDB
    • Test suite : test_sipmsg_alg_snat.c:
    • Testcase : test_sipmsg_alg_snat_register_and_call_nat44,
    test_sipmsg_alg_snat_register_and_outbound_call_helper(&conn_params,alg_util_multiple_trans_same_connection,alg_
    util_setup_lsn_nat44,alg_util_teardown_lsn_nat44);
    Slueth logs usecase
    • sip_alg_snat_outbound_call_no_registration_18430.py
    We will show logs from BIGIP captured using itec setup.

    You might also like