Getting SIP (Session Initiation Protocol) through NAT (Network Address Translation) firewalls is a complex process thanks to the complexity and asymmetry of SIP, and thanks to the inherent unsuitability of NAT for anything but stretching the pool of available IPv4 (Internet Protocol version 4) addresses further than it deserves. NAT complicates everything, and the only reason that client-server functions work at all over the Internet is because of all the clever hacks designed to overcome NAT.
The cure for NAT is IPv6, which has a host of benefits in addition to a huge address space, such as easier network administration and addressing, and genuine QoS for high-quality streaming media. Someday NAT will be an optional tool for those who really want it, instead of a necessity to have un-rationed numbers of clients in your networks. I'm not holding my breath, as the USA owns about three-fourths of the available IPv4 addresses, and is well behind Europe, Japan, Finland, and other parts of the world in affordable broadband, and in advanced wireless and cellular services. So there is an insufficient level of urgency for migrating to IPv6, and a corresponding lackadaisicalness inforgive me for using the wordinnovation in these areas.
So until that golden day when IPv6 becomes the norm, we must deal with the nasty, brutish realities of current reality with cunning and ingenuity. If you must support SIP there are a number of ways to get around nasty NAT problems: SIP proxies, STUN (Simple Traversal of UDP through NAT) servers, and majick routers. Or you might consider avoiding SIP entirely and use IAX (Inter-Asterisk Exchange) instead.
What is IAX?
IAX is the native Asterisk protocol. It has a number of advantages over SIP:
- It uses a single UDP port, 4569, so it slides through NAT with ease
- It is bandwidth-efficient
- It supports trunking, which means data from multiple calls are merged into a single set of packets, which reduces IP overhead
- You can trunk SIP calls over IAX to sneak them through those nasty NATs
- Signaling and data travel together, rather than independently as they do with SIP
- It is a binary protocol, so it's more difficult to attack
When to use IAX
So the short story is if you're running an Asterisk server, or an Asterisk derivative, there are some scenarios where IAX just might be a better option for you than SIP:
- If you connect to branch offices that also run Asterisk servers, you could run IAX trunks between them for all inter-branch call traffic
- Road warriors can use IAX phones for easy remote connectivity
- If you connect to any Asterisk peer, such as a customer or vendor
- If you use a VoIP service that supports IAX trunking
Support for IAX in VoIP devices is growing. I don't know that it will ever equal SIP's popularity (I shall refrain from repeating my rant about U.S. vendors and their antipathy towards real innovation; apparently one new protocol per generation is the limit), but as long as you're running Asterisk you can mix'n'match the protocols to your best advantage.
Let's take a look at softphones first. I'm getting to be a big fan of softphones, especially since I finally retired my very antique Thinkpad (it is now a specialized networking diagnostic-and-fixit laptop) and got a new hotrod dual-core model with a gigabyte of memory. Suddenly all softphones sound good.
IAX softphones are terrific for road warriors who have to lug along a laptop anyway. Throw in a lightweight USB headset and they're all set. There are a number of good IAX softphones; these three are free of cost and cross-platform:
iaxComm runs on Linux, Mac OS X, and Windows.
KIAX runs on Linux, Mac OS X, and various flavors of Unix, and Windows. This is a nice phone with multi-language support.
Voix Phone is a freeware (but not open source) IAX phone derived from the Voix Manager, which is a nice call manager (also called a switchboard application) for Asterisk. It runs on Linux, Mac OS X, and Windows.
All three are nice softphones with the usual rafts of useful features like address books, multiple codec support, hold, transfer, user-configurable ringtones, multiple server support, and so on.
Next week we'll look at some IAX hard phones, and some slick ways to use IAX to swat those pesky NATs.