artisticcheese
join:2004-11-09
Carrollton, TX
 ·VoiceStick
| How multiple ATAs can be behind same NAT router?
Hi,
I have general question. How on IP level it'll work if you have several ATA on internal network with different VOIP providers using the same SIP port number. How forwarding will work in this case since incoming packets will be arriving to the same port for both providers (UDP 560) and how router will know which internal host it shall be forwarded to? |
|
DracoFelis
Premium
join:2003-06-15
| said by artisticcheese  :How on IP level it'll work if you have several ATA on internal network with different VOIP providers using the same SIP port number. If you make sure both the SIP (call setup) and RTP (voice) ports are different, than it works quite well. Because in that case, you use the ports to uniquely identify the adapter.
OTOH you asked about the same ports being used. In that case, it's much more of a YMMV thing. Because when you are using the same ports, the ONLY THING that is keeping the mapping (of port to adapter) correct is the NAT tables in your router (in much the same way that the NAT tables in your router allow multiple PCs on your LAN to web browse on port 80 at the same time). This will sometimes work, but there is many things that could go wrong (which is why I have my multiple adapters on different ports).
For example, if you have each adapter (that is using the same ports) registered with a different provider, the NAT tables (in your router) may know (if it's a smart enough router) that inbound calls from the IP address of provider x go to the adapter that is "registered" with provider x. But how is the router supposed to know which adapter to send a call to, when that "provider" is registered on multiple adapters behind your LAN? And, even worse, how is your router supposed to know which adapter to send an anonymous (call from a non-registered party) call supposed to (in the case of different ports, the port numbers keep this straight, but the NAT tables in the router don't have such queues when different port numbers are used).
Bottom line:
I personally prefer to keep my VoIP adapters (behind my home NAT router, and a single public IP) all on different ports, to avoid problems. Yes, I realize that things might work OK with just my router's NAT, but that would still be "asking for trouble". But by keeping the ports (I use for VoIP) unique, I keep things unambiguous (and therefore avoid possible headaches as to which adapter which signal is for). |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
1 edit | A piece you're missing is that it's really PAT. When the translation is done, your return port number is also changed.
For example, leaving the ATA the UDP SIP packet connects to the host on 5060 and says talk back to me on 5060. Now when the xlate is done, the return port is changed. Here's the connection table for one of my ATA's ....
"UDP PAT from inside:zoom5801/5060 to outside:69.255.118.xxx/1061"
... so the VoIP provider is actually talking back to me on 1061. When the packet passes back through the PAT process, that gets changed back to 5060.
The combination of the IP address and the port number being changed is why you can have multiple ATA's registered to the same provider ... all on what you "think" is 5060. But the router is smarter than we are. 
The translation table should never get confused. If it does, get a new router.
FWIW, I've got 5 VoIP lines living well together. |
|
artisticcheese
join:2004-11-09
Carrollton, TX | I thought UDP are packets are sent and received on the same port number so on router side it shall be receiving also on 5060? |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
| said by artisticcheese :I thought UDP are packets are sent and received on the same port number so on router side it shall be receiving also on 5060? That's what you see on the "inside" of your network. But, the port is being changed before it leaves the WAN interface.
The combination of the IP address being translated, as well as the port, is what allows you to have multiple ATA's register to the same VoIP provider and not get confused. |
|
Cal96
join:2004-11-05
Oceanside, CA
| reply to artisticcheese
A while back, I had Vonage and Asterisk at the same time. The Vonage PAP2 was locked down to UDP port 5060. So I configured Asterisk SIP to listen on 5070 and a different RTP range. This worked fine for all the providers I used (Telasip, Vbuzzer, FWD, Sipdiscount, Les.net, etc.) My point is that most providers don't care which ports your end is using. The SIP protocol handles all the details.
In your case if one of the ATAs is unlocked, just change the SIP port and RTP range yourself (remembering to forward those ports in your router config). Couldn't hurt to try.
If not, maybe one of the providers will change your ATA's config to use a different SIP port / RTP range. Seems reasonable to me. Give 'em a call. |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
| said by Cal96 : (remembering to forward those ports in your router config). That is what causes people grief. You will never ever have to do that with a decent router. |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
| reply to priller
Packet on the inside | 
Packet after PAT |
|
|
garys_2k
join:2004-05-07
Farmington, MI
·Future Nine Corpor..
·Vonage
| reply to artisticcheese
Another thing to keep in mind is that all SIP traffic, and the RTP traffic that the SIP traffic sets up, originates FROM the ATA which is behind the router. Port forwarding should not be needed for any ATA. It's the router's job to keep track of which internal IP sent a request out to which external IP and route the reply back -- it is the essence of NAT.
You can have multiple PCs browsing the same web page and the router will keep track of which machine just asked for the page to be refreshed, it's no different. ATA traffic is UDP but those incoming packets are not unsolicited. |
|
artisticcheese
join:2004-11-09
Carrollton, TX
·VoiceStick
| said by garys_2k :Another thing to keep in mind is that all SIP traffic, and the RTP traffic that the SIP traffic sets up, originates FROM the ATA which is behind the router. Port forwarding should not be needed for any ATA. It's the router's job to keep track of which internal IP sent a request out to which external IP and route the reply back -- it is the essence of NAT. You can have multiple PCs browsing the same web page and the router will keep track of which machine just asked for the page to be refreshed, it's no different. ATA traffic is UDP but those incoming packets are not unsolicited. How this will work for incoming call? |
|
priller
join:2000-10-20
Gainesville, VA
·voip.ms
·Callcentric
·Vonage
·callwithus
2 edits | Your VoIP provider's SIP proxy knows the address and port you registered from, so it just sends the INVITE to you on that port.
In my example above, the INVITE comes to me on 1061 ... is translated back to 5060 and is passed along to the ATA.
--
Please don't screw with port forwarding. If for some reason you have a problem receiving calls, the problem is that the NAT translation in your router is timing out. This is resolved by adjusting the timeout in your router. If that isn't an option, then request that your provider increase the registration interval or enable NAT keepalive on the ATA. |
|
artisticcheese
join:2004-11-09
Carrollton, TX | I hear first call ringing but when I pick up I hear dead air. What most likely cause for this? I have 2 different VOIP Providers behind router and both of those use SIP UDP 5060. |
|
garys_2k
join:2004-05-07
Farmington, MI
·Future Nine Corpor..
·Vonage
| reply to artisticcheese
said by artisticcheese :said by garys_2k :Another thing to keep in mind is that all SIP traffic, and the RTP traffic that the SIP traffic sets up, originates FROM the ATA which is behind the router. Port forwarding should not be needed for any ATA. It's the router's job to keep track of which internal IP sent a request out to which external IP and route the reply back -- it is the essence of NAT. You can have multiple PCs browsing the same web page and the router will keep track of which machine just asked for the page to be refreshed, it's no different. ATA traffic is UDP but those incoming packets are not unsolicited. How this will work for incoming call? Here's how it works...
Your ATA sends the SIP server an "I'm here" message, the SIP server sends back a "Got it, thanks" reply. This happens regularly, and it should happen regularly enough to keep your router's tables current. My Vonage ATA does this 3 to 4 times per minute, plenty often enough.
When a call comes in the SIP server (which is still current to the ATA in the table) sends the ATA a message "Hey, go take a call at this IP address." The ATA sends back an OK to the SIP server and then initiates contact to the RTP server's address that the SIP server delivered to it.
That goes something like, ATA: "Hey, RTP server, heard you have a call for me -- here's my phone number." The RTP server sends back "Yeah, let's get it going. Start the bell ringing and here's the caller ID info to throw on the wire."
The call proceeds entirely on the RTP server but communication with the SIP server is maintained. Once the call is over the ATA and the SIP server put things away and the regular traffic starts over again.
As for handling different ATAs, the router's NAT table remembers which internal IP is associated with which SIP and RTP traffic. All of that traffic is initiated OUT from inside the LAN so the router, if it doesn't get mixed up (which some cheap ones can, especially if they're handling tons of addresses as can happen with file sharing) sends the packets to the proper IP on both sides. |
|
JTS33
join:2003-05-03
USA
| reply to priller
said by priller :Your VoIP provider's SIP proxy knows the address and port you registered from, so it just sends the INVITE to you on that port. In my example above, the INVITE comes to me on 1061 ... is translated back to 5060 and is passed along to the ATA. -- Please don't screw with port forwarding. If for some reason you have a problem receiving calls, the problem is that the NAT translation in your router is timing out. This is resolved by adjusting the timeout in your router. If that isn't an option, then request that your provider increase the registration interval or enable NAT keepalive on the ATA. Router: Airlink101 AR430W SuperG Wireless Router
ATA: Linksys PAP2 v1 flashed to SPA1001, STUN enabled.
My Internet connection is Dynamic IP, and I noticed when my ISP assigns me a new IP address, registration to GizmoProject would fail and I would not get any incoming calls.
Using the "DHCP Release" and "DHCP Renew" functions in the router to force a new dynamic IP, I spent a day messing around with the ATA settings, and registration would still always fail when my WAN IP changed.
Then I figured out that if I rebooted the router after the WAN IP address changed, GizmoProject registration did not fail.
Just curious if there is a technical explanation of what may be causing this?
Is it partially due to something on GizmoProject's end, or is it solely my router? |
|
joako
Premium
join:2000-09-07
/dev/null
 ·AT&T U-Verse
| reply to artisticcheese
Simple answer if you have a decent NAT router it will just work.
I've done as many as 10 SIP phones behind the same NAT talking to the same Asterisk and it just works. The first peer registers on port 5060 and the others at random ports like 1025, 1026, etc. I guess it's the router doing the translation, but I never bothered to figure out the nitty-gritty since it "just works"
I have had problems with the Bellsouth provided ADSL router you have to make sure to fully disable the firewall or else it really breaks stuff. But using the Linksys WRT54GS it just works.
--
Am Heimcomputer sitz' ich hier, und programmier' die Zukunft mir |
|
DracoFelis
Premium
join:2003-06-15
| said by joako :Simple answer if you have a decent NAT router it will just work. That might be true in the simple/routine case where you only get inbound calls from sites you are "registered" with. Because in that case, the router could (if it is decent/smart enough) relate which VoIP proxy (or proxies) each adapter is "registered" with, and redirect replies to the proper adapter. And since that case is the most common (for example, it's what you normally get with pre-provisioned adapters from VoIP providers), many people (apparently including you) might find that they are OK with multiple VoIP adapters on "the same ports" behind their router.
However, when you get past the simple VoIP case, you find that there are many options where you can receive calls from places where you are NOT "registered". For example, many free VoIP adapter to VoIP adapter "calls" fit in this latter category. And once you start accepting calls from places you aren't first "registered" with (and this can sometimes even happen when using some free VoIP services/proxies, due to how they may redirect the call to you) your router loses the "registration" step details to keep the sessions/adapters separate. And when that happens, you pretty much have to setup "port forwarding" on your router, and put each adapter on different ports. Because without the "registration" queues to the router, you need the different ports to keep the traffic separate (i.e. know which incoming VoIP traffic goes to which adapter).
Bottom line:
You can sometimes get away with putting all your VoIP adapters on the same SIP (and RTP) ports, and let your router sort it out. But for that to work, you both have to have a router that is good enough, and have to limit what you do with your VoIP (although those limits are consistent with how many use their VoIP). However, you always have the option to bypass these limits/issues by putting each VoIP adapter on different ports, and then telling your router to forward specific ports to specific VoIP adapter. Because in that case, which ports you use will uniquely identify the adapter to send the traffic to. |
|
artisticcheese
join:2004-11-09
Carrollton, TX
·VoiceStick
| said by DracoFelis : However, you always have the option to bypass these limits/issues by putting each VoIP adapter on different ports, and then telling your router to forward specific ports to specific VoIP adapter. Because in that case, which ports you use will uniquely identify the adapter to send the traffic to. So how does this work. I have 2 VOIP providers which expect me to register with their servers at UDP 5060. I have 1 public dynamic IP on router which I can do port forwarding with. What exactly I'm supposed to enter on ATAs for those 2 different VOIP providers for them to use a different port? |
|
DracoFelis
Premium
join:2003-06-15
| said by artisticcheese :So how does this work. I have 2 VOIP providers which expect me to register with their servers at UDP 5060. I have 1 public dynamic IP on router which I can do port forwarding with. What exactly I'm supposed to enter on ATAs for those 2 different VOIP providers for them to use a different port? You are forgetting that the port on your end doesn't have to be the same number as the port on their end. And almost all VoIP providers will let you use any port you like on YOUR END, provided the port on THEIR END is UDP 5060.
So here's how I would set it up:
1) Set one ATA to using UDP 5060 on your end, and register with the provider using UDP 5060 on their end.
2) Setup the 2nd ATA to using UDP 5062 on your end, but still register with the VoIP provider (for your 2nd ATA) on their UDP port 5060.
3) Setup port forwarding on your router, to send packets to YOUR UDP port 5060 (no matter what the source port is on their end) to the 1st VoIP adapter. Likewise, setup port forwarding for UDP packets sent to your port 5062 to your 2nd ATA.
Voila, both providers should be happy with your registrations, as both adapters are sending to (on their end) UDP port 5060. But because one of the adapters is set to port 5062 (on your end), replies for that adapter (from the remote end) will also be sent to UDP 5062. As a result, all the ports are consistent in this situation, and the port forwarding assures that your router shouldn't block any inbound calls by closing the SIP ports. |
|
artisticcheese
join:2004-11-09
Carrollton, TX
·VoiceStick
| How do I setup port on my end on ATA? The only fields I have is registar's address and protocol and port number. Where do I put custom client port on my end? I understand this is ATA specific but terminology will be used for such field in ATA configuration? |
|
jensjewels
join:2006-01-09
Austr | Use the SIP Port field. |
|
