Traversal of UPnP-Enabled NATS

  • Article

When the client application is situated behind a NAT or a firewall, the audio and video media streams will be transmitted via an IP address and port located on the NAT or firewall. The RTC Client API will, by default, support only those NATs that have Universal Plug and Play (UPnP) functionality. If the client is situated behind a NAT that does not have support for UPnP, the RTC Client API exposes two interfaces to map IP addresses and ports on the NAT. For information on these interfaces, see the Address Mapping section.

When the client is situated behind a NAT with UPnP support, the RTC Client API will call UPnP to open a port on the NAT for the SIP session. The NAT will then open a dynamic port for the SIP session. If the participants decide to initiate an audio or video session, the RTC Client API will internally allocate two dynamic UDP ports for each stream, and then call UPnP to open ports for each internal port. For a data stream such as application sharing or whiteboard, the RTC Client API will internally allocate TCP port 1503 for the stream, and then call UPnP to open ports for this TCP port. These ports are communicated in the SDP body of the SIP message for the audio or video session. The RTC Client API will use the ports in the body of the SDP to establish the session.

In general, the IRTCClient::get_NetworkAddresses method can be called to determine the address and port used to establish point-to-point communication sessions, such as the audio and video media sessions. In cases where the client is behind a Network Address Translator (NAT) or firewall, the get_NetworkAddresses method is used to determine the port and address on the NAT or firewall that is used for the session. When the client located behind a NAT with UPnP support calls get_NetworkAddresses with fExternal set to TRUE, the external address and dynamic port on the NAT is returned. This is the address that the client can communicate out of band to the called party to establish point-to-point sessions. In situations where a client is behind a NAT without UPnP support or a firewall, point-to-point communications are not possible without an application-level gateway.

Currently, the only firewall that is supported is the personal Internet Connection Firewall available on the Windows® XP operating system. If the personal Internet Connection Firewall is enabled on a machine, get_NetworkAddresses will return the address and dynamic port opened on the firewall. This address should also be communicated out of band to the called party.

Note  If the client application is situated behind a UPnP-enabled NAT, the mappings may be lost after 8 hours. If the user fails to sign in to the SIP server and is behind a UPnP NAT, the user must exit the RTC application and then relaunch it to enable the UPnP NAT traversal functionality.