Skip to main content

Network and VoIP Basics

VoIP Protocols

SIP and RTP protocols are responsible for VoIP communication. They operate on Layer 5(-7) of the OSI layer model.

SIP (Session Initiation Protocol)

The Session Initiation Protocol is used for transmitting signaling messages to establish communication sessions ("Sessions") in VoIP.
The media types used in a session (VoIP, "Video over IP," or other multimedia applications) as well as the parameters required for encoding and decoding multimedia data (e.g., used Codec, etc.) are also transmitted within SIP messages, along with participant and signaling information.

SIP, with the help of the supporting protocol SDP, provides the complete communication infrastructure for setting up, modifying, and terminating a session.
Compared to the H.323 protocol suite (ISDN), SIP offers the significant advantages of ease of use, expandability, and clarity.

SIP Transport

SIP can be transported via UDP or TCP.
Since SIP, as a signaling protocol, already includes handshake, retransmission, and timeout mechanisms for communication security and thus operates in a connection-oriented manner, there is no need to use a connection-oriented transport protocol.

For this reason, UDP is generally preferred as the transport protocol for SIP.
Unlike TCP and SCTP, UDP does not require a connection setup phase or flow control, reducing latency and network overhead.

Since SIP is largely based on the HTTP standard and transmits SIP messages in an ASCII-compatible UTF-8 encoding, no special decoder is required for interpretation.

RTP (Real-time Transport Protocol)

RTP is a protocol used for the real-time transmission of audio and video over IP networks.

Additional Protocols

To enable phone calls over the Internet, VoIP relies on additional network protocols.

DNS

The Domain Name System (DNS) is a hierarchical, distributed naming system that translates domain names (e.g., example.com) into IP addresses (e.g., 192.0.2.1) and vice versa.
It plays a crucial role in allowing users to access Internet resources using human-readable domain names instead of numerical IP addresses.

When a user enters a domain name into a web browser or another network application, the application sends a DNS query to a DNS resolver, usually provided by the user's Internet Service Provider (ISP) or a public DNS service.
The resolver then initiates the resolution process by querying authoritative DNS servers to obtain the corresponding IP address for the given domain name.

The DNS hierarchy consists of different types of DNS servers, including:

  • Root DNS Servers: These servers are at the top of the DNS hierarchy and refer to Top-Level Domain (TLD) DNS servers.
  • Top-Level Domain (TLD) DNS Servers: These servers manage domain names within specific top-level domains such as .com, .org, .net, and country-specific TLDs like .ch, .at, .de, etc.
  • Authoritative DNS Servers: These servers store DNS records (such as A records, AAAA records, MX records, etc.) for specific domain names and are responsible for providing authoritative responses to DNS queries.

DNS operates over UDP or TCP on port 53.
UDP is typically used for DNS queries, while TCP is used for large DNS responses or zone transfers.

Overall, DNS is a fundamental component of Internet infrastructure, providing essential name resolution services that enable seamless communication and access to online resources.

NAT/PAT

NAT (Network Address Translation)

Network Address Translation (NAT) is a technique used in computer networking to modify network address information in IP packet headers as they pass through a router or firewall. Its primary purpose is to conserve public IPv4 addresses and is not intended for network security.

In a typical NAT scenario, a private network with devices using private IP addresses (as defined in RFC 1918: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16) connects to the internet through a router or gateway. When a device from the private network sends a packet to the internet, the router replaces the source IP address with its own public IP address before forwarding it to the internet. This allows multiple devices within the private network to share a single public IP address.

NAT also performs reverse translation when packets from the internet are destined for devices within the private network. It translates the destination IP address of incoming packets from the public IP address to the corresponding private IP address based on the NAT mapping table.

NAT helps mitigate the depletion of IPv4 addresses and provides a degree of security by concealing the internal network structure from the outside world. However, it can introduce complexities for certain network applications, such as peer-to-peer communication and IP-based protocols that require end-to-end connectivity.

PAT (Port Address Translation)

Port Address Translation (PAT), also known as NAT overload, is a variant of Network Address Translation (NAT) that enables multiple private IP addresses to be mapped to a single public IP address. This is achieved by using different source port numbers to distinguish connections.

In a PAT scenario, a private network with devices using private IP addresses connects to the internet through a router or gateway. When a device from the private network sends a packet to the internet, the router replaces the source IP address with its own public IP address and assigns a unique source port number from an available pool. This combination of public IP address and unique port number is used to identify the connection.

PAT maintains a mapping table linking each private IP address and port number to the corresponding public IP address and port number. When receiving packets from the internet destined for devices in the private network, the router uses this mapping table to translate the destination IP address and port number back to the corresponding private IP address and port number.

The advantages of PAT include efficient use of public IP addresses and enhanced network security by concealing the internal network structure. However, it may introduce limitations such as port exhaustion when handling a large number of simultaneous connections and potential issues with certain network applications that rely on specific port numbers.

Overall, PAT is a widely used technique for providing internet access to private networks, conserving public IP addresses, and improving network security.

NAT/PAT Keepalive

NAT (Network Address Translation) and PAT (Port Address Translation) tables are data structures used by routers and firewalls to track translations between private and public IP addresses and port numbers. These tables are essential components of NAT and PAT mechanisms, facilitating the routing of packets between private networks and the internet.

In a typical NAT/PAT implementation, when a device in a private network communicates with a destination on the internet, the NAT/PAT device performs address and port translation on outgoing packets before forwarding them. It maintains entries in its translation table to track these mappings.

The NAT/PAT table typically contains the following information for each translation entry:

  • Private IP address: The original source IP address of the packet within the private network.
  • Private port number: The original source port number used by the application or service on the device within the private network.
  • Public IP address: The translated public IP address assigned by the NAT/PAT device for communication with the internet destination.
  • Public port number: The translated public port number assigned by the NAT/PAT device to uniquely identify the connection.

Additionally, some NAT/PAT implementations include features to maintain translation table entries. Keepalive mechanisms are used to refresh translation entries and prevent premature expiration due to inactivity or idle timeouts.

With keepalive functionality, the NAT/PAT device regularly sends keepalive messages or probes to the endpoints of active connections. If a response is received from one of the endpoints indicating that the connection is still active, the corresponding entry in the NAT/PAT table is updated, and the idle timeout is reset. This ensures that the translation remains active and does not expire prematurely.

Benefits of NAT/PAT tables with keepalive functionality include:

  • Improved reliability: Keepalive mechanisms help maintain active connections and prevent translation entries from expiring due to idle time, ensuring continuous connectivity for network applications and services.
  • Reduced disruptions: By refreshing translation entries before they expire, keepalive functionality minimizes the risk of interruptions or failures in network communication.
  • Enhanced user experience: Users experience smoother and more reliable network connectivity with reduced latency and fewer dropped connections.

However, keepalive mechanisms can introduce additional overhead and network traffic, which may impact performance in high-throughput environments. Furthermore, keepalive messages may be filtered or blocked by firewalls or network security devices, potentially causing connectivity issues and affecting the maintenance of the translation table.

Overall, NAT/PAT tables with keepalive functionality play a crucial role in maintaining stable and uninterrupted network communication, particularly in environments with dynamic address assignments, idle connections, and VoIP devices.

CGNAT (Carrier-Grade NAT)

CGNAT, also known as large-scale NAT or NAT444, is a network address translation technique used by internet service providers (ISPs) to manage the shortage of public IPv4 addresses and accommodate the growing number of internet-connected devices.

In a CGNAT deployment, multiple customers within an ISP network are assigned private IP addresses from a shared address pool (typically from RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or from RFC 6598 (100.64.0.0/10).
These private IP addresses are used for communication within the ISP's network but cannot be directly reached from the public internet.

When a device within the ISP network initiates communication with an internet destination, such as accessing a website or connecting to a server, the CGNAT device performs address translation on outgoing packets.
It replaces the private source IP address of the packet with a public IP address from the ISP's pool and maintains a mapping table to track the translation.

Similarly, when receiving incoming packets from the internet destined for a device within the ISP network, the CGNAT device performs reverse address translation.
It replaces the public destination IP address with the corresponding private IP address before forwarding the packet to the intended recipient.

Advantages of CGNAT:

  • Conservation of IPv4 addresses: CGNAT allows ISPs to conserve public IPv4 addresses by multiplexing multiple customers behind a single public IP address.
  • Scalability: CGNAT enables ISPs to support a large number of internet-connected devices within their network while minimizing IPv4 address exhaustion.
  • Network security: CGNAT provides a degree of network security by hiding customers' internal IP addresses from the public internet, reducing exposure to potential attacks and unauthorized access.

Disadvantages of CGNAT:

  • Limited port availability: CGNAT can restrict port availability for certain applications and services, potentially causing issues with peer-to-peer communication, online gaming, and other applications that require specific port configurations.
  • Impact on peer-to-peer communication: CGNAT can interfere with peer-to-peer communication and some network protocols that rely on end-to-end connectivity, as it introduces an additional layer of address translation and may block incoming connections.
  • Complexity: Managing and troubleshooting CGNAT deployments can be complex, especially in large-scale networks with high traffic volumes and dynamic address assignments.

Overall, CGNAT plays a crucial role in extending the lifespan of IPv4, allowing ISPs to provide internet access to a growing number of subscribers while addressing the limitations caused by IPv4 address exhaustion.