Aswath Weblog: Comment on Why IAX is Immune to NAT Traversal Problem?

Comments: Why IAX is Immune to NAT Traversal Problem?

While I'm not expert on IAX2 I think I understand something of its appeal. All signaling and media is on one port. This happens regardless of use as trunk or line between Asterisk and an IAX capable handset.

SIP, OTOH allows the media to pass over ports designated by the end point. Signaling is usually on a separate port. If you add calls to an end point in an on-phone conference you inherently use more ports.

The fact that it's dynamic makes it difficult to establish simple port forwarding rules in a router or firewall when you have several SIP end points connected to a remote host.

With IAX2, which I have done myself in the past, port forwarding literally may not be required. The phone registering and the keep-alive mechanism (qualify=x) will sustain the connection. All signaling and media is on that same port, regardless of the call circumstances.

It tends to make things simple. That said, IAX2 has had its share of problems over time. And IAX2 capable end-points are not plentiful.

Posted by Michael Graves at July 5, 2008 09:28 PM

How would port forwarding be sufficient if you are planning to have multiple IAX clients behind a single NAT? If you are using the registration and keep alive signals to maintain the connection, then effectively you are using the IAX server as a TURN server. The point of ICE and section 6.5 of IAX spec is to avoid the use of TURN as much as possible. The question then is why not IAX explicitly state that they are adapting ICE framework instead of claiming that IAX does not have NAT traversal problem.

Posted by Aswath Rao at July 5, 2008 10:40 PM

Again, I can only speak of my own experience using IAX2. Because only one port is involved in any case PAT is practical and possible in supporting multiple clients. I've never taken WireShark and done a traffic analysis of IAX2, but I have had multiple clients behind NAT without requiring any specific forwarding on the router.

Could there also be a timing issue here. I suspect the early implementation of IAX pre-dates ICE/TURN. My first IAX experience was in late 2002, and online examples were already well in place by then.

Posted by Michael Graves at July 6, 2008 03:19 PM

Hi,

Henry Sinnreich is heading Adobe's efforts in Voice communications. He also plays an important role in p2psip working group in IETF. I think they are using ICE as the standard itself in Flash.

Peter

Posted by Peter at July 7, 2008 10:48 PM