The packet gateway supports both network address translation (NAT) and network address port translation (NAPT). Twice NAT enables you to configure both source addresses and destination addresses that are translated as packets traverse the router. You can apply twice NAT for VoIP packets (signaling and media) as they traverse gates to achieve security between realms or service providers. To apply twice NAT, the pgcpd process instructs the PIC to allocate a specified number of NAT addresses and ports from a PGCP NAT pool on a per-gate basis. The pgcpd process specifies which NAT pool to use.
Figure 18 shows two gates in a packet gateway.
Figure 18: Translation of Gate Addressing
After flows are created for Gate 1, the gate connects the remote source to the local destination. The local source and local destination addresses reside on the router and must be uniquely specified. For Gate 1, twice NAT enables the router to translate the IP address of the remote source to the local source, and the local destination to the remote destination.
To create the bidirectional flow, the same IP address is used for the local source in Gate 2 and the local destination in Gate 1. Likewise, the same IP address is used for the remote source in Gate 1 and the remote destination in Gate 2.
Figure 19 shows an example of how addresses are translated.
Figure 19: Example: Translation of Gate Addressing
You can configure separate NAT pools that can be controlled by either the PG or the PGC. By default the PG controls the addresses and ports in a pool. However, when you configure your NAT pool, you can specify that the PGC controls the addresses and ports in the NAT pool. The PGC reserves the addresses and ports when it requests specific local NAT bindings for remote addresses.
If the PG selects the NAT pool, it can use one of the following methods to select the pool:
The PG can select the NAT pool by matching any combination of the following protocols:
Selecting a NAT pool based on transport protocol:
The PGC can set a transport protocol in the media description in the local descriptor command in Add and Modify commands that it sends to the PG. The media description format is:
- m=<media> <port> <transport> <format list>
where the transport field specifies the transport protocol. For example:
- m=video 49170/2 RTP/AVP 31
When you set up your NAT pools, you specify a transport protocol or list of protocols. Do not configure the NAT pool to be remotely controlled by the PGC. Also, set the port in the NAT pool to automatic.
When the PG receives an Add or Modify command with a media description, it searches the NAT pools associated with the virtual interface and attempts to match the transport protocols in the description with the transport protocols specified in the NAT pools. The PG uses the first NAT pool that has a matching transport protocol. If it cannot find a match, it replies to the PGC with the following error:
- ER=500 {”Application: Media handler not found”}
IPv4-to-IPv6 address translation enables callers in an IPv4 network to place calls to recipients in an IPv6 network. With this capability, the access side of the network can be an IPv4 network and the backbone side of the network can be an IPv6 network and vice versa. The PGC sets up gates so that one termination of the gate has IPv4 addresses and the other termination of the gate has IPv6 addresses. The packet gateway performs the appropriate IPv4-to-IPv6 and IPv6-to-IPv4 translations.
This implementation is not the tunnelling of IPv4 headers over IPv6 headers and vice versa. It is the translation of the IPv4 headers to IPv6 headers and vice versa.
You must configure both an IPv4 NAT pool and an IPv6 NAT pool on the PG for IPv4-to-IPv6 translation to work.
Figure 20 shows an example of a gate pair in a network where IPv4-to-IPv6 address translation is used.
Figure 20: IPv4-to-IPv6 Gates Using Twice NAT
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |