• Download Software
• Research a Problem 
• Case Management 
• Contract & Product Management 
• Technical Documentation
  • Advanced Search
  • Documentation Archive
  • Documentation Bug Report
  • Enterprise MIBs
  • File Format Help
  • Glossary
  • Portable Libraries
• End-of-Life Products
• Contact Support
• Guidelines and Policies
• Security Resources

Introduction to Twice NAT

The BGF supports both network address translation (NAT) and network address port translation (NAPT). Twice NAT enables you to configure both source addresses and destination addresses that are translated as packets traverse the router. You can apply twice NAT for VoIP packets (signaling and media) as they traverse gates to achieve security between realms or service providers. To apply twice NAT, the pgcpd process instructs the PIC or DPC to allocate a specified number of NAT addresses and ports from a NAT pool on a per-gate basis. The pgcpd process specifies which NAT pool to use.

Figure 1 shows two gates in a BGF.

After flows are created for Gate 1, the gate connects the remote source to the local destination. The local source and local destination addresses reside on the router and must be uniquely specified. For Gate 1, twice NAT enables the router to translate the IP address of the remote source to the local source, and the local destination to the remote destination.

To create the bidirectional flow, the same IP address is used for the local source in Gate 2 and the local destination in Gate 1. Likewise, the same IP address is used for the remote source in Gate 1 and the remote destination in Gate 2.

Figure 2 shows an example of how addresses are translated.

NAT Pool Selection

You can configure separate NAT pools that can be controlled by either the BGF or the gateway controller. By default the BGF controls the addresses and ports in a pool. However, when you configure your NAT pool, you can specify that the gateway controller controls the addresses and ports in the NAT pool. The gateway controller reserves the addresses and ports when it requests specific local NAT bindings for remote addresses.

If the BGF selects the NAT pool, it can use one of the following methods to select the pool:

• (Default) Using the value of the media services assigned to virtual interfaces configured on the BGF.
• Matching the transport protocol type in H.248 messages received from the gateway controller.

NAT Pool Selection by Matching the Transport Protocol

The BGF can select the NAT pool by matching any combination of the following protocols:

• Real-Time Transport Protocol using audio/video profile (RTP/AVP)
• TCP
• UDP

Selecting a NAT pool based on transport protocol:

• Guarantees the prioritized distribution of network resources.
• Enables the use of multiple NAT pools for each virtual interface.

The gateway controller can set a transport protocol in the media description in the local descriptor command in add and modify commands that it sends to the BGF. The media description format is:

where the transport field specifies the transport protocol. For example:

When you set up your NAT pools, you specify a transport protocol or list of protocols. Do not configure the NAT pool to be remotely controlled by the gateway controller. Also, set the port in the NAT pool to automatic.

When the BGF receives an add or modify command with a media description, it searches the NAT pools associated with the virtual interface and attempts to match the transport protocols in the description with the transport protocols specified in the NAT pools. The BGF uses the first NAT pool that has a matching transport protocol. If it cannot find a match, it replies to the gateway controller with the following error:

IPv4-to-IPv6 Address Translation

IPv4-to-IPv6 address translation enables callers in an IPv4 network to place calls to recipients in an IPv6 network. With this capability, the access side of the network can be an IPv4 network and the backbone side of the network can be an IPv6 network and vice versa. The gateway controller sets up gates so that one termination of the gate has IPv4 addresses and the other termination of the gate has IPv6 addresses. The BGF performs the appropriate IPv4-to-IPv6 and IPv6-to-IPv4 translations.

This implementation is not the tunnelling of IPv4 headers over IPv6 headers and vice versa. It is the translation of the IPv4 headers to IPv6 headers and vice versa.

You must configure both an IPv4 NAT pool and an IPv6 NAT pool on the BGF for IPv4-to-IPv6 translation to work.

Figure 3 shows an example of a gate pair in a network where IPv4-to-IPv6 address translation is used.