SIP Hosted NAT Traversal (HNT)
This section explains how to configure SIP Hosted Network Address Translation (HNT) traversal. SIP HNT lets endpoints behind a NAT/firewall device send and receive signaling and media using the Oracle Communications Session Border Controller as a relay.
About SIP HNT
SIP HNT is a technique the Oracle Communications Session Border Controller uses to provide persistent reachability for SIP UAs located in private Local Area Networks (LANs) behind Nat/firewall devices. It relies on frequent, persistent messaging to ensure that the binding on the intermediary NAT device is not torn down because of inactivity. HNT does not require support for the NAT in the SIP endpoint.
The following diagram illustrates SIP HNT traversal.

The Oracle Communications Session Border Controller’s HNT function allows endpoints located behind NATs to communicate; providing means to traverse NATs. The Oracle Communications Session Border Controller interacts with endpoints (using SIP) to allow persistent inbound and outbound signaling and media communications through these NATs.
The Oracle Communications Session Border Controller automatically detects when an intermediate NAT exists between the UA and the Oracle Communications Session Border Controller by comparing the Layer 3 IP address of a REGISTER message with the IP address indicated within the UA. The Oracle Communications Session Border Controller sends signaling responses to the address and port that the request came from, rather than the address and port indicated in the request. The Via header in the request message indicates where the response should be sent.
Using HNT with Existing NAT Device
For network architectures in which premise devices and endpoints reside behind an existing NAT device, the Oracle Communications Session Border Controller’s HNT function allows these premise NATs to be traversed without requiring an upgrade to the premise equipment, the deployment and management of additional premise-based hardware or software, or any NAT device configuration changes.
Registering Endpoints
The Oracle Communications Session Border Controller uses periodic endpoint registration messages to dynamically establish and maintain bindings in the NAT. These bindings keep a signaling port (port that is opened on a firewall to allow traffic to pass through it is a pinhole) open in the NAT that allows the inbound signaled communications to pass through. Using the endpoint registrations, the Oracle Communications Session Border Controller then maps the Layer 3 (OSI network layer that deals with switching and routing technologies for data transmission between network devices) IPv4 address/port information from the NAT device to the Layer 5 (OSI session layer that deals with session and connection coordination between applications) entity (for example, user name or phone number) behind the NAT so that when an incoming signaling message is received, the Oracle Communications Session Border Controller sends it to the appropriate address and port on the NAT for the called party.
Establishing Media Flows
During call setup, the ports for bidirectional media flows are established dynamically. Since the media flows also pass through the Oracle Communications Session Border Controller, it can identify the IPv4 address/port information on the NAT device used for the outgoing media coming from the user name/phone number. The Oracle Communications Session Border Controller then uses that same NAT’s IPv4 address/port information to send incoming media to the correct user name/phone number behind the NAT device.
Prerequisites
In order to achieve HNT, the endpoints involved must be capable of:
- symmetric signaling: sending and receiving SIP messages from the same transport address (IP address or User Datagram Protocol/Transmission Control Protocol (UDP/TCP) port
- symmetric media: sending and receiving Real-Time Transport Protocol (RTP) messages from the same UDP port
These conditions are required to allow signaling and media packets back through the NAT (through the bound external address and port). These packets must come from the address and port to which the outbound packet that created the NAT binding was sent. The NAT sends these inbound packets to the source address and port of the original outbound packet.
When SIP HNT is used, the Oracle Communications Session Border Controller sends signaling responses to the address and port that the request came from rather than the address and port indicated in the request. The Via header in the request message indicates where the response should be sent.
Keeping the NAT Binding Open
Additional measures are also required to keep the NAT binding open because most NAT bindings are discarded after approximately a minute of inactivity. The Oracle Communications Session Border Controller keeps the SIP NAT binding open by returning a short expiration time in REGISTER responses that forces the endpoint to send frequent REGISTER requests.
In order to keep the NAT binding open for SIP, the Oracle Communications Session Border Controller maintains the registration state. When an endpoint first registers, the Oracle Communications Session Border Controller forwards that REGISTER message on to the real registrar. You can define the real registrar using either of the following methods:
- Configure the SIP config registrar host and registrar port to indicate the real registrar.
- Map the SIP config registrar
host and registrar port values to the SIP NAT home proxy address and home proxy
port values. Then configure the SIP NAT’s external proxy address and external
proxy port values to correspond to the real registrar.
Note:
A registrar can be located in a SIP NAT realm.
When a successful response is received, the Oracle Communications Session Border Controller caches the registration to memory. This cached registration lives for the length of time indicated by the expiration period defined in the REGISTER response message from the registrar. The response sent back to the endpoint has a shorter expiration time (defined by the SIP config’s NAT interval) that causes the endpoint to send another REGISTER message within that interval. If the endpoint sends another REGISTER message before the cached registration expires, the Oracle Communications Session Border Controller responds directly to the endpoint. It does not forward the message to the real registrar.
If the cached registration expires within the length of time indicated by the NAT interval, the REGISTER message is forwarded to the real registrar. If the Oracle Communications Session Border Controller does not receive another REGISTER message from the endpoint within the length of time indicated by the NAT interval, it discards the cached registration.
The Contact Uniform Resource Identifier (URI) in the REGISTER message sent to the registrar by the Oracle Communications Session Border Controller points at the Oracle Communications Session Border Controller so that the proxy associated with the real registrar sends inbound requests to the Oracle Communications Session Border Controller. This way, the inbound requests can be forwarded to the endpoint through the NAT binding.
The following example illustrates the SIP HNT registration call flow for the SIP HNT feature.

The following example illustrates the SIP HNT invitation call flow for the SIP HNT feature.

Working with Multiple Domains
You can use a wildcard (*) with the HNT feature to accommodate multiple domains and to allow the Oracle Communications Session Border Controller to cache all HNT endpoints. The wildcard functionality is enabled in the SIP config by entering an asterisk (*) in the registrar domain and registrar host fields.
The wildcard allows the use of either a local policy or Domain Name Service (DNS) to resolve the domain name to the correct registrar. Either method can be used to route the Fully Qualified Domain Name (FQDN) when the you enter an asterisk (*) for the register host. An FQDN consists of an unlimited number of domain labels (domain names), each separated by a dot (.). The FQDN can include the top level domain name (for example, acmepacket.com).
In the hostname acme-packet.domainlbl.example100.com, the syntax is as follows:
- acme-packet is a domain label
- domainlbl is a domain label
- example100 is a domain label
- com is the top label
The information configured in a local policy is used before DNS is used. If the next hop destination address (defined in the local policy’s next hop field) is an IPv4 address, a DNS server is not needed. A DNS server is needed when the IPv4 address of the next hop destination address is a FQDN or cannot be determined from the Oracle Communications Session Border Controller’s configuration. Even with a configured local policy, the next hop destination address might be an FQDN that requires a DNS lookup.
If the registrar host does not use the wildcard, the Oracle Communications Session Border Controller always uses the configured address. You can limit the number of endpoints that receive the HNT function. For example, you can use a non-wildcarded registrar domain field value (like acme.com) with a wildcarded registrar host field value.
HNT Configuration Overview
To configure SIP HNT NAT traversal, you need to configure both the SIP interface and the SIP config.
SIP HNT Single Domain Example
The following example shows values entered for the SIP config and SIP interface elements to configure SIP HNT for a single domain and registrar.
- SIP config
Parameter Sample Value registrar domain netnetsystem.com registrar host 192.168.12.1 registrar port 5060 - SIP interface
Parameter Sample Value NAT traversal always NAT interval 60 minimum registration expire 200 registration caching disabled route to registrar enabled
SIP HNT Multiple Domain Example
The following example shows values entered for the SIP config and SIP interface elements to configure SIP HNT for a multiple domains and multiple registrars.
- SIP config
Parameter Sample Value registrar domain * registrar host * registrar port 0 - SIP interface
Parameter Sample Value NAT traversal always NAT interval 60 minimum registration expire 200 registration caching disabled route to registrar enabled