The Dangers of Network Address Translation (NAT) & VoIP

Why Voice Apps Fail To Connect

Have you ever wondered why voice applications often fail to connect a voice/video call? The answer most of the times is Network Address Translation (NAT), a widely used technology which works for mostly all Internet activities except for interactive communications like phone calls or video conference.

When the Internet was born, nobody thought it will be as popular as it is now, so its design (IPv4) contemplated a total of roughly 4.3 billion IP addresses. When the internet's use shifted from academic/military to a global trend, everyone realized that 4.3 billion IP addresses were not going to be enough to keep up with its exponential growth.

IPv6 - Improved IP Protocol

One of the solutions developed to overcome this problem is IPv6, an improved version of the IP protocol which allows 7.9×1028 times as many as IPv4 addresses, but its slow adoption makes it too complicated to solve the current challenge of the IP space.

A technology called Network Address Translation (NAT) is a solution that fixes this problem until IPv6 is widely deployed. NAT basically shares the public IP address of a router among multiple users through private IP addresses, largely extending IP space and allowing more devices to connect to the Internet.

Think of it as your office PBX, which has one or more telephone lines to connect with external numbers, but internally provides access to a much larger number of users through private extensions.

This analogy also explains NAT biggest challenge: a private extension can reach a public phone number, but that public number can’t reach the private extension directly, it has to go through the PBX IVR menu.

In the world of NAT, the PBX is the router, which is in charge of handling the address translations between the private and public networks.

For simple applications, like email, this does not represent a problem, because connections are always originated by clients. However, voice/video communications servers also initiate connections to clients, facing the router’s firewall and NAT restrictions. This challenge, known as NAT Traversal, is VoIP’s worst enemy. However, there’s a very effective technique called Interactive Connectivity Establishment (ICE), which allows calls to be established even for routers with high restrictions.

STUN - Finding IPs

ICE is a combination of different mechanisms: STUN and TURN. The first mechanism is called STUN, which works in the same way as any person trying to discover their public IP by typing “what is my IP” in a search engine. A VoIP device connects to a STUN server to discover what is the public IP address of its router, and what are the NAT restrictions it uses. Once it’s aware of its environment it will contact the server announcing its location and how it can be reached.

TURN - Discovering NAT Restrictions

The second mechanism is TURN, which is used by VoIP devices when they discover adverse NAT restrictions that will affect the audio channel, thus requiring external help. The VoIP device requests the TURN server to allocate a public IP and port that can be used to channel audio packets. When the TURN server confirms, the IP and port are reserved only for that user and the device will use that information when announcing itself to the server.

Network Address Translation represents a challenge for interactive communications, including VoIP calls. The most effective solution is the combination of different mechanisms like STUN and TURN, that when combined, can make NAT traversal possible. Here at Telnyx, we use technologies, such as STUN and TURN, to allow our users to establish calls in any direction, regardless of their network environments.

If you are interested in learning more about how you can leverage the Telnyx Mission Control Portal for your voice needs, please contact us today.