Filter
Top Products
CHAPTER
9-1
Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers
OL-15421-01
9
Topology Hiding
The Integrated Session Border Controller (SBC) for the Cisco ASR 1000 Series Routers has a primary
purpose in protecting the network and providing seamless interworking functions. The SBC can protect
the network by hiding the network addresses and names for both the access (customer) side and the
backbone (network core) side. The SBC also provides network protection for firewalls or home gateway
users with private addresses.
When a user connects to the outside network, its IP address and port needs to be properly translated to
protect its identity. The data border element (DBE) performs translation of IP addresses and port
numbers via Network Address and Port Translation (NAPT) and Network Address Translation (NAT)
Traversal functions in both directions.
The DBE implementation supports the H.248 NAPT package, the IP NAT Traversal Package, and the
ETSI TS 102 333 specification for NAT Traversal, but only one package can be active. Latch and Relatch
functions of the NAT Traversal are supported by the IP NAT Traversal package. Support for these
packages help protect IP addresses of the endpoints going across the other side of the network.
The NAPT implementations on the DBE described in more detail in this chapter are summarized below:
• IPv4 Twice NAPT—Where both access side and backbone side addresses are protected. In Twice
NAPT, both the IP address and port are translated to a local IP address and port; and both of the end
points on each side see the SBC address as a destination address.
• IPv6 Single NAPT for signaling packets—This function is useful for protecting the signaling
infrastructure part of the backbone side. The backbone side is able to identify the address of the
customer; however, for the customer, only the interface address of the DBE is visible.
• IPv6 No NAPT for media packets—With this method, there is no privacy on the customer side or
backbone side. Both sides know each other’s address and the DBE transparently passes the packets.
For a complete description of commands used in this chapter, see the Cisco IOS Integrated Session
Border Controller Command Reference.
Contents
• NAPT and NAT Traversal, page 9-2
• IP NAPT Traversal Package and Latch and Relatch Support, page 9-2
• IPv4 Twice NAPT, page 9-2
• IPv6 Inter-Subscriber Blocking, page 9-2
• IPv6 Support, page 9-5
• No NAPT Pinholes, page 9-9