VoIPowering Your Office: Defeat the Pesky NATs of VoIP With IAX

Though not as popular as SIP, Asterisk's native protocol makes some of the thornier firewall-related issues magically disappear.

 By Carla Schroder
Page of   |  Back to Page 1
Print Article

Getting SIP (Session Initiation Protocol) through NAT (Network Address Translation) firewalls is a complex process thanks to the complexity and asymmetry of SIP, and thanks to the inherent unsuitability of NAT for anything but stretching the pool of available IPv4 (Internet Protocol version 4) addresses further than it deserves. NAT complicates everything, and the only reason that client-server functions work at all over the Internet is because of all the clever hacks designed to overcome NAT.

The cure for NAT is IPv6, which has a host of benefits in addition to a huge address space, such as easier network administration and addressing, and genuine QoS for high-quality streaming media. Someday NAT will be an optional tool for those who really want it, instead of a necessity to have un-rationed numbers of clients in your networks. I'm not holding my breath, as the USA owns about three-fourths of the available IPv4 addresses, and is well behind Europe, Japan, Finland, and other parts of the world in affordable broadband, and in advanced wireless and cellular services. So there is an insufficient level of urgency for migrating to IPv6, and a corresponding lackadaisicalness in—forgive me for using the word—innovation in these areas.

So until that golden day when IPv6 becomes the norm, we must deal with the nasty, brutish realities of current reality with cunning and ingenuity. If you must support SIP there are a number of ways to get around nasty NAT problems: SIP proxies, STUN (Simple Traversal of UDP through NAT) servers, and majick routers. Or you might consider avoiding SIP entirely and use IAX (Inter-Asterisk Exchange) instead.

What is IAX?
IAX is the native Asterisk protocol. It has a number of advantages over SIP:

  •  It uses a single UDP port, 4569, so it slides through NAT with ease
  •  It is bandwidth-efficient
  •  It supports trunking, which means data from multiple calls are merged into a single set of packets, which reduces IP overhead
  •  You can trunk SIP calls over IAX to sneak them through those nasty NATs
  •  Signaling and data travel together, rather than independently as they do with SIP
  •  It is a binary protocol, so it's more difficult to attack
Some of the downsides of IAX are it is not supported as widely as SIP, and it places a heavier load on your server because all traffic must pass through the server. SIP, on the other hand, allows the media stream to route by the most efficient method, so your VoIP server is not a bottleneck. (Those with a thirst for details can consult Resources.)

When to use IAX
So the short story is if you're running an Asterisk server, or an Asterisk derivative, there are some scenarios where IAX just might be a better option for you than SIP:

  •  If you connect to branch offices that also run Asterisk servers, you could run IAX trunks between them for all inter-branch call traffic
  •  Road warriors can use IAX phones for easy remote connectivity
  •  If you connect to any Asterisk peer, such as a customer or vendor
  •  If you use a VoIP service that supports IAX trunking

IAX softphones
Support for IAX in VoIP devices is growing. I don't know that it will ever equal SIP's popularity (I shall refrain from repeating my rant about U.S. vendors and their antipathy towards real innovation; apparently one new protocol per generation is the limit), but as long as you're running Asterisk you can mix'n'match the protocols to your best advantage.

Let's take a look at softphones first. I'm getting to be a big fan of softphones, especially since I finally retired my very antique Thinkpad (it is now a specialized networking diagnostic-and-fixit laptop) and got a new hotrod dual-core model with a gigabyte of memory. Suddenly all softphones sound good.

IAX softphones are terrific for road warriors who have to lug along a laptop anyway. Throw in a lightweight USB headset and they're all set. There are a number of good IAX softphones; these three are free of cost and cross-platform:

iaxComm runs on Linux, Mac OS X, and Windows.

KIAX runs on Linux, Mac OS X, and various flavors of Unix, and Windows. This is a nice phone with multi-language support.

Voix Phone is a freeware (but not open source) IAX phone derived from the Voix Manager, which is a nice call manager (also called a switchboard application) for Asterisk. It runs on Linux, Mac OS X, and Windows.

All three are nice softphones with the usual rafts of useful features like address books, multiple codec support, hold, transfer, user-configurable ringtones, multiple server support, and so on.

Next week we'll look at some IAX hard phones, and some slick ways to use IAX to swat those pesky NATs.

NAT and VoIP
List of IAX clients

This article was originally published on Nov 12, 2007
Get the Latest Scoop with Networking Update Newsletter