Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1900
Views
0
Helpful
3
Replies

Expressway Single NIC

pcromwell
Level 3
Level 3

‎02-23-2018 12:52 AM - edited ‎03-13-2019 10:09 PM

After having read the multiple Docs on expressway I have a good understanding of best practice for having 2 nics as opposed to 1.  However from the Basic config guide, there is a diagram showing an example of a single nic deployment  and the media flow. (have attached here) The media flow is displayed as arriving at the expressway from the firewall, going through the B2BUA and back to the firewall. The next bit I don't understand. The firewall is then sending the media back to the expressway edge? ( why is it not forwarding to the expressway core?  I would have assumed that when a packet first arrives at expressway edge, the edge would re-write packets to have a destination for the exp core. I guess this is the key to having 2 Nics instead of one. but can anyone explain what that extra step is from B2BUA and the packets reflecting back to edge from the firewall?

 

 

Labels:
Preview file
20 KB
0 Helpful
3 Replies 3

Aeby Vinod
Level 3
Level 3

‎02-23-2018 05:49 AM

The reason is explained in the deployment guide as below:

 

For deployments that use only one NIC on the Expressway-E, but also require static NAT for the public address, the media must "hairpin" or reflect on the external firewall whenever media is handled by the Expressway-E's back to back user agent (B2BUA).

 

For all calls coming in on a Unified Communications Traversal Server zone, or another zone where SIP Media encryption mode is not Auto, the Expressway-E's B2BUA could be engaged to decrypt or encrypt the media packets. In these deployments, the B2BUA sees the public IP address of the Expressway-E instead of its private IP address, so the media stream must go through the network address translator to get to the private IP address.


■ Not all firewalls will allow this reflection, and it is considered by some to be a security risk.
■ Each call where the B2BUA is engaged will consume three times as much bandwidth as it would using the
recommended dual NIC deployment. This could adversely affect call quality.

 

Please rate if found helpful

 

Regards,

Aeby



Please rate if you find this helpful.

Regards,
Aeby
0 Helpful

Patrick Sparkman
VIP Alumni
VIP Alumni

‎02-23-2018 08:15 PM

The reason as Aeby provided, is copied right out of the deployment guide from the chapter the you provided came from. You can use a single NIC, and you also require static NAT for the public address, the media will then create a hairpin out and then back to the Expressway.
0 Helpful

pcromwell
Level 3
Level 3
In response to Patrick Sparkman

‎02-24-2018 12:38 AM

thanks for the replies, I am aware of the points made, however I do not fully understand why. I get that the B2BUA is processing and therefore it sees only the Public IP address. Why in a 1 nic
solution does the B2BUA forward the packets back to the firewall when it has the Public IP as a reference on its Nic? What is different about a 2 Nic solution that it passes the traffic to its other NIC and not the firewall as is the case for 1 nic solution.
0 Helpful
Customers Also Viewed These Support Documents