Presentation is loading. Please wait.

Presentation is loading. Please wait.

jitsi. org advanced real-time communication.

Published byBernard Todd Modified over 7 years ago

Similar presentations

Presentation on theme: "jitsi. org advanced real-time communication."— Presentation transcript:

1 emil.ivov@jitsi.org1/40

2 emil.ivov@jitsi.org2/40 jitsi. org advanced real-time communication

3 emil.ivov@jitsi.org3/40 YOUR NEIGHBOURHOOD NAT WAS BUILT FOR THIS

4 emil.ivov@jitsi.org4/40 YOUR NEIGHBOURHOOD NAT WAS BUILT FOR THIS

5 emil.ivov@jitsi.org5/40 YOUR NEIGHBOURHOOD NAT WAS BUILT FOR THIS

6 emil.ivov@jitsi.org6/40 ? ? THIS WAS NOT PART OF THE PLAN … AT ALL

7 emil.ivov@jitsi.org7/40 THIS IS HOW YOU SETUP UP AN E2E CONNECTION Alice Address: A Port: Pa Bob Address: B Port: Pb Call: To: A Media: B:Pb

8 emil.ivov@jitsi.org8/40 The basics of IP telephony A sample call Alice Address: A Port: Pa Bob Address: B Port: Pb Answer: To: B Media: A:Pa network core (registrars, proxies, …)

9 emil.ivov@jitsi.org9/40 The basics of IP telephony. … MEDIA over (S)RTP … Alice Address: A Port: Pa Bob Address: B Port: Pb network core (registrars, proxies, …)

10 emil.ivov@jitsi.org10/40 Session initialization with SIP and XMPP INVITE sip:barbara@b.com SIP/2.0 Via: SIP/2.0/UDP 10.43.122.3;branch=1 From: sip:alice@a.com;tag=4ad340f To: sip:barbara@b.com Contact: Call-ID: 1874630@10.43.122.3 Cseq: 12442 INVITE v=0 o=user 14341433 14341433 IP4 10.43.122.3 s=. t=0 0 c=IN IP4 10.43.122.3 m=audio 13222 RTP/AVP 0 a=rtpmap:0 PCMU/8000

11 emil.ivov@jitsi.org11/40 And then NATs were born … NAT/Firewall Address: F Alice Private Address: Ap Call: To: B Media: Ap Bob Address: B Call: To: B Media: Ap ERROR

12 emil.ivov@jitsi.org12/40 How do NATs work … NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 MSG: Dst: 130.79.200.22 : 80 Src: 192.168.0.12 : 2368 Server Address: 130.79.200.22 MSG: Dst: 130.79.200.22 : 80 Src: 212.50.2.18 : 8632 NAT Public Address: 212.50.2.18 Internal host:port NAT port 192.168.0.12 : 2368 8632

13 emil.ivov@jitsi.org13/40 How do NATs work … NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 MSG: Dst: 192.168.0.12 : 2368 Src: 130.79.200.22 : 80 Server Address: 130.79.200.22 MSG: Dst: 212.50.4.18 : 8632 Src: 130.79.200.22 : 80 NAT Public Address: 212.50.4.18 Internal host:port NAT port 192.168.0.12 : 2368 8632

14 emil.ivov@jitsi.org14/40 How do NATs work … NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 MSG: Dst: 192.168.0.12 : 2368 Src: 60.55.68.53 : 9595 Server Address: 130.79.200.22 MSG: Dst: 212.50.4.18 : 8632 Src: 60.55.68.53 : 9595 NAT Public Address: 212.50.4.18 Internal host:port NAT port 192.168.0.12 : 2368 8632 Bob Address: 60.55.68.53 Endpoint-Independent Mapping Endpoint-Independent Filtering

15 emil.ivov@jitsi.org15/40 Basic Firewall and NAT Traversal STUN Answer: To: A Media: B NAT Address: F Alice Address: Ap Port: Pa Bob Address: B STUN Server What are my address and port? Address: F Port: Pf Call: To: B Media: F:Pf STUN Server Alice Address: Ap Port: Pa Bob Address: B

16 emil.ivov@jitsi.org16/40 How do NATs work … Address (and port) dependent filtering NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 MSG: Dst: 130.79.200.22 : 80 Src: 192.168.0.12 : 2368 STUN Server Address: 130.79.200.22 MSG: Dst: 130.79.200.22 : 80 Src: 212.50.2.18 : 8632 NAT Public Address: 212.50.4.18 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80)

17 emil.ivov@jitsi.org17/40 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80) NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 MSG: Dst: 192.168.0.12 : 2368 Src: 130.79.200.22 : 80 STUN Server Address: 130.79.200.22 MSG: Dst: 212.50.4.18 : 8632 Src: 130.79.200.22 : 80 NAT Public Address: 212.50.4.18 How do NATs work … Address (and port) dependent filtering

18 emil.ivov@jitsi.org18/40 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80) NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 STUN Server Address: 130.79.200.22 MSG: Dst: 212.50.4.18 : 8632 Src: 60.55.68.53 : 9595 NAT Public Address: 212.50.4.18 Bob Address: 60.55.68.53 STOP Endpoint-Independent Mapping Endpoint-Dependent Filtering How do NATs work … Address (and port) dependent filtering

19 emil.ivov@jitsi.org19/40 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80) NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 STUN Server Address: 130.79.200.22 MSG: Dst: 60.55.68.53 : 80 Src: 212.50.4.18 : 8632 NAT Public Address: 212.50.4.18 Bob Address: 60.55.68.53 MSG: Dst: 60.55.68.53 : 80 Src: 192.168.0.12 : 2368 60.55.68.53 (: 80) How do NATs work … Address (and port) dependent filtering

20 emil.ivov@jitsi.org20/40 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80) NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 STUN Server Address: 130.79.200.22 NAT Public Address: 212.50.4.18 Bob Address: 60.55.68.53 60.55.68.53 (: 80) MSG: Dst: 192.168.0.12 : 2368 Src: 60.55.68.53 : 80 MSG: Dst: 212.50.4.18 : 8632 Src: 60.55.68.53 : 80 Endpoint-Independent Mapping Endpoint-Dependent Filtering How do NATs work … Address (and port) dependent filtering

21 emil.ivov@jitsi.org21/40 How do NATs work … Endpoint dependent mapping NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 MSG: Dst: 130.79.200.22 : 80 Src: 192.168.0.12 : 2368 STUN Server Address: 130.79.200.22 MSG: Dst: 130.79.200.22 : 80 Src: 212.50.2.18 : 8632 NAT Public Address: 212.50.4.18 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80)

22 emil.ivov@jitsi.org22/40 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80) How do NATs work … Endpoint dependent mapping NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 MSG: Dst: 192.168.0.12 : 2368 Src: 130.79.200.22 : 80 STUN Server Address: 130.79.200.22 MSG: Dst: 212.50.4.18 : 8632 Src: 130.79.200.22 : 80 NAT Public Address: 212.50.4.18

23 emil.ivov@jitsi.org23/40 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80) How do NATs work … Endpoint dependent mapping NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 STUN Server Address: 130.79.200.22 MSG: Dst: 60.55.68.53 : 80 Src: 212.50.4.18 : 9391 NAT Public Address: 212.50.4.18 Bob Address: 60.55.68.53 MSG: Dst: 60.55.68.53 : 80 Src: 192.168.0.12 : 2368 192.168.0.12 : 2368 9391 60.55.68.53 (: 80)

24 emil.ivov@jitsi.org24/40 Internal host:port NAT port Active connections host:port 192.168.0.12 : 2368 8632 130.79.200.22 (: 80) 192.168.0.12 : 2368 9391 60.55.68.53 (: 80) How do NATs work … Endpoint dependent mapping NAT Internal Address: 192.168.0.254 Alice 192.168.0.12 STUN Server Address: 130.79.200.22 NAT Public Address: 212.50.4.18 Bob Address: 60.55.68.53 MSG: Dst: 192.168.0.12 : 2368 Src: 60.55.68.53 : 80 MSG: Dst: 212.50.4.18 : 9391 Src: 60.55.68.53 : 80 Endpoint-Dependent Mapping Endpoint-Dependent Filtering

25 emil.ivov@jitsi.org25/40 Universal Plug and Play (UPnP) Designed for zero-configuration networking and to allow devices to:  dynamically join a network and obtain an IP address  announce its name  advertise capabilities  discover other devices and their capabilities  Standardized as a 73-part International Standard, ISO/IEC 29341, in December, 2008. www.upnp.org Makes it easy to:  Learn the external (public) address of an internet gateway  Enumerate existing port mappings  Add and remove port mappings  Assign lease times to mappings

26 emil.ivov@jitsi.org26/40 Port Control Protocol (PCP) RFC6887

27 emil.ivov@jitsi.org27/40 Relaying Media TURN Server Address: T Port: Pt Symmetric NAT/Firewall F1:p2 Symmetric NAT/Firewall F1:P1 Alice Address: Ap Port: Pa Bob Address: B Reserve port Reply: T:Pt Call: To: B Media: T:Pt

28 emil.ivov@jitsi.org28/40 Relaying Media TURN Server Address: T Port: Pt Symmetric NAT/Firewall F1:p2 Symmetric NAT/Firewall F1:P1 Alice Address: Ap Port: Pa Bob Address: B MEDIA

29 emil.ivov@jitsi.org29/40 The SIP Way Hosted NAT Traversal and Latching RFC7362 SIP Server Address: T Port: Pt NAT/Firewall Alice Address: Ap Port: Pa Bob Address: B Call: To: B Media: A:Pa Call: To: B Media: T:Pt

30 emil.ivov@jitsi.org30/40 SIP Server Address: T Port: Pt NAT/Firewall Alice Address: Ap Port: Pa Bob Address: B MEDIA The SIP Way Hosted NAT Traversal and Latching RFC7362

31 emil.ivov@jitsi.org31/40 Relaying Media Relay Server symmetric firewall symmetric NAT/firewall non-scalable expensive complex SIP clients behind a symmetric NAT/ firewall

32 emil.ivov@jitsi.org32/40 Using P2P networks for NAT Traversal p2p Custom P2P network symmetric firewall symmetric firewall custom p2p clients custom p2p relay clients p2p  Skype – among the first to implement the technique  P2PSIP – set off to imitate Skype. No conclusive results after four years  Jingle Nodes – an interesting alternative that is worth keeping an eye on

33 emil.ivov@jitsi.org33/40 Could we please have IPv6 now? … ok, it’s probably high time we moved to IPv6 …

34 emil.ivov@jitsi.org34/40 Could we please have IPv6 now? … this should simplify VoIP … shouldn’t it?

35 emil.ivov@jitsi.org35/40 VoIP and IPv6 – demo version Alice 2001:660::2 Bob 2001:660::1 Call: To: 2001:660::1 Media: 2001:660::1 network core (registrars, proxies, …)

36 emil.ivov@jitsi.org36/40 VoIP and IPv6 – demo version Alice 2001:660::2 Bob 2001:660::1 Answer: To: 2001:660::1 Media: 2001:660::2 network core (registrars, proxies, …)

37 emil.ivov@jitsi.org37/40 VoIP and IPv6 – demo version Alice 2001:660::2 Bob 2001:660::1 network core (registrars, proxies, …) … MEDIA over (S)RTP …

38 emil.ivov@jitsi.org38/40 Reality check!

39 emil.ivov@jitsi.org39/40 Reality check! Bob Alice 2001:660::2 SIP network NAT 130.79.12.64 VPN Priv: 172.16.0.0 Pub: 64.233.187.99 Alice’s list of addresses: 2001:660::2 192.168.0.6 172.16.0.9 130.79.12.64 64.233.187.99 212.50.4.12 Alice’s list of addresses: 2001:660::2 192.168.0.6 172.16.0.9 130.79.12.64 64.233.187.99 212.50.4.12 Stun Relay Server 212.50.4.12 192.168.0.6 216.109.112.135

40 emil.ivov@jitsi.org40/40 How to avoid relaying? Interactive Connectivity Establishment (ICE) An IETF RFC brought to you by Skype’s Microsoft’s Jonathan Rosenberg

41 emil.ivov@jitsi.org41/40 Address management with ICE Bob 216.109.112.135 Alice 192.168.0.6 SIP network NAT 130.79.12.64 VPN Priv: 172.16.0.0 Pub: 64.233.187.99 Please try me on any of the following: 2001:660::2 192.168.0.6 172.16.0.9 130.79.12.64 64.233.187.99 212.50.4.12 Please try me on any of the following: 2001:660::2 192.168.0.6 172.16.0.9 130.79.12.64 64.233.187.99 212.50.4.12 Stun Relay Server 212.50.4.12 Alice’s list of addresses: 2001:660::2 192.168.0.6 172.16.0.9 130.79.12.64 64.233.187.99 212.50.4.12 Alice’s list of addresses: 2001:660::2 192.168.0.6 172.16.0.9 130.79.12.64 64.233.187.99 212.50.4.12

42 emil.ivov@jitsi.org42/40 Address management with ICE Bob 216.109.112.135 Alice 192.168.0.6 SIP network NAT 130.79.12.64 VPN Priv: 172.16.0.0 Pub: 64.233.187.99 Stun Relay Server 212.50.4.12 Alice’s list of addresses: 2001:660::2 192.168.0.6 172.16.0.9 130.79.12.64 64.233.187.99 212.50.4.12 Alice’s list of addresses: 2001:660::2 192.168.0.6 172.16.0.9 130.79.12.64 64.233.187.99 212.50.4.12 ERROR 192.168.0.6 ERROR 172.16.0.9 ERROR 2001:660::2

Download ppt "jitsi. org advanced real-time communication."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
P2P and NAT How to traverse NAT Davide Carboni © 2005-2006.

P2P and NAT How to traverse NAT Davide Carboni ©
NAT/Firewall Traversal April 2009. NAT revisited – “port-translating NAT”

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings
NAT/Firewall穿越技术.

NAT/Firewall穿越技术.
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.
1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.

1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.
1 TAC2000/2000.7 802.16 IP Telephony Lab Midterm Exam November 9th, 2008.

1 TAC2000/ IP Telephony Lab Midterm Exam November 9th, 2008.
NAT Traversal Panasonic Communications Co.,Ltd Office Network Company Network SE Team 2008 Feb 25 th.

NAT Traversal Panasonic Communications Co.,Ltd Office Network Company Network SE Team 2008 Feb 25 th.
NAT1 Network Address Translation Dr. Danny Tsang Department of Electronic & Computer Engineering Hong Kong University of Science and Technology.

NAT1 Network Address Translation Dr. Danny Tsang Department of Electronic & Computer Engineering Hong Kong University of Science and Technology.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.

Similar presentations

Ads by Google