Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg.

Similar presentations


Presentation on theme: "1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg."— Presentation transcript:

1 1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg

2 2 IPR Notice Cisco has claimed IPR on this technique

3 3 Motivation: SIP Outbound Constant STUN traffic on the proxy –CPU and I/O load –Traffic on the network (bad for wireless) –Mobile power consumption Even worse with SBCs of course –REGISTER instead of STUN UAC Proxy stun

4 4 Motivation: ICE and Multilayer NAT ICE/STUN can’t discover server reflexive candidates on intermediate NATs Optimal path may not be found as a consequence NAT STUN UA AUA B NAT Best that ICE can do Optimal

5 5 Big Idea Embed STUN servers in NAT to enable STUN to control the NAT Severely limit the scope of controls to deal with security issues Discover these embedded STUN servers by bootstrapping off of STUN servers on public addresses –Embedded in SIP proxies –On the public Internet

6 6 Procedure

7 7 Learn IP address of outer-most NAT NAT STUN Server Endpoint B STUN function in SIP proxy or ICE peer

8 8 Communicate to NAT’s embedded STUN Server Adjust binding with REFRESH-INTERVAL –Can ONLY adjust binding matching the one for the STUN request itself Response has same MAPPED-ADDRESS Response also has MAPPED-INTERNAL-ADDRESS (address “A”) Endpoint NAT STUN Server Binding table B A

9 9 Nested NATs: step 1 MAPPED-INTERNAL-ADDRESS points to address “B” Endpoint NAT STUN Server Binding table NAT STUN Server Binding table STUN Server B A C

10 10 Nested NATs: step 2 MAPPED-INTERNAL-ADDRESS points to address “A” Matches Endpoint’s address: we’re done Endpoint NAT STUN Server Binding table NAT STUN Server Binding table STUN Server B A C

11 11 Properties and Limitations

12 12 Properties Preserves STUN’s ability to work well with nested NATs –Superior to UPnP and NAT-PMP Control NAT binding duration of all NATs along path –Completely eliminates keepalives Limited functionality deals with security issues Automatically learns NAT path topology –Allows ICE to better optimize media path

13 13 Incremental Deployability This is a major issue for NAT control technologies STUN control is not necessary for baseline NAT traversal –That is provided by ICE, sip-outbound Deployment of ICE and SIP-outbound puts STUN in clients and network elements This gives incentives to add it to NAT, since once its there you can use it to optimize the network performance

14 14 Limitations Address-Dependent Mapping NAT on path –“Symmetric NAT” Address-Dependent Filtering –Discussion: Is this really a problem? Overlapping NAT’ed address space prematurely breaks the ‘done’ procedure EndpointNAT “A”NAT “B” x STUN Server

15 15 Questions draft-wing-behave-nat-control-stun-usage-00


Download ppt "1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg."

Similar presentations


Ads by Google