Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg.

Published byAlayna Urban Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg."— Presentation transcript:

1 1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg

2 2 IPR Notice Cisco has claimed IPR on this technique

3 3 Motivation: SIP Outbound Constant STUN traffic on the proxy –CPU and I/O load –Traffic on the network (bad for wireless) –Mobile power consumption Even worse with SBCs of course –REGISTER instead of STUN UAC Proxy stun

4 4 Motivation: ICE and Multilayer NAT ICE/STUN can’t discover server reflexive candidates on intermediate NATs Optimal path may not be found as a consequence NAT STUN UA AUA B NAT Best that ICE can do Optimal

5 5 Big Idea Embed STUN servers in NAT to enable STUN to control the NAT Severely limit the scope of controls to deal with security issues Discover these embedded STUN servers by bootstrapping off of STUN servers on public addresses –Embedded in SIP proxies –On the public Internet

6 6 Procedure

7 7 Learn IP address of outer-most NAT NAT STUN Server Endpoint B STUN function in SIP proxy or ICE peer

8 8 Communicate to NAT’s embedded STUN Server Adjust binding with REFRESH-INTERVAL –Can ONLY adjust binding matching the one for the STUN request itself Response has same MAPPED-ADDRESS Response also has MAPPED-INTERNAL-ADDRESS (address “A”) Endpoint NAT STUN Server Binding table B A

9 9 Nested NATs: step 1 MAPPED-INTERNAL-ADDRESS points to address “B” Endpoint NAT STUN Server Binding table NAT STUN Server Binding table STUN Server B A C

10 10 Nested NATs: step 2 MAPPED-INTERNAL-ADDRESS points to address “A” Matches Endpoint’s address: we’re done Endpoint NAT STUN Server Binding table NAT STUN Server Binding table STUN Server B A C

11 11 Properties and Limitations

12 12 Properties Preserves STUN’s ability to work well with nested NATs –Superior to UPnP and NAT-PMP Control NAT binding duration of all NATs along path –Completely eliminates keepalives Limited functionality deals with security issues Automatically learns NAT path topology –Allows ICE to better optimize media path

13 13 Incremental Deployability This is a major issue for NAT control technologies STUN control is not necessary for baseline NAT traversal –That is provided by ICE, sip-outbound Deployment of ICE and SIP-outbound puts STUN in clients and network elements This gives incentives to add it to NAT, since once its there you can use it to optimize the network performance

14 14 Limitations Address-Dependent Mapping NAT on path –“Symmetric NAT” Address-Dependent Filtering –Discussion: Is this really a problem? Overlapping NAT’ed address space prematurely breaks the ‘done’ procedure EndpointNAT “A”NAT “B” 10.1.1.x STUN Server

15 15 Questions draft-wing-behave-nat-control-stun-usage-00

Download ppt "1 Controlling NAT Bindings using STUN draft-wing-behave-nat-control-stun-usage-00 Dan Wing Jonathan Rosenberg."

Similar presentations

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
www.dynamicsoft.com Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
1 © 2005 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID NAT Traversal for VoIP Jonathan Rosenberg Cisco Fellow.

1 © 2005 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID NAT Traversal for VoIP Jonathan Rosenberg Cisco Fellow.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
Network Address Translation (NAT) 12.10.2009 Prof. Sasu Tarkoma.

Network Address Translation (NAT) Prof. Sasu Tarkoma.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
NAT/Firewall Traversal April 2009. NAT revisited – “port-translating NAT”

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
Network Address Translation (NAT) 8.10.2007 Adj. Prof. Sasu Tarkoma.

Network Address Translation (NAT) Adj. Prof. Sasu Tarkoma.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
Review of a research paper on Skype

Review of a research paper on Skype
Geographical distribution of Media Relays Part of Global SIP framework Adrian Georgescu Dan Pascu

Geographical distribution of Media Relays Part of Global SIP framework Adrian Georgescu Dan Pascu
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
PPSP NAT traversal Lichun Li, Jun Wang, Yu Meng {li.lichun1, draft-li-ppsp-nat-traversal-00.

PPSP NAT traversal Lichun Li, Jun Wang, Yu Meng {li.lichun1, draft-li-ppsp-nat-traversal-00.
STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.
Doc.: IEEE 802.19-11/0040r0 Submission April 2011 Miika Laaksonen, NokiaSlide 1 Coexistence Discovery Procedures Notice: This document has been prepared.

Doc.: IEEE /0040r0 Submission April 2011 Miika Laaksonen, NokiaSlide 1 Coexistence Discovery Procedures Notice: This document has been prepared.

Similar presentations

Ads by Google