We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTrevin Chauncey
Modified about 1 year ago
1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings firstname.lastname@example.org
222 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Topics Requirements that Gaming & VoIP place on NATs Solutions with NATs Types of NATs Protocols to work with NATs NAT Market How to Build Good NATs IETF Work
333 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Gaming, VoIP, and Collaboration Real time response is needed to serve these applications Need low latency Applications use significant bandwidth Data flows between 2 or more end points Client to Client not Client to Server UDP is usually used for Real Time data TCP Retransmission increases latency too much Voice and Video Data Collaboration
444 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 What NATs Do Allow many computers with private IP addresses to sit behind a single public IP address Send packets that arrive at the public IP address to the correct computer behind the NAT Reduce number of public IP addresses needed Allow partitioning of who manages the IP address space
555 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 The NAT Problem Alice wants to call Bob, whose phone is behind a NAT Bob needs to tell Alice where to send her IP packets to let them traverse his NAT STUN (RFC 3489) solves this for most NATs Alice needs to send packets to Bob Bob must tell Alice how to traverse his NAT The NAT doesn’t permit Alice’s packets to reach Bob AliceBobNATInternet
666 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Relay Solution (Not appropriate for Real Time data) A communicates with B through a relay Server hosting must have bandwidth for all traffic from A B Resulting latency is higher Relay needs bandwidth for all the data among all clients SERVER Client AClient B
777 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 The Latency Problem Communication is often between parties in same geography When parties are separated, relay is often off path Human communications work best at < 150ms latency Arcade games require even less latency Tokyo RELAY AB Taipei 45 ms 20 ms Taipei 150 ms Amsterdam San Jose RELAY AB 140 ms 280 ms
888 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Echo Server Solutions 1.What’s my public IP address? 2.It is a.b.c.d 3.Tell server when client can receive data 4.Server tells client where to send data 5.Client sends data directly to other client STUN (RFC 3489) is an example of this class of solution Used for online gaming & VoIP for many years 2 1 5 512 Servers
999 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 1.Bob sends packet to stun server 2.NAT maps packet to be from 18.104.22.168:5555 3.STUN replies and says address packet came from is 22.214.171.124:5555 4.NAT forwards to Bob 5.Bob tells Alice to send to 126.96.36.199:5555 and sends a packet to where Alice will send from 6.Alice sends to 188.8.131.52:5555 7.NAT forwards to Bob How STUN (RFC 3489) works Bob pings the STUN server to discover the NAT’s public IP address and create a forwarding in the NAT. Bob then tells this address to Alice. Alice Bob 3 2 6 714 5 STUN Servers
10 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 NAT When does STUN work? 1234 Client A Client B 1234 NAT 1234 Client A Client B 4568 Echo server works when NAT binding is endpoint independent Echo server does NOT work when ports change This is bad Stun Server Stun Server
11 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Mapping: Forward 2 to 1 Types of NATs: Full Cone 1 sends to 4. The NAT creates a mapping and forward from 2 to 4 and sends the packet to 4 from 2 Now any packets that arrive at 2 are forwarded to 1 Both 5 and 4 can send a packet to 2 and have it forwarded to 1 Works with STUN 184.108.40.206:1220.127.116.11:222 18.104.22.168:444 22.214.171.124:555
12 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Mapping: Forward 2 to 1 if from 126.96.36.199:* Forward 2 to 1 if from 188.8.131.52:* Types of NATs: Address Restricted 1 sends to 4 The NAT creates a mapping and forward from 2 to 4 and sends the packet to 4 from 2 1 sends to 5 and NAT creates similar binding Now any packets that arrive at 2 from 4 or 5 are forwarded to 1. Packets from 6 get dropped because 1 never sends to 6 Most Restricted NATs are port restricted, not address restricted Works with STUN - can send RTP from any port 184.108.40.206:1220.127.116.11:222 18.104.22.168:444 22.214.171.124:555 126.96.36.199:666
13 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Mapping: Forward 2 to 1 if from 188.8.131.52:444 Forward 2 to 1 if from 184.108.40.206:555 Types of NATs: Port Restricted 1 sends to 4 The NAT creates a mapping and forward from 2 to 4 and sends the packet to 4 from 2 1 sends to 5 and NAT creates similar binding Now any packets that arrive at 2 from 4 or 220.127.116.11:555 are forwarded to 1 Packets from 18.104.22.168:666 get dropped because 1 never sends to 22.214.171.124:666 Works with STUN - must send & receive RTP from same port 126.96.36.199:1188.8.131.52:222 184.108.40.206:444 220.127.116.11:555 18.104.22.168:666
14 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Mapping: Forward 2 to 1 if from 22.214.171.124:444 Forward 3 to 1 if from 126.96.36.199:555 Types of NATs: Symmetric 1 sends to 4 The NAT creates a mapping and forward from 2 to 4 and sends the packet to 4 from 2 1 sends to 5 and NAT creates mapping from new port 3 to 5 Now any packets that arrive at 2 from 4 or at 3 from 5 are forwarded Packets from 6 get dropped because 1 never sends to 6 Does NOT work with STUN - needs TURN or other media relay 188.8.131.52:111 184.108.40.206:222 220.127.116.11:444 18.104.22.168:555 22.214.171.124:333 126.96.36.199:666
15 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Security Implications Endpoint independent bindings do not change the security properties of NATs NATs can accept packets from anyone, or they can decide to only accept packets only from computers to which they have sent a packet to (reciprocal) Either way, NATs should have endpoint independent binding
16 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Hairpin Media Happens when both clients are behind the same NAT NAT must send data from client A to the NAT’s public IP where it loops back to client B NAT Alice Bob Internet
17 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Survey of NATs (2004 Q1) Type Hairpin OK OK but no hairpin without ICE OK one phone NO
18 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Percentage Deployment of NAT in US Data from AOL study Most data is this space is not public. Consistent with other reports Fairly US Centric - not accurate for Asia (source http://www1.ietf.org/mail-archive/web/midcom/current/msg03507.html)
19 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 IETF Update IETF has not encouraged NATs IPv6 is a better solution It will be many years before IPv6 is fully deployed At last IETF, a BOF on NAT Behavior was held Plan to form working group to create formal RFC addressing best current practices around NAT behavior Read draft-audet-nat-behave-00.txt
20 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Key BEHAVE Draft Recommendations Bindings are endpoint independent UDP binding expiry time > 2 minutes Have SIP ALGs off by default Support Hairpin media Read draft-audet-nat-behave-00.txt
21 © 2004 Cisco Systems, Inc. All rights reserved. EDCS-381131 Recommendations & Predictions Online Gaming & VoIP will drive the NATs that service providers recommend and support Most vendors will build NATs that work this way Ensure that your NAT: – provides endpoint independent port translation – behaves consistently – can hairpin media This is no more work that doing the wrong thing Follow the advice of IETF drafts Applications will follow the advice of the drafts
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
STUN Date: Speaker: Hui-Hsiung Chung 1.
NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.
NAT/Firewall Behavioral Requirements draft-audet-nat-behave-00 François Audet - Cullen Jennings -
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
Draft-ietf-behave-nat-udp-00 NAT Behavioral Requirements for Unicast UDP draft-ietf-behave-nat-upd-00 François Audet - Cullen Jennings.
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
Interactive Connectivity Establishment : ICE speaker ： Wenping Zhang date ：
STUN Tutorial Jonathan Rosenberg Chief Technology Officer.
SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.
STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker ： Wenping Zhang date ：
Section 461. ARP Ghostbusters Grew up in Lexington, KY Enjoy stargazing, cycling, and mushroom hunting Met Mario once (long time ago)
jitsi. org advanced real-time communication.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 11 – VoIP Hardware.
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office
1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.
CHAPTER H.323 SIP. Trunking Connections Between Systems: Common language must be used or conversion between languages Available languages are.
7/6/20061 Speermint Use Case for Cable IETF 66 Yiu L. Lee JULY 2006.
Lync & Network Interaction Call Setup Bandwidth Usage Enemies on the Network What to do ?
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
1 SPEERMINT Use Cases for Cable IETF 66 Montreal 11 JULY 2006 Presented by Yiu L. Lee.
BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.
P2P and NAT How to traverse NAT Davide Carboni ©
Middleboxes & Network Appliances EE122 TAs Past and Present.
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
Greg Van Dyne December 4, Agenda Introduction Technical Overview Protocols Demonstration Future Trends References.
Network Address Translation (NAT) Prof. Sasu Tarkoma.
1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.
GROBJ Problem Statement – GROBJ BoF – IETF76 1 GROBJ BoF: Problem Statement Dan Wing, v0.3, revised: 2-Nov-2009.
Network Address Translation (NAT) Adj. Prof. Sasu Tarkoma.
Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.
29.1 Chapter 29 Multimedia Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Revision of the Binary Floor Control Protocol (BFCP) for use over an unreliable transport (draft-sandbakken-dispatch-bfcp-udp-02) Charles Eckel, Tom Kristensen,
Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.
Leone From global measurements to local management UC3M: inHome NAT detection RFC recommender ICMP UDP TCP Miguel Ángel Díaz, Francisco Valera.
March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.
Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
© 2017 SlidePlayer.com Inc. All rights reserved.