1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

Slides:



Advertisements
Similar presentations
SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Advertisements

Interactive Connectivity Establishment: ICE
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
UC403: Lync & Network Interaction
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking Assist. Prof.
P2P and NAT How to traverse NAT Davide Carboni ©
Network Address Translation (NAT) Prof. Sasu Tarkoma.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings
STUN Date: Speaker: Hui-Hsiung Chung 1.
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.
1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.
Network Address Translation (NAT) Adj. Prof. Sasu Tarkoma.
NAT1 Network Address Translation Dr. Danny Tsang Department of Electronic & Computer Engineering Hong Kong University of Science and Technology.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
STUN Tutorial Jonathan Rosenberg Chief Technology Officer.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Session Initiation Protocol (SIP) By: Zhixin Chen.
ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.
RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Circuit & Application Level Gateways CS-431 Dick Steflik.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.
RTP Relay Support in Intelligent Gateway Author: Pieere Pi
SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.
Network Address Translation (NAT)
Session Initiation Protocol Team Members: Manjiri Ayyar Pallavi Murudkar Sriusha Kottalanka Vamsi Ambati Girish Satya LeeAnn Tam.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
NAT Traversal Speaker: Chin-Chang Chang Date:
Jonathan Rosenberg dynamicsoft. Problem Statement We still don’t have a good answer for NAT traversal in SIP!! That is clear from nat-scenarios –Tons.
1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office
STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker : Wenping Zhang date :
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
All rights reserved © 1999, Alcatel, Paris. page n° 1 SIP for Xcast SIP for the establishment of xcast-based multiparty.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Confidential Configuring Attendant Console.
Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.
Understanding Networking Joe Cicero Northeast Wisconsin Technical College.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
H.323 An International Telecommunications Union (ITU) standard. Architecture consisting of several protocols oG.711: Encoding and decoding of speech (other.
1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.
SIP, SDP and VoIP David A. Bryan CSCI 434/534 December 6, 2003.
SIPPING IETF 57 Jonathan Rosenberg dynamicsoft.
Doc.: IEEE /0040r1 Submission May 2011 Miika Laaksonen, NokiaSlide 1 Coexistence Discovery Procedures Notice: This document has been prepared.
Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.
Effective Deployment and Migration Strategies of IP PBX Alfredo Rizzo Adapt
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
Interactive Connectivity Establishment : ICE
WebRTC Don McGregor Research Associate MOVES Institute
1 Media Session Authorization Dan Wing draft-wing-session-auth-00.txt.
SIPWG Slides for IETF 51 Jonathan Rosenberg dynamicsoft.
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 11 – VoIP Hardware.
jitsi. org advanced real-time communication.
Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.
Firewalls, Network Address Translators(NATs), and H.323
Jonathan Rosenberg dynamicsoft
NAT (Network Address Translation)
NAT Traversal for VoIP Dr. Quincy Wu National Chi Nan University
Request for Comments(RFC) 3489
Presentation transcript:

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald

2 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Simple Traversal of UDP Through NAT (STUN) RFC 3489 Works with Existing NAT Main Features Allows Client to Discover Presence of NAT Works in Multi-NAT Environments Allows Client to Discover Type of NAT Symmetric Full Cone Restricted Cone Port Restricted Cone Allows Discovery of Binding Lifetimes Allows Clients to Discover if They are in the Same Address Realm Stateless Servers

3 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID How Does it Work? Basic Operation Client Sends a Request to STUN Server Can be Discovered Through DNS STUN Server Copies Source Address into Response Additional Capabilities Server Signs the Response Server Sends Response from Different Socket Server Sends Response to Different Socket Client Uses Server to Perform Different Functions NAT Discovery Binding Discovery Lifetime Discovery Client STUN Server NATNAT NATNAT Whats my IP? :8877 NAT rewrites Source to : :6554

4 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Binding Acquisition Client sends STUN Request to Server STUN Server can be ANYWHERE on Public Internet STUN Server Response Client knows Public IP for that Socket Client Sends INVITE Using that IP to Receive Media Call Flow Proceeds Normally No Special Proxy Functions Media Flows End-To-End STUN STUN Request STUN Response :8866 INVITE : OK ACK RTP

5 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID NAT Type Determination | Test | | I | | V /\ /\ N / \ Y / \ Y UDP / IP \ >| Test | Blocked \ ? / \Same/ | II | \ / \? / \/ \/ | | N | | V V /\ Sym. N / \ | Test | UDP <---/Resp\ | II | Firewall \ ? / \ / | \/ V |Y /\ /\ | Symmetric N / \ N / \ V NAT <--- / IP \<-----| Test |<--- /Resp\ Open \Same/ | I | \ ? / Internet \? / \ / \/ \/ | |Y | | | V | Full | Cone V /\ / \ Y | Test |------>/Resp\---->Restricted | III | \ ? / \ / \/ |N | Port >Restricted

6 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN Pros and Cons Benefits No Changes Required in NAT No Changes Required in Proxy Works Through Most Residential NAT Works Through NAT Tandem MIDCOM Can’t Work Here End-to-End Media Flows Low Latency Higher QoS Robust STUN Servers Works for Many Applications VoIP Games File Sharing Drawbacks Doesn’t Allow VoIP To Work Through Symmetric NAT Typical in Large Enterprise RTCP May Not Work Need to Keep Media Flowing to Keep Bindings Alive May not work if both sides are behind same NAT

7 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID TURN Overview STUN doesn’t work through symmetric NAT Sometimes when clients behind the same NAT TURN addresses these cases Works similar to STUN Client sends IP/port request to TURN server TURN server provides one that is a local interface TURN server receives media on that IP/port Forward it to IP/port where TURN request came from Will get routed back to client Client TURN Server NATNAT NATNAT Give me IP :3884 NAT rewrites Source to : :6554 RTP to :3884 RTP to :8877

8 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID TURN Details Media flows through TURN Server Not the case with STUN servers Increases voice latency Increases probability of packet loss TURN provides primitives for allocating and freeing address TURN has more extensive security requirements Allocates resources, STUN does not TURN can also provide TCP connectivity TURN works with all NAT types

9 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID ICE Problem Statement There are Many Documented Solutions for NAT Traversal for SIP STUN TURN B2BUA with media Symmetric RTP All of Them Have a Sweet Spot of Operation, but None of Them are Ideal in All Scenarios Too expensive Too complex Problem Need a SINGLE algorithm that can be placed into client devices which will Work in all scenarios Be a good solution in all scenarios Not require configuration or knowledge of network topology

10 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Solution: Interactive Connectivity Establishment (ICE) Working Item of the mmusic Working Group in IETF ICE Is a Methodology for NAT Traversal Makes use of STUN, TURN, RSIP, MIDCOM Primarily resident within the clients ICE Explains How to Use the Other Protocols for NAT Traversal ICE Properties Always will find a means for communicating if one physically exists Always finds the communications path with fewest relays Always finds the communication path cheapest for the service provider Does not require any knowledge of topology, NAT types, or anything Can guarantee that the phone won’t ring unless audio works when you pick up

11 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID ICE Key Concepts A Client Has Many Addresses at Which It Can Receive Media Local interfaces VPN Interfaces IP Addresses learned from STUN IP Addresses learned from TURN Which One(s) Will Work When Talking to a Specific Peer? NO WAY TO KNOW AHEAD OF TIME ICE Says: Try Each of Them Each side uses a “connectivity check” to see if It can reach a specific address provided by the peer These checks are done using a peer to peer STUN configuration Choose The Highest Priority Address That Works

12 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy X:Y

13 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy Caller gets STUN And TURN addresses From server STUN: A:B TURN: C:D X:Y

14 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy INVITE O=IN IP4 C M=audio D RTP/AVP 0 A=candidate: UDP A:B A=candidate: UDP C:D A=candidate: UDP X:Y STUN: A:B TURN: C:D Local: X:Y

15 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy Callee gets STUN And TURN addresses From server STUN: E:F TURN: G:H U:V STUN: A:B TURN: C:D Local: X:Y

16 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy 200 OK O=IN IP4 G M=audio H RTP/AVP 0 A=candidate: UDP E:F A=candidate: UDP G:H A=candidate: UDP U:V STUN: E:F TURN: G:H Local: U:V STUN: A:B TURN: C:D Local: X:Y

17 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy STUN: E:F TURN: G:H Local: U:V STUN: A:B TURN: C:D Local: X:Y Media starts flowing immediately to the c/m value of the peer U:V C:D X:Y G:H

18 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy STUN: E:F TURN: G:H Local: U:V STUN: A:B TURN: C:D Local: X:Y Connectivity checks Ensue from callee to caller STUN and TURN ones work Same in reverse (not shown) U:V C:D X:Y A:B X:Y

19 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy INVITE O=IN IP4 A M=audio B RTP/AVP 0 A=candidate: UDP A:B A=candidate: UDP C:D A=candidate: UDP X:Y STUN: A:B TURN: C:D Local: X:Y

20 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy 200 OK O=IN IP4 E M=audio F RTP/AVP 0 A=candidate: UDP E:F A=candidate: UDP G:H A=candidate: UDP U:V STUN: E:F TURN: G:H Local: U:V STUN: A:B TURN: C:D Local: X:Y

21 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID CallerCallee NAT TURN/ STUN TURN/ STUN Proxy STUN: E:F TURN: G:H Local: U:V STUN: A:B TURN: C:D Local: X:Y Media starts flowing to the c/m value of the peer U:V X:Y A:B E:F

22 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.