STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

Slides:

Advertisements

Similar presentations

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

Advertisements

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Interactive Connectivity Establishment: ICE

VON Europe SIP Update Jonathan Rosenberg Chief Scientist co-chair, IETF SIP Working Group.

Advanced Flooding Attack on a SIP Server Xianglin Deng, Canterbury University Malcolm Shore, Canterbury University & Telecom NZ.

1 © 2005 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID NAT Traversal for VoIP Jonathan Rosenberg Cisco Fellow.

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

P2P and NAT How to traverse NAT Davide Carboni ©

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

NAT/Firewall穿越技术.

STUN Date: Speaker: Hui-Hsiung Chung 1.

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.

NAT1 Network Address Translation Dr. Danny Tsang Department of Electronic & Computer Engineering Hong Kong University of Science and Technology.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

The Firewall as a SIP Server Much more than firewall SIP traversal! Prepared for:Spring VON 2003 Enterprise Solutions By: Karl Erik Ståhl President Intertex.

Living the SIMPLE SIP way SIP 2003 Paris, January 2003 Jörgen Björkner VP Concept Development Chairman SIP Forum

DYSWIS1 Managing (VoIP) Applications – DYSWIS Henning Schulzrinne Dept. of Computer Science Columbia University July 2005.

ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

Intertex Data AB, Sweden Talking NATs & Firewalls Prepared for:Voice On the Net, Spring 2002 By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate.

NATs & Firewalls The General SIP Proxy Firewall Prepared for:Spring VON 2003 By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.

3. VoIP Concepts.

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

NAT Traversal Speaker: Chin-Chang Chang Date:

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 8 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

Jonathan Rosenberg dynamicsoft. Problem Statement We still don’t have a good answer for NAT traversal in SIP!! That is clear from nat-scenarios –Tons.

1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office

STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker ： Wenping Zhang date ：

Application Level Control of Ports in a Service Provider NAT environment Dave Thaler Dan Wing Alain Durand 1.

Call Control with SIP Brian Elliott, Director of Engineering, NMS.

B2BUA – A New Type of SIP Server Name: Stephen Cipolli Title: System Architect Date: Feb. 12, 2004.

H.323 An International Telecommunications Union (ITU) standard. Architecture consisting of several protocols oG.711: Encoding and decoding of speech (other.

1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.

SIPPING IETF 57 Jonathan Rosenberg dynamicsoft.

Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.

Effective Deployment and Migration Strategies of IP PBX Alfredo Rizzo Adapt

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Voice over IP B 林與絜.

RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.

Lecture 10. P2P VoIP D. Moltchanov, TUT, Fall 2014

Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

Interactive Connectivity Establishment : ICE

VersionIHLTotal Length FlagsIdentificationFragment Offset Time To Live Destination Address OptionsPadding Protocol = 6 Type of Service IP Header TCP Destination.

1 Internet Telephony: Architecture and Protocols an IETF Perspective Authors:Henning Schulzrinne, Jonathan Rosenberg. Presenter: Sambhrama Mundkur.

SIPWG Slides for IETF 51 Jonathan Rosenberg dynamicsoft.

RTP Usage for CLUE IETF 82 – 14 November 2011 Jonathan Lennox Allyn Romanow Paul Witty.

Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 11 – VoIP Hardware.

jitsi. org advanced real-time communication.

Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.

The SIP-Based System Used in Connection with a Firewall Peter Koski, Jorma Ylinen, Pekka Loula Tampere University of Technology, Pori Pohjoisranta 11 A,

NAT (Network Address Translation)

改良UDP洞穿技術設計物聯網通訊：以遠端門鈴監控系統為例 Improving UDP Hole Punching Technique For IoT Communications: A Remote Door-bell Monitoring System 報告時間28~32分佳楊凱勝指導教授：柯開維.

Ron Shacham Henning Schulzrinne Srisakul Thakolsri Wolfgang Kellerer

NAT Traversal for VoIP Dr. Quincy Wu National Chi Nan University

Intertex Data AB, Sweden

What WebRTC Does NOT Do:

Request for Comments(RFC) 3489

Presentation transcript:

STUN Tutorial Jonathan Rosenberg Chief Technology Officer

SIP Simple Traversal of UDP Through NAT (STUN) RFC 3489, Issued March 2003 Revision under development, minor changes – 100% backwards compatible Simple Protocol Works with Existing NAT Main Features Allows Client to Discover Presence of NAT Works in Multi-NAT Environments Allows Client to Discover Type of NAT Symmetric Full Cone Restricted Cone Port Restricted Cone Allows Discovery of Binding Lifetimes Allows Clients to Discover if They are in the Same Address Realm Stateless Servers

SIP How Does it Work? Basic Operation Client Sends a Request to STUN Server Can be Discovered Through DNS STUN Server Copies Source Address into Response Additional Capabilities Server Signs the Response Server Sends Response from Different Socket Server Sends Response to Different Socket Client Uses Server to Perform Different Functions NAT Discovery Binding Discovery Lifetime Discovery Client STUN Server NATNAT NATNAT Whats my IP? :8877 NAT rewrites Source to : :6554

SIP Binding Acquisition Client sends STUN Request to Server STUN Server can be ANYWHERE on Public Internet STUN Server Response Client knows Public IP for that Socket Client Sends INVITE Using that IP to Receive Media Call Flow Proceeds Normally No Special Proxy Functions Media Flows End-To-End STUN STUN Request STUN Response :8866 INVITE : OK ACK RTP

SIP NAT Type Determination | Test | | I | | V /\ /\ N / \ Y / \ Y UDP / IP \ >| Test | Blocked \ ? / \Same/ | II | \ / \? / \/ \/ | | N | | V V /\ Sym. N / \ | Test | UDP <---/Resp\ | II | Firewall \ ? / \ / | \/ V |Y /\ /\ | Symmetric N / \ N / \ V NAT <--- / IP \<-----| Test |<--- /Resp\ Open \Same/ | I | \ ? / Internet \? / \ / \/ \/ | |Y | | | V | Full | Cone V /\ / \ Y | Test |------>/Resp\---->Restricted | III | \ ? / \ / \/ |N | Port >Restricted

SIP STUN Pros and Cons Benefits No Changes Required in NAT No Changes Required in Proxy Works Through Most Residential NAT Works Through NAT Tandem MIDCOM Can’t Work Here End-to-End Media Flows Low Latency Higher QoS Robust STUN Servers Works for Many Applications VoIP Games File Sharing Peer-To-Peer Mode Drawbacks Doesn’t Allow VoIP To Work Through Symmetric NAT Typical in Large Enterprise RTCP May Not Work Need to Keep Media Flowing to Keep Bindings Alive Status Several commercial products Several Open Source Implementations Supported in many hard and soft phones

Information Resource Jonathan Rosenberg Chief Technology Officer