SDP & RTP & NAT Christian Huitema. What NAT do Map ports –TCP connection –UDP stream (activity) Firewall variants –One port, any peer –One port, any “authorized”

Slides:

Advertisements

Similar presentations

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

Advertisements

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

Enabling IPv6 in Corporate Intranet Networks

1 3gpp_trans / 09/02 / IPv6 Transition Solutions for 3GPP Networks draft-wiljakka-3gpp-ipv6-transition-01.txt Juha Wiljakka, Nokia.

A Presentation on H.323 Deepak Bote. , IM, blog…

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 28 Real-Time Traffic over the Internet.

29.1 Chapter 29 Multimedia Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Review of a research paper on Skype

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

Wireless Audio Conferencing System (WACS) Mehmet Ali Abbasoğlu Furkan Çimen Aylin Deveci Kübra Gümüş.

School of Information Technologies Revision NETS3303/3603 Week 13.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Negotiating Unsolicited Connections to a Service Listening Behind a Firewall Ben Stroud CS525 Spring 10.

DYSWIS1 Managing (VoIP) Applications – DYSWIS Henning Schulzrinne Dept. of Computer Science Columbia University July 2005.

ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.

RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

RTP Multiplexing draft-rosenberg-rtcweb-rtpmux Jonathan + {Rosenberg, Lennox}

1 NETE4631 Communicating with the Cloud and Using Media and Streaming Lecture Notes #14.

RTCWEB architecture Harald Alvestrand. RTCWEB goals Real Time Communication in the Browser Browser to Browser is Job Number One Usable by JS applications.

IP Ports and Protocols used by H.323 Devices Liane Tarouco.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

TCP/IP Protocol Suite 1 Chapter 25 Upon completion you will be able to: Multimedia Know the characteristics of the 3 types of services Understand the methods.

Draft-ietf-mmusic-sdp-tcpmedia-00.txt Dialout.Net, Inc. David Yon TCP-Based Media Transport in SDP.

QuickTime The Joy of Streaming!. QuickTime Streaming Server Allows for real time delivery of media over a network. intranet internet Content can be prerecorded.

1 Figure 3-27: Use of TCP and UDP Port Number Client From: :50047 To: :80 SMTP Server Port 25 Webserver.

Internet Measurment Multimedia 1. Properties Challenges Tools State of the Art 2.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

RTP – Real-time Transport Protocol Elbert Tsay, Brad Bargabus, Patrick Lim, Henry Quach The Five Packeteers (minus 1  )

RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

TCP/IP Protocol Suite 1 Chapter 25 Upon completion you will be able to: Multimedia Know the characteristics of the 3 types of services Understand the methods.

Computer Networks & FirewallsUniversity IT Security Office - Tom Davis, CISSP University IT Security Officer Office of the Vice.

1 3gpp_trans/ / IPv6 Transition Solutions for 3GPP Networks draft-wiljakka-3gpp-ipv6-transition-00.txt Juha Wiljakka,

Multimedia Streaming I. Fatimah Alzahrani. Introduction We can divide audio and video services into three broad categories: streaming stored audio/video,

© 2006 Intertex Data AB 1 Connect your LAN to the SIP world, while keeping your existing firewall*! The IX67 LAN SIParator (Part of the SIP Switch option.

Draft-ietf-behave-nat-udp-00 NAT Behavioral Requirements for Unicast UDP draft-ietf-behave-nat-upd-00 François Audet - Cullen Jennings.

3/10/2016 Subject Name: Computer Networks - II Subject Code: 10CS64 Prepared By: Madhuleena Das Department: Computer Science & Engineering Date :

Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 11 – VoIP Hardware.

1 Connectivity Preconditions for SDP Media Stream draft-andreasen-mmusic-connectivityprecondition-00.txt March 3, 2004 Flemming Andreasen

Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj

UDP Socket Programming

Chapter 29 Multimedia Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

IP Telephony (VoIP).

Protocols and the TCP/IP Suite Overview and Discussion

Voice over internet protocol

WebRTC enabled multimedia conferencing and collaboration solution

IETF#67 – 5-10 November 2006 FECFRAME requirements (draft-ietf-fecframe-req-01) Mark Watson.

VOICE AND VIDEO OVER IP VOIP, RTP, RSVP.

IMTC SIP Interconnect and SuperOp

Implementing TMG Server Publishing

RTP: A Transport Protocol for Real-Time Applications

Design and Implementation of Audio/Video Collaboration System Based on Publish/subscribe Event Middleware CTS04 San Diego 19 January 2004 PTLIU Laboratory.

Distributed Peer-to-peer Name Resolution

Chapter 25 Digital Evidence at the Network and Transport Layers

Multimedia Communications and Firewall/NAT

Enactment of segmentation

Signal Conditioning.

By Seferash B Asfa Wossen Strayer University 3rd December 2003

Overview of H.323-SIP Gateway

Process-to-Process Delivery: UDP, TCP

Active RTP liveness discovery

Presentation transcript:

SDP & RTP & NAT Christian Huitema

What NAT do Map ports –TCP connection –UDP stream (activity) Firewall variants –One port, any peer –One port, any “authorized” peer –One port per peer Two problems –Make NAT “UDP friendly”, –Use random port numbers for RTP, RTCP NAT Node S : :8901 “Real” Internet Natted area

Recommendation for NAT: draft-huitema-natreq4udp-00.txt draft-huitema-natreq4udp-00.txt Two mapping variants –Same port / Different port Two firewall variants –Accept / Require “activity” Problem –Different ports make “conferencing” very hard –Firewall makes “call transfer” and “signalling” hard –Not secure anyway… Recommendation –Use same mapping, –Don’t “firewall” the user. Can we publish it, please? NAT Node S : :8901 “Real” Internet Natted area T :????

Document mapping in SDP: draft-huitema-natreq4udp-00.txt draft-huitema-natreq4udp-00.txt NAT map RTP, RTCP –Oddity ? –Sequencing ? Mapping can be learned –Use “echo server” Proposal: document in SDP –Allow RTP > odd port –“a=rtcp=7654” AVT comment –If deviate oddity, document two ports. Decision –Last call ? NAT Node E : : : :7654 “Real” Internet Natted area T