Professional Documents
Culture Documents
Slides 13 Nat Traversal
Slides 13 Nat Traversal
blocks many
types of traffic
- Increasingly used in
home networks and Incoming traffic only
even PCs allowed if session was
Initiated by device in
the private domain
Client A initiates Firewall allows
outgoing session to returned media
Client Y from Client Y
Client Z attempts
Firewall blocks to initiate an
unsolicited incoming session
incoming stream to client B
Most common
NAT and the SIP Protocol
NAT:
a) connect several private
IP addresses using a single
public IP address (breaks
e2e connectivity)
d) cascated NATs
Firewall:
- block inbound traffic (calls,
RTP data with varying port)
Reuse of
IP,Port possible
Reuse not possible
Update SIP/SDP messages to external IP & port
STUN: Session Traversal Utilities for NAT
STUN server:
- in the public address space (Internet)
- client dynamically learns:
. external IP addr & port 4 communication
. type of NAT implementation (full-cone, restricted, …)
Two STUN servers (IP1 and IP2), can respond from port 1 or 2
– Limits transactions to client originated
Candidates:
- Local IP (c1)
- NAT IP (c2) from STUN Server
- Relay Server IP (c3)
NAT Traversal in SKYPE
- Ordinary nodes: skype client only
- Supernodes:
- skype client + other functions
- public IP address
- selected according to
memory, bandwidth, uptime
- Relay nodes:
- outside the client network
- dedicated
- relay media and signaling info only
The “SuperNode” can act as a relay
c) TCP/UDP relays
- TURN alike
- most delay
- almost always work