Magnus Westerlund / Ericsson Thomas Zeng / PacketVideo

Slides:

Advertisements

Similar presentations

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

Advertisements

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

STUN Date: Speaker: Hui-Hsiung Chung 1.

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

CSE 222a Final Project - UCSD Spring 2007 p2p DNS addressing Presented By- Anup Tapadia Alexander Loukissas Justin Wu.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

Mitigating Teredo Routing Loop Attacks (draft-gont-6man-teredo-loops-00 ) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, Beijing, China.

NAT and NAT Traversal SEng490 Directed Study Haoran Song Supervised by Dr. Jianping Pan.

RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.

RTCWEB Signaling Matthew Kaufman. Scope Web Server Browser.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Update of RTSP draft-ietf-mmusic-rfc2326bis-03.txt Authors: Henning Schulzrinne / Columbia University Robert Lanphier / Real Networks Magnus Westerlund.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

PPSP NAT traversal Lichun Li, Jun Wang, Wei Chen {li.lichun1, draft-li-ppsp-nat-traversal-02.

1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.

Draft-gentric-avt-rtsp-http-00.txt Tunneling RTSP/RTP/RTCP in HTTP (draft-gentric-avt-rtsp-http-00.txt) Anne Jones, Apple Philippe Gentric, Philips MP4Net.

Evaluating Performance of a Video Streaming Application using vlcj CS529 Project 3 April 18 th, Mark Hawthorne

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

SIP working group IETF#70 Essential corrections Keith Drage.

IETF-81, Quebec City, July 25-29, 2011

RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

Final Year Project 1 (FYP 1) CHAPTER 1 : INTRODUCTION

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,

RTP Functionalities for RTCWEB A combined view from the authors of draft-cbran-rtcweb-media-00 draft-cbran-rtcweb-media-00 draft-perkins-rtcweb-rtp-usage-02.

SDP & RTP & NAT Christian Huitema. What NAT do Map ports –TCP connection –UDP stream (activity) Firewall variants –One port, any peer –One port, any “authorized”

Draft-ietf-behave-nat-udp-00 NAT Behavioral Requirements for Unicast UDP draft-ietf-behave-nat-upd-00 François Audet - Cullen Jennings.

Draft-ietf-behave-nat-00 NAT/Firewall Behavioral Requirements draft-ietf-behave-nat-00 François Audet - Cullen Jennings -

The SIP-Based System Used in Connection with a Firewall Peter Koski, Jorma Ylinen, Pekka Loula Tampere University of Technology, Pori Pohjoisranta 11 A,

H.323 NAT Traversal Problem particular to H.323(RAS->Q.931->H.245):  RAS from private network to public network can pass NAT  Q931 、 H.245 adopts the.

HIP-Based NAT Traversal in P2P-Environments

CS 3700 Networks and Distributed Systems

NAT (Network Address Translation)

Real-time Streaming Protocol (RTSP)

Methods to overcome corporate firewall restrictions

IPv6 for the Network Edge

改良UDP洞穿技術設計物聯網通訊：以遠端門鈴監控系統為例 Improving UDP Hole Punching Technique For IoT Communications: A Remote Door-bell Monitoring System 報告時間28~32分佳楊凱勝指導教授：柯開維.

Chairs: Flemming Andreasen Miguel A. Garcia

draft-ietf-behave-nat-behavior-discovery-01

Preferred Alternatives for Tunnelling HIP (PATH)

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

TURN-Lite: A Lightweight TURN Architecture and Specification (draft-wang-tram-turnlite-03) Aijun Wang (China Telecom) Bing Liu (Speaker) (Huawei) IETF.

DNSSEC Basics, Risks and Benefits

RTSP - Core Magnus Westerlund / Ericsson Rob Lanphier / Real Networks

CS 3700 Networks and Distributed Systems

Real Time Streaming Protocol

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG

Multimedia Communications and Firewall/NAT

IETF 50, Minneapolis Zero-byte ROHC RTP Background, requirements, current status and proposed way forward Lars-Erik Jonsson Ericsson Research, Luleå.

IEEE MEDIA INDEPENDENT HANDOVER

Multi-server Namespace in NFSv4.x Previous and Pending Updates

POWER CHALLENGES Several Ways To Solve 7 CHALLENGES.

Request for Comments(RFC) 3489

M. Boucadair, J. Touch, P. Levis and R. Penno

Guidelines for using the Multiplexing Features of RTP to Support Multiple Media Streams draft-ietf-avtcore-multiplex-guidelines-06 Magnus.

IEEE MEDIA INDEPENDENT HANDOVER

Presentation transcript:

Magnus Westerlund / Ericsson Thomas Zeng / PacketVideo RTSP & NATs Magnus Westerlund / Ericsson Thomas Zeng / PacketVideo

Purpose To describe how to traverse NATs and Firewalls with RTSP Describes several NAT traversal approaches Client only modifications = limited applicability. Client and server modifying = Support all NAT types. How to implement an RTSP ALG (Don’t do them). Give recommendations regarding RTSP for Firewalls.

Status Client side only or already available approaches that are documented: STUN (Cone NATs Only) TURN (DoS restrictions) RTP/RTCP tunneled in RTSP over TCP (TCP behavior) ALG for NATs and Firewalls Needs more work to be clear. Needs review

Open Issue – What are the Goals What goals should be meet for the symmetric NAT solution?: Allow Servers to be located behind NATs? Mitigate the RTP denial of service attack at the same time? How important is the timeframe to get a standardized solution? Select only one solution!

Open Issue – Symmetric NAT How to solve traversal for symmetric NATs? Meet the determined goals of the solution. Will Require Server extensions. Solutions complexity.

Open Issue - Candidates Symmetric RTP Increased hijacking and DoS risk Will not allow for servers behind NATs without further extensions (STUN). STUN with server co-location DoS restrictions or worse security. (multi address NAT) Allow for servers behind NATs in some cases (full cone NAT).

Open Issue - Candidates ICE for RTSP Mitigates DoS attack almost completely. Allows for serves behind almost any NAT constellation. Most complex. DCCP Will not allow for servers behind NATs. Mitigates DoS attack. Will not be ready and deployed in significant amount anytime soon. Needs further investigation. Will have its own NAT problems!

Way Forward Continue discussion about which solution to choose on the mailing list. Update the draft on the client side schemes, ALG, Firewall, and NAT recommendations. When solution selected write necessary specification, plus motivation to choice. Please state your opinion!