NAT/Firewall穿越技术.

Slides:

Advertisements

Similar presentations

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

Advertisements

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

1 SIP IPv6/IPv4 transition solutions 通訊所鍾國麟. 2 Outline IPV6 transition problem NAT-PT + SIP ALG TZI gateway 3GPP – IMS STUN-Based SIP Proxy.

UC403: Lync & Network Interaction

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Voice over IP Fundamentals

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

P2P and NAT How to traverse NAT Davide Carboni ©

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

STUN Date: Speaker: Hui-Hsiung Chung 1.

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.

NAT1 Network Address Translation Dr. Danny Tsang Department of Electronic & Computer Engineering Hong Kong University of Science and Technology.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.

1 Kommunikatsiooniteenuste arendus IRT0080 Loeng 5 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

VoIP Spec 彙整李思銳 Codec G.711 G G.729 G.726 G.727 PCM16.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

Session Initiation Protocol (SIP) By: Zhixin Chen.

ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.

RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, Session Initiation Protocol Internet Draft, IETF, RFC 2543.

信息利用与学术论文写作 Library of Jiangsu University, Zhenjiang Sha Zhenjiang

Circuit & Application Level Gateways CS-431 Dick Steflik.

吉林大学远程教育课件主讲人 : 杨凤杰学时： 64 ( 第五十三讲 ) 离散数学. 定义设 G= （ V ， T ， S ， P ）是一个语法结构，由 G 产生的语言（或者说 G 的语言）是由初始状态 S 演绎出来的所有终止符的集合，记为 L （ G ） ={w  T *

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)

RTP Relay Support in Intelligent Gateway Author: Pieere Pi

SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.

Session Initiation Protocol Team Members: Manjiri Ayyar Pallavi Murudkar Sriusha Kottalanka Vamsi Ambati Girish Satya LeeAnn Tam.

NAT Traversal Speaker: Chin-Chang Chang Date:

1 Integrating 3G and WLAN Services in NTP SIP-based VoIP Platform Dr. Quincy Wu National Telecommunications Program Office

STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker ： Wenping Zhang date ：

Call Control with SIP Brian Elliott, Director of Engineering, NMS.

1 TAC2000/ LABORATORY 117 Outline of the Hands-on Tutorial  SIP User-Agent Register Register Make calls Make calls  Fault-Finding Tools Observe.

Presented By Team Netgeeks SIP Session Initiation Protocol.

PPSP NAT traversal Lichun Li, Jun Wang, Wei Chen {li.lichun1, draft-li-ppsp-nat-traversal-02.

1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.

Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.

Omar A. Abouabdalla Network Research Group (USM) SIP – Functionality and Structure of the Protocol SIP – Functionality and Structure of the Protocol By.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

March, 2009 OS7x00 no MGI Solution Introduction Distribution EnglishED01.

©Stephen Kingham SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005 By Stephen Kingham

第四章不定积分. 二、第二类换元积分法一、第一类换元积分法 4.2 换元积分法第二类换元法第一类换元法基本思路设可导, 则有.

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

Interactive Connectivity Establishment : ICE

1 IPTABLES and NAT on Fedora Core 6 Speaker ： Rex Wu Date ：

節能轉接插座認知科學研究所陳啟彰. 設計緣起不使用的電器如未將插頭拔除，仍會有少量的電力損耗，這類的電力損耗稱之為待機損耗 (stand- by loss) 。不使用的電器如未將插頭拔除，仍會有少量的電力損耗，這類的電力損耗稱之為待機損耗 (stand- by loss) 。家庭用電中，待機損耗約佔總耗.

1 Media Session Authorization Dan Wing draft-wing-session-auth-00.txt.

Sandeep Pinnamaneni Vijay Chand Uyyuru Vivek Nemarugommula

The Session Initiation Protocol - SIP

jitsi. org advanced real-time communication.

Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.

The SIP-Based System Used in Connection with a Firewall Peter Koski, Jorma Ylinen, Pekka Loula Tampere University of Technology, Pori Pohjoisranta 11 A,

H.323 NAT Traversal Problem particular to H.323(RAS->Q.931->H.245):  RAS from private network to public network can pass NAT  Q931 、 H.245 adopts the.

NAT (Network Address Translation)

改良UDP洞穿技術設計物聯網通訊：以遠端門鈴監控系統為例 Improving UDP Hole Punching Technique For IoT Communications: A Remote Door-bell Monitoring System 報告時間28~32分佳楊凱勝指導教授：柯開維.

Session Initiation Protocol (SIP)

Network and System Security Risk Assessment

NAT Traversal for VoIP Dr. Quincy Wu National Chi Nan University

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG

Request for Comments(RFC) 3489

Presentation transcript:

NAT/Firewall穿越技术

常见的NAT种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT

Full Cone

Restricted Cone(1/2)

Restricted Cone(2/2)

Port Restricted Cone

Symmetric NAT

NAT Detection Flow

防火牆造成的問題

NAT 造出的问题

NAT/Firewall穿越技术 IPV6(Internet Protocol Version 6) UPnP(Universal Plug and Play) TRUN(Traversal Using Relay NAT) ALG(Application Layer Gatewqy) ICE(Interactive Connectivity Establish) STUN(Simple Traversal of UDP Through Netwoek Address Translators)

UPnP Universal Plug and Play It's being pushed by Microsoft A UPnP-aware client can ask the UPnP-enabled NAT how it would map a particular IP:port through UPnP

UPnP Operation

STUN(1/2) Simple Traversal of UDP Through Network Address Translators 需要在NAT外部架设 STUN Server Client 端需有特殊的 STUN Client 功能无法穿透 symmetric NAT 未来将被ICE整合

STUN(2/2)

TURN(1/2) Traversal Using Relay NAT 主要是为了解決 symmetric NATs 必须要架設 TURN Server 未来也将被包含进 ICE

TURN(2/2)

SIP using STUN User Agent 1 STUN Server Registrar/Proxy User Agent 2 1 STUN SharedSecretRequest/TLS 9 100 Trying User Agent 1 10.2.1.1 STUN Server Registrar/Proxy User Agent 2 7 INVITE Contact:UA1@192.0.2.101 10 200 OK NAT 192.0.2.101 2 STUN SharedSecretResponse/TLS 3 STUN BindingtRequest/UDP 4 STUN BindingResponse/UDP 6 200 OK 5 REGISTER Contact:UA1@192.0.2.101 8 INVITE Contact:UA1@192.0.2.101 11 200 OK 12 ACK 13 ACK RTP Media Session

SIP using TURN User Agent 1 STUN/TURN Svr 1 STUN/TURN Svr 2 10.2.1.1 STUN/TURN Svr 1 STUN/TURN Svr 2 User Agent 2 192.168.1.1 NAT 1 NAT 2 1 STUN Requests 2 STUN Responses 3 STUN Requests 4 STUN Responses 7 180 Ringing 8 200 OK 9 ACK 12 Peer-to-Peer STUN Responses 11 Peer-to-Peer STUN Requests 14 Peer-to-Peer STUN Responses 13 Peer-to-Peer STUN Requests RTP Media Session Established using Derived Transport Addresses Proxy 5 INVITE 6 INVITE 10 ACK

ALG(1/2) Application Layer gateway It Understands the signalling messages and their relationship with the resulting media flows. It can modify the signalling to reflect the public IP address and ports being used by singalling and media traffic.

ALG(2/2)

ICE Interactive Connectivity Establishment 非 protocol 而是 framework 主要技术包括：STUN, TRUN, SIP 目前仍在RFC草案讨论阶段