NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.

Slides:



Advertisements
Similar presentations
SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Advertisements

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.
Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Address Settlement by Peer to Peer (ASP) Jonathan Rosenberg Cullen Jennings Eric Rescorla.
Comparison between Skype and SIP- based Peer-to-Peer Voice-Over-IP Overlay Network Johnson Lee EECE 565 Data Communications.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
PPSP NAT traversal Lichun Li, Jun Wang, Yu Meng {li.lichun1, draft-li-ppsp-nat-traversal-00.
Addressing the P2P Bootstrap Problem for Small Overlay Networks David Wolinsky, Pierre St. Juste, P. Oscar Boykin, and Renato Figueiredo ACIS P2P Group.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Network Layer and Transport Layer.
What we will cover… Home Networking: Network Address Translation (NAT) Mobile Routing.
More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.
RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
The internet layer Skills: None IT concepts: layered protocols, the internet layer, IP protocol, router, dumb (“end-to- end,” “neutral”) networks This.
1 Link Layer & Network Layer Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari Balakrishnan, and Sam Madden Prof. Dina Katabi.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
IETF P2P Mechanisms Wes Eddy / TSV AD MTI Systems TSVAREA IETF 81 – Quebec City, July 2011.
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
TURN draft-ietf-behave-turn-07 Philip Matthews, Avaya Jonathan Rosenberg, Cisco Rohan Mahy, Plantronics.
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
The Network Layer. Network Projects Must utilize sockets programming –Client and Server –Any platform Please submit one page proposal Can work individually.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
Chapter 1 Overview Review Overview of demonstration network
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.
Transport Layer: UDP, TCP
Curtsy Web
The HIP-HOP proposal draft-matthews-p2psip-hip-hop-00 Philip Matthews
PPSP NAT traversal Lichun Li, Jun Wang, Wei Chen {li.lichun1, draft-li-ppsp-nat-traversal-02.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
OSI Model. Switches point to point bridges two types store & forward = entire frame received the decision made, and can handle frames with errors cut-through.
Problems in using HIP for P2PSIP Philip Matthews Avaya
Network Address Translation Current problems with IP addresses:  Address depletion  Scaling in routing Solutions:  IPv6  CIDR  NAT.
Chapter 2 Protocols and the TCP/IP Suite 1 Chapter 2 Protocols and the TCP/IP Suite.
An analysis of Skype protocol Presented by: Abdul Haleem.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Chapter 13 The Internet.
Interfaces and Services Each layer provides a service to the layer above it. A service is a set of primitive operations. Under UNIX, primitives are implemented.
RTCWEB Considerations for NATs, Firewalls and HTTP proxies draft-hutton-rtcweb-nat-firewall- considerations A. Hutton, T. Stach, J. Uberti.
Network and the internet Part eight Introduction to computer, 2nd semester, 2009/2010 Mr.Nael Aburas Faculty of Information.
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
TURN Jonathan Rosenberg Cisco Systems. Changes since last version Moved to behave terminology Many things moved into STUN –Basic request/response formation.
The NAT Traversal Problem in P2PSIP Bruce Lowekamp (SIPeerior) Philip Matthews (Avaya)
WebRTC Don McGregor Research Associate MOVES Institute
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Discussion On Routing Modes IETF72 P2PSIP WG draft-jiang-p2psip-sep-01 Jiang XingFeng Carlos Macian Victor Pascual.
1 P2PSIP Peer Protocol Design Questions Presenter: Philip Matthews (based on input from the authors of the various proposals)
K. Salah1 Security Protocols in the Internet IPSec.
ID-LOC Proposal Philip Matthews Eric Cooper Alan Johnston Avaya With contributions from Cullen Jennings, David Bryan, and Bruce Lowekamp.
HIP-Based NAT Traversal in P2P-Environments
Introduction to Networks
A quick intro to networking
Introduction to Networks
NET323 D: Network Protocols
* Essential Network Security Book Slides.
NET323 D: Network Protocols
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Protocol Application TCP/IP Layer Model
Request for Comments(RFC) 3489
IPv4 Addressing By, Ishivinder Singh( ) Sharan Patil ( )
Presentation transcript:

NAT Traversal for P2PSIP Philip Matthews Avaya

Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages ICE connectivity check messages 3. ICE connectivity checks. The result is a connection between X and Y. 4. Step 2.ICE Offer/Answer exchange via Overlay Routing (or via a Peer Protocol Relay) Step 1. Gather ICE candidates 3.

Issue: Finding STUN/TURN servers Naive solution: –Define a “STUN” and a “TURN” service –A peer W that is willing to act as a STUN / TURN server inserts a record into the distributed database under the key “STUN” or “TURN” –Peers looking for such a peer retrieve the list of peers offering the service and select one. Problem: Node W responsible for holding these records will probably melt down under all the Put and Get traffic. This is the “Popular Services Problem”

Issue: Finding STUN/TURN servers (2) Two solns proposed so far: Draft-jiang-p2psip-sep –A peer T advertizes its STUN/TURN server through Overlay Maint msgs. Peers receiving this info remember it for later use. Draft-bryan-p2psip-reload –A peer X looking for a STUN/TURN server picks a spot in the hash space at random, and asks the peer nearest to that location if it supports STUN/TURN. If not, peer X picks another spot and tries again. Con: As the number of peers offering the service decreases, the work to find such a peer increases.

Issue: Large msgs over UDP How to send large Peer Protocol msgs over UDP? Option 1: Rely on IP fragmentation –Con: Some NATs cannot handle receiving out-of-order fragments How big a problem is this really Option 2: Fragment at Peer Protocol layer –Con: Extra complexity –Con: Must limit to 576 bytes unless we do PMTUD. –Con: Are we just re-inventing IP fragmentation? Option 3: Only run over TCP –Con: Today, success rate of direct connection (without TURN server) slightly lower for TCP than UDP

Issue: NAT Traversal for Apps Option 1: Each app implements its own NAT traversal scheme –Con: Lots of per-app work; scheme must take Overlay into account. Option 2: An app explicitly asks Peer Protocol to set up a direct connection for its use. –Con: App must be modified to call Peer Protocol in appropriate spots. Option 3: App uses special IP address to identify remote peer; packet intercepted below transport layer and sent over dynamically established connection to remote peer. –Con: Not transparent for apps that imbed addresses in protocol message.