SlideShare une entreprise Scribd logo

ICE: The ultimate way of beating NAT in SIP

Saúl Ibarra Corretgé
Saúl Ibarra Corretgé

Talk given at Amoocon about NAT traversal using Interactive Connectivity Establishment (ICE, RFC5245)

Technologie
1  sur  31
Télécharger pour lire hors ligne
AG Projects ICE: the ultimate way of beating NAT in SIP ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Saúl Ibarra Corretgé | AG Projects Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Index ● How NAT afects SIP ● Solving the problem ● In the client ● In the network ● ICE: the ultimate solution ● Why ICE doesn't didn't work ● Fixing ICE in the server ● OpenSIPS ● MediaProxy ● What about IPv6? ● Q&A Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts How NAT afects SIP ● Internet providers use NATs ● Multiplex private addresses into a single public one ● 'Hide' inner network from the outside ● NATs create a binding between the internal/private address and the external/public ● IP and port in the packets is modifed with the binding information Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts How NAT afects SIP (II) Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts How NAT afects SIP (III) ● This changes in the source IP/port afect SIP because it will contain private IP addresses ● Contact header: in REGISTER requests it will be used for targeting incoming INVITEs ● SDP: target address and port for media ● This results in one way audio / no media at all! ● Can this be solved? ● Contact header for REGISTER: a proxy can use the received IP/port. ● SDP: hard to solve, as ports are dynamically allocated Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts How NAT afects SIP (IV) IN VITE s ip:3333@s ip2s ip.info SIP/ 2.0 Via: SIP/2.0/UDP 192.168.99.23:49919;rport;branch=z9hG4bKPj.OB8RPYvcZIaBcu.uom4xvbsyw9RBwlW Max-Forwards: 70 From: "saul" <sip:saghul@sip2sip.info>;tag=N0mSaBvIOXOLC0sNpJ9oJvrpJMuSeC8p To: <sip:3333@sip2sip.info> Contact: <sip:dezruwmf@192.168.99.23:49919> Call-ID: PQ4m4UxA9VHDJ.uLGXzKOQm-9ljIZGvH CSeq: 24149 INVITE Route: <sip:81.23.228.150;lr> Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE Supported: 100rel User-Agent: blink-0.18.2 Content-Type: application/sdp Content-Length: 387 V=0 o=- 3484383368 3484383368 IN IP4 192.168.99.23 s=blink-0.18.2 c=IN IP4 192.168.99.23 t=0 0 m=audio 50076 RTP/AVP 0 8 9 101 a=rtcp:50077 IN IP4 192.168.99.23 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=sendrecv Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Solving the problem in the client ● Clients may try to solve their NAT issue by using client-side NAT traversal techniques ● Session Traversal Utilities for NAT (STUN) – RFC 5389 ● Traversal Using Relays around NAT (TURN) – RFC 5766 ● However... ● TURN hasn't been widely deployed ● STUN can't be used in case of symmetric NAT – Most common type of NAT? ● Cooperation from the server side ● Deployment of STUN/TURN servers ● Servers don't trust clients Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Solving the problem in the server ● Insert a media relay in the path so that 2 way media works in the worst case ● SDP mangling ● Ugly hacks to avoid using a media relay every time ● If both users come from the same network ● Other local policies Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Solving the problem in the server (II) Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE: the ultimate solution! ● Interactive Connection Establishment ● RFC 5245. Yes, it's an RFC! ● Combines client-side techniques with server support to fnd the most appropriate way of communicating with the other endpoint ● STUN + TURN ● Media should only be relayed in the worst case ● Both endpoints behind symmetric NATs ● Start sending media when it's guarantied that there will be a successful communication ● Clients don't need to know their NAT type ● A complex protocol ● It took ICE 6 years to become an RFC! ● Not many fully capable ICE clients... but you can Blink! :) Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 1: Allocation ● Before sending the INVITE ● Gather all possible candidates ● Candidate types ● Host candidates: machines local network interfaces ● Server refexive candidates: learnt by using STUN ● Relayed candidates: allocated with STUN Relay Usage requests (RFC 5766) Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 2: Prioritization priority = (2^24)*(type preference) + (2^8 )*(local preference) + (2^0)*(256 -componentID) ● Type preference: Depends on candidate type (0 for relayed candidate, 126 for host candidate) ● Local preference: Local policy for selecting different priority if candidates are same type. Also IPv4 / IPv6. ● Component ID: 1 for RTP, 2 for RTCP Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 3: Ofer encoding V=0 o=- 3484389594 3484389594 IN IP4 192.168.99.23 s=blink-0.18.2 c=IN IP4 192.168.99.23 t=0 0 m=audio 64249 RTP/AVP 104 103 102 9 0 8 101 a=rtcp:64250 IN IP4 62.131.6.55 a=rtpmap:104 speex/32000 a=rtpmap:103 speex/16000 a=rtpmap:102 speex/8000 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=ice-ufrag:241ffa10 ICE attributes a=ice-pwd:2f5a42f7 a=candidate:Sc0a86317 1 UDP 1694498815 62.131.6.55 64249 typ srf x raddr 192.168.99.23 rport 49306 l a=candidate:Hc0a86317 1 UDP 2130706431 192.168.99.23 49306 typ host a=candidate:Sc0a86317 2 UDP 1694498814 62.131.6.55 64250 typ srf x raddr 192.168.99.23 rport 49519 l ICE candidates a=candidate:Hc0a86317 2 UDP 2130706430 192.168.99.23 49519 typ host a=sendrecv Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 3: Ofer encoding (II) a=candidate:Sc0a86317 1 UDP 1694498815 62.131.6.55 64249 typ srf x raddr 192.168.99.23 rport 49306 l ● Foundation (Sc0a86317): Unique identif er for each candidate of the i same type, same interface and STUN server (if applicable) ● Component ID (1): Identif er, 1 for RTP, 2 for RTCP i ● Transport (UDP): Candidate transport type ● Priority (1694498815): Priority for the given component ● IP address and port (62.131.6.55 64249): Component's IP and port ● Type (srf x): Component type l ● Related address (raddr 192.168.99.23 rport 49306): Optional information: for relayed candidates it contains the server ref exive l address and for server ref exive candidates it contains the host l address. ● After encoding the offer it's sent out as a regular INVITE Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 4: Allocation ● The callee receives the ofer and starts his own process. ● Gather candidates ● Prioritize ● Encode SDP answer ● Send 200 OK with SDP Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 5: Verifcation ● Both parties have each other's candidates ● Each party pairs it's own local candidates with the candidates from the remote party ● List is pruned for duplicated candidates ● Both endpoints will have the same list ● Each endpoints sends a connectivity check every 20ms ● STUN Binding Request from the local candidate to the remote ● The receiver generates an answer with the received IP and port included ● If the response is received the check is successful Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 5: Verifcation (II) ● During the connectivity checks new candidates can be found ● Peer refexive candidates ● P2P media is possible if only one of the parties if behind a symmetric NAT Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 6: Coordination + Communication ● After all checks both endpoints will have the same set of valid candidates ● All negotiation has taken place at the media level, through STUN ● Controlling agent will decide which of the valid candidates to use ● In ICE full implementations the oferer is the controlling agent ● It will do a connectivity check again, but with a “use candidate” fag included in the STUN request ● If check succeeds both endpoints know where to send media to each other :) Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 7: Confrmation ● Negotiation took place at the media level ● At SIP level we don't know where media is! ● If the transport address where the media is received changed due to ICE negotiation, a re-INVITE must be sent to update the status of any possible middle box. Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Why ICE doesn't didn't work ● Currently SDP mangling + media relaying is the most common NAT traversal mechanism ● If a SIP proxy mangles the SDP without taking ICE into account the negotiation will be broken Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Why ICE doesn't didn't work (II) V=0 o=- 3484393780 3484393780 IN IP4 192.168.99.53 s=sipsimple 0.14.2 c=IN IP4 85.17.186.6 t=0 0 m=audio 51354 RTP/AVP 9 8 101 a=rtcp:51355 IN IP4 85.17.186.6 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=ice-ufrag:76e08623 a=ice-pwd:4e2db26f a=candidate:Sc0a86335 1 UDP 1694498815 62.131.6.55 49732 typ srf x raddr 192.168.99.53 rport 51641 l a=candidate:Hc0a86335 1 UDP 2130706431 192.168.99.53 51641 typ host a=candidate:Sc0a86335 2 UDP 1694498814 62.131.6.55 49733 typ srf x raddr 192.168.99.53 rport 40568 l a=candidate:Hc0a86335 2 UDP 2130706430 192.168.99.53 40568 typ host a=sendrecv ● IP in the c line doesn't match any IP in the candidate list! ● ICE mismatch! ● OpenSIPS + MediaProxy will come to the rescue! Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server ● The server needs to be aware of ICE ● Mangle necessary information in the SDP ● Don't block STUN checks ● Think about accounting! ● Tools that needed to be modifed ● OpenSIPS (http://opensips.org) ● MediaProxy (http://mediaproxy.ag-projects.com) ● CDRTool (http://cdrtool.ag-projects.com) Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: OpenSIPS ● Detect that a request is ofering ICE ● Allow the user to select if a ICE candidate should be inserted and the priority ● Allow the user to dynamically change the behavior though an AVP ● Complete design: http://mediaproxy.ag-projects.com/wiki/ICE Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: OpenSIPS (II) V=0 o=- 3484393780 3484393780 IN IP4 192.168.99.53 s=sipsimple 0.14.2 c=IN IP4 85.17.186.6 t=0 0 m=audio 51354 RTP/AVP 9 8 101 a=rtcp:51355 IN IP4 85.17.186.6 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=ice-ufrag:76e08623 a=ice-pwd:4e2db26f a=candidate:R6ba1155 1 UDP 16777215 85.17.186.6 51354 typ relay a=candidate:R6ba1155 2 UDP 16777214 85.17.186.6 51355 typ relay a=candidate:Sc0a86335 1 UDP 1694498815 62.131.6.55 49732 typ srf x raddr 192.168.99.53 rport 51641 l a=candidate:Hc0a86335 1 UDP 2130706431 192.168.99.53 51641 typ host a=candidate:Ha45450a 1 UDP 2130706431 10.69.69.10 51641 typ host a=candidate:Sc0a86335 2 UDP 1694498814 62.131.6.55 49733 typ srf x raddr 192.168.99.53 rport 40568 l a=candidate:Hc0a86335 2 UDP 2130706430 192.168.99.53 40568 typ host a=candidate:Ha45450a 2 UDP 2130706430 10.69.69.10 40568 typ host a=sendrecv Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: MediaProxy ● MediaProxy needs to be aware about ICE negotiation taking place ● Ability to relay STUN requests ● Bail out silently if it was not the chosen candidate ● Both endpoints had ICE information in the SDP ● STUN checks were received from both of them Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: MediaProxy (II) Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: recap ● This solution was successfully tested at past SIPit26 ● OpenSIPS + MediaProxy is the frst software combination to fx ICE this way ever ● Software versions ● OpenSIPS >= 1.6.2) ● MediaProxy >= 2.4.2 ● CDRTool >= 7.1 ● Free public platform available: http://sip2sip.info Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts What about IPv6? ● Adoption will not begin tomorrow! ● Meantime: IPv6 in the backbones and IPv4 elsewhere ● Still, NATs won't disappear! ● ICE can be used to select between IPv6 and IPv4 candidates IPv6 For The Win! Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Recap ● ICE will allow endpoints to try to communicate by all means ● Server cooperation is needed ● STUN servers ● Mangle all necessary information not to break ICE ● Published as an RFC! ● Go and implement it! ● Operators will want ICE ● Who will relay HD video calls? Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Questions? Amoocon 2010
AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts BYE BYE s ip:audience@am oocon.de SIP/ 2.0 Via: SIP/2.0/UDP 192.168.99.23:49919;rport;branch=z9hG4bKPjDb30Dx0sH-ozn9QB.cCCboyU.atR97aM Max-Forwards: 70 From: "saul" <sip:saul@ag-projects.com>;tag=UCpGKVZbQQx7BUKYtiuPEX668oa9jaU7 To: <sip:audience@amoocon.de>;tag=as59aef35c Call-ID: DEWDfu63OACwYeQk7MrhmRhRq.1cqqis CSeq: 10633 BYE Route: <sip:81.23.228.129;lr;ftag=UCpGKVZbQQx7BUKYtiuPEX668oa9jaU7;did=641.a8a9c553> User-Agent: blink-0.18.2 Content-Length: 0 You can Blink tomorrow at 14:00 @saghul @agprojects saul@ag-projects.com sip:saul@ag-projects.com Amoocon 2010

Recommandé

Nat traversal in WebRTC context
Nat traversal in WebRTC contextNat traversal in WebRTC context
Nat traversal in WebRTC contextAudioCodes
 
From NAT to NAT Traversal
From NAT to NAT TraversalFrom NAT to NAT Traversal
From NAT to NAT TraversalLi-Wei Yao
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocolMichal Hrncirik
 
How BGP Works
How BGP WorksHow BGP Works
How BGP WorksThousandEyes
 
WiFi – Mobile BNG Offload Deployments
WiFi – Mobile BNG Offload DeploymentsWiFi – Mobile BNG Offload Deployments
WiFi – Mobile BNG Offload DeploymentsCisco Canada
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux NetworkingMaximilan Wilhelm
 
ICE basic
ICE basicICE basic
ICE basicVu Nguyen
 
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...ALTANAI BISHT
 

Recommandé

Nat traversal in WebRTC context
Nat traversal in WebRTC contextNat traversal in WebRTC context
Nat traversal in WebRTC contextAudioCodes
 
From NAT to NAT Traversal
From NAT to NAT TraversalFrom NAT to NAT Traversal
From NAT to NAT TraversalLi-Wei Yao
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocolMichal Hrncirik
 
How BGP Works
How BGP WorksHow BGP Works
How BGP WorksThousandEyes
 
WiFi – Mobile BNG Offload Deployments
WiFi – Mobile BNG Offload DeploymentsWiFi – Mobile BNG Offload Deployments
WiFi – Mobile BNG Offload DeploymentsCisco Canada
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux NetworkingMaximilan Wilhelm
 
ICE basic
ICE basicICE basic
ICE basicVu Nguyen
 
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...ALTANAI BISHT
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocolMuuluu
 
Bgp
BgpBgp
BgpFebrian ‎
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bullsSwapnil Kapate
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik TutorialMd Sohrab Hossain Sourav
 
CCNP Route EIGRP Overview
CCNP Route EIGRP OverviewCCNP Route EIGRP Overview
CCNP Route EIGRP OverviewVisalini Kumaraswamy
 
HOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterHOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterKHNOG
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionRasoul Mesghali, CCIE RS
 
CCIE Lab - IGP Routing
CCIE Lab - IGP Routing CCIE Lab - IGP Routing
CCIE Lab - IGP Routing Kristof De Brouwer
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and BeyondAndreas Granig
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)Netwax Lab
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna MohamedJafar5
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - EnglishAdhie Lesmana
 
Ipv6
Ipv6Ipv6
Ipv6satish 486
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlanSuraj Deshmukh
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracerAnabia Anabia
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIPKundan Singh
 
Blink: voice is not enough
Blink: voice is not enoughBlink: voice is not enough
Blink: voice is not enoughSaúl Ibarra Corretgé
 
Ryu SDN Framework
Ryu SDN FrameworkRyu SDN Framework
Ryu SDN FrameworkAPNIC
 

Contenu connexe

Tendances

Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocolMuuluu
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bullsSwapnil Kapate
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
HOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterHOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterKHNOG
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and BeyondAndreas Granig
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)Netwax Lab
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - EnglishAdhie Lesmana
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracerAnabia Anabia
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIPKundan Singh
 

Tendances (20)

Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
Bgp
BgpBgp
Bgp
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bulls
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik Tutorial
 
CCNP Route EIGRP Overview
CCNP Route EIGRP OverviewCCNP Route EIGRP Overview
CCNP Route EIGRP Overview
 
HOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterHOTSPOT on MikroTik Router
HOTSPOT on MikroTik Router
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotik
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing Introduction
 
CCIE Lab - IGP Routing
CCIE Lab - IGP Routing CCIE Lab - IGP Routing
CCIE Lab - IGP Routing
 
rtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyondrtpengine - Media Relaying and Beyond
rtpengine - Media Relaying and Beyond
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutes
 
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English
 
Ipv6
Ipv6Ipv6
Ipv6
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracer
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIP
 

Similaire à ICE: The ultimate way of beating NAT in SIP

Ryu SDN Framework
Ryu SDN FrameworkRyu SDN Framework
Ryu SDN FrameworkAPNIC
 
Ip атс grand stream ucm6102 functional overview and testing-eng
Ip атс grand stream ucm6102 functional overview and testing-engIp атс grand stream ucm6102 functional overview and testing-eng
Ip атс grand stream ucm6102 functional overview and testing-engVladimir Dudchenko
 
SiFive SoC IP for HPC, AI and Networking
SiFive SoC IP for HPC, AI and NetworkingSiFive SoC IP for HPC, AI and Networking
SiFive SoC IP for HPC, AI and NetworkingAijaz Qaisar
 
Jorjin Technologies - AR Partnerships with Smart Glasses - 10012020
Jorjin Technologies - AR Partnerships with Smart Glasses - 10012020Jorjin Technologies - AR Partnerships with Smart Glasses - 10012020
Jorjin Technologies - AR Partnerships with Smart Glasses - 10012020Curt Riley
 
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKDPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKLagopus SDN/OpenFlow switch
 
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaDPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaJim St. Leger
 
Developing rich SIP applications with SIPSIMPLE SDK
Developing rich SIP applications with SIPSIMPLE SDKDeveloping rich SIP applications with SIPSIMPLE SDK
Developing rich SIP applications with SIPSIMPLE SDKSaúl Ibarra Corretgé
 
M3L Inc Company Profile (August 19th, 2020 version)
M3L Inc Company Profile (August 19th, 2020 version)M3L Inc Company Profile (August 19th, 2020 version)
M3L Inc Company Profile (August 19th, 2020 version)M3L Inc.
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
Will PCIe 5.0 become ubiquitous in tomorrow's SoCs?
Will PCIe 5.0 become ubiquitous in tomorrow's SoCs?Will PCIe 5.0 become ubiquitous in tomorrow's SoCs?
Will PCIe 5.0 become ubiquitous in tomorrow's SoCs?Romain Tourneau
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017Jian-Hong Pan
 
FreeSWITCH as a Kickass SBC
FreeSWITCH as a Kickass SBCFreeSWITCH as a Kickass SBC
FreeSWITCH as a Kickass SBCMoises Silva
 

Similaire à ICE: The ultimate way of beating NAT in SIP (20)

Blink: voice is not enough
Blink: voice is not enoughBlink: voice is not enough
Blink: voice is not enough
 
Ryu SDN Framework
Ryu SDN FrameworkRyu SDN Framework
Ryu SDN Framework
 
FBLajSIPScenarior.ppt
FBLajSIPScenarior.pptFBLajSIPScenarior.ppt
FBLajSIPScenarior.ppt
 
SIP Beyond VoIP
SIP Beyond VoIPSIP Beyond VoIP
SIP Beyond VoIP
 
Ip атс grand stream ucm6102 functional overview and testing-eng
Ip атс grand stream ucm6102 functional overview and testing-engIp атс grand stream ucm6102 functional overview and testing-eng
Ip атс grand stream ucm6102 functional overview and testing-eng
 
SiFive SoC IP for HPC, AI and Networking
SiFive SoC IP for HPC, AI and NetworkingSiFive SoC IP for HPC, AI and Networking
SiFive SoC IP for HPC, AI and Networking
 
Jorjin Technologies - AR Partnerships with Smart Glasses - 10012020
Jorjin Technologies - AR Partnerships with Smart Glasses - 10012020Jorjin Technologies - AR Partnerships with Smart Glasses - 10012020
Jorjin Technologies - AR Partnerships with Smart Glasses - 10012020
 
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKDPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
 
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro NakajimaDPDK Summit 2015 - NTT - Yoshihiro Nakajima
DPDK Summit 2015 - NTT - Yoshihiro Nakajima
 
Kamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocketKamailio World 2013 - SIP and MSRP over WebSocket
Kamailio World 2013 - SIP and MSRP over WebSocket
 
Developing rich SIP applications with SIPSIMPLE SDK
Developing rich SIP applications with SIPSIMPLE SDKDeveloping rich SIP applications with SIPSIMPLE SDK
Developing rich SIP applications with SIPSIMPLE SDK
 
M3L Inc Company Profile (August 19th, 2020 version)
M3L Inc Company Profile (August 19th, 2020 version)M3L Inc Company Profile (August 19th, 2020 version)
M3L Inc Company Profile (August 19th, 2020 version)
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
5. profinet network design andy gilbert
5. profinet network design andy gilbert5. profinet network design andy gilbert
5. profinet network design andy gilbert
 
Profinet design basics - Andy Williams
Profinet design basics - Andy WilliamsProfinet design basics - Andy Williams
Profinet design basics - Andy Williams
 
Will PCIe 5.0 become ubiquitous in tomorrow's SoCs?
Will PCIe 5.0 become ubiquitous in tomorrow's SoCs?Will PCIe 5.0 become ubiquitous in tomorrow's SoCs?
Will PCIe 5.0 become ubiquitous in tomorrow's SoCs?
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
 
Sangoma SS7 Gateway Training
Sangoma SS7 Gateway TrainingSangoma SS7 Gateway Training
Sangoma SS7 Gateway Training
 
FreeSWITCH as a Kickass SBC
FreeSWITCH as a Kickass SBCFreeSWITCH as a Kickass SBC
FreeSWITCH as a Kickass SBC
 
Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams
 

Plus de Saúl Ibarra Corretgé

Challenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicChallenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicSaúl Ibarra Corretgé
 
The Road to End-to-End Encryption in Jitsi Meet
The Road to End-to-End Encryption in Jitsi MeetThe Road to End-to-End Encryption in Jitsi Meet
The Road to End-to-End Encryption in Jitsi MeetSaúl Ibarra Corretgé
 
Jitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and loveJitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and loveSaúl Ibarra Corretgé
 
Jitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy mindedJitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy mindedSaúl Ibarra Corretgé
 
Get a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experienceGet a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experienceSaúl Ibarra Corretgé
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCSaúl Ibarra Corretgé
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCSaúl Ibarra Corretgé
 
Jitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-hostJitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-hostSaúl Ibarra Corretgé
 
WebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoTWebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoTSaúl Ibarra Corretgé
 
libuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/olibuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/oSaúl Ibarra Corretgé
 
Videoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTCVideoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTCSaúl Ibarra Corretgé
 
SylkServer: State of the art RTC application server
SylkServer: State of the art RTC application serverSylkServer: State of the art RTC application server
SylkServer: State of the art RTC application serverSaúl Ibarra Corretgé
 
Escalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincherasEscalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincherasSaúl Ibarra Corretgé
 

Plus de Saúl Ibarra Corretgé (20)

Challenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemicChallenges running Jitsi Meet at scale during the pandemic
Challenges running Jitsi Meet at scale during the pandemic
 
The Road to End-to-End Encryption in Jitsi Meet
The Road to End-to-End Encryption in Jitsi MeetThe Road to End-to-End Encryption in Jitsi Meet
The Road to End-to-End Encryption in Jitsi Meet
 
Jitsi: State of the Union 2020
Jitsi: State of the Union 2020Jitsi: State of the Union 2020
Jitsi: State of the Union 2020
 
Jitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and loveJitsi Meet: our tale of blood, sweat, tears and love
Jitsi Meet: our tale of blood, sweat, tears and love
 
Jitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy mindedJitsi Meet: Video conferencing for the privacy minded
Jitsi Meet: Video conferencing for the privacy minded
 
Jitsi - Estado de la unión 2019
Jitsi - Estado de la unión 2019Jitsi - Estado de la unión 2019
Jitsi - Estado de la unión 2019
 
Get a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experienceGet a room! Spot: the ultimate physical meeting room experience
Get a room! Spot: the ultimate physical meeting room experience
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTC
 
Going Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTCGoing Mobile with React Native and WebRTC
Going Mobile with React Native and WebRTC
 
Jitsi: Estado de la Unión (2018)
Jitsi: Estado de la Unión (2018)Jitsi: Estado de la Unión (2018)
Jitsi: Estado de la Unión (2018)
 
Jitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-hostJitsi: state-of-the-art video conferencing you can self-host
Jitsi: state-of-the-art video conferencing you can self-host
 
WebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoTWebRTC: El epicentro de la videoconferencia y IoT
WebRTC: El epicentro de la videoconferencia y IoT
 
Jitsi: Open Source Video Conferencing
Jitsi: Open Source Video ConferencingJitsi: Open Source Video Conferencing
Jitsi: Open Source Video Conferencing
 
Jitsi: State of the Union
Jitsi: State of the UnionJitsi: State of the Union
Jitsi: State of the Union
 
libuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/olibuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/o
 
Videoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTCVideoconferencias: el santo grial de WebRTC
Videoconferencias: el santo grial de WebRTC
 
SylkServer: State of the art RTC application server
SylkServer: State of the art RTC application serverSylkServer: State of the art RTC application server
SylkServer: State of the art RTC application server
 
Escalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincherasEscalabilidad horizontal desde las trincheras
Escalabilidad horizontal desde las trincheras
 
A deep dive into libuv
A deep dive into libuvA deep dive into libuv
A deep dive into libuv
 
Planning libuv v2
Planning libuv v2Planning libuv v2
Planning libuv v2
 

Dernier

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Dernier (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

ICE: The ultimate way of beating NAT in SIP

  • 1. AG Projects ICE: the ultimate way of beating NAT in SIP ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Saúl Ibarra Corretgé | AG Projects Amoocon 2010
  • 2. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Index ● How NAT afects SIP ● Solving the problem ● In the client ● In the network ● ICE: the ultimate solution ● Why ICE doesn't didn't work ● Fixing ICE in the server ● OpenSIPS ● MediaProxy ● What about IPv6? ● Q&A Amoocon 2010
  • 3. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts How NAT afects SIP ● Internet providers use NATs ● Multiplex private addresses into a single public one ● 'Hide' inner network from the outside ● NATs create a binding between the internal/private address and the external/public ● IP and port in the packets is modifed with the binding information Amoocon 2010
  • 4. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts How NAT afects SIP (II) Amoocon 2010
  • 5. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts How NAT afects SIP (III) ● This changes in the source IP/port afect SIP because it will contain private IP addresses ● Contact header: in REGISTER requests it will be used for targeting incoming INVITEs ● SDP: target address and port for media ● This results in one way audio / no media at all! ● Can this be solved? ● Contact header for REGISTER: a proxy can use the received IP/port. ● SDP: hard to solve, as ports are dynamically allocated Amoocon 2010
  • 6. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts How NAT afects SIP (IV) IN VITE s ip:3333@s ip2s ip.info SIP/ 2.0 Via: SIP/2.0/UDP 192.168.99.23:49919;rport;branch=z9hG4bKPj.OB8RPYvcZIaBcu.uom4xvbsyw9RBwlW Max-Forwards: 70 From: "saul" <sip:saghul@sip2sip.info>;tag=N0mSaBvIOXOLC0sNpJ9oJvrpJMuSeC8p To: <sip:3333@sip2sip.info> Contact: <sip:dezruwmf@192.168.99.23:49919> Call-ID: PQ4m4UxA9VHDJ.uLGXzKOQm-9ljIZGvH CSeq: 24149 INVITE Route: <sip:81.23.228.150;lr> Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE Supported: 100rel User-Agent: blink-0.18.2 Content-Type: application/sdp Content-Length: 387 V=0 o=- 3484383368 3484383368 IN IP4 192.168.99.23 s=blink-0.18.2 c=IN IP4 192.168.99.23 t=0 0 m=audio 50076 RTP/AVP 0 8 9 101 a=rtcp:50077 IN IP4 192.168.99.23 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=sendrecv Amoocon 2010
  • 7. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Solving the problem in the client ● Clients may try to solve their NAT issue by using client-side NAT traversal techniques ● Session Traversal Utilities for NAT (STUN) – RFC 5389 ● Traversal Using Relays around NAT (TURN) – RFC 5766 ● However... ● TURN hasn't been widely deployed ● STUN can't be used in case of symmetric NAT – Most common type of NAT? ● Cooperation from the server side ● Deployment of STUN/TURN servers ● Servers don't trust clients Amoocon 2010
  • 8. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Solving the problem in the server ● Insert a media relay in the path so that 2 way media works in the worst case ● SDP mangling ● Ugly hacks to avoid using a media relay every time ● If both users come from the same network ● Other local policies Amoocon 2010
  • 9. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Solving the problem in the server (II) Amoocon 2010
  • 10. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE: the ultimate solution! ● Interactive Connection Establishment ● RFC 5245. Yes, it's an RFC! ● Combines client-side techniques with server support to fnd the most appropriate way of communicating with the other endpoint ● STUN + TURN ● Media should only be relayed in the worst case ● Both endpoints behind symmetric NATs ● Start sending media when it's guarantied that there will be a successful communication ● Clients don't need to know their NAT type ● A complex protocol ● It took ICE 6 years to become an RFC! ● Not many fully capable ICE clients... but you can Blink! :) Amoocon 2010
  • 11. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 1: Allocation ● Before sending the INVITE ● Gather all possible candidates ● Candidate types ● Host candidates: machines local network interfaces ● Server refexive candidates: learnt by using STUN ● Relayed candidates: allocated with STUN Relay Usage requests (RFC 5766) Amoocon 2010
  • 12. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 2: Prioritization priority = (2^24)*(type preference) + (2^8 )*(local preference) + (2^0)*(256 -componentID) ● Type preference: Depends on candidate type (0 for relayed candidate, 126 for host candidate) ● Local preference: Local policy for selecting different priority if candidates are same type. Also IPv4 / IPv6. ● Component ID: 1 for RTP, 2 for RTCP Amoocon 2010
  • 13. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 3: Ofer encoding V=0 o=- 3484389594 3484389594 IN IP4 192.168.99.23 s=blink-0.18.2 c=IN IP4 192.168.99.23 t=0 0 m=audio 64249 RTP/AVP 104 103 102 9 0 8 101 a=rtcp:64250 IN IP4 62.131.6.55 a=rtpmap:104 speex/32000 a=rtpmap:103 speex/16000 a=rtpmap:102 speex/8000 a=rtpmap:9 G722/8000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=ice-ufrag:241ffa10 ICE attributes a=ice-pwd:2f5a42f7 a=candidate:Sc0a86317 1 UDP 1694498815 62.131.6.55 64249 typ srf x raddr 192.168.99.23 rport 49306 l a=candidate:Hc0a86317 1 UDP 2130706431 192.168.99.23 49306 typ host a=candidate:Sc0a86317 2 UDP 1694498814 62.131.6.55 64250 typ srf x raddr 192.168.99.23 rport 49519 l ICE candidates a=candidate:Hc0a86317 2 UDP 2130706430 192.168.99.23 49519 typ host a=sendrecv Amoocon 2010
  • 14. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 3: Ofer encoding (II) a=candidate:Sc0a86317 1 UDP 1694498815 62.131.6.55 64249 typ srf x raddr 192.168.99.23 rport 49306 l ● Foundation (Sc0a86317): Unique identif er for each candidate of the i same type, same interface and STUN server (if applicable) ● Component ID (1): Identif er, 1 for RTP, 2 for RTCP i ● Transport (UDP): Candidate transport type ● Priority (1694498815): Priority for the given component ● IP address and port (62.131.6.55 64249): Component's IP and port ● Type (srf x): Component type l ● Related address (raddr 192.168.99.23 rport 49306): Optional information: for relayed candidates it contains the server ref exive l address and for server ref exive candidates it contains the host l address. ● After encoding the offer it's sent out as a regular INVITE Amoocon 2010
  • 15. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 4: Allocation ● The callee receives the ofer and starts his own process. ● Gather candidates ● Prioritize ● Encode SDP answer ● Send 200 OK with SDP Amoocon 2010
  • 16. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 5: Verifcation ● Both parties have each other's candidates ● Each party pairs it's own local candidates with the candidates from the remote party ● List is pruned for duplicated candidates ● Both endpoints will have the same list ● Each endpoints sends a connectivity check every 20ms ● STUN Binding Request from the local candidate to the remote ● The receiver generates an answer with the received IP and port included ● If the response is received the check is successful Amoocon 2010
  • 17. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 5: Verifcation (II) ● During the connectivity checks new candidates can be found ● Peer refexive candidates ● P2P media is possible if only one of the parties if behind a symmetric NAT Amoocon 2010
  • 18. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 6: Coordination + Communication ● After all checks both endpoints will have the same set of valid candidates ● All negotiation has taken place at the media level, through STUN ● Controlling agent will decide which of the valid candidates to use ● In ICE full implementations the oferer is the controlling agent ● It will do a connectivity check again, but with a “use candidate” fag included in the STUN request ● If check succeeds both endpoints know where to send media to each other :) Amoocon 2010
  • 19. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts ICE Step 7: Confrmation ● Negotiation took place at the media level ● At SIP level we don't know where media is! ● If the transport address where the media is received changed due to ICE negotiation, a re-INVITE must be sent to update the status of any possible middle box. Amoocon 2010
  • 20. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Why ICE doesn't didn't work ● Currently SDP mangling + media relaying is the most common NAT traversal mechanism ● If a SIP proxy mangles the SDP without taking ICE into account the negotiation will be broken Amoocon 2010
  • 21. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Why ICE doesn't didn't work (II) V=0 o=- 3484393780 3484393780 IN IP4 192.168.99.53 s=sipsimple 0.14.2 c=IN IP4 85.17.186.6 t=0 0 m=audio 51354 RTP/AVP 9 8 101 a=rtcp:51355 IN IP4 85.17.186.6 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=ice-ufrag:76e08623 a=ice-pwd:4e2db26f a=candidate:Sc0a86335 1 UDP 1694498815 62.131.6.55 49732 typ srf x raddr 192.168.99.53 rport 51641 l a=candidate:Hc0a86335 1 UDP 2130706431 192.168.99.53 51641 typ host a=candidate:Sc0a86335 2 UDP 1694498814 62.131.6.55 49733 typ srf x raddr 192.168.99.53 rport 40568 l a=candidate:Hc0a86335 2 UDP 2130706430 192.168.99.53 40568 typ host a=sendrecv ● IP in the c line doesn't match any IP in the candidate list! ● ICE mismatch! ● OpenSIPS + MediaProxy will come to the rescue! Amoocon 2010
  • 22. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server ● The server needs to be aware of ICE ● Mangle necessary information in the SDP ● Don't block STUN checks ● Think about accounting! ● Tools that needed to be modifed ● OpenSIPS (http://opensips.org) ● MediaProxy (http://mediaproxy.ag-projects.com) ● CDRTool (http://cdrtool.ag-projects.com) Amoocon 2010
  • 23. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: OpenSIPS ● Detect that a request is ofering ICE ● Allow the user to select if a ICE candidate should be inserted and the priority ● Allow the user to dynamically change the behavior though an AVP ● Complete design: http://mediaproxy.ag-projects.com/wiki/ICE Amoocon 2010
  • 24. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: OpenSIPS (II) V=0 o=- 3484393780 3484393780 IN IP4 192.168.99.53 s=sipsimple 0.14.2 c=IN IP4 85.17.186.6 t=0 0 m=audio 51354 RTP/AVP 9 8 101 a=rtcp:51355 IN IP4 85.17.186.6 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=ice-ufrag:76e08623 a=ice-pwd:4e2db26f a=candidate:R6ba1155 1 UDP 16777215 85.17.186.6 51354 typ relay a=candidate:R6ba1155 2 UDP 16777214 85.17.186.6 51355 typ relay a=candidate:Sc0a86335 1 UDP 1694498815 62.131.6.55 49732 typ srf x raddr 192.168.99.53 rport 51641 l a=candidate:Hc0a86335 1 UDP 2130706431 192.168.99.53 51641 typ host a=candidate:Ha45450a 1 UDP 2130706431 10.69.69.10 51641 typ host a=candidate:Sc0a86335 2 UDP 1694498814 62.131.6.55 49733 typ srf x raddr 192.168.99.53 rport 40568 l a=candidate:Hc0a86335 2 UDP 2130706430 192.168.99.53 40568 typ host a=candidate:Ha45450a 2 UDP 2130706430 10.69.69.10 40568 typ host a=sendrecv Amoocon 2010
  • 25. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: MediaProxy ● MediaProxy needs to be aware about ICE negotiation taking place ● Ability to relay STUN requests ● Bail out silently if it was not the chosen candidate ● Both endpoints had ICE information in the SDP ● STUN checks were received from both of them Amoocon 2010
  • 26. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: MediaProxy (II) Amoocon 2010
  • 27. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Fixing ICE in the server: recap ● This solution was successfully tested at past SIPit26 ● OpenSIPS + MediaProxy is the frst software combination to fx ICE this way ever ● Software versions ● OpenSIPS >= 1.6.2) ● MediaProxy >= 2.4.2 ● CDRTool >= 7.1 ● Free public platform available: http://sip2sip.info Amoocon 2010
  • 28. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts What about IPv6? ● Adoption will not begin tomorrow! ● Meantime: IPv6 in the backbones and IPv4 elsewhere ● Still, NATs won't disappear! ● ICE can be used to select between IPv6 and IPv4 candidates IPv6 For The Win! Amoocon 2010
  • 29. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Recap ● ICE will allow endpoints to try to communicate by all means ● Server cooperation is needed ● STUN servers ● Mangle all necessary information not to break ICE ● Published as an RFC! ● Go and implement it! ● Operators will want ICE ● Who will relay HD video calls? Amoocon 2010
  • 30. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts Questions? Amoocon 2010
  • 31. AG Projects ICE: the ultimate way of beating NAT in SIP The SIP Infrastructure Experts BYE BYE s ip:audience@am oocon.de SIP/ 2.0 Via: SIP/2.0/UDP 192.168.99.23:49919;rport;branch=z9hG4bKPjDb30Dx0sH-ozn9QB.cCCboyU.atR97aM Max-Forwards: 70 From: "saul" <sip:saul@ag-projects.com>;tag=UCpGKVZbQQx7BUKYtiuPEX668oa9jaU7 To: <sip:audience@amoocon.de>;tag=as59aef35c Call-ID: DEWDfu63OACwYeQk7MrhmRhRq.1cqqis CSeq: 10633 BYE Route: <sip:81.23.228.129;lr;ftag=UCpGKVZbQQx7BUKYtiuPEX668oa9jaU7;did=641.a8a9c553> User-Agent: blink-0.18.2 Content-Length: 0 You can Blink tomorrow at 14:00 @saghul @agprojects saul@ag-projects.com sip:saul@ag-projects.com Amoocon 2010