Controlling NAT Bindings using STUN - PowerPoint PPT Presentation

About This Presentation
Title:

Controlling NAT Bindings using STUN

Description:

Controlling NAT Bindings using STUN. draft-wing-behave-nat-control-stun-usage-00. Dan Wing ... Address-Dependent Filtering. Discussion: Is this really a problem? ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 16
Provided by: ietf
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Controlling NAT Bindings using STUN


1
Controlling NAT Bindings using STUN
  • draft-wing-behave-nat-control-stun-usage-00

Dan WingJonathan Rosenberg
2
IPR Notice
  • Cisco has claimed IPR on this technique

3
Motivation SIP Outbound
  • Constant STUN traffic on the proxy
  • CPU and I/O load
  • Traffic on the network (bad for wireless)
  • Mobile power consumption
  • Even worse with SBCs of course
  • REGISTER instead of STUN

Proxy
stun
UAC
4
Motivation ICE and Multilayer NAT
STUN
  • ICE/STUN cant discover server reflexive
    candidates on intermediate NATs
  • Optimal path may not be found as a consequence

Best that ICE can do
NAT
NAT
Optimal
NAT
NAT
NAT
NAT
UA A
UA B
5
Big Idea
  • Embed STUN servers in NAT to enable STUN to
    control the NAT
  • Severely limit the scope of controls to deal with
    security issues
  • Discover these embedded STUN servers by
    bootstrapping off of STUN servers on public
    addresses
  • Embedded in SIP proxies
  • On the public Internet

6
Procedure
7
Learn IP address of outer-most NAT
STUN function in SIP proxy or ICE peer
B
NAT
STUNServer
Endpoint
STUNServer
8
Communicate to NATs embedded STUN Server
  • Adjust binding with REFRESH-INTERVAL
  • Can ONLY adjust binding matching the one for the
    STUN request itself
  • Response has same MAPPED-ADDRESS
  • Response also has MAPPED-INTERNAL-ADDRESS
    (address A)

A
B
NAT
STUNServer
Endpoint
Bindingtable
STUNServer
9
Nested NATs step 1
  • MAPPED-INTERNAL-ADDRESS points to address B

A
B
C
NAT
NAT
Endpoint
STUNServer
Bindingtable
Bindingtable
STUNServer
STUNServer
10
Nested NATs step 2
  • MAPPED-INTERNAL-ADDRESS points to address A
  • Matches Endpoints address were done

A
B
C
NAT
NAT
Endpoint
STUNServer
Bindingtable
Bindingtable
STUNServer
STUNServer
11
Properties and Limitations
12
Properties
  • Preserves STUNs ability to work well with nested
    NATs
  • Superior to UPnP and NAT-PMP
  • Control NAT binding duration of all NATs along
    path
  • Completely eliminates keepalives
  • Limited functionality deals with security issues
  • Automatically learns NAT path topology
  • Allows ICE to better optimize media path

13
Incremental Deployability
  • This is a major issue for NAT control
    technologies
  • STUN control is not necessary for baseline NAT
    traversal
  • That is provided by ICE, sip-outbound
  • Deployment of ICE and SIP-outbound puts STUN in
    clients and network elements
  • This gives incentives to add it to NAT, since
    once its there you can use it to optimize the
    network performance

14
Limitations
  • Address-Dependent Mapping NAT on path
  • Symmetric NAT
  • Address-Dependent Filtering
  • Discussion Is this really a problem?
  • Overlapping NATed address space prematurely
    breaks the done procedure

STUNServer
Endpoint
NAT A
NAT B
10.1.1.x
10.1.1.x
15
Questions
  • draft-wing-behave-nat-control-stun-usage-00
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Controlling NAT Bindings using STUN" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!