Java Rockx wrote:
I full agree with you. I see that we've taken different approachs to NAT. We do not use STUN because:
- the two opensource STUN projects are really not written well,no
offense to the authors :)
That is interesting. We use vovida stun and have not experienced any problems at all. What exactly are you referring to?
- it adds a new layer of complexity to support
That's true.
- it forces the SIP users to have additional settings on their SIP
phones/UAs
Ditto.
Instead we do 100% transparent RTP proxying with mediaproxy. However, we did not want all that RTP traffic to pass through our servers so we __only__ proxy RTP streams when one or both SIP clients are behind a NAT __or__ when a client is accessing the voicemail system (see my other posts on how I have Asterisk on a 10.x IP network)
The benefit of doing NAT traversal this way is that we believe it scales very well and is the most simple to maintain and support. We've always taken the approach that we're going to put a million customers on our VoIP platform and RTP is a show stopper if you can't keep up with load demands.
We avoid this by making sure customers connect their IAD up as follows:
INTERNET ----- Broadband Router ----- IAD ----- PC
We can do this because we only support IADs that are routers, such as the UTstarcom iAN-02EX or the Grandstream 486. We also ship the IADs locked down so that customers cannot modify their settings. The UTstarcom allows us to remotely change the configuration. All this translates to users having their IADs with public IPs and therefore, RTP doesn't hit our servers.
Exactly! And that's the problem. If you are to support (like us), regular SIP phones hooked up on a router somewhere, you cannot do this. Either you proxy everything (which as you say, is very bad, indeed) or you use STUN...
But hey, we have now started to detail the reference design. What kind of UAs should we support? ;-) g-)