[Kamailio-Users] stun/outbound draft...
Aymeric Moizard
jack at atosc.org
Sun Jan 4 01:23:31 CET 2009
On Sat, 3 Jan 2009, Iñaki Baz Castillo wrote:
>> 2009/1/3 Aymeric Moizard <jack at atosc.org>:
>
>> This specification draft-ietf-sip-outbound-16 ios only about SIP:
>> http://tools.ietf.org/html/draft-ietf-sip-outbound-16
>
>True, I didn't read it. Thanks.
You're welcome.
>> So for 100% of UA, STUN is usable for keeping alive and detecting
>> IP changes on the SIP connection.
>>
>> Don't you want kamailio to be standard?
>
>Why do you thing so? Of course I want it. I was just asking a
>question, no more. ;)
It though you were aware of the draft! This draft looks important
to me as a first step, because it's important, for compliance that
the contact header is not changed in INVITEs by proxies... This is
a first step towards message integrity... (Second step is about ICE
discussion below!)
>> For RTP? Even if you put a STUN server on another port, that would
>> not be of any help at all... because only part of the 100% can use
>> the STUN discovered address in their RTP and such solution would not
>> work 100%.
>
>Which is the reason for it? do you mean those routers that "sometimes"
>behave as symmetric NAT router and other times not? Or perhaps you
>mean that even in a normal and correct router (not symmetric NAT) STUN
>would not work on 100% of cases?
Yes. Quoting the new rfc5389 that deprecated old STUN rfc3489:
"STUN is not a NAT traversal solution by itself. Rather, it is a tool
to be used in the context of a NAT traversal solution. This is an
important change from the previous version of this specification (RFC
3489), which presented STUN as a complete solution."
So, what I meant is that STUN is not a global solution for RTP: as you
know, if you open a hole in your NAT using STUN, you cannot be sure you
can receive RTP through this hole. Also, the above new rfc, clearly states
that it's impossible to predict a NAT behavior even if you have made some
test and determined that it was a symmetric NAT for example.
However, the STUN *usage* (wording of ietf rfc5389) described in
"draft-ietf-sip-outbound-16" is a global solution for SIP connection
to "outbound" proxy.
>> Instead for RTP, ICE and TURN are required. That's just a different
>> server that has to be installed: NOT THE SAME as the one running on
>> the SIP server which is ONLY doing STUN binding request.
>
>Well, AFAIK ICE is very far from being interoperable, isn't it?
You are right, but I do not think the draft is guilty there: the
specification is very interoperable and there is no reason which
should prevent application developper to implement it correctly.
I'm using an ICE version of draft-13 in my products and I'm not
interoperable with anyone (never tested any in fact...) but the
solution does work properly in closed environment. No doubt to
me.
>And TURN requires RTP through a media proxy, that is not a very
>scalable solution :(
ICE is a scalable solutions:
* SRV records do the balancing over several TURN server.
* TURN is used ONLY when 2 peers cannot connect together, this means
that it's much better than always offering RTP relay which is
the solution today.
* ICE allow to certify that you are sending the RTP data to your
correspondant (ther is an ICE password in SDP)
* ICE will allow 100% of direct connection and will never use TURN
in a BEHAVE compliant environment: rfc4787. (no symmetric NAT any
more...)
In the future, ICE is supposed to never use TURN at all because all
direct connection will be possible. 0% relay is PLANNED by ietf and
ICE ;)
Isn't it great news for the future? and peer to peer UDP exchange
using a SIP network?
>Thanks for your reply and thanks for your work :)
I thank you all for yours and wish the best for the next
"sip router project"...
I also want to inform people that are not aware that a nice turnserver
is available there:
http://turnserver.sourceforge.net/
That will surely help people to become compliant to ICE!
I'm currently working with it for testing purpose and I
will try to connect it to my kamailio sql database...
tks,
Aymeric MOIZARD / ANTISIP
amsip - http://www.antisip.com
osip2 - http://www.osip.org
eXosip2 - http://savannah.nongnu.org/projects/exosip/
--
Iñaki Baz Castillo
<ibc at aliax.net>
_______________________________________________
Users mailing list
Users at lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list