nutss: a sip based approach to udp & tcp network connectivityacpang/course/voip_2005/... ·...
TRANSCRIPT
![Page 1: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/1.jpg)
NUTSS: A SIP Based Approach to UDP & TCP Network Connectivity
VoIP SIP related Presentation
P93942009 左家榮R93922115 吳瑞傑R93942036 彭冠仁
![Page 2: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/2.jpg)
Outline
• Introduction• Reference• STUN(T), TURN and ICE• Port Prediction• NAT TCP Solution• Issues• Conclusion• Discussion
![Page 3: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/3.jpg)
Introduction• NAT let network connectivity between IP
hosts become more complex• SIP has been extended to establish direct
UDP (ICE), and indirect TCP connection (TURN) between hosts behind NAT and firewalls– How about direct TCP connection ?
• NUTSS : Nat, URI, TUNNEL, SIP, STUNT• Why can’t SIP be used to establish all kinds
of P2P communication ?– Socket-like API
![Page 4: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/4.jpg)
Reference• [1] Saikat Guha, Yutaka Takeda, Paul Francis,
"NUTSS : a SIP-based approach to UDP and TCP network connectivity", SIGCOMM(ACM) Aug. 2004
• [2] J. Rosenberg. Internet draft: ICE – Interactive Connectivity Establishment, Feb. 2004.
• [3] J. Rosenberg, R. Mahy, and C. Huitema. Internet draft: TURN – Traversal Using Relay NAT, Feb. 2004
• [4] J. Rosenberg, J. Weinberger, C. Huitema, and R. Mahy. RFC 3489: STUN – Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs), Mar. 2003
• [5] S. Guha Cornell U., STUNT - Simple Traversal of UDP Through NATs and TCP too, December 11, 2004
![Page 5: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/5.jpg)
Outline
• Introduction• Reference• STUN(T), TURN and ICE• Port Prediction• NAT TCP Solution• Issues• Conclusion• Discussion
![Page 6: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/6.jpg)
STUN(T) overview
• STUN : Simple Traversal of UDP Through NATs
• STUNT - Simple Traversal of UDP Through NATs and TCP too
• STUN(T) allows a host to learn the global IP address and UDP(TCP) port assigned by its NAT box
• This address can be subsequently conveyed by SIP to allow direct UDP (TCP) connectivity between hosts
192.168.1.100:5566global ip : global port? ?
![Page 7: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/7.jpg)
NAT variations
• Full Cone • Restricted Cone • Port Restricted Cone• Symmetric
![Page 8: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/8.jpg)
Cone NAT Type
ab
ab
LP GP
ip=x
ip=yNAT
Host
* Full Cone* Restricted Cone* Port Restricted Cone
(local ip, local port)
(global ip, global port)
![Page 9: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/9.jpg)
Symmetric NAT Type
ab
ab
LP
GP0GP1GP2GP3
ip=x
ip=yNAT
Host
(local ip, local port, remote ip, remote port)
![Page 10: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/10.jpg)
STUN(T) Architecture
• STUN(T) Client– An entity that generate STUN(T) requests– Which can execute on user’s PC or network server
• STUN(T) Server– An entity that receive STUN(T) requests and
sends STUN(T) responses– Generally attached to the public internet
![Page 11: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/11.jpg)
STUN(T) Binding Request and Response
STUN(T) Client
NAT orFirewall
STUN(T) Server
IP A/ Port B IP C/ Port D
(IP C/ Port D)(IP C/ Port D)
![Page 12: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/12.jpg)
TURN overview• TURN : Traversal Using Relay NAT• TURN allows a host to select a globally-
addressable TCP relay• It can subsequently be used to bridge a
TCP connection between two NATedhosts
• TURN does not allow direct connectivity between NATed hosts– Indirect TCP connection !
![Page 13: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/13.jpg)
TURN Architecture
Addr: Y
Addr:X PubAddr: S
Send to S
Addr: T
Forward to X
S and Y setup ConnectionAddr: Z
Send to S
Nat Server
TURN Server
Client 1
Client 2
Other host
Connect T
Addr: X
Registered id : S
Reject !
![Page 14: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/14.jpg)
TURN Introduction
• Every user process can only keep an inbound link– For safety purpose
• May cause heavy load on TURN server
![Page 15: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/15.jpg)
ICE overview
• ICE : Interactive Connectivity Establishment
• A Methodology for NAT Traversal for Multimedia Session Establishment Protocols
• Use STUN and TURN without extensions
• Use SDP as an option
![Page 16: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/16.jpg)
ICE architecture
(1) Gather Addresses(2) Initiate Msg.
(3) Gather Addresses(4) Accept Msg.(5) STUN Checks
(6) STUN Checks
(7) Media(8) Media
![Page 17: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/17.jpg)
Outline
• Introduction• Reference• STUN(T), TURN and ICE• Port Prediction• NAT TCP Solution• Issues• Conclusion• Discussion
![Page 18: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/18.jpg)
Cone NAT Type Port Prediction
pq
pq
LP GP0
ip=z
ip=x
ip=y
STUNT Server
NATHost
![Page 19: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/19.jpg)
Symmetric NAT Type Port Prediction
pq
pq
LP
GP0GP1GP2GP3GP4
ip=z
ip=x
ip=y
STUNT Server
NAT
Host
* Most NAT use uniform increment on GP#* We can do nothing on random mapping !
(local ip, local port, remote ip, remote port)
![Page 20: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/20.jpg)
Issues with Port Prediction
• We don’t want an interruption while determining what kind of NAT it’s behind
• There is a gap in time between the probe flow to the STUNT box and the subsequent flow to the remote host– The gap depends on whether we know the
GP and GA of the remote host or not
![Page 21: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/21.jpg)
Issues with Port Prediction
Probe (s)
Mapping
Predicted mapping
Remote host’s mapping
TCP/UDP Packet
Opensocket
Re-opensocket
Host Nat STUNT
gap
![Page 22: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/22.jpg)
Likelihood of Failure
• Survey several NAT boxes on the market– Netgear, Linksys, Dlink, Hawking, Speedstream
• Consider the majority type of NAT that customers will choose– Home users simple NAT Boxes
• No random port assignment machines• Very few port interrupt problems
– Enterprise users • Connection fail results from their manager’s
policy !
![Page 23: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/23.jpg)
Outline
• Introduction• Reference• STUN(T), TURN and ICE• Port Prediction• NAT TCP Solution• Issues• Conclusion• Discussion
![Page 24: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/24.jpg)
NAT TCP Possible Solutions
• Candidate solution:– Allow users to explicitly make a new port
mapping of firewall rule• But you should define the protocol first and make sure
that NAT Box producers will take your advice!– Simultaneous SYN packet sending by TCP
protocol specification• But MS windows does not support
![Page 25: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/25.jpg)
Simultaneous Open in TCP
From W. RICHARD STEVENS : UNIX Network Programming Volumn1
Use four packets to establish the connection
![Page 26: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/26.jpg)
Simultaneous Open in TCP on Linux
![Page 27: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/27.jpg)
New Strategy• Consider the author’s new strategy:
– Both tcp endpoints send SYN with very short TTL to enable the predicted ports
– Use SIP network to send port end SYN information to each other
– Use STUNT server to generate spoofed SYNACK
– Client sends normal ACK back to establish the connection
![Page 28: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/28.jpg)
New Strategy
SYNACK (spoofed)
#seq=S1, #ack=S2+1
TURN STUNT
Encapsulated SYN
Encapsulated SYN
SYNACK (spoofed)
#seq=S2, #ack=S1+1
Encapsulated SYNACKEncapsulated SYNACK
Intent to connect
AcceptPort prediction Port prediction
Global mapping
Global mapping
SYN (low TTL) #seq=S1 SYN (low TTL) #seq=S2
TCP ACK #ack=S2+1 TCP ACK
#ack=S1+1
NAT N NAT MClient A Client B
![Page 29: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/29.jpg)
A New Solution: Negotiate Stage• Sender & receiver make sure that a
connection will set up • Each endpoint ask STUNT server for
next-connection-port • Exchange the port information (GP) to
each other
![Page 30: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/30.jpg)
A New Solution: TCP setup• Each end point send a SYN packet with
very short TTL• keep the SYN that just have sent out• Both endpoints send the SYN stored at
previous step to the other via TURN server• Send the SYN packets (one form its raw
socket and one from the other) to STUNT server and the server returns spoofed SYNACK
• Client sends normal ACK back to establish the connection
![Page 31: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/31.jpg)
Outline
• Introduction• Reference• STUN(T), TURN and ICE• Port Prediction• NAT TCP Solution• Issues• Conclusion• Discussion
![Page 32: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/32.jpg)
NAT Characteristics
• NAT may release the port mapping in response to an ICMP TTL Exceed message
• The hop count between two NATs can’t be too small– Drop silently– Return ICMP error– TCP RST packet
![Page 33: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/33.jpg)
Other Requirements
• We may need super-user permission to create raw sockets
• Different OSs have different responses to an ICMP error– Block unwanted ICMP error message
• The STUNT server must have the ability to spoof packets from arbitrary IPs
![Page 34: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/34.jpg)
TCP Connection Setup
SYNACK (spoofed)
TURN STUNT
Encapsulated SYN
Encapsulated SYN
SYNACK (spoofed)Encapsulated SYNACK
Encapsulated SYNACK
Intent to connect
AcceptPort prediction Port prediction
Global mapping
Global mapping
SYN (low TTL) SYN (low TTL)
TCP ACK
TCP ACK
NAT N NAT MClient A Client B
![Page 35: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/35.jpg)
A less general approachTURN STUNT
Intent to connect
AcceptPort prediction Port prediction
Global mapping
Global mapping
SYN (low TTL)
NAT N NAT MClient A Client B
Close the socket and reopen for listening
Ready to receive connection
TCP SYNACK
TCP SYN
TCP ACK
![Page 36: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/36.jpg)
Other Requirements
• A less general approach need not to spoof packets– NAT N may complain about the incoming
SYN– Abort the connection at A may result in a
RST which would close the mapping in NAT N
![Page 37: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/37.jpg)
Outline
• Introduction• Reference• STUN(T), TURN and ICE• Port Prediction• NAT TCP Solution• Issues• Conclusion• Discussion
![Page 38: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/38.jpg)
Conclusion
• This paper presents a technique which expands the scope of connectivity establishment through NATs
• Suggest that it’s appropriate to expand ICE/STUN/TURN to include all data communications between P2P users
![Page 39: NUTSS: A SIP Based Approach to UDP & TCP Network Connectivityacpang/course/voip_2005/... · 2005-04-19 · Reference • [1] Saikat Guha, Yutaka Takeda, Paul Francis, "NUTSS : a SIP-based](https://reader034.vdocuments.mx/reader034/viewer/2022042414/5f2f5125afb965482f54f290/html5/thumbnails/39.jpg)
Discussion• Firewall and proxy server are both
problems– Restricted remote open port number 80– HTTP only– Proxy
• Skype’s behavior under firewall and NAT– Skype has solved the above problems– Skype permits the super node behave as a
relay server like a TURN server