SlideShare a Scribd company logo

Nat traversal in WebRTC context

AudioCodes
AudioCodes

A presentation by Yossi Zada from AudioCodes at the 2nd WebRTC meetup in Israel talking about NAT Traversal

Technology
1 of 17
Yossi Zadah NAT Traversal October 2013
WebRTC is:  WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple Javascript APIs.  WebRTC is a media engine with JavaScript APIs.  WebRTC Allows developers to add realtime voice calls, video chats and file sharing to their web apps without the need for plug-ins.  The WebRTC initiative is a project supported by Google, Mozilla and Opera.
How does it work? Web Browser A Java Script code calls browser APIs to establish a call JavaScript APIs browser 1. HTML & JavaScript Web Server Call signaling 2. HTML & JavaScript Web Browser B WebRTC is a set of standardized browser APIs
WebRTC in Specs APIs by W3C & Protocols by IETF  Connectivity  ICE, STUN and TRUN  Signaling:  Signaling protocol not determined  WebSocket  Must support SDP form to implement ICE  Media  DTLS for key exchange for SRTP  SRTP  Bundle and Media Multiplexing  Coders  Voice Coders: Opus and G.711  Video Coder: VP8 (not final)
Network Address Translation  Network Address Translation (NAT) is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another.  This mechanism is implemented in a routing device that uses stateful translation tables to map the "hidden" addresses into a single address and then rewrites the outgoing IP packets on exit so that they appear to originate from the router.  In the reverse communications path, responses are mapped back to the originating IP address using the rules ("state") stored in the translation tables.  The translation table rules established in this fashion are flushed after a short period without new traffic refreshing their state.
STUN - Session Traversal Utilities for NAT  STUN is a standardized set of methods and a network protocol to allow an end host to discover its public IP address if it is located behind a NAT.  It is used to permit NAT traversal for applications of realtime voice, video, messaging, and other interactive IP communications.  STUN is intended to be a tool to be used by other protocols, such as ICE. STUN Server STUN Response Your address is 192.168.10.10:5000 STUN Query What’s my IP address
Different types of NAT  Network address translation is implemented in a variety of schemes of translating addresses and port numbers, each affecting application communication protocols differently.  Different NAT implementations is classified as:  Full cone NAT  Restricted cone NAT  Port restricted cone NAT  Symmetric NAT
Non- Symmetric NAT  Full cone, Restricted cone and Port restricted cone NATs are presenting a “static” nature of the mapping.  The NAT mapping is according the source only.  A STUN query can predict the mapping. STUN Server 1 STUN Server 2 STUN Query What’s my IP address STUN Response Your address is 200.200.1.1:1000 STUN Query What’s my IP address Static NAT STUN Response Your address is 200.200.1.1:1000
Symmetric NAT  Each request from the same internal IP address and port to a specific destination IP address and port is mapped to a unique external source IP address and port.  The mapping is done by a combination of the source and destination address.  A STUN query is varies according the destination. STUN Server 1 STUN Server 2 STUN Query What’s my IP address STUN Response Your address is 200.200.1.1:1000 STUN Query What’s my IP address Symmetric NAT STUN Response Your address is 200.200.1.1:2000 Identity Crisis
Why symmetric NAT is challenging for SIP ?  For symmetric NAT the STUN query is irrelevant , since the STUN answer is relevant only when communicating with the STUN server, when communicating with other host the NAT will map a new IP and port.  In case that a VoIP client is located after a symmetric NAT, the client can’t share it’s own address (media) with the other side of the call.  In case that two media devices located behind symmetric NAT they can’t establish a call and must use an external media relay server – TURN server.
SBC as a result of a standard mistake  Probably the single biggest mistake in SIP design was ignoring the existence of NATs.  This error came from a belief in IETF leadership that IP address space would be exhausted more rapidly and would necessitate global upgrade to IPv6 and eliminate need for NATs. The SIP standard has assumed that NATs do not exist.  SIP simply didn't work for the majority of Internet users who are behind NATs.  At the same time it became apparent that the standardization life-cycle is slower than how the market ticks: SBCs were born, and began to fix what the standards failed to do: NAT traversal.
How SBC solves the NAT traversal issue?  An SBC is NOT located behind symmetric NAT, therefore it always knows its own signaling and media addresses.  When using an SBC to solve the NAT traversal issues the most common approach for SBC is to act as the public interface of the user agents.  This is achieved by replacing the user agent’s contact information with those of the SBC.  For remote user the SBC waits for the 1st incoming media packet and latches to its source IP. Remote User IP Phone 1 FW Symmetric NAT SIP SDP from IPP includes wrong IP:port SIP SIP SDP from SBC includes Correct IP:port SBC sends the media to the source IP address of the 1st incoming packet SBC waits for The 1st incoming packet IP Phone 2
ICE in a nutshell  ICE resolves the connectivity issue at the signaling stage, via SDP negotiation.  The caller gathers candidates, where each candidate is a potential address for receiving media.  Three different types of candidates  Host candidate (local address)  Server Reflexive candidates (NAT residing addresses)  Relayed candidates (TURN server address –a host acting as a relay towards the agent)  The callee gathers its own three candidates and sends them to the caller. And by using STUN it start checking connectivity toward the caller local and NAT residing addressed.  The caller checks connectivity towards the addresses provided by the callee and chooses the best pair, LAN, NAT residing and for the worst case scenario (both clients are behind symmetric NAT) TURN allocation.
ICE How does it work? STUN server TURN server NAT Caller WebRTC server Callee
ICE – Session Flow Gather Local candidates Gather Server Reflexive candidates using STUN Gather Relayed candidates from the TURN server Select the best candidates Perform Media Check on all peer candidates Receive peer candidates from the SIP message Exchange final candidates with the peer Check the connection type Activate UDP/TCP socket
Thank You!

Recommended

ICE basic
ICE basicICE basic
ICE basicVu Nguyen
 
From NAT to NAT Traversal
From NAT to NAT TraversalFrom NAT to NAT Traversal
From NAT to NAT TraversalLi-Wei Yao
 
ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPSaúl Ibarra Corretgé
 
NAT Traversal
NAT TraversalNAT Traversal
NAT TraversalDavide Carboni
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment RoutingAPNIC
 
Astricon 10 (October 2013) - SIP over WebSocket on Kamailio
Astricon 10 (October 2013) - SIP over WebSocket on KamailioAstricon 10 (October 2013) - SIP over WebSocket on Kamailio
Astricon 10 (October 2013) - SIP over WebSocket on KamailioCrocodile WebRTC SDK and Cloud Signalling Network
 
Kamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesPaolo Visintin
 
Benefits of Multi-rail Cluster Architectures for GPU-based Nodes
Benefits of Multi-rail Cluster Architectures for GPU-based NodesBenefits of Multi-rail Cluster Architectures for GPU-based Nodes
Benefits of Multi-rail Cluster Architectures for GPU-based Nodesinside-BigData.com
 

Recommended

ICE basic
ICE basicICE basic
ICE basicVu Nguyen
 
From NAT to NAT Traversal
From NAT to NAT TraversalFrom NAT to NAT Traversal
From NAT to NAT TraversalLi-Wei Yao
 
ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPSaúl Ibarra Corretgé
 
NAT Traversal
NAT TraversalNAT Traversal
NAT TraversalDavide Carboni
 
WAN SDN meet Segment Routing
WAN SDN meet Segment RoutingWAN SDN meet Segment Routing
WAN SDN meet Segment RoutingAPNIC
 
Astricon 10 (October 2013) - SIP over WebSocket on Kamailio
Astricon 10 (October 2013) - SIP over WebSocket on KamailioAstricon 10 (October 2013) - SIP over WebSocket on Kamailio
Astricon 10 (October 2013) - SIP over WebSocket on KamailioCrocodile WebRTC SDK and Cloud Signalling Network
 
Kamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesPaolo Visintin
 
Benefits of Multi-rail Cluster Architectures for GPU-based Nodes
Benefits of Multi-rail Cluster Architectures for GPU-based NodesBenefits of Multi-rail Cluster Architectures for GPU-based Nodes
Benefits of Multi-rail Cluster Architectures for GPU-based Nodesinside-BigData.com
 
Best practices in synchronizing IP-based packet broadcasting networks
Best practices in synchronizing IP-based packet broadcasting networksBest practices in synchronizing IP-based packet broadcasting networks
Best practices in synchronizing IP-based packet broadcasting networksADVA
 
Juniper Platform Overview
Juniper Platform OverviewJuniper Platform Overview
Juniper Platform OverviewHussein Elmenshawy
 
High Accuracy Distance Measurement for Bluetooth Based on Phase Ranging
High Accuracy Distance Measurement for Bluetooth Based on Phase RangingHigh Accuracy Distance Measurement for Bluetooth Based on Phase Ranging
High Accuracy Distance Measurement for Bluetooth Based on Phase RangingEalwan Lee
 
STUN protocol
STUN protocolSTUN protocol
STUN protocolGiacomo Vacca
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionOlle E Johansson
 
Sdh alarms performance & monitoring
Sdh alarms performance & monitoringSdh alarms performance & monitoring
Sdh alarms performance & monitoringmanudibango
 
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...Ryuichi Yasunaga
 
Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source WorldLorenzo Miniero
 
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersKamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersDaniel-Constantin Mierla
 
MPLS on Router OS V7 - Part 2
MPLS on Router OS V7 - Part 2MPLS on Router OS V7 - Part 2
MPLS on Router OS V7 - Part 2GLC Networks
 
Kamailio on Docker
Kamailio on DockerKamailio on Docker
Kamailio on DockerChien Cheng Wu
 
UHD ATSC 3.0 송신기술
UHD ATSC 3.0 송신기술UHD ATSC 3.0 송신기술
UHD ATSC 3.0 송신기술Jaekwon Lee
 
MPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteMPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteBruno Decraene
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-aWaheed Ali
 
Differences of the Cisco Operating Systems
Differences of the Cisco Operating SystemsDifferences of the Cisco Operating Systems
Differences of the Cisco Operating Systems美兰 曾
 
MPLS basic interview questions and Answers
MPLS basic interview questions and AnswersMPLS basic interview questions and Answers
MPLS basic interview questions and AnswersNetworKingStudy
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Bruno Teixeira
 
Bluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case StudyBluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case StudyFReeze FRancis
 
Top 5 Challenges To Add Web Calls to Truphone VoIP Platform
Top 5 Challenges To Add Web Calls to Truphone VoIP PlatformTop 5 Challenges To Add Web Calls to Truphone VoIP Platform
Top 5 Challenges To Add Web Calls to Truphone VoIP PlatformGiacomo Vacca
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPSean Flores
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)Jeff Green
 

More Related Content

What's hot

Best practices in synchronizing IP-based packet broadcasting networks
Best practices in synchronizing IP-based packet broadcasting networksBest practices in synchronizing IP-based packet broadcasting networks
Best practices in synchronizing IP-based packet broadcasting networksADVA
 
High Accuracy Distance Measurement for Bluetooth Based on Phase Ranging
High Accuracy Distance Measurement for Bluetooth Based on Phase RangingHigh Accuracy Distance Measurement for Bluetooth Based on Phase Ranging
High Accuracy Distance Measurement for Bluetooth Based on Phase RangingEalwan Lee
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionOlle E Johansson
 
Sdh alarms performance & monitoring
Sdh alarms performance & monitoringSdh alarms performance & monitoring
Sdh alarms performance & monitoringmanudibango
 
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...Ryuichi Yasunaga
 
Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source WorldLorenzo Miniero
 
MPLS on Router OS V7 - Part 2
MPLS on Router OS V7 - Part 2MPLS on Router OS V7 - Part 2
MPLS on Router OS V7 - Part 2GLC Networks
 
UHD ATSC 3.0 송신기술
UHD ATSC 3.0 송신기술UHD ATSC 3.0 송신기술
UHD ATSC 3.0 송신기술Jaekwon Lee
 
MPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteMPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteBruno Decraene
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address PlanningAPNIC
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-aWaheed Ali
 
Differences of the Cisco Operating Systems
Differences of the Cisco Operating SystemsDifferences of the Cisco Operating Systems
Differences of the Cisco Operating Systems美兰 曾
 
MPLS basic interview questions and Answers
MPLS basic interview questions and AnswersMPLS basic interview questions and Answers
MPLS basic interview questions and AnswersNetworKingStudy
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Bruno Teixeira
 
Bluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case StudyBluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case StudyFReeze FRancis
 
Top 5 Challenges To Add Web Calls to Truphone VoIP Platform
Top 5 Challenges To Add Web Calls to Truphone VoIP PlatformTop 5 Challenges To Add Web Calls to Truphone VoIP Platform
Top 5 Challenges To Add Web Calls to Truphone VoIP PlatformGiacomo Vacca
 

What's hot (20)

Best practices in synchronizing IP-based packet broadcasting networks
Best practices in synchronizing IP-based packet broadcasting networksBest practices in synchronizing IP-based packet broadcasting networks
Best practices in synchronizing IP-based packet broadcasting networks
 
Juniper Platform Overview
Juniper Platform OverviewJuniper Platform Overview
Juniper Platform Overview
 
High Accuracy Distance Measurement for Bluetooth Based on Phase Ranging
High Accuracy Distance Measurement for Bluetooth Based on Phase RangingHigh Accuracy Distance Measurement for Bluetooth Based on Phase Ranging
High Accuracy Distance Measurement for Bluetooth Based on Phase Ranging
 
STUN protocol
STUN protocolSTUN protocol
STUN protocol
 
Kamailio :: A Quick Introduction
Kamailio :: A Quick IntroductionKamailio :: A Quick Introduction
Kamailio :: A Quick Introduction
 
Sdh alarms performance & monitoring
Sdh alarms performance & monitoringSdh alarms performance & monitoring
Sdh alarms performance & monitoring
 
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
【English version】3GPP 5G Standalone Access Registration Call flow_Rev3.00_202...
 
Janus + Audio @ Open Source World
Janus + Audio @ Open Source WorldJanus + Audio @ Open Source World
Janus + Audio @ Open Source World
 
Kamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load BalancersKamailio - Load Balancing Load Balancers
Kamailio - Load Balancing Load Balancers
 
MPLS on Router OS V7 - Part 2
MPLS on Router OS V7 - Part 2MPLS on Router OS V7 - Part 2
MPLS on Router OS V7 - Part 2
 
Kamailio on Docker
Kamailio on DockerKamailio on Docker
Kamailio on Docker
 
UHD ATSC 3.0 송신기술
UHD ATSC 3.0 송신기술UHD ATSC 3.0 송신기술
UHD ATSC 3.0 송신기술
 
MPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteMPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
MPLS WC 2014 Segment Routing TI-LFA Fast ReRoute
 
IPv6 Address Planning
IPv6 Address PlanningIPv6 Address Planning
IPv6 Address Planning
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a
 
Differences of the Cisco Operating Systems
Differences of the Cisco Operating SystemsDifferences of the Cisco Operating Systems
Differences of the Cisco Operating Systems
 
MPLS basic interview questions and Answers
MPLS basic interview questions and AnswersMPLS basic interview questions and Answers
MPLS basic interview questions and Answers
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
 
Bluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case StudyBluetooth Low Energy - A Case Study
Bluetooth Low Energy - A Case Study
 
Top 5 Challenges To Add Web Calls to Truphone VoIP Platform
Top 5 Challenges To Add Web Calls to Truphone VoIP PlatformTop 5 Challenges To Add Web Calls to Truphone VoIP Platform
Top 5 Challenges To Add Web Calls to Truphone VoIP Platform
 

Similar to Nat traversal in WebRTC context

AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPSean Flores
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)Jeff Green
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different thingsVOIP2DAY
 
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET Journal
 
Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan Pt 2Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan Pt 2Carl Ford
 
Clase 1 Direccionamiento IPv4.pdf
Clase 1 Direccionamiento IPv4.pdfClase 1 Direccionamiento IPv4.pdf
Clase 1 Direccionamiento IPv4.pdfFERNANDOBONILLA43
 
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...IRJET Journal
 
WebRTC Introduction & Basics
WebRTC Introduction & BasicsWebRTC Introduction & Basics
WebRTC Introduction & BasicsMuhammad Ali
 
VoIP and multimedia networking
VoIP and multimedia networkingVoIP and multimedia networking
VoIP and multimedia networkingsangusajjan
 
Tcp ip protocol
Tcp ip protocol Tcp ip protocol
Tcp ip protocol saurav-IT
 
NZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NATNZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NATMark Smith
 
Lync 2010 deep dive edge
Lync 2010 deep dive edgeLync 2010 deep dive edge
Lync 2010 deep dive edgeHarold Wong
 
Low-cost wireless mesh communications based on openWRT and voice over interne...
Low-cost wireless mesh communications based on openWRT and voice over interne...Low-cost wireless mesh communications based on openWRT and voice over interne...
Low-cost wireless mesh communications based on openWRT and voice over interne...IJECEIAES
 
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PROIDEA
 

Similar to Nat traversal in WebRTC context (20)

AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPAN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things
 
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
IRJET- Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP ...
 
Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan Pt 2Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan Pt 2
 
Introduction To SIP
Introduction To SIPIntroduction To SIP
Introduction To SIP
 
Clase 1 Direccionamiento IPv4.pdf
Clase 1 Direccionamiento IPv4.pdfClase 1 Direccionamiento IPv4.pdf
Clase 1 Direccionamiento IPv4.pdf
 
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
IRJET - Overview of Hole Punching: ICMP Hole Punching, TCP Hole Punching, UDP...
 
WebRTC Introduction & Basics
WebRTC Introduction & BasicsWebRTC Introduction & Basics
WebRTC Introduction & Basics
 
VoIP and multimedia networking
VoIP and multimedia networkingVoIP and multimedia networking
VoIP and multimedia networking
 
Ccna1v3 mod09
Ccna1v3 mod09Ccna1v3 mod09
Ccna1v3 mod09
 
Tcp ip protocol
Tcp ip protocol Tcp ip protocol
Tcp ip protocol
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
NZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NATNZNOG 2020 - The Trouble With NAT
NZNOG 2020 - The Trouble With NAT
 
Lync 2010 deep dive edge
Lync 2010 deep dive edgeLync 2010 deep dive edge
Lync 2010 deep dive edge
 
Skype
SkypeSkype
Skype
 
Low-cost wireless mesh communications based on openWRT and voice over interne...
Low-cost wireless mesh communications based on openWRT and voice over interne...Low-cost wireless mesh communications based on openWRT and voice over interne...
Low-cost wireless mesh communications based on openWRT and voice over interne...
 
Ccna1v3 Mod09
Ccna1v3 Mod09Ccna1v3 Mod09
Ccna1v3 Mod09
 
Nat
NatNat
Nat
 
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
PLNOG 7: Emil Gągała, Sławomir Janukowicz - carrier grade NAT
 

Recently uploaded

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Nat traversal in WebRTC context

  • 2. WebRTC is:  WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple Javascript APIs.  WebRTC is a media engine with JavaScript APIs.  WebRTC Allows developers to add realtime voice calls, video chats and file sharing to their web apps without the need for plug-ins.  The WebRTC initiative is a project supported by Google, Mozilla and Opera.
  • 3. How does it work? Web Browser A Java Script code calls browser APIs to establish a call JavaScript APIs browser 1. HTML & JavaScript Web Server Call signaling 2. HTML & JavaScript Web Browser B WebRTC is a set of standardized browser APIs
  • 4. WebRTC in Specs APIs by W3C & Protocols by IETF  Connectivity  ICE, STUN and TRUN  Signaling:  Signaling protocol not determined  WebSocket  Must support SDP form to implement ICE  Media  DTLS for key exchange for SRTP  SRTP  Bundle and Media Multiplexing  Coders  Voice Coders: Opus and G.711  Video Coder: VP8 (not final)
  • 5.
  • 6. Network Address Translation  Network Address Translation (NAT) is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another.  This mechanism is implemented in a routing device that uses stateful translation tables to map the "hidden" addresses into a single address and then rewrites the outgoing IP packets on exit so that they appear to originate from the router.  In the reverse communications path, responses are mapped back to the originating IP address using the rules ("state") stored in the translation tables.  The translation table rules established in this fashion are flushed after a short period without new traffic refreshing their state.
  • 7. STUN - Session Traversal Utilities for NAT  STUN is a standardized set of methods and a network protocol to allow an end host to discover its public IP address if it is located behind a NAT.  It is used to permit NAT traversal for applications of realtime voice, video, messaging, and other interactive IP communications.  STUN is intended to be a tool to be used by other protocols, such as ICE. STUN Server STUN Response Your address is 192.168.10.10:5000 STUN Query What’s my IP address
  • 8. Different types of NAT  Network address translation is implemented in a variety of schemes of translating addresses and port numbers, each affecting application communication protocols differently.  Different NAT implementations is classified as:  Full cone NAT  Restricted cone NAT  Port restricted cone NAT  Symmetric NAT
  • 9. Non- Symmetric NAT  Full cone, Restricted cone and Port restricted cone NATs are presenting a “static” nature of the mapping.  The NAT mapping is according the source only.  A STUN query can predict the mapping. STUN Server 1 STUN Server 2 STUN Query What’s my IP address STUN Response Your address is 200.200.1.1:1000 STUN Query What’s my IP address Static NAT STUN Response Your address is 200.200.1.1:1000
  • 10. Symmetric NAT  Each request from the same internal IP address and port to a specific destination IP address and port is mapped to a unique external source IP address and port.  The mapping is done by a combination of the source and destination address.  A STUN query is varies according the destination. STUN Server 1 STUN Server 2 STUN Query What’s my IP address STUN Response Your address is 200.200.1.1:1000 STUN Query What’s my IP address Symmetric NAT STUN Response Your address is 200.200.1.1:2000 Identity Crisis
  • 11. Why symmetric NAT is challenging for SIP ?  For symmetric NAT the STUN query is irrelevant , since the STUN answer is relevant only when communicating with the STUN server, when communicating with other host the NAT will map a new IP and port.  In case that a VoIP client is located after a symmetric NAT, the client can’t share it’s own address (media) with the other side of the call.  In case that two media devices located behind symmetric NAT they can’t establish a call and must use an external media relay server – TURN server.
  • 12. SBC as a result of a standard mistake  Probably the single biggest mistake in SIP design was ignoring the existence of NATs.  This error came from a belief in IETF leadership that IP address space would be exhausted more rapidly and would necessitate global upgrade to IPv6 and eliminate need for NATs. The SIP standard has assumed that NATs do not exist.  SIP simply didn't work for the majority of Internet users who are behind NATs.  At the same time it became apparent that the standardization life-cycle is slower than how the market ticks: SBCs were born, and began to fix what the standards failed to do: NAT traversal.
  • 13. How SBC solves the NAT traversal issue?  An SBC is NOT located behind symmetric NAT, therefore it always knows its own signaling and media addresses.  When using an SBC to solve the NAT traversal issues the most common approach for SBC is to act as the public interface of the user agents.  This is achieved by replacing the user agent’s contact information with those of the SBC.  For remote user the SBC waits for the 1st incoming media packet and latches to its source IP. Remote User IP Phone 1 FW Symmetric NAT SIP SDP from IPP includes wrong IP:port SIP SIP SDP from SBC includes Correct IP:port SBC sends the media to the source IP address of the 1st incoming packet SBC waits for The 1st incoming packet IP Phone 2
  • 14. ICE in a nutshell  ICE resolves the connectivity issue at the signaling stage, via SDP negotiation.  The caller gathers candidates, where each candidate is a potential address for receiving media.  Three different types of candidates  Host candidate (local address)  Server Reflexive candidates (NAT residing addresses)  Relayed candidates (TURN server address –a host acting as a relay towards the agent)  The callee gathers its own three candidates and sends them to the caller. And by using STUN it start checking connectivity toward the caller local and NAT residing addressed.  The caller checks connectivity towards the addresses provided by the callee and chooses the best pair, LAN, NAT residing and for the worst case scenario (both clients are behind symmetric NAT) TURN allocation.
  • 15. ICE How does it work? STUN server TURN server NAT Caller WebRTC server Callee
  • 16. ICE – Session Flow Gather Local candidates Gather Server Reflexive candidates using STUN Gather Relayed candidates from the TURN server Select the best candidates Perform Media Check on all peer candidates Receive peer candidates from the SIP message Exchange final candidates with the peer Check the connection type Activate UDP/TCP socket