SlideShare a Scribd company logo

ICE: Taking us out of the NAT darkness

Olle E Johansson
Olle E Johansson

SIP has changed since the publication of RFC 3261 in 2002 - ten years ago. One important addition to the SIP family of protocols is ICE. ICE assists in media setup over complicated networks, like NAT and with dual stack IPv4 and IPv6 interfaces. This presentation is part of Edvina's SIP 2012 project, to help customers write better specifications when purchasing SIP solutions. Read more on http://edvina.net/sip2012

Technology
1 of 31
ICE ICE Taking us out of the NAT darkness. http://edvina.net/sip2012
ICE The goal • Find the best media path between two devices • Manage changes in a complex network • ICE depends on STUN (v2) • Discovery of public IP address + port • ICE depends on TURN • Allocation of public IP address + port for media relay © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE ICE candidate types Alice • HOST candidate: Address on the local network interface (VPN NAT and mobile IP included) • Server Reflexive Addresses: Addresses discovered with STUN (outside NAT) Turn • Relayed Candidates: TURN (RTP proxy) Server addresses © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Indicating Ice support • SIP media tag ”sip.ice” can be included in registrations • SIP extension name ”ice” used in Require: header, not in Supported: • RFC 5768 Contact: 1200@192.168.50.23;ice © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Passing the token • Each STUN check uses a unique SIP ”message authentication code” - MAC • One per candidate and per party involved STUN SIP • These are exchanged in the signalling layer • Prevention from unauthenticated media streams a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-ufrag:8hhY © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Role play ICE Controlling agent • One agent (UA) is controlling, one is controlled agent SIP • The controlling agent decides which media streams to use STUN SIP • The confirmation is done by sending a STUN request on the winning stream, with a flag set to indicate that this will be used • This cancels further ICE processing ICE Controlled agent • In most call setups, the CALLER is the controller © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Re-invite? ICE Controlling agent • If the selected candidates do not match SIP the address in the C and M= lines in the STUN SDP, a reinivite with a new SDP offer RTP SIP should be sent • At any point during the call, ICE can be restarted by anyone sending a re-INVITE with a new offer ICE Controlled agent © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE ICE Lite for hosts with public IP ICE full SIP • Doesn’t send a list of candidates STUN • Doesn’t send STUN requests SIP • Answers to STUN requests • The full agent is the controlling party and selects media IP pair ICE lite on media server with public IP © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Producing an offer • 1. Gather candidates HOST 192.168.40.23 Server Reflexive • 2. Prioritize them 192.0.2.34:48712 • 3. Eliminate redundant candidates From STUN response Relayed • 4. Choose default candidates 198.51.100.23:52124 • 5. Formulate the SDP offer TURN allocation © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Typical configuration PC Host address (Wifi) 192.168.0.23:6001 Host address (VPN) 10.7.17.123:6001 Reflexive address (Turn) 123.123.123.123:2343 Relay address (Turn) 123.123.123.127:7080 Four candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Dual stack PC 192.168.0.23:6001 Host address (Wifi) IPv6 Link local, GLOBAL Host address (VPN) 10.7.17.123:6001 IPv6 VPN Reflexive address (Turn) 123.123.123.123:2343 Relay address (Turn) 123.123.123.127:7080 Seven candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Single stack IPv6 PC Host address (Wifi) IPv6 Link local, ULA, GLOBAL Host address (VPN) IPv6 VPN Reflexive address (Turn) Relay address (Turn) 123.123.123.127:7080 Five candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE INVITE and ICE INVITE with SDP Alice Bob 200 OK with SDP STUN request STUN response STUN request STUN response STUN request + selected flag STUN response Media starts © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE ICE and PRACK • Using ICE; there’s a need to start selection and media a.s.a.p. • If SDP answer is in 183, it has to be sent reliably in order to not miss the oppurtunity to start the ICE selection process • Using PRACK is one way. Another solution is to retransmit the 18x message with SDP until a STUN Bind request is received. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE 18x+sdp speeds up the process • With a 18x-response with SDP, the ICE selection process starts before the user answers. He/She may not answer at all - but it does help the user experience to have media ready when the user answers. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE STUN success • Verification of the response: • The response must be addressed to our sender’s IP and port • The response must be sent from our destination IP and port • The credentials must be correct • Otherwise STUN FAILS © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE ICE failure • If there are no selected ICE candidate pairs in any media stream, then the controlling agent needs to terminate the dialog • If there are at least one successful stream, the dialog continues. Failed streams should be disabled in a new offer © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE ICE SDP using STUN v=0 o=jdoe 2890844526 2890842807 IN IP4 10.0.1.1 s= c=IN IP4 192.0.2.3 The UA suggests using the STUN address t=0 0 a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-ufrag:8hhY m=audio 45664 RTP/AVP 0 b=RS:0 b=RR:0 a=rtpmap:0 PCMU/8000 a=candidate:1 1 UDP 2130706431 10.0.1.1 8998 typ host a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 10.0.1.1 rport 8998 © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Two selection processes Aggressive Regular • Faster conclusion • Slower • May find low-latency media path An implementation could set up the call with aggressive nomination procedures, then re-invite and restart ICE with regular selection to find the best media path. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Aggressive ICE Alice Bob STUN request + selected flag STUN response STUN request STUN response The controller does not wait. The first request that reaches Bob is selected. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE Regular ICE nomination Alice Bob STUN request STUN response STUN request STUN response STUN request + selected flag STUN response The controller waits for results until making a selection © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE ICE delay • If there are many candidates and media streams, a noticeable delay will happen after user ”answers” the call until media starts flowing • With a b2bua in the call path that use ICE, this will happen twice in the same call, which is not good • b2bua could speed up process by sending 183 with a=inactive then re-inviting quickly after 200 OK with a=sendrecv. This restarts ICE, but media is flowing. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE ICE changes to STUN • ICE added new request Attributes types and a new attribute • Adding a new response ICE Priority • Stun username is peer Use-Candidate username plus local username separated by : Ice-Controlling • Username and password are random per session Ice-Controlled • Controller sends local username and password in the SDP © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE RTP keepalives • Activates after 15 secs of no RTP • All agents MUST send NAT keepalives in every media stream • STUN binding requests if the other side supports ice • otherwise RTP no-op, RTP CNG or RTP with incorrect version number (just dropped) © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE IPv4 and IPv6 • Candidates for both address families can be presented • Priority may be discussed, relates to O/S configuration (RFC 6724) © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE New SDP attributes a=candidate a=ice-ufrag a=remote-candidates a=ice-passwd a=ice-lite a=ice-options a=ice-mismatch © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
ICE ICE • Finds the best media path • Takes time at call between two nodes setup • Supports IPv4 and IPv6 • Hard for b2bua’s to deployments support • Binds SIP+SDP to actual • Complex for media developers • Used by Microsoft, Apple (FaceTime), Google + - Hangouts © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
This material is part of the Edvina Learn more about SIP Master Classes SIP2012 at http://edvina.net/sip2012 © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d . The SIP Master Class

Recommended

Rethink the PBX
Rethink the PBXRethink the PBX
Rethink the PBXOlle E Johansson
 
Wireless Bootcamp 2010
Wireless Bootcamp 2010Wireless Bootcamp 2010
Wireless Bootcamp 2010Sarah Bombich
 
Cabling 03 25
Cabling 03 25Cabling 03 25
Cabling 03 25skullcandy648
 
Addressing plans
Addressing plansAddressing plans
Addressing plansenes373
 
13. The Transition to IPv6 and the Necessity for IP Address Management - Frey...
13. The Transition to IPv6 and the Necessity for IP Address Management - Frey...13. The Transition to IPv6 and the Necessity for IP Address Management - Frey...
13. The Transition to IPv6 and the Necessity for IP Address Management - Frey...Digicomp Academy AG
 
Preparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlPreparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlDave Thyssen
 
Wideye Sabre Satcomms
Wideye Sabre SatcommsWideye Sabre Satcomms
Wideye Sabre SatcommsGavin Magid
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
 

Recommended

Rethink the PBX
Rethink the PBXRethink the PBX
Rethink the PBXOlle E Johansson
 
Wireless Bootcamp 2010
Wireless Bootcamp 2010Wireless Bootcamp 2010
Wireless Bootcamp 2010Sarah Bombich
 
Cabling 03 25
Cabling 03 25Cabling 03 25
Cabling 03 25skullcandy648
 
Addressing plans
Addressing plansAddressing plans
Addressing plansenes373
 
13. The Transition to IPv6 and the Necessity for IP Address Management - Frey...
13. The Transition to IPv6 and the Necessity for IP Address Management - Frey...13. The Transition to IPv6 and the Necessity for IP Address Management - Frey...
13. The Transition to IPv6 and the Necessity for IP Address Management - Frey...Digicomp Academy AG
 
Preparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlPreparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlDave Thyssen
 
Wideye Sabre Satcomms
Wideye Sabre SatcommsWideye Sabre Satcomms
Wideye Sabre SatcommsGavin Magid
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
 
ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPSaúl Ibarra Corretgé
 
ICE basic
ICE basicICE basic
ICE basicVu Nguyen
 
Ice
IceIce
IceTony Deng
 
Nat traversal in WebRTC context
Nat traversal in WebRTC contextNat traversal in WebRTC context
Nat traversal in WebRTC contextAudioCodes
 
From NAT to NAT Traversal
From NAT to NAT TraversalFrom NAT to NAT Traversal
From NAT to NAT TraversalLi-Wei Yao
 
AnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksAnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksEyeball Networks
 
Webrtc overview
Webrtc overviewWebrtc overview
Webrtc overviewOlle E Johansson
 
IPv6 and SIP - Myth or Reality?
IPv6 and SIP - Myth or Reality?IPv6 and SIP - Myth or Reality?
IPv6 and SIP - Myth or Reality?Deploy360 Programme (Internet Society)
 
SIP and IPv6 - Can They Get Along?
SIP and IPv6 - Can They Get Along?SIP and IPv6 - Can They Get Along?
SIP and IPv6 - Can They Get Along?Deploy360 Programme (Internet Society)
 
[CM2015] Chapter 5 - Sea Ice Model
[CM2015] Chapter 5 - Sea Ice Model[CM2015] Chapter 5 - Sea Ice Model
[CM2015] Chapter 5 - Sea Ice ModelXinyu Wen
 
Docfoc.com ngn - signaling & protocol analysis
Docfoc.com ngn - signaling & protocol analysisDocfoc.com ngn - signaling & protocol analysis
Docfoc.com ngn - signaling & protocol analysisRashid Khan
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017Juan De Bravo
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocolSanthosh Somu
 
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Voxeo Corp
 
Ejemplos SIP RFC 3261
Ejemplos SIP RFC 3261Ejemplos SIP RFC 3261
Ejemplos SIP RFC 3261Abasota
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephonyPaloSanto Solutions
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Lecture#08 sequence diagrams
Lecture#08 sequence diagramsLecture#08 sequence diagrams
Lecture#08 sequence diagramsbabak danyal
 
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...ALTANAI BISHT
 
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksi
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksiSDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksi
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksiSDP
 
Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Olle E Johansson
 
CRA - overview of vulnerability handling
CRA - overview of vulnerability handlingCRA - overview of vulnerability handling
CRA - overview of vulnerability handlingOlle E Johansson
 

More Related Content

Viewers also liked

ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPSaúl Ibarra Corretgé
 
Nat traversal in WebRTC context
Nat traversal in WebRTC contextNat traversal in WebRTC context
Nat traversal in WebRTC contextAudioCodes
 
From NAT to NAT Traversal
From NAT to NAT TraversalFrom NAT to NAT Traversal
From NAT to NAT TraversalLi-Wei Yao
 
AnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksAnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksEyeball Networks
 
[CM2015] Chapter 5 - Sea Ice Model
[CM2015] Chapter 5 - Sea Ice Model[CM2015] Chapter 5 - Sea Ice Model
[CM2015] Chapter 5 - Sea Ice ModelXinyu Wen
 
Docfoc.com ngn - signaling & protocol analysis
Docfoc.com ngn - signaling & protocol analysisDocfoc.com ngn - signaling & protocol analysis
Docfoc.com ngn - signaling & protocol analysisRashid Khan
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017Juan De Bravo
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocolSanthosh Somu
 
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Voxeo Corp
 
Ejemplos SIP RFC 3261
Ejemplos SIP RFC 3261Ejemplos SIP RFC 3261
Ejemplos SIP RFC 3261Abasota
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation ProtocolMatt Bynum
 
Lecture#08 sequence diagrams
Lecture#08 sequence diagramsLecture#08 sequence diagrams
Lecture#08 sequence diagramsbabak danyal
 
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...ALTANAI BISHT
 
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksi
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksiSDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksi
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksiSDP
 

Viewers also liked (20)

ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIP
 
ICE basic
ICE basicICE basic
ICE basic
 
Ice
IceIce
Ice
 
Nat traversal in WebRTC context
Nat traversal in WebRTC contextNat traversal in WebRTC context
Nat traversal in WebRTC context
 
From NAT to NAT Traversal
From NAT to NAT TraversalFrom NAT to NAT Traversal
From NAT to NAT Traversal
 
AnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball NetworksAnyFirewall Engine & Server by Eyeball Networks
AnyFirewall Engine & Server by Eyeball Networks
 
Webrtc overview
Webrtc overviewWebrtc overview
Webrtc overview
 
IPv6 and SIP - Myth or Reality?
IPv6 and SIP - Myth or Reality?IPv6 and SIP - Myth or Reality?
IPv6 and SIP - Myth or Reality?
 
SIP and IPv6 - Can They Get Along?
SIP and IPv6 - Can They Get Along?SIP and IPv6 - Can They Get Along?
SIP and IPv6 - Can They Get Along?
 
[CM2015] Chapter 5 - Sea Ice Model
[CM2015] Chapter 5 - Sea Ice Model[CM2015] Chapter 5 - Sea Ice Model
[CM2015] Chapter 5 - Sea Ice Model
 
Docfoc.com ngn - signaling & protocol analysis
Docfoc.com ngn - signaling & protocol analysisDocfoc.com ngn - signaling & protocol analysis
Docfoc.com ngn - signaling & protocol analysis
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocol
 
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
Sip Fundamentals and Prospects Tutorial - VoiceCon Orlando 2010
 
Ejemplos SIP RFC 3261
Ejemplos SIP RFC 3261Ejemplos SIP RFC 3261
Ejemplos SIP RFC 3261
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephony
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
 
Lecture#08 sequence diagrams
Lecture#08 sequence diagramsLecture#08 sequence diagrams
Lecture#08 sequence diagrams
 
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
 
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksi
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksiSDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksi
SDP:n ehdotukset sote-yritysten verovälttelyn torjumiseksi
 

More from Olle E Johansson

Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Olle E Johansson
 
CRA - overview of vulnerability handling
CRA - overview of vulnerability handlingCRA - overview of vulnerability handling
CRA - overview of vulnerability handlingOlle E Johansson
 
Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Olle E Johansson
 
The birth and death of PSTN
The birth and death of PSTNThe birth and death of PSTN
The birth and death of PSTNOlle E Johansson
 
WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019Olle E Johansson
 
Kamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffKamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffOlle E Johansson
 
Realtime communication over a dual stack network
Realtime communication over a dual stack networkRealtime communication over a dual stack network
Realtime communication over a dual stack networkOlle E Johansson
 
The Realtime Story - part 2
The Realtime Story - part 2The Realtime Story - part 2
The Realtime Story - part 2Olle E Johansson
 
Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Olle E Johansson
 
Sips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolSips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolOlle E Johansson
 
SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)Olle E Johansson
 
Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Olle E Johansson
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Olle E Johansson
 
2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIPOlle E Johansson
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6Olle E Johansson
 
Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Olle E Johansson
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeOlle E Johansson
 
SIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and moreSIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
 

More from Olle E Johansson (20)

Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)Cybernode.se: Securing the software supply chain (CRA)
Cybernode.se: Securing the software supply chain (CRA)
 
CRA - overview of vulnerability handling
CRA - overview of vulnerability handlingCRA - overview of vulnerability handling
CRA - overview of vulnerability handling
 
Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)Introduction to the proposed EU cyber resilience act (CRA)
Introduction to the proposed EU cyber resilience act (CRA)
 
The birth and death of PSTN
The birth and death of PSTNThe birth and death of PSTN
The birth and death of PSTN
 
WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019WebRTC and Janus intro for FOSS Stockholm January 2019
WebRTC and Janus intro for FOSS Stockholm January 2019
 
Kamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuffKamailio World 2018: Having fun with new stuff
Kamailio World 2018: Having fun with new stuff
 
Kamailio on air
Kamailio on airKamailio on air
Kamailio on air
 
Realtime communication over a dual stack network
Realtime communication over a dual stack networkRealtime communication over a dual stack network
Realtime communication over a dual stack network
 
The Realtime Story - part 2
The Realtime Story - part 2The Realtime Story - part 2
The Realtime Story - part 2
 
Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016Sip2016 - a talk at VOIP2DAY 2016
Sip2016 - a talk at VOIP2DAY 2016
 
Sips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocolSips must die, die, die - about TLS usage in the SIP protocol
Sips must die, die, die - about TLS usage in the SIP protocol
 
SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)SIP :: Half outbound (random notes)
SIP :: Half outbound (random notes)
 
Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!Kamailio World 2016: Update your SIP!
Kamailio World 2016: Update your SIP!
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
 
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
Tio tester av TLS - Transport Layer Security (TLS-O-MATIC.COM)
 
2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP2015 update: SIP and IPv6 issues - staying Happy in SIP
2015 update: SIP and IPv6 issues - staying Happy in SIP
 
TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6TCP/IP Geeks Stockholm :: Introduction to IPv6
TCP/IP Geeks Stockholm :: Introduction to IPv6
 
Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.Why is Kamailio so different? An introduction.
Why is Kamailio so different? An introduction.
 
RFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the timeRFC 7435 - Opportunistic security - Some protection most of the time
RFC 7435 - Opportunistic security - Some protection most of the time
 
SIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and moreSIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and more
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 

ICE: Taking us out of the NAT darkness

  • 1. ICE ICE Taking us out of the NAT darkness. http://edvina.net/sip2012
  • 2. ICE The goal • Find the best media path between two devices • Manage changes in a complex network • ICE depends on STUN (v2) • Discovery of public IP address + port • ICE depends on TURN • Allocation of public IP address + port for media relay © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 3. ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 4. ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 5. ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 6. ICE ICE candidate types Alice • HOST candidate: Address on the local network interface (VPN NAT and mobile IP included) • Server Reflexive Addresses: Addresses discovered with STUN (outside NAT) Turn • Relayed Candidates: TURN (RTP proxy) Server addresses © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 7. ICE Indicating Ice support • SIP media tag ”sip.ice” can be included in registrations • SIP extension name ”ice” used in Require: header, not in Supported: • RFC 5768 Contact: 1200@192.168.50.23;ice © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 8. ICE Passing the token • Each STUN check uses a unique SIP ”message authentication code” - MAC • One per candidate and per party involved STUN SIP • These are exchanged in the signalling layer • Prevention from unauthenticated media streams a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-ufrag:8hhY © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 9. ICE Role play ICE Controlling agent • One agent (UA) is controlling, one is controlled agent SIP • The controlling agent decides which media streams to use STUN SIP • The confirmation is done by sending a STUN request on the winning stream, with a flag set to indicate that this will be used • This cancels further ICE processing ICE Controlled agent • In most call setups, the CALLER is the controller © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 10. ICE Re-invite? ICE Controlling agent • If the selected candidates do not match SIP the address in the C and M= lines in the STUN SDP, a reinivite with a new SDP offer RTP SIP should be sent • At any point during the call, ICE can be restarted by anyone sending a re-INVITE with a new offer ICE Controlled agent © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 11. ICE ICE Lite for hosts with public IP ICE full SIP • Doesn’t send a list of candidates STUN • Doesn’t send STUN requests SIP • Answers to STUN requests • The full agent is the controlling party and selects media IP pair ICE lite on media server with public IP © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 12. ICE Producing an offer • 1. Gather candidates HOST 192.168.40.23 Server Reflexive • 2. Prioritize them 192.0.2.34:48712 • 3. Eliminate redundant candidates From STUN response Relayed • 4. Choose default candidates 198.51.100.23:52124 • 5. Formulate the SDP offer TURN allocation © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 13. ICE Typical configuration PC Host address (Wifi) 192.168.0.23:6001 Host address (VPN) 10.7.17.123:6001 Reflexive address (Turn) 123.123.123.123:2343 Relay address (Turn) 123.123.123.127:7080 Four candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 14. ICE Dual stack PC 192.168.0.23:6001 Host address (Wifi) IPv6 Link local, GLOBAL Host address (VPN) 10.7.17.123:6001 IPv6 VPN Reflexive address (Turn) 123.123.123.123:2343 Relay address (Turn) 123.123.123.127:7080 Seven candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 15. ICE Single stack IPv6 PC Host address (Wifi) IPv6 Link local, ULA, GLOBAL Host address (VPN) IPv6 VPN Reflexive address (Turn) Relay address (Turn) 123.123.123.127:7080 Five candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 16. ICE INVITE and ICE INVITE with SDP Alice Bob 200 OK with SDP STUN request STUN response STUN request STUN response STUN request + selected flag STUN response Media starts © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 17. ICE ICE and PRACK • Using ICE; there’s a need to start selection and media a.s.a.p. • If SDP answer is in 183, it has to be sent reliably in order to not miss the oppurtunity to start the ICE selection process • Using PRACK is one way. Another solution is to retransmit the 18x message with SDP until a STUN Bind request is received. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 18. ICE 18x+sdp speeds up the process • With a 18x-response with SDP, the ICE selection process starts before the user answers. He/She may not answer at all - but it does help the user experience to have media ready when the user answers. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 19. ICE STUN success • Verification of the response: • The response must be addressed to our sender’s IP and port • The response must be sent from our destination IP and port • The credentials must be correct • Otherwise STUN FAILS © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 20. ICE ICE failure • If there are no selected ICE candidate pairs in any media stream, then the controlling agent needs to terminate the dialog • If there are at least one successful stream, the dialog continues. Failed streams should be disabled in a new offer © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 21. ICE ICE SDP using STUN v=0 o=jdoe 2890844526 2890842807 IN IP4 10.0.1.1 s= c=IN IP4 192.0.2.3 The UA suggests using the STUN address t=0 0 a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-ufrag:8hhY m=audio 45664 RTP/AVP 0 b=RS:0 b=RR:0 a=rtpmap:0 PCMU/8000 a=candidate:1 1 UDP 2130706431 10.0.1.1 8998 typ host a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 10.0.1.1 rport 8998 © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 22. ICE Two selection processes Aggressive Regular • Faster conclusion • Slower • May find low-latency media path An implementation could set up the call with aggressive nomination procedures, then re-invite and restart ICE with regular selection to find the best media path. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 23. ICE Aggressive ICE Alice Bob STUN request + selected flag STUN response STUN request STUN response The controller does not wait. The first request that reaches Bob is selected. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 24. ICE Regular ICE nomination Alice Bob STUN request STUN response STUN request STUN response STUN request + selected flag STUN response The controller waits for results until making a selection © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 25. ICE ICE delay • If there are many candidates and media streams, a noticeable delay will happen after user ”answers” the call until media starts flowing • With a b2bua in the call path that use ICE, this will happen twice in the same call, which is not good • b2bua could speed up process by sending 183 with a=inactive then re-inviting quickly after 200 OK with a=sendrecv. This restarts ICE, but media is flowing. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 26. ICE ICE changes to STUN • ICE added new request Attributes types and a new attribute • Adding a new response ICE Priority • Stun username is peer Use-Candidate username plus local username separated by : Ice-Controlling • Username and password are random per session Ice-Controlled • Controller sends local username and password in the SDP © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 27. ICE RTP keepalives • Activates after 15 secs of no RTP • All agents MUST send NAT keepalives in every media stream • STUN binding requests if the other side supports ice • otherwise RTP no-op, RTP CNG or RTP with incorrect version number (just dropped) © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 28. ICE IPv4 and IPv6 • Candidates for both address families can be presented • Priority may be discussed, relates to O/S configuration (RFC 6724) © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 29. ICE New SDP attributes a=candidate a=ice-ufrag a=remote-candidates a=ice-passwd a=ice-lite a=ice-options a=ice-mismatch © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 30. ICE ICE • Finds the best media path • Takes time at call between two nodes setup • Supports IPv4 and IPv6 • Hard for b2bua’s to deployments support • Binds SIP+SDP to actual • Complex for media developers • Used by Microsoft, Apple (FaceTime), Google + - Hangouts © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  • 31. This material is part of the Edvina Learn more about SIP Master Classes SIP2012 at http://edvina.net/sip2012 © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d . The SIP Master Class

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n