[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MMUSIC] Question on Forming Candidate Pairs in ICE-17

To: "Zingerle, Meinrad" <meinrad.zingerle at siemens.com>
Subject: Re: [MMUSIC] Question on Forming Candidate Pairs in ICE-17
From: Jonathan Rosenberg <jdrosen at cisco.com>
Date: Mon, 20 Aug 2007 17:55:24 -0400
Authentication-results: sj-dkim-1; header.From=jdrosen@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: mmusic at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2483; t=1187646910; x=1188510910; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jdrosen@cisco.com; z=From:=20Jonathan=20Rosenberg=20<jdrosen@cisco.com> |Subject:=20Re=3A=20[MMUSIC]=20Question=20on=20Forming=20Candidate=20Pair s=20in=20ICE-17 |Sender:=20; bh=waitr5eIh8Xu7B0Nr4xJMo2kXql5cK51b/Ob9gW41Kk=; b=MXJSckwnKquDKbrWlfW81FGMfR3mkF7eCgEQrY2kfpgBRaeUkHUdYFur5228eR00nhEmllp+ RCcMxgyOrvnOgemMpL6Y73/hq6MBCuJ61+tb6qmDhLoGEfjPGzqKhZT/arjvEh4AgqEts1MT7L lxygWnIbvibpg+tmC82Pkzmhk=;
In-reply-to: <9546CD0F7CC5EE48BCCE583AC4FC864D041D860B@nets13ha.ww300.siemens.net>
List-help: <mailto:mmusic-request@ietf.org?subject=help>
List-id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-post: <mailto:mmusic@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
References: <9546CD0F7CC5EE48BCCE583AC4FC864D041D860B@nets13ha.ww300.siemens.net>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

inline.

Zingerle, Meinrad wrote:

Hi Jonathan, probably I'm annoying you - but I need to address the topic of pairing a addresses of local scope with addresses global scope once again, this time with the focus on IPv4 addresses. Given the following candidates local remote 10.0.0.8 host 192.168.34.33 host 210.221.23.4 srflx 210.123.44.14 srflx 210.221.25.1 relayed As I've understood ICE-17, we would get the following candidate pairs: 10.0.0.8-192.168.34.33 10.0.0.8-210.123.44.14 210.221.23.4-210.123.44.14 210.221.25.1-192.168.34.33 (**) 210.221.25.1-210.123.44.14 My question now is, in what case it makes sense to piar a candidate of a private IP address (192.168.34.33 in this example) with one of a public IP address (210.221.25.1)? In my understanding, the connectivity checks for such pairs will always fail ...


Ahh. Were it so easy as that ;)

Never make assumptions. That is the cardinal rule of ICE. And you've made an assumption - that a private IP and public IP are never directly reachable from each other.

Turns out this isn't always true. I am aware of real, large scale enterprise IP network deployments that use private and public IP addresses internal to the enterprise, WITHOUT nat between them, and then NAT the entire internal enterprise into a small number of external public IP. In this case, calls between two hosts within the enterprise, would end up working when a check is sent from a private IP to a 'seemingly' public IP from the peer. Its not hard to imagine how something like an acquisition or network expansion could produce a deployment like this over time.


Note that RFC3330 states:
"192.168.0.0/16 - This block is set aside for use in private networks.
Its intended use is documented in [RFC1918]. Addresses within this
block should not appear on the public Internet."
The same is stated for the block 10.0.0.0/8

Right. But public addresses can be used within private networks, and that is what is happening in this case.

-Jonathan R.

--
Jonathan D. Rosenberg, Ph.D.                   600 Lanidex Plaza
Cisco Fellow                                   Parsippany, NJ 07054-2711
Cisco Systems
jdrosen at cisco.com                              FAX:   (973) 952-5050
http://www.jdrosen.net                         PHONE: (973) 952-5000
http://www.cisco.com

_______________________________________________
mmusic mailing list
mmusic at ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

References:
- [MMUSIC] Question on Forming Candidate Pairs in ICE-17
  - From: Zingerle, Meinrad

Prev by Date: Re: [MMUSIC] Adding a new candidate when ICE running
Next by Date: Re: [MMUSIC] ICE-17 minor fix
Previous by thread: [MMUSIC] Question on Forming Candidate Pairs in ICE-17
Next by thread: [MMUSIC] ICE and local preference
Index(es):
- Date
- Thread