[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] PING/PONG

To: Charles Eckel <eckelcu at cisco.com>
Subject: Re: [Sip] PING/PONG
From: Jonathan Rosenberg <jdrosen at cisco.com>
Date: Mon, 22 Nov 2004 02:05:34 -0500
Cc: sip at ietf.org, Christian Stredicke <Christian.Stredicke at snom.de>, Steve Langstaff <steve.langstaff at citel.com>
In-reply-to: <419E2663.6000409@cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <CD9775120D600F43B9C50329395E9DB64F321F@ivor.citel.com> <419E2663.6000409@cisco.com>
Sender: sip-bounces at ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3) Gecko/20040910

I think there may be some confusion here about how this works.

The STUN server is a logical function that *must* run on the same IP and port as the SIP server. In other words, if I have a proxy, and it is listening for SIP messages on 1.2.3.4:5060, then it would also be able to process STUN requests on 1.2.3.4:5060. A response to a stun request sent to that IP/port would get sent from that same port.

Thus, there is no separate stun server here. The stun functionality is co-resident with the sip proxy; this is necessary to make sure that the proxy knows that the client is still there, to allow the client to know that the proxy is still there, and lastly, to ensure that the keepalives refresh the nat bindings in a way that allow the client to continue to reach the SIP proxy server and vice-a-versa. Since the keepalives are sent to the same place where the signaling traffic goes/comes from, the keepalives work even with symmetric nat.

-Jonathan R.

Charles Eckel wrote:

The problem is that if you leave it entirely at the STUN level you are just ensuring that STUN server will be able to reach the STUN clients all times. However, what you really need is for the SIP proxy to be able to reach its SIP clients at all times. If the STUN server and proxy server are both listening and sending from the same port, you are fine using STUN by itself; otherwise, you need to do something else.
Cheers,
Charles
Steve Langstaff wrote:
Sorry, I didn't realise the scope of this discussion was client-to-proxy - that's where my confusion lay.

A further question from my (simplistic) viewpoint... If this issue is/could be generic to all STUNned traffic (not just sip+stun), would it not be better to push the problem down into the STUN 'layer' and let the STUN client and server sort out keeping the NAT bindings alive? I'm guessing that the SIP client already 'knows' it has to use STUN to reach the proxy, and so could ask it's STUN client to keep the binding(s) alive as appropriate.
--
Steve Langstaff.
-----Original Message-----
From: Jonathan Rosenberg [mailto:jdrosen at cisco.com]
Sent: 18 November 2004 04:46
To: Steve Langstaff
Cc: Christian Stredicke; sip at ietf.org
Subject: Re: [Sip] PING/PONG
There isn't a UAS involved here; these requests go from the client (UAC)
to its proxy.
How the proxy indicates to the UAC that it is capable of processing
these keepalives is a good question. My first thought is that this would
be something in DNS; a new service in the NAPTR record for indicating
the sip+stun combination.
-Jonathan R.
Steve Langstaff wrote:
> Should point 2 read "The user agent server indicates if it can respond to client refresh requests"? > > -- > Steve Langstaff. > > > -----Original Message----- > From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org]On Behalf Of > Jonathan Rosenberg > Sent: 17 November 2004 16:40 > To: Christian Stredicke > Cc: sip at ietf.org > Subject: Re: [Sip] PING/PONG > > > > > Christian Stredicke wrote: > > >>So my understanding is: >> >>1. We should use *only* STUN for refreshing bindings (either UDP or TCP, >>what about TLS) > > > Yes, TLS too. TLS runs ontop of TCP after all. > > >>2. The user agent indicates if it can do it (no negotiation on >>capabilities) >> >>3. Refreshing must be done from the client >> >>Can we agree on that? > > > Yes. > > Server originating refreshing is in the wrong direction. It is the > client utilizing the service; if it wishes to make use of that service, > it has to be responsible for refreshing the connection. > > -Jonathan R. >
--
Jonathan D. Rosenberg, Ph.D.                   600 Lanidex Plaza
Director, Service Provider VoIP Architecture   Parsippany, NJ 07054-2711
Cisco Systems
jdrosen at cisco.com                              FAX:   (973) 952-5050
http://www.jdrosen.net                         PHONE: (973) 952-5000
http://www.cisco.com
_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip


--
Jonathan D. Rosenberg, Ph.D.                   600 Lanidex Plaza
Director, Service Provider VoIP Architecture   Parsippany, NJ 07054-2711
Cisco Systems
jdrosen at cisco.com                              FAX:   (973) 952-5050
http://www.jdrosen.net                         PHONE: (973) 952-5000
http://www.cisco.com

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- RE: [Sip] PING/PONG
  - From: Steve Langstaff
- Re: [Sip] PING/PONG
  - From: Charles Eckel

Prev by Date: Re: [Sip] PING/PONG
Next by Date: [Sip] Call Pickup
Previous by thread: Re: [Sip] PING/PONG
Next by thread: Re: [Sip] PING/PONG
Index(es):
- Date
- Thread