speermint-5----Page:14
1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17 


FW-B-2
Solution B: Tell Firewall (slide 2)

Alice


Bob

FW-B-1

FW-A
Bob's Call Controller
Alice's Call Controller
Alice’s Policy Server
Bob’s Policy Server
183 or 200 From: Bob To: Alice IP=Z, UDP=z, Token=B1
13
17
14
15

16

19
STUN Response
FW-B-2 needs no external authorization check because the same STUN transaction-id and (flipped) 5-tuple are in STUN Request and Response
FW-B-3
FW-B-4
FW-B-3 and FW-B-4 time out the STUN transaction-id aggressively (5-10 seconds)
informational
PPT Version