[Jingle] ICE: STUN and leap of faith, at the same time
Justin Karneges
justin at affinix.com
Thu May 28 00:12:48 CDT 2009
A user in the Psi room tried to convince me that the client should not use
STUN to determine the external source port. Instead, the external source
port should be assumed to be the same as the internal source port. This
assumption might allow the client to work even behind a STUN-incompatible
NAT, as long as the NAT is the kind that tends to use the same external port
as the internal. You could call this a "leap of faith" approach.
The leap of faith approach does work. In fact, it is possible to configure
Psi one way or the other (use STUN, or use leap of faith), and with some NATs
I can only get success with leap of faith. In Psi, this configuration is
currently subpar for two reasons: 1) you have to explicitly specify your
external IP address, and 2) you can't use STUN at the same time.
After the discussion with this user, it occurred to me: why not support both
mechanisms simultaneously, and use STUN to obtain the external address to be
used for leap of faith? The process would go like this:
1) bind local port X
2) contact stun server from port X, to obtain reflexive address SA, port SX
3) bind local port Y
4) result is two srflx candidates: SA:SX, SA:Y, using different priorities
The approach is complex, because then you have two local ports to manage. But
as far as I can tell, it shouldn't break the protocol, and the potential to
support even more NATs without needing TURN may make it worth implementing.
What do others think?
-Justin
More information about the Jingle
mailing list