[Jingle] ICE: STUN and leap of faith, at the same time

Justin Karneges justin at affinix.com
Thu May 28 00:12:48 CDT 2009


A user in the Psi room tried to convince me that the client should not use 
STUN to determine the external source port.  Instead, the external source 
port should be assumed to be the same as the internal source port.  This 
assumption might allow the client to work even behind a STUN-incompatible 
NAT, as long as the NAT is the kind that tends to use the same external port 
as the internal.  You could call this a "leap of faith" approach.

The leap of faith approach does work.  In fact, it is possible to configure 
Psi one way or the other (use STUN, or use leap of faith), and with some NATs 
I can only get success with leap of faith.  In Psi, this configuration is 
currently subpar for two reasons: 1) you have to explicitly specify your 
external IP address, and 2) you can't use STUN at the same time.

After the discussion with this user, it occurred to me: why not support both 
mechanisms simultaneously, and use STUN to obtain the external address to be 
used for leap of faith?  The process would go like this:

  1) bind local port X
  2) contact stun server from port X, to obtain reflexive address SA, port SX
  3) bind local port Y
  4) result is two srflx candidates: SA:SX, SA:Y, using different priorities

The approach is complex, because then you have two local ports to manage.  But 
as far as I can tell, it shouldn't break the protocol, and the potential to 
support even more NATs without needing TURN may make it worth implementing.

What do others think?

-Justin


More information about the Jingle mailing list