[Jingle] ICE: STUN and leap of faith, at the same time

Olivier Crête olivier.crete at collabora.co.uk
Thu May 28 19:37:35 CDT 2009


On Wed, 2009-05-27 at 22:12 -0700, Justin Karneges wrote:
> A user in the Psi room tried to convince me that the client should not use 
> STUN to determine the external source port.  Instead, the external source 
> port should be assumed to be the same as the internal source port.  This 
> assumption might allow the client to work even behind a STUN-incompatible 
> NAT, as long as the NAT is the kind that tends to use the same external port 
> as the internal.  You could call this a "leap of faith" approach.
> 
> The leap of faith approach does work.  In fact, it is possible to configure 
> Psi one way or the other (use STUN, or use leap of faith), and with some NATs 
> I can only get success with leap of faith.  In Psi, this configuration is 
> currently subpar for two reasons: 1) you have to explicitly specify your 
> external IP address, and 2) you can't use STUN at the same time.
> 
> After the discussion with this user, it occurred to me: why not support both 
> mechanisms simultaneously, and use STUN to obtain the external address to be 
> used for leap of faith?  The process would go like this:
> 
>   1) bind local port X
>   2) contact stun server from port X, to obtain reflexive address SA, port SX
>   3) bind local port Y
>   4) result is two srflx candidates: SA:SX, SA:Y, using different priorities
> 
> The approach is complex, because then you have two local ports to manage.  But 
> as far as I can tell, it shouldn't break the protocol, and the potential to 
> support even more NATs without needing TURN may make it worth implementing.
> 
> What do others think?

I tend to think that having more candidates is always better as long as
you rank them correctly.

That said, in this case, maybe using UPnP or NAT-PMP may be an easier
path.

-- 
Olivier Crête
olivier.crete at collabora.co.uk
Collabora Ltd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/jingle/attachments/20090528/074e30f9/attachment.pgp>


More information about the Jingle mailing list