[Jingle] ICE: STUN and leap of faith, at the same time

Justin Uberti juberti at google.com
Fri May 29 00:02:31 CDT 2009


Agreed. In a sense this is just a form of port prediction, which already has
been shown to be useful.

2009/5/28 Olivier Crête <olivier.crete at collabora.co.uk>

> On Wed, 2009-05-27 at 22:12 -0700, Justin Karneges wrote:
> > A user in the Psi room tried to convince me that the client should not
> use
> > STUN to determine the external source port.  Instead, the external source
> > port should be assumed to be the same as the internal source port.  This
> > assumption might allow the client to work even behind a STUN-incompatible
> > NAT, as long as the NAT is the kind that tends to use the same external
> port
> > as the internal.  You could call this a "leap of faith" approach.
> >
> > The leap of faith approach does work.  In fact, it is possible to
> configure
> > Psi one way or the other (use STUN, or use leap of faith), and with some
> NATs
> > I can only get success with leap of faith.  In Psi, this configuration is
> > currently subpar for two reasons: 1) you have to explicitly specify your
> > external IP address, and 2) you can't use STUN at the same time.
> >
> > After the discussion with this user, it occurred to me: why not support
> both
> > mechanisms simultaneously, and use STUN to obtain the external address to
> be
> > used for leap of faith?  The process would go like this:
> >
> >   1) bind local port X
> >   2) contact stun server from port X, to obtain reflexive address SA,
> port SX
> >   3) bind local port Y
> >   4) result is two srflx candidates: SA:SX, SA:Y, using different
> priorities
> >
> > The approach is complex, because then you have two local ports to manage.
>  But
> > as far as I can tell, it shouldn't break the protocol, and the potential
> to
> > support even more NATs without needing TURN may make it worth
> implementing.
> >
> > What do others think?
>
> I tend to think that having more candidates is always better as long as
> you rank them correctly.
>
> That said, in this case, maybe using UPnP or NAT-PMP may be an easier
> path.
>
> --
> Olivier Crête
> olivier.crete at collabora.co.uk
> Collabora Ltd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jingle/attachments/20090528/222c73b2/attachment.htm>


More information about the Jingle mailing list