365 research outputs found

    Multiplexing scheme updates for QUIC

    Get PDF
    RFC 7983 defines a scheme for a Real-time Transport Protocol (RTP) receiver to demultiplex Datagram Transport Layer Security (DTLS), Session Traversal Utilities for NAT (STUN), Secure Real-time Transport Protocol (SRTP) / Secure Real-time Transport Control Protocol (SRTCP), ZRTP, and Traversal Using Relays around NAT (TURN) channel packets arriving on a single port. This document updates RFC 7983 and RFC 5764 to also allow QUIC packets to be multiplexed on a single receiving socket

    Network Address Translator Traversal for the Peer-to-Peer Session Initiation Protocol on Mobile Phones

    Get PDF
    Osoitteenmuuntajat sallivat useiden isäntäkoneiden jakavan yhden tai useamman IP osoitteen. Päätös käyttää osoitteenmuuntajia yhtenä ratkaisuna IP osoitteiden ehtymiseen, on myöhemmin tuonut mukanaan lisähaasteita; osoitteenmuuntajat ovat erityisen ongelmallisia vertaisyhteyksille. ICE (Interactive Connectivity Establishment) on osoitteenmuuntajien läpäisymenetelmä, joka auttaa vertaiskoneita luomaan suoran polun osoitteenmuuntajien läsnä ollessa. ICE perustuu suurilta osin STUN (Session Traversal Utilities for NAT) ja TURN (Traversal Using Relays around NAT) -protokolliin. Nykyään vertaissovellukset ovat levinneet matkapuhelimiin, joilla voi myös olla osoitemuutettu osoite. Matkapuhelinten rajoitukset tietäen, on kiinnostavaa tietää osoitteenmuuntajien läpäisymenetelmien soveltuvuus matkapuhelimille P2PSIP:n (Peer-to-Peer Session Initiation Protocol) yhteydessä. SIP:iä käytettiin kommunikointi-istuntojen hallintaan vertaiskoneiden välillä. Toteutimme ICE-prototyypin mitataksemme STUN tai TURN asiakkaana tai palvelimena toimivan matkapuhelimen suorituskykyä huomioiden keskusyksikön kuorman, muistinkäytön, pakettien pudotusmäärän ja akun kulutuksen. Lisäksi työssä tutkittiin ICE:n vaikutusta P2PSIP:n viiveisiin. TURN välityspalvelimen käytön haittapuoli on kasvanut viive ja STUN koteloinnista johtuvat ylimääräiset tavut. Puhelimessa toimivan TURN palvelimen tulee rajoittaa asiakkaiden määrä sekä millaista dataa se voi välittää. Puhelin toimii hyvin STUN palvelimena, etenkin jos yhteyden ylläpitoviestit voidaan jättää huomiotta. Puhelimet voivat toimia osana P2PSIP-verkkoa myös osoitteenmuuntajien läsnä ollessa. On kuitenkin suotavaa, että osoitteenmuuntajat käyttäisivät osoite- ja porttiriippumatonta kuvausta, koska silloin välitystä ei tarvita.Network Address Translators (NATs) allow multiple hosts to share one or more IP addresses. The initial decision to use NATs as one of the solutions to Internet Protocol (IP) address depletion, has later induced further challenges; NATs are specially problematic in connection with peer-to-peer (P2P) communication. Interactive Connectivity Establishment (ICE) is a NAT traversal mechanism that helps peers in creating a direct path in the presence of NATs. ICE largely relies upon utilizing the mechanisms of Session Traversal Utilities for NAT (STUN) and Traversal Using Relays around NAT (TURN) protocols. Nowadays P2P applications are speading to mobile phones that can also have a NATed address. Knowing the constraints of mobile phones, we were interested in the applicability of NAT traversal mechanisms for mobile phones in the context of Peer-to-Peer Session Initiation Protocol (P2PSIP). SIP was used for controlling communication sessions between the peers. We implemented an ICE prototype for measuring CPU load, memory consumption, packet drop rate and battery consumption of a mobile phone acting as a STUN or TURN client or server. Additionally, we measured the impact of ICE on delays in P2PSIP. The downside of relaying messages via a TURN server is the increase in delay and the increased overhead due to STUN encapsulation. A TURN server running on a mobile phone has to limit the number of allocations and the type of data being transmitted through it. A mobile phone works well as STUN server, especially if keepalives can simply be ignored. Mobile phones can act as P2PSIP peers and TURN servers, even in the presence of NATs, however, it is preferable to have NATs using address and port-independent mapping, since then no relaying is needed. [

    Providing End-to-End Connectivity to SIP User Agents Behind NATs

    Get PDF
    The widespread diffusion of private networks in SOHO scenarios is fostering an increased deployment of Network Address Translators (NATs). The presence of NATs seriously limits end-to-end connectivity and prevents protocols like the Session Initiation Protocol (SIP) from working properly. This document shows how the Address List Extension (ALEX), which was originally developed to provide dual-stack and multi-homing support to SIP, can be used, with minor modifications, to ensure end-to-end connectivity for both media and signaling flows, without relying on intermediate relay nodes whenever it is possibl

    Peer-to-Peer Secure Updates for Heterogeneous Edge Devices

    Get PDF
    We consider the problem of securely distributing software updates to large scale clusters of heterogeneous edge compute nodes. Such nodes are needed to support the Internet of Things and low-latency edge compute scenarios, but are difficult to manage and update because they exist at the edge of the network behind NATs and firewalls that limit connectivity, or because they are mobile and have intermittent network access. We present a prototype secure update architecture for these devices that uses the combination of peer-to-peer protocols and automated NAT traversal techniques. This demonstrates that edge devices can be managed in an environment subject to partial or intermittent network connectivity, where there is not necessarily direct access from a management node to the devices being updated

    PENANGGULANGAN PROTOKOL SIP YANG TIDAK MENJANGKAU CLIENT DI BELAKANG NAT MENGGUNAKAN SERVER ELASTIX

    Get PDF
    Protokol SIP (session initiated protocol) merupakan protokol signalling yang digunakan untuk media pertukaran data secara real-time pada layanan internet seperti VoIP(Voice over IP). Protokol ini menggunakan identitas dari perangkat berupa IP (internet protokol) untuk menentukan jalur-jalur yang akan digunakan oleh tiap pengguna agar dapat saling berkomunikasi. Namun, terdapat permasalahan pada protokol SIP yang menyertakan alamat IP pada payloads pada paket signalling yang dikirim, sehingga tidak dapat menjangkau client pada sebuah LAN (Local Area Network) yang berada di belakang NAT (Network Address Translation) saat dirutekan pada jaringan publik. Hal ini menyebabkan komunikasi bersifat real-time seperti VoIP tidak dapat digunakan. Pada proyek akhir ini akan dilakukan sebuah simulasi perancangan yang mengatasi hal tersebut. Yaitu dengan menggunakan server Elastix dan softphone Linphone yang mendukung protokol STUN (Session Traversal Utilities for NAT) dan pada server ditambahkan informasi TRUNK. STUN mengikat pengguna dengan IP publik yang mereka gunakan dan memetakan alamat IP milik mereka. Disisi lain TRUNK berfungsi untuk mengetahui informasi mengenai IP publik server tetangga dimana pengguna lain berada. Dengan hal ini, tiap pengguna dapat saling berkomunikasi meskipun berada di belakang NAT. Dalam pengerjaan proyek akhir ini didapatkan bahwa dengan menggunakan server Elasitx dan softphone Linphone yang mendukung mekanisme STUN dan TRUNK, komunikasi VoIP seperti voice, conference call, dan video call dapat digunakan. Untuk QoS(Quality of Service) dengan parameter delay, jitter, packet loss dan nilai MOS, didapatkan hasil yang sangat baik untuk voice call dan baik untuk video call. Hal ini dilihat dari delay voice call yang didapatkan dari 10 panggilan yaitu sebesar 19,97 ms, jitter yang didapatkan sebesar 2,2 ms, packet loss yang didapat yaitu 0% dan nilai MOS sebesar 4,4. Untuk video call delay yang didapatkan dari 5 panggilan yaitu sebesar 19,97 ms, jitter sebesar 3,7 ms, packet loss yang didapat yaitu 0% dan nilai MOS sebesar 4,1. Kata Kunci: VoIP, SIP, NAT, STUN, TRUN

    Supporting NAT traversal and secure communications in a protocol implementation framework

    Get PDF
    Dissertação apresentada na Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa para obtenção do Grau de Mestre em Engenharia Electrotécnica e de ComputadoresThe DOORS framework is a versatile, lightweight message-based framework developed in ANSI C++. It builds upon research experience and subsequent knowledge garnered from the use and development of CVOPS and OVOPS, two well known protocol development frameworks that have obtained widespread acceptance and use in both the Finnish industry and academia. It conceptually resides between the operating system and the application, and provides a uniform development environment shielding the developer from operating system speci c issues. It can be used for developing network services, ranging from simple socket-based systems, to protocol implementations, to CORBA-based applications and object-based gateways. Originally, DOORS was conceived as a natural extension from the OVOPS framework to support generic event-based, distributed and client-server network applications. However, DOORS since then has evolved as a platform-level middleware solution for researching the provision of converged services to both packet-based and telecommunications networks, enterprise-level integration and interoperability in future networks, as well as studying application development, multi-casting and service discovery protocols in heterogeneous IPv6 networks. In this thesis, two aspects of development work with DOORS take place. The rst is the investigation of the Network Address Translation (NAT) traversal problem to give support to applications in the DOORS framework that are residing in private IP networks to interwork with those in public IP networks. For this matter this rst part focuses on the development of a client in the DOORS framework for the Session Traversal Utilities for NAT (STUN) protocol, to be used for IP communications behind a NAT. The second aspect involves secure communications. Application protocols in communication networks are easily intercepted and need security in various layers. For this matter the second part focuses on the investigation and development of a technique in the DOORS framework to support the Transport Layer Security (TLS) protocol, giving the ability to application protocols to rely on secure transport layer services

    A WebRTC Video Chat Implementation Within the Yioop Search Engine

    Get PDF
    Web real-time communication (abbreviated as WebRTC) is one of the latest Web application technologies that allows voice, video, and data to work collectively in a browser without a need for third-party plugins or proprietary software installation. When two browsers from different locations communicate with each other, they must know how to locate each other, bypass security and firewall protections, and transmit all multimedia communications in real time. This project not only illustrates how WebRTC technology works but also walks through a real example of video chat-style application. The application communicates between two remote users using WebSocket and the data encryption algorithm specified in WebRTC technology. This project concludes with a description of the WebRTC video chat application’s implementation in Yioop.com, a PHP-based internet search engine
    corecore