Providing End-to-End Connectivity to SIP User Agents Behind NATs

The widespread diffusion of private networks in SOHO scenarios is fostering an increased deployment of Network Address Translators (NATs). The presence of NATs seriously limits end-to-end connectivity and prevents protocols like the Session Initiation Protocol (SIP) from working properly. This document shows how the Address List Extension (ALEX), which was originally developed to provide dual-stack and multi-homing support to SIP, can be used, with minor modifications, to ensure end-to-end connectivity for both media and signaling flows, without relying on intermediate relay nodes whenever it is possibl

Host Identity Protocol-based Network Address Translator traversal in peer-to-peer environments

Osoitteenmuuntajat aiheuttavat ongelmia vertaisverkkojen yhteyksien luomiselle. Myös koneen identiteetti protokolla (HIP) kärsii osoitteenmuuntajien aiheuttamista ongelmista, mutta sopivilla laajennuksilla sitä voidaan käyttää yleisenä osoitteenmuuntajien läpäisymenetelmänä. Interaktiivinen yhteyden luominen (ICE) on tehokas osoitteenmuuntajien läpäisymenetelmä, joka toimii monissa erilaisissa tilanteissa. Tämän diplomityön tavoitteena on mahdollistaa HIP-pohjainen osoitteenmuuntajien läpäisy käyttämällä ICE-menetelmää, ja arvioida menetelmän toimivuutta implementoinnin ja mittausten avulla. Implementoimme ICE-prototyypin ja testasimme sitä eri tyyppisten osoitteenmuuntajien kanssa. Käytimme mittauksissa verkkoa, jossa kaksi isäntäkonetta olivat eri aliverkoissa, ja suoritimme ICE-yhteystestejä näiden koneiden välillä. Mittasimme testeissä lähetettyjen viestien ja tavujen määrän sekä käytetyn ajan. Mittaustulosten perusteella laskimme myös arvion ICE:n ja HIP:in aiheuttamalle ylimääräisten viestien ja ajankäytön määrälle. ICE onnistui luomaan yhteyden kaikissa testaamissamme tilanteissa, mutta käytti välillä enemmän viestejä ja aikaa kuin olisi tarpeen. Selvitimme työssä syyt ylimääräisille viesteille ja esitimme keinoja viestien määrän vähentämiselle. Saimme myös selville, että suuressa osassa tilanteista 4-5 yhteystestiviestiä riittää yhteyden luomiseksi, mutta tietynlaista osoitteenmuunnosta käyttävät osoitteenmuuntajat voivat helposti tuplata viestien määrän. Joka tapauksessa, yhteystestien luomat liikennemäärät ovat vähäisiä, ja käyttämällä lyhyempiä ajastinaikoja kuin mitä ICE spesifikaatio ehdottaa, voidaan ICE:n tehokkuutta kasvattaa merkittävästi. Käyttämällä HIP:iä ICE:n kanssa vertaisverkko-ohjelmat voivat saada käyttöönsä tehokkaan osoitteenmuuntajien läpäisymenetelmän, joka tukee myös yhteyden turvaominaisuuksia, mobiliteettia, sekä useita yhtäaikaisia verkkoliitäntöjä.Network Address Translators (NATs) cause problems when peer-to-peer (P2P) connections are created between hosts. Also the Host Identity Protocol (HIP) has problems traversing NATs but, with suitable extensions, it can be used as a generic NAT traversal solution. The Interactive Connectivity Establishment (ICE) is a robust NAT traversal mechanism that can enable connectivity in various NAT scenarios. The goal of this thesis is to enable HIP-based NAT traversal using ICE and to evaluate the applicability of the approach by implementation and measurements. We implemented an ICE prototype and tested it with different types of NATs. We used a network where two hosts were in different subnets and run ICE connectivity checks between them. The amount of messages and bytes sent during the process, and also how long the process took, was measured and analyzed. Based on the measurements, we calculated the overhead of using HIP with ICE for NAT traversal. ICE was able to create a connection in all the scenarios, but sometimes using more messages and longer time than expected or necessary. We found reasons why too many messages are exchanged and presented solutions on how some of these redundant messages could be avoided. We also found out that while 4-5 connectivity check messages are enough in many scenarios, NATs with specific address mapping behavior can easily double the amount of needed checks. Still, the generated traffic bitrate is modest, and using shorter timeout values than what the ICE specification suggests can have a significant positive impact on performance. By using HIP with ICE, P2P programs can get an efficient NAT traversal solution that additionally supports security, mobility and multihoming

Distributed connectivity service for a SIP infrastructure

Because of the constant reduction of available public network addresses and the necessity to secure networks, middleboxes such as network address translators and firewalls have become quite common. Because they are designed around the client-server paradigm, they break connectivity when protocols based on different paradigms are used (e.g., VoIP or P2P applications). Centralized solutions for middlebox traversal are not an optimal choice because they introduce bottlenecks and single point-of-failures. To overcome these issues, this article presents a distributed connectivity service solution that integrates relay functionality directly in user nodes. Although the article focuses on applications using the Session Initialization Protocol, the proposed solution is general and can be extended to other application scenario

Real-Time WebRTC based Mobile Surveillance System

The rapid growth that has taken place in Computer Vision has been instrumental in driving the advancement of Image processing techniques and drawing inferences from them. Combined with the enormous capabilities that Deep Neural networks bring to the table, computers can be efficiently trained to automate the tasks and yield accurate and robust results quickly thus optimizing the process. Technological growth has enabled us to bring such computationally intensive tasks to lighter and lower-end mobile devices thus opening up a wide range of possibilities. WebRTC-the open-source web standard enables us to send multimedia-based data from peer to peer paving the way for Real-time Communication over the Web. With this project, we aim to build on one such opportunity that can enable us to perform custom object detection through an android based application installed on our mobile phones. Therefore, our problem statement is to be able to capture real-time feeds, perform custom object detection, generate inference results, and appropriately send intruder alerts when needed. To implement this, we propose a mobile-based over-the-cloud solution that can capitalize on the enormous and encouraging features of the YOLO algorithm and incorporate the functionalities of OpenCV’s DNN module for providing us with fast and correct inferences.  Coupled with a good and intuitive UI, we can ensure ease of use of our application

NATCracker: NAT Combinations Matter

In this paper, we report our experience in working with Network Address Translators (NATs). Traditionally, there were only 4 types of NATs. For each type, the (im)possibility of traversal is well-known. Recently, the NAT community has provided a deeper dissection of NAT behaviors resulting into at least 27 types and documented the (im)possibility of traversal for some types. There are, however, two fundamental issues that were not previously tackled by the community. First, given the more elaborate set of behaviors, it is incorrect to reason about traversing a single NAT, instead combinations must be considered and we have not found any study that comprehensively states, for every possible combination, whether direct connectivity with no relay is feasible. Such a statement is the first outcome of the paper. Second, there is a serious need for some kind of formalism to reason about NATs which is a second outcome of this paper. The results were obtained using our own scheme which is an augmentation of currently-known traversal methods. The scheme is validated by reasoning using our formalism, simulation and implementation in a real P2P network

Study on Large-scale Terrestrial Relaying of Satellite Broadcasted Real-time Multimedia Streams

none2The chapter describes an architecture to relay on demand a real-time IP multicast audio-video stream broadcasted by a satellite on a terrestrial link. The stream is received by suitably equipped sites and then relayed to other sites that are not equipped with satellite receiving hardware but are nonetheless willing to receive the stream. By exploiting the properties of satellite transmission and adopting a hybrid satellite/terrestrial, multicast/unicast approach, the described architecture allows to overcome the restrictions suffered by multicast traffic in the global Internet, allowing it to scale easily across autonomous systems. All things considered, the proposed architecture outlines a large-scale interactive audio-video distribution system similar to those based on Content Distribution Networks (CDNs) and it compares favourably with them when performances, costs and scalability are examined.openFranco Tommasi; Catiuscia MelleTommasi, Francesco; Melle, Catiusci