A Measurement of NAT & Firewall Characteristics in Peer to Peer Systems
|
|
- Donald Hines
- 8 years ago
- Views:
Transcription
1 A Measurement of NAT & Firewall Characteristics in Peer to Peer Systems L. D Acunto, J.A. Pouwelse, and H.J. Sips Department of Computer Science Delft University of Technology, The Netherlands l.dacunto@tudelft.nl Keywords: P2P, NAT, firewall Abstract NATs and firewalls break the original model of IP end-to-end connectivity across the Internet, since their presence creates a new Internet architecture made of many private networks. This architecture, designed upon the client/server model, introduces complications in communication between hosts and has performance impacts, especially for P2P protocols, since hosts outside a private network are not able to initiate a connection to hosts inside that private network. In this paper we present a study of the current distribution and characteristics of the NATs and firewalls existing in the Internet, with respect to UDP communication. We believe that our study provides valuable insights for the development of P2P systems that intend to address the NAT/firewall issue effectively. 1 Introduction In the last years there has been a significant rise in the use and development of peer-to-peer (P2P) technology. Its scalability and robustness made this technology popular in a large spectrum of application domains, such as distributed file sharing [2, 3, 4], Internet telephony [5], live streaming and video on demand [15, 16]. A major obstacle encountered in P2P communication is the presence of Network Address Translators (NATs) and firewalls, because they can cause some peers not to be reachable at any globally routable IP address. Such devices are, in fact, becoming a default setting among home users, who often do not have the knowledge on how to configure them to allow P2P traffic. Nevertheless, many P2P algorithms do no take this into account in their design [14]. We believe that it is necessary for the P2P developers to be aware of the presence of NAT/firewall boxes, if they want to build effective systems. In the last decade, the Internet Engineering Task Force (IETF) has put some effort into investigating the impact of NATs and firewalls on Internet protocols and into promoting a set of requirements that those devices should meet in order to be P2P friendly [8, 11]. If NAT/firewall vendors comply with some standardized behaviour for their boxes, e.g. by following the advice in [11], it would then be possible to increase the performance of P2P applications and make them work also in hostile (NATted) environments. We believe that finding out how widespread NATs and firewalls in the Internet are, and if they (or how many of them) are P2P friendly, is a mandatory step for any solution aiming to address this problem. In order to do so, we have conducted an in-depth study of different NATs and firewalls existing in the Internet, by measuring our BitTorrent-based P2P system, Tribler [1]. In this paper we focus on the NAT/firewall behaviour with respect to UDP communication only and we do not investigate TCP at all. It has been shown that, since TCP is a stateful protocol, it is much more difficult to make it work through such devices [10]. To date, no elegant solution for P2P TCP-based communication through NATs/firewalls has been found. This paper is organized as follows. In Section 2 we give a brief description of how we characterize NAT/firewall devices as well as how their presence can be detected. In Section 3 we describe how the measurements were conducted and in Section 4 we show the results. Finally, in Section 5 we discuss related work and in Section 6 we present our conclusions. 2 NAT/firewall detection and characterization A Network Address Translator is a device that al-
2 lows multiple machines on a private network to communicate with the Internet using a single globally unique IP address [7, 13]. This is accomplished by modifying the network information (IP address and port) in the packets that transit through it. The way a given internal pair <IP address, port> is translated to a given external pair <IP address, port> is called address mapping policy. Though initially created as a temporary solution for alleviating the Ipv4 address shortage, the NAT technology is still in use and it will probably continue to be part of the Internet in the future. A firewall is a device (or set of devices) which inspects network traffic passing through it, and filters (i.e. denies or permits) the transmission based on a set of rules. NATs and firewalls break the end-to-end connectivity principle of the Internet, since they prevent the hosts they are protecting from receiving connections initiated from external hosts. This architecture is very suitable for client/server communication, in the typical case when the client is inside the private network and the server is outside and has a public address, but it is not suitable for P2P communication. To make things even more difficult, there is no standardized NAT/firewall behaviour. However, a classification of different kinds of NATs can be made according to a combination of address mapping policy and filtering behaviour for UDP traffic [13]: Full Cone NAT and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address. Restricted Cone NAT and port are mapped to the same external IP address and port. Unlike a Full Cone NAT, an external host (with IP address A) can send a packet to the internal host only if the internal host had previously sent a packet to IP address A. Port restricted cone NAT This behaves like a Restricted Cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address A and source port P, to the internal host only if the internal host had previously sent a packet to IP address A and port P. Symmetric NAT and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host. Since the address mapping policy for Symmetric NAT is endpoint dependent, it is very difficult to predict which external port will be used for which destination. This behaviour represents a big threat to P2P communication without adding any security benefit and is therefore strongly discouraged by the IETF [11]. In order to discover and classify the NAT/firewall devices, we used the Session Traversal Utilities for NATs (STUN) [13]. STUN is a lightweight protocol that allows applications to discover the presence and types of NATs and firewalls between them and the public Internet. In the case of a NAT, it also provides the ability for applications to determine the IP addresses allocated to them by the device. The protocol requires the assistance of some network servers (STUN servers) located on the public Internet. 3 Measurements Strategy Our study of the NATs and firewalls characteristics is based on measurements conducted on our P2P system, Tribler [1]. We have set up a number of central entities (servers and special superpeers) which, by interacting with the peers in the system, are able to gather the measurement data we need. This architecture is shown in Figure 1. A superpeer can periodically request a peer its network configuration (step 1 in Figure 1). The receipt of such a request activates the peer s NAT-check functionality. This functionality basically permits the peer to perform (step 2) a simple check of the NAT/firewall type (according to the classification in Section 2) and (step 3) of the duration of a given mapping in the NAT/firewall when not used for a while (i.e. after how long a mapping in a NAT/firewall expires if there is no communication going through). We call this value the NAT timeout. The NAT type check is done by using a simplified version of the STUN protocol and requires the assistance of some STUN servers, while the timeout check requires the assistance of a so-called timeout server. Finally, once all the data has been collected, the peer sends it back to the superpeer which made the request (step 4). 4 Results and Analysis In this section we present the results we obtained from our measurements in the period between 27/10/2008 and 25/11/2008, during which we collected data from a total of about 3500 unique peers.
3 Country USA NL ES UK IT CA FR DE Weight Open Internet Full Cone NAT Restricted Cone NAT Port Restricted Cone NAT Symmetric Cone NAT UDP Blocked Table 1: Distribution of peers connection type per country (percentage) STUN servers Finally, the results show that only a small percentage of peers is behind boxes that provide only firewall characteristics. Most of them either do not have any box installed or are located behind NAT boxes, which combine address translation and firewall filtering. 2: get NAT type 1: NAT check request Superpeer Log 4: NAT check reply Peer 3: get NAT timeout Figure 2: Distribution of peers connection type Timeout server Figure 1: Collecting measurement data The measurement results have been divided into three categories: connection type, geographical distribution and timeout. 4.1 Connection type The distribution of peers connection type is shown in Figure 2. We can observe that almost 90% of the peers is behind a NAT or a firewall. The Port Restricted Cone NAT appears to be the most popular (40%). Full Cone NATs is much less in use (12.5%) and the Restricted Cone NAT is almost absent (5%). There is also a consistent percentage of users (about 30%) behind a P2P unfriendly NAT (16% Symmetric NAT and 14% UDP Blocked). 4.2 Geographical distribution In order to analyze our results further, we used the publicly available database provided by MaxMind s GeoIP [6] to geo-locate the Tribler users involved in our measurements. By doing so, it is possible to compare different locations according to their weight (i.e. the percentage of users located in a given country over the total) and the connection characteristics of their users. Most of the results come from peers located in Europe or in North America. Table 1 shows the connection type distribution per country. The countries are listed according to their descending weight. Even if each country has a specific connection distribution, we can notice that the general trend is similar. For instance, the peers directly connected to the Internet are a minority (10-20%) and the Port Restricted Cone NAT appears to be the most popular everywhere (reaching peaks of 60% in France and Ger-
4 many), while the Restricted Cone NAT is quite uncommon (often below 10%). 4.3 Timeout We also measured the NAT timeout. This information is especially useful for tuning the frequency of keep-alive packets in NAT traversal techniques. Results are shown in Figure 3. We can observe that in most of the cases (62%) the timeout value is between 2min and 2.5min. Less than 10% is below 1min and around 25% is between 1 and 2 min. Finally, only a very small percentage (around 5%) of NATs have a timeout greater than 2.5min. This data shows that many NATs/firewalls are still not perfectly compliant with what is suggested by RFC 4787 [11] which recommends a timeout value of 5 min and requires it to be no less than 2 min (so to avoid too many keep-alive packets). All these findings suggest that there is no decrease of the employment of NAT/firewall boxes in the Internet. 6 Conclusions and Future Work In this paper we have shown that the number of NATted peers is very high and apparently increasing, affecting many countries to a similar extent. Moreover, we have analyzed the characteristics of the NATs/firewalls present in the Internet and found out that a consistent percentage of them has an unfriendly behaviour towards P2P communication. To the best of our knowledge, this is the first comprehensive study of the connection characteristics of P2P users with the specific purpose of checking whether, and to which extent, they cause problems to P2P protocols. We believe that our findings can be employed to design an effective mechanism for NAT traversal. For example, in the case of P2P friendly NATs and firewalls, it would be possible to employ the UDP hole punching mechanism [9] and tailor it on the specific characteristics of the peers NATs involved (i.e. type and timeout). Less efficient methods, like relaying [9], would then be needed only when there is no alternative (i.e. in the case of P2P unfriendly NATs and firewalls). References [1] Tribler, Figure 3: Frequency distribution of NAT timeout for UDP 5 Related work A 2007 study conducted by Xie et al. [15] on the CoolStreaming video streaming system found that 89% of its users are behind a NAT or a firewall. Their measurements are also in line with our observation that the firewalls are only a small percentage compared to NATs. However, they did not make any categorization of the NATs they encountered. Another recent study about a deployed P2P streaming system, PPLive [16], also found that the percentage of peers behind NATs is high (80%). However, they show no correlation between their statistics and the geographical location of the peers nor looked at the NAT timeout. Finally in [14] the authors measured (from data gathered between 2005 and 2008) that, in the average swarm of a public BitTorrent community, two third of the peers are firewalled. [2] Bit Torrent, [3] Lime Wire, [4] Kazaa, [5] Skype, [6] GeoIP, [7] P. Srisuresh and M. Holdrege, RFC IP Network Address Translator (NAT) Terminology and Considerations, August [8] M. Holdrege and P. Srisuresh, RFC Protocol Complications with the IP Network Address Translator, January [9] B. Ford, P. Srisuresh, D. Kegel, Peer-to-peer Communication Across Network Address Translators, in Proceedings of USENIX, [10] S. Guha and P. Francis, Characterization and Measurement of TCP Traversal through NATs and Firewalls, in Proceedings of the 2005 Internet Measurement Conference (IMC05), October 2005.
5 [11] F. Audet and C. Jennings, RFC Network Address Translation (NAT) Behavioral Requirements for Unicast UDP, January [12] C. Jennings, NAT Classification Test results, Internet-Draft, July [13] J. Rosenberg, R. Mahy, P. Matthews, D. Wing, RFC Session Traversal Utilities for NAT (STUN), October [14] J.J.D. Mol, J.A. Pouwelse, D.H.J. Epema, H.J. Sips, Free-riding, Fairness, and Firewalls in P2P File-Sharing, 8-th IEEE International Conference on Peer-to-Peer Computing, [15] S. Xie, G. Y. Keung, and B. Li, A Measurement of a Large-Scale Peer-to-Peer Live Video Streaming System, In Proceedings of the IEEE International Conference on Parallel Processing Workshops, [16] Yan Huang, Tom Z. J. Fu, Dah-Ming Chiu, John C. S. Lui, Cheng Huang, Challenges, Design and Analysis of a Large-scale P2P-VoD System, In Proceedings of ACM SIGCOMM 08, October 2008.
Delft University of Technology Parallel and Distributed Systems Report Series. UDP NAT and Firewall Puncturing in the Wild.
Delft University of Technology Parallel and Distributed Systems Report Series UDP NAT and Firewall Puncturing in the Wild Gertjan Halkes science@ghalkes.nl Johan Pouwelse j.a.pouwelse@tudelft.nl report
More informationNAT and Firewall Traversal with STUN / TURN / ICE
NAT and Firewall Traversal with STUN / TURN / ICE Simon Perreault Viagénie {mailto sip}:simon.perreault@viagenie.ca http://www.viagenie.ca Credentials Consultant in IP networking and VoIP at Viagénie.
More informationPeer-to-Peer Networks Hole Punching 7th Week
Peer-to-Peer Networks Hole Punching 7th Week Department of Computer Science 1 Peer-to-Peer Networks NAT, PAT & Firewalls 2 2 Network Address Translation Problem too few (e.g. one) IP addresses for too
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security Network Address Translation Christian Grothoff Technische Universität München April 8, 2013 Freedom of connection with any application to any party is the fundamental
More informationSIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University
SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University ABSTRACT The growth of market for real-time IP communications is a big wave prevalent in
More informationPeer-to-Peer Networks 16 Hole Punching. Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg
Peer-to-Peer Networks 16 Hole Punching Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Peer-to-Peer Networks NAT, PAT & Firewalls 2 Network Address Translation
More informationNAT/Firewall traversal:issues and solutions
NAT/Firewall traversal:issues and solutions Fakher Atout Helsinki University of Technology fakher@cc.hut.fi Abstract Network Address Translators (NATs) and Firewalls are increasingly used in all type of
More informationNetwork Convergence and the NAT/Firewall Problems
Network Convergence and the NAT/Firewall Problems Victor Paulsamy Zapex Technologies, Inc. Mountain View, CA 94043 Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
More informationDeveloping P2P Protocols across NAT
Developing P2P Protocols across NAT Girish Venkatachalam Abstract Hole punching is a possible solution to solving the NAT problem for P2P protocols. Network address translators (NATs) are something every
More informationA Scalable Multi-Server Cluster VoIP System
A Scalable Multi-Server Cluster VoIP System Ming-Cheng Liang Li-Tsung Huang Chun-Zer Lee Min Chen Chia-Hung Hsu mcliang@nuk.edu.tw {kpa.huang, chunzer.lee}@gmail.com {minchen, chhsu}@nchc.org.tw Department
More informationFirewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
More informationNAT and Firewall Traversal with STUN / TURN / ICE
NAT and Firewall Traversal with STUN / TURN / ICE Simon Perreault Viagénie {mailto sip}:simon.perreault@viagenie.ca http://www.viagenie.ca Credentials Consultant in IP networking and VoIP at Viagénie.
More informationPeer-to-Peer Communication Across Network Address Translators
Peer-to-Peer Communication Across Network Address Translators Bryan Ford Massachusetts Institute of Technology baford@mit.edu Dan Kegel dank@kegel.com Pyda Srisuresh Caymas Systems, Inc. srisuresh@yahoo.com
More informationVoIP and NAT/Firewalls: Issues, Traversal Techniques, and a Real-World Solution
ACCEPTED FROM OPEN CALL VoIP and NAT/Firewalls: Issues, Traversal Techniques, and a Real-World Solution Hechmi Khlifi, Jean-Charles Grégoire, and James Phillips, Université du Québec ABSTRACT In spite
More informationTCP Connections for P2P Apps: A Software Approach to Solving the NAT Problem
Carnegie Mellon University Research Showcase @ CMU Institute for Software Research School of Computer Science 2005 TCP Connections for P2P Apps: A Software Approach to Solving the NAT Problem Jeffrey L.
More informationNAT Traversal for VoIP. Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University
NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University 1 What is NAT NAT - Network Address Translation RFC 3022
More informationP2P File Sharing Ratio
Free-riding, Fairness, and Firewalls in P2P File-Sharing J.J.D. Mol, J.A. Pouwelse, D.H.J. Epema, and H.J. Sips Department of Computer Science Delft University of Technology P.O. Box 53, 26 GA Delft, The
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationHow NAT-Compatible Are VoIP Applications?
CONSUMER COMMUNICATIONS AND NETWORKING How -Compatible Are VoIP Applications? Ying-Dar Lin, Chien-Chao Tseng, Cheng-Yuan Ho, and Yu-Hsien Wu, National Chiao Tung University 1 Some users may consider an
More informationThe H.323 NAT/FW Traversal Solution
Open Community Specification The H.323 NAT/FW Traversal Solution January 2014 International Multimedia Communications Consortium Summary This document describes the NAT/FW traversal solution defined by
More informationMINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1
Table of Contents 1. REQUIREMENTS SUMMARY... 1 2. REQUIREMENTS DETAIL... 2 2.1 DHCP SERVER... 2 2.2 DNS SERVER... 2 2.3 FIREWALLS... 3 2.4 NETWORK ADDRESS TRANSLATION... 4 2.5 APPLICATION LAYER GATEWAY...
More informationSkype characteristics
Advanced Networking Skype Renato Lo Cigno Credits for part of the original material to Saverio Niccolini NEC Heidelberg Skype characteristics Skype is a well known P2P program for real time communications
More informationICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration
ICS 351: Today's plan IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration IP address exhaustion IPv4 addresses are 32 bits long so there
More informationBest Practices for Controlling Skype within the Enterprise. Whitepaper
Best Practices for Controlling Skype within the Enterprise Whitepaper INTRODUCTION Skype (rhymes with ripe ) is a proprietary peer-to-peer (P2P) voice over Internet protocol (VoIP) network, founded by
More informationApplication Note. Onsight TeamLink And Firewall Detect v6.3
Application Note Onsight And Firewall Detect v6.3 1 ONSIGHT TEAMLINK HTTPS TUNNELING SERVER... 3 1.1 Encapsulation... 3 1.2 Firewall Detect... 3 1.2.1 Firewall Detect Test Server Options:... 5 1.2.2 Firewall
More informationKeywords: VoIP, Mobile convergence, NGN networks
VoIP Mobility Issues Gábor Bányász, Renáta Iváncsy Department of Automation and Applied Informatics and HAS-BUTE Control Research Group Budapest University of Technology and Economics Goldmann Gy. tér
More informationRapidUpdate: Peer-Assisted Distribution of Security Content
RapidUpdate: Peer-Assisted Distribution of Security Content Denis Serenyi and Brian Witten Symantec Research Labs* Abstract We describe RapidUpdate, a peer-assisted system tailored to the specific needs
More informationDissertation Title: SOCKS5-based Firewall Support For UDP-based Application. Author: Fung, King Pong
Dissertation Title: SOCKS5-based Firewall Support For UDP-based Application Author: Fung, King Pong MSc in Information Technology The Hong Kong Polytechnic University June 1999 i Abstract Abstract of dissertation
More informationAdaptation of TURN protocol to SIP protocol
IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 1, No. 2, January 2010 ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 78 Adaptation of TURN protocol to SIP protocol Mustapha GUEZOURI,
More informationSource-Connect Network Configuration Last updated May 2009
Source-Connect Network Configuration Last updated May 2009 For further support: Chicago: +1 312 706 5555 London: +44 20 7193 3700 support@source-elements.com This document is designed to assist IT/Network
More informationSIP OVER NAT. Pavel Segeč. University of Žilina, Faculty of Management Science and Informatics, Slovak Republic e-mail: Pavel.Segec@fri.uniza.
SIP OVER NAT Pavel Segeč University of Žilina, Faculty of Management Science and Informatics, Slovak Republic e-mail: Pavel.Segec@fri.uniza.sk Abstract Session Initiation Protocol is one of key IP communication
More informationInvestigating the Impact of Service Provider NAT on Residential Broadband Users
Investigating the Impact of Service Provider NAT on Residential Broadband Users Shane Alcock University of Waikato Hamilton, New Zealand salcock@cs.waikato.ac.nz Richard Nelson University of Waikato Hamilton,
More informationMobile P2PSIP. Peer-to-Peer SIP Communication in Mobile Communities
Mobile P2PSIP -to- SIP Communication in Mobile Communities Marcin Matuszewski, Esko Kokkonen Nokia Research Center Helsinki, Finland marcin.matuszewski@nokia.com, esko.kokkonen@nokia.com Abstract This
More informationWhite Paper. Traversing Firewalls with Video over IP: Issues and Solutions
Traversing Firewalls with Video over IP: Issues and Solutions V Table of Contents Introduction Role of a Firewall Deployment Issues Relating to IP Video and Firewall Traversal The VCON SecureConnect Solution
More informationUse Domain Name System and IP Version 6
Use Domain Name System and IP Version 6 What You Will Learn The introduction of IP Version 6 (IPv6) into an enterprise environment requires some changes both in the provisioned Domain Name System (DNS)
More informationPeer-to-Peer Communication Across Network Address Translators
Peer-to-Peer Communication Across Network Address Translators Bryan Ford Massachusetts Institute of Technology baford@mit.edu Dan Kegel dank@kegel.com Pyda Srisuresh Caymas Systems, Inc. srisuresh@yahoo.com
More informationSetting up a reflector-reflector interconnection using Alkit Reflex RTP reflector/mixer
Setting up a reflector-reflector interconnection using Alkit Reflex RTP reflector/mixer Mathias Johanson Alkit Communications AB Introduction The Alkit Reflex reflector/mixer system can be set-up to interconnect
More informationNetScaler carriergrade network
White Paper NetScaler carriergrade network address translation Preserve IPv4 network investments, consolidate application delivery control in one platform and lower capex and opex Protect your investment
More informationApplication Note. Onsight Connect Network Requirements v6.3
Application Note Onsight Connect Network Requirements v6.3 APPLICATION NOTE... 1 ONSIGHT CONNECT NETWORK REQUIREMENTS V6.3... 1 1 ONSIGHT CONNECT SERVICE NETWORK REQUIREMENTS... 3 1.1 Onsight Connect Overview...
More informationRequest for Comments: 5207 Category: Informational L. Eggert Nokia April 2008
Network Working Group Request for Comments: 5207 Category: Informational M. Stiemerling J. Quittek NEC L. Eggert Nokia April 2008 NAT and Firewall Traversal Issues of Host Identity Protocol (HIP) Communication
More informationBroadCloud PBX Customer Minimum Requirements
BroadCloud PBX Customer Minimum Requirements Service Guide Version 2.0 1009 Pruitt Road The Woodlands, TX 77380 Tel +1 281.465.3320 WWW.BROADSOFT.COM BroadCloud PBX Customer Minimum Requirements Service
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationNAT TCP SIP ALG Support
The feature allows embedded messages of the Session Initiation Protocol (SIP) passing through a device that is configured with Network Address Translation (NAT) to be translated and encoded back to the
More informationNetwork Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.
Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.20 Long term and short term solutions to Internet scalability
More informationAlkit Reflex RTP reflector/mixer
Alkit Reflex RTP reflector/mixer Mathias Johanson, Ph.D. Alkit Communications Introduction Real time audio and video communication over IP networks is attracting a lot of interest for applications like
More informationQuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview
Overview Models JE404A Key features Based on a security-hardened version of Linux Works in conjunction with existing firewalls Receives SIP signaling directly from Internet Transparently supports NAT;
More informationAn Untold Story of Middleboxes in Cellular Networks
An Untold Story of Middleboxes in Cellular Networks Zhaoguang Wang 1 Zhiyun Qian 1, Qiang Xu 1, Z. Morley Mao 1, Ming Zhang 2 1 University of Michigan 2 Microsoft Research Background on cellular network
More informationSupporting Document Mandatory Technical Document. Evaluation Activities for Stateful Traffic Filter Firewalls cpp. February-2015. Version 1.
Supporting Document Mandatory Technical Document Evaluation Activities for Stateful Traffic Filter Firewalls cpp February-2015 Version 1.0 CCDB-2015-01-002 Foreword This is a supporting document, intended
More informationFirewall Defaults, Public Server Rule, and Secondary WAN IP Address
Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N
More informationDesign of a SIP Outbound Edge Proxy (EPSIP)
Design of a SIP Outbound Edge Proxy (EPSIP) Sergio Lembo Dept. of Communications and Networking Helsinki University of Technology (TKK) P.O. Box 3000, FI-02015 TKK, Finland Jani Heikkinen, Sasu Tarkoma
More informationPolycom. RealPresence Ready Firewall Traversal Tips
Polycom RealPresence Ready Firewall Traversal Tips Firewall Traversal Summary In order for your system to communicate with end points in other sites or with your customers the network firewall in all you
More informationTable of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall
Table of Contents Blocking Peer to Peer File Sharing Programs with the PIX Firewall...1 Document ID: 42700...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...1 Conventions...2 PIX
More informationChallenges in NetFlow based Event Logging
Challenges in NetFlow based Event Logging Stefan Künkel IsarNet sk@isarnet.de 31.03.2012 Agenda Introduction Getting Events Example NSEL What is it? Analysis Example CGN Motivation NAT overview NAT Logging
More informationIPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date
IPv4 and IPv6 Integration Formation IPv6 Workshop Location, Date Agenda Introduction Approaches to deploying IPv6 Standalone (IPv6-only) or alongside IPv4 Phased deployment plans Considerations for IPv4
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More information- Introduction to Firewalls -
1 Firewall Basics - Introduction to Firewalls - Traditionally, a firewall is defined as any device (or software) used to filter or control the flow of traffic. Firewalls are typically implemented on the
More informationITL BULLETIN FOR JANUARY 2011
ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division
More informationOverview - Using ADAMS With a Firewall
Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationVoIP LAB. 陳 懷 恩 博 士 助 理 教 授 兼 所 長 國 立 宜 蘭 大 學 資 訊 工 程 研 究 所 Email: wechen@niu.edu.tw TEL: 03-9357400 # 255
SIP Traversal over NAT 陳 懷 恩 博 士 助 理 教 授 兼 所 長 國 立 宜 蘭 大 學 資 訊 工 程 研 究 所 Email: wechen@niu.edu.tw TEL: 03-9357400 # 255 Outline Introduction to SIP and NAT NAT Problem Definition NAT Solutions on NTP VoIP
More informationOverview - Using ADAMS With a Firewall
Page 1 of 9 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationAn Analysis of the Skype Peer-to-Peer Internet Telephony Protocol
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Written by: Salman A. Baset and Henning G. Schulzrinne (Colombia University, NY) CIS 6000 Distributed Systems Benjamin Ferriman bferrima@uoguelph.ca
More informationNAT Traversal in SIP. Baruch Sterman, Ph.D. Chief Scientist baruch@deltathree.com. David Schwartz Director, Telephony Research davids@deltathree.
Baruch Sterman, Ph.D. Chief Scientist baruch@deltathree.com David Schwartz Director, Telephony Research davids@deltathree.com Table of Contents 2 3 Background Types of Full Cone Restricted Cone Port Restricted
More informationSolution Review: Siemens Enterprise Communications OpenScape Session Border Controller
Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller Russell Bennett UC Insights www.ucinsights.com russell@ucinsights.com Introduction Those familiar with unified communications
More informationVoIP Impairment, Failure, and Restrictions
VoIP Impairment, Failure, and Restrictions A BROADBAND INTERNET TECHNICAL ADVISORY GROUP TECHNICAL WORKING GROUP REPORT A Uniform Agreement Report Issued: May 2014 Copyright / Legal Notice Copyright Broadband
More informationBootstrapping P2P VPN
Bootstrapping P2P VPN Felix Weißl Betreuer: Benjamin Hof, Lukas Schwaighofer Seminar Future Internet SS2014 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität München
More informationService Quality Assurance Mechanisms for P2P SIP VoIP
Service Quality Assurance Mechanisms for P2P SIP VoIP Xiaofei Liao, Fengjiang Guo, Hai Jin Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationDistrict of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification
1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationComputer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University
Computer Networks Introduc)on to Naming, Addressing, and Rou)ng Week 09 College of Information Science and Engineering Ritsumeikan University MAC Addresses l MAC address is intended to be a unique identifier
More informationVoice over IP Communications
SIP The Next Big Step Voice over IP Communications Presented By: Stephen J. Guthrie VP of Operations Blue Ocean Technologies Goals What are our Goals for Today? Executive Summary: It is expected that real-time
More informationApplications that Benefit from IPv6
Applications that Benefit from IPv6 Lawrence E. Hughes Chairman and CTO InfoWeapons, Inc. Relevant Characteristics of IPv6 Larger address space, flat address space restored Integrated support for Multicast,
More informationSolving the Firewall/NAT Traversal Issue of SIP:
Solving the Firewall/NAT Traversal Issue of SIP: Who Should Control Your Security Infrastructure? Ingate Systems www.ingate.com 1 1 Executive Summary...3 2 SIP, NATs and Enterprise Firewalls...4 3 Methods
More informationA Comparative Study of Signalling Protocols Used In VoIP
A Comparative Study of Signalling Protocols Used In VoIP Suman Lasrado *1, Noel Gonsalves *2 Asst. Prof, Dept. of MCA, AIMIT, St. Aloysius College (Autonomous), Mangalore, Karnataka, India Student, Dept.
More informationHow To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN
How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN Applicable Version: 10.6.2 onwards Overview Virtual host implementation is based on the Destination NAT concept. Virtual
More informationNAT Traversal for VoIP
NAT Traversal for VoIP Dr. Quincy Wu National Chi Nan University Email: solomon@ipv6.club.tw 1 TAC2000/2000 NAT Traversal Where is NAT What is NAT Types of NAT NAT Problems NAT Solutions Program Download
More informationLifeSize Transit Deployment Guide June 2011
LifeSize Transit Deployment Guide June 2011 LifeSize Tranist Server LifeSize Transit Client LifeSize Transit Deployment Guide 2 Firewall and NAT Traversal with LifeSize Transit Firewalls and Network Address
More informationSkype network has three types of machines, all running the same software and treated equally:
What is Skype? Why is Skype so successful? Everybody knows! Skype is a P2P (peer-to-peer) Voice-Over-IP (VoIP) client founded by Niklas Zennström and Janus Friis also founders of the file sharing application
More informationTrace analysis of Tribler BuddyCast. V. Jantet, D. Epema, M. Meulpolder
Trace analysis of Tribler BuddyCast V. Jantet, D. Epema, M. Meulpolder Trace analysis of Tribler BuddyCast Inter ship report in Computer Science Parallel and Distributed Systems group Faculty of Electrical
More informationIPv6 Fundamentals Ch t ap 1 er I : ntroducti ti t on I o P IPv6 Copyright Cisco Academy Yannis Xydas
IPv6 Fundamentals Chapter 1: Introduction ti to IPv6 Copyright Cisco Academy Yannis Xydas The Network Today The Internet of today is much different that it was 30, 15 or 5 years ago. 2 Technology Tomorrow
More informationAdding Multi-Homing and Dual-Stack Support to the Session Initiation Protocol
Adding Multi-Homing and Dual-Stack Support to the Session Initiation Protocol Mario Baldi, Fulvio Risso, Livio Torrero Dipartimento di Automatica e Informatica, Politecnico di Torino, Torino, Italy {mario.baldi,
More informationCarrier Grade NAT. Requirements and Challenges in the Real World. Amir Tabdili Cypress Consulting amir@cypressconsult.net
Carrier Grade NAT Requirements and Challenges in the Real World Amir Tabdili Cypress Consulting amir@cypressconsult.net Agenda 1 NAT, CG-NAT: Functionality Highlights 2 CPE NAT vs. CG-NAT 3 CGN Requirements
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationThe Bittorrent P2P File-sharing System: Measurements And Analysis J.A. Pouwelse, P. Garbacki, D.H.J. Epema, H.J. Sips Department of Computer Science,
The Bittorrent P2P File-sharing System: Measurements And Analysis J.A. Pouwelse, P. Garbacki, D.H.J. Epema, H.J. Sips Department of Computer Science, Delft University of Technology, the Netherlands BitTorrent
More informationA Comparison of Mobile Peer-to-peer File-sharing Clients
1. ABSTRACT A Comparison of Mobile Peer-to-peer File-sharing Clients Imre Kelényi 1, Péter Ekler 1, Bertalan Forstner 2 PHD Students 1, Assistant Professor 2 Budapest University of Technology and Economics
More informationNetwork Considerations for IP Video
Network Considerations for IP Video H.323 is an ITU standard for transmitting voice and video using Internet Protocol (IP). It differs from many other typical IP based applications in that it is a real-time
More informationNetwork Address Translation (NAT) Good Practice Guideline
Programme NPFIT Document Record ID Key Sub-Prog / Project Infrastructure Security NPFIT-FNT-TO-IG-GPG-0011.06 Prog. Director Chris Wilber Status Approved Owner James Wood Version 2.0 Author Mike Farrell
More informationIntroduction to Differentiated Services (DiffServ) and HP-UX IPQoS
Introduction to Differentiated Services (DiffServ) and HP-UX IPQoS What is Quality of Service (QoS)?... 2 Differentiated Services (DiffServ)... 2 Overview... 2 Example XYZ Corporation... 2 Components of
More informationExamining Proxies to Mitigate Pervasive Surveillance
Examining Proxies to Mitigate Pervasive Surveillance Eliot Lear Barbara Fraser Abstract The notion of pervasive surveillance assumes that it is possible for an attacker to have access to all links and
More informationMeasure wireless network performance using testing tool iperf
Measure wireless network performance using testing tool iperf By Lisa Phifer, SearchNetworking.com Many companies are upgrading their wireless networks to 802.11n for better throughput, reach, and reliability,
More informationMulticast vs. P2P for content distribution
Multicast vs. P2P for content distribution Abstract Many different service architectures, ranging from centralized client-server to fully distributed are available in today s world for Content Distribution
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationManaging the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms
Managing the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms I-Ping Hsieh Shang-Juh Kao Department of Computer Science National Chung-Hsing University 250 Kuo-Kuang Rd., Taichung,
More informationPEER-TO-PEER NETWORK
PEER-TO-PEER NETWORK February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationOSSIR, November 2010 emil.ivov@sip-communicator.org 1/45
OSSIR, November 2010 emil.ivov@sip-communicator.org 1/45 Real-time Communication Applications OSSIR, November 2010 emil.ivov@sip-communicator.org 2/45 Protocols sip & xmpp OSSIR, November 2010 emil.ivov@sip-communicator.org
More informationResearch on P2P-SIP based VoIP system enhanced by UPnP technology
December 2010, 17(Suppl. 2): 36 40 www.sciencedirect.com/science/journal/10058885 The Journal of China Universities of Posts and Telecommunications http://www.jcupt.com Research on P2P-SIP based VoIP system
More informationPeer NAT Proxies for Peer-to-Peer Games
Peer NAT Proxies for Peer-to-Peer Games Daryl Seah, Wai Kay Leong, Qingwei Yang, Ben Leong, and Ali Razeen Department of Computer Science National University of Singapore Abstract Network Address Translators
More informationQAME Support for Policy-Based Management of Country-wide Networks
QAME Support for Policy-Based Management of Country-wide Networks Clarissa C. Marquezan, Lisandro Z. Granville, Ricardo L. Vianna, Rodrigo S. Alves Institute of Informatics Computer Networks Group Federal
More informationEnabling NAT and Routing in DGW v2.0 June 6, 2012
Enabling NAT and Routing in DGW v2.0 June 6, 2012 Proprietary 2012 Media5 Corporation Table of Contents Introduction... 3 Starting Services... 4 Distinguishing your WAN and LAN interfaces... 5 Configuring
More information