Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ICE
             ICE




Taking us out of the NAT darkness.


                            http://edvina.net/sip2012
ICE
                                     The goal

              • Find the best media path between two
                  ...
ICE                                  Ice: Show me yours, and
                                            I’ll show you min...
ICE                                  Ice: Show me yours, and
                                            I’ll show you min...
ICE                                  Ice: Show me yours, and
                                            I’ll show you min...
ICE
                                     ICE candidate types
                  Alice

                                    ...
ICE
                                     Indicating Ice support


              • SIP media tag ”sip.ice” can be included ...
ICE
                                        Passing the token

                                                     •     ...
ICE
                                          Role play
   ICE
Controlling
  agent

                                      ...
ICE
                                           Re-invite?
   ICE
Controlling
  agent


                                   ...
ICE                              ICE Lite for hosts with
                                       public IP
ICE full




   ...
ICE
                                     Producing an offer

                                                           • ...
ICE
                                     Typical configuration
             PC

                                 Host addre...
ICE
                                     Dual stack
             PC
                                                      ...
ICE
                                     Single stack IPv6
             PC

                                 Host address ...
ICE
                                     INVITE and ICE

                                                          INVITE ...
ICE
                                     ICE and PRACK

              •        Using ICE; there’s a need to start selectio...
ICE                              18x+sdp speeds up the
                                     process


              • With...
ICE
                                     STUN success

              •        Verification of the response:
               ...
ICE
                                     ICE failure


              • If there are no selected ICE candidate pairs
      ...
ICE
                                     ICE SDP using STUN


          v=0
          o=jdoe 2890844526 2890842807 IN IP4 ...
ICE
                                     Two selection processes
                                             Aggressive  ...
ICE
                                     Aggressive ICE

        Alice                                                    ...
ICE
                                         Regular ICE nomination

        Alice                                        ...
ICE
                                     ICE delay

              •        If there are many candidates and media streams,...
ICE
                                     ICE changes to STUN
              •        ICE added new request
                ...
ICE
                                     RTP keepalives

              • Activates after 15 secs of no RTP
              •...
ICE
                                     IPv4 and IPv6


              • Candidates for both address families can be
     ...
ICE
                                     New SDP attributes


                                    a=candidate             ...
ICE
                                                                                   ICE
             •      Finds the b...
This material is part
                                                                                                    ...
Upcoming SlideShare
Loading in …5
×

of

SIP 2012:: ICE - NAT traversal for media Slide 1 SIP 2012:: ICE - NAT traversal for media Slide 2 SIP 2012:: ICE - NAT traversal for media Slide 3 SIP 2012:: ICE - NAT traversal for media Slide 4 SIP 2012:: ICE - NAT traversal for media Slide 5 SIP 2012:: ICE - NAT traversal for media Slide 6 SIP 2012:: ICE - NAT traversal for media Slide 7 SIP 2012:: ICE - NAT traversal for media Slide 8 SIP 2012:: ICE - NAT traversal for media Slide 9 SIP 2012:: ICE - NAT traversal for media Slide 10 SIP 2012:: ICE - NAT traversal for media Slide 11 SIP 2012:: ICE - NAT traversal for media Slide 12 SIP 2012:: ICE - NAT traversal for media Slide 13 SIP 2012:: ICE - NAT traversal for media Slide 14 SIP 2012:: ICE - NAT traversal for media Slide 15 SIP 2012:: ICE - NAT traversal for media Slide 16 SIP 2012:: ICE - NAT traversal for media Slide 17 SIP 2012:: ICE - NAT traversal for media Slide 18 SIP 2012:: ICE - NAT traversal for media Slide 19 SIP 2012:: ICE - NAT traversal for media Slide 20 SIP 2012:: ICE - NAT traversal for media Slide 21 SIP 2012:: ICE - NAT traversal for media Slide 22 SIP 2012:: ICE - NAT traversal for media Slide 23 SIP 2012:: ICE - NAT traversal for media Slide 24 SIP 2012:: ICE - NAT traversal for media Slide 25 SIP 2012:: ICE - NAT traversal for media Slide 26 SIP 2012:: ICE - NAT traversal for media Slide 27 SIP 2012:: ICE - NAT traversal for media Slide 28 SIP 2012:: ICE - NAT traversal for media Slide 29 SIP 2012:: ICE - NAT traversal for media Slide 30 SIP 2012:: ICE - NAT traversal for media Slide 31
Upcoming SlideShare
ICE: The ultimate way of beating NAT in SIP
Next

19 Likes

Share

SIP 2012:: ICE - NAT traversal for media

SIP has changed since the publication of RFC 3261 in 2002 - ten years ago. One important addition to the SIP family of protocols is ICE. ICE assists in media setup over complicated networks, like NAT and with dual stack IPv4 and IPv6 interfaces.

This presentation is part of Edvina's SIP 2012 project, to help customers write better specifications when purchasing SIP solutions. Read more on http://edvina.net/sip2012

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

SIP 2012:: ICE - NAT traversal for media

  1. 1. ICE ICE Taking us out of the NAT darkness. http://edvina.net/sip2012
  2. 2. ICE The goal • Find the best media path between two devices • Manage changes in a complex network • ICE depends on STUN (v2) • Discovery of public IP address + port • ICE depends on TURN • Allocation of public IP address + port for media relay © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  3. 3. ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  4. 4. ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  5. 5. ICE Ice: Show me yours, and I’ll show you mine. NATted network • All UAs find all their addresses, including using SIP SIP STUN Alice • May allocate an address using TURN • Sends all addresses as ”candidates” in SDP • Supports both IPv4 and IPv6 • IPv6 UAs allocate IPv4 Turn Turn address Bob NATted network Media relay RFC 5245 Cecilia © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  6. 6. ICE ICE candidate types Alice • HOST candidate: Address on the local network interface (VPN NAT and mobile IP included) • Server Reflexive Addresses: Addresses discovered with STUN (outside NAT) Turn • Relayed Candidates: TURN (RTP proxy) Server addresses © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  7. 7. ICE Indicating Ice support • SIP media tag ”sip.ice” can be included in registrations • SIP extension name ”ice” used in Require: header, not in Supported: • RFC 5768 Contact: 1200@192.168.50.23;ice © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  8. 8. ICE Passing the token • Each STUN check uses a unique SIP ”message authentication code” - MAC • One per candidate and per party involved STUN SIP • These are exchanged in the signalling layer • Prevention from unauthenticated media streams a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-ufrag:8hhY © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  9. 9. ICE Role play ICE Controlling agent • One agent (UA) is controlling, one is controlled agent SIP • The controlling agent decides which media streams to use STUN SIP • The confirmation is done by sending a STUN request on the winning stream, with a flag set to indicate that this will be used • This cancels further ICE processing ICE Controlled agent • In most call setups, the CALLER is the controller © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  10. 10. ICE Re-invite? ICE Controlling agent • If the selected candidates do not match SIP the address in the C and M= lines in the STUN SDP, a reinivite with a new SDP offer RTP SIP should be sent • At any point during the call, ICE can be restarted by anyone sending a re-INVITE with a new offer ICE Controlled agent © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  11. 11. ICE ICE Lite for hosts with public IP ICE full SIP • Doesn’t send a list of candidates STUN • Doesn’t send STUN requests SIP • Answers to STUN requests • The full agent is the controlling party and selects media IP pair ICE lite on media server with public IP © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  12. 12. ICE Producing an offer • 1. Gather candidates HOST 192.168.40.23 Server Reflexive • 2. Prioritize them 192.0.2.34:48712 • 3. Eliminate redundant candidates From STUN response Relayed • 4. Choose default candidates 198.51.100.23:52124 • 5. Formulate the SDP offer TURN allocation © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  13. 13. ICE Typical configuration PC Host address (Wifi) 192.168.0.23:6001 Host address (VPN) 10.7.17.123:6001 Reflexive address (Turn) 123.123.123.123:2343 Relay address (Turn) 123.123.123.127:7080 Four candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  14. 14. ICE Dual stack PC 192.168.0.23:6001 Host address (Wifi) IPv6 Link local, GLOBAL Host address (VPN) 10.7.17.123:6001 IPv6 VPN Reflexive address (Turn) 123.123.123.123:2343 Relay address (Turn) 123.123.123.127:7080 Seven candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  15. 15. ICE Single stack IPv6 PC Host address (Wifi) IPv6 Link local, ULA, GLOBAL Host address (VPN) IPv6 VPN Reflexive address (Turn) Relay address (Turn) 123.123.123.127:7080 Five candidates © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  16. 16. ICE INVITE and ICE INVITE with SDP Alice Bob 200 OK with SDP STUN request STUN response STUN request STUN response STUN request + selected flag STUN response Media starts © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  17. 17. ICE ICE and PRACK • Using ICE; there’s a need to start selection and media a.s.a.p. • If SDP answer is in 183, it has to be sent reliably in order to not miss the oppurtunity to start the ICE selection process • Using PRACK is one way. Another solution is to retransmit the 18x message with SDP until a STUN Bind request is received. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  18. 18. ICE 18x+sdp speeds up the process • With a 18x-response with SDP, the ICE selection process starts before the user answers. He/She may not answer at all - but it does help the user experience to have media ready when the user answers. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  19. 19. ICE STUN success • Verification of the response: • The response must be addressed to our sender’s IP and port • The response must be sent from our destination IP and port • The credentials must be correct • Otherwise STUN FAILS © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  20. 20. ICE ICE failure • If there are no selected ICE candidate pairs in any media stream, then the controlling agent needs to terminate the dialog • If there are at least one successful stream, the dialog continues. Failed streams should be disabled in a new offer © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  21. 21. ICE ICE SDP using STUN v=0 o=jdoe 2890844526 2890842807 IN IP4 10.0.1.1 s= c=IN IP4 192.0.2.3 The UA suggests using the STUN address t=0 0 a=ice-pwd:asd88fgpdd777uzjYhagZg a=ice-ufrag:8hhY m=audio 45664 RTP/AVP 0 b=RS:0 b=RR:0 a=rtpmap:0 PCMU/8000 a=candidate:1 1 UDP 2130706431 10.0.1.1 8998 typ host a=candidate:2 1 UDP 1694498815 192.0.2.3 45664 typ srflx raddr 10.0.1.1 rport 8998 © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  22. 22. ICE Two selection processes Aggressive Regular • Faster conclusion • Slower • May find low-latency media path An implementation could set up the call with aggressive nomination procedures, then re-invite and restart ICE with regular selection to find the best media path. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  23. 23. ICE Aggressive ICE Alice Bob STUN request + selected flag STUN response STUN request STUN response The controller does not wait. The first request that reaches Bob is selected. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  24. 24. ICE Regular ICE nomination Alice Bob STUN request STUN response STUN request STUN response STUN request + selected flag STUN response The controller waits for results until making a selection © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  25. 25. ICE ICE delay • If there are many candidates and media streams, a noticeable delay will happen after user ”answers” the call until media starts flowing • With a b2bua in the call path that use ICE, this will happen twice in the same call, which is not good • b2bua could speed up process by sending 183 with a=inactive then re-inviting quickly after 200 OK with a=sendrecv. This restarts ICE, but media is flowing. © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  26. 26. ICE ICE changes to STUN • ICE added new request Attributes types and a new attribute • Adding a new response ICE Priority • Stun username is peer Use-Candidate username plus local username separated by : Ice-Controlling • Username and password are random per session Ice-Controlled • Controller sends local username and password in the SDP © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  27. 27. ICE RTP keepalives • Activates after 15 secs of no RTP • All agents MUST send NAT keepalives in every media stream • STUN binding requests if the other side supports ice • otherwise RTP no-op, RTP CNG or RTP with incorrect version number (just dropped) © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  28. 28. ICE IPv4 and IPv6 • Candidates for both address families can be presented • Priority may be discussed, relates to O/S configuration (RFC 6724) © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  29. 29. ICE New SDP attributes a=candidate a=ice-ufrag a=remote-candidates a=ice-passwd a=ice-lite a=ice-options a=ice-mismatch © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  30. 30. ICE ICE • Finds the best media path • Takes time at call between two nodes setup • Supports IPv4 and IPv6 • Hard for b2bua’s to deployments support • Binds SIP+SDP to actual • Complex for media developers • Used by Microsoft, Apple (FaceTime), Google + - Hangouts © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d .
  31. 31. This material is part of the Edvina Learn more about SIP Master Classes SIP2012 at http://edvina.net/sip2012 © C o p y ri g h t 2 0 1 2 E d v i n a A B , S o l l e n t u n a , S w e d e n . A l l ri g h t s re s e r v e d . The SIP Master Class
  • songjiayang

    May. 14, 2019
  • zhulizhong

    Nov. 10, 2017
  • MarceloZamorano1

    Sep. 8, 2017
  • seshgirik

    Jun. 12, 2017
  • OktayKemal

    May. 5, 2016
  • prabhatkumarsuman

    Apr. 6, 2016
  • ssuser6b4faa

    Apr. 3, 2016
  • AlaKadhem

    Oct. 8, 2015
  • ssuser820d6a

    Aug. 24, 2015
  • hainguyen8y

    May. 10, 2015
  • mikakenny9

    Dec. 2, 2014
  • KapilDobal

    Jul. 30, 2014
  • VikashSingh52

    Jul. 1, 2014
  • hosonglee

    Feb. 17, 2014
  • vkrsingh

    Feb. 13, 2014
  • VARUNAGRAWAL10

    Jan. 24, 2014
  • lord_farquaad

    Dec. 6, 2012
  • landz

    Sep. 26, 2012
  • weichihting

    Sep. 24, 2012

SIP has changed since the publication of RFC 3261 in 2002 - ten years ago. One important addition to the SIP family of protocols is ICE. ICE assists in media setup over complicated networks, like NAT and with dual stack IPv4 and IPv6 interfaces. This presentation is part of Edvina's SIP 2012 project, to help customers write better specifications when purchasing SIP solutions. Read more on http://edvina.net/sip2012

Views

Total views

10,985

On Slideshare

0

From embeds

0

Number of embeds

1,062

Actions

Downloads

0

Shares

0

Comments

0

Likes

19

×