The document discusses Network Address Translation (NAT) and how it causes issues for SIP calls by hiding private IP addresses. It introduces Interactive Connectivity Establishment (ICE) as the IETF's solution to this problem. ICE uses STUN and TURN to dynamically discover potential transport addresses between endpoints and then verifies connectivity through these addresses to find the optimal path for media.
This document discusses various techniques for allowing peer-to-peer communication between hosts located behind Network Address Translation (NAT) devices, including NAT traversal using UDP hole punching, TCP hole punching, relaying, connection reversal, and the TURN protocol. It also covers proxy protocols like SOCKS that can be used to traverse NATs, as well as the UPnP standard for automatic port forwarding configuration.
This document discusses network address translation (NAT) and NAT traversal techniques. It begins with an overview of NAT and why NAT traversal is needed to access network resources behind NAT. It then covers various NAT traversal solutions including port forwarding, NAT traversal protocols like STUN and TURN, and implementations like ICE and WebRTC that use these protocols. The document provides examples and diagrams to illustrate key NAT concepts and how different traversal techniques work.
Architecting your WebRTC application for scalability, Arin SimeAlan Quayle
This document discusses how to architect WebRTC applications for scalability. It begins by outlining some of the challenges in building scalable WebRTC apps. It then presents 4 approaches to building apps: 1) To the WebRTC standard, 2) Unbundled WebRTC, 3) Using open-source media servers, and 4) Using communications platform as a service (CPaaS). Each approach has tradeoffs around cost, difficulty, and features included. The document also discusses using selectice forwarding units or multipoint control units to scale apps and considers architectures using orchestration and containers. It concludes with recommendations around optimizations, load testing, and future technologies.
This document discusses media handling in FreeSWITCH. It covers topics like audio codecs, transcoding, codec negotiation, bypass media, proxy media, and Sangoma transcoding. The document provides details on common audio codecs supported by FreeSWITCH, how transcoding works in FreeSWITCH, codec negotiation algorithms, different media modes like bypass and proxy media, and Sangoma hardware transcoding cards. It aims to give an overview of key concepts around media and codecs in FreeSWITCH.
The document discusses Network Address Translation (NAT) and how it causes issues for SIP calls by hiding private IP addresses. It introduces Interactive Connectivity Establishment (ICE) as the IETF's solution to this problem. ICE uses STUN and TURN to dynamically discover potential transport addresses between endpoints and then verifies connectivity through these addresses to find the optimal path for media.
This document discusses various techniques for allowing peer-to-peer communication between hosts located behind Network Address Translation (NAT) devices, including NAT traversal using UDP hole punching, TCP hole punching, relaying, connection reversal, and the TURN protocol. It also covers proxy protocols like SOCKS that can be used to traverse NATs, as well as the UPnP standard for automatic port forwarding configuration.
This document discusses network address translation (NAT) and NAT traversal techniques. It begins with an overview of NAT and why NAT traversal is needed to access network resources behind NAT. It then covers various NAT traversal solutions including port forwarding, NAT traversal protocols like STUN and TURN, and implementations like ICE and WebRTC that use these protocols. The document provides examples and diagrams to illustrate key NAT concepts and how different traversal techniques work.
Architecting your WebRTC application for scalability, Arin SimeAlan Quayle
This document discusses how to architect WebRTC applications for scalability. It begins by outlining some of the challenges in building scalable WebRTC apps. It then presents 4 approaches to building apps: 1) To the WebRTC standard, 2) Unbundled WebRTC, 3) Using open-source media servers, and 4) Using communications platform as a service (CPaaS). Each approach has tradeoffs around cost, difficulty, and features included. The document also discusses using selectice forwarding units or multipoint control units to scale apps and considers architectures using orchestration and containers. It concludes with recommendations around optimizations, load testing, and future technologies.
This document discusses media handling in FreeSWITCH. It covers topics like audio codecs, transcoding, codec negotiation, bypass media, proxy media, and Sangoma transcoding. The document provides details on common audio codecs supported by FreeSWITCH, how transcoding works in FreeSWITCH, codec negotiation algorithms, different media modes like bypass and proxy media, and Sangoma hardware transcoding cards. It aims to give an overview of key concepts around media and codecs in FreeSWITCH.
This document provides a summary of the history and features of the Kamailio SIP server. It discusses how Kamailio has evolved from SER (SIP Express Router) through various releases. Key features include SIP proxying, registration, routing, load balancing, TLS support, and integration with databases and programming languages. The document also summarizes new features in recent and upcoming releases such as enhanced TLS, Lua scripting, and IMS extensions.
Diameter is an authentication, authorization, and accounting (AAA) protocol that was developed as a successor to RADIUS. Some key points:
- Diameter was developed to address limitations in RADIUS such as reliability, security, failover support, and extensibility.
- It uses TCP or SCTP for reliable transport and supports features like transport layer security, failover mechanisms, and more flexible extensions compared to RADIUS.
- Diameter is composed of a base protocol and applications that allow it to be extended for different services. The base protocol specifies the message format, transport, and peer connections while applications define additional messages and service logic.
This document provides an overview of IPv6 basics including:
- IPv6 addressing uses 128-bit addresses written in hexadecimal separated by colons, with options to omit leading zeros and use "::" for multiple sections of zeros.
- IPv6 subnetting uses a prefix length instead of a subnet mask, with common prefix lengths being multiples of 4 and each prefix length corresponding to a range of IP addresses in the subnet.
- IPv6 connectivity can use static IPv6, DHCPv6, SLAAC, tunnel brokers or 6rd/6to4 for those without native IPv6 access from their ISP. DHCPv6 and SLAAC provide address autoconfiguration options.
The Session Initiation Protocol (SIP) is an application-layer signaling protocol used for establishing multimedia sessions over Internet Protocol (IP) networks, such as voice or video calls. SIP can be used to initiate a call, invite participants and manage a call. It defines several methods for call setup, maintenance and termination. Common SIP methods include INVITE for call initiation, ACK to acknowledge call setup, BYE to terminate a call, and REGISTER for registering location. SIP uses SDP for negotiating media capabilities and RTP for transporting media streams.
This document discusses using BGP Flowspec for DDoS mitigation. It provides an overview of legacy DDoS mitigation methods, describes how BGP Flowspec works by distributing flow specifications using BGP, and gives examples of how it can be used for inter-domain and intra-domain DDoS mitigation as well as with a scrubbing center. It also discusses vendor support, advantages over previous methods, potential issues, real world deployments, and the current state and future of BGP Flowspec.
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
Telecommunications Infrastructure Security
Getting in the SS7 kingdom: hard technology and disturbingly easy hacks to get entry points in the walled garden. This document discusses vulnerabilities in SS7 that allow unauthorized access to telecommunications infrastructure. It describes how SS7 was designed for reliability over security. It also outlines various entry points like STP connectivity, SIGTRAN protocols, and vulnerabilities in 3G femtocells that can be exploited to conduct attacks. The document warns that the traditional walled garden of telecom networks is opening up due to these issues and becoming harder to secure.
Getting clocks to agree on the time is tricky. Getting them to agree on the time better than 100 nanoseconds is even trickier.
In this talk I will provide an introduction to the basic principles of the Precision Time Protocol (PTP) and how it can be used to precisely synchronize computers over a LAN.
http://www.nycbug.org/index.cgi?action=view&id=10361
SIP is a protocol for establishing multimedia sessions over IP networks. It originated from work in the 1990s on protocols like SCIP and SIP drafts. SIP eventually became standardized as RFC 3261 and is now widely used for voice and video calling. Cisco supports SIP in products like Cisco Unified Communications Manager, Cisco Unified Border Element, and Cisco Unified Presence to enable VoIP calling and integration between SIP and other protocols. The future of SIP includes more peer-to-peer implementations and using presence as a foundation for new services.
Insights on the configuration and performances of SOME/IP Service DiscoveryNicolas Navet
Scalable Service-Oriented Middleware on IP (SOME/IP) is a proposal aimed at providing service-oriented communication in vehicles. SOME/IP nodes are able to dynamically discover and subscribe to available services through the SOME/IP Service Discovery protocol (SOME/IP SD). In this context, a key performance criterion to achieve the required responsiveness is the subscription latency that is the time it takes for a client to subscribe to a service. In this paper we provide a recap of SOME/SD and list a number of assumptions based on what we can foresee about the use of SOME/IP in the automotive domain. Then, we identify the factors having an effect on the subscription latency, and, by sensitivity analysis, quantify their importance regarding the worst-case service subscription latency. The analysis and experiments in this study provide practical insights into how to best configure SOME/IP SD protocol.
CCNA 2 Routing and Switching v5.0 Chapter 11Nil Menon
This document discusses network address translation (NAT) for IPv4. It describes the characteristics and types of NAT, including static NAT, dynamic NAT, and port address translation (PAT). It provides examples of configuring each type of NAT using Cisco IOS commands. Static NAT creates static one-to-one mappings between local and global addresses. Dynamic NAT uses a pool of public addresses assigned on a first-come first-served basis. PAT maps multiple private addresses to a single public address using port numbers. The document also covers verifying NAT configurations and port forwarding.
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
SIP use DNS to find a server for a specific URI, like sip:alice@example.com. With DNS a SIP service can provide failover, load balancing and much more. SIP without DNS is a broken solution. SIP and DNS rocks!
Diameter based Interfaces and descriptionManjeet Kaur
Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite.
The document describes the IMS session flow between an originating and terminating user in an IP Multimedia Subsystem network. It involves signaling messages being passed between the user equipment and P-CSCF in the visited network, and the home network nodes of I-CSCF, S-CSCF and AS, to setup and terminate a call or session. The process includes invite, response, acknowledgement and release messaging at each stage to establish and end media connectivity between the users.
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGatePROIDEA
Fortinet provides a carrier-grade NAT (CGN) solution using FortiGate firewalls. FortiGate firewalls offer high performance and scalability for CGN deployments through dedicated hardware. They can support millions of concurrent sessions and terabits of throughput. FortiGate firewalls also provide detailed logging, security features like ALGs, and redundancy for carrier networks.
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)GLC Networks
This document contains the slides for a webinar on networking in telecommunications presented by Achmad Mardiansyah from GLC Networks in Indonesia. The webinar covers the history of telecommunications networking from early systems using wires and human operators to modern digital networks using protocols like SS7, TCP, and IP. It reviews prerequisite knowledge on networking layers and protocols. The webinar demonstrates how signalling works over IP networks and includes a live practice session. Attendees are invited to ask questions. Additional training events are announced and contact information is provided.
RTSP is used for controlling streaming media over the web. It allows for audio and video-on-demand streaming to large groups. RTSP uses directives like OPTIONS, DESCRIBE, SETUP, PLAY, PAUSE, and TEARDOWN to control the stream. SDP is used to describe the metadata of the stream, including information like the session name, connection details, media formats, and attributes. Common RTSP operations include requesting information with OPTIONS, retrieving the SDP description with DESCRIBE, setting up transports with SETUP, starting and pausing playback with PLAY and PAUSE, and terminating the session with TEARDOWN.
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPSean Flores
This document discusses Voice over Internet Protocol (VoIP) including its protocols, security issues, benefits, and challenges. It begins by introducing VoIP and describing its basic operation and advantages like lower costs. It then covers specific VoIP protocols like SIP and H.323. The document analyzes VoIP considerations like delay, jitter, packet loss, and discusses how these issues can affect call quality. It also provides an overview of VoIP technologies and their benefits for businesses. Finally, it presents a case study on assessing network readiness for VoIP deployment.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
This document provides a summary of the history and features of the Kamailio SIP server. It discusses how Kamailio has evolved from SER (SIP Express Router) through various releases. Key features include SIP proxying, registration, routing, load balancing, TLS support, and integration with databases and programming languages. The document also summarizes new features in recent and upcoming releases such as enhanced TLS, Lua scripting, and IMS extensions.
Diameter is an authentication, authorization, and accounting (AAA) protocol that was developed as a successor to RADIUS. Some key points:
- Diameter was developed to address limitations in RADIUS such as reliability, security, failover support, and extensibility.
- It uses TCP or SCTP for reliable transport and supports features like transport layer security, failover mechanisms, and more flexible extensions compared to RADIUS.
- Diameter is composed of a base protocol and applications that allow it to be extended for different services. The base protocol specifies the message format, transport, and peer connections while applications define additional messages and service logic.
This document provides an overview of IPv6 basics including:
- IPv6 addressing uses 128-bit addresses written in hexadecimal separated by colons, with options to omit leading zeros and use "::" for multiple sections of zeros.
- IPv6 subnetting uses a prefix length instead of a subnet mask, with common prefix lengths being multiples of 4 and each prefix length corresponding to a range of IP addresses in the subnet.
- IPv6 connectivity can use static IPv6, DHCPv6, SLAAC, tunnel brokers or 6rd/6to4 for those without native IPv6 access from their ISP. DHCPv6 and SLAAC provide address autoconfiguration options.
The Session Initiation Protocol (SIP) is an application-layer signaling protocol used for establishing multimedia sessions over Internet Protocol (IP) networks, such as voice or video calls. SIP can be used to initiate a call, invite participants and manage a call. It defines several methods for call setup, maintenance and termination. Common SIP methods include INVITE for call initiation, ACK to acknowledge call setup, BYE to terminate a call, and REGISTER for registering location. SIP uses SDP for negotiating media capabilities and RTP for transporting media streams.
This document discusses using BGP Flowspec for DDoS mitigation. It provides an overview of legacy DDoS mitigation methods, describes how BGP Flowspec works by distributing flow specifications using BGP, and gives examples of how it can be used for inter-domain and intra-domain DDoS mitigation as well as with a scrubbing center. It also discusses vendor support, advantages over previous methods, potential issues, real world deployments, and the current state and future of BGP Flowspec.
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisP1Security
Telecommunications Infrastructure Security
Getting in the SS7 kingdom: hard technology and disturbingly easy hacks to get entry points in the walled garden. This document discusses vulnerabilities in SS7 that allow unauthorized access to telecommunications infrastructure. It describes how SS7 was designed for reliability over security. It also outlines various entry points like STP connectivity, SIGTRAN protocols, and vulnerabilities in 3G femtocells that can be exploited to conduct attacks. The document warns that the traditional walled garden of telecom networks is opening up due to these issues and becoming harder to secure.
Getting clocks to agree on the time is tricky. Getting them to agree on the time better than 100 nanoseconds is even trickier.
In this talk I will provide an introduction to the basic principles of the Precision Time Protocol (PTP) and how it can be used to precisely synchronize computers over a LAN.
http://www.nycbug.org/index.cgi?action=view&id=10361
SIP is a protocol for establishing multimedia sessions over IP networks. It originated from work in the 1990s on protocols like SCIP and SIP drafts. SIP eventually became standardized as RFC 3261 and is now widely used for voice and video calling. Cisco supports SIP in products like Cisco Unified Communications Manager, Cisco Unified Border Element, and Cisco Unified Presence to enable VoIP calling and integration between SIP and other protocols. The future of SIP includes more peer-to-peer implementations and using presence as a foundation for new services.
Insights on the configuration and performances of SOME/IP Service DiscoveryNicolas Navet
Scalable Service-Oriented Middleware on IP (SOME/IP) is a proposal aimed at providing service-oriented communication in vehicles. SOME/IP nodes are able to dynamically discover and subscribe to available services through the SOME/IP Service Discovery protocol (SOME/IP SD). In this context, a key performance criterion to achieve the required responsiveness is the subscription latency that is the time it takes for a client to subscribe to a service. In this paper we provide a recap of SOME/SD and list a number of assumptions based on what we can foresee about the use of SOME/IP in the automotive domain. Then, we identify the factors having an effect on the subscription latency, and, by sensitivity analysis, quantify their importance regarding the worst-case service subscription latency. The analysis and experiments in this study provide practical insights into how to best configure SOME/IP SD protocol.
CCNA 2 Routing and Switching v5.0 Chapter 11Nil Menon
This document discusses network address translation (NAT) for IPv4. It describes the characteristics and types of NAT, including static NAT, dynamic NAT, and port address translation (PAT). It provides examples of configuring each type of NAT using Cisco IOS commands. Static NAT creates static one-to-one mappings between local and global addresses. Dynamic NAT uses a pool of public addresses assigned on a first-come first-served basis. PAT maps multiple private addresses to a single public address using port numbers. The document also covers verifying NAT configurations and port forwarding.
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
SIP use DNS to find a server for a specific URI, like sip:alice@example.com. With DNS a SIP service can provide failover, load balancing and much more. SIP without DNS is a broken solution. SIP and DNS rocks!
Diameter based Interfaces and descriptionManjeet Kaur
Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from the earlier RADIUS protocol. It belongs to the application layer protocols in the internet protocol suite.
The document describes the IMS session flow between an originating and terminating user in an IP Multimedia Subsystem network. It involves signaling messages being passed between the user equipment and P-CSCF in the visited network, and the home network nodes of I-CSCF, S-CSCF and AS, to setup and terminate a call or session. The process includes invite, response, acknowledgement and release messaging at each stage to establish and end media connectivity between the users.
PLNOG 9: Robert Dąbrowski - Carrier-grade NAT (CGN) Solution with FortiGatePROIDEA
Fortinet provides a carrier-grade NAT (CGN) solution using FortiGate firewalls. FortiGate firewalls offer high performance and scalability for CGN deployments through dedicated hardware. They can support millions of concurrent sessions and terabits of throughput. FortiGate firewalls also provide detailed logging, security features like ALGs, and redundancy for carrier networks.
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)GLC Networks
This document contains the slides for a webinar on networking in telecommunications presented by Achmad Mardiansyah from GLC Networks in Indonesia. The webinar covers the history of telecommunications networking from early systems using wires and human operators to modern digital networks using protocols like SS7, TCP, and IP. It reviews prerequisite knowledge on networking layers and protocols. The webinar demonstrates how signalling works over IP networks and includes a live practice session. Attendees are invited to ask questions. Additional training events are announced and contact information is provided.
RTSP is used for controlling streaming media over the web. It allows for audio and video-on-demand streaming to large groups. RTSP uses directives like OPTIONS, DESCRIBE, SETUP, PLAY, PAUSE, and TEARDOWN to control the stream. SDP is used to describe the metadata of the stream, including information like the session name, connection details, media formats, and attributes. Common RTSP operations include requesting information with OPTIONS, retrieving the SDP description with DESCRIBE, setting up transports with SETUP, starting and pausing playback with PLAY and PAUSE, and terminating the session with TEARDOWN.
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIPSean Flores
This document discusses Voice over Internet Protocol (VoIP) including its protocols, security issues, benefits, and challenges. It begins by introducing VoIP and describing its basic operation and advantages like lower costs. It then covers specific VoIP protocols like SIP and H.323. The document analyzes VoIP considerations like delay, jitter, packet loss, and discusses how these issues can affect call quality. It also provides an overview of VoIP technologies and their benefits for businesses. Finally, it presents a case study on assessing network readiness for VoIP deployment.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
2014 innovaphone different protocols for different thingsVOIP2DAY
The document discusses various protocols used for unified communications, including H.323, SIP, H.460.17, ICE, DTLS-SRTP, and WebRTC. It summarizes the purpose and functionality of each protocol, how they enable connections through firewalls and NAT, and their advantages and disadvantages. WebRTC in particular allows for real-time communication within a web browser without plugins using HTML5 and JavaScript, establishing direct peer-to-peer connections through techniques like STUN and ICE.
This document provides an overview of hole punching techniques for establishing direct peer-to-peer connections between devices located behind firewalls or network address translation (NAT). It describes ICMP, TCP, and UDP hole punching protocols. Hole punching allows two devices to connect by establishing outbound connections through a third-party server that exchanges the devices' private address and port information. This allows the devices to try connecting to each other directly. The document also discusses NAT and its advantages and disadvantages.
This document provides an overview of peer-to-peer (P2P) overlay networks and distributed hash tables (DHTs) and how they relate to P2P SIP networks. It discusses how DHTs like Chord work to store and locate data in a decentralized manner. It also compares different P2P overlay structures and routing algorithms, noting benefits like resilience and proximity. The document aims to introduce key concepts for building scalable, global P2P SIP networks as an alternative to traditional client-server SIP architectures.
1. The document introduces Session Initiation Protocol (SIP), explaining that it is an application layer signaling protocol for initiating, modifying, and terminating multimedia communication sessions over IP such as voice and video calls.
2. It describes why SIP is used, including for conferencing, distance learning, video conferencing, instant messaging, and voice calls. It also outlines the main components of a SIP network including user agents, proxies, and redirects servers.
3. The document provides an overview of how SIP works by outlining the signaling process for registration, call setup and teardown, redirection, and media routing between user agents.
IPv4 addresses are 32-bit numbers that uniquely identify devices on the Internet. They consist of a network portion and host portion, with the subnet mask defining which bits belong to each portion. Addresses can be assigned statically or dynamically via DHCP. The IPv4 header contains fields like source/destination addresses, flags, fragmentation information, TTL, and checksum to route packets between networks.
This document provides an overview of different hole punching techniques used to establish direct connections between devices located behind firewalls or network address translation (NAT) devices. It discusses ICMP, TCP, and UDP hole punching. ICMP hole punching exploits a NAT's acceptance of inbound ICMP packets to transfer data between NATs without an external server. TCP hole punching uses a rendezvous server to exchange connection details between devices and establish an outbound connection. UDP hole punching similarly relies on an external server to initially set up UDP port mappings between devices that can then be used for direct communication.
VoIP uses packet networks to carry voice calls in addition to data. It works by converting analog voice signals to digital data packets which are transmitted over IP networks and reconverted to analog at the receiving end. Key components include IP phones, signaling servers, and protocols like SIP and H.323 which handle call setup and signaling. Quality of service for VoIP depends on factors like packet loss, delay, and jitter which can be managed through queuing and reserving bandwidth for voice traffic.
This document provides an overview of TCP/IP protocols and IP addressing. It discusses the layers of the TCP/IP model including application, transport, internet, and network access layers. It also covers IP addressing schemes like IPv4 and IPv6, address classes, public and private addressing, and methods for obtaining IP addresses like static, RARP, BOOTP, DHCP, and ARP.
This document provides an overview of TCP/IP protocols and IP addressing. It discusses the layers of the TCP/IP model including application, transport, internet, and network access layers. It also compares the TCP/IP and OSI models. The document then covers IP addressing formats, address types including public vs private, and methods for obtaining an IP address such as static, DHCP, RARP, and BOOTP. It concludes with an explanation of how the Address Resolution Protocol (ARP) maps IP addresses to MAC addresses for communication on a local network.
The document discusses TCP/IP networking fundamentals including:
- The TCP/IP protocol suite model with layers for internet, transport, and applications.
- Key protocols like IP, TCP, UDP that operate at each layer.
- IP addressing and routing protocols like RIP and OSPF.
- Network applications that use TCP/IP like HTTP, FTP, SMTP, and DNS.
- Networking services like DHCP, NAT, and firewalls.
- Emerging technologies like IPv6 that expand addressing and add new features.
Using a set of Network Critical Success Factors (NCSFs) - things network operators need to get right to run a good network - I then use them to evaluate IPv4 Network Address Translation.
I then look at the fundamental nature of IPv6 (and IPv4), and how it can better suite the two different application communications architectures - client-server and peer-to-peer.
Finally, I describe how some of the perceived benefits of NAT can be achieved with IPv6 without performing address translation.
This is an updated version of my AusNOG 2016 presentation on the same topic.
The document discusses Microsoft Lync Server 2010 Edge architecture and scenarios. It provides an overview of the Edge topology and components, including the Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server. It then summarizes scenarios for external user access, public IM federation, and NAT traversal using STUN, TURN, and ICE to relay media packets between internal and external clients.
Skype uses a peer-to-peer architecture where each computer has equal capabilities as both a client and server. It allows for voice and video calls over the internet using protocols like SIP and RTP. Skype employs a hybrid P2P model with supernodes to decentralize functions like user search and directory sharing. Calls between Skype users can happen directly or through relays if behind firewalls, while connections to regular phones use SkypeOut gateways.
Low-cost wireless mesh communications based on openWRT and voice over interne...IJECEIAES
Technology makes it easier for us to communicate over a distance. However, there are still many remote areas that find it difficult to communicate. This is due to the fact that communication infrastructure in some areas is expensive to build while the profit will be low. This paper proposes to combine voice over internet protocol (VoIP) over mesh network implemented on openWRT router. The routers are performing mesh functions. We set up a VoIP server on a router and enabled session initiation protocol (SIP) clients on other routers. Therefore, we only need routers as a means of communication. The experiment showed very good results, in the line-of-sight (LOS) condition, they are limited to reception distances up to 145 meters while in the non-lineof-sight (NLOS) condition, they are limited to reception distances up to 55 meters.
The document provides an overview of TCP/IP protocol suite and IP addressing. It describes the layers of the TCP/IP model including application, transport, internet and network access layers. It also discusses obtaining IP addresses through static and dynamic methods like DHCP, RARP, BOOTP and ARP. IPv4 and IPv6 addressing are also summarized.
Network Address Translation (NAT) allows devices on a private network to use public IP addresses to access the Internet. NAT translates private IP addresses to public IP addresses to conserve the limited number of public addresses. There are three main types of NAT: static NAT assigns a public IP to a device; dynamic NAT uses a pool of public IPs; and port address translation uses ports of a single public IP for multiple private devices. NAT provides advantages like acting as a firewall and allowing unlimited private devices to share a single public IP. However, it also causes some applications to work less effectively and complicates troubleshooting when IP addresses change.
The document discusses the requirements and experiences of carrier grade NAT (CGN) technology, including what CGN is, how it relates to IETF standards, managing subscriber sessions, flow analysis of subscriber behavior, logging optimization techniques like port block allocation and deterministic NAT, and the evolution of CGN including port forwarding and the new Port Control Protocol (PCP).
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfTechgropse Pvt.Ltd.
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
2. WebRTC is:
WebRTC is a free, open project that
enables web browsers with Real-Time
Communications (RTC) capabilities via
simple Javascript APIs.
WebRTC is a media engine with JavaScript
APIs.
WebRTC Allows developers to add realtime voice calls, video chats and file
sharing to their web apps without the
need for plug-ins.
The WebRTC initiative is a project
supported by Google, Mozilla and Opera.
3. How does it work?
Web Browser A
Java Script code calls
browser APIs to establish a
call
JavaScript
APIs
browser
1. HTML &
JavaScript
Web Server
Call signaling
2. HTML &
JavaScript
Web Browser B
WebRTC is a set of standardized browser APIs
4. WebRTC in Specs
APIs by W3C & Protocols by IETF
Connectivity
ICE, STUN and TRUN
Signaling:
Signaling protocol not determined
WebSocket
Must support SDP form to implement ICE
Media
DTLS for key exchange for SRTP
SRTP
Bundle and Media Multiplexing
Coders
Voice Coders: Opus and G.711
Video Coder: VP8 (not final)
5.
6. Network Address Translation
Network Address Translation (NAT) is the process of modifying
network address information in datagram packet headers while
in transit across a traffic routing device for the purpose of
remapping a given address space into another.
This mechanism is implemented in a routing device that uses
stateful translation tables to map the "hidden" addresses into a
single address and then rewrites the outgoing IP packets on exit
so that they appear to originate from the router.
In the reverse communications path, responses are mapped
back to the originating IP address using the rules ("state")
stored in the translation tables.
The translation table rules established in this fashion are
flushed after a short period without new traffic refreshing their
state.
7. STUN - Session Traversal Utilities for NAT
STUN is a standardized set of
methods and a network protocol
to allow an end host to discover
its public IP address if it is located
behind a NAT.
It is used to permit NAT
traversal for applications of realtime voice, video, messaging, and
other interactive IP
communications.
STUN is intended to be a tool to
be used by other protocols, such
as ICE.
STUN Server
STUN Response
Your address is
192.168.10.10:5000
STUN Query
What’s my IP address
8. Different types of NAT
Network address translation is implemented in a variety
of schemes of translating addresses and port
numbers, each affecting application communication
protocols differently.
Different NAT implementations is classified as:
Full cone NAT
Restricted cone NAT
Port restricted cone NAT
Symmetric NAT
9. Non- Symmetric NAT
Full cone, Restricted cone
and Port restricted cone
NATs are presenting a
“static” nature of the
mapping.
The NAT mapping is
according the source only.
A STUN query can predict
the mapping.
STUN Server 1
STUN Server 2
STUN Query
What’s my IP address
STUN Response
Your address is
200.200.1.1:1000
STUN Query
What’s my IP address
Static NAT
STUN Response
Your address is
200.200.1.1:1000
10. Symmetric NAT
Each request from the
same internal IP address
and port to a specific
destination IP address and
port is mapped to a unique
external source IP address
and port.
The mapping is done by a
combination of the source
and destination address.
A STUN query is varies
according the destination.
STUN Server 1
STUN Server 2
STUN Query
What’s my IP address
STUN Response
Your address is
200.200.1.1:1000
STUN Query
What’s my IP address
Symmetric NAT
STUN Response
Your address is
200.200.1.1:2000
Identity Crisis
11. Why symmetric NAT is challenging for SIP ?
For symmetric NAT the STUN query is irrelevant , since the
STUN answer is relevant only when communicating with the
STUN server, when communicating with other host the NAT
will map a new IP and port.
In case that a VoIP client is located after a symmetric NAT, the
client can’t share it’s own address (media) with the other side
of the call.
In case that two media devices located behind symmetric NAT
they can’t establish a call and must use an external media
relay server – TURN server.
12. SBC as a result of a standard mistake
Probably the single biggest mistake in SIP design was
ignoring the existence of NATs.
This error came from a belief in IETF leadership that IP
address space would be exhausted more rapidly and would
necessitate global upgrade to IPv6 and eliminate need for
NATs. The SIP standard has assumed that NATs do not exist.
SIP simply didn't work for the majority of Internet users who
are behind NATs.
At the same time it became apparent that the
standardization life-cycle is slower than how the market
ticks: SBCs were born, and began to fix what the standards
failed to do: NAT traversal.
13. How SBC solves the NAT traversal issue?
An SBC is NOT located behind
symmetric NAT, therefore it always
knows its own signaling and media
addresses.
When using an SBC to solve the
NAT traversal issues the most
common approach for SBC is to act
as the public interface of the
user agents.
This is achieved by replacing the
user agent’s contact information
with those of the SBC.
For remote user the SBC waits for
the 1st incoming media packet and
latches to its source IP.
Remote User
IP Phone 1
FW Symmetric NAT
SIP
SDP from IPP
includes wrong
IP:port
SIP
SIP
SDP from SBC
includes Correct
IP:port
SBC sends the
media to the
source IP
address of the
1st incoming
packet
SBC waits for The 1st
incoming packet
IP Phone 2
14. ICE in a nutshell
ICE resolves the connectivity issue at the signaling stage, via SDP
negotiation.
The caller gathers candidates, where each candidate is a potential
address for receiving media.
Three different types of candidates
Host candidate (local address)
Server Reflexive candidates (NAT residing addresses)
Relayed candidates (TURN server address –a host acting as a relay
towards the agent)
The callee gathers its own three candidates and sends them to the
caller. And by using STUN it start checking connectivity toward the
caller local and NAT residing addressed.
The caller checks connectivity towards the addresses provided by
the callee and chooses the best pair, LAN, NAT residing and for the
worst case scenario (both clients are behind symmetric NAT) TURN
allocation.
15. ICE How does it work?
STUN server
TURN server
NAT
Caller
WebRTC server
Callee
16. ICE – Session Flow
Gather Local
candidates
Gather Server
Reflexive
candidates using
STUN
Gather Relayed
candidates from
the TURN
server
Select the best
candidates
Perform Media
Check on all
peer candidates
Receive peer
candidates from
the SIP message
Exchange final
candidates with
the peer
Check the
connection type
Activate
UDP/TCP socket