\documentclass{beamer} \usepackage{beamertexpower} \mode { \usetheme{Madrid} \usecolortheme{wolverine} \setbeamercovered{transparent} } \usepackage[english]{babel} %\usepackage[latin1]{inputenc} \usepackage{times} \usepackage[T1]{fontenc} \title{(Open)SER and MediaProxy} \subtitle{Bugspray for NATs} \author[Hans Fugal]{Hans~Fugal\\\href{mailto:hans@fugal.net}{hans@fugal.net}} \institute[Fugal~Computing]{\href{http://hans.fugal.net/resume}{Fugal~Computing}} \date{6 June 2006} % logo \pgfdeclareimage[height=0.5cm]{logo}{logo} \logo{\href{http://utaug.org}{\pgfuseimage{logo}}} % Delete this, if you do not want the table of contents to pop up at % the beginning of each subsection: \AtBeginSubsection[] { \begin{frame} \frametitle{Outline} \tableofcontents[currentsection,currentsubsection] \end{frame} } % If you wish to uncover everything in a step-wise fashion, uncomment % the following command: %\beamerdefaultoverlayspecification{<+->} \begin{document} \begin{frame} \titlepage \end{frame} \section*{Introduction} \subsection*{The Problem} \subsubsection*{SIP} \begin{frame} \frametitle{SIP} SIP is our enemy. \pause SIP is our friend. \pause SIP is here to stay. \end{frame} \begin{frame} \frametitle{SIP Trapezoid} \includegraphics[width=10cm]{trapezoid} \href{http://hans.fugal.net/utaug/eg/sip.txt}{Sample SIP Trace} \end{frame} \subsubsection{NAT} \begin{frame} \frametitle{NAT} NAT is our enemy. \pause NAT is our friend. \pause NAT is here to stay. \end{frame} \begin{frame} \frametitle{NAT} \begin{itemize} \item NAT stands for Network Address Translation \item Kinds of NAT: \begin{itemize} \item Full Cone \item Restricted Cone \item Port Restricted Cone \item Symmetric \end{itemize} \end{itemize} \end{frame} \begin{frame} \frametitle{Full Cone} A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address. \end{frame} \begin{frame} \frametitle{Restricted Cone} A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X. \end{frame} \begin{frame} \frametitle{Port Restricted Cone} A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P. \end{frame} \begin{frame} \frametitle{Symmetric} A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host. \end{frame} \subsubsection*{Firewall} \begin{frame} \frametitle{Firewalls} Firewalls are our enemy. \pause Firewalls are the other guy's friends. \pause Firewalls are here to stay. \end{frame} \begin{frame} \frametitle{Firewalls} Firewalls are like NATs without the benefits of IP conservation. \end{frame} \subsection*{The ``Solutions''} \begin{frame} \frametitle{The ``Solutions''} \begin{itemize} \item STUN \only<2->{(Helpful but not enough)} \item ICE \only<3->{(Pipe dream)} \item TURN \only<4->{(Pipe dream)} \item Smart NAT devices \only<5->{(Ha!)} \item Static NAT configuration \only<6->{(Difficult and Fragile)} \end{itemize} \end{frame} \subsection*{The Real Solution} \begin{frame} \frametitle{Session Border Controllers} \begin{figure} \includegraphics[width=12cm]{newport} \end{figure} \end{frame} \begin{frame} \frametitle{SER+MediaProxy} Hardware SBCs are expensive. SER+MediaProxy is the open source answer. \end{frame} \section*{SER} \begin{frame} \frametitle{(Open)SER} \begin{itemize} \item SIP Express Router \item Asterisk Comparison \begin{itemize} \item SIP only \item Proxy only \item Extreme scalability \item Lower-level \end{itemize} \item SER and OpenSER \end{itemize} \end{frame} \begin{frame} \frametitle{Configuration} \begin{itemize} \item Routing script processed for every message \item Modules \item Extensible with exec \item \href{http://hans.fugal.net/utaug/eg/openser.cfg}{Example} \end{itemize} \end{frame} \section*{MediaProxy} \begin{frame} \frametitle{\href{http://www.ag-projects.com/MediaProxy.html}{MediaProxy}} http://www.ag-projects.com/MediaProxy.html From the \href{http://mediaproxy.ag-projects.com/README.txt}{README}: \begin{quote} MediaProxy is a far-end NAT traversal solution for OpenSER (http://OpenSER.org) and SIP Express Router (http://iptel.org/ser) that has the following features: \begin{itemize} \item Distributed geographical location \item Scalability, load balancing and redundancy \item Real-time sessions statistics \item Configurable IP and UDP port range \item Support for audio and video streams \item Support for multiple media streams per call \item Accounting of network traffic \end{itemize} \end{quote} \end{frame} \begin{frame} \frametitle{MediaProxy Usage} \begin{itemize} \item Daemons: dispatcher and proxy \item \href{http://hans.fugal.net/utaug/eg/mediaproxy.ini.sample}{Sample mediaproxy config} \item \href{http://hans.fugal.net/utaug/eg/openser.cfg}{Sample SER config} \end{itemize} \end{frame} \section*{References} \begin{frame} \frametitle{References} \begin{itemize} \item \href{http://www.newport-networks.com/pages/nat-traversal.html}{Newport Networks 1460 Blurb} \item \href{http://www.iptel.org/info/products/etc/snom-stun.pdf}{Solutions for NAT Traversal in SIP Environment} \item \href{http://mediaproxy.ag-projects.com/NATtraversal-BestPractices.pdf}{NAT Traversal Best Practices} \item \href{http://www.cs.columbia.edu/sip/drafts/Ther0005\_SIP.pdf}{SIP, NAT, and Firewalls} \item \href{http://www.iptel.org/ser/doc/sip\_intro/}{SIP Introduction} \item \href{http://www.it.iitb.ac.in/xnet/sip/sessioninit.html}{SIP Trapezoid Applet} \end{itemize} \end{frame} \end{document}