[VOIPSEC] IPv6 and the demise (or not) of NAT(wasRe: Interactive Connectivity Establishment (ICE))
Randell Jesup
rjesup at wgate.com
Wed Nov 16 13:13:31 CST 2005
"Ken Peterson" <kapnet at mindspring.com> writes:
>I dont see why identity/privacy is an issue with an SBC... perhaps Im
>missing something
>
>Fundamentally, I believe that SIP is suffering from too many technical
>options and not enough end to end solutions. My comments are intended to
>create solutions with a business case that meets the requirements of 95% of
>the user communities. I believe it does so
>
>1. STUN through ICE for the now (and possibly the future) .. TURN piece
>seems worthless for most
>2. SIP Proxy/NAT/FW with ALG functionality for media for future small
> scale
If the vendors ever get their ALG functionality halfway baked.
The only ALGs I've seen in routers (not yours, Ingate :-) ) have totally
screwed over outgoing SIP messages. For example: outgoing REGISTER:
NAT/ALG sends from port N, puts N+1 in the Via, and puts N+2 in the
Contact. Replies on N (since the UA used "rport" and the SIP server
replied to the sent-from port (N) that ends up in rport) are blocked.
No Joy.
>3. SBC for large scale performing media and signaling relay functionality
Except this requires Big Iron telco/cable mentality where the SBCs
are expensive, chew bandwidth, and really want to live close to the access
points (both for bandwidth and delay reasons). They enable/force access
control. Bandwidth might not be huge issue for 8K (payload) G.729
streams, but for 100-384+K video streams it is.
--
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
More information about the Voipsec
mailing list