[OpenSIPS-Devel] STUN module
Razvan Pistolea
razvy000 at yahoo.com
Mon Sep 7 18:11:46 CEST 2009
This STUN module is required to run on 2 ports; and it does, but it is required by OpenSIPS that the primary_port is the same as OpenSIPS one (usually 5060).
IANA ports for stun are:
stun 3478/tcp Session Traversal Utilities for NAT (STUN) port
stun 3478/udp Session Traversal Utilities for NAT (STUN) port
stuns 5349/tcp STUN over TLS
stuns 5349/udp Reserved for a future enhancement of STUN
I rephrase the question:
1.nat traversal module sends pings to keepalive;
2.stun clients can send BINDING_REQUESTS to stun module to keepalive;
3.stun module could tell the nat traversal module not to keepalive the clients because they can keepalive themselves thus saving extra traffic;
It is indeed a great idea but:
rfc3489 or rfc5389 don't require clients to do that;
the usage of keepalive is somewhat strange:
rfc3489 tells about how to measure the bindings time using binary search in the time interval between received response and failed one; therefore there exists a time where while measuring the exact bindings expiration time the binding will expire.
-not to mention the NAT might have restarted -> bindings lost; or be under load and behave chaotic.
rfc5389 and [SIP-OUTBOUND] just say it is possible to send either SIP keepalives or STUN ones.
A discussion is in order.
I don't see where stund supports rfc5389.
So yes this is a replacement.
I tested my server with handmade messages(valid and very invalid) and wireshark.
I don't know software to do that (but it would be great).
Please explain what multiple instances means.
Cheers,
Razvan
Thomas Gelf <thomas at gelf.net> wrote:
> Razvan Pistolea wrote:
> > Thx for the enthusiasm!
> > The plan was to wait until Monday for an announcement
> but what the hell.
>
> Sorry ;-)
>
> >> - As far as I understood OpenSIPS' STUN module is
> not able
> >> to run on multiple ports (i.e.
> 5060 as of rfc5389 and 3478
> >> as of rfc3489), however it
> suggests using 3479 as secondary
> >> port (and 5060 as the default
> one)
> >>
> > You can change the secondary port(3479) to any port...
> say
> > (3478) and then you don't have to make any change to
> the clients
>
> 3478 is probable not the best choice for the secondary
> port, but
> I'll find another one :-p
>
> > and it even helps the SIP server (not having to
> differentiate
> > between incoming STUN/SIP messages).
>
> I'd like to add it that additional burden, that's the most
> exciting
> part of RFC 5389 - you can use STUN for keepalives. Did you
> already
> reflect whether it could make sense to let nat_traversal
> and stun
> modules somehow "talk" to each other (e.g. "client is
> sending stun
> keepalives from socket X, therefore no SIP keepalive is
> required on
> that socket)?
>
> >> - Therefore: to provide RFC 5389 and 3489 support
> without
> >> requiring customers to
> reconfigure their clients, I'll remain
> >> with two STUN servers, stund and
> OpenSIPS?!
> >>
> > Yes. Until i implement rfc 5389.
>
> Ok. So choosing primary port 3478 and secondary port 3479
> to replace
> stund is probably the way to go right now. Is your stun
> module a full
> replacement for stund? Are you aware of a free software
> allowing to
> (entirely) test their behaviour?
>
> > It can work on port 3478 and 5060(primary_port) but
> you will have
> > (just) a STUN rfc 3478 server.
>
> Got it. Running on both of them (= multiple instances)
> isn't possible,
> is it?
>
> >> - Are there clients already making use of RFC
> 5389?
> > I don't know.
> Me too :-) Anyone else?
>
> Cheers,
> Thomas
>
>
> _______________________________________________
> Devel mailing list
> Devel at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
>
More information about the Devel
mailing list