Re: [MMUSIC] RTSP and NATs
Tom Marshall <tmarshall@real.com> Mon, 03 February 2003 22:37 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA24121 for <mmusic-archive@odin.ietf.org>; Mon, 3 Feb 2003 17:37:33 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h13Mgi132274 for mmusic-archive@odin.ietf.org; Mon, 3 Feb 2003 17:42:44 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h13MgiJ32271 for <mmusic-web-archive@optimus.ietf.org>; Mon, 3 Feb 2003 17:42:44 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA24108 for <mmusic-web-archive@ietf.org>; Mon, 3 Feb 2003 17:37:02 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h13MgTJ32252; Mon, 3 Feb 2003 17:42:29 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h13MfnJ32216 for <mmusic@optimus.ietf.org>; Mon, 3 Feb 2003 17:41:49 -0500
Received: from virago (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA24088 for <mmusic@ietf.org>; Mon, 3 Feb 2003 17:36:06 -0500 (EST)
Received: from tommy by virago with local (Exim 3.36 #1 (Debian)) id 18fpFb-0007Qc-00; Mon, 03 Feb 2003 14:39:39 -0800
Date: Mon, 03 Feb 2003 14:39:39 -0800
From: Tom Marshall <tmarshall@real.com>
To: Jonathan Rosenberg <jdrosen@dynamicsoft.com>
Cc: Magnus Westerlund <magnus.westerlund@era.ericsson.se>, IETF MMUSIC WG <mmusic@ietf.org>
Subject: Re: [MMUSIC] RTSP and NATs
Message-ID: <20030203223939.GB26777@real.com>
References: <3E3E982E.2010706@era.ericsson.se> <20030203181518.GA26315@real.com> <3E3ECD0D.8010601@dynamicsoft.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="5vNYLRcllDrimb99"
Content-Disposition: inline
In-Reply-To: <3E3ECD0D.8010601@dynamicsoft.com>
User-Agent: Mutt/1.4i
Sender: mmusic-admin@ietf.org
Errors-To: mmusic-admin@ietf.org
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
On Mon, Feb 03, 2003 at 03:11:57PM -0500, Jonathan Rosenberg wrote: > inline. > > Tom Marshall wrote: > >On Mon, Feb 03, 2003 at 05:26:22PM +0100, Magnus Westerlund wrote: > > > >>Hi, > >> > >>Here is a proposal to the RTSP spec for how to handle NATs using STUN. > >>Please read and comment. It is planned to discuss NAT's on wednessday's > >>RTSP telecon. > > > > > >I believe that a viable NAT traversal protocol should not require changes > >to > >the protocols that it supports. If it is desired that RTSP and STUN work > >well together, I think the proper course of action is to modify the STUN > >draft to allow requests for consecutive blocks of mapped UDP ports required > >by RTSP and RTP. > > No, that is impossible. You have misunderstood how STUN works. Yes, you are correct. On initial reading of the STUN draft, I assumed "server" meant the NAT device. My understanding now is that the STUN server resides on a publicly accessible address outside and independent from any NAT. > STUN does not allocate the addresses. It merely tells the client what a > regular, off the shelf NAT has allocated to a user. Since regular, > off-the-shelf NATs do not know anything about RTP port pairings, two > separate STUN requests will result in a nat allocating two bindings > which are most likely not consecutive (or follow the odd/even rule). > THis is dealt with through an SDP extension that allows a client to > provide a specific address and port for SDP > (http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp4nat-03.txt). This draft again assumes that RTP is the only transport choice: rtcp-attribute = "a=rtcp:" port What if there were some other UDP based transport that required two UDP ports (perhaps even "RTPng")? You would need yet another draft to address it. Why not make the solution generic instead? > >Regardless of STUN, it may be useful to have a mechanism for non-contiguous > >UDP port mappings. I would argue in favor of a list based approach that > >has > >general applicability instead of an approach that is specific to RTP. For > >example, the client_port attribute could use '/' to separate non-contiguous > >ports: > > > >Transport: rtp/avp/udp;unicast;client_port=7834/23478 > > Well, I will take this opportunity to once more complain, as I have done > at IETF meetings in the past, of the continued cost of repeating > protocol development related to session initiation twice - once for SIP, > and once for RTSP. We already have a way to do this representation in > SDP for SIP. Seems like we need to repeat such design now for RTSP. I am not familiar with SIP (although I will read up on it before the next meeting). My only concern is that any modification to RTSP does not limit itself needlessly. If SIP has done so (and it appears that at least one SDP draft is doing so), then perhaps those decisions should be reconsidered. > >If someone were to propose a simple and complete solution for all > >NATs that everyone could get behind, that would be worth supporting. STUN > >is, by its own admission, not a complete solution[2]. > > Heh. How about world peace while you are at it. And a complete IPv6 transition too, eh (reducing or eliminating NAT)? ;-) > The problem is this. Experience has shown that solutions which ALWAYS > work tend to be way too expensive in situations that are far more > simpler solution will do. There is therefore a cost/generality curve > with a highly non-linear behavior, which results in solutions being > defined across this curve. STUN happens to be extremely cheap to do in > the cases where it works. THe most general solution, which are > media-relay types of solutions, are very expensive because of the need > to route media through intermediaries. I have just started looking at STUN but I have some questions: 1. Given a NAT that supports RTSP (eg. Linux 2.2 masquerading with an RTSP module loaded), will the client "detect" that it is behind a NAT? If so, how does this affect the Transport: header as it passes through? It seems to me that the RTSP enabled NAT will break the STUN-enabled Transport: header. If this is the case, I think that STUN should be reconsidered (at least for RTSP) as would break an otherwise functional NAT setup. 2. Given a successful STUN setup, does the STUN client direct all UDP traffic to the STUN server as a relay point, or does the client assume that all UDP packets sent between the STUN mapped port and any outside address will have the same NAT mapping? I will have to do some checking, but IIRC the Linux 'ipchains' NAT code does mappings with a '5-tuple': client ip, client port, nat port, server ip, server port. If the latter case is assumed (no relay), I don't think that the STUN mappings would behave as described in the draft. Packets sent to and from the appserver will have a different 5-tuple, and thus a different nat port, rendering STUN ineffective. Has this case been considered? > >If the vendors won't support it, then adding more Transport attributes > >creates more implementation headaches for ourselves with little or no > >benefit. I think the best solution is to find out how to persuade the > >vendors to properly support RTSP. It is really not much more difficult > >to support than, say, FTP. > > I sinceerely doubt that. Which do you doubt? The implementation headaches or that RTSP support is not difficult in NAT? > ANYWAY, all of that said (just responding to this assault on STUN), I do > not think STUN by itself is the right solution to RTSP nat traversal. > THere are two options that are better. > > OPTION 1: Symmtric RTP. See > http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdp-comedia-04.txt. > Effectively, the IP address/ports provided by the RTSP client are > ignored by the server. The client sends RTP/RTCP packets to the server, > and the server sends media back to the client at the source ip/port that > the RTP/RTCP came from. Requires no changes to the RTSP protocol, except > to recommend this method. No STUN support needed. Works through all NAT > types. It will require the client to send keepalive packets if there is > a pause in media. > > NB: This ONLY works if the RTSP server is on the public Internet!!!! This is similar to a technique that we (RealNetworks) use for our internal transport. It is quite effective (but not 100% of course). The biggest problem I see is that client->server RTP traffic is not expected. There is some chance that an intermediate device or proxy may behave badly. But so far, it seems to be the best choice. > OPTION 2: Coming Soon > I am working on a draft (out before the -00 deadline end of this month) > that finally unifies all of the mess of nat traversal together - STUN, > TURN, symmetric RTP. It has the property that it always results in the > optimal media path, lowest latency, lowest cost, and highest probability > of working (i.e., you hear media), compared to any other technique. In > the case of the RTSP server running on the public Internet, it would end > up working a lot like OPTION 1 above. But, it would also work in cases > where that was not true, for example, a client connecting to a media > server in another enterprise that is behind a nat. > > More to come soon. I will keep an eye out, thanks. -- You can complain because roses have thorns, or you can rejoice because thorns have roses. -- Abraham Lincoln
- [MMUSIC] RTSP and NATs Magnus Westerlund
- Re: [MMUSIC] RTSP and NATs Tom Marshall
- Re: [MMUSIC] RTSP and NATs Jonathan Rosenberg
- Re: [MMUSIC] RTSP and NATs Tom Marshall
- Re: [MMUSIC] RTSP and NATs Colin Perkins
- Re: [MMUSIC] RTSP and NATs Jonathan Rosenberg
- Re: [MMUSIC] RTSP and NATs Tom Marshall
- Re: [MMUSIC] RTSP and NATs Jonathan Rosenberg
- Re: [MMUSIC] RTSP and NATs Tom Marshall
- Re: [MMUSIC] RTSP and NATs Magnus Westerlund
- Re: [MMUSIC] RTSP and NATs philippe.gentric
- Re: [MMUSIC] RTSP and NATs Magnus Westerlund
- Re: [MMUSIC] RTSP and NATs philippe.gentric
- Re: [MMUSIC] RTSP and NATs Magnus Westerlund
- Re: [MMUSIC] RTSP and NATs philippe.gentric
- Re: [MMUSIC] RTSP and NATs Magnus Westerlund
- Re: [MMUSIC] RTSP and NATs philippe.gentric
- Re: [MMUSIC] RTSP and NATs Magnus Westerlund
- Re: [MMUSIC] RTSP and NATs philippe.gentric
- Re: [MMUSIC] RTSP and NATs Magnus Westerlund