[p2p-sip] NATs and P2P

[huang-ming.pan at comcast.net (Peter Pan)]

> I'm sorry, but if it doesn't address NAT we might as well go home.

I believe any incremental p2p-sip approach a disaster, too. Since all
technologies involved in p2p-sip have been there integrally proven for years
(by Skype) and most of them seem ought to be tightly coupled for feasibility
and interoperability, I believe a "do it once for all and forever" is the
right approach for the late comers (-: us :-) to attract world attention and
deroot all weeds in the future.

I wish I may add one more sentence: "I'm sorry, but if it doesn't address
SECURITY, TOP-LEVEL FEATURES, SPECIFIC OVERLAY(S)... among others we might
as well go home. The whole point of the overlay is to get around structures
such as NAT ... have STRONG SECURITY beneath it, have TOP-LEVEL FEATURES
(voicemail, centrex, ...) above it, and have INTEROPERABILITY surrounding
it."

peter

*** no bash pls. we are of the same country ***

----- Original Message -----
From: "Michael Slavitch" <slavitch at objectworld.com>
To: "Brijesh Kumar" <kumarb at research.panasonic.com>; "Bruce Lowekamp"
<lowekamp at cs.wm.edu>; "Philip Matthews" <philip_matthews at magma.ca>
Cc: "P2P-SIP" <p2p-sip at cs.columbia.edu>
Sent: Tuesday, March 21, 2006 7:14 AM
Subject: Re: [p2p-sip] NATs and P2P


> This I believe is a disastrous approach.  If it's not resolved day one
> it will not happen.
>
> SIP put this off ten years ago, because NAT was thought bad, something
> that would go away. It didn't happen.
>
> I'm sorry, but if it doesn't address NAT we might as well go home.  The
> whole point of the overlay is to get around structures such as NAT,
> different addressing (IPV4/IPV6), walled gardens and the like.
>
> In a pure IPV6 world we already have a P2P SIP protocol.  It is called
> SIP.
>
> M
>
>
> Michael Slavitch           Lead, Strategic Initiatives
> slavitch at objectworld.com   Objectworld Communications Corp.
> +1.613.599.9698 .225       Ottawa, Ontario, Canada
>
> -----Original Message-----
> From: p2p-sip-bounces at cs.columbia.edu
> [mailto:p2p-sip-bounces at cs.columbia.edu] On Behalf Of Brijesh Kumar
> Sent: March 21, 2006 10:18 AM
> To: Bruce Lowekamp; Philip Matthews
> Cc: P2P-SIP
> Subject: Re: [p2p-sip] NATs and P2P
>
> I think Bruce's approach makes sense.
>
> The first task should be to come out with a  base specification that
> works. If nothing else, this can be deployed in a hypothetical pure IPv6
> world, or  in a  limited enterprise universe where traversing NAT may
> not be an issue.
>
> The second task should be to modify the spec  that works with NAT.
> Trying to resolve NAT issue from day one is good idea, but one can
> equally treat is as an extension of the core design.  It is just a
> matter of convenience rather than  any hard logic.
>
> Cheers,
>
> --bk
>
> ----- Original Message -----
> From: "Bruce Lowekamp" <lowekamp at cs.wm.edu>
> To: "Philip Matthews" <philip_matthews at magma.ca>
> Cc: "P2P-SIP" <p2p-sip at cs.columbia.edu>
> Sent: Monday, March 20, 2006 8:58 PM
> Subject: Re: [p2p-sip] NATs and P2P
>
>
> > Philip,
> >
> > I absolutely agree that we need to have a solution for this type of
> > environment.   IMHO, some of the worries about NATs causing problems
> > have been somewhat overstated.  As you point out, the majority of NATs
> > in the wild are address independent mapping, and it is relatively
> > trivial to punch holes to establish communications.  But you're also
> > right that, especially for corporate networks, this doesn't solve the
> > entire problem.
> >
> > I spent some time thinking about how to solve the specific problems
> > you pose in terms of the protocol we have been playing with in
> > draft-bryan-sipping-p2p.  We completely ignore the issue of NATs in
> > there (not because we don't think it's a challenge, but just because
> > we want to work on a basic protocol first).  If I was to address some
> > of the problems you pose using that framework (modified chord), then
> > one approach would be to remove the requirement that DHT operations be
> > iterative and allow them to be recursive.  If DHT operations can be
> > recursive, then the number of connections that a node must maintain
> > through the firewall is limited by the size of the finger table.  That
> > number doesn't have to be very big to have a rather efficient DHT.
> > (never more than 128, and I think in practice the number can be much
> > smaller.  If your guess of 160 is correct, we're more than OK here.)
> >
> > I'm a bit unhappy with that because I really like the iterative
> > approach for a variety of reasons, but certainly the protocol could be
> > modified that way and a hybrid environment could be established where
> > some nodes are open (or easy to request opens) and support iterative
> > queries with anyone, but others are recursive queries only.  One
> > problem is that the burden of having a finger-table entry to a
> > recursive-only host is placed on the non-recursive node that would
> > otherwise redirect to its finger-table entry, but now must recurse the
> > request.
> >
> > Right now the scheme would also have problems because, as Eric rightly
> > points out in a separate thread on this mailing list, we don't have a
> > good way of selecting Identifiers for nodes behind NATs (in
> > particular).  But if you have node certificates or another way of
> > authenticating your nodes, this is less of a problem.
> >
> > I want to make it clear that I'm not ready to propose a specific
> > solution, but I think there are ways to support structured DHT
> > algorithms that are not really very painful and work reasonably well
> > inside these environments.  Clearly support for such an environment
> > needs to be a listed in eventual requirements docs.
> >
> > Bruce
> >
> >
> > On 3/20/06, Philip Matthews <philip_matthews at magma.ca> wrote:
> > > [I guess all this traffic on the mailing list will teach me not to
> go
> > > on vacation
> > > just before an IETF meeting!]
> > >
> > > As I catch up on all the messages about NATs over the past two
> weeks,
> > > it seems to me that many people are thinking only of the "Public P2P
> > > Service Provider"
> > > use-case as described in the use-cases document. In other words, a
> Skype
> > > competitor.
> > >
> > > However, the use-cases document that David Bryan and his co-authors
> > > wrote
> > > identified a number of other use-cases and it seems to me that these
> > > have somewhat
> > > different NAT traversal requirements.
> > >
> > > In particular, in some of these other use-cases, it seems to me that
> > > we CANNOT assume
> > > there are peers with public IP addresses.
> > >
> > > For example, consider the "Presence using Multimedia Consumer
> > > Electronics Devices"
> > > use-case (section 3.1.3) -- essentially a P2P network of multimedia
> > > consumer electronics devices
> > > that need presence information. Who is going to pay the extra money
> > > to give their digital camera (or those
> > > neat 770 tablets that Nokia is demoing here in Dallas?) a public
> IPv4
> > > address?? On the contrary,
> > > devices like this are almost certainly going to have private IP
> > > addresses -- it is very common today for
> > > wireless internet providers to place a big NAT in front of their
> > > entire network and give private addresses
> > > to all their customers.
> > >
> > > Or consider the "IP PBX" use-case -- a IP PBX system for a company
> > > with a number of small branches
> > > scattered throughout the world. Each branch is going to have a NAT
> in
> > > front of its network, and all
> > > the phones in that branch are going to have private IP addresses.
> > > None of the phones are going to
> > > have public IP addresses.
> > >
> > > It is handling the NAT traversal issues for use-cases like these
> that
> > > Eric Cooper and I wrote our
> > > internet-draft on NAT Traversal for P2P:
> > >
> http://www.ietf.org/internet-drafts/draft-matthews-p2psip-nats-
> > > and-overlays-00.txt
> > >
> > > - Philip
> > >
> > > _______________________________________________
> > > p2p-sip mailing list
> > > p2p-sip at cs.columbia.edu
> > > https://lists.cs.columbia.edu/cucslists/listinfo/p2p-sip
> > >
> > >
> >
> > _______________________________________________
> > p2p-sip mailing list
> > p2p-sip at cs.columbia.edu
> > https://lists.cs.columbia.edu/cucslists/listinfo/p2p-sip
> >
>
> _______________________________________________
> p2p-sip mailing list
> p2p-sip at cs.columbia.edu
> https://lists.cs.columbia.edu/cucslists/listinfo/p2p-sip
>
>
> --
>
>
> -----------------------------------------------
>
> This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error,
please immediately reply to the sender and delete this information from your
system. Use, dissemination, distribution, or reproduction of this
transmission by unintended recipients is not authorized and may be unlawful.
>
> Any views, opinions and content presented in this e-mail are solely those
of the author and may not represent those of Objectworld Communications
Corp.
>
>
>