[VoiceOps] Acme STUN

anorexicpoodle anorexicpoodle at gmail.com
Tue Sep 22 13:19:09 EDT 2009 

I have been looking at this as well, and yes there are some advantages
but you really have to have the need.

The good news:

- STUN will result in lower CPU on the SD since the keepalives dont need
to be responded to. Chances are this will not be a factor. 
- Can be used when the customers endpoint is behind multiple layers of
NAT, Acme HNT falls flat on its face in this environment. 
- STUN mangled traffic will not trigger the broken ALG's in many newer
home routers since it doesnt match the lan-side network any longer. If
you have had the displeasure of experiencing these broken ALG's in
customer routers (linksys, dlink etc etc), and the fact that they quite
often cannot be disabled, it can lead to a very frustrating customer
experience. Once again HNT and poorly implemented ALG's do not make for
happy customers. 


The bad news

- STUN is a less stateful keepalive, i.e. when the endpoint fails to
send a keepalive you cannot use forced un-registration or anything
similarly clever to keep the presence on the softswitch in sync. 
- It requires client configuration whereas HNT is completely dynamic. 


My plan was to have both on tap, and make use of adaptive HNT for most
customers but simply having a built-in STUN solution available as a tool
for that 4-5% of customers might need it makes it absolutely worthwhile,
however if you are in an environment where the access network is tightly
controlled there is likely little need for it, but if you are broadband
agnostic and just have to cope with whatever rinky-dink ISP/network
setup the customer brings, then my advice is get as many tools in your
toolbox as possible, just make sure you understand all of them inside
and out or you will simply cause yourself unnecessary headache. 


On Tue, 2009-09-22 at 11:07 -0400, Parkin, Tyler wrote:
> Has anybody used the STUN functionality of the Acme SD?  I posed the
> following questions to our SE and engineer, but if anybody has actual
> experience with it I’d be curious to know how it works.
> 
>  
> 
> -Does it work? J
> 
> -Re: performance, is STUN less costly than a very short registration
> refresh rate (<30 seconds)?  Some impact on performance of a fully
> loaded  SD 4000 would be appreciated.
> 
> -Is it a better solution than their hosted NAT traversal?
> 
>  
> 
> Thanks,
> 
> Tyler
> 
>  
> 
> 
> 
> ______________________________________________________________________
> This email and any attachments ("Message") may contain legally
> privileged and/or confidential information. If you are not the
> addressee, or if this Message has been addressed to you in error, you
> are not authorized to read, copy, or distribute it, and we ask that
> you please delete it (including all copies) and notify the sender by
> return email. Delivery of this Message to any person other than the
> intended recipient(s) shall not be deemed a waiver of confidentiality
> and/or a privilege.
> 
> 
> 
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20090922/92070e3e/attachment.html>

More information about the VoiceOps mailing list