[VoiceOps] Acme STUN

anorexicpoodle anorexicpoodle at gmail.com
Wed Sep 23 00:27:34 EDT 2009


Most of the poorly implemented ALG's ive found, namely some of the
integrated modem/router combos Verizon and Comcast are distributing, and
many of the newer linksys devices, where the ALG is good enough to not
trigger HNT but doesn't keep the NAT pinhole open, or they mangle the
traffic in some way that cannot be corrected on the service provider
side, use regex matching to replace private addressing at layer 5, so if
the layer 5 addressing has been pre-mangled by STUN the ALG doesnt touch
it since it isnt in the expected pattern, and things work normally. 

The multi-nat problem is something I have typically seen in hosted PBX
deployments into managed network office buildings where the managed
network is behind some kind of nat device, then each tenant drops in
their own soho router, so inter-office calling breaks since the SDP the
Acme sees isn't correct. You could correct around this by not releasing
media for same-IP traffic but thats a change with big impact for a small
problem that has other solutions. Of course YMMV.


On Wed, 2009-09-23 at 13:25 +0930, Peter Childs wrote:

> On 23/09/2009, at 2:49 AM, anorexicpoodle wrote:
> 
> > I have been looking at this as well, and yes there are some  
> > advantages but you really have to have the need.
> >
> > The good news:
> >
> > - STUN will result in lower CPU on the SD since the keepalives dont  
> > need to be responded to. Chances are this will not be a factor.
> > - Can be used when the customers endpoint is behind multiple layers  
> > of NAT, Acme HNT falls flat on its face in this environment.
> 
> I have endpoints behind multiple layers of NAT working fine.    HNT  
> finds the smallest pinhole existing on the NAT path.
> 
> > - STUN mangled traffic will not trigger the broken ALG's in many  
> > newer home routers since it doesnt match the lan-side network any  
> > longer. If you have had the displeasure of experiencing these broken  
> > ALG's in customer routers (linksys, dlink etc etc), and the fact  
> > that they quite often cannot be disabled, it can lead to a very  
> > frustrating customer experience. Once again HNT and poorly  
> > implemented ALG's do not make for happy customers.
> 
> 
> (..)
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20090922/6e5cb492/attachment.html>


More information about the VoiceOps mailing list