<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.26.0">
</HEAD>
<BODY LINK="#0000ff">
Using it in production now, and I recommend using it from day 1, using a fixed nat traversal interval will chew up CPU on your acme when you have large amounts of HNT traffic. In switching from HNT to AHNT i saw a 10-12% drop in CPU usage and absolutely no negatives. I have found that most endpoints will land in a 90-120 second nat timer which reduces the total volume of registration traffic the SD must handle by 75% over the non-adaptive method. <BR>
<BR>
Just be aware of how your endpoints calculate their re-registration timer since you may need to tweak it by a few seconds to get the 1st HNT test to not collide with your endpoints short re-registration interval. <BR>
<BR>
On Tue, 2009-09-29 at 13:08 -0400, Parkin, Tyler wrote:
<BLOCKQUOTE TYPE=CITE>
Thanks for the feedback on Acme/STUN, guys. <BR>
<BR>
<BR>
<BR>
On a similar note, does anybody currently use Acme’s (A)HNT? It seems like an effective way to eek out the longest registration possible for a NAT’d endpoint, and tests out pretty well in our lab, I’m just wondering how well it scales in a production environment.<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
Tyler Parkin<BR>
<BR>
<A HREF="mailto:tparkin@nuvox.com">tparkin@nuvox.com</A><BR>
<BR>
<BR>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<B>From:</B> anorexicpoodle [mailto:anorexicpoodle@gmail.com] <BR>
<B>Sent:</B> Wednesday, September 23, 2009 12:28 AM<BR>
<B>To:</B> Peter Childs<BR>
<B>Cc:</B> Parkin, Tyler; voiceops@voiceops.org<BR>
<B>Subject:</B> Re: [VoiceOps] Acme STUN<BR>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<BR>
<BR>
Most of the poorly implemented ALG's ive found, namely some of the integrated modem/router combos Verizon and Comcast are distributing, and many of the newer linksys devices, where the ALG is good enough to not trigger HNT but doesn't keep the NAT pinhole open, or they mangle the traffic in some way that cannot be corrected on the service provider side, use regex matching to replace private addressing at layer 5, so if the layer 5 addressing has been pre-mangled by STUN the ALG doesnt touch it since it isnt in the expected pattern, and things work normally. <BR>
<BR>
The multi-nat problem is something I have typically seen in hosted PBX deployments into managed network office buildings where the managed network is behind some kind of nat device, then each tenant drops in their own soho router, so inter-office calling breaks since the SDP the Acme sees isn't correct. You could correct around this by not releasing media for same-IP traffic but thats a change with big impact for a small problem that has other solutions. Of course YMMV.<BR>
<BR>
<BR>
On Wed, 2009-09-23 at 13:25 +0930, Peter Childs wrote: <BR>
<BR>
<PRE>
On 23/09/2009, at 2:49 AM, anorexicpoodle wrote:
> I have been looking at this as well, and yes there are some
> advantages but you really have to have the need.
>
> The good news:
>
> - STUN will result in lower CPU on the SD since the keepalives dont
> need to be responded to. Chances are this will not be a factor.
> - Can be used when the customers endpoint is behind multiple layers
> of NAT, Acme HNT falls flat on its face in this environment.
I have endpoints behind multiple layers of NAT working fine. HNT
finds the smallest pinhole existing on the NAT path.
> - STUN mangled traffic will not trigger the broken ALG's in many
> newer home routers since it doesnt match the lan-side network any
> longer. If you have had the displeasure of experiencing these broken
> ALG's in customer routers (linksys, dlink etc etc), and the fact
> that they quite often cannot be disabled, it can lead to a very
> frustrating customer experience. Once again HNT and poorly
> implemented ALG's do not make for happy customers.
(..)
</PRE>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<HR>
<BR>
This email and any attachments ("Message") may contain legally privileged and/or confidential information. If you are not the addressee, or if this Message has been addressed to you in error, you are not authorized to read, copy, or distribute it, and we ask that you please delete it (including all copies) and notify the sender by return email. Delivery of this Message to any person other than the intended recipient(s) shall not be deemed a waiver of confidentiality and/or a privilege.<BR>
<BR>
<BR>
</BLOCKQUOTE>
<BLOCKQUOTE TYPE=CITE>
<PRE>
_______________________________________________
VoiceOps mailing list
<A HREF="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</A>
<A HREF="https://puck.nether.net/mailman/listinfo/voiceops">https://puck.nether.net/mailman/listinfo/voiceops</A>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>