<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks for the feedback on Acme/STUN, guys. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>On a similar note, does anybody currently use Acme’s (A)HNT? It
seems like an effective way to eek out the longest registration possible for a
NAT’d endpoint, and tests out pretty well in our lab, I’m just wondering how
well it scales in a production environment.<o:p></o:p></span></p>
<div>
<p class=MsoNormal><span style='color:#1F497D'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>Tyler Parkin</span><span style='color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><a href="mailto:tparkin@nuvox.com"><span style='color:blue'>tparkin@nuvox.com</span></a><o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> anorexicpoodle
[mailto:anorexicpoodle@gmail.com] <br>
<b>Sent:</b> Wednesday, September 23, 2009 12:28 AM<br>
<b>To:</b> Peter Childs<br>
<b>Cc:</b> Parkin, Tyler; voiceops@voiceops.org<br>
<b>Subject:</b> Re: [VoiceOps] Acme STUN<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Most of the poorly implemented ALG's ive found, namely some
of the integrated modem/router combos Verizon and Comcast are distributing, and
many of the newer linksys devices, where the ALG is good enough to not trigger
HNT but doesn't keep the NAT pinhole open, or they mangle the traffic in some
way that cannot be corrected on the service provider side, use regex matching
to replace private addressing at layer 5, so if the layer 5 addressing has been
pre-mangled by STUN the ALG doesnt touch it since it isnt in the expected
pattern, and things work normally. <br>
<br>
The multi-nat problem is something I have typically seen in hosted PBX
deployments into managed network office buildings where the managed network is
behind some kind of nat device, then each tenant drops in their own soho
router, so inter-office calling breaks since the SDP the Acme sees isn't
correct. You could correct around this by not releasing media for same-IP
traffic but thats a change with big impact for a small problem that has other
solutions. Of course YMMV.<br>
<br>
<br>
On Wed, 2009-09-23 at 13:25 +0930, Peter Childs wrote: <o:p></o:p></p>
<pre><o:p> </o:p></pre><pre>On 23/09/2009, at 2:49 AM, anorexicpoodle wrote:<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>> I have been looking at this as well, and yes there are some <o:p></o:p></pre><pre>> advantages but you really have to have the need.<o:p></o:p></pre><pre>><o:p> </o:p></pre><pre>> The good news:<o:p></o:p></pre><pre>><o:p> </o:p></pre><pre>> - STUN will result in lower CPU on the SD since the keepalives dont <o:p></o:p></pre><pre>> need to be responded to. Chances are this will not be a factor.<o:p></o:p></pre><pre>> - Can be used when the customers endpoint is behind multiple layers <o:p></o:p></pre><pre>> of NAT, Acme HNT falls flat on its face in this environment.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>I have endpoints behind multiple layers of NAT working fine. HNT <o:p></o:p></pre><pre>finds the smallest pinhole existing on the NAT path.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>> - STUN mangled traffic will not trigger the broken ALG's in many <o:p></o:p></pre><pre>> newer home routers since it doesnt match the lan-side network any <o:p></o:p></pre><pre>> longer. If you have had the displeasure of experiencing these broken <o:p></o:p></pre><pre>> ALG's in customer routers (linksys, dlink etc etc), and the fact <o:p></o:p></pre><pre>> that they quite often cannot be disabled, it can lead to a very <o:p></o:p></pre><pre>> frustrating customer experience. Once again HNT and poorly <o:p></o:p></pre><pre>> implemented ALG's do not make for happy customers.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre><o:p> </o:p></pre><pre>(..)<o:p></o:p></pre><pre><o:p> </o:p></pre></div>
<DIV><P><HR>
This email and any attachments ("Message") may contain legally privileged and/or confidential information. If you are not the addressee, or if this Message has been addressed to you in error, you are not authorized to read, copy, or distribute it, and we ask that you please delete it (including all copies) and notify the sender by return email. Delivery of this Message to any person other than the intended recipient(s) shall not be deemed a waiver of confidentiality and/or a privilege.
</P></DIV>
</body>
</html>