ietf
[Top] [All Lists]

RE: Effectiveness of STUN protocol

2004-01-19 21:43:09
Yes indeed. Probably the #1 biggest use for STUN short term is going
to be
SIP. It seems like not too much information has to go thru the known
reachable machine. Maybe just about the same loading as a DNS server?

So, although its kind of a work around, its probably going to do the
job.

Does that seem right?

Well, sort off. 

STUN is indeed a great protocol, with all the right authors, but it
makes a couple of assumptions about the type of NATs and about the
structure of the network. 

The assumption about NAT boxes tend to be correct, mostly because
vendors know about STUN and about similar workaround used by various
video-games manufacturers as well as by some IPv6 services (Teredo).
Most new NATs adopt the "cone" or "protected cone" model that work for
STUN, rather than the so call "symmetric" model. But there are still
some old fashioned designs that try hard to break things, so YMMV.

The assumption about topology is more likely to be wrong. STUN works
well in a "core and leaves" model in which privates networks are
directly to a globally addressed IPv4 core, with a single NAT. In this
model, two STUN hosts are either on the same private network, or
connected through the core. Things get much harder when there are
multiple layers of NAT, or when there are backdoor connections between
private networks.

STUN is an OK solution now, but it will stop working when the topology
becomes more complex -- communications will randomly fail. It is just as
easy to deploy IPv6 using Teredo now. As we go on deploying IPv6, we
have a chance to support these more complex topologies.

-- Christian Huitema