I'm trying to find some statistics as to what the ratio of Cone vs Symmetric NAT solutions deployed in the world are, has anyone done some research into this?
I'm curious what percentage of users in certain demographics (broadband clients, for example) i can expect to be serviced using STUN alone, so i can come up with some figure to help me build out my network
Even just some anecdotal information of peoples experiences would be very useful
Tavis
From what I have seen, the companies are protected mainly by symmetric NAT (more secure). In residential premises, it is hard to detect, there are a lot of devices. Sometimes the STUN implementation in the clients is broken, and do not help at all to label a NAT from SIP server side.
Cheers, Daniel
On 11/19/05 01:36, Tavis P wrote:
I'm trying to find some statistics as to what the ratio of Cone vs Symmetric NAT solutions deployed in the world are, has anyone done some research into this?
I'm curious what percentage of users in certain demographics (broadband clients, for example) i can expect to be serviced using STUN alone, so i can come up with some figure to help me build out my network
Even just some anecdotal information of peoples experiences would be very useful
Tavis
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Many of the commercial, symmetric NATs have some form or fashion of SIP awareness (granted, some of them are broken... like Checkpoint's) -- Checkpoint, Cisco, Astaro, etc.
Older Netgear boxes tend to be symmetric, but the more recent ones are not. Linksys boxes are asymmetric, usually port-restricted cone. As for the rest, I don't know for certain, but for my clients, I've run into FAR more asymmetric home clients than not. Asymmetric NATs are far easier to implement and, done correctly (prt-restricted cone), provide actually more security than symmetric because it masks the identification of multiple servers behind a firewall, as not all requests come from the same IP/port combination.
Ideally, a good UA would be able to have a STUN server put in, check for whether or not VoIP would work with STUN, and default to that if necessary, but not if NOT necessary. Some UAs simply aren't that intelligent, and some UAs have broken STUN implementations (SJ Labs, for instance).
Of course, in the truly ideal world, all firewalls will become SIP aware...
N.
On Sun, 20 Nov 2005 15:46:26 +0200, Daniel-Constantin Mierla wrote
From what I have seen, the companies are protected mainly by symmetric NAT (more secure). In residential premises, it is hard to detect, there are a lot of devices. Sometimes the STUN implementation in the clients is broken, and do not help at all to label a NAT from SIP server side.
Cheers, Daniel
On 11/19/05 01:36, Tavis P wrote:
I'm trying to find some statistics as to what the ratio of Cone vs Symmetric NAT solutions deployed in the world are, has anyone done some research into this?
I'm curious what percentage of users in certain demographics (broadband clients, for example) i can expect to be serviced using STUN alone, so i can come up with some figure to help me build out my network
Even just some anecdotal information of peoples experiences would be very useful
Tavis
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Serusers mailing list Serusers@iptel.org http://mail.iptel.org/mailman/listinfo/serusers
-
Daniel-Constantin Mierla -
sip -
Tavis P