SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




 
tmc logo
December 2008 | Volume 11/ Number 12
Editorial Series Sponsorship

M5T Turns up the Heat on ICE

By: Richard “Zippy” Grigonis

Back in late 2005, early 2006 companies such as Microsoft (News - Alert), Cisco and M5T announced directives to move towards developing the Interactive Connectivity Establishment (ICE) Protocol for NAT Traversal. Since that time, we haven’t heard much about ICE; however, within the last few months ICE has returned to the forefront.

Samuel Guénette is the General Manager of M5T (www.m5t.com). He’s responsible for the company’s operations direction and activities, and recently he sat down with Yours Truly to discuss the direction ICE is taking and why it’s now once again in the public eye.

RG: We have seen a variety of different tools used for NAT Traversal — what has led us to ICE?

SG: Since its introduction, Session Initiation Protocol (News - Alert) (SIP), the leading VoIP signalling protocol, has gained tremendous market acceptance. However, the deployment of SIP has not always been easy and has seen its share of problems. The most significant problem is certainly the traversal of Network Address Translators (NATs) and firewalls, which are widely deployed on the Internet and private networks. SIP is greatly affected by NAT because it directly incorporates the local addresses in its packets. Until recently, several NAT traversal solutions have been proposed but none was very successful.

Take the Application Level Gateway (News - Alert) (ALG) for example. The ALG, which is one of the proposed solutions, consists of a piece of software that augments the functionality of NATs by hooking into its packet processing loop. The ALG inspects each packet as it transits through the NAT and performs address and port translation. For a SIP-aware ALG, this means that the content of each SIP packet must be parsed and the required headers must be modified to perform translation. This is far from an ideal solution and suffers from many problems. For instance, ALG breaks down when security mechanisms are used. Additionally, ALG must be updated regularly to support new protocol extensions as they are deployed. Finally, ALG often suffers from interoperability problems that break the translated protocol.

Another good example is Simple Traversal of User Datagram Protocol (UDP (News - Alert)) through NAT (STUN). Basically, STUN is a request/response protocol where a STUN client sends a request to a STUN server located on the public Internet. At reception of the request, the STUN Server sends back a response that incorporates in its body the source address of the request. Upon reception of the response, the STUN client discovers its public address. This public address is then used within the application messages instead of the local addresses. STUN works well and avoids many of the problems related to ALG. However STUN is still not perfect and does not work in some network topologies.

The Interactive Connectivity Establishment (ICE) protocol is our latest tool for NAT traversal. What is truly innovative about ICE is that it reuses other protocols like STUN and TURN in a totally new peer-to-peer approach. Instead of allocating a single port from one network interface, an ICE-compliant device gathers ports using all available mechanisms. This means that a port will be allocated for each network interface and that usually other mechanisms like STUN and TURN will also be used to allocate ports on the public side of NAT. This results in a list of potential candidates that are exchanged between ICE agents and for which connectivity is systematically tested. TURN being a relayed protocol that involves additional overhead, the connectivity tests are usually ordered so that TURN candidates are used only as a last resort. Once the connectivity tests are completed, the most prioritized candidate is used to exchange packets.

RG: M5T has introduced the M5T ICE SAFE component – tell us a little about it.

SG: The M5T ICE SAFE component defines a framework that uses many protocols such as: STUN, TURN, and RFC 3264 (Offer/Answer in SDP) to accomplish the task of finding a way to reach a destination. It seamlessly integrates with all the other M5T SAFE software components, including the M5T STUN SAFE, as well as the M5T Dual Stack Configuration, which allows for the seamless transition between IPv4 and IPv6. The M5T ICE SAFE component can also “learn” about the network topology in which the clients exist and the various sets of network addresses by which these devices can communicate.

The M5T ICE SAFE is based on the most recent ICE specification which is IETF ICE Draft 19 and will closely follow any updates. It is important to mention that Microsoft OCS 2k7 wave 13 or R2 release expected out in December is also based on the same version. IT

For more information about M5T MC ICE SAFE go to www.m5t.com or [email protected]

» Internet Telephony Magazine Table of Contents



Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
MSPWorld
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas