[p2p-hackers] NAT hole-punch keepalive/timeouts

larytet.8753341 at bloglines.com larytet.8753341 at bloglines.com
Mon Jun 6 23:52:09 UTC 2005 

and it resets (?) itself from time to time - 1-2 times/month. naturally peer
will get different port after the reset.
NAT penetration is a state machine
and not a trivial one.

--- Peer-to-peer development." <p2p-hackers at zgp.org
wrote:
Wow.  2s is a pretty small hole.  Hm.  Thanks for the info.
> 
>
larytet.8753341 at bloglines.com wrote:
> > coroparet firewalls can not keep
hole in NAT for 20s - there are too many
> > DNS requests, NTP, RTP, etc.
and "statefull" UDP firewall will create separate
> > hole for every destination
IP. 
> > 
> > the one i am sitting behind apparently
> > follows 2s rule.

> > 
> > --- David Barrett <dbarrett at quinthar.com wrote:
> > Ok, sounds

> > like 20 seconds might be an upper limit, then.  Are you using 
> > 

> >>"unconfirmed"
> > 
> > keepalives, or bidirectional?  Thanks for the
info.
> > 
> >>On Sun, 5 Jun 2005
> > 
> > 7:26 pm, Alex Pankratov wrote:

> > 
> >>>I am aware of at least one fairly big
> > 
> > firewall vendor
whose devices
> > 
> >>>default to 20 sec UDP rule lifetime. It
> > 
>
> is even less if the traffic
> > 
> >>>is unidirectional (ie 'unconfirmed'
by the
> > 
> > recepient). We are using
> > 
> >>>20 sec and seems to
work fine for our purposes.
> > 
> > 
> >>>Alex
> >>>
> >>>David Barrett
wrote:
> >>>
> >>>
> >>>>Ok, next question:
> > 
> > What kind of keepalive
period do you used to 
> > 
> >>>>maintain the holes you
> > 
> > so meticulously
punched?
> > 
> >>>>I'm in the process of testing my NAT hole-punching
> > 
> > solution, and I'm 
> > 
> >>>>finding erratic behavior that I
*think* is caused
> > 
> > by my holes closing 
> > 
> >>>>on me.  (Ie,
I'm able to receive from a peer for
> > 
> > a time, and then I 
> > 
> >>>>cannot.)  So I'm implementing a keepalive, but I'm
> > 
> > unsure
of what 
> > 
> >>>>period to use.  For now I'm just using a fixed 20-second

> > 
> > period, but I 
> > 
> >>>>have no idea if that's high or low.

> >>>>Another option
> > 
> > is to have some kind of adaptive solution
that tracks 
> > 
> >>>>elapsed time
> > 
> > between sent and received
data (thus estimating the last 
> > 
> >>>>known 'good'
> > 
> > window),
but that's a pain I'd prefer to avoid.
> > 
> >>>>Any suggestions?
> >>

> >>>The IETF BEHAVE group has discussed recommendations from anywhere 
> >>>
> > between 30 seconds 
> > 
> >>>>(http://list.sipfoundry.org/archive/ietf-behave/msg00441.html)

> > 
> > and 15 
> > 
> >>>>minutes 
> >>>>(http://list.sipfoundry.org/archive/ietf-behave/msg00127.html).

> > 
> >  But 
> > 
> >>>>ultimately those are foward-looking discussions,
and therefore
> > 
> > not 
> > 
> >>>>relevant.
> >>>>In the real world,
I've seen mention that even
> > 
> > 30 seconds is 
> > 
> >>>>insufficient

> >>>>(http://www.frameip.com/nntp/article-comp-protocols-tcp-ip.php?numero=20119).

> > 
> >  Perhaps 20 seconds works (http://www.tisc2001.com/newsletters/322.html),

> > but who knows.
> > 
> >>>>Basically, I'm curious what keepalives you've
found work
> > 
> > today in your 
> > 
> >>>>real applications, in the
real world.
> >>>>-david
> >>
> >>>_______________________________________________

> >>>
> >>>>p2p-hackers mailing
> > 
> > list
> > 
> >>>>p2p-hackers at zgp.org

> >>>>http://zgp.org/mailman/listinfo/p2p-hackers
> > 
> > 
> >>>>_______________________________________________

> >>>>Here is a web
> > 
> > page listing P2P Conferences:
> > 
> >>>>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

> > 
> > 
> >>>_______________________________________________
> >>>p2p-hackers

> > 
> > mailing list
> > 
> >>>p2p-hackers at zgp.org
> >>>http://zgp.org/mailman/listinfo/p2p-hackers

> > 
> > 
> >>>_______________________________________________
> >>>Here
is a web page
> > 
> > listing P2P Conferences:
> > 
> >>>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

> > 
> > 
> >>_______________________________________________
> >>p2p-hackers
mailing
> > 
> > list
> > 
> >>p2p-hackers at zgp.org
> >>http://zgp.org/mailman/listinfo/p2p-hackers

> > 
> > 
> >>_______________________________________________
> >>Here
is a web page listing
> > 
> > P2P Conferences:
> > 
> >>http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

> > 
> > 
> > _______________________________________________
> > p2p-hackers
mailing list
> > p2p-hackers at zgp.org
> > http://zgp.org/mailman/listinfo/p2p-hackers

> > _______________________________________________
> > Here is a web page
listing P2P Conferences:
> > http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

> > 
> > 
> _______________________________________________
> p2p-hackers
mailing list
> p2p-hackers at zgp.org
> http://zgp.org/mailman/listinfo/p2p-hackers

> _______________________________________________
> Here is a web page listing
P2P Conferences:
> http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

>

More information about the P2p-hackers mailing list