STUNTR-069 STUNSTUNTR-069TR-069 TCP/HTTP/SOAPCPEACS!!!!####$%$%$%$%ConnectionRequest&'&'&'&'####()()()()ConnectionRequest*+,-*+,-*+,-*+,-TCP....UDP####ACS/0)1/0)1/0)1/0)1CPE23232323/4444 IPSecVPN ACS CPE56565656789:;(789:;(789:;(789:;(NAT=?@:;=?@:;=?@:;=?@:;NATNAT— AAAA9999BBBBCDCDCDCDEEEE23FGHIJ23FGHIJ23FGHIJ23FGHIJIP23232323####KLKLKLKLM%NOM%NOM%NOM%NOPQPQPQPQRRRRInternet==== RFC1918 3 IP A 10.0.0.0 10.255.255.255B 172.16.0.0 172.31.255.255C 192.168.0.0 192.168.255.255 RFC1631 TheIPNetworkAddressTranslator(NAT)RFC2663 IPNetworkAddressTranslator(NAT)TerminologyandConsiderationsRFC3022 TraditionalIPNetworkAddressTranslator(TraditionalNAT)lP !#$%&’ NAT() /*+, -./01 234567-.0189;: = NATNAT—4FullConeNATBBBBSTUVQSTUVQSTUVQSTUVQEEEEPortRestrictedConeNATBBBB4444NAT—•NAT •!#$•%&'() *+',-.FTP$NATNAT•/0UDP12STUNTURNICEuPnPALGs345stun,turn,ice6ietf789:voip;nat=?@AB$•/0TCPCDEF %GHIJKLNATNATTraversal!!!!NATNATTraversal!!!!•STUNMN9:ONAT?P•TURN6STUN@AQRST UV9:0WXNAT?;•ICEC6YZSTUN[TURNX\QR]^ _7`MaVoIPbcdefghN[ijkl eQRSIP`m/nop`FqrLRstIP!u#v.w1!uTURNxyz!${|UDPNAT=}GH{|UDPNAT=}GHSTUNSTUN— NATUDP!!!!STUNSimpleTraversalofUDPoverNATsRFC3489 IPNATIP!#$%&'NAT()*+,#NAT-./0123456789UDP03:;=?BT@A)?@A?@A?@A?@A BBBBCDCDCDCDEFGEFGEFGEFGNATHHHHIJEFGIJEFGIJEFGIJEFGNATKLMIJEFGKLMIJEFGKLMIJEFGKLMIJEFGNATNNNNO@AO@AO@AO@A BBBBPPPPQGRSTUVWXYZ[\]GQGRSTUVWXYZ[\]GQGRSTUVWXYZ[\]GQGRSTUVWXYZ[\]GNAT^^^^_]‘ab_]‘ab_]‘ab_]‘abNATcNcNcNcN RFC3489 SimpleTraversalofUserDatagramProtocol(UDP)ThroughNetworkAddressTranslators(NATs)STUNSTUN—#$%$%$%$%&STUNBCD6EFGHISTUNserverIP?PortJclientWANKLMNSTUNclientOPL+QRSmapaddressTUVWXNAT&'.)1+STUN)1+STUNYZ[)STUNYZ[\52+6]^_IP?2+6])RFC3489`abc3478)defg4hijD6klm&')STUNSTUN—Discovery$$$$%%%% (1)(2)UDP(3)UDP(4)NAT(5)NAT(6)NAT(7)!NATdC1eS1’f:S1eC1gh:ij-. ip(i1)kport(p1)lmS2eC1(i1:p1)’f:nC1&o:p(fullcone:qp(restriectedlrC1eS2’f:S2eC1gh:ij-. ip(i2)kport(p2),:nP2!=P1:/sC1oS2tuvw:p(SymmetricNATlxS1yz{*+eC1(i1:p1)’f,nc1|}~&op(portrestricted; UDP UDP STUN''''STUN—BindingLifetimeDiscovery$$$$%%%%;NATG0no5pqr/srtQNOK0nuvwxyh03zNAT{|}~|0n67NAT@pqr/ :fg030nvwx•~P1' •ANA•P1'+ M•TOB•TClientP3ServerP2•Server'P2ClientP1$A•ClientP1mServer•Servern ¡¢WANP2STUN;((((STUN—))))UDPP2P*+*+*+*+,,,,HolePunching----UDPHolePunching]STUNYZ[UDPz03r60YZ[k89P2P)STUN....STUN—/0123/0123/0123/0123;BindingRequest,BindingResponse ID128bit STUN4 'TLV(type-length-value)¡¢L£4¤4¥)4¤¦20§¨£4&'?ZID?4¦©4¥ª4&'«STUN¬®)MAPPED-ADDRESS!CHANGED-ADDRESS#$% $%& '$%()*+,-./STUN0TCP12345STUN4444STUN—/0123/0123/0123/01234&'¬&'678 59UDP:;78 59TCPSTUN ;TR-111¯CPE°±7K²³´µ¶5m0NAT·PACS)CPE°±70¸ACSK¹QNL+}ºNAT)CPE°±7»NAT¼IP½¾JACS)STUNservertz¿ÀÁ]ÂSTUNUsername?STUNPasswordÃACS6ÄÅÆ#STUNÇÈÆ#0l.É34ÊË.ÉÌÆÍzo¿À)ACSUDPCPECPE ACSCPECPEDiscoveryLifetimeCPEDiscoveryACSCPESTUNCPE1=?@1!A5BindingRequest$% B0xC001CONNECTION-REQUEST-BINDING0xC002BINDING-CHANGE2!A5CD1EF1!GHUDPIJ45STUNServerKLM:2!NOBHTTP1.1[2-6]PGET:3!QRSTUG#V./,W%STUN56565656—))))UDPTR-069789:789:789:789:,,,,#;#;#;#;----STUN STUN56565656—))))UDPTR-069789:789:789:789:,,,,=?@=?@=?@=?@----;CPE U