Re: ICE issue 1: avoiding the STUN flood
Magnus Westerlund <magnus.westerlund <at> ericsson.com>
2005-08-01 10:17:01 GMT
I think the proposal looks good. I think it is a very reasonable
approach. As you are going to perform checks in semi parallel way there
will definitely be a need for a timer allowing for certain randomness in
behavior. Also due to the occasional packet loss the retransmission of
binding requests needs to be given a reasonable time to be sent and
returned for the higher prioritized items.
Jonathan Rosenberg wrote:
> The algorithm in the ICE spec, as currently specified, has each endpoint
> doing a connectivity check from each of its candidates, to each of its
> peer candidates, completely in parallel. If you have a multi-homed host
> with two interfaces, and you have a STUN, TURN server, and you are
> dual-stack, you end up with 12 candidates and 144 parallel connectivity
> checks to a similarly equipped peer.
> This presents several problems:
> 1. Magnus had raised this concern some time back, about the congestion
> load on the network with the checks. This is becoming significant.
> 2. There have been reports of NATs that, if the packet rates are too
> high, revert to symmetric behaviors. They also limit the number of ports
> that they'll allocate in some cases.