[AG-TECH] AG and NAT'ed networks.

Jason Bell j.bell at cqu.edu.au
Sun Nov 2 20:09:11 CST 2008


G'day Todd and Jimmy

 

Some other things to consider, which might help is:

 

·         (Disclaimer, I am not 100% sure if I am correct here [or my terminology], but I have seen instances that leads me to believe this is the case.)  RAT uses the same port for both sending and receiving audio.  Therefore, if you are using a "stateful" firewall (ie, allows traffic in on the same port as going out), then this might explain why Rat works.  Whereas, in simple terms, vic uses to different ports for incoming and outgoing traffic.  This is why, if using a stateful firewall, vic doesn't work correctly!

 

·         The other thing that I have seen with "some" NAT'ed networks is:

 

o    Traffic would only be received, if you are transmitting.  IE, no-one in rat would appear unless the talk button is enabled.  This also occurred in vic as well.

 

o    Because of a "Nat'ed" network, each AG would appear as the same single ipaddress connecting to a Bridge.  Because of the way unicast works (ie, only one ipaddress/port can connect at a single time), only a single AG site can connect to each bridge to work properly.  Therefore, have you tried connecting using separate bridges?

§  I have seen this issue at a particular site, where if person A connects to Bridge X, person B can connect to Bridge X, but the traffic isn't being sent or received correctly.

 

I hope some of this makes sense and helps.

 

Cheers,

Jason.

 

 

-----Original Message-----
From: Todd Zimmerman [mailto:todd.zimmerman at ubc.ca] 
Sent: Saturday, 1 November 2008 04:25 AM
To: Jimmy Miklavcic
Cc: ag-tech at mcs.anl.gov
Subject: Re: [AG-TECH] AG and NAT'ed networks.

 

On Tue, 2008-10-28 at 11:12 -0600, Jimmy Miklavcic wrote:

> I'm working with Kansas University Medical Center and we've been

> having troubles connecting via AG. They have a NAT'ed network and we

> are using unicast. We connect and communicate via RAT but we are

> unable to exchange video. The strange thing is that I a seeing their

> private IP address in the RAT, I assume that I should be seeing a more

> public address.

 

Not necessarily.  When you say "in the RAT" I assume you mean listed on

the RAT gui?? This ip comes from the RTCP and RAT settings and does not

necessarily reflect what is actually happen at the network level.

 

To see where the packets are actually being sent would probably require

a tcpdump.  

 

 

 

> I'm trying to understand the bridges' process flow. If two sites are

> connected to a bridge via unicast, does the unicast/multicast bridge

> process convert my unicast traffic to multicast then back to unicast

> before sending the stream to the other site? If that is the case then

> I can understand why we can't exchange video. Multicast can't handle

> private IP space. But then, why does RAT work?

 

If two sites are connected to the same bridge, then I don't think there

is a double conversion.  I can't guarantee that, but it wouldn't really

make sense.  I assume incoming unicast is redistributed to all existing

unicast connections - then sent to the multicast address as required.

 

My guess is that your suspicion of the bridge is not where the problem

lies - my guess it is the NAT'ing and/or firewall.  Correct me if I'm

wrong experts!! but I believe for NAT'd networks, you have to port

forward the required AG ports (video anyway) to the designated internal

computer.

 

Cheers,

 

Todd

 

-- 

Collaboration & Visualization Specialist

UBC Okanagan - http://web.ubc.ca/okanagan

WestGrid - www.westgrid.ca

Ph. 250-807-9979

Todd Zimmerman - todd.zimmerman at ubc.ca

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20081103/4bfcc50c/attachment.htm>


More information about the ag-tech mailing list