Well, first thanks for your answer Cameron...
I also thought that Rendezvous should be used only for LAN, but I recently
(last Monday) attended a seminar from Apple about Rendezvous technology and
they presented the so-called "Wide Area Rendezvous". Mr Stuart Cheshire even
showed us that he has access to his Apple printers (Rendezvous enabled) in
California (the seminar was in Tokyo, Japan) using the Apple VPN. Of course,
the printers were listed using Rendezvous Discovery.
Basically, he explained that RNDV WideArea makes use of "Dynamic DNS Update"
for registration and "Unicast DNS Queries" for Discovery. HE also presented
a slide showing the Architecture of "Dynamic DNS Update" which uses NAT-T
and TSIG.
OK, I didn't made to much research before sending my doubts to the list. The
NAT-T is used to allow the secure communication of two devices in different
LANs. Before the NAT-Transversal, the NAT and IPSec could not work together
because the IPSec changes the IP addresses and confunds the NAT Router. That
is why the NAT-T was created. Now it is possible to use IPSec and provide
Address Translation at the same time.
The TSIG is used for secure DNS. It provides Transaction Signatures.
What I am trying to figure out now, is how the whole thing should work? I
mean, I already have my device with LAN (local) Rendezvous enabled and
working fine. How can another client reach the services I am publishing if
he is outside my local area? The device service provider must register it
using DNS Update?
And to discover services outside the Local Area? The client need only to
perform a normal DNS query for that service using Unicast UDP?
Answer your questions:
>>What do you mean 'static' NAT? Do you mean static IP addresses and port
>>forwarding?
Yes, that is exactly what I meant.
Felipe
-----Original Message-----
From: Cameron Kerr [mailto:email@hidden]
Sent: Friday, November 12, 2004 2:03 PM
To: Felipe Bittencourt
Subject: Re: Rendezvous Wide Area
On 12/11/2004, at 2:24 PM, Felipe Bittencourt wrote:
> I am trying to study the Rendezvous for Wide Area Networks.
Rendezvous was not designed for a WAN, or even a multi-subnet LAN, as
it uses Link Local Multicast and thus cannot pass through routers.
However, that said, you should remember that Rendezvous is an
implementation of ZeroConf. ZeroConf is designed for networks without
infrastructure (certainly not Rendezvous).
Recall that ZeroConf contains three parts
1) Automatic address assignment, without DHCP. In an infrastructure
network, DHCP can be used (in fact, DHCP should be tried before using a
link-local address.
2) Name lookup without DNS. In Rendezvous, multicast DNS (mDNS) is
used, though there is no ratified protocol for this task for ZeroConf,
although I think mDNS is the most likely. In infrastructure networks,
mDNS (.local.) would be used instead. In a well-integrated system,
.local would be handled by the resolver library.
3) Service advertisement and discovery. In Rendezvous, DNS-SD is used,
although there is no ratified protocol for ZeroConf. DNS-SD does not
depend on mDNS, and can be used in either ad-hoc or infrastructure
networks.
> Since I am new
> to the TSIG and NAT-T protocols I was wondering if someone could
> provide me
> with more explanations about Rendezvous for Wide Area?
For more information about TSIG, look around for information regarding
DNSSEC (DNS Security).
NAT-T, AFAIK, is not a protocol, but a technique. In essence, it just
means that the client needs to use the routers public address instead
of its own when writing the address into the data-stream. Are you
thinking of the NAT-T facility in IPSec stacks?
> It would be nice to have some document explaning the whole thing...
> Some doubts that I already have are:
> 1- How can a service be discovered behind a NAT translator?
Best bet would be to use SLP (Service Location Protocol). In fact, Mac
OS X used SLP until 10.2(?). By the way, can anyone point to a reason
(preferably documentation) as to why they switched?
If you used SLP you could run a discovery agent (DA in SLP parlance)
either on the NAT router or through it using port forwarding, but this
would require two things
1) Addresses for advertised services would need to be changed (probably
using some special connection tracking module, or a patched DA)
2) Ports would need to be opened on the router, probably dynamically.
To do this, UPnP could be used, but only if a) the DA was patched to
act as a UPnP agent, and b) the router understood UPnP.
If you instead wanted to use DNS-SD, you would just need to open a port
to your DNS server. However, packets would need to be rewritten as they
go through the NAT. Even if you put the DNS server on the router, you
would still need to do this, and open ports on the router as new
services are added.
BTW, AFAIK, Mac OS X does not, at this time, support the use of unicast
DNS for use with DNS-SD as part of Rendezvous, which is quite
disappointing. (If anyone can point me to a document saying how to use
Rendezvous/DNS-SD on Mac OS X for infrastructure networks, I would love
to hear from you.)
> Do we need to use static NAT?
What do you mean 'static' NAT? Do you mean static IP addresses and port
forwarding?
--
Cameron Kerr
email@hidden; http://humbledown.org
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Rendezvous-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/rendezvous-dev/email@hidden
This email sent to email@hidden
