On 22-07-11 06:23, Peter Firmstone wrote:
You're right about allowing for local connection paths for TURN, I wonder how we can tell we've got the right local subnet.
Indeed. You need an external identity for your exported endpoint usable from the outside, and an internal identity for the inside connections, or a symbolic identity that resolves to the internal address or outside proxy address. This excludes solutions based on internal address network part matching, because 2 NAT islands using the same private-net address should be able to communicate to each other.
A UUID based solution would be a solution where an ServerEndpoint can establish identity without first connecting a identity service on the internet. If and only if a ServerEndpoint has internet access, it could then register its identity on the same internet server that serves as a proxy. If the same channel is used, the registration attempt can also be used to determine part or all of the external address.
What this boils down to possibly, is a lookup service with a replicatable database with mappings from UUID to address, with shorter TTLs than any DNS service.
Maybe we could build a symbolic address composed of {net-uuid,host-uuid}. With a fixed net-uuid for the internet.
Gr. Sim -- QCG, Software voor het MKB, 071-5890970, http://www.qcg.nl Quality Consultancy Group b.v., Leiderdorp, Kvk Den Haag: 28088397
