[Server-devel] Global collaboration, Jabber federation, and NAT

[Benjamin M. Schwartz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At the mini-conference, I was told that there were problems achieving
global collaboration by federating the schools' jabber servers.  The
schools turn out to be behind NAT, and are not globally routable by IPv4,
and there is not enough bandwidth in the network to tunnel all traffic
through a center node at the Ministry of Education.

I asked about this problem on JDev, a Jabber development list, and got a
reply:

Alexander Gnauck wrote:
| Benjamin M. Schwartz schrieb:
|> Unfortunately, it is possible that multiple school
|> servers will be using different ports on the same global IPv4 address.
|> The result would be multiple servers with the same IP address.  I imagine
|> that this breaks s2s, since the XMPP standard seems to demand that
|> servers' names be unique, and either IP addresses or DNS names.
|
| the XMPP domain of your server must be unique. So you could have xmpp
| domains like:
|
| server001.school.org
| server002.school.org
| ...
| server100.school.org
|
| if you setup SRV records for all this domains you should be fine. In the
| srv record you specify the s2s and c2s ports.

This appears to be a good point.  SRV records, generated dynamically,
would seem to solve the routing problem for certain kinds of NAT.
Specifically, it seems that it should work for most kinds of NAT except
Symmetric NAT.  With Symmetric NAT, we have no choice but to route all
traffic through some globally routable server.

- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH/M5OUJT6e6HFtqQRAp7DAJ9GGZgdPmPM5K0CecRoG97pIIcU8QCghfur
IxcRulZu9XvVz/VK2Z+SwQ4=
=UVjn
-----END PGP SIGNATURE-----