On 23/09/2009, at 2:49 AM, anorexicpoodle wrote:
I have been looking at this as well, and yes there are some advantages but you really have to have the need.
The good news:
- STUN will result in lower CPU on the SD since the keepalives dont need to be responded to. Chances are this will not be a factor. - Can be used when the customers endpoint is behind multiple layers of NAT, Acme HNT falls flat on its face in this environment.
I have endpoints behind multiple layers of NAT working fine. HNT finds the smallest pinhole existing on the NAT path.
- STUN mangled traffic will not trigger the broken ALG's in many newer home routers since it doesnt match the lan-side network any longer. If you have had the displeasure of experiencing these broken ALG's in customer routers (linksys, dlink etc etc), and the fact that they quite often cannot be disabled, it can lead to a very frustrating customer experience. Once again HNT and poorly implemented ALG's do not make for happy customers.
(..)