UDP behind NAT

There are challenges when communicating through NAT.
1. client is behind NAT. It doesn’t know it’s own public IP, which is needed by, e.g. RTSP
The public IP can be learned from STUN server.
2. server is behind NAT. No private-to-public port map in NAT initially.
server talks to STUN to establish the map, and STUN tells client server’s public IP-port.
With STUN, for both restricted and unrestricted NAT, two hosts can talk to each other directly.
TCP is not discussed here, which is more complicated.

A few words on NAT type:
Cone: one private IP-port maps to one public IP-port, when talking to multiple destinations
Symmetric: one private IP-port maps to different public IP-port pairs for different destinations

Communication cannot be established if both A and B are behind symmetric NAT, because neither A nor B and the STUN server can possibly know B’s pubic port number.


Start code in PES

There are two types of start code in H.264 PES preceding each NALU: the three byte and four byte version; I call them 001 and 0001 for short.
It has been confusing me for years and I am still not clear of when to use one over the other.
Some say 0001 is used before the first NALU in a coded video sequence. However, based on my test, most NALUs are preceded with 0001, the four byte version, regardless of the NALU’s type and location.
I examined three .h264 files, Party.h264 from my IP camera, Gym2017bshort.h264 from my Nexus phone camera, BengSi.h264 from a flash file.
For all three, vast majority of NALUs are preceded with 0001. Very few are preceded with 001, for example, SEI and first I-slice start with 001.
Sample files:


Auto start with systemd

Three standards to start a program upon boot:
1. System V aka sysV classic init: up to Ubuntu 9.04
2. Upstart: for Ubuntu 9.10 to 14.10
3. systemd Ubuntu 15.04 and higher
This is Ubuntu 18.04 LTS running on AWS ec2 m5, systemd, using sshd service as example.
Current runlevel is 5, as seen by $runlevel, and it’s mapped to graphical.target as seen by $ls -l /lib/systemd/system/runlevel5.target and can be confirmed by $systemctl get-default
Not sure why it’s defaulted to graphic as this system doesn’t even have graphics installed.
Both symbol links, /etc/systemd/system/sshd.service and /etc/systemd/system/multi-user.target.wants/ssh.service points to /lib/systemd/system/ssh.service
To enable a service, create such a link, which can be achieved by:
sudo systemctl enable sshd.service
How rc.local works:
/lib/systemd/system/rc.local.service -> /lib/systemd/system/rc-local.service
“ExecStart=/etc/rc.local start” is in rc-local.service
There is no symbol link of rc.local in /etc/systemd/ because it’s pulled by /lib/systemd/system-generators/systemd-rc-local-generator automatically, which is binary.

Setup CDN on DNS

Depending on how much control given to CDN provider, most to least, here are the four config options.
Assumption: we are the video content provider and our server domain name is awsq.MaxxSports.cc
1. Redirect to CDN’s domain name with CNAME
2. Change my DNS so that it uses CDN’s Nameservers to resolve awsq.MaxxSports.cc
3. By A record, let awsq.MaxxSports.cc point to CDN’s IP.
4. Use a separate domain name for CDN access, e.g. d2t4kyunpgtwxc.cloudfront.net

More details for the four options, with the same numbering.
1. we have least control, since all our DNS does is just a redirection. This is the setup of Tencent CDN, like *.cdn.dnsv1.com
2. CDN has much control. For requests of awsq.MaxxSports.cc, CDN decides which IP to resolve to, e.g. depending on each user’s geographic location.
Taking CloudFlare as an example, after login at https://dash.cloudflare.com/login, it asks to update my DNS settng at enom.com with those nameservers: scott.ns.cloudflare.com venus.ns.cloudflare.com
Since multiple domain names could share one CDN’s IP, users can only access http://awsq.MaxxSports.cc by domain name, instead of direct IP.
3. since the A record is maintained at my DNS, namely enom.com, I know the CDN’s IP my domain name is mapped to. This is not good as we loses the ability to dynamically map domain name to different IPs in different country for example.
4. this is the setup we use for our streaming server, e.g. d2t4kyunpgtwxc.cloudfront.net. Requests for awsq.MaxxSports.cc go to our original server, and requests for d2t4kyunpgtwxc.cloudfront.net go to our CDN servers.