NUTSS is a network architecture that uses signaling before establishing the data channel. The goal is to enable middle boxes like firewalls and NATs, which can intercept the signals to discover the intent of the connection. The middle boxes can then facilitate the connection setup, or enforce other policies. While the data channel is a direct TCP/IP connection between two IP addresses and ports, the signaling is through SIP, which uses stable endpoint identifiers for routing.
NUTSS stands for its constituent components -- NAT that effectively extends the IP address space, URIs that restore end-to-end stable addressing, Tunnels that allow protocols like IPsec and mobile IP to run through NATs, SIP that routes messages with URIs, end-to-end, and lets hosts signal their intentions to each other and to middle boxes in real time, and lastly STUNT that tells how to establish direct IP connectivity through NATs.
Getting and Using NUTSS
NUTSS is currently beta-quality software. It is useable, and works in internal testing. We welcome developers who wish to use NUTSS, and can offer limited support. To get started, read the install directions. You should also have a look at our high-level manpage-style guide to using NUTSS. Further API documentation is available here. We also have a FAQ list.
And of course, you are welcome to write us with any questions.
Tyler Steele, Undergraduate Research Assistant
Ariel Rabkin, Graduate Research Assistant
Paul Francis, Professor
Sometime in 2007
Code for this project is no longer maintained, and is released to the public domain. The NAT testing and classification server, however, will continue to operate. The concepts behind this work are being rolled in ICE-TCP, which we expect will find it's way into various open-source libraries such as PJNatH and libJingle. Feel free to contact Saikat if you have general questions about TCP NAT traversal.
Apr 29, 2007
First release of libnutss (version 0.1.0) is now available! Source and binaries are available in the download section. Start by going through the documentation and example programs. Builds and runs under GNU/Linux and Windows. Currently provides C bindings, but JAVA bindings are slated for the next release.
Jan 19, 2007
We are currently in the process of releasing a production quality NUTSS (and STUNT) library for Windows and Linux with bindings in various languages include C/C++/Java etc. Please stay tuned.
Jun 24, 2006
The NUTSS Wiki provides a forum to collaborate on architectural issues in NUTSS.
Jun 09, 2006
Path-decoupled Signaling for Data (offpath) BoF will be held at the 66th IETF (Montreal). Details.
Apr 27, 2006
We have completed our proof-of-concept design and implementation of a secure Internet Architecture based on NUTSS, and have compiled a writeup for publication. View the PDF or the HTML versions.
Oct 25, 2005
The idea of using NUTSS to create a secure Internet has been proposed at a work-in-progress session at SOSP'05. View the PDF.
Aug 26, 2004
An initial design of NUTSS and its use in traversing NAT/firewalls has been published at FDNA'04. View the PDF.
Dec 23, 2003
A short article introducing NUTSS has been published in IEEE Internet Computing. View the PDF.