• Home

  • Documents

  • PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across...
67
Peer-to-Peer Communication Across Network Address Translators Bryan Ford – M.I.T. Pyda Srisuresh – Caymas Systems Dan Kegel – Ixia Communications J'fais des trous, des petits trous... toujours des petits trous – S. Gainsbourg USENIX – April 14, 2005

PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Embed Size (px)

Citation preview

Page 1: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Peer­to­Peer Communication Across Network Address Translators

Bryan Ford – M.I.T.Pyda Srisuresh – Caymas SystemsDan Kegel – Ixia Communications

J'fais des trous, des petits trous...toujours des petits trous

– S. Gainsbourg

USENIX – April 14, 2005

Page 2: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Network Address Translation (NAT)

HomeNetwork

Public Internet

Page 3: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Public Endpoint(AIP:Aport)

Public  Endpoint(SIP:Sport)

Network Address Translation (NAT)

HomeNetwork

Public Internet

Client A

Server S

Client A

Client B

Page 4: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Private Endpoint(BIP:Bport)

Public Endpoint(AIP:Aport)

Public  Endpoint(SIP:Sport)

Network Address Translation (NAT)

HomeNetwork

Public Internet

Client A

Server S

Client A

Client B

Page 5: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Private Endpoint(BIP:Bport)

Public Endpoint(AIP:Aport)

Public  Endpoint(SIP:Sport)

Network Address Translation (NAT)

HomeNetwork

Public Internet

Client A

Server S

Client A

Client B

Page 6: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

TemporaryPublic Endpoint

(TBIP:TBport)Home

NAT Router

Private Endpoint(BIP:Bport)

Public Endpoint(AIP:Aport)

Public  Endpoint(SIP:Sport)

Network Address Translation (NAT)

HomeNetwork

Public Internet

Client A

Server S

Client A

Client B

AddressTranslation

Page 7: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Public Endpoint(AIP:Aport)

Public  Endpoint(SIP:Sport)

Network Address Translation (NAT)

HomeNetwork

Public Internet

Client A

Server S

Client A

Client B

Page 8: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Private Endpoint(BIP:Bport)

Public Endpoint(AIP:Aport)

Public  Endpoint(SIP:Sport)

Network Address Translation (NAT)

HomeNetwork

Public Internet

Client A

Server S

Client A

Client B

Page 9: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Private Endpoint(BIP:Bport)

Public Endpoint(AIP:Aport)

Public  Endpoint(SIP:Sport)

Network Address Translation (NAT)

HomeNetwork

Public Internet

Client A

Server S

Client A

Client B

Page 10: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Network Address Translation (NAT)

ISP­Private Network HomeNetwork

  ISP­deployed  NAT

Public Internet

Public IP Addresses

Private IP Addresses

Page 11: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Network Address Translation (NAT)

NAT   NAT  

HomeNetwork

ISP­Private Network HomeNetwork

  ISP­deployed  NAT

Public Internet

Public IP Addresses

Private IP Addresses

HomeNetwork

Page 12: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT Router

Network Address Translation (NAT)

NAT   NAT  

HomeNetwork

ISP­Private Network HomeNetwork

  ISP­deployed  NAT

Public Internet

Public IP Addresses

Private IP Addresses

HomeNetwork

?

?

Page 13: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Demand for P2P Communication

Many compelling apps need P2P communication, not just “P2P apps”:

● Teleconferencing, Voice over IP (VoIP)● Multiplayer on­line games● Remote access/administration (e.g., ssh)

Page 14: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Outline

● The NAT Traversal Problem● UDP Hole Punching (not new)● TCP Hole Punching (quite new)● Multi­Level NAT Scenarios● NAT Compatibility with Hole Punching● Related Work

Page 15: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

UDP Hole Punching

Usage model assumptions:● Clients register with public “rendezvous server”

to become accessible to other clients● Application implements notion of “identity”

– Username, public key [HIP], etc.

● Rendezvous server facilitates P2P session setup,but does not participate in resulting P2P sessions

Page 16: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

UDP Hole Punching

NAT

HomeNetwork

Public Internet

Rendezvous Server S

NAT

HomeNetwork

Client A Client B

Page 17: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

UDP Hole Punching

(SIP:Sport)

NAT

HomeNetwork

Public Internet

Rendezvous Server S

NAT

HomeNetwork

Client A Client B

Page 18: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

HomeNetwork

Public Internet

Rendezvous Server S

(BIP:Bport)

NAT

HomeNetwork

Client A Client B

Page 19: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Page 20: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session B­S(TBIP:TBport) ⇔  (SIP:Sport)

Session A­S(TAIP:TAport) ⇔  (SIP:Sport)

Session A­S(AIP:Aport) ⇔  (SIP:Sport)

Session B­S(BIP:Bport) ⇔  (SIP:Sport)

Page 21: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

“Help me reach B”

Page 22: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

“B is at (TBIP:TBport)”

Page 23: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

“B is at (TBIP:TBport)”

Page 24: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

“B is at (TBIP:TBport)”

“A is at (TAIP:TAport)”

Page 25: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Page 26: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Page 27: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TAIP:TAport) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Page 28: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TAIP:TAport) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Page 29: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TAIP:TAport) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Page 30: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TAIP:TAport) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Page 31: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TAIP:TAport) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Session A­B(BIP:Bport) ⇔  (TAIP:TAport)

Page 32: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TAIP:TAport) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Session B­A(TBIP:TBport) ⇔  (TAIP:TAport)

Session A­B(BIP:Bport) ⇔  (TAIP:TAport)

Page 33: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TAIP:TAport) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Session A­B(BIP:Bport) ⇔  (TAIP:TAport)

Page 34: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching Gone Wrong

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­S(TAIP:TAport) ⇔  (SIP:Sport)

Session A­S(AIP:Aport) ⇔  (SIP:Sport)

Page 35: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TA2IP:TA2port) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching Gone Wrong

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Session A­S(TAIP:TAport) ⇔  (SIP:Sport)

Session A­S(AIP:Aport) ⇔  (SIP:Sport)

Page 36: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TA2IP:TA2port) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching Gone Wrong

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Session A­S(TAIP:TAport) ⇔  (SIP:Sport)

Session A­S(AIP:Aport) ⇔  (SIP:Sport)

Page 37: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Session A­B(TA2IP:TA2port) ⇔  (TBIP:TBport)

(TBIP:TBport)(TAIP:TAport)

UDP Hole Punching Gone Wrong

(AIP:Aport)

(SIP:Sport)

NAT

Rendezvous Server S

(BIP:Bport)

NAT

Client A Client B

Session A­B(AIP:Aport) ⇔  (TBIP:TBport)

Session A­S(TAIP:TAport) ⇔  (SIP:Sport)

Session A­S(AIP:Aport) ⇔  (SIP:Sport)

Page 38: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

TCP Hole Punching

TCP has always supported crucial feature● “Simultaneous TCP Open” [RFC 793]

Difficulties:● More ways for NATs to behave poorly● TCP sockets API oriented toward client/server

Page 39: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(SIP:Sport)

Page 40: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S Connect Socket to S

(BIP:Bport)

(SIP:Sport)

Page 41: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S Connect Socket to S

(BIP:Bport)

(SIP:Sport)

Page 42: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S Connect Socket to S

(BIP:Bport)

(SIP:Sport)

“Help me reach B”

Page 43: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S Connect Socket to S

(BIP:Bport)

(SIP:Sport)

“B is at (TBIP:TBport)”

“A is at (TAIP:TAport)”

Page 44: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S Connect Socket to S

(BIP:Bport)

(SIP:Sport)

Connect Socket to B

SYN

Page 45: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

(BIP:Bport)

(SIP:Sport)

SYNSYN

Connect Socket to A

Page 46: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

(BIP:Bport)

(SIP:Sport)

SYNSYN

Connect Socket to A

Page 47: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

(BIP:Bport)

(SIP:Sport)

SYNSYN

Connect Socket to A

Page 48: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

(BIP:Bport)

(SIP:Sport)

SYNSYN

Connect Socket to A

The Magic Socket Option:

SO_REUSEADDR

Page 49: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

Connect Socket to A

(BIP:Bport)

(SIP:Sport)

ACK

“Simultaneous TCP Open”

SYN SYN

ACK ACK

Page 50: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

Connect Socket to A

(BIP:Bport)

(SIP:Sport)

ACKACK

“Simultaneous TCP Open”

SYN SYN

ACK ACK

Page 51: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

TCP Hole Punching

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

Connect Socket to A

(BIP:Bport)

(SIP:Sport)

“Simultaneous TCP Open”

SYN SYN

ACK ACK

Page 52: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

Timing Caveat

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

(BIP:Bport)

(SIP:Sport)

SYN

Page 53: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

Timing Caveat

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

(BIP:Bport)

(SIP:Sport)

SYN

Page 54: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

Timing Caveat

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S

Connect Socket to B

Connect Socket to S

(BIP:Bport)

(SIP:Sport)

SYNRST

Page 55: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

Timing Solution

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S Connect Socket to S

(BIP:Bport)

(SIP:Sport)

Listen Socket Listen Socket

Page 56: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

Timing Solution

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S Connect Socket to S

(BIP:Bport)

(SIP:Sport)

Listen Socket Listen Socket

SYN

Connect Socket to B

Page 57: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

(TBIP:TBport)(TAIP:TAport)

Timing Solution

NAT

Rendezvous Server S

NAT

Client A Client B

(AIP:Aport)

Connect Socket to S Connect Socket to S

(BIP:Bport)

(SIP:Sport)

Listen Socket

Connect Socket to B

Listen Socket

“Normal TCP Open”

SYN

SYN­ACK

ACK

Page 58: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

TCP Hole Punching Gone Wrong

Potential problems:● Inconsistent endpoint translation

– Same as for UDP

● NAT could reject “unsolicited” incoming SYNswith RSTs or ICMP errs instead of just dropping– Connection failures, retry oscillation

● Buggy TCP state machine in host OS– Windows before XP SP2

Page 59: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT  

HomeNAT

Multi­Level NAT

HomeNetwork

ISP­Private Network

  ISP­deployed  NAT

Public Internet

HomeNetwork

Page 60: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT  

HomeNAT

Multi­Level NAT

HomeNetwork

ISP­Private Network

  ISP­deployed  NAT

Public Internet

HomeNetwork

Page 61: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

HomeNAT  

HomeNAT

Multi­Level NAT

HomeNetwork

ISP­Private Network

  ISP­deployed  NAT

Public Internet

HomeNetwork

Page 62: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Multi­Level NAT

HomeNAT  

HomeNAT

HomeNetwork

ISP­Private Network

  ISP­deployed  NAT

Public Internet

HomeNetwork

HairpinTranslation

Page 63: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

NAT Check

Tests hole punching “end­to­end” from user's host– Results reflect composition of all NAT(s) in path

– No isolation of contention­related “bad” behaviors

– No tests for “bad but semi­predictable” behaviors

More detailed tests of specific NATs elsewhere[Jennings–STUN, Guha–STUNT]

http://midcom­p2p.sourceforge.net/

Page 64: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Data Collection

Results submitted over Web by (self­selecting) community of volunteers– UDP: 380 data points

– TCP: 286 data points

Covers– NAT router hardware from 68 vendors

– NAT support in 8 popular operating systems

(Breakdown by vendor in paper)

Page 65: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Testing Results

UDP Hole Punching● 82% of NATs support● Most common NATs:

– Linksys  98% (45/46)

– Netgear  84% (31/37)

– Windows 94% (31/33)

– Linux  81% (26/32)

● Hairpin: 24%

TCP Hole Punching● 64% of NATs support● Most common NATs:

– Linksys  87% (33/38)

– Windows 52% (16/31)

– Netgear  63% (19/30)

– Linux  67% (16/24)

● Hairpin: 13%

Page 66: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Related Work

● UDP hole punching: [Kegel 1999]– Voice over IP: SIP/ICE [Rosenberg 2003]

● Asymmetric TCP hole punching– NUTSS, NATBLASTER, NatTrav

– Sometimes compensate for bad NAT behaviors,but more complex, timing­sensitive

● Proxy protocols– SOCKS, RSIP, MIDCOM, UpnP

require explicit NAT support, user setup

Page 67: PeertoPeer Communication Across Network Address Translators · PeertoPeer Communication Across Network Address Translators ... The NAT Traversal Problem ... [HIP] , etc. Rendezvous

Conclusion

● NAT is evil, but is here to stay● Hole punching enables practical, automatic 

traversal of majority of existing NATs● Compatibility good for UDP, tolerable for TCP, 

increasing with NAT vendor awareness(hint, hint)


THE NORTHWEST LINGUIST - Northwest Translators … AUTUMN 2010 THE NORTHWEST LINGUIST Northwest Translators and Interpreters Society A chapter of the American Translators Association

THE NORTHWEST LINGUIST - Northwest Translators … AUTUMN 2010 THE NORTHWEST LINGUIST Northwest Translators and Interpreters Society A chapter of the American Translators Association

Documents
Peer-to-Peer Communication Across Network Address Translators

Peer-to-Peer Communication Across Network Address Translators

Documents
SUBJECT: LANGUAGE TRANSLATORS YEAR/LANGUAGE TRANSLATORS/Unit 1.pdf · SUBJECT: LANGUAGE TRANSLATORS 1 RAJIV GANDHI COLLEGE OF ENGINEERING & TECHNOLOGY/ DEPT. ... Converts mnemonic

SUBJECT: LANGUAGE TRANSLATORS YEAR/LANGUAGE TRANSLATORS/Unit 1.pdf · SUBJECT: LANGUAGE TRANSLATORS 1 RAJIV GANDHI COLLEGE OF ENGINEERING & TECHNOLOGY/ DEPT. ... Converts mnemonic

Documents
old.nasscom.inold.nasscom.in/.../files/Linguavista_Profile_2015.docx · Web viewLinguavista provides services across 167 languages to over 100+ global businesses. With 2000+ translators,

old.nasscom.inold.nasscom.in/.../files/Linguavista_Profile_2015.docx · Web viewLinguavista provides services across 167 languages to over 100+ global businesses. With 2000+ translators,

Documents
The voice of associations of translators, interpreters … · INTERNATIONAL FEDERATION OF TRANSLATORS The voice of associations of translators, ... (Ingo Herzke, Annette Kopetzki,

The voice of associations of translators, interpreters … · INTERNATIONAL FEDERATION OF TRANSLATORS The voice of associations of translators, ... (Ingo Herzke, Annette Kopetzki,

Documents
Free tools for translators

Free tools for translators

Software
FOSS for Translators

FOSS for Translators

Business
SUBJECT: LANGUAGE TRANSLATORS › Notes › CSE › III YEAR › LANGUAGE TRANSLATORS › Unit 4.pdfSUBJECT: LANGUAGE TRANSLATORS 11 RAJIV GANDHI COLLEGE OF ENGINEERING & TECHNOLOGY

SUBJECT: LANGUAGE TRANSLATORS › Notes › CSE › III YEAR › LANGUAGE TRANSLATORS › Unit 4.pdfSUBJECT: LANGUAGE TRANSLATORS 11 RAJIV GANDHI COLLEGE OF ENGINEERING & TECHNOLOGY

Documents
Getting Started for Translators

Getting Started for Translators

Documents
Peer-to-Peer Communication Across Network Address Translators · 2005-03-14 · Peer-to-Peer Communication Across Network Address Translators Bryan Ford ... ready have active UDP

Peer-to-Peer Communication Across Network Address Translators · 2005-03-14 · Peer-to-Peer Communication Across Network Address Translators Bryan Ford ... ready have active UDP

Documents
The Voice of Interpreters and Translators · The Voice of Interpreters and Translators American Translators Association . o Largest professional association of translators and

The Voice of Interpreters and Translators · The Voice of Interpreters and Translators American Translators Association . o Largest professional association of translators and

Documents
Social media for translators

Social media for translators

Documents
4.1 three translators

4.1 three translators

Technology
PeerToPeer Professional Forum: Turning far flung staff and volunteers into a team

PeerToPeer Professional Forum: Turning far flung staff and volunteers into a team

Business
Guide to translators

Guide to translators

Business
5 reasons why machine translators can never replace human translators

5 reasons why machine translators can never replace human translators

Business
Corpora for Translators

Corpora for Translators

Documents
TAG Translators Manual

TAG Translators Manual

Documents
Indian Translators Association

Indian Translators Association

Documents
Peertopeer web hosting software - CORDIS · Ask it to the Quality Team 01. July 17th, Peertopeer web hosting software Overview Backend Web server Objective Alternatives Performance

Peertopeer web hosting software - CORDIS · Ask it to the Quality Team 01. July 17th, Peertopeer web hosting software Overview Backend Web server Objective Alternatives Performance

Documents
Interpreters 2. (Translators)

Interpreters 2. (Translators)

Documents
99translations For Translators

99translations For Translators

Technology
For Translators & Terminologists Gabriele Sauberer · 2014-06-17 · For Translators & Terminologists Gabriele Sauberer ... Active in standardization committees: ... translators &

For Translators & Terminologists Gabriele Sauberer · 2014-06-17 · For Translators & Terminologists Gabriele Sauberer ... Active in standardization committees: ... translators &

Documents
Hieronymic Oath for translators

Hieronymic Oath for translators

Education
Translators without Borders

Translators without Borders

Documents
Teambrella: A PeertoPeer Insurance System Abstract · Teambrella: A PeertoPeer Insurance System Alex Paperno alex.paperno@gmail.com Vlad Kravchuk vlad.kravchuk@gmail.com Eugene Porubaev

Teambrella: A PeertoPeer Insurance System Abstract · Teambrella: A PeertoPeer Insurance System Alex Paperno [email protected] Vlad Kravchuk [email protected] Eugene Porubaev

Documents
January 2012Volume XLI TheCHRONICLE Translators Association · 2015-10-06 · and Translators. American Translators Association 225 Reinekers Lane Suite 590 Alexandria, VA 22314 USA

January 2012Volume XLI TheCHRONICLE Translators Association · 2015-10-06 · and Translators. American Translators Association 225 Reinekers Lane Suite 590 Alexandria, VA 22314 USA

Documents
Translators Handbook

Translators Handbook

Documents
Gem translators company presentation

Gem translators company presentation

Business
India Lawyers Translators

India Lawyers Translators

Documents