In Windows XP, it is used together with NAT traversal and "Universal Plug and Play", which brings great convenience.

Document directory

• Client
• Output data packets on the NAT device
• Server
• Input packets on the NAT device
• Internal Network Services
• Embedded address or port
• Applications using distributed sockets
• Required port available
• Multiple Nat
• NAT traversal API

In Windows XP, it is used together with NAT traversal and "Universal Plug and Play", which brings great convenience.

As more and more families and small enterprises add computers, they will find that the network is a very powerful computer resource sharing tool. Internet connection is one of the more precious resources on the network and may be shared. To share Internet connections and use a low-cost, easy-to-manage home or small office network, you need to deploy Internet gateways. Internet gateway usually uses NAT (Network Address Translation) as a way to connect multiple hosts to the Internet to share a single public IP address. However, unfortunately, this solution can disrupt multiple network applications. We will describe this in this article.

The existing NAT traversal technology allows network applications to detect whether local NAT devices exist. After detection, the application immediately configures Nat and defines the corresponding ing to solve the compatibility problem.

This article is an overview article. It will briefly introduce network application users and developers to Nat, introduce how to identify common Nat problems, and introduce how the application uses NAT traversal to solve these problems. Detailed technical information about the NAT traversal API provided in Windows is expected to be available in the Windows platform SDK in the early summer of 2001. It is recommended that developers check these resources to learn more about how to make full use of these new operating system features (which have been extended to a third-party gateway device.

NAT traversal relies on NAT devices that support UPnP (generic Plug and Play). Its definition is provided by Internet gateway device working committee of the UPnP forum. For more information about UPnP, see the UPnP web site. The detailed information is provided in the parts of the UPnP website that are only accessible to members.

UPnP and NAT traversal are important functions of Internet gateway devices and need to be confirmed. For users who purchase or lease Internet gateway devices of service providers, we strongly recommend that you only use those devices that provide UPnP support for NAT traversal, this is because this feature is critical to meeting users, reducing support costs, and using more innovative services and applications.

For the gateway device manufacturer, adding the UPnP support for NAT traversal to the Internet gateway device is not complex, and the cost is not high, so it does not take a lot of time. By using UPnP (which is already based on Internet standards and protocols), Internet gateway device manufacturers can solve the NAT traversal problem and extend its advantages to most applications that pass through the device. This is in stark contrast to the one-time solution that many application developers or gateway device manufacturers have to provide to solve the above problems. This document is not intended to provide detailed guidance to hardware manufacturers who want to implement NAT traversal in Internet gateway devices. For more information, see the UPnP Forum web site.

Understanding the Windows architecture, network, and UPnP is helpful for you to fully understand this article, but it is not necessary.

What is Nat?

Network Address Translation (NAT) is an Internet Engineering Task Force (IETF) standard used to allow multiple PCs on a private network (using a dedicated address range, for example, 10.0.x.x, 192.168.x.x, 172. x. x. x) share an IPv4 address that can be globally routed. One of the main causes of frequent Nat deployment is the shortage of IPv4 addresses. Internet Connection Sharing in Windows XP and Windows ME and many Internet gateway devices use NAT, especially when connecting to a broadband network through a DSL or cable modem.

Nat is a temporary solution for resolving IPv4 address consumption problems (but it is not necessary in IPv6 deployment) Despite its timely effectiveness. The IPv4 address consumption problem is already serious in Asia and other parts of the world, and is becoming a concern in North America. This is why we have been paying attention to using IPV6 for a long time to overcome this problem.

In addition to reducing the required IPv4 address, because all hosts outside the private network monitor communication through a shared IP address, Nat also provides a hidden layer for the private network. Nat is different from a firewall or proxy server, but it is indeed beneficial to security.

Figure 1: network example of using a NAT device for Internet communication. A pc can be a NAT device, just like a solid-state cable or DSL modem.

General Nat operations

Clients after a NAT device are usually allocated to a dedicated IP address through DHCP (Dynamic Host Configuration Protocol), or configured statically by the Administrator. During communication outside the private network, the following things usually happen.

Client

When an application wants to communicate with the server, it opens the socket associated with the source IP address, source port, target IP address, target port, and network protocol. In this way, we can identify the two endpoints required for communication. When the application uses this socket to transmit information, the client's dedicated IP address (source IP address) and Port (source port) will be inserted into the source field of the data packet. The destination field of the data packet will contain the Server IP address (remote host-destination IP address) and port. Because the destination of the data packet is outside the private network, the client forwards the data packet to the default gateway. In this case, the default gateway is a NAT device.

Output data packets on the NAT device

The NAT device intercepts the output packet and then uses the target IP address (server), target port, external IP address of the NAT device, external port, network protocol, and internal IP address and port of the client to create port ing.

The NAT device maintains a table composed of these mappings and stores the port ing in the table. The external IP address and port are the public IP addresses and ports used for data communication to replace the internal client IP address and port.

The NAT device then converts the Source Field of the packet from the private IP address and port of the client to the public IP address and port of the NAT device to convert these packets.

Then, the data packet will be sent through the external network and eventually reach the target server.

Figure 2: output data packet conversion example.

Server

When the server receives a packet, it considers itself communicating with a computer with a globally routed IP address. It uses the IP address and port in its source field to direct the response packet to the external IP address and port of the NAT device.

Input packets on the NAT device

Nat receives these packets from the server, and then compares the packets with the port ing table. If Nat finds that the remote host IP address, remote port, external port, and network protocol mapped to a port matches the source IP address, source port, target port, and network protocol of the input packet, nat performs reverse conversion. Nat replaces the external IP address and external port in the target field of the data packet with the private IP address and internal port of the client.

Then, Nat sends packets from the internal network to the client. However, if Nat cannot find the corresponding port ing, it will discard the input packet and interrupt the connection.

The role of NAT is that the client can communicate with a dedicated IP address on the global Internet, but the application or client does not need to do any extra work. This means that the application does not have to call other APIs, and the client does not have to perform other configurations. In this case, Nat is transparent to client and server applications-all objects can work normally.

However, not all network applications use protocols that can work with Nat. This is the problem.

FAQs between NAT and Applications

If the client uses the same port when starting the connection and receiving the reply, it is okay for the client to use NAT to share a single IP address that can be globally routed. However, the assumptions of policies used by many applications do not apply when the NAT device is used to connect to the Internet. Here we will discuss some of the issues.

Internal Network Services

Many network services or servers assume that all clients on the Internet can be connected to a listener socket. However, when there is a NAT device on the edge of the network, Nat requires port ing to forward input communication to services on the internal network. Therefore, this service is only valid for clients on the private network. It is unavailable for the rest of the Internet.

The most common solution to this problem is to manually configure port ing so that the NAT device forwards the communication directed to a specific Nat external IP address and port to the internal IP address and port used by the Service.

With this port ing, the service can receive input data packets so that the service can be used by clients outside the private network. The network is disconnected before Port ing is established.

Manual configuration of the ing process is usually complicated and requires more experienced users to correctly configure the ing. Therefore, unless you contact your own broadband Internet service provider, PC manufacturer, retailer, or Internet gateway manufacturer's customer service center to find the root cause and solution of the problem, otherwise, many general users or small enterprise users will not be able to use the required applications or services. In this case, the ing is not strict: many external clients can use this ing to connect to the server.

Embedded address or port

Some network applications assume that the IP address and port allocated by the client can always be globally routed and can be used directly on the Internet. In many cases, they are private IP addresses within the reserved IP address range of the IETF. The application will include this private IP address or port in the load of the data packet sent to the server. The server can use the embedded address as the address used to contact the client.

If the server tries to reply with an Embedded IP address and port instead of the ing address and port provided by Nat, the system will discard the packet. This is because the Embedded IP address cannot be routed. If the network application can find the NAT device and retrieve the external IP address to be used and the external port ing, the application can embed the correct information in the data packet.

Applications using distributed sockets

Some network applications use portsXThe socket on sends communication information to the server or peer computer, and then waits for the server's communication information to receive the portY. Nat monitors output communication and serves as a portXCreates a port ing, but does not address the portY. Addressing to PortYWill be discarded.

Required port available

Some Network Protocols assume that there are always known ports available for global routing. When multiple clients share IP addresses, only one client can use a known port each time. For example, each time only one web service can use port 80 on the local network. Otherwise, the NAT device cannot determine the client to which the external request applies. Some special measures must be taken even if multiple clients can be found outside the local network with the help of the user who configures port ing.

Multiple Nat

If the client is behind a NAT address, the problem is beyond the scope of this article.

Impact on users and industries

The last section describes the technical issues related to NAT traversal. From the user's perspective, the impact is relatively simple: people can no longer use services or applications that are subject to Nat interference.

Nowadays, most users do not even realize that they have become victims of such Nat problems. They only know that they cannot play or use it when they try to play multiple games or use peer-to-peer applications (such as real-time communication) or some other applications. They may see error messages like "unable to connect" on the PC, or the program fails when trying to use the application.

Sometimes, users with dial-up modem Internet connections do not encounter the above problems when using the dial-up modem. However, a user fails when registering a broadband service and using a DSL or cable modem device with Nat. In the case of fast Internet connections, these users are particularly troubled by Nat problems: they will suddenly prohibit users from playing games or using other services.

This will cause user dissatisfaction and pass the dissatisfaction to the PC manufacturer, ISP, Internet gateway manufacturer, or other party. Generally, users do not know the root cause of the problem, and technical support personnel do not always know how to solve the problem by phone.

This is not only a user issue. It also becomes a problem for manufacturers who provide products and services to users. When users try to solve these problems caused by Nat, they will call the support phone number, and this part of the cost will reduce the profit of the manufacturer or retailer, or even make it profit-free. These problems may lead to user dissatisfaction with the trial service, thus reducing some users's interest in subsequent new services or applications. Therefore, Nat may impede the launch and use of other innovative products/services.

In view of the above factors, solving the NAT problem has become an important task in the industry.

What is NAT traversal?

NAT traversal is a set of features that allow network applications to identify themselves behind a NAT device and obtain an external IP address, and Configure port ing to forward packets from the NAT external port to the internal port used by the application, and all these are automatically completed, therefore, you do not need to manually configure port ing or other similar aspects.

Compared with other methods currently used for specific applications, this is indeed a more comprehensive solution to the connection problem caused by Nat. Some of the dedicated solutions currently require users to have certain technical knowledge, some require application developers or Internet gateway manufacturers to carry out specialized development work, and some require the above two aspects.

Although NAT traversal can solve some nat problems, it is not omnipotent and cannot solve all the problems. This automatic NAT traversal represents an important step in improving user satisfaction, reducing the number of calls supported by users, and supporting new and creative services and applications, especially for the home network environment.

NAT traversal should be considered as a processing mechanism to be used when needed, rather than playing a role in all circumstances. In IPv6, each client has an IP address that can be globally routed, so Nat and NAT traversal are no longer required. There are various predictions about how long IPv6 can be deployed in general. The industry (including Microsoft) has invested heavily in IPv6, but in the current and future years, the NAT traversal solution described later in this article is of great significance to general users and small-sized enterprise users who want to solve Nat problems.

NAT traversal operation

NAT traversal relies on the discovery and Control Protocol as part of the UPnP Forum specification. The UPnP Forum has a working committee responsible for defining control protocols for Internet gateway devices and services for these devices.

An Internet gateway device that supports the basic elements of the Internet gateway device control protocol can declare its own existence to the control point on the LAN and publish an XML Description document. Using these XML descriptions, the control point can be used to determine whether Internet gateway supports Nat, obtain the external IP address of NAT, and call the UPnP operation when creating port ing.

The NAT traversal API in Windows extracts the requirements for using UPnP directly, and provides interfaces for detecting, managing, and configuring NAT devices.

NAT traversal API

When a network application needs to check whether a NAT device exists and adjust the behavior of the device, the application can use the NAT traversal API provided in Windows (the full record is in the Platform SDK) to implement the following functions:

• Check whether Nat exists.
• Obtain the external IP address of the nat.
• Obtain the static port ing information of a specific external port (if mapped ).
• Add static port ing (unless an external port is allocated ).
• Enable or disable specific port ing without deleting
• Friendly description for editing static port ing
• Delete static port ing
• Obtain the static port ing list of the LAN.

With these features, applications can solve many problems caused by Nat. Note: The Windows NAT traversal API currently only supports port ing within a limited period of time. Otherwise, it is called static port ing.

NAT traversal API in Windows XP

By default, the NAT traversal API is installed in Windows XP. These APIs can also be installed on computers running Windows ME and Windows 98 by using a tool named "Network Installation Wizard" on Windows xp cd. To support additional XML analysis programs, the NAT traversal API also requires the installation of Internet Explorer 6.0.

NAT traversal is currently not supported in Windows 2000.

Internet gateway supports NAT traversal

Internet gateway's support for NAT traversal is achieved by supporting the Internet gateway device (IGD) specification defined by Internet gateway working committee in the general plug-and-play forum. Gateway manufacturers should also note that the NAT traversal API in Windows makes the following assumptions about IgD:

• IgD declares only one external interface at a time. Although the Internet gateway device is technically allowed to declare multiple external interfaces, the NAT traversal API only uses the first one.
• IgD supports port ing that allows any remote IP address to send packets to internal clients.
• IgD supports port ing with broadcast addresses (column as clients)
• The number of NAT external ports supported by IgD is different from the number of internal ports of the client.
• IgD declares version 1.
• Static port ing (or port ing with an unlimited duration) will exist indefinitely. Static port ing cannot be removed even when the system is restarted, the IP address is changed, or a client is present on the server.

During the writing process, several industry-leading manufacturers have announced that they will provide Internet gateway devices that support these UPnP methods and can work with the Windows NAT traversal API in 2001. This is an important step for the industry and users.

As more and more Internet gateway device manufacturers recognize the advantages of using UPnP to solve the above problems, as more general users and small enterprise users become aware of NAT-related problems and the powerful features of these NAT traversal solutions that support UPnP, providing UPnP support for NAT traversal is expected to be a verification item for such devices or a prerequisite for entry into the market.

Internet gateway manufacturers should join the UPnP forum to learn how to make their Internet gateway devices comply with UPnP standards.

It should be noted that "Internet Connection Sharing" on Windows XP supports the UPnP IgD standard version 0.9. Version 1.0 is expected to be compatible with version 0.9.

How does an application use NAT traversal?

The way the application uses NAT traversal is related to multiple factors, including the expected lifetime of port ing and whether the port is used by multiple clients or services. Applications should clear all static port mappings they have created to prevent isolated mappings and ports from being exhausted by other applications.

If an application is a network service (such as a web server) that requires a known port during its lifetime, its installer can use the NAT traversal API to configure a static port ing. Assuming that other applications, network administrators, and network topologies remain unchanged, and the purge mechanism remains unchanged, the external client can connect to the server within the service life period. The application uninstall service will delete the ing. If a crash occurs, static port ing will still exist even if the service does not exist. If the external IP address changes, the static port ing automatically obtains the changed content.

If the application is not always running, or the trust in maintaining its static port ing for the network is reduced, it can retain a known port at each start and restore resources at each close. This can be achieved by running a parallel script. As an alternative to adding and deleting port ing, applications can enable and disable ing as needed. The application can also retain static port ing at all times, and only refresh the ing each time it is enabled.

Similarly, if the external IP address changes, the static port ing will automatically obtain the changed content.

If multiple applications of different clients on the VPC use the same internal port number, the application requires modifications to support running of multiple clients. Only one client can use the internal port number mapped to the external port. We recommend that you use the first client. The number of internal ports requested by other clients is different from the number of external ports for Asymmetric port ing.

There is a special case: multiple clients can listen to the same external port, and the only purpose is to be discovered by the remote host. The input data packet can be converted to the broadcast address that uses the internal client IP address, rather than the specified client address. The client that listens to this port can reply by starting the connection between itself and the remote host. We recommend that you do not use this scheme in general, because the incoming packets to this address will be received by all clients on the network and will in turn affect them.

If the service needs to listen to a random port for a short time, it should request a static port ing in the application, instead of using a script. When the service ends, it should be cleared (the ing should be deleted ). The application should keep a record of its own unique port ing. In this way, if the application does not close the ing when it crashes, you can retrieve the necessary information required to remove the port ing at the next startup.

If the application does not clear the port ing when it leaves the network, the ing is retained, and the clearing task falls on the user's body. Currently, there is no clearing Mechanism in windows, because it is difficult to determine that the application no longer uses the ing time.

Limitations of NAT traversal

Although NAT traversal can solve a variety of problems related to the connection through the NAT device, there are also problems that NAT traversal cannot solve and the problems caused by it. These problems include:

• NAT traversal uses open trust mode. This means that all applications on the private network can access all port ing on the nat. Although this can increase the flexibility of multi-point management, the application will lose the unique possession of its ing.
• The application will be responsible for resolving conflicts. If the application attempts to map a port that has been mapped to another client, it is responsible for finding another port or rewriting the application.
• NAT traversal cannot solve the problem of distributing private addresses by the ISP and using NAT for client connection. In this case, Nat is located outside the Internet gateway device and is actually located inside the network of the service provider. If the nat on the client network is behind another Nat of the same type, NAT traversal in the home or small enterprise will fail. Therefore, it is recommended that Internet service providers do not deploy Nat in their own networks.
• It is not costly for the application to obtain NAT traversal. They must be modified at the same time to call the API, or with the script to provide a solution. This is still controllable for most developers, especially when these NAT traversal mechanisms are incorporated into the application, the application can automatically work with multiple Internet gateway devices.
• After port ing is used, the application is responsible for clearing the port. Static ing exists indefinitely. It is best to use a service that intends to listen to known ports throughout the application life.
• The Internet gateway that provides NAT must support generic plug-and-play Internet gateway (at least version 0.9 ).

Conclusion

Nat is a solution recognized by IETF for IPv4 namespace consumption. Internet gateways that use NAT are often used in small and medium-sized enterprises. They are used because they are cheap, easy to manage, and do not require users to install special software.

The disadvantage of using NAT is that it can disrupt many chat, multi-player games, and peer applications. This is because their network protocol's assumptions about the network architecture are no longer true.

NAT traversal provides an application with a way to find a NAT device, find a shared IP address that can be globally routed, and configure static port ing to solve some connection problems. The NAT traversal solution cannot solve all problems related to Nat, but can alleviate some problems.

The main conclusions of this article are:

• Internet gateway device manufacturers should support UPnP in their own devices to support NAT traversal.
• Network application developers should use the Windows NAT traversal API to detect the existence of NAT and allow their applications to pass through NAT if necessary.
• Users should use Internet gateway devices that support UPnP and NAT traversal to ensure the best application performance.
• Service providers of DSL and cable modem should designate, sell, and lease Internet gateway devices that provide UPnP support for NAT traversal.

Some forms of NAT traversal will continue to exist until IPv6.