Home > Others

Nat type and Detection Method

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

NatTypes and detection methods

The stun protocol is a client/server protocol. A large number of stun servers exist on the public network. You can run the stun client on your host to remotely connect to the stun server to confirm your network conditions.

The network of the client host can be divided into the following types:

1. Opened:That is, the host has a public IP address and does not have a firewall, so it can freely communicate with the outside.

2, full cone NAT:There is a NAT device in front of the host. The Nat rules are as follows: Packets sent from host UDP port a will correspond to port B of the NAT device's egress IP address, packets sent from any external address to UDP port B of the NAT device will be forwarded to host port.

3, restricted cone NAT:There is a NAT device in front of the host. The Nat rules are as follows: Packets sent from host UDP port a will correspond to port B of the NAT device's egress IP address, however, only the packet sent from the destination IP address of the previously sent packet to the UDP port B of the NAT device will be forwarded to host port.

4. Port restricted cone NAT:There is a NAT device in front of the host. The Nat rules are as follows: Packets sent from host UDP port a will correspond to port B of the NAT device's egress IP address, however, only the packet from the destination IP address/port of the previously sent packet from the host to the UDP port B of the NAT device will be forwarded to host port.

5. Hierarchical Ric UDP Firewall:There is no NAT device at the host exit, but there is a firewall, and the firewall rules are as follows: Keep the source address of the packet sent from host UDP port, however, only the packets sent from the destination IP address/port of the previously sent packet to port a of the host can pass the firewall.

6. Elastic Ric NAT:There is a NAT device in front of the host. The Nat rule is as follows: even if the packets are all sent from the UDP client a of the host, the NAT device will assign different outbound port B as long as the destination address is different.

7. Blocked:The firewall limits UDP communication.

 

1   ///   <Summary>
2 /// Specifies UDP network type.
3 ///   </Summary>
4 Public   Enum Stun_nettype
5 {
6 ///   <Summary>
7 /// UDP is always blocked.
8 ///   </Summary>
9 Udpblocked,
10
11 ///   <Summary>
12 /// No Nat, public ip, no firewall.
13 ///   </Summary>
14 Openinternet,
15
16 ///   <Summary>
17 /// No Nat, public ip, but cannot Ric UDP firewall.
18 ///   </Summary>
19 Symmetricudpfirewall,
20
21 ///   <Summary>
22 /// A full cone Nat is one where all requests from the same internal IP address and port are
23 /// Mapped to the same external IP address and port. Furthermore, any external host can send
24 /// A packet to the internal host, by sending a packet to the mapped external address.
25 ///   </Summary>
26 Fullcone,
27
28 ///   <Summary>
29 /// A restricted cone Nat is one where all requests from the same internal IP address and
30 /// Port are mapped to the same external IP address and port. Unlike a full cone Nat, an external
31 /// Host (with IP address X) can send a packet to the internal host only if the internal host
32 /// Had previusly sent a packet to IP address X.
33 ///   </Summary>
34 Restrictedcone,
35
36 ///   <Summary>
37 /// A port restricted cone Nat is like a restricted cone Nat, but the restriction
38 /// Specified des port numbers. Specifically, an external host can send a packet, with source IP
39 /// Address X and source port P, to the internal host only if the internal host had previusly
40 /// Sent a packet to IP address X and port p.
41 ///   </Summary>
42 Portrestrictedcone,
43
44 ///   <Summary>
45 /// A specified Ric Nat is one where all requests from the same internal IP address and port,
46 /// To a specific destination IP address and port, are mapped to the same external IP address and
47 /// Port. If the same host sends a packet with the same source address and port, but
48 /// A different destination, a different mapping is used. Furthermore, only the external host that
49 /// Es a packet can send a UDP packet back to the internal host.
50 ///   </Summary>
51 Symmetric
52 }

 

Test process

The stun server runs on the UDP protocol and has two fixed public addresses. It can complete the following functions:

1. Tell the stun client the public network address mapped by the NAT device.

2. According to the requirements of the stun client, send packets back to the client from different IP addresses or ports of the server.

How can I confirm the network type based on the functions provided by the stun server? Rfc3489 provides the following process:

This process can be summarized as follows:

1. The stun client sends a request to the stun server to obtain the NAT mapped address:

A. If no server reply is received, UDP is regarded as blocked by the firewall and cannot communicate. network type: blocked.

B. After receiving a response from the server, compare it with the local address. If the address is the same, the system considers that there is no NAT device. if the address is the same, the system proceeds to Step 3. Otherwise, the system considers that there is a NAT device.

2. (No NAT device has been confirmed) the stun client sends a request to the stun server, requesting the server to reply to the client from another IP address and port:

A. if the server cannot receive a reply from another IP address, it is deemed that the packet is blocked by the front-end firewall. The network type is hierarchical Ric UDP firewall.

B. The client is considered to be in an open network. The network type is opened.

3. The stun client sends a request to the stun server, requesting the server to reply to the client from another IP address and port:

A. if the server cannot receive a reply from another IP address, the system considers that the packet is blocked by the front-end NAT device and enters step 2.

B. If yes, the NAT device type is full cone, that is, the network type is full cone Nat.

4. The stun client sends a request to another IP address of the stun server, requesting that the address mapped by Nat be obtained and comparing it:

A. If the addresses are not the same, the network type is Nat.

B. Restricted Nat is considered as the same. Go to Step 1 to confirm the type.

5. (The restricted NAT device has been confirmed) the stun client sends a request to the stun server, requesting the server to reply to the client from other ports with the same IP address:

A. The server cannot receive a response from another port address. It is considered that the packet is blocked by the Front NAT device. The network type is port restricted cone Nat.

B. The network type is restricted cone Nat.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
mime type detection get method and post method class method and instance method return type for method missing free spyware detection and removal get and post method mix and split method

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More