Nat type and Detection Method

The terms and functions of NAT (Network Address Translation) are not described here. If necessary, you can refer to the document peer-to-peer communication translation SS network address translators.

Address: http://www.bford.info/pub/net/p2pnat

Research on P2P communication method through NAT: http://www.ppcn.net/n4690c38.aspx

(Note: The Chinese documents have been translated into the four chapters of the original article, and the translation is very good. I would like to express my sincere thanks to this colleague for his hard work)

(It must also be noted that this article was written when I studied P2P Nat research. It can be said that it is another version, this is just to deepen your understanding of the technology, and to make an excerpt, no offense)

1. Nat type

Nat can be divided into many types, but the most common is traditional NAT, or external Nat. By default, external Nat only allows external sessions to pass through NAT. This is the most common situation.

This type of external Nat can be divided into basic Nat and napt (Network Address/port translation ).

1. Basic Nat

Basic Nat only converts IP addresses instead of ports. A basic Nat usually requires multiple public IP addresses to meet the needs of applications with the same port in multiple Intranet nodes.Program. This type of NAT device is not common because of its large limitations.

2. napt

(Note: endpoint indicates an IP address and port pair)

Unlike basic Nat, which only converts IP addresses, napt converts the entire endpoint. Since napt allows multiple nodes in the Intranet to share the same IP address, more and more napt-type NAT devices are available.

Napt can be further divided into the following four types:

(1) Full cone Nat)

Full-cone Nat creates an address ing session when the intranet user a (Private endpoint) sends data packets to the external host for the first time, and assigns a public address and port (Public endpoint) to user ), this public endpoint will be used for any data sent from A to the outside in the future. After that, any external host wants to communicate with A, as long as the packet is sent to the Public endpoint, A can receive smoothly.

(2) restrict cone NAT (restrict cone Nat)

Restrict cone-type Nat to create an address ing session when intranet user a (Private endpoint) sends data packets to the external host for the first time, and assign a public IP address and port (Public endpoint) to user ), this public endpoint will be used for any data packet sent from A to the outside in the future. After that, if an external host (endpoint IP: Port) wants to communicate with, as long as the data packet is sent to the Public endpoint and A has used the current session with Nat to send data to the IP address of the external host, a will be able to normally receive the external host (endpoint IP: Port) the sent data packet.

(3) Port restriction cone NAT (Port restrict cone Nat)

The port restriction cone creates an address ing session when intranet user a (Private endpoint) sends data packets to the external host for the first time, and assigns a public address and port (Public endpoint) to user ), this public endpoint will be used for any data sent from A to the outside in the future. After that, if an external host (endpoint IP: Port) wants to communicate with, as long as the data packet is sent to the Public endpoint and A has used the current session with Nat to send data to the endpoint of the external host, a will be able to normally receive the external host (endpoint IP: Port) the sent data packet.

(4) symmetric Nat)

Symmetric Nat is a special type of Nat. When the intranet user a (Private endpoint) sends data packets to the external host S1 for the first time, it creates address ing session session1 and assigns a public network address and port (Public endpoint1) to ), this public endpoint1 will be used for all data packets sent to S1. If a then uses the same socket to send data packets to the external host S2, symmetric Nat allocates an address ing session for it, assign a new public address and port pair (Public endpoint2) to a, and then use this public endpoint2 for all data packets sent to S2 by. Symmetric Nat requires that public endpoint1 and public endpoint2 must be different. In addition, if any external host wants to send data to a, it should first receive the data sent to a before sending it back, otherwise, even if he knows the public endpoint of the Intranet host, he cannot send data to. This kind of NAT can penetrate through the method such as port speculation, but the effect is not very good, it is difficult to achieve UDP-P2P communication.

 

Figure 1 Nat Type Structure

 

2. Nat Detection

Prerequisites: A server (s) that provides two public addresses (the communication addresses are set to endpoint1 and endpoint2 respectively) listens for UDP port data and responds to the customer's requirements; the user to be detected can perform UDP Communication normally.

Step 1. Check whether the host is behind Nat

To check whether the IP address is a public IP address, host a first sends any UDP packet to server s (endpoint1). After s receives the packet, use endpoint1 to compress the IP address and port of the packet header into a UDP feedback packet and send it to user. After receiving the feedback packet, a compares its own endpoint with the endpoint in the feedback packet. if the same is true, A is not located after any Nat. Otherwise, it is located after Nat, the specific type of NAT cannot be determined here.

Step 2. Check whether Nat is fully cone-shaped

To check whether the NAT is fully cone-shaped, after host a sends a UDP packet to server s (endpoint1, the server uses endpoint2 to compress the IP address and port of the packet header into a UDP feedback packet and send it to user. In addition, after sending a UDP packet, a starts listening on the port immediately and sets a maximum wait time to prevent infinite congestion (because receiving is a while loop ). In this case, if a does not receive a packet each time, it means that the NAT type of A is not completely cone-shaped. On the contrary, if a service packet is received, it means that the NAT type of A is fully restricted.

Step 3. Check whether Nat is symmetric

To check whether the NAT address is symmetric, host a sends a UDP packet to server s (endpoint1). After server s (endpoint1) receives the packet, use endpoint1 to compress the IP address and port of the packet header into a UDP feedback packet and send it to user. In addition, after sending data packets, A starts to listen on the port and receive data, and sets a maximum wait time to prevent infinite congestion (because receiving is a while loop ). At the same time, host a uses the same socket to send UDP data to server s (endpoint2), and endpoint2 sends a UDP feedback packet similar to the above. During the entire data receiving process of a, if the IP address and port of the received server feedback packet are different, Nat is symmetric. Otherwise, it is not.

Step 4. Check whether Nat is cone-type or port-type.

Finally, host a sends UDP packets to endpoint1 of service s to check whether the NAT address restricts the cone type or the port limit, the server uses the same IP address and different terminal numbers as endpoint1 to send the UDP feedback packet with a public endpoint of A to. In addition, a immediately listens to the port and receives data after sending the data packet, and sets a maximum wait time to prevent infinite congestion (because receiving is a while loop ). Repeat several times. If user a receives a packet from s during the whole process, the NAT is restricted; otherwise, the NAT is port restricted.