P2P penetration UDP/tcp

Source: Internet
Author: User

The emergence of NAT solves the problem of IPv4 32-bit address insufficiency in a sense, and also hides the internal network structure of IPv4. NAT device (NAT, also known as middleware) isolates the internal network from the external network, and allows internal hosts to use an independent IP address, these addresses can be dynamically translated for each connection. In addition, when the internal host communicates with the external host, the NAT device must allocate a unique port number for it and connect it to the same address and port (target host ). Another feature of NAT is that it only allows internal connection requests. It rejects all external connections not initiated internally, because it does not know which host to forward the connection. 
P2P networks are becoming increasingly popular. Although P2P file sharing software has triggered many competition sites, such as between nepster and KaZaa, there are still many useful and legal P2P software, such as instant message sharing and file sharing. Another P2P Program is an openhash project that provides the public with an available distributed Hash table. Many applications have developed it based on it, for example, many instant messaging software and reliable CD tag libraries. 
Unfortunately, two hosts behind different NAT cannot establish a TCP connection, because both of them allow only outgoing connections. The Nat seller has developed the port ing function for the NAT device to solve this problem. The Nat administrator can use port ing to specify ports for hosts that need to accept connection requests not initiated internally. However, this solution also requires many other support based on the situation. This method is restricted when some servers need to dynamically allocate ports. Besides, this method is useless if users do not have the permission or do not know how to enter the NAT device to specify port ing for them. 
The P2P protocol has already elaborated on a few common methods. The first technology that can be used by the P2P protocol is: those programs that cannot be used as servers receive messages from the requestor and initiate a connection with the request owner. This situation only applies when only one party is behind Nat. The second common method is to obtain the proxy route data that can be connected by both hosts. However, this method is too inefficient for the hosts behind the two Nat servers, because all data must go through the proxy. Other related technologies will be discussed in Part 3. 
Our goal is to find a solution that allows two hosts after Nat to directly establish TCP connections. In particular, we have developed several solutions for networks that support port distribution, Nat, and LSR routing. Our method is to provide the information required to establish a direct connection through a third party. Based on different environments, we have developed several different solutions to establish connections with predictable and appropriate time. These techniques all need to set the TTL value of the data packet to a small value, and capture and analyze the data packet to provide information to the third-party "matchmaker ". In addition, some packets are manually sent to the network to detect the NAT allocated port. In addition, if the port allocation is random, we use a method called "birthday paradox" to reduce the number of detection times. This method requires the space to open the space used by direct reference. 
2. Nat type 
NAT must consider three important features of the router: transparent Address Allocation, transparent routing, and ICMP packet load resolution. 
Address Allocation refers to creating a ing to a routable address for an internal address that cannot be routed at the beginning of a Network Session. NAT must be allocated to both the original and target addresses. Nat addresses are allocated in a static and dynamic manner. Static Address allocation must be defined in Nat in advance. For example, each session assigns an <internal address, external port> ing to a <external address, external port> pair. On the contrary, dynamic ing is defined at the time of each session. It does not guarantee that the same ing will be used for each session in the future. 
A similar feature is that NAT must implement transparent routing. As mentioned above, Nat is a special route that translates the address in the packets it routes. This type of conversion changes the corresponding IP address and port based on the data stream. Second, this switch must be transparent to the device to ensure compatibility with the existing network. A non-obvious requirement is that NAT must ensure that packets in the internal network are not sent to the external network. 
The last NAT feature is that when an ICMP error packet is received, Nat uses normal data packets to perform the same conversion. When an error occurs in the network, for example, when the TTL expires, generally, the sender will receive an ICMP error packet. The ICMP Error Packet also contains an error packet, so that the sender can determine which packet has an error. If these errors occur outside the NAT, the address in the packet header will be replaced by the external address allocated by the NAT, rather than the internal address. Therefore, it is necessary for Nat to perform a reverse conversion on the packets contained in the ICMP error packets, just like for ICMP errors. 
Although all Nat Services implement these three features, they can also be classified based on their characteristics and their supported network environments. Nat can be divided into four types: two-way NATs, twice NATs, multi-homed NATs and traditional NATs. For more information about the features of two-way NATs, twice NATs, and multi-homed NATs, see [12]. Two-way NATs, also known as bidirectional NATs, implements bidirectional conversion between the external address and the internal address, although only one IP address is converted to the data packet. This Nat is the only connection request that can be initiated from outside. On the contrary, twice NATs converts internal and external addresses for each route. This type of NAT is used when external addresses and internal addresses overlap. Multi-homed NATs provides an additional feature for twice NATs. It allows internal use of IP addresses that cannot be routed and multiple connections to external networks. The reason why multi-homed NATs can do this is that it keeps communicating with another one to ensure that their address ing remains unchanged. Multi-homed NATs allows a large number of internal networks and increased redundancy to allow multiple connections to the Internet. So far, the most common Nat is traditional NAT (traditional NATs), which can be divided into basic NAT (Basic NATs) and natp (network address port translation. 
The difference between basic Nat and natp is whether the external address assigned to the internal address is more than the internal address. A simple Nat is used when the number of external addresses that can be allocated is equal to or greater than the number of internal addresses. This Nat method is used to allocate ports because each internal address can be assigned a unique external address. Natps is used when the number of external addresses that Nat can allocate is less than the number of internal addresses, the most common case is that many internal machines share an external IP address. In this case, NAT must allocate a port to supplement the IP address to eliminate the possibility of ambiguity during network transmission. What Nat and natp share is that they both stop external connections and can both allocate static and dynamic addresses. 
Napt is the most common type in traditional NAT because it allows many internal connections to share a small number of external network addresses. Most commercial Nat services designed for small networks are napt.

 

This is a reprinted record, but he did not elaborate on it.
Next, let's talk about the principle of UDP penetration in three Nat scenarios.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.