Peer NAT detection and traversal mode

First, NAT type

This article transferred from: http://www.cnblogs.com/hummersofdie/archive/2013/05/21/3090163.html

1, the basic NAT type: Only forwarding IP, do not turn the port;

Tips: A basic NAT often needs to have multiple public IP addresses for simultaneous access to applications with the same port in multiple intranet nodes. Because this type of NAT device is limited in size, it is now uncommon.

2, NAPT: Convert the entire endpoint (Ip:port)

The commonly used NAT type is napt,napt is an out-of-the-way NAT type; (that is, you can easily access others, others want to access you are limited), according to the different restrictions are divided into the following four types:

(1) Complete cone type (full CONE NAT)

(2) Limit cone type (RESTRICT CONE NAT)

(3) Port-restricted type (port RESTRICT CONE NAT)

(4) symmetric type (symmetric NAT)

Second, napt Four types of

First, we assume a scenario where an intranet user A (Private Endpoint) creates an address mapping session when the packet is first sent out, and assigns a public Endpoint (Ip+port) to a, to facilitate our definition of it as PA Endpoint); now external Host B (Ip:port) is communicating with a:

(1) any external host (B, C, D, E) as long as the message is sent to the PA, a can receive the message; a NAT is a complete cone (full CONE nat);

(2) Send the message to PA, and ensure that a once with B host IP communication, a to receive information; a NAT is a restricted cone (RESTRICT CONE NAT);

(3) Send the message to PA and ensure that a has communicated with B's endpoint (Ip+port), a to receive the information, a NAT is Port-restricted type (ports RESTRICT CONE NAT);

(4) A with different external host communication, NAT will assign a different public Endpoint, external hosts B and C, D, E, and a communication, you must send a message before they can send the message to a;a the NAT type is symmetric type (symmetric NAT);

Third, NAT types of Detection methods

Depending on the NAT type, the stun server detects a NAT type in the following steps. (Stun server has two public network endpoint, we assume for E1 and E2, assuming stun server is stun);

Steps 1 : detects if the host is located in NAT after

A send UDP packet to E1,stun will E1 received packet header package with E1 feedback to A,a comparison package endpoint is the same as its own endpoint, if the same, prove that a is not in any NAT, otherwise, is located after the NAT, It is not possible to determine the specific NAT type;

Steps 2 : Detection NAT whether it is a complete cone type

A send UDP packet to E1,stun will E1 received packet packets, with E2 feedback to a, if you can receive, prove that a is located in the NAT is full cone type, otherwise it is not;

Steps 3 : Detection NAT is it a symmetric type?

A respectively to the E1, E2 send UDP packets, stun respectively with the corresponding endpoint message packet header package feedback to A,a compare the two packets received in the endpoint is the same, if the same, a is located in the NAT is not symmetric, otherwise is symmetric type;

Steps 4 : Detection NAT is it a restricted type or a port-restricted type?

A send UDP packet to the E1,stun server with E1 the same IP but different port endpoint packets received packet sent to PA, if you can receive, prove that a is in the type of NAT is limited, if not receive, the NAT type of a is port-restricted type.

Tips:a after the message will start listening to the port, and set the time-out period, to prevent infinite blocking, but also each time the detection of more than one UDP packet.

Four, Penetration Method

Penetrating there 4 method of:

(1) Direct communication

(2) piercing through (hole punching)

(3) Reverse traversal (reverse)

(4) Port prediction (ports prediction)

For illustrative purposes, we assume that there are two clients (peers), A and b;a, and B will be registered to the same server Regist-server, which we simply call Rs, so that RS communicates a and b without passing itself; Unlike the Nat environment where b is located, there are different approaches. We do the following assumptions

A is the active connector, and B is the passive link-person;

NAT the public endpoint assigned to a is PA;

The public endpoint that Nat assigns to B is PB;

The NAT to which a belongs is nat-a;

The NAT to which B belongs is nat-b;

A, B is not in the same LAN, not the same NAT;

Four ways of penetrating can be described as follows:

(1) Direct communication: Rs send PB (Ip:port) directly to Pa,a to send PB message;

(2) Hole through: RS to the PA to PB, the PB sent to Pa,pa message to PB,PB sent to PA;

(3) Reverse traversal: RS Send PA to PB, let B send message to PA;

(4) Port prediction: Difficult to achieve udp-p2p communication

The crossing method is different depending on the nat-a and Nat-b, and the specific way is as follows:

Nat-b Nat-a	Public network	Full CONE	RESTRICT CONE	PORT RESTRICT	Symmetric
Public network	Direct	Hole Punching	Hole Punching	Hole Punching	Reverse
Full CONE	Direct	Hole Punching	Hole Punching	Hole Punching	Reverse
RESTRICT CONE	Direct	Hole Punching	Hole Punching	Hole Punching	Reverse
PORT RESTRICT	Direct	Hole Punching	Hole Punching	Hole Punching	Port Prediction
Symmetric	Direct	Hole Punching	Hole Punching	Port Prediction	Port Prediction

Peer NAT detection and traversal mode