Research on Peer-to-peer communication method of Udp/tcp through NAT (Udp/tcp hole Hole punching)

Research on Peer-to-peer communication method of Udp/tcp through NAT (Udp/tcp hole Hole punching)

Introduction to the type of NAT device: Reprint http://www.limou.net/?p=120

The type of NAT device has a very important influence on TCP traversing NAT, according to the port mapping method, Nat can be divided into 4 categories, the first 3 NAT types can be collectively referred to as cone types. Full Cone: NAT maps all requests from the same internal IP address and port to the same external IP address and port. Any external host can send IP packets to the internal host through this mapping. Restrictive cloning (restricted Cone): NAT maps all requests from the same internal IP address and port to the same external IP address and port. However, the external host can send IP packets to the internal host only if the internal host sends IP packets first to an external host with an IP address of x. Port restrictive cloning (port restricted Cone): Ports restrictive cloning is similar to restrictive cloning, but only the limit of the port number, that is, only the internal host to the IP address x, port number p for the external host to send 1 IP packets, the external host can be the source A port number is sent to the internal host for the IP packet of p. Symmetric NAT (symmetric NAT): This type of NAT differs from the above 3 types in that it maps the internal host differently when the same internal host uses the same port to communicate with external hosts of different addresses. Symmetric NAT does not guarantee the consistency of bindings between private addresses and exposed IP in all sessions. Instead, it assigns a new port number to each new session.

technology implementation: about NAT hole-making technology, the principle and procedures do not have much relationship, just in the transport layer to do a port mapping, hole well after the establishment of the connection can be used TCP/UDP

Let's just assume: There is a server s on the public network has an IP, two private networks by Nat-a and Nat-b connected to the public network, nat-a behind a client a,nat-b behind a client B, now we need to use s to establish a and B direct TCP connection, That is, a hole from B to a, so that a can be connected directly to the B host in the hole, as if Nat-b does not exist. The implementation process is as follows: s initiates two network listens, one is called "The primary Connection" listens, one is called "assists the hole" the interception. A and B are kept in touch with s ' main connection ' respectively. When a needs to establish a direct TCP connection with B, first connect S to the "Help hole" port and send the assistance connection request. At the same time, start listening on the port number. Note Because you have to bind to different sockets on the same network terminal, you must set the So_reuseaddr property for these sockets (that is, allow reuse), or the listener will fail. S's "help Hole" connection receives a application after the "Primary connection" notification B, and a after Nat-a converted public network IP address and port information to tell B. B received the connection after the first with S "Help hole" port connection, random send some data immediately after the disconnect, the purpose is to let S know b after nat-b converted public network IP and port number. b try to connect with a after the nat-a conversion of the public IP address and port, depending on the different routers will have different results, some routers in this operation can establish a connection, most routers for the Unsolicited SYN request packet directly discarded to cause connect failure, But Nat-a will record the connection's source address and port number, for the next real connection is ready, this is called the hole, that is, B to a hole, the next time a will be able to directly connect to B just use the port number. Client B holes are started on the same port while listening on. B After everything is ready through the "Master Connection" reply message "I am ready" with S, s after receiving the B after nat-b conversion of the public network IP and port number to a. A after receiving the public IP and port number of B of S reply, start connecting to B public IP and port number, because in step 6 B has tried to connect A's public IP address and port, NAT-A records This connection information, so when a active connection B, Nat-b will be considered a legitimate SYN data, and allows for direct TCP connections to be established

=============================================================================================================== the principle and implementation of =============== Peer-to-peer UDP penetrating Nat (source code) Category: Network 2011-12-12 14:41 49 people read comments (0) Collection report

The principle and implementation of Peer-to-peer UDP penetrating nat (with source code)
Original: Shootingstars
Reference: Http://midcom-p2p.sourceforge.net/draft-ford-midcom-p2p-01.txt

There is often a discussion of peer-to-peer principles on the forums, but discussions are discussed and there is very little substance generated (source code). Oh, here I use their own implementation of a source code to illustrate the principle of UDP through NAT.

First, let's introduce some basic concepts:
NAT (Network address translators): Network address Translation is a result of the lack of IP address, the main purpose of which is to be able to address reuse. Nat is divided into two broad categories, basic NAT and NAPT (Network Address/port Translator).
The first NAT is a functional module running on a router.

The first is the basic NAT, which is based on the fact that only a small number of nodes in a private network (domain) need to be connected to the extranet (Oh, this was introduced in the middle of the 90 's). In fact, only a few nodes in this subnet need the globally unique IP address, and the IP address of the other nodes should be reusable.
Therefore, the basic function of NAT implementation is very simple, in the subnet using a reserved IP subnet segment, these IP external is not visible. Only a few IP addresses within a subnet can correspond to a truly globally unique IP address. If these nodes need to access the external network, then the basic NAT is responsible for transforming the subnet IP of this node into a globally unique IP and sending it out. (Basic NAT changes the original IP address in the IP packet, but does not change the port in the IP packet)
For basic NAT you can see RFC 1631.

Another kind of NAT called NAPT, we can also see from the name, NAPT will not only change the IP address of the NAT device, but also change the TCP/UDP port of the IP datagram. Basic NAT Equipment Maybe we don't see much (hehe, I haven't seen), Napt is the protagonist of our real discussion. "Common port mappings on D-link or t-link is this case" look at the following figure:
Server S1
18.181.0.31:1235
|
^ Session 1 (a-s1) ^ |
|      18.181.0.31:1235 | |
V 155.99.25.11:62000 v |