A New Method for Symmetric NAT Traversal in
- Slides: 29
A New Method for Symmetric NAT Traversal in UDP and TCP Speaker : Kai-Sheng Yang Advisor : Dr. Kai-Wei Ke 2016/10/5
Outline Network Address Translator (NAT) Existing traversal methods New method Experiment Conclusion Reference 1
Network Address Translator (NAT) Translate private IP addresses to a global IP address. Enable multiple hosts on a private network to access the Internet using a single public IP address. 2
Network Address Translator (NAT) Full Cone NAT (1 to 1) Restricted Cone NAT Port Restricted Cone NAT Symmetric NAT 3
Network Address Translator (NAT) Cont. Full Cone NAT (1 to 1) 4
Network Address Translator (NAT) Cont. Restricted Cone NAT 5
Network Address Translator (NAT) Cont. Port Restricted Cone NAT 6
Network Address Translator (NAT) Cont. Symmetric NAT Unique mapping 7
P 2 P and NAT (Problem) P 2 P networks are based on global IP address. Users cannot connect P 2 P network behind NAT devices. 8
Existing Traversal Methods UPn. P (Universal Plug and Play), ICE (Interactive Connectivity Establishment), ALG (Application Layer gateway), TURN (Traversal Using Relay NAT) … STUN (Simple Traversal of UDP through NAT) 9
Simple Traversal of UDP through NAT (STUN) No NAT traversal techniques can be successfully applied symmetric NATs. 10
New Method UDP NAT traversal : - Applicable to symmetric NATs. - Based on “Port Prediction”. 11
How to Traverse Symmetric NAT Simulate normal UDP communications - IP address and port number must correspond to NAT. 1. Establish direct communication between two end points. 2. Predict port numbers of NATs. 12
Phase 1 F 1: S 1 gets the information of a port# translated by NAT a. F 2: Send it back to the echo client. F 3: S 2 analyzes the port# of NAT a and records it. 13
Phase 2 F 5: Send it back to the echo client. F 4: S 1 gets the information of a port# translated by NAT b. F 6: S 2 analyzes the port# of NAT b and records it. 14
Phase 3 Port Prediction If NAT a uses port#700 in F 1 and port#701 in F 3, We can predict that the punching mode of NAT a is incremental and that the predicted port next number is 702 and the punching mode is Incremental. If NAT b uses port#5000 in F 4 and port#5001 in F 6, We can predict that the punching mode of NAT b is incremental and that the predicted port next number is 5002 and the punching mode is Incremental. 15
Phase 3 (cont’) 192. 168. 0. 2 133. 9. 81. 186 133. 9. 81. 62 192. 168. 0. 1 F 7: Predict a NATa’s port# for hole punching. (i. e. #702) F 8: Send a large number of packets with a low TTL value. Mapping Table of NAT b 192. 168. 0. 1: xx use port 5002 for 133. 9. 81. 186: 702 … 16
Phase 3 (cont’) 192. 168. 0. 2 133. 9. 81. 186 F 10: Echo client sends a large number of packets to the echo server. If one of the source port# of the echo client matches the destination port# mapped by NAT b, --> traverse successfully. 133. 9. 81. 62 192. 168. 0. 1 F 9: Predict a NATb’s port# for hole punching. (i. e. #5002) Mapping Table of NAT a 192. 168. 0. 2: yy use port 702 for 133. 9. 81. 62: 5002 … F 11: P 2 P connection established. 17
Phase 3 (cont’) 18
New Method: UDP Multi Hole Punching Features Normal UDP communications - Existing method uses another extra IP address. Precise port number prediction - Observe port translate algorithm: increment, decrement, leap 19
New Method: UDP Multi Hole Punching – Features (Cont. ) Control port numbers - Control random port algorithm. - Binding port numbers. Utilize many port numbers - High success rate of hole punching. 20
Experiment Use Win. Stun to determine the type of NATs. Use Wireshark to capture packets. Test the performance of the new method for UDP NAT traversal. 21
133. 9. 81. 66 133. 9. 81. 63 22
Results 9 routers tested (3 routers were Symmetric NAT). The success ratio of the P 2 P communication about our new method was 97%. Succeeded in port prediction and control of port numbers. 23
24
Results (Cont. ) Control of port numbers Random Increment 25
Conclusion Succeed in port prediction. Succeed in control of port numbers. The new method get a success rate of 97%. The high success rate can justify the overhead cost in the proposed method. 26
References Wei, Y. , Yamada, D. , Yoshida, S. , Goto, S. : A New Method for Symmetric NAT Traversal in UDP and TCP. Network 4, 8 (2008) http: //www. cs. nccu. edu. tw/~lien/Writing/NGN/f irewall. htm https: //tools. ietf. org/html/rfc 4787 27
Thanks. 28
Nat type symmetric
Nat traversal problem solution
Stun hole punching
Slack vs unify circuit
Symmetric matrix example
Symmetric algorithms
Symmetric nat vs full cone
Traversal algorithm in distributed system
Bfs tree
Graph traversal in data structure
Euler tour traversal
Iterative inorder
Bfs and dfs in discrete mathematics
Graph traversal methods
Breadth first search tree
Which of the following tree traversal holds for clr
Binary tree traversal techniques
Huffman tree visualization
Understanding the efficiency of ray traversal on gpus
Preorder traversal visualization
Dom cs
Concept tree
Balance factor of avl tree
Tree problem template
Bfs traversal
Tree traversal
Tree
Tree traversal in data structure
Complexity of bellman ford
Algoritma traversal
