P. 1
Nat Traversal

Nat Traversal

|Views: 172|Likes:
Published by lamkakaka

More info:

Published by: lamkakaka on May 15, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less





IEG3090 - Tutorial 10 NAT Traversal

Fong Chi Hang, Bosco

• Types of NATs & Firewalls • STUN • NAT Traversal using STUN

Network Address Translation (NAT)
• The process of modifying network address information in datagram packet header • Remapping a given address space into another

Full cone NAT discovery

Restricted cone NAT discovery

Port-restricted cone NAT discovery

Symmetric NAT discovery

Stun client request Firewall response Node with private address X Application at address Y port P Stun server

Some firewall may block all UDP Some firewall may allow UDP response if sent from Y/P where an earlier UDP request was sent to (“symmetric firewall”)

STUN (Simple Traversal of UDP datagram protocol through NATs)
• A protocol used by end hosts to determine whether it is behind firewall/NAT boxes, and to identify the type of it • Communicate with a public STUN server • Key point  alternating the response IP address and port number

STUN Request and Response
The STUN response from the server may include:

- contains the IP address and port of client.  CHANGED-ADDRESS - contains the alternate IP address and port of the server.  SOURCE-ADDRESS - contains the IP address and port of server.

The STUN request can contain a flag to request the STUN server to use alternative address and port to send STUN response

- contains flags for the alternate IP address

and port of server.

Flow chart for NAT discovering process

NAT Traversal using NAT
• Alice (with private address) wants to call Bob • Bob is also behind NAT box (with private address) • Alice talks to public (STUN) server, so server knows Alice’s external address/port • Bob also talks to public server, so server knows about Bob too • Public server tells Alice about Bob, and Bob about Alice • Bob sends packet to Alice (creating a “hole” in his NAT)
1 3 Alice server 4 Bob 2

NAT Traversal using NAT
• Now when Alice sends a packet back to Bob, Bob’s NAT does not filter it, assuming it is return packet from earlier request • Alice’s NAT also allows Bob’s future packets to return • This assumes Alice’s NAT will use the same external address/port (for server) to talk to Bob. • This does not work if NATs are Symmetric NATs

1 3 Alice

server 4



Thank you very much !

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->