1 / 24

A New Method for Symmetric NAT Traversal in UDP and TCP

A New Method for Symmetric NAT Traversal in UDP and TCP. Yuan Wei & Daisuke Yamada & Suguru Yoshida & Shigeki Goto Waseda University {wei,daisk,yoshida,goto}@goto.info.waseda.ac.jp. Agenda. Network Address Translator (NAT) Existing problems in NAT traversal New method Experiment

falboj
Download Presentation

A New Method for Symmetric NAT Traversal in UDP and TCP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A New Method for Symmetric NAT Traversal in UDP and TCP Yuan Wei & Daisuke Yamada & Suguru Yoshida & Shigeki Goto Waseda University {wei,daisk,yoshida,goto}@goto.info.waseda.ac.jp Wei Yuan

  2. Agenda • Network Address Translator (NAT) • Existing problems in NAT traversal • New method • Experiment • Conclusion Wei Yuan

  3. NAT (Network Address Translator) • Translate private IP addresses to a global IP address • NAT includes Network Address Port Translation, (NAPT) enable multiple hosts on a private network to access the Internet using a single public IP address Wei Yuan

  4. FullConeNAT (Easy) One-to-one 2008/8/4 4 Wei Yuan Wei Yuan

  5. Restricted ConeNAT Another IP address 5 Wei Yuan Wei Yuan

  6. Port Restricted ConeNAT another port number 6 Wei Yuan Wei Yuan

  7. Symmetric NAT (Difficult) Unique mapping Another client 7 Wei Yuan Wei Yuan

  8. P2Pand NAT (Problem) P2P networks are based on global IP address Users cannot connect P2P network behind NAT devices NATtraversal becomes an active area of research 8 Wei Yuan Wei Yuan

  9. Existing Methods • No NAT traversal techniques can be successfully applied symmetric NATs • TCP NAT traversal is difficult • Unique security filtering functions on NATs Wei Yuan

  10. New Method • UDP NAT traversal : • Applicable to symmetric NATs • TCP NAT traversal : • Applicable to simple NATs Wei Yuan

  11. How to Traverse Symmetric NAT • Simulate normal UDP communications • IP address and port number must correspond to NAT. • Do not use a spoof packet from another IP address • Establish direct communication between two end points • Predict port numbers of NATs Wei Yuan

  12. Phase I F1: S1 gets the information of a port number translated by NAT a. F2: Send it back to the echo client. F3: S2 analyzes the port number of NAT a and records it. Wei Yuan

  13. Phase II F4: S1 gets the information of a port number translated by NAT b. F5: Send it back to the echo client. F6: S2 analyzes the port number of NAT b and records it. Wei Yuan

  14. Phase III Wei Yuan

  15. For example F1: port number = 700 F3: port number = 701 Next port number is 702 Wei Yuan

  16. F7: Predict a port number for hole punching Phase III F8: Send a large number of packets with a small TTL value F9: Predict a port number for hole punching F10: Send a large number of packets F11: P2P connection established Wei Yuan

  17. New Method: UDP Multi Hole Punching • Normal UDP communications • Existing method uses another extra IP address • Precise port number prediction • Observe port translate algorithm: increment, decrement, leap • Control port numbers • control random port algorithm • Binding port numbers • Utilize many port numbers • High success rate of hole punching Wei Yuan

  18. TCP Hole Punching • SPI (Stateful Packet Inspection) • a type of function for filtering of TCP packets • A valid sequence of packets should follow the 3-way handshake. • [SYN] - out • [SYN, ACK] - in • [ACK] - out Wei Yuan

  19. How to deal with SPI • Divide 3-way handshake section and hole punching section • Hole punching section is similar to “Simple Traversal of UDP Through NATs and TCP too” (STUNT) • 3-way handshake section • Send sequence number info to server. • Use low TTL ( =1 ) to establish • Packet does not reach at NATs • Set SO_REUSEADDR option of setsockopt()to combine (re-bind) two section Wei Yuan

  20. Experiment • Use WinStun to determine the type of NATs • Use Wireshark to capture packets • Evaluate Skype for NAT traversal • Test the performance of the new method for UDP NAT traversal • Realize TCP NAT traversal Wei Yuan

  21. Results • 9 routers tested (3 routers were Symmetric NAT) • The success ratio of the P2P communication about Skype was 46% • Skype does not use UDP hole punching when the voice quality was good. • The success ratio of the P2P communication about our new method was 97% • The combination of Buffalo and NEC had an 80% success rate on average. The other combinations were 100% successful. • Succeeded in port prediction and control of port numbers • Succeeded in establishing TCP connections for five NAT products out of six Wei Yuan

  22. Control of port numbers Random Incremental Wei Yuan

  23. Conclusion • Succeed in port prediction • Succeed in control of port numbers • Skype is 46%. Our new method outperforms it with a success rate of 97% • succeed in establishing TCP connections for five NAT products out of six Wei Yuan

  24. END Wei Yuan

More Related