Download
1 / 23
250 likes | 597 Views
NAT/Firewall 穿越技术. 常见的 NAT 种类. Full Cone Restricted Cone Port Restricted Cone Symmetric NAT. Full Cone. Restricted Cone(1/2). Restricted Cone(2/2). Port Restricted Cone. Symmetric NAT. NAT Detection Flow. 防火牆造成的問題. NAT 造出的问题. NAT/Firewall 穿越技术. IPV6(Internet Protocol Version 6)
E N D
常见的NAT种类 • Full Cone • Restricted Cone • Port Restricted Cone • Symmetric NAT
NAT/Firewall穿越技术 • IPV6(Internet Protocol Version 6) • UPnP(Universal Plug and Play) • TRUN(Traversal Using Relay NAT) • ALG(Application Layer Gatewqy) • ICE(Interactive Connectivity Establish) • STUN(Simple Traversal of UDP Through Netwoek Address Translators)
UPnP • Universal Plug and Play • It's being pushed by Microsoft • A UPnP-aware client can ask the UPnP-enabled NAT how it would map a particular IP:port through UPnP
STUN(1/2) • Simple Traversal of UDP Through Network Address Translators • 需要在NAT外部架设 STUN Server • Client 端需有特殊的 STUN Client 功能 • 无法穿透 symmetric NAT • 未来将被ICE整合
TURN(1/2) • Traversal Using Relay NAT • 主要是为了解決 symmetric NATs • 必须要架設 TURN Server • 未来也将被包含进 ICE
User Agent 2 Registrar/Proxy User Agent 1 10.2.1.1 NAT 192.0.2.101 STUN Server 1 STUN SharedSecretRequest/TLS 2 STUN SharedSecretResponse/TLS 3 STUN BindingtRequest/UDP 4 STUN BindingResponse/UDP 5 REGISTER Contact:UA1@192.0.2.101 6 200 OK 7 INVITE Contact:UA1@192.0.2.101 8 INVITE Contact:UA1@192.0.2.101 9 100 Trying 10 200 OK 11 200 OK 12 ACK 13 ACK RTP Media Session SIP using STUN
Proxy User Agent 1 10.2.1.1 STUN/TURN Svr 1 User Agent 2 192.168.1.1 NAT 1 NAT 2 STUN/TURN Svr 2 1 STUN Requests 3 STUN Requests 2 STUN Responses 4 STUN Responses 5 INVITE 6 INVITE 7 180 Ringing 8 200 OK 9 ACK 10 ACK 11 Peer-to-Peer STUN Requests 12 Peer-to-Peer STUN Responses 13 Peer-to-Peer STUN Requests 14 Peer-to-Peer STUN Responses RTP Media Session Established using Derived Transport Addresses SIP using TURN
ALG(1/2) • Application Layer gateway • It Understands the signalling messages and their relationship with the resulting media flows. • It can modify the signalling to reflect the public IP address and ports being used by singalling and media traffic.
ICE • Interactive Connectivity Establishment • 非 protocol 而是 framework • 主要技术包括:STUN, TRUN, SIP • 目前仍在RFC草案讨论阶段
