Current location - Quotes Website - Team slogan - NAT (Communication between IPTV Project Private Networks)
NAT (Communication between IPTV Project Private Networks)
principle

Internal host-> private address -> NAT-public network address-> external host.

Is to replace the address information of the IP header.

Network address translation is used to convert internal network address and port number into legal public network address and port number, establish session and communicate with public network host.

Hosts outside NAT cannot actively communicate with hosts inside NAT. If the host inside NAT wants to communicate, it must actively communicate with the IP of the public network. The router is responsible for establishing mapping relationship and realizing data forwarding. This is how NAT works.

RFC 19 18 specifies three reserved address segments:10.0.0-10.255.255; 172. 16.0.0- 172.3 1.255.255; 192. 168.0.0- 192. 168.255.255。 These three ranges are located in class A, B and C address segments, and are not assigned to specific users, and are reserved as private addresses by IANA.

kind

NAT (Network Address Translator): Known as the basic NAT, the core of this translation is the address rather than the port, which is rarely seen.

Napt (Network Address/Port Converter): In fact, this is what we often call NAT.

Realization mode

① static NAT (static NAT)

Map specific public network addresses and ports to specific private network addresses and ports one by one, and each private network address is determined.

② Dynamic Nat (Dynamic NAT)

The internal address is converted to the public address one-to-one, but the dynamic address dynamically selects the unused public address from the legal address pool, which is random; When the user disconnects and reconnects, the external address may switch to another address.

③ Port address translation, PAT)

This is also a dynamic. By converting multiple internal addresses into the same public network address and distinguishing different hosts with different ports, it can be divided into cone NAT and symmetric NAT.

NAPT classification

① full cone NAT (full cone NAT)

After mapping a private address (addr) to a public network address (addr), an internal address (addr) can receive datagrams sent by any external host to the mapped public network address (addr).

② Restricted Cone NAT (Restricted Cone NAT)

After the private address (addr) is mapped to the public network address (addr), after the internal host first sends a data packet to an (arbitrary) external host, the internal host can only receive the data packet through the mapped public network address.

(Arbitrary) Data packets sent by an external host to a public network address (not limited to ports) [Messages sent by an external host to a public network address from any port will be forwarded to a private network address]

③ Port Restricted Cone NAT (Port Restricted Cone NAT)

This implementation is similar to restricted cone NAT, but with more port restrictions. After the private address (addr) is mapped to the public address (addr), the internal host must first send a packet to the external host.

External hosts can send packets to internal addresses through the corresponding ports (from "where" to "where").

④ symmetric NAT (symmetric NAT)

This implementation is different from the above three, except that it does not belong to Cone NAT. When the same internal host uses the same port to communicate with different external hosts, symmetric NAT will re-establish a session and assign different ports to this session;

Only when the external host receiving the message sends a response message from its corresponding port can it be converted (from "where" to "where"). Even if the internal host uses the previously used address port to connect different external hosts (or ports), the NAT gateway will establish a new mapping relationship.

merits and demerits

① Perfect solution to the problem of insufficient lP address.

2 NAT not only realizes address translation, but also acts as a firewall, hiding the topology of the internal network and effectively avoiding attacks from outside the network, because the internal host is invisible to the external host.

When the PC in NAT is connected to the Internet, the IP it displays is the public IP of the NAT host.

(3) It also puzzles the application of P2P, an end-to-end connection.

NAT type detection

Prerequisite: there is a public server with two public IPS (IP-1,IP-2) bound. The server listens to UDP (IP- 1, Port- 1), (IP-2, Port-2) and responds according to the requirements of the client.

Step 1: Check whether the client can communicate with UDP and whether the client is behind NAT.

The client sends a UDP message to (IP- 1, Port- 1), asking the server to return the client's IP and port. Repeat it several times, and if it times out each time, the client cannot communicate with UDP.

If the IP and port of the client returned by the server are the same as the localIP and port that sent UDP, the client is not behind NAT, otherwise it is behind NAT.

Step 2: Check whether the client NAT is a full cone NAT.

The client sends a UDP message to (IP- 1, Port- 1) of the server, asking the server to respond to the client's request with (IP-2, Port-2). Repeat it several times, and if it times out every time, it is not a full cone NAT;; Otherwise it is

Step 3: Check whether the client NAT is symmetric.

The client sends a UDP message (IP- 1, Port- 1) to the server, asking the server to return the IP and port of the client. The client uses other sockets to send (IP-2, Port-2) to the server, requesting the server to return the IP and port of the client.

If a pair of IP and ports returned twice are inconsistent, it is a symmetric NAT, and such a client cannot communicate with UDP-P2P. Otherwise, it is a restricted NAT.

Step 4: Check whether the client NAT is a restricted cone NAT or a port restricted cone NAT.

The client sends a UDP message to the server (IP- 1, Port- 1) and asks the server to send a UDP packet response with (IP- 1, Port-x). Repeat it several times, and if it times out every time, it is a port limit. Otherwise, it is a restricted cone NAT.

Nat traversal

If two clients A and B behind different NAT know the external network address mapped by each other's NAT, it is possible to send UDP packets directly to the external network address of the other party for communication.

However, the client cannot directly obtain its own NAT external network address. The solution is to introduce a server S to help the client obtain its own external network address.

There are many types of NAT, and there are also many types of paired combinations. Not every combination can be traversed. Let's analyze two typical combinations.

① Cone and cone

S

A - NAT A(e)====NAT B(e) - B

B sends a data packet to S to ask for its own address, and S returns B's external network address eB to B..

S sends B's external network address eB to A.

S sends a's external network address eA to B.

A sends data packets to eB, and B sends data packets to eA to establish P2P channel.

(2) current limiting cone vs symmetrical type.

Stunned

Simple traversal of user datagram protocol through network address translator), simple traversal of NAT with UDP, is a lightweight protocol and a complete solution based on UDP traversal of NAT.

It allows clients behind NAT (or multiple NATs) to find their own public network address,

Find out the NAT type behind you and the Internet port that NAT binds to the local port of the client. This information is used to create UDP communication between two hosts behind the NAT router.

The protocol is defined by RFC 3489, RFC 5389 and RFC 7350.

STUN is a client/server protocol and a request/response protocol. The default port number is 3478.

//Protocol change

STUN protocol was renamed as NAT session traversal utility in RFC5389, that is, NAT session penetration utility.

Here, the NAT session penetration utility is positioned as a protocol for other protocols to solve the NAT penetration problem. It can be used for terminal equipment to check the IP address and port number assigned to the terminal through NAT.

At the same time, it is also used to check the connectivity between two terminals, just like a keep-alive protocol to maintain NAT binding entries.

STUN itself is not a complete NAT penetration solution, it is equivalent to a tool in NAT penetration solution. This is the most important change compared with RFC3489/STUN version.

Apart from the name change, the biggest difference between RFC5389 and RFC3489 is that it supports TCP penetration.

Vertigo use

① Interactive connection establishment (ice) [m music-ice], interactive connection establishment.

② The SIP [SIP-outbound] client initiates the connection, which is used for the SIP client to initialize the connection.

③ NAT behavior discovery [behavior-NAT], NAT behavior discovery.

STUN server used for free in China

stun:stun 1 . l . Google . com: 19302

stun:stun 2 . l . Google . com: 19302

stun:stun 3 . l . Google . com: 19302

stun:stun 4 . l . Google . com: 19302

Dizziness: 23.21.150.121

stun:stun0 1.sipphone.com

stun:stun.ekiga.net

stun:stun.fwdnet.net

stun:stun.ideasip.com

stun:stun.iptel.org

stun:stun.rixtelecom.se

stun:stun.schlund.de

stun:stunserver.org

stun:stun.softjoys.com

stun:stun . voiporaund . com

stun:stun.voipbuster.com

stun:stun . VoIP unt . com

stun:stun.voxgratia.org

stun:stun.xten.com

turn

RFC5766

Use relay to traverse NAT (turn): The relay extension session traversal utility is used for NAT (stun), that is, use relay to traverse NAT's relay extension: stun.

The similarity between TURN and STUN is that NAT penetration is realized by modifying the private network address at the application layer, while the similarity and difference are that TURN is realized through the "middleman" mode of communication between the two parties.

TURN protocol is used to allow the host to control the operation of relay and exchange data with peers by relay. TURN is different from other relay control protocols in that it allows clients to connect with multiple peers using one relay address.

TURN protocol is designed as a part of ICE for NAT traversal, but it can also be used alone in places without ICE.

ice

Interactive connection establishment is developed by MMUSIC working group of IETF, which provides a framework for unifying various NAT penetration technologies.

Ice is different from coma and turning around. ICE is not a protocol, but a framework that integrates STUN and TURN.

If A wants to communicate with B, the process is as follows:

1)A Collect all IP addresses and find out which addresses can receive the traffic of STUN server and TURN server;

2)A sends an address list to STUN server, and then sends startup information to B according to the sorted address list to realize communication between nodes;

3)B sends a STUN request to each address in the startup information;

4)A sends the received reply information of the first STUN request to B;

5) After receiving STUN's reply, B finds out the addresses that can realize the communication between A and B;

6) Use the address of the highest ranked column in the list for further communication between devices.

Implementation of NAT traversal under ICE protocol (stun &; Turn):

Related articles
  • What warm-hearted behaviors did you encounter during the anti-epidemic period?
  • Review of advanced mathematics for postgraduate entrance examination
  • The slogan of treasure
  • How does the director of county development and reform bureau implement the main responsibility of party style and clean government construction and "one post and two responsibilities"
  • Planning case of community cultural festival
  • Have infertile friends been cured in kapok clinic? Can you share it?
  • Where is the mulberry picking garden in Hangzhou? Where is the fruit picking base in Hangzhou?
  • Why does Switzerland never fight? And no country has violated it?
  • What does Wal-Mart ms product mean?
  • Suggestions on protecting the environment Xiaohe composition network

    • copyright 2024 Quotes Website All rights reserved