Oct 24, 2019
With the popularity of the Internet, the 32-bit addressing method of IPv4 is not enough, and the emergence of NAT (network address translation) technology solves the problem of IPv4 address shortage in a sense. Through private IP address, NAT enables multiple nodes to connect to the Internet with only a few public IP addresses. When the internal nodes of NAT connect outward, the private IP will be replaced by the public IP, and the corresponding relationship will be recorded in the NAT mapping table.
When connecting through NAT, the internal node structure is hidden externally. It only allows connection requests initiated internally and rejects all external connections that are not initiated internally. Because it does not know which host to forward the connection to, peers at both ends of NAT cannot provide P2P services. How to achieve NAT traversal (NAT penetration) has become an urgent task to provide complete P2P services.
P2P data can be transmitted through UDP (non online connectionless non reliable transmission protocol) or TCP (online oriented connection oriented reliable transmission protocol). UDP has the solution set by stun [RFC 3489]. However, there is no good solution for the strict TCP specification, so this section will focus on the TCP part. There are two kinds of penetrating NAT: one is only one end node after NAT, the other is the two ends node after different NAT.
In the first case, we can adopt the active method of NAT back-end nodes to solve the problem, that is, the nodes of NAT back-end actively send demands to external nodes, which is a way for external nodes to establish online through this channel. But the second is a tricky situation. The most common method is to transfer data through a third party. However, in order to save the load and cost generated by the transfer, we hope to find a solution that allows two nodes behind the NAT to directly establish a TCP connection.
At present, Cornell University proposes a method to connect TCP directly through different NATs, which is called nutss . The purpose of nutss is to achieve a global connectivity state, so that all nodes under different architectures can establish an online relationship with each other, and will not be affected after NAT. Nutss uses the simple traversal of UDP through NATs and TCP protocol to open the TCP connection of the node after NAT. The architecture is shown in Figure 3 below. In the initial stage of establishing online, two nodes with different NATs first establish online with the help of a third party (called tracker in ntuss). After the online establishment is completed, the two nodes can directly transmit data without the need of a third party.
Stunt learned the IP, port binding mechanism and packet filtering rule of the other end host through several packet transmission communications, and then adjusted them to achieve direct online between peers. Nutss has a disadvantage that the stunt protocol relies on spoofing packets for TCP connections, which are limited in real networks. The protocol transmits fake packets for TCP connection, which may cause problems in real network. Many ISPs do entry filtering to prevent spoofing packets from entering their networks, which will lead to protocol failure. Many ISPs have restrictions on filtering fake packets into their networks, which will lead to protocol failure. Spoofing cannot be part of a real connected host.