Presentation is loading. Please wait.

Presentation is loading. Please wait.

NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.

Similar presentations


Presentation on theme: "NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT."— Presentation transcript:

1 NAT/Firewall 穿越技术

2 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT

3 Full Cone

4 Restricted Cone(1/2)

5 Restricted Cone(2/2)

6 Port Restricted Cone

7 Symmetric NAT

8 NAT Detection Flow

9 防火牆造成的問題

10 NAT 造出的问题

11 NAT/Firewall 穿越技术 IPV6(Internet Protocol Version 6) UPnP(Universal Plug and Play) TRUN(Traversal Using Relay NAT) ALG(Application Layer Gatewqy) ICE(Interactive Connectivity Establish) STUN(Simple Traversal of UDP Through Netwoek Address Translators)

12 UPnP Universal Plug and Play It's being pushed by Microsoft A UPnP-aware client can ask the UPnP- enabled NAT how it would map a particular IP:port through UPnP

13 UPnP Operation

14 STUN(1/2) Simple Traversal of UDP Through Network Address Translators 需要在 NAT 外部架设 STUN Server Client 端需有特殊的 STUN Client 功能 无法穿透 symmetric NAT 未来将被 ICE 整合

15 STUN(2/2)

16 TURN(1/2) Traversal Using Relay NAT 主要是为了解決 symmetric NATs 必须要架設 TURN Server 未来也将被包含进 ICE

17 TURN(2/2)

18 SIP using STUN 1 STUN SharedSecretRequest/TLS 9 100 Trying User Agent 1 10.2.1.1 STUN Server Registrar/Proxy User Agent 2 7 INVITE Contact:UA1@192.0.2.101 10 200 OK NAT 192.0.2.101 2 STUN SharedSecretResponse/TLS 3 STUN BindingtRequest/UDP 4 STUN BindingResponse/UDP 6 200 OK 5 REGISTER Contact:UA1@192.0.2.101 8 INVITE Contact:UA1@192.0.2.101 11 200 OK 12 ACK 13 ACK RTP Media Session

19 SIP using TURN User Agent 1 10.2.1.1 STUN/TURN Svr 1 STUN/TURN Svr 2 User Agent 2 192.168.1.1 NAT 1NAT 2 1 STUN Requests 2 STUN Responses 3 STUN Requests 4 STUN Responses 7 180 Ringing 8 200 OK 9 ACK 12 Peer-to-Peer STUN Responses 11 Peer-to-Peer STUN Requests 14 Peer-to-Peer STUN Responses 13 Peer-to-Peer STUN Requests RTP Media Session Established using Derived Transport Addresses Proxy 5 INVITE 6 INVITE 10 ACK

20 ALG(1/2) Application Layer gateway It Understands the signalling messages and their relationship with the resulting media flows. It can modify the signalling to reflect the public IP address and ports being used by singalling and media traffic.

21 ALG(2/2)

22 ICE Interactive Connectivity Establishment 非 protocol 而是 framework 主要技术包括: STUN, TRUN, SIP 目前仍在 RFC 草案讨论阶段

23


Download ppt "NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT."

Similar presentations


Ads by Google