Presentation is loading. Please wait.

Presentation is loading. Please wait.

A New Method for Symmetric NAT Traversal in UDP and TCP Yuan Wei & Daisuke Yamada & Suguru Yoshida & Shigeki Goto Waseda University

Similar presentations


Presentation on theme: "A New Method for Symmetric NAT Traversal in UDP and TCP Yuan Wei & Daisuke Yamada & Suguru Yoshida & Shigeki Goto Waseda University"— Presentation transcript:

1 A New Method for Symmetric NAT Traversal in UDP and TCP Yuan Wei & Daisuke Yamada & Suguru Yoshida & Shigeki Goto Waseda University 2008/8/4Wei Yuan1

2 Agenda Network Address Translator (NAT) Existing problems in NAT traversal New method Experiment Conclusion 2008/8/4 Wei Yuan 2

3 NAT Network Address Translator Translate private IP addresses to a global IP address NAT includes Network Address Port Translation, (NAPT) 2008/8/4 Wei Yuan 3 enable multiple hosts on a private network to access the Internet using a single public IP address

4 Full Cone NAT (Easy) 2008/8/4 Wei Yuan 4 One-to-one 2008/8/44 Wei Yuan

5 Restricted Cone NAT Wei Yuan 5 Another IP address 2008/8/4 5 Wei Yuan

6 Port Restricted Cone NAT Wei Yuan /8/4 6 Wei Yuan another port number

7 Symmetric NAT (Difficult) Wei Yuan 7 Unique mapping Another client 2008/8/4 7 Wei Yuan

8 P2P and NAT (Problem) P2P networks are based on global IP address Users cannot connect P2P network behind NAT devices NAT traversal becomes an active area of research Wei Yuan /8/4 8 Wei Yuan

9 Existing Methods No NAT traversal techniques can be successfully applied symmetric NATs TCP NAT traversal is difficult Unique security filtering functions on NATs 2008/8/4 Wei Yuan 9

10 New Method UDP NAT traversal : –Applicable to symmetric NATs TCP NAT traversal : –Applicable to simple NATs 2008/8/4 Wei Yuan 10

11 How to Traverse Symmetric NAT Simulate normal UDP communications –IP address and port number must correspond to NAT. Do not use a spoof packet from another IP address Establish direct communication between two end points Predict port numbers of NATs 2008/8/4 Wei Yuan 11

12 Phase I 2008/8/4 Wei Yuan 12 F1: S1 gets the information of a port number translated by NAT a. F2: Send it back to the echo client. F3: S2 analyzes the port number of NAT a and records it.

13 Phase II 2008/8/4 Wei Yuan 13 F4: S1 gets the information of a port number translated by NAT b. F5: Send it back to the echo client. F6: S2 analyzes the port number of NAT b and records it.

14 Phase III 2008/8/4 Wei Yuan 14

15 For example 2008/8/4 Wei Yuan 15 F1: port number = 700 F3: port number = 701 Next port number is 702

16 Phase III 2008/8/4 Wei Yuan 16 F7: Predict a port number for hole punching F8: Send a large number of packets with a small TTL value F9: Predict a port number for hole punching F11: P2P connection established F10: Send a large number of packets

17 New Method: UDP Multi Hole Punching 1. Normal UDP communications –Existing method uses another extra IP address 2. Precise port number prediction –Observe port translate algorithm: increment, decrement, leap 3. Control port numbers –control random port algorithm –Binding port numbers 4. Utilize many port numbers –High success rate of hole punching 2008/8/4 Wei Yuan 17

18 TCP Hole Punching SPI (Stateful Packet Inspection) –a type of function for filtering of TCP packets A valid sequence of packets should follow the 3-way handshake. 1.[SYN] - out 2.[SYN, ACK] - in 3.[ACK] - out 2008/8/4 Wei Yuan 18

19 How to deal with SPI Divide 3-way handshake section and hole punching section –Hole punching section is similar to Simple Traversal of UDP Through NATs and TCP too (STUNT) 3-way handshake section –Send sequence number info to server. –Use low TTL ( =1 ) to establish –Packet does not reach at NATs Set SO_REUSEADDR option of setsockopt() to combine (re-bind) two section 2008/8/4 Wei Yuan 19

20 Experiment Use WinStun to determine the type of NATs Use Wireshark to capture packets Evaluate Skype for NAT traversal Test the performance of the new method for UDP NAT traversal Realize TCP NAT traversal 2008/8/4 Wei Yuan 20

21 Results 9 routers tested (3 routers were Symmetric NAT) The success ratio of the P2P communication about Skype was 46% –Skype does not use UDP hole punching when the voice quality was good. The success ratio of the P2P communication about our new method was 97% –The combination of Buffalo and NEC had an 80% success rate on average. The other combinations were 100% successful. Succeeded in port prediction and control of port numbers Succeeded in establishing TCP connections for five NAT products out of six 2008/8/4 Wei Yuan 21

22 Control of port numbers 2008/8/4 Wei Yuan 22 Random Incremental

23 Conclusion Succeed in port prediction Succeed in control of port numbers Skype is 46%. Our new method outperforms it with a success rate of 97% succeed in establishing TCP connections for five NAT products out of six WinStunSkype New Metho d Symmetric NAT 33%0%100% All routers66%46%97% 2008/8/4 Wei Yuan 23

24 END 2008/8/4Wei Yuan24


Download ppt "A New Method for Symmetric NAT Traversal in UDP and TCP Yuan Wei & Daisuke Yamada & Suguru Yoshida & Shigeki Goto Waseda University"

Similar presentations


Ads by Google