Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

Slides:



Advertisements
Similar presentations
SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Advertisements

Ch. 23, 25 Q and A (NAT and UDP) Victor Norman IS333 Spring 2014.
CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
© N. Ganesan, All rights reserved. Chapter IP Addressing Format.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
P2P and NAT How to traverse NAT Davide Carboni ©
Network Address Translation (NAT) Prof. Sasu Tarkoma.
NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings
STUN Date: Speaker: Hui-Hsiung Chung 1.
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.
Network Address Translation (NAT) Adj. Prof. Sasu Tarkoma.
NAT1 Network Address Translation Dr. Danny Tsang Department of Electronic & Computer Engineering Hong Kong University of Science and Technology.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
NAT Network Address Translation Presented by Snoopers Eduardo Segura Shenal Shroff Shinichi Nishiyama Suyou He Thu Nguyen.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
CS 4700 / CS 5700 Network Fundamentals Lecture 13: Middleboxes and NAT (Duct tape for IPv4) Revised 3/9/2013.
STUN Tutorial Jonathan Rosenberg Chief Technology Officer.
CSE5803 Advanced Internet Protocols and Applications (7) Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Subnetting.
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)
Middleboxes & Network Appliances EE122 TAs Past and Present.
RTP Relay Support in Intelligent Gateway Author: Pieere Pi
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
A Brief Taxonomy of Firewalls
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
CS 5565 Network Architecture and Protocols
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
Introduction to Network Address Translation
STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker : Wenping Zhang date :
Network Layer4-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
NATs and UDP Victor Norman CS322 Spring NAPT Suppose we have a router doing NAT: half is the “public side”, IP address ; other half is.
1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.
Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.
Module 10: How Middleboxes Impact Performance
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
NAT and PAT. Topics RFCs 1597(obs by 1918), 1631,1917, 1918 & 1797 Network Address Translation – Static and Dynamic Port Address Translation Issues with.
Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.
NAT/PAT by S K SATAPATHY
1 Network Address Translation. 2 Network Address Translation (NAT) Extension of original addressing scheme Motivated by exhaustion of IP address space.
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 11 – VoIP Hardware.
Ch. 23, 25 Q and A (NAT and UDP) Victor Norman IS333 Spring 2015.
Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj
Network Address Translation Sandip Chakraborty. NAT PRIVATE NETWORK PUBLIC NETWORK IP: Port: 8123 IP: Port: 9678 IP:
HIP-Based NAT Traversal in P2P-Environments
CS 3700 Networks and Distributed Systems
Firewalls, Network Address Translators(NATs), and H.323
CS 4700 / CS 5700 Network Fundamentals
NAT (Network Address Translation)
Chapter 13 Network Address Translation
Binary Lesson 4 Classful IP Addresses
改良UDP洞穿技術設計物聯網通訊: 以遠端門鈴監控系統為例 Improving UDP Hole Punching Technique For IoT Communications: A Remote Door-bell Monitoring System 報告時間28~32分佳 楊凱勝 指導教授:柯開維.
CS 3700 Networks and Distributed Systems
Introducing To Networking
New Solutions For Scaling The Internet Address Space
CS 3700 Networks and Distributed Systems
NAT Traversal for VoIP Dr. Quincy Wu National Chi Nan University
Chapter 11: Network Address Translation for IPv4
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Request for Comments(RFC) 3489
Presentation transcript:

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen bonds between the water molecules are shown as dashed lines. Lengths are in angstroms.'' (Hobbs, 1970, p. 69, reproduced from Hamilton et al., 1969). Ice II exists only at pressures greater than 2000 atmospheres.

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT and NAPT/PAT NAT = Network Address Translation NAPT = Network Address and Port Translation, PAT=Port Address Translation Reserved & Publicly non-routable address space –Class A: 10.x.x.x –Class C: x.x –Even smaller: x.x to x.x NAT – 1:1 mapping between private & public ip addresses

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAPT/PAT N:1 (private to public). Uses ports to provide further granularity for routing on the private side. Helps with the problem of ip address exhaust (IPV4). Many different flavors: Full Cone, Half Cone or Strict, Symmetric, etc. NAPT BREAKS PROTOCOLS THAT BURY THE IP ADDRESS INSIDE OF THE APPLICATION LAYER (e.g., all the VoIP Signaling Protocols: SIP, H323, MGCP as well as RTP). STUN (and other) client protocols (TURN, etc.) used to discover the private to public mappings, and to overcome the problem created by NAPT. Take a look at new STUN (RFC 5389) –Note: traditional STUN doesn’t work with symmetrical (or bi-directional) NAT, which is what most high class firewalls use. (I’m not sure what’s implemented in your voip clients – would be interesting to know). I’m told that TURN solves this, and perhaps has been incorporated into Session Border Controllers (server side) also can be used to fix the problems created by NAPT.

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. Full Cone: Very Popular on Broadband routers Each private IP:Port is mapped to a single public IP:Port on the public side of the router, regardless of destination IP address. For TCP connections, the mapping is typically session state-full (stays up until timeout or ended) For UDP connections, the “pinhole” is opened for a short time (seconds). Typically, the response from the destination must go BACK to the same ip:port as the source to get through. In the SIP world, registration by the client to the server is often used to keep the pinhole open to the destination sip server. What’s a potential problem with this.

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. Problem with full cone NAPT? The foreign ip address is never checked by the NAT router (since the same public IP:port is used to map to a given host - private IP:port – for all foreign ip addresses). “Bad guys” can send scan the ports of a given public ip address and send malicious packets to hosts behind the NAPT. This problem is corrected using “strict” NAPT – in which the router checks the foreign ip address before forwarding the packet to a host behind the NAPT.

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. Strict NAPT: Corrects Full Cone vulnerability For each private IP:Port and destination IP:Port there is a separate public IP:port on the public side of the NAPT router

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. Routing Tables Full Cone: For each host ip:port there is one public ip:port regardless of destination ip:port. Source privateSource publicDestination public : : : :5060 Source privateSource publicDestination public : : : : : : : : : : : :5060 Strict (partial cone): For each host ip:port & destination ip address:port, there is one public ip:port.

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. STUN: Simple Traversal of UDP Networks USED to “discover” the public address:port mapping from the private side of the network. STUN client  STUN server in the network, which echo’s information back. Asks different questions (scans ip address and ports) to answer the question – what type of NAT is running on your broadband router, and how to modify the private ip address’ and ports to make the protocol(s) work!

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. Example of a STUN Session

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. STUN Debug (continued)

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. STUN Decision Tree (see Wikipedia)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.