Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIP-Based NAT Traversal in P2P-Environments

Published by儿株 丰 Modified over 8 years ago

Similar presentations

Presentation on theme: "HIP-Based NAT Traversal in P2P-Environments"— Presentation transcript:

1 HIP-Based NAT Traversal in P2P-Environments
Ari Keränen NomadicLab, Ericsson Research Supervisor: prof. Jörg Ott

2 Outline Background NAT Traversal Using HIP Measurement results
Network Address Translation (NAT) NAT Traversal Host Identity Protocol (HIP) NAT Traversal Using HIP implementation of a NAT traversal library Measurement results Findings & Conclusions

3 Network Address Translation
NAT can transparently change a network internal, private address to a public address a new mapping is dynamically created when the first packet for a connection passes the NAT return traffic can use the same mapping to the other direction allows normally only outbound connections often use TCP/UDP ports for multiplexing NAT src: dst: src: NAT’s public address:

4 NAT Types Mapping and filtering behavior varies between NAT implementations Mapping if the destination address and/or port changes, will the source public address at the NAT change Filtering which source addresses and/or ports on the external side of NAT are allowed to use the mapping

5 NAT Types Endpoint independent filtering
any host using any port in the external side can use the mapping the NAT has created Address (and port) dependent filtering only packets from the same destination address (and port) that created the mapping are accepted Endpoint independent mapping NAT uses the same mapping (i.e., public address and port) for packets even if the destination address or port changes Address (and port) dependent mapping NAT mapping is changed if the destination address (or port) is changed

6 NAT Traversal A way to make the responder behind a NAT reachable
Needed especially in P2P environments since a peer is likely behind a NAT compare to client-server model, where servers are normally in the public, globally routable network Can be done using hole punching responder sends a packet to a (STUN) server and learns the NAT mapping from the response the initiator may be able to use that mapping depending on the type of the NATs

7 Interactive Connectivity Establishment
A robust NAT traversal solution Combines hole punching with a set of optimizations and methodology works also in scenarios where simple hole punching does not work Both endpoints probe for connectivity using multiple (all) possible address candidates relayed route as the last resort controlling hosts decides when to stop tests and which path to use

8 Host Identity Protocol
A new namespace and a layer between transport and IP layers transport layer connections bound to host identity Enables natural host mobility and multihoming IP address changes invisible to upper layers transport layer connections survive address changes

9 Host Identity Protocol
Connection established using a four-way handshake; the HIP base exchange proof of identity, IPsec setup, DoS attack protection Legacy applications can use HIP transparently presentation of the host identity (Host Identity Tag) looks like a normal IPv6 address Problems with NATs HIP is normally run directly on top of IP simple UDP encapsulation works if the responder is not behind a NAT

10 NAT Traversal Using HIP
Use ICE for traversing the NATs ICE candidates sent in the HIP base exchange base exchange through a relay or a P2P overlay network Single NAT traversal solution for all applications no need for application specific solutions

11 Implementation Implemented ICE library
3+1 Internet-Drafts ICE: draft-ietf-mmusic-ice-19 STUN: draft-ietf-behave-rfc3489bis-15 TURN: draft-ietf-behave-turn-07 (draft-rosenberg-mmusic-ice-nonsip-00) Tested the library using various NAT types is ICE able to create a path how much traffic is generated

12 Measurement Scenarios
Two hosts behind different NATs NAT types can be changed (filtering behavior + Linux NAT) STUN/TURN server in the public network ICE connectivity checks run between the two hosts

13 Measurement Results ICE is able to create a working path in all the scenarios outperforms simple hole punching Best path depends on the scenario Linux-Linux NAT scenario requires a relay port dependent filtering with Linux NAT needs a relay depending on timing of the checks all other scenarios work with direct path some variation in the amount of messages

14 Measurement Results EI: Endpoint-Independent AD: Address-Dependent
PD: Address and Port-Dependent L: Linux

15 Findings The default timer values for non-RTP ICE are suboptimal
connectivity checks can take multiple seconds even in common NAT scenarios can be fixed relatively easily Good local stopping criteria/algorithm is essential for performance of ICE

16 Conclusions ICE is a good solution for HIP P2P NAT traversal
works with all tested scenarios (and likely with many others) minor changes to basic ICE are useful The solution increases overhead but not substantially compared to other options

17 That’s all folks! Questions?

Download ppt "HIP-Based NAT Traversal in P2P-Environments"

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications.

Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications.
© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen
Firewalls and Network Address Translation (NAT) Chapter 7.

Firewalls and Network Address Translation (NAT) Chapter 7.
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.

NAT Traversal for P2PSIP Philip Matthews Avaya. Peer X Peer Y Peer W 2. P2PSIP Network Establishing new Peer Protocol connection Peer Protocol messages.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1 © 2005 Nokia mobike-transport.ppt/2005-11-09 MOBIKE Transport mode usage and issues Mohan Parthasarathy.

1 © 2005 Nokia mobike-transport.ppt/ MOBIKE Transport mode usage and issues Mohan Parthasarathy.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.

SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)

Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)
Host Identity Protocol

Host Identity Protocol
Middleboxes & Network Appliances EE122 TAs Past and Present.

Middleboxes & Network Appliances EE122 TAs Past and Present.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Similar presentations

Ads by Google