Presentation is loading. Please wait.

Presentation is loading. Please wait.

A New Method for Symmetric NAT Traversal in UDP and TCP

Published bySofia Baldwin Modified over 11 years ago

Similar presentations

Presentation on theme: "A New Method for Symmetric NAT Traversal in UDP and TCP"— Presentation transcript:

1 A New Method for Symmetric NAT Traversal in UDP and TCP
Thank you very much, Professor XX. I'm Yuan Wei from Waseda University. Today, I'm going to give a presentation under the title of "A New method for Symmetric NAT Traversal in UDP and TCP" Yuan Wei & Daisuke Yamada & Suguru Yoshida & Shigeki Goto Waseda University 2008/8/4 Wei Yuan

2 Agenda Network Address Translator (NAT)
Existing problems in NAT traversal New method Experiment Conclusion 2. The orgnaization of my presentation is as follows. To begin with I'll explain about Network Address Translator. Next I'll provide background information and problem on NAT traversal. After that , I'll be describing our method. Then , show you the result of expriments. Finally , I'll state our conclusion . 2008/8/4 Wei Yuan

3 NAT (Network Address Translator)
Translate private IP addresses to a global IP address NAT includes Network Address Port Translation, (NAPT) enable multiple hosts on a private network to access the Internet using a single public IP address NAT ( Network Address Translator ): A network address translator (NAT) is a well-known, versatile tool (that) enables the reuse of IP addresses in the Internet. Using a NAT, we can convert private IP addresses to global IP addresses. In this study, we define "Network Address Port Translation" as NAT. 2008/8/4 Wei Yuan

4 Full Cone NAT (Easy) One-to-one Wei Yuan Wei Yuan
Next, I'll explain four types of NATs. 2.1 Full Cone NAT A full cone NAT is also known as a one-to-one NAT. This is the simplest NAT. Once an internal IP address and port are mapped to some external IP address and port, all the packets with the internal IP address and port will be translated to the fixed external IP address and port. Furthermore, any external host can send a packet to the internal host by sending a packet to the mapped external address. 2008/8/4 2008/8/4 4 Wei Yuan Wei Yuan 4

5 Restricted Cone NAT Another IP address Wei Yuan Wei Yuan
Restricted Cone NAT is similar to the full cone NAT. But an external host s2 can't send a packet to an internal host only if the internal host. Another IP address 2008/8/4 5 Wei Yuan Wei Yuan 5

6 Port Restricted Cone NAT
Port Restricted Cone NAT also takes the port numbers into account along with the IP addresses. In this Figure. An external host S1 can send a packet with source port 2000 to an internal host. But if the source port is 3000, this packet will filtered by NAT. And another IP address will filtered too. another port number 2008/8/4 6 Wei Yuan Wei Yuan 6

7 Symmetric NAT (Difficult)
Unique mapping 2.4 Symmetric NAT Symmetric NAT is the most difficult NAT of all. In a symmetric NAT, any request from an internal IP address and a port number to some destination IP address and port number is mapped to a unique external IP address and a unique port number. If the same host sends a packet from the same source address and the same port number but to a different destination, a different mapping is used. Only the external host that receives a packet from an internal host can send a UDP packet back to the internal host. Symmetric NATs are used when high security communication is required. And Symmetric NATs are installed as routers in business enterprises and also as high-end routers for home use. Another client 2008/8/4 7 Wei Yuan Wei Yuan 7

8 P2P and NAT (Problem) P2P networks are based on global IP address
Users cannot connect P2P network behind NAT devices NAT traversal becomes an active area of research P2P and NAT: P2P networks are based on global IP address. But there has a problem that Users can’t connect P2P network behind NAT devices. So, NAT traversal become an active area of research. 2008/8/4 8 Wei Yuan Wei Yuan 8

9 Existing Methods No NAT traversal techniques can be successfully applied symmetric NATs TCP NAT traversal is difficult Unique security filtering functions on NATs problem There have been many proposals to solve NAT traversal problem. But No NAT traversal techniques can be successfully implemented for symmetric NATs. In addition No TCP NAT traversal techniques are put to practical use. 2008/8/4 Wei Yuan

10 New Method UDP NAT traversal : TCP NAT traversal :
Applicable to symmetric NATs TCP NAT traversal : Applicable to simple NATs to solve these problems. we proposes a new method for NAT traversal, which is applicable to symmetric NATs as well as other types of NATs. Our new method is based on port prediction. It manipulates port numbers in order to traverse symmetric NATs successfully. In addition, the new method can be also extended to develop a new method for NAT traversal in TCP. 2008/8/4 Wei Yuan

11 How to Traverse Symmetric NAT
Simulate normal UDP communications IP address and port number must correspond to NAT. Do not use a spoof packet from another IP address Establish direct communication between two end points Predict port numbers of NATs How to Traverse Symmetric NAT: How to Traverse Symmetric NAT. The only way is Normal UDP communications. That meanse IP address and port number must correspond with that of NAT. To realize "Normal UDP communications" We Can’t send a fake packet from another IP address. We have to send packets from each end points. So that Port number prediction of NATs is must. 2008/8/4 Wei Yuan

12 Phase I F1: S1 gets the information of a port number translated by NAT a. F2: Send it back to the echo client. next slide, I'll explain our new method in 3 phase. In this method, the client is known as an echo client and the server is known as an echo server because there are a series of packet exchanges between them. An echo client communicates with two servers S1 and S2. S1 and S2 record the IP address and port number of the echo client, and these are then translated by NAT a. Phase Ⅰ: in F1: The echo client communicates with S1. Then, S1 analyzes the port number mapped by NAT a. F2: S1 conveys the port number to the echo client. F3: The echo client sends a packet to S2. It includes information obtained on the port number of NAT a when the echo client communicated with S1. Then, S2 analyzes the port number of NAT a and records it. Furthermore, S2 also records the port number of the echo client communicated with S1 at step F1. F3: S2 analyzes the port number of NAT a and records it. 2008/8/4 Wei Yuan

13 Phase II F4: S1 gets the information of a port number translated by NAT b. F5: Send it back to the echo client. Phase II: In phase II, the echo server communicates with S1 and S2 in a manner similar to that in phase I. F4: The echo server communicates with S1. Then, S1 analyzes the port number mapped by NAT b. F5: S1 conveys the port number to the echo server. F6: The echo server sends a packet to S2. S2 analyzes the port number of NAT b and records it. Furthermore, S2 records the port number information of NAT b at F4. F6: S2 analyzes the port number of NAT b and records it. 2008/8/4 Wei Yuan

14 Phase III 2008/8/4 Wei Yuan

15 Next port number is 702 For example F1: port number = 700
next slide, I'll explain our new method in 3 phase. In this method, the client is known as an echo client and the server is known as an echo server because there are a series of packet exchanges between them. An echo client communicates with two servers S1 and S2. S1 and S2 record the IP address and port number of the echo client, and these are then translated by NAT a. Phase Ⅰ: in F1: The echo client communicates with S1. Then, S1 analyzes the port number mapped by NAT a. F2: S1 conveys the port number to the echo client. F3: The echo client sends a packet to S2. It includes information obtained on the port number of NAT a when the echo client communicated with S1. Then, S2 analyzes the port number of NAT a and records it. Furthermore, S2 also records the port number of the echo client communicated with S1 at step F1. F3: port number = 701 Next port number is 702 2008/8/4 Wei Yuan

16 Phase III F7: Predict a port number for hole punching
F8: Send a large number of packets with a small TTL value F9: Predict a port number for hole punching Phase ⅠII: In phase III, the method performs port prediction. As described in phase I, NAT a maps the port number twice, one each in steps F1 and F3. For example, if NAT a uses 700 in F1 and 701 in F3, then we can predict that the punching mode of NAT a is incremental and that the predicted port next number is 702. Thus the new method can determine the punching mode as incremental , decrimental , or the skip mode. in F7: Based on the two types of information communicated in phases I and II, we can predict a suitable port number for hole punching. We can also determine the punching mode. S2 sends the information containing the predicted port number and the punching mode to the echo server. in F8: Based on this information, the echo server sends a large number of packets. These packets have a fixed destination port and a low TTL value. The echo server binds the port. The packets are then sent to the echo client. in F9: similar to that in F7. S2 predicts a suitable port number of NAT b and sends the information (that) contains the echo client. in step F10: Based on this information, the echo client sends a large number of packets to the echo server. then, NAT b receives many UDP packets from the echo client. If one of the source port numbers of the echo client matches the destination port number mapped by NAT b, then NAT b translates the packets and sends it to the echo server successfully. F11: The echo server replies to the echo client. It establishes a P2P connection between the echo client and the echo server at this stage. F10: Send a large number of packets F11: P2P connection established 2008/8/4 Wei Yuan

17 New Method: UDP Multi Hole Punching
Normal UDP communications Existing method uses another extra IP address Precise port number prediction Observe port translate algorithm: increment, decrement, leap Control port numbers control random port algorithm Binding port numbers Utilize many port numbers High success rate of hole punching 4.UDP Multi Hole Punching: Next I'll describe the features of the new method in UDP. There are four features. first is Normal UDP communications Previous method like STUN is from another IP address. But, The new method puts small TTL value, 2 or 3, in a packet from the Echo Server. In step F8 we observe that the packet reaches NAT b but does not reach NAT a. In steps F8 to F11, we can observe that packets go through NAT a or b, These packets appears normal UDP communications. Thus, UDP packets have less possibility of being discarded because of the use of security criteria for screening packets at NATs. Second is Precise port number prediction Most NATs translate port numbers according to one of the following algorithms: increment , decrement, leap, i.e., skipping alternative port numbers, or random. Our proposed method uses two servers so that we can observe any type of port translation. 3rd is Control of port numbers The new method can also detect random port translation. In fact we can't predict random port translate algorithm, but can control port mapping by uses bind method to fix the port before sending the UDP packet. 4th is Use of many port numbers The new method uses many port numbers. The current implementation uses 1,000 port numbers. The large number of ports increases the success rate of hole punching. 2008/8/4 Wei Yuan

18 TCP Hole Punching SPI (Stateful Packet Inspection)
a type of function for filtering of TCP packets A valid sequence of packets should follow the 3-way handshake. [SYN] - out [SYN, ACK] - in [ACK] - out TCP Hole Punching: Currently, many NAT products are equipped with Stateful Packet Inspection (SPI). It is a type of function for filtering of TCP packets. When SPI is applied, a valid sequence of packets should follow the 3-way handshake of TCP. The 3-way handshake is as: [SYN] - out [SYN, ACK] - in [ACK] - out 2008/8/4 Wei Yuan

19 How to deal with SPI Divide 3-way handshake section and hole punching section Hole punching section is similar to “Simple Traversal of UDP Through NATs and TCP too” (STUNT) 3-way handshake section Send sequence number info to server. Use low TTL ( =1 ) to establish Packet does not reach at NATs Set SO_REUSEADDR option of setsockopt() to combine (re-bind) two section Correspond SPI: To correspond SPI we Divide 3-way handshake section and hole punching section. Pease note hole punching section is similar to “Simple Traversal of UDP Through NATs and TCP too ”(STUNT) before establish 3-way handshake, we send sequence number info to server. Then we use low TTL that's parameter set as 1 to establish 3-way handshake section. So that Packet won’t reach at NATs. And the figure is hole punching section. both endpoints send an initial SYN with a TTL high enough to cross their own NATs, but small enough that the packets are dropped in the network (once the TTL expires). Server calculates correct sequence number from 3-way handshake section's sequence number information and spoof a SYNACK to each host with the sequence numbers appropriately set. The ACK completing the TCP handshake goes through the network as usual. Commonly TCP socket session can't bind two section. But we set SO_REUSEADDR option of setsockopt() to combine (re-bind) two section as one session. 2008/8/4 Wei Yuan

20 Experiment Use WinStun to determine the type of NATs
Use Wireshark to capture packets Evaluate Skype for NAT traversal Test the performance of the new method for UDP NAT traversal Realize TCP NAT traversal 18.experiments: We conducted five experiments to evaluate our new method and compared it with other existing methods. We used the WinStun software to classify the type of NATs in the first experiment. In the second experiment we used Wireshark, to capture packets and analyze NATs. In the third experiment, we evaluated the use of the Skype software for NAT traversal. Although no formal documentation is available, it appears that Skype applies STUN for P2P communications The fourth experiment was performed to test the performance of the new method for UDP NAT traversal. The new method was applied to TCP NAT traversal in the fifth experiment. 2008/8/4 Wei Yuan

21 Results 9 routers tested (3 routers were Symmetric NAT)
The success ratio of the P2P communication about Skype was 46% Skype does not use UDP hole punching when the voice quality was good. The success ratio of the P2P communication about our new method was 97% The combination of Buffalo and NEC had an 80% success rate on average. The other combinations were 100% successful. Succeeded in port prediction and control of port numbers Succeeded in establishing TCP connections for five NAT products out of six 19.Results: We used nine routes for all the experiments. and 3 routers were were Symmetric NAT router. The success ratio of the P2P communication about Skype was 46%. It is observed that Skype did not use UDP hole punching when the voice quality was good. And The success ratio of the P2P communication about our new method was 97% The combination of Buffalo and NEC had an 80% success rate on average. The other combinations were 100% successful. furthermore symmetric NAT combinations were 100%. We Succeeded in port prediction and control of port numbers. We Succeeded in establishing TCP connections for five NAT products out of six. 2008/8/4 Wei Yuan

22 Control of port numbers
Random 20.Control of port numbers: Pease look at this figure. This is capture data when Iptables and Planes combinations were tested. upper side data shows Planex translates the port numbers randomly, if send a normal UDP packet. Our new method data is in a down side, It is observed that the source port numbers are incremental: 5361, 5362, The new method can rectify the random port number using the incremental algorithm. 2008/8/4 Incremental Wei Yuan

23 Conclusion Succeed in port prediction
Succeed in control of port numbers Skype is 46%. Our new method outperforms it with a success rate of 97% succeed in establishing TCP connections for five NAT products out of six WinStun Skype New Method Symmetric NAT 33% 0% 100% All routers 66% 46% 97% Conclusion: This paper we proposes a new method of hole punching in order to traverse NATs successfully. The method utilizes two servers to predict port numbers. The new method sends UDP packets with a low TTL value. In addition we Succeeded in control of port numbers. We have succeeded in establishing TCP connections for five NAT products out of six. Since the new method needs two servers, it increases the cost of infrastructure. The high success rate can justify the overhead cost in the proposed method. 2008/8/4 Wei Yuan

24 END 2008/8/4 Wei Yuan

Download ppt "A New Method for Symmetric NAT Traversal in UDP and TCP"

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts 1 - 20.

Addition Facts
Around the World AdditionSubtraction MultiplicationDivision AdditionSubtraction MultiplicationDivision.

Around the World AdditionSubtraction MultiplicationDivision AdditionSubtraction MultiplicationDivision.
HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.

HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.
31.03.2011-ZMQS- 1. 2 31.03.2011 -ZMQS- 3 31.03.2011.

ZMQS ZMQS
Communicating over the Network

Communicating over the Network
1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.

1 IP - The Internet Protocol Relates to Lab 2. A module on the Internet Protocol.
Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.

Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.

Similar presentations

Ads by Google