Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
From NAT to NAT Traversal
1. From NAT to NAT Traversal
2014/12/25
Qlync Inc.
YAO, LI-WEI
1
2. How to access network resource
anytime and anywhere?
2
3. How to access network resource
anytime and anywhere?
• Locate Resource
• Signal —> Not Today
• Access Resource
• P2P Communication —> Today
3
4. Agenda
• Network Resource or Service
• Public and Private IP Address
• What is NAT?
• How to access Network Resource behind NAT?
• Port Forwarding
• NAT Traversal
• ICE Protocol
• ICE related projects - WebRTC
4
11. Public and Private IP Address
http://www.highteck.net/EN/Network/Addressing_the_Network-IPv4.html
11
12. What is NAT?
• Remapping one IP address
space into another
• Private IP/port mapping to
Public IP/port
• Rewrite the source and/or
destination addresses of IP
packets as they pass the
router or firewall
• Server: IP address
• Resource: Protocol:Port
12
34. NAT Types
• Full Cone NAT
• Address Restricted NAT
• Port Restricted NAT
• Symmetric NAT
34
35. Full Cone
Mapping: 192.168.2.2:4445 <-> 1.1.1.4:10100
Policy: ALLOW ALL TO 1.1.1.4:10100
Full Cone 只是單純的做位址轉換,並未對進出的封包設限。︒
http://www.slideshare.net/dadaista/nat-traversal
35
41. STUN (RFC 5389/3489)
Abstract
Session Traversal Utilities for NAT (STUN) is a protocol that serves as a
tool for other protocols in dealing with Network Address Translator (NAT)
traversal. It can be used by an endpoint to determine the IP address and port
allocated to it by a NAT. It can also be used to check connectivity between
two endpoints, and as a keep-alive protocol to maintain NAT bindings. STUN
works with many existing NATs, and does not require any special behavior
from them.
STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used
in the context of a NAT traversal solution. This is an important change from
the previous version of this specification (RFC 3489), which presented STUN
as a complete solution.
This document obsoletes RFC 3489.
41
46. TURN (RFC 5766/6062)
Abstract
If a host is located behind a NAT, then in certain situations it can be
impossible for that host to communicate directly with other hosts (peers).
In these situations, it is necessary for the host to use the services of an
intermediate node that acts as a communication relay. This specification
defines a protocol, called TURN (Traversal Using Relays around NAT),
that allows the host to control the operation of the relay and to exchange
packets with its peers using the relay. TURN differs from some other relay
control protocols in that it allows a client to communicate with multiple
peers using a single relay address.
The TURN protocol was designed to be used as part of the ICE
(Interactive Connectivity Establishment) approach to NAT traversal,
though it also can be used without ICE.
46
48. ICE (5245/5768)
Abstract
This document describes a protocol for Network Address
Translator (NAT) traversal for UDP-based multimedia sessions
established with the offer/answer model. This protocol is called
Interactive Connectivity Establishment (ICE). ICE makes use of
the Session Traversal Utilities for NAT (STUN) protocol and its
extension, Traversal Using Relay NAT (TURN). ICE can be used
by any protocol utilizing the offer/answer model, such as the
Session Initiation Protocol (SIP).
48