Gourt Home::Gourt :: UDP hole punching
In computing, UDP hole punching refers to a commonly used NAT traversal technique.
Description
NAT traversal through UDP hole punching is a method for establishing bidirectional UDP connections between Internet hosts in private networks using NAT. It does not work with all type of NATs as their behavior is not standardized.
The basic idea is to have each host behind the NAT contact a third well-known server (usually a STUN server) in the public address space and then, once the NAT devices have established UDP state information, to switch to direct communication hoping that the NAT devices will keep the states despite the fact that packets are coming from a different host.
In order to work this technique requires a full cone NAT device. It will not work across a restricted cone NAT or a symmetric NAT.
A somewhat more elaborate approach is where both hosts will start sending to each other, using multiple attempts. On a restricted Cone NAT the first packet from the other host will be blocked. After that the NAT device has a record of having sent a packet to the other machine, and will let any packets coming from this IP and port number through.
The technique is widely used in P2P software and VoIP telephony. It is one of the methods used in Skype to bypass firewalls and NAT devices.
The same technique is sometimes extended to TCP connections, albeit with much less success.
Algorithm
Let A and B be the two hosts, each in its own private network; N1 and N2 are the two NAT devices; S is a public server with a well-known globally reachable IP address.
- A and B each begin a UDP conversation with S; the NAT devices N1 and N2 create UDP translation states and assign temporary external port numbers
- S relays these port numbers back to A and B
- A and B contact each others' NAT devices directly on the translated ports; the NAT devices use the previously created translation states and send the packets to A and B
See also
External links
"UDP hole punching"