![]() The scenario above is exactly how ZeroTier works except for one minor wrinkle: the message from Alice to Ziggy that says “I want to call Bob” is her first message to Bob. It is indeed ugly and a hack, but so is NAT. ![]() Second, if you’re thinking “wow that’s an ugly hack” you are correct. A single relatively inexpensive cloud server instance can easily provide NAT traversal services for millions of devices. But in practice setting up a triangle relationship like the one above is easy, and since the messages are small the server’s bandwidth requirements are not large. NAT does make true serverless peer to peer virtually impossible without incredibly difficult and often unreliable methods. First, the folks who say NAT makes P2P impossible are almost right. As long as Alice and Bob send keepalive messages to one another frequently enough (about every 120 seconds for typical routers), this conversation can be kept going indefinitely. Each NAT router then interprets the other party’s initialization packet as a reply in a two-way UDP “connection,” and interprets further packets likewise. Both NAT routers create a mapping entry as described above. Alice’s NAT router sees a message leave Alice for Bob’s public IP and port, while Bob’s sees the same thing in the direction of Alice. The message to Alice contains Bob’s public IP and port, and the message to Bob contains Alice’s.ģ. Alice and Bob simultaneously (upon receipt) send messages to each other. Alice and Bob periodically send UDP messages to Ziggy, who records their existence and their public (Internet-side of NAT) IP addresses and ports.Ģ. When Alice wants to talk to Bob, she sends a message to Ziggy that says “hey I want to call Bob.” Ziggy then sends a message to both Alice and Bob. They both know about a third party - let’s call him Ziggy - that is not behind NAT. (Slight variations on this procedure exist, but this is the basic idea.)ġ. Alice and Bob are both behind NAT. UDP hole punching exploits this concept of a “conversation.” It works like this. ![]() This allows a two-way UDP conversation to be initiated by a device behind NAT. For these to be usable behind NAT, NAT routers must implement a concept of “UDP connections.” They do this by listening for outgoing UDP packets and when one is seen creating a mapping that says “private IP:port UDP public IP:port UDP.” Any further packets leaving the private network will be remapped in the same way, and replies from the external system contacted will be remapped in the opposite direction. It’s sort of TCP’s smaller and simpler cousin, a protocol that allows a piece of software to send a single discrete packet from its own address to another IP and port.Ī number of Internet protocols use UDP such as DNS, many games, media streaming protocols, etc. The most common and effective technique for NAT traversal is known as UDP hole punching. Providing relaying for that small a number is fairly inexpensive, making reliable and scalable P2P networking that always works quite achievable. More than 90% of NATs can be traversed, with most being traversable in reliable and deterministic ways.Īt the end of the day anywhere from 4% (our numbers) to 8% (an older number from Google) of all traffic over a peer to peer network must be relayed to provide reliable service. Lots of people think NAT is a show-stopper for peer to peer communication, but it isn’t. In reading the Internet chatter on this subject I’ve been shocked by how many people don’t really understand this, hence the reason this post was written. Since most users are behind NAT devices, people often wonder how exactly peer to peer connectivity is established. ZeroTier One runs over a peer to peer network, which means that allowing devices to communicate directly is central to how it operates (at scale and with acceptable performance). Migrating a system as huge as the Internet to a new protocol version takes a very long time. Its successor, known as IPv6, does not have this limitation but is still fairly early in its adoption curve. NAT was invented because IPv4, the IP scheme that still runs most Internet sites, has an address space that is too small to allow all devices to have “real” addresses. Between you and the network there is a device called a “NAT router” that performs intelligent address translation back and forth. They are not your real Internet IP address. ![]() If you’re on a typical network, your system probably has an IP address like 10.1.2.3or 192.168.0.66. For those who don’t know, NAT stands for Network Address Translation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |