CN110113439B - NAT traversal method - Google Patents

NAT traversal method Download PDF

Info

Publication number
CN110113439B
CN110113439B CN201910279103.9A CN201910279103A CN110113439B CN 110113439 B CN110113439 B CN 110113439B CN 201910279103 A CN201910279103 A CN 201910279103A CN 110113439 B CN110113439 B CN 110113439B
Authority
CN
China
Prior art keywords
port
client
nat
request
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910279103.9A
Other languages
Chinese (zh)
Other versions
CN110113439A (en
Inventor
林耀荣
高育滨
欧炜滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN201910279103.9A priority Critical patent/CN110113439B/en
Publication of CN110113439A publication Critical patent/CN110113439A/en
Application granted granted Critical
Publication of CN110113439B publication Critical patent/CN110113439B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2582NAT traversal through control of the NAT server, e.g. using universal plug and play [UPnP]

Abstract

The invention discloses a NAT (network Address translation) traversal method, which comprises two stages: the first stage is an NAT type detection stage, a client side carries out NAT type detection by means of a STUN server and sends information such as an NAT type, a host address, a mapping address and the like to an NAT traversal server; the second stage is NAT traversing stage, the NAT traversing server will determine the corresponding traversing strategy according to the NAT type detection result of the client of both communication sides, and send the strategy and the related information to the client, after the client receives the NAT traversing strategy, the client will proceed NAT traversing according to the strategy; and when the NAT cannot be traversed, forwarding by adopting a transit server. The method greatly improves the traversing success rate of the symmetric NAT.

Description

NAT traversal method
Technical Field
The invention relates to the technical field of computer network communication, in particular to a method for NAT traversal.
Background
The rapid development of the Internet and the limitation of the number of IPv4 addresses make network address translation (nat) devices widely used. In existing Internet networking environments, many devices are located behind NAT devices or firewalls. The NAT device allows a host within a private network to actively initiate a connection to a public network server, but prohibits an active connection in the opposite direction. In many cases, however, 2 devices communicating with each other may all be behind NAT devices and cannot communicate directly with a peer-to-peer (P2P) connection.
To address the NAT traversal problem, the industry has proposed many solutions. These technologies can be divided into two broad categories, one based on NAT devices and the other based on terminals. The terminal-based solutions include stun (session traffic utilization for nat) protocol, turn (traffic utilization Relay nat) protocol, and ice (interactive Connectivity establishment) framework. However, the solution based on the NAT device often needs to upgrade or modify the existing NAT device, and the NAT cascading problem cannot be effectively solved. In the existing solution based on the terminal, for the symmetric NAT, the STUN protocol cannot traverse, and the TURN protocol and the ICE framework are inefficient.
Disclosure of Invention
The invention aims to overcome the defects of the existing NAT traversal scheme, provides a new NAT traversal method and greatly improves the traversal success rate of the symmetric NAT.
The purpose of the invention can be achieved by adopting the following technical scheme:
a NAT traversing method is applied to a system formed by a server and a client, wherein the server is deployed on a public network and comprises an NAT traversing server, a STUN server and a transit server, the client comprises an NAT type detection module and an NAT traversing module, and the method comprises the following steps:
s1, NAT type detection stage: the client side carries out NAT type detection by means of the STUN server and sends a detection result to the NAT traversal server;
s2, NAT traversal stage: after the NAT traversal server receives the NAT type detection results of the two communication client sides, the NAT traversal server determines different NAT traversal strategies, and then the NAT traversal strategies and the NAT type, the host address and the mapping address of the opposite client side, the port increment delta P of the increment symmetric NAT, the maximum value P of the measurement port of the local random symmetric type or the global random symmetric type NAT are usedmaxAnd a minimum value PminSending the data to the client of the other party; after receiving the NAT traversal strategy and the related information, the client sides of the two parties carry out NAT traversal according to the received NAT traversal strategy; and if the NAT traversal fails, forwarding by adopting a transit server.
Furthermore, the NAT type comprises a blocking type, an open type, a firewall type, a full cone type, an IP limiting cone type, a port limiting cone type, an increment symmetry type, a local random symmetry type and a global random symmetry type; the STUN server comprises 1 IP address and 2 ports, wherein the 2 ports are respectively a port SP1 and a port SP 2.
Further, the step S1 is as follows:
s101, the IP address of the host of the client X is IPX_hostBinding Port of client XX1Port SP1 of access STUN server, obtaining Port from response message returned from STUN serverX1Mapped address IP of access port SP1X1_reflex:PortX1_SP1
S102, if the overtime does not return, the system is in a blocking type, and the step S112 is entered;
s103, if IPX1_reflexEqual to IPX_hostChecking whether the door is open or firewall type, namely executing step S104, otherwise executing step S106;
s104, Port of binding client XX1The number of ports is such that,the port SP1 of the STUN server is accessed again, the CHANGE port bit of the CHANGE-REQUEST attribute in the STUN command REQUEST message is set to be 1, and the STUN server is required to return a CHANGE port response through the other port SP 2;
s105, if a change port response returned by the STUN server through a different port SP2 is received, the result shows that no NAT is converted, namely the STUN is an open type, otherwise, the result shows that the STUN is a firewall type, and the step S112 is executed;
s106, Port of binding client XX1A port SP1 of the STUN server is accessed again, the CHANGE port bit of the CHANGE-REQUEST attribute in the STUN command REQUEST message is set to be 1, and the STUN server is required to return a CHANGE port response through another port SP 2;
s107, Port of binding client XX1Port, Port SP2 of access STUN server, obtain PortX1Mapped Port Port of Access Port SP2X1_SP2
S108, if PortX1_SP1Equal to PortX1_SP2Explaining that the NAT is a cone NAT, step S109 is executed to further distinguish which cone NAT is the NAT; otherwise, if the NAT is a symmetric NAT, step S110 is executed to further distinguish which symmetric NAT is;
s109, if a change port response returned by the STUN server through the port SP2 is received, the NAT is described as a full cone type or an IP restriction cone type, otherwise, the NAT is described as a port restriction cone type, and the step S112 is executed;
s110, binding different ports of client XX2Port, Port SP1 of access STUN server, obtain PortX2Mapped Port Port of Access Port SP1X2_SP1(ii) a Port of binding clientX2Port, Port SP2 of access STUN server, obtain PortX2Mapped address IP of access port SP2X2_reflex:PortX2_SP2
S111, compare PortX1_SP1,PortX1_SP2,PortX2_SP1And PortX2_SP2A relationship of four;
if PortX1_SP2-PortX1_SP1=PortX2_SP1-PortX1_SP2=PortX2_SP2-PortX2_SP1If the NAT is in an increment symmetric type, the port increment is delta P; if not, the maximum value P of the four ports is calculated as a random symmetry typemaxAnd a minimum value PminIf P ismaxAnd PminIf the difference value of (A) is less than R, judging the local random symmetry type; if the R is larger than the R, the system is in a global random symmetry type;
s112, the client side sends the NAT type and the host address IPX_host:PortX2And mapping address IPX2_reflex:PortX2_SP2Sending to NAT traversal server, wherein Port for open type, firewall type or cone type NATX2Get PortX1Value of (2), IPX2_reflex:PortX2_SP2Mapping address IPX1_reflex:PortX1_SP1And (3) the detection process ends.
Further, in step S2, when the NAT type of the client a is a port restricted cone type or a firewall type, and the NAT type of the client B is an incremental symmetry type, the traversal process is as follows:
s201, client B binding PortB3Port, sending request to Port SP1 of STUN server to obtain mapping PortB3_SP1
S202, binding Port by client BB3Port, mapping address IP to client AA2_reflex:PortA2_SP2Sending a request in which IPA2_reflex:PortA2_SP2Mapping address IP corresponding to client AX2_reflex:PortX2_SP2The NAT passes through the server and is sent to the client B; client B then listens to PortB3A port for waiting for a request message of a client A;
s203, binding Port by client BB3Port, sending request to Port SP2 of STUN server to obtain mapping PortB3_SP2(ii) a Client B will PortB3_SP1、PortB3_SP2And the port increment delta P obtained in the NAT type detection processBSending the data to an NAT traversal server; the NAT traversal server forwards the received message to the client A, and the client A starts NAT traversal after receiving the message;
s204, binding Port by client AA2Port mapping each predicted Port in Port prediction interval to client B in sequenceBpredSending a request message, wherein PortA2Port corresponding to client AX2Port, PortBpred=PortB3_SP1+k*ΔPBK is a positive integer, and PortB3_SP1<PortBpred<PortB3_SP2
S205, when the client B is at the PortB3When receiving the request of the client A, showing that the NAT traversal is successful; mapping Port of client B to client AA2_SP2And sending a response to end the NAT traversal process.
Further, in step S2, when the NAT type of the client a is a port-restricted cone type or a firewall type, and the NAT type of the client B is a local random symmetric type or a global random symmetric type, the traversing process is as follows:
s211, according to the success crossing probability P set by the systemsThe optimal parameters N and M are calculated by the following formula, where T is the total number of available ports, T65535 and 1024, and N and M are [1, T-]The calculated optimal parameters N and M can reduce the NAT traversal time;
Figure GDA0002481987820000051
s212, client B binds N different PortB31、PortB32……PortB3NMapping Port to client A respectivelyA2_SP2Sending requests, obtaining N different mapping ports in total, wherein the PortA2_SP2Mapping Port corresponding to client AX2_SP2The NAT passes through the server and is sent to the client B; then the client B monitors the N ports and waits for the request sent by the client A;
s213, client A binds local PortA2Port, mapping Port Range to client BB2_SP2-M/2+1,PortB2_SP2+M/2]M ports within a Port send requests, where the Port sends the requestA2Port corresponding to client AX2Port, PortB2_SP2Mapping Port corresponding to client BX2_SP2
S214, when the client B receives the request of the client A at 1 monitoring port, the NAT traversal is successful; the client B maps the Port to the client A through the PortA2_SP2And sending a response to end the NAT traversal process.
Further, in step S2, when the NAT types of the two clients are both incremental symmetric types, the traversal process is as follows:
s221, client B binding PortB3Sending a request to Port SP1 of the STUN server to obtain a mapping PortB3_SP1
S222, client B binding PortB3Mapping N predicted ports within a Port prediction interval to client A sequentiallyApredSending a request; then monitoring the ports, and waiting for a request message sent by the client A; wherein, PortApred=PortA2_SP2+(k+Offset)*ΔPAK is [1, N]Positive integers in the range, Offset is a natural number more than or equal to 0, and is used for avoiding an invalid port of the estimated NAT equipment of the client A; port (Port)A2_SP2Mapping Port corresponding to client AX2_SP2,ΔPAThe parameters are port increment of NAT equipment of the client A and are sent to the client B through an NAT traversal server;
s223, client B binding PortB3Sending a request to Port SP2 of the STUN server to obtain a mapping PortB3_SP2Client B will PortB3_SP1N, Offset and Port increment Δ PBSending the NAT traversal request to an NAT traversal server, forwarding the NAT traversal request to a client A by the NAT traversal server, and starting NAT traversal after the client A receives the NAT traversal request;
s224, client A binding PortA3Sending a request to Port SP2 of the STUN server to obtain a mapping PortA3_SP2(ii) a Determining PortA3_SP2Whether or not to be greater than or equal to PortA2_SP2+Offset*ΔPAIf the condition is not satisfied, the client A updates the local PortA3For other different values, the request is sent to Port SP2 of the STUN server again to update the mapping PortA3_SP2Repeating the above process until the mapping port satisfies the above condition; to reduce the impact of other processes or other clients on NAT device port assignment, client B's 1 st predicted port is calculated according to the following formula:
Figure GDA0002481987820000061
s225, client A binding PortA3Mapping N predicted ports within a Port prediction interval to client B sequentiallyBpredSending a request in which PortBpred=PortBpred_1+2*k*ΔPBK is [0, N-1 ]]A natural number within the range;
s226, when the client B receives the request of the client A at 1 monitoring port, indicating that the NAT traversal is successful; and the client B sends a response to the client A to finish the NAT traversal process.
Further, in step S2, when the NAT type of the client a is a local random symmetric type or a global random symmetric type, and the NAT type of the client B is an incremental symmetric type, the traversal process is as follows:
s231, client B binding PortB3Port, sending request to Port SP1 of STUN server to obtain mapping PortB3_SP1
S232, binding N different local ports by the client B, and sequentially mapping the ports to the predicted mapping ports of the client AApredSending a request in which PortApredIs (P)max,Pmin) An integer randomly selected within the range;
s233, binding Port to client BB3Port, sending request to Port SP2 of STUN server to obtain mapping PortB3_SP2(ii) a Client B will PortB3_SP1And PortB3_SP2Sending the NAT traversal request to an NAT traversal server, forwarding the NAT traversal request to a client A by the NAT traversal server, and starting NAT traversal after the client A receives the NAT traversal request;
s234, client A binds local PortA3Mapping each predicted Port within a Port prediction interval to client B sequentiallyBpredSending a request message, whichMiddle PortBpred=PortB3_SP1+k*ΔPBK is a positive integer, and PortB3_SP1<PortBpred<PortB3_SP2
S235, when the client B receives the request of the client A, showing that the NAT traversal is successful; the client B sends a response to the client A, and the NAT traversal process is ended;
s236, if the client A does not receive the response of the client B after time-out, the local Port is updatedA3And returning to the step S234 for retries for other different values, and retrying for Try times in total.
Further, in step S2, when the mapping IP addresses IP of both clients are usedX2_reflexAnd the host IP addresses and the corresponding mapping IP addresses of the two client sides are different, the two client sides are judged to be under the same NAT equipment, and the traversing process is as follows:
s241, the host address IP from the client A to the client BB_host:PortB2Sending a request, IPB_host:PortB2Host address IP corresponding to client BX_host:PortX2The NAT passes through the server and is sent to the client A;
s242, the client B receives the request packet sent by the client A and obtains a source address of the request packet; after obtaining the source address of the request packet, the client B sends a request to the address, and then the process goes to step S243; if the client B does not receive the request packet after timeout, go to step S244;
s243, after receiving the request of the client B, the client A sends a response to the client B; if the client B receives the response, the direct traversing process is finished;
s244, the host address IP from the client B to the client AA_host:PortA2Sending a request, IPA_host:PortA2Host address IP corresponding to client AX_host:PortX2The NAT passes through the server and is sent to the client B;
s245, the client A receives the request packet sent by the client B and obtains the source address of the request packet; after obtaining the source address of the request packet, the client a sends a request to the address, and then the process goes to step S246; if the client A does not receive the request packet after overtime, the direct NAT traversal fails, and the clients of the two parties can be regarded as different NAT devices and try again to perform NAT traversal by adopting a corresponding traversal strategy according to the NAT type;
s246, after receiving the request of the client A, the client B sends a response to the client A; and if the client A receives the response, ending the direct NAT traversal process.
Further, in step S2, when the NAT types of the clients are both port restricted cone type or firewall type, the traversing process is as follows:
s251, client A binding PortA2Mapping an address IP to client BB2_reflex:PortB2_SP2Sending a request in which PortA2Port corresponding to client AX2Port, IPB2_reflex:PortB2_SP2Mapping address IP corresponding to client BX2_reflex:PortX2_SP2The NAT passes through the server and is sent to the client A; after the client A sends a request, monitoring the port and waiting for the request of the client B;
s252, client B binding PortB2Mapping an address IP to a client AA2_reflex:PortA2_SP2Sending a request in which PortB2Port corresponding to client BX2Port, IPA2_reflex:PortA2_SP2Mapping address IP corresponding to client AX2_reflex:PortX2_SP2The NAT passes through the server and is sent to the client B; if the client A does not receive the request of the client B after overtime, the NAT traversal fails;
s253, after receiving the request of the client B, the client A sends a response to the client B, and after receiving the response, the client B finishes the NAT traversal process; if the client B does not receive the response after time out, the NAT traversal fails.
Further, in step S2, when the NAT type of the client a is other than the blocking type, the client B is the open type, and there is no NAT device, the traversal process is as follows:
s261, mapping address IP of client A to BB2_reflex:PortB2_SP2Sending a request in which IPB2_reflex:PortB2_SP2Mapping address IP corresponding to client BX2_reflex:PortX2_SP2(ii) a After the client A sends a request, monitoring the port and waiting for the request of the client B;
s262, the client B receives the request packet sent by the client A and obtains the source address of the request packet; after obtaining the source address of the request packet, the client B sends a request to the address; if the client B does not receive the request packet after overtime, the NAT traversal fails;
s263, after receiving the request of the client B, the client A sends a response to the client B; and after receiving the response, the client B ends the NAT traversal process.
Further, in step S2, when the NAT type of the client a is full cone type or IP restricted cone type, and the NAT type of the client B is other types except blocking type, the traversal process is as follows:
s271, client A binding PortA2Mapping IP address IP to BB2_reflexAny 1 Port on, where Port sends the requestA2Port corresponding to client AX2Port, IPB2_reflexMapping IP address IP corresponding to client BX2_reflex(ii) a After the client A sends a request, monitoring the port and waiting for the request of the client B;
s272, mapping address IP from client B to client AA2_reflex:PortA2_SP2Sending a request in which IPA2_reflex:PortA2_SP2Mapping address IP corresponding to client AX2_reflex:PortX2_SP2(ii) a If the client A does not receive the request of the client B after overtime, the NAT traversal fails;
s273, after receiving the request of the client B, the client A sends a response to the client B; and after the client B receives the response, the traversing process is ended.
Compared with the prior art, the invention has the following advantages and effects:
1. the method greatly improves the success rate of the symmetric NAT penetration, in particular to the success rate under the scene of port limited conical or firewall type-increment symmetric type, port limited conical or firewall type-random symmetric type, increment symmetric type-increment symmetric type and random symmetric type-increment symmetric type;
2. according to different network topologies and NAT equipment types, different NAT traversal modes are adopted, so that the method has stronger adaptability;
3. different from the NAT type detection flow in the traditional STUN protocol, the STUN server only needs 1 IP address in the method.
Drawings
Fig. 1 is a flowchart of a NAT traversal method according to an embodiment of the present invention;
fig. 2 is a schematic system structure diagram of a NAT traversal method according to an embodiment of the present invention;
FIG. 3 is a flow diagram of NAT type probing;
fig. 4 is a schematic diagram of port restricted cone or firewall-incremental symmetric NAT traversal;
FIG. 5 is a schematic diagram of port restricted cone or firewall-random symmetric NAT traversal;
fig. 6 is a schematic diagram of incremental symmetric-incremental symmetric NAT traversal;
fig. 7 is a schematic diagram of random-incremental symmetric NAT traversal.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
As shown in fig. 1, the present embodiment discloses a NAT traversal method, and as shown in fig. 2, an application system of the method includes a server and a client; the server comprises three modules of an NAT traversing server, an STUN server and a transfer server; the client comprises an NAT type detection module and an NAT traversal module; the server is deployed in the public network.
As shown in fig. 1, a flowchart of a Network Address Translation (NAT) traversal method according to an embodiment of the present invention is shown. The method comprises the following steps:
step S1, NAT type detection stage: at this stage, the client performs NAT type detection by means of the STUN server and sends the detection result to the NAT traversal server.
Step S2, NAT traversal stage: after the NAT traversal server receives the NAT type detection results of the two communication client sides, the NAT traversal server can determine different NAT traversal strategies according to the information, and then the NAT traversal strategies and the NAT type, the host address and the mapping address of the opposite client side, the port increment delta P of the increment symmetric type NAT and the maximum value P of the measurement port of the local random symmetric type or global random symmetric type NAT are usedmaxAnd minimum value PminSending the data to the client of the other party; after receiving the NAT traversal strategy and the related information, the client sides of the two parties carry out NAT traversal according to the strategy; and if the NAT traversal fails, forwarding by adopting a transit server.
In step S1, the client needs to probe the NAT type; in the NAT type detection flow of the method, the STUN server only needs 1 IP address unlike the standard STUN protocol; the detected NAT types comprise a blocking type, an opening type, a firewall type, a full cone type or an IP limiting cone type, a port limiting cone type, an increment symmetry type, a local random symmetry type and a global random symmetry type, wherein the full cone type and the IP limiting cone type are not distinguished in the detection method;
different from the traditional detection process, in the NAT type detection process of the method, the REQUEST sent by the client to the STUN server does not require the STUN server to CHANGE the IP address for sending the response, and the CHANGE IP bit of the CHANGE-REQUEST attribute is set to be 0; the 2 ports of the STUN server are respectively a port SP1 and a port SP2, in the embodiment of the invention, SP1 is 3478, and SP2 is 3479; the specific steps are shown in fig. 3, and include:
step S101, the IP address of the host of the client X is IPX_hostBinding Port of client XX1Port, access SThe 3478 Port of the TUN server obtains the Port from the MAPPE-ADDRESS attribute of the response message returned by the STUN serverX1Accessing mapped address IP of 3478 portX1_reflex:PortX1_3478
Step S102, if overtime does not return, the system is in a blocking type, and the process goes to step S112;
step S103, if IPX1_reflexEqual to IPX_hostChecking whether the door is open or firewall type, namely executing step S104, otherwise executing step S106;
step S104, binding Port of client XX1A port, which accesses the 3478 port of the STUN server again, wherein the CHANGE port bit of the CHANGE-REQUEST attribute in the STUN command REQUEST message is set to 1, and the STUN server is required to return a CHANGE port response through another port 3479;
step S105, if a change port response returned by the STUN server through a different port 3479 is received, it indicates that no NAT is performed, i.e. the STUN server is an open type, otherwise, the STUN server is a firewall type, and step S112 is executed;
step S106, binding Port of client XX1A port, which accesses the 3478 port of the STUN server again, wherein the CHANGE port bit of the CHANGE-REQUEST attribute in the STUN command REQUEST message is set to 1, and the STUN server is required to return a CHANGE port response through another port 3479;
step S107, Port of binding client XX1Port, 3479 Port accessing STUN server, obtaining PortX1Accessing a mapped Port of 3479 portsX1_3479
Step S108, if PortX1_3478Equal to PortX1_3479Explaining that the NAT is a cone type, step S109 is executed to further distinguish which cone type is used; otherwise, if the NAT is a symmetric NAT, step S110 is executed to further distinguish which symmetric NAT is;
step S109, if a change port response returned by the STUN server through the port 3479 is received, it indicates that the NAT is a full cone type or an IP restriction cone type, otherwise, it is a port restriction cone type, and step S112 is executed;
step S110, binding different Pors of client XtX2Port, 3478 Port of STUN Server Access, PortX2Mapped Port Port of Access Port 3478X2_3478(ii) a Port of binding clientX2Port, 3479 Port accessing STUN server, obtaining PortX2Mapped address IP for Access Port 3479X2_reflex:PortX2_3479
Step S111, comparing PortX1_3478,PortX1_3479,PortX2_3478And PortX2_3479A relationship of four;
if PortX1_3479-PortX1_3478=PortX2_3478-PortX1_3479=PortX2_3479-PortX2_3478If the NAT is in an increment symmetric type, the port increment is delta P; if not, the maximum value P of the four ports is calculated as a random symmetry typemaxAnd a minimum value PminIf P ismaxAnd PminIf the difference value of (A) is less than R, judging the local random symmetry type; if the R is larger than the R, the system is in a global random symmetry type; in the embodiment of the invention, R is 1000;
step S112, the client end sets the NAT type and the host address IPX_host:PortX2And mapping address IPX2_reflex:PortX2_3479Sending to NAT traversal server, wherein Port for open type, firewall type or cone type NATX2Get PortX1Value of (2), IPX2_reflex:PortX2_3479Mapping address IPX1_reflex:PortX1_3478And (3) the detection process ends.
In step S2, that is, in the NAT traversal stage, when the NAT type of the client a is the port restriction cone type or the firewall type, and the NAT type of the client B is the incremental symmetry type, as shown in fig. 4, the traversal process is as follows:
step S201, client B binding PortB3Port, sending request to 3478 Port of STUN server to obtain mapping PortB3_3478
Step S202, client B binding PortB3Port, mapping address IP to client AA2_reflex:PortA2_3479A request is sent to the mobile station to request,wherein IPA2_reflex:PortA2_3479Mapping address IP corresponding to client AX2_reflex:PortX2_3479The NAT passes through the server and is sent to the client B; client B then listens to PortB3A port for waiting for a request message of a client A;
step S203, binding Port by client BB3Port for sending request to 3479 Port of STUN server to obtain mapped PortB3_3479(ii) a Client B will PortB3_3478、PortB3_3479And the port increment delta P obtained in the NAT type detection processBSending the data to an NAT traversal server; the NAT traversal server forwards the received message to the client A, and the client A starts NAT traversal after receiving the message;
step S204, binding Port by client AA2Port mapping each predicted Port in Port prediction interval to client B in sequenceBpredSending a request message, wherein PortA2Port corresponding to client AX2Port, PortBpred=PortB3_3478+k*ΔPBK is a positive integer, and PortB3_3478<PortBpred<PortB3_3479
Step S205, when the client B is at the PortB3When receiving the request of the client A, showing that the NAT traversal is successful; mapping Port of client B to client AA2_3479And sending a response to finish the whole flow.
In step S2, when the NAT type of the client a is a port-restricted cone type or a firewall type, and the NAT type of the client B is a local random symmetric type or a global random symmetric type, as shown in fig. 5, the specific traversal process is as follows:
step S211, according to the success crossing probability P set by the systemsThe optimal parameters N and M are calculated by the following formula, where T is the total number of available ports, T65535 and 1024, and N and M are [1, T-]The calculated optimal parameters N and M can reduce the NAT traversal time; in the present embodiment, PsN, calculated as 0.95, M are 427 and 448 respectively;
Figure GDA0002481987820000131
step S212, client B binds N different PortB31、PortB32……PortB3NMapping Port to client A respectivelyA2_3479Sending requests, obtaining N different mapping ports in total, wherein the PortA2_3479Mapping Port corresponding to client AX2_3479The NAT passes through the server and is sent to the client B; then the client B monitors the N ports and waits for the request sent by the client A;
step S213, client A binds local PortA2Port, mapping Port Range to client BB2_3479-M/2+1,PortB2_3479+M/2]M ports within a Port send requests, where the Port sends the requestA2Port corresponding to client AX2Port, PortB2_3479Mapping Port corresponding to client BX2_3479
Step S214, when the client B receives the request of the client A at 1 monitoring port, it shows that the NAT traversal is successful; the client B maps the Port to the client A through the PortA2_3479And sending a response, and finishing the traversing process.
In step S2, when the NAT types of the two clients are both incremental symmetric types, the process shown in fig. 6 is used to perform NAT traversal, and the specific steps are as follows:
step S221, client B binds PortB3Sending a request to the 3478 Port of the STUN server to obtain a mapping PortB3_3478
Step S222, client B binding PortB3Mapping N predicted ports within a Port prediction interval to client A sequentiallyApredSending a request; then monitoring the ports, and waiting for a request message sent by the client A; wherein, PortApred=PortA2_3479+(k+Offset)*ΔPAK is [1, N]Positive integers in the range, Offset is a natural number more than or equal to 0, and is used for avoiding an invalid port of the estimated NAT equipment of the client A; port (Port)A2_3479Mapping port corresponding to client APortX2_3479,ΔPAThe parameters are port increment of NAT equipment of the client A and are sent to the client B through an NAT traversal server; in the embodiment of the invention, N is 50, and Offset is 10;
step S223, client B binding PortB3Sending a request to the 3479 Port of the STUN server to obtain a mapping PortB3_3479Client B will PortB3_3478N, Offset and Port increment Δ PBSending the NAT traversal request to an NAT traversal server, forwarding the NAT traversal request to a client A by the NAT traversal server, and starting NAT traversal after the client A receives the NAT traversal request;
step S224, client A binding PortA3Sending a request to the 3479 Port of the STUN server to obtain a mapping PortA3_3479(ii) a Determining PortA3_3479Whether or not to be greater than or equal to PortA2_3479+Offset*ΔPAIf the condition is not satisfied, the client A updates the local PortA3Resending the request to the 3479 Port of the STUN server for other different values, and updating the mapping PortA3_3479Repeating the above process until the mapping port satisfies the above condition; to reduce the impact of other processes or other clients on NAT device port assignment, client B's 1 st predicted port is calculated according to the following formula:
Figure GDA0002481987820000151
step S225, client A binding PortA3Mapping N predicted ports within a Port prediction interval to client B sequentiallyBpredSending a request in which PortBpred=PortBpred_1+2*k*ΔPBK is [0, N-1 ]]A natural number within the range;
step S226, when the client B receives the request of the client A at one of the monitoring ports, the NAT traversal is successful; and the client B sends a response to the client A, and the whole process is finished.
In step S2, when the NAT type of the client a is a local random symmetric type or a global random symmetric type, and the NAT type of the client B is an incremental symmetric type, as shown in fig. 7, the specific traversal process is as follows:
step S231, client B binds PortB3Port, sending request to 3478 Port of STUN server to obtain mapping PortB3_3478
Step S232, client B binds N different local ports, and maps Port to client A' S forecast mapping Port in turnApredSending a request in which PortApredIs (P)max,Pmin) An integer randomly selected within the range; in the embodiment of the invention, N is 5;
step S233, client B binds PortB3Port for sending request to 3479 Port of STUN server to obtain mapped PortB3_3479(ii) a Client B will PortB3_3478And PortB3_3479Sending the NAT traversal request to an NAT traversal server, forwarding the NAT traversal request to a client A by the NAT traversal server, and starting NAT traversal after the client A receives the NAT traversal request;
step S234, client A binds local PortA3Mapping each predicted Port within a Port prediction interval to client B sequentiallyBpredSending a request message, wherein PortBpred=PortB3_3478+k*ΔPBK is a positive integer, and PortB3_3478<PortBpred<PortB3_3479
Step S235, when the client B receives the request of the client A, the NAT traversal is successful; the client B sends a response to the client A, and the traversing process is ended;
step S236, if the client A does not receive the response of the client B after time-out, the local Port is updatedA3If the value is different, returning to step S234 to retry, and retrying for Try times; in the present embodiment, Try is (P)max-Pmin) The smaller of the rounded value of/N and R.
In step S2, when the IP addresses of both clients are mappedX2_reflexSimilarly, and the host IP addresses of the two clients are different from the corresponding mapping IP addresses, it can be determined that the two clients are under the same NAT device, and the specific direct traversal process is as follows:
step S241, client A sends host address IP of client BB_host:PortB2Sending a request, IPB_host:PortB2Host address IP corresponding to client BX_host:PortX2The NAT passes through the server and is sent to the client A;
step S242, the client B receives the request packet sent by the client A and obtains the source address of the request packet; after obtaining the source address of the request packet, the client B sends a request to the address, and then the process goes to step S243; if the client B does not receive the request packet after timeout, go to step S244;
step S243, after receiving the request of the client B, the client A sends a response to the client B; if the client B receives the response, the direct traversing process is finished;
step S244, the client B sends the host address IP of the client A to the client BA_host:PortA2Sending a request, IPA_host:PortA2Host address IP corresponding to client AX_host:PortX2The NAT passes through the server and is sent to the client B;
step S245, the client A receives the request packet sent by the client B and obtains the source address of the request packet; after obtaining the source address of the request packet, the client a sends a request to the address, and then the process goes to step S246; if the client A does not receive the request packet after overtime, the direct NAT traversal fails, and the clients of the two parties can be regarded as different NAT devices and try again to perform NAT traversal by adopting a corresponding traversal strategy according to the NAT type;
step S246, after receiving the request of the client A, the client B sends a response to the client A; if the client A receives the response, the direct traversal process ends.
In step S2, when the NAT types of both clients are both port restricted cone type or firewall type, the method includes the steps of:
step S251, client A binding PortA2Mapping an address IP to client BB2_reflex:PortB2_3479Sending a request in which PortA2Port corresponding to client AX2Port, IPB2_reflex:PortB2_3479Corresponding clientB mapping address IPX2_reflex:PortX2_3479The NAT passes through the server and is sent to the client A; because the client B does not actively send a request to the client A, the mapping does not exist in the NAT equipment of the client B, and the request can be intercepted by the NAT equipment of the client B; but leaves this mapping in client a's NAT device; after the client A sends the request, the port is monitored, and the request of the client B is waited.
Step S252, client B binding PortB2Mapping an address IP to a client AA2_reflex:PortA2_3479Sending a request in which PortB2Port corresponding to client BX2Port, IPA2_reflex:PortA2_3479Mapping address IP corresponding to client AX2_reflex:PortX2_3479The NAT passes through the server and is sent to the client B; in step S251, the NAT device of the client a has already established a corresponding mapping, so the request of the client B can reach the client a; if the client A does not receive the request of the client B after overtime, the NAT traversal fails.
Step S253, after receiving the request of the client B, the client a sends a response to the client B, and since the NAT device of the client B has established the corresponding mapping in step S252, the client B can receive the response from the client a, and the process is ended after receiving the response; if the client B does not receive the response after time out, the NAT traversal fails.
In step S2, when the NAT type of the client a is other than the blocking type, the NAT type of the client B is the open type, and there is no NAT device, a "reverse connection" policy may be adopted, the client a first initiates a request, and the traversal process is as follows:
step S261, mapping address IP of client A to BB2_reflex:PortB2_3479Sending a request in which IPB2_reflex:PortB2_3479Mapping address IP corresponding to client BX2_reflex:PortX2_3479(ii) a The mapping is left in the NAT equipment of the client A, and the client A monitors the port after sending a request and waits for the request of the client B;
step S262, the client B receives the request packet sent by the client A and obtains the source address of the request packet; after obtaining the source address of the request packet, the client B sends a request to the address; if the client B does not receive the request packet after overtime, the NAT traversal fails;
step S263, after receiving the request of the client B, the client A sends a response to the client B; and after the client B receives the response, the traversing process is ended.
In step S2, when the NAT type of the client a is full cone type or IP restricted cone type, and the NAT type of the client B is other types except blocking type, the traversal process is as follows:
step S271, client A binding PortA2Mapping IP address IP to BB2_reflexAny 1 Port on, where Port sends the requestA2Port corresponding to client AX2Port, IPB2_reflexMapping IP address IP corresponding to client BX2_reflexThe NAT passes through the server and is sent to the client A; the request may be intercepted by the NAT device of client B, but the mapping will be left in the NAT device of client a; after the client A sends a request, monitoring the port and waiting for the request of the client B;
step S272, mapping address IP from client B to client AA2_reflex:PortA2_3479Sending a request in which IPA2_reflex:PortA2_3479Mapping address IP corresponding to client AX2_reflex:PortX2_3479The NAT passes through the server and is sent to the client B; in step S271, the NAT device of the client a has already established a corresponding mapping, so the request of the client B can reach the client a; if the client A does not receive the request of the client B after overtime, the NAT traversal fails.
Step S273, after receiving the request of the client B, the client A sends a response to the client B; and after the client B receives the response, the traversing process is ended.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (9)

1. A NAT traversing method is applied to a system formed by a server and a client, wherein the server is deployed on a public network and comprises an NAT traversing server, a STUN server and a transit server, and the client comprises an NAT type detection module and an NAT traversing module, and is characterized by comprising the following steps:
s1, NAT type detection stage: the client side carries out NAT type detection by means of the STUN server and sends a detection result to the NAT traversal server, wherein the NAT type comprises a blocking type, an open type, a firewall type, a full cone type, an IP limiting cone type, a port limiting cone type, an incremental symmetry type, a local random symmetry type and a global random symmetry type; wherein, the STUN server includes 1 IP address and 2 ports, wherein, 2 ports are respectively port SP1 and port SP2, and the procedure of step S1 is as follows:
s101, the IP address of the host of the client X is IPX_hostBinding Port of client XX1Port SP1 of access STUN server, obtaining Port from response message returned from STUN serverX1Mapped address IP of access port SP1X1_reflex:PortX1_SP1
S102, if the overtime does not return, the system is in a blocking type, and the step S112 is entered;
s103, if IPX1_reflexEqual to IPX_hostChecking whether the door is open or firewall type, namely executing step S104, otherwise executing step S106;
s104, Port of binding client XX1A port SP1 of the STUN server is accessed again, the CHANGE port bit of the CHANGE-REQUEST attribute in the STUN command REQUEST message is set to be 1, and the STUN server is required to return a CHANGE port response through another port SP 2;
s105, if a change port response returned by the STUN server through a different port SP2 is received, the result shows that no NAT is converted, namely the STUN is an open type, otherwise, the result shows that the STUN is a firewall type, and the step S112 is executed;
s106, Port of binding client XX1A port SP1 of the STUN server is accessed again, the CHANGE port bit of the CHANGE-REQUEST attribute in the STUN command REQUEST message is set to be 1, and the STUN server is required to return a CHANGE port response through another port SP 2;
s107, Port of binding client XX1Port, Port SP2 of access STUN server, obtain PortX1Mapped Port Port of Access Port SP2X1_SP2
S108, if PortX1_SP1Equal to PortX1_SP2Explaining that the NAT is a cone NAT, step S109 is executed to further distinguish which cone NAT is the NAT; otherwise, if the NAT is a symmetric NAT, step S110 is executed to further distinguish which symmetric NAT is;
s109, if a change port response returned by the STUN server through the port SP2 is received, the NAT is described as a full cone type or an IP restriction cone type, otherwise, the NAT is described as a port restriction cone type, and the step S112 is executed;
s110, binding different ports of client XX2Port, Port SP1 of access STUN server, obtain PortX2Mapped Port Port of Access Port SP1X2_SP1(ii) a Port of binding clientX2Port, Port SP2 of access STUN server, obtain PortX2Mapped address IP of access port SP2X2_reflex:PortX2_SP2
S111, compare PortX1_SP1,PortX1_SP2,PortX2_SP1And PortX2_SP2A relationship of four;
if PortX1_SP2-PortX1_SP1=PortX2_SP1-PortX1_SP2=PortX2_SP2-PortX2_SP1If the NAT is in an increment symmetric type, the port increment is delta P; if not, the maximum value P of the four ports is calculated as a random symmetry typemaxAnd a minimum value PminIf P ismaxAnd PminIf the difference value of (A) is less than R, judging the local random symmetry type; if the R is larger than the R, the system is in a global random symmetry type;
S112、client side IP NAT type and host addressX_host:PortX2And mapping address IPX2_reflex:PortX2_SP2Sending to NAT traversal server, wherein Port for open type, firewall type or cone type NATX2Get PortX1Value of (2), IPX2_reflex:PortX2_SP2Mapping address IPX1_reflex:PortX1_SP1The detection process is ended;
s2, NAT traversal stage: after the NAT traversal server receives the NAT type detection results of the two communication client sides, the NAT traversal server determines different NAT traversal strategies, and then the NAT traversal strategies and the NAT type, the host address and the mapping address of the opposite client side, the port increment delta P of the increment symmetric NAT, the maximum value P of the measurement port of the local random symmetric type or the global random symmetric type NAT are usedmaxAnd a minimum value PminSending the data to the client of the other party; after receiving the NAT traversal strategy and the related information, the client sides of the two parties carry out NAT traversal according to the received NAT traversal strategy; and if the NAT traversal fails, forwarding by adopting a transit server.
2. The method according to claim 1, wherein in step S2, when the NAT type of the client a is a port restriction cone type or a firewall type, and the NAT type of the client B is an incremental symmetry type, the traversal process is as follows:
s201, client B binding PortB3Port, sending request to Port SP1 of STUN server to obtain mapping PortB3_SP1
S202, binding Port by client BB3Port, mapping address IP to client AA2_reflex:PortA2_SP2Sending a request in which IPA2_reflex:PortA2_SP2Mapping address IP corresponding to client AX2_reflex:PortX2_SP2The NAT passes through the server and is sent to the client B; client B then listens to PortB3A port for waiting for a request message of a client A;
s203, binding Port by client BB3Port, sends a request to port SP2 of the STUN server,get mapped PortB3_SP2(ii) a Client B will PortB3_SP1、PortB3_SP2And the port increment delta P obtained in the NAT type detection processBSending the data to an NAT traversal server; the NAT traversal server forwards the received message to the client A, and the client A starts NAT traversal after receiving the message;
s204, binding Port by client AA2Port mapping each predicted Port in Port prediction interval to client B in sequenceBpredSending a request message, wherein PortA2Port corresponding to client AX2Port, PortBpred=PortB3_SP1+k*ΔPBK is a positive integer, and PortB3_SP1<PortBpred<PortB3_SP2
S205, when the client B is at the PortB3When receiving the request of the client A, showing that the NAT traversal is successful; mapping Port of client B to client AA2_SP2And sending a response to end the NAT traversal process.
3. The method according to claim 1, wherein in step S2, when the NAT type of the client a is a port-restricted cone type or a firewall type, and the NAT type of the client B is a local random symmetric type or a global random symmetric type, the traversal process is as follows:
s211, according to the success crossing probability P set by the systemsThe optimal parameters N and M are calculated by the following formula, where T is the total number of available ports, T65535 and 1024, and N and M are [1, T-]The calculated optimal parameters N and M can reduce the NAT traversal time;
Figure FDA0002481987810000041
s212, client B binds N different PortB31、PortB32……PortB3NMapping Port to client A respectivelyA2_SP2Sending requests, obtaining N different mapping ports in total, wherein the PortA2_SP2Mapping Port corresponding to client AX2_SP2The NAT passes through the server and is sent to the client B; then the client B monitors the N ports and waits for the request sent by the client A;
s213, client A binds local PortA2Port, mapping Port Range to client BB2_SP2-M/2+1,PortB2_SP2+M/2]M ports within a Port send requests, where the Port sends the requestA2Port corresponding to client AX2Port, PortB2_SP2Mapping Port corresponding to client BX2_SP2
S214, when the client B receives the request of the client A at 1 monitoring port, the NAT traversal is successful; the client B maps the Port to the client A through the PortA2_SP2And sending a response to end the NAT traversal process.
4. The method according to claim 1, wherein in step S2, when the NAT types of the clients of both parties are incremental symmetric types, the traversal process is as follows:
s221, client B binding PortB3Sending a request to Port SP1 of the STUN server to obtain a mapping PortB3_SP1
S222, client B binding PortB3Mapping N predicted ports within a Port prediction interval to client A sequentiallyApredSending a request; then monitoring the ports, and waiting for a request message sent by the client A; wherein, PortApred=PortA2_SP2+(k+Offset)*ΔPAK is [1, N]Positive integers in the range, Offset is a natural number more than or equal to 0, and is used for avoiding an invalid port of the estimated NAT equipment of the client A; port (Port)A2_SP2Mapping Port corresponding to client AX2_SP2,ΔPAThe parameters are port increment of NAT equipment of the client A and are sent to the client B through an NAT traversal server;
s223, client B binding PortB3Sending a request to Port SP2 of the STUN server to obtain a mapping PortB3_SP2Client B will PortB3_SP1N, Offset and endIncrement of mouth Δ PBSending the NAT traversal request to an NAT traversal server, forwarding the NAT traversal request to a client A by the NAT traversal server, and starting NAT traversal after the client A receives the NAT traversal request;
s224, client A binding PortA3Sending a request to Port SP2 of the STUN server to obtain a mapping PortA3_SP2(ii) a Determining PortA3_SP2Whether or not to be greater than or equal to PortA2_SP2+Offset*ΔPAIf the condition is not satisfied, the client A updates the local PortA3For other different values, the request is sent to Port SP2 of the STUN server again to update the mapping PortA3_SP2Repeating the above process until the mapping port satisfies the above condition; to reduce the impact of other processes or other clients on NAT device port assignment, client B's 1 st predicted port is calculated according to the following formula:
Figure FDA0002481987810000051
s225, client A binding PortA3Mapping N predicted ports within a Port prediction interval to client B sequentiallyBpredSending a request in which PortBpred=PortBpred_1+2*k*ΔPBK is [0, N-1 ]]A natural number within the range;
s226, when the client B receives the request of the client A at 1 monitoring port, indicating that the NAT traversal is successful; and the client B sends a response to the client A to finish the NAT traversal process.
5. The method according to claim 1, wherein in step S2, when the NAT type of the client a is a local random symmetric type or a global random symmetric type, and the NAT type of the client B is an incremental symmetric type, the traversal process is as follows:
s231, client B binding PortB3Port, sending request to Port SP1 of STUN server to obtain mapping PortB3_SP1
S232, binding N local different ports by the client B, and sequentially mapping the ports to the prediction mapping end of the client APort PortApredSending a request in which PortApredIs (P)max,Pmin) An integer randomly selected within the range;
s233, binding Port to client BB3Port, sending request to Port SP2 of STUN server to obtain mapping PortB3_SP2(ii) a Client B will PortB3_SP1And PortB3_SP2Sending the NAT traversal request to an NAT traversal server, forwarding the NAT traversal request to a client A by the NAT traversal server, and starting NAT traversal after the client A receives the NAT traversal request;
s234, client A binds local PortA3Mapping each predicted Port within a Port prediction interval to client B sequentiallyBpredSending a request message, wherein PortBpred=PortB3_SP1+k*ΔPBK is a positive integer,. DELTA.PBIs Port increment, and PortB3_SP1<PortBpred<PortB3_SP2
S235, when the client B receives the request of the client A, showing that the NAT traversal is successful; the client B sends a response to the client A, and the NAT traversal process is ended;
s236, if the client A does not receive the response of the client B after time-out, the local Port is updatedA3And returning to the step S234 for retries for other different values, and retrying for Try times in total.
6. The method according to claim 1, wherein in step S2, when the mapping IP addresses of the two clients are IP addresses, the method further comprisesX2_reflexAnd the host IP addresses and the corresponding mapping IP addresses of the two client sides are different, the two client sides are judged to be under the same NAT equipment, and the traversing process is as follows:
s241, the host address IP from the client A to the client BB_host:PortB2Sending a request, IPB_host:PortB2Host address IP corresponding to client BX_host:PortX2The NAT passes through the server and is sent to the client A;
s242, the client B receives the request packet sent by the client A and obtains a source address of the request packet; after obtaining the source address of the request packet, the client B sends a request to the address, and then the process goes to step S243; if the client B does not receive the request packet after timeout, go to step S244;
s243, after receiving the request of the client B, the client A sends a response to the client B; if the client B receives the response, the direct traversing process is finished;
s244, the host address IP from the client B to the client AA_host:PortA2Sending a request, IPA_host:PortA2Host address IP corresponding to client AX_host:PortX2The NAT passes through the server and is sent to the client B;
s245, the client A receives the request packet sent by the client B and obtains the source address of the request packet; after obtaining the source address of the request packet, the client a sends a request to the address, and then the process goes to step S246; if the client A does not receive the request packet after overtime, the direct NAT traversal fails, and the clients of the two parties can be regarded as different NAT devices and try again to perform NAT traversal by adopting a corresponding traversal strategy according to the NAT type;
s246, after receiving the request of the client A, the client B sends a response to the client A; and if the client A receives the response, ending the direct NAT traversal process.
7. The method according to claim 1, wherein in step S2, when the NAT types of both clients are both port-restricted cone type or firewall type, the traversal process is as follows:
s251, client A binding PortA2Mapping an address IP to client BB2_reflex:PortB2_SP2Sending a request in which PortA2Port corresponding to client AX2Port, IPB2_reflex:PortB2_SP2Mapping address IP corresponding to client BX2_reflex:PortX2_SP2The NAT passes through the server and is sent to the client A; after the client A sends a request, monitoring the port and waiting for the request of the client B;
s252, client B binding PortB2Mapping to client AAddress IPA2_reflex:PortA2_SP2Sending a request in which PortB2Port corresponding to client BX2Port, IPA2_reflex:PortA2_SP2Mapping address IP corresponding to client AX2_reflex:PortX2_SP2The NAT passes through the server and is sent to the client B; if the client A does not receive the request of the client B after overtime, the NAT traversal fails;
s253, after receiving the request of the client B, the client A sends a response to the client B, and after receiving the response, the client B finishes the NAT traversal process; if the client B does not receive the response after time out, the NAT traversal fails.
8. The method according to claim 1, wherein in step S2, when the NAT type of the client a is other than blocking type, the client B is open type, and there is no NAT device, the traversal process is as follows:
s261, mapping address IP of client A to BB2_reflex:PortB2_SP2Sending a request in which IPB2_reflex:PortB2_SP2Mapping address IP corresponding to client BX2_reflex:PortX2_SP2(ii) a After the client A sends a request, monitoring the port and waiting for the request of the client B;
s262, the client B receives the request packet sent by the client A and obtains the source address of the request packet; after obtaining the source address of the request packet, the client B sends a request to the address; if the client B does not receive the request packet after overtime, the NAT traversal fails;
s263, after receiving the request of the client B, the client A sends a response to the client B; and after receiving the response, the client B ends the NAT traversal process.
9. The method according to claim 1, wherein in step S2, when the NAT type of the client a is full cone type or IP restricted cone type, and the NAT type of the client B is other types except blocking type, the traversal process is as follows:
s271, binding end of client APort PortA2Mapping IP address IP to BB2_reflexAny 1 Port on, where Port sends the requestA2Port corresponding to client AX2Port, IPB2_reflexMapping IP address IP corresponding to client BX2_reflex(ii) a After the client A sends a request, monitoring the port and waiting for the request of the client B;
s272, mapping address IP from client B to client AA2_reflex:PortA2_SP2Sending a request in which IPA2_reflex:PortA2_SP2Mapping address IP corresponding to client AX2_reflex:PortX2_SP2(ii) a If the client A does not receive the request of the client B after overtime, the NAT traversal fails;
s273, after receiving the request of the client B, the client A sends a response to the client B; and after the client B receives the response, the traversing process is ended.
CN201910279103.9A 2019-04-09 2019-04-09 NAT traversal method Active CN110113439B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910279103.9A CN110113439B (en) 2019-04-09 2019-04-09 NAT traversal method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910279103.9A CN110113439B (en) 2019-04-09 2019-04-09 NAT traversal method

Publications (2)

Publication Number Publication Date
CN110113439A CN110113439A (en) 2019-08-09
CN110113439B true CN110113439B (en) 2020-09-22

Family

ID=67483825

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910279103.9A Active CN110113439B (en) 2019-04-09 2019-04-09 NAT traversal method

Country Status (1)

Country Link
CN (1) CN110113439B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830454B (en) * 2019-10-22 2020-11-17 远江盛邦(北京)网络安全科技股份有限公司 Security equipment detection method for realizing TCP protocol stack information leakage based on ALG protocol
CN112019641B (en) * 2020-10-19 2021-01-15 腾讯科技(深圳)有限公司 Data transmission method and device
CN113242325B (en) * 2021-04-08 2022-01-21 华南理工大学 UDP (user Datagram protocol) traversal method of incremental symmetric NAT (network Address translation)
WO2023071382A1 (en) * 2021-10-26 2023-05-04 华为技术有限公司 Method and apparatus for determining nat traversal policy
CN116708358B (en) * 2022-10-31 2024-04-05 荣耀终端有限公司 P2P traversing method, device and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968226A (en) * 2006-04-18 2007-05-23 华为技术有限公司 Method for crossing network address conversion in point-to-point communication
CN107580081A (en) * 2017-09-18 2018-01-12 北京奇艺世纪科技有限公司 A kind of NAT penetrating methods and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7801059B2 (en) * 2007-04-20 2010-09-21 Panasonic Corporation IP communication apparatus and NAT type determination method by the same
CN101938532B (en) * 2010-09-17 2013-07-24 北京神州泰岳软件股份有限公司 UDP-based method and system for penetrating through NAT equipment
CN103795819B (en) * 2014-01-27 2017-02-01 宁波键一生物科技有限公司 Inter-terminal data transmission method based on NAT in P2P application
CN105141711B (en) * 2015-08-24 2019-03-26 北京息通网络技术有限公司 A kind of Symmetric NAT traversing method and system based on big data analysis

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968226A (en) * 2006-04-18 2007-05-23 华为技术有限公司 Method for crossing network address conversion in point-to-point communication
CN107580081A (en) * 2017-09-18 2018-01-12 北京奇艺世纪科技有限公司 A kind of NAT penetrating methods and device

Also Published As

Publication number Publication date
CN110113439A (en) 2019-08-09

Similar Documents

Publication Publication Date Title
CN110113439B (en) NAT traversal method
US10009230B1 (en) System and method of traffic inspection and stateful connection forwarding among geographically dispersed network appliances organized as clusters
US8055771B2 (en) Network traversal method for establishing connection between two endpoints and network communication system
US8149851B2 (en) Mediated network address translation traversal
US7760744B1 (en) Media path optimization for multimedia over internet protocol
JP4417417B2 (en) How to establish a peer-to-peer connection
US20030018914A1 (en) Stateful packet forwarding in a firewall cluster
US8364847B2 (en) Address management in a connectivity platform
CN105141711A (en) Symmetrical NAT traversal method and system based on big data analysis
US20010056499A1 (en) Method of and device for deciding network address, and computer product
CN110062064A (en) A kind of Address Resolution Protocol ARP request message response method and device
CN112437168B (en) Intranet penetration system
CN110838935B (en) High-availability SDN controller clustering method, system, storage medium and equipment
CN115914164A (en) Tunnel connection method and device, electronic equipment and storage medium
US20120300776A1 (en) Method for creating virtual link, communication network element, and ethernet network system
US7474660B1 (en) MAC address extension to maintain router information in source routed computer networks
WO2011044810A1 (en) Method, device and system for implementing multiparty communication
TWI291819B (en) Apparatus and method for establishing network
CN111866216A (en) NAT equipment detection method and system based on wireless network access point
US8068434B2 (en) Network infrastructure capability detection
CN115022280B (en) NAT detection method, client and system
CN113242325B (en) UDP (user Datagram protocol) traversal method of incremental symmetric NAT (network Address translation)
CN112751946B (en) Tunnel establishment method, device, equipment and computer readable storage medium
CN103957152B (en) IPv4 and IPv6 network communication method and NAT-PT gateway
CN115361337B (en) Communication method and system based on communication route and star network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant