JP4602247B2 - Communication method - Google Patents

Description

  The present invention relates to a communication method for performing P2P communication from a computer connected to a network device having a NAT function.

  In recent years, with the increase of host computers connected to the Internet, the problem of lack of IP (Internet Protocol) addresses has become prominent. Therefore, a NAT (Network Address Translator) function is used as one method for solving the shortage of IP addresses. The NAT function performs communication between a host computer having a private address (private IP address) in a local area network (LAN) that is a closed network and a host computer having a global address (global IP address) in the Internet. Therefore, address conversion is performed. As an extended function of NAT, a network address port translation (NAPT) function is also known and used. The NAPT function is also called IP masquerading, and is a technology that allows a plurality of host computers to be shared using a single global IP address by changing the private IP address and port number. In the present specification, hereinafter, NAT and NAPT are collectively referred to as NAT.

  In addition, the use of applications using P2P (peer to peer) type communication such as online games and video chats (hereinafter referred to as P2P applications) is increasing. P2P type communication directly communicates between terminals without going through a server. In order to use a P2P application in a connection environment using the NAT function, STUN (see Non-Patent Document 1, for example) technology that is a standard of IETF (Internet Engineering Task Force) is known.

  Further, there is a document disclosing a communication method using a network device having a NAT function (see, for example, Patent Document 1).

  However, communication may not be possible between terminals even with the STUN technology. This is because the standard is not stipulated in detail, or the parts to be implemented differ depending on the router. Further, if a firewall that cannot perform UDP (User Datagram Protocol) communication is connected in the middle of the communication path, communication between terminals cannot be performed. That is, when there are two or more terminals that perform communication and a network device (router or the like) having a NAT function is connected between the terminals, the communication cannot be performed (so-called “so-called”). , NAT traversal problem). Alternatively, when a network device (WEB proxy server or the like) having a firewall function is connected between terminals, communication cannot be performed (so-called firewall traversal problem).

  Conventionally, in order to cope with these NAT traversal problems and firewall traversal problems, it is necessary to change the application installed in the terminal by using a commercially available SDK (Software Development Kit) for NAT traversal and firewall traversal. there were. Further, in order to cope with the NAT traversal problem and the firewall traversal problem, it is necessary to change the setting of the router or the like.

  FIGS. 5A, 5B, and 5C are diagrams for explaining a mechanism for NAT traversal of a conventional TCP (Transmission Control Protocol). FIG. 5A is a diagram exemplifying conventional TCP NAT traversal procedures I to III. FIG. 5B is a diagram exemplifying conventional TCP NAT traversal procedures IV to VI. FIG. 5C illustrates a conventional TCP NAT traversal procedure VII to IX. In FIG. 5, it is assumed that the applications installed in the node A 501 and the node B 502 have been changed in advance using commercially available SDKs for NAT traversal and firewall traversal.

In FIG. 5, the conventional TCP NAT traversal is performed in the following procedures I to IX.
I: A STUN request is sent from the port a of the node A 501 to the STUN server 503 (TCP), a response is received, and it is checked to what number of the router 505 the port a is mapped.
II: Based on the result of I and the characteristics of the router 505, the number of ports to be used for communication with the node B 502 is predicted.
III: The socket address predicted in II is notified to the node B 502 through the call control server 504.
IV: A STUN request is sent from the port b of the node B 502 to the STUN server 503 (TCP), a response is received, and it is checked to which number of the router 506 the port b is mapped.
V: The number of ports that should be used for communication with the node A 501 is predicted from the IV result and the characteristics of the router 506.
VI: The socket address predicted by V is notified to the node A 501 through the call control server 504.
VII: Node B 502 sends Syn to the socket address notified from node A 501. The router 505 of the node A 501 considers Syn to be abnormal from the node B 502 and drops it.
VIII: Node B 502 closes the port used to send Syn, reopens it, listens and waits.
IX: Node A 501 sends Syn to the socket address notified from Node B 502. Since the mapping is created in the router 506 of the node B 502 by the VII Syn packet, it reaches the node B 502 and communication is established.

  6A and 6B are explanatory diagrams of port prediction in the procedures II and V of FIG. FIG. 6A is an explanatory diagram for predicting the port of the Fullcone router. FIG. 6B is an explanatory diagram of port prediction of a non-Fullcone router. Port prediction is based on the nature of the router. An important router property in port prediction is the regularity of local ports and ports mapped to routers. The regularity of the mapped port is roughly divided into the following two.

  As shown in FIG. 6A, when the Fullcone router 601 is used, the port number mapped to the router 601 without fail even if connection / disconnection to / from the servers 602 and 603 outside the router 601 is repeated at a certain local port a. It is the same at port b.

  On the other hand, as shown in FIG. 6B, when a non-Fullcone router 604 is used, when a connection / disconnection to / from servers 602 and 603 outside the router 604 is repeated at a certain local port a, the port mapped to the router 604 becomes a port Change from b to port c.

  In the Fullcone router, the port determined by STUN can be used for communication with the peer. Non-Fullcone routers examine the mapping rules and predict the ports used for communication with peers. Many non-Fullcone routers increase or decrease a certain number of port numbers mapped to the router for each session.

Next, Syn-out / Syn-in and state management in procedures VII and VIII of FIG. 5 will be described. In the procedures of VII and VIII over TCP NAT, after sending a syn packet, it waits for a syn packet from the other party. In the normal TCP 3-way handshake, the active open side is
・ Outbound syn
・ Inbound syn-ack
・ Outbound ack
3 packets (inbound and outbound are reversed on the passive open side).

On the other hand, the passive open side over NAT of TCP is
・ Outbound syn (not reach the opponent)
・ Inbound syn
・ Outbound syn-ack
・ Inbound ack
It is performed in the procedure. Some routers manage TCP session state firmly, and inbound syn after outbound syn is regarded as an illegal state transition and may be dropped.

On the active open side,
・ Outbound syn
・ Inbound syn-ack
・ Outbound ack
Since it is performed in the same procedure as a normal 3-way handshake, it is not hindered by the state management of the router.

  When state management is performed on only one router, connection is possible by performing active open side and passive open side on both sides.

JP 2005-117487 A REC3489 “STUN-Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)” March 2003

Here, as a method of connecting between devices in the NAT,
There are three methods: TCP NAT traversal, relay server, and direct communication (if in the same LAN). By trying these in parallel and selecting a communication path, communication with the peer can be started quickly.

  However, since a non-Fullcone router predicts a port to be used for communication with a peer, the predicted port may be mistakenly used before actually starting communication with the peer. Examples are given below with reference to FIGS.

(Example 1) FIGS. 7A and 7B used in the second TCP check for NAT traversal are explanatory diagrams of Example 1 in which a predicted port is mistakenly used. FIG. 7A is an explanatory diagram of the first STUN check. FIG. 7B is an explanatory diagram of the second STUN check. When active open and passive open are performed in parallel to improve the success rate of connection, when the port (1000) mapped to the router 604 is checked by the STUN server 701 as shown in FIG. ) Second STUN check may use the port (1001) predicted by the first check in FIG. 7A.

(Example 2) Connection to relay server FIGS. 8A and 8B are explanatory diagrams of Example 2 in which a predicted port is mistakenly used. FIG. 8A is an explanatory diagram of STUN check. FIG. 8B is an explanatory diagram of connection to the relay server. After checking with the STUN server 801 as shown in FIG. 8A and predicting the port to be used, if the connection to the relay server 802 is performed as shown in FIG. 8B, the predicted port is connected to the relay server 802. It will be used in.

(Example 3) Connection to a partner's local address FIG. 9 is an explanatory diagram of Example 3 in which a predicted port is mistakenly used. When trying to connect to the other party's IP address in a network configuration where direct connection is not possible, the packet reaches the router 604 as a gateway. Depending on the routing table of the router 604, the packet is sent to the upstream router 901, and the port predicted by the STUN check is used.

  Therefore, as shown in Examples 1 to 3 above, there is still room for improvement in the prior art in that the port predicted by the non-Fullcone router is used.

  The present invention has been made in view of such a situation, and an object of the present invention is to provide a communication method capable of establishing a TCP NAT traversal session more reliably in an environment using a non-Fullcone router. It is to provide.

  In order to achieve such an object, a communication method of the present invention (FIGS. 1 to 4) includes a first computer (101) connected to a first router (102) having a NAT function, and a NAT function. In a communication method for performing P2P communication with a second computer (107) connected to a second router (106), the first router and the second router are connected to a relay server. (103) and the STUN server (104), wherein the first computer opens a first endpoint, the first computer connects to the relay server, A second opening step for causing the relay server to open a second endpoint; and from the first computer to the STUN server via the first router. A third open step of opening a third endpoint beyond the TCP NAT that the first router actively opens by sending a request; and the first router predicts from the third endpoint. A fourth open step of opening a fourth endpoint beyond the NAT of the TCP to be passively opened, and the first router is replaced with the second router, and the first computer is replaced with the first computer. A fifth open step in which the second computer performs the fourth open step from the first open step; and the first computer passes through the third endpoint to the second router. A first connection attempt step for performing a connection attempt to the first end; and A second connection trial step for trying to connect to the second router via the terminal, and a first end opened by the second computer in the fifth open step. A third connection attempt step for connecting to a point; and the first computer makes a connection attempt to the second end point that the second computer has opened to the relay server in the fifth open step. A fourth connection trial step to be performed; the second router is replaced with the first router; and the first computer replaces the second computer with the fourth connection trial step to the fourth connection trial step. And a fifth connection trial step for performing the connection trial step.

  In addition, the code | symbol etc. in the figure in embodiment corresponding to the component of a claim are shown by (). However, the constituent elements described in the claims are not limited to the constituent elements in the embodiment of the above () part.

  With the above configuration, the communication system of the present invention executes a connection procedure for preventing the predicted port from being used by itself in an environment using a non-Fullcone router.

  According to the present invention, it is possible to more reliably establish a TCP NAT traversal session in an environment using a non-Fullcone router.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In addition, the same code | symbol is attached | subjected to the location which has the same function in each drawing.

[Device configuration]
FIG. 1 is a communication sequence diagram in the communication system of the present embodiment. As shown in FIG. 1, the communication system of this embodiment includes a LAN including a node A 101 and a router 102, and another LAN including a node B 107 and a router 106, a relay server 103, a STUN server 104, and a call control server 105. Connected and configured by. In FIG. 1, it is assumed that the applications installed in the node A 101 and the node B 107 have been changed in advance using a commercially available SDK for NAT traversal and firewall traversal.

[Description of operation]
In the present embodiment, endpoints (IP addresses) used by peers are classified into the following three types.
(1) Passive endpoint-A type that informs the partner of its own endpoint address and waits for the partner to connect.
Example:
Endpoint listening on TCP.
An endpoint that is waiting on a relay server.
(2) Active endpoint-A type that can be connected if the address of the other endpoint is known.
Example:
Endpoint that connects to the port listening on the peer to which it is connected.
An endpoint that connects to a port listening on a relay server.
(3) Bilateral endpoint-A type that exchanges the addresses of its own and the other's endpoints and cannot connect without knowing the addresses of each other's endpoints.
Example:
An endpoint that needs to exchange addresses for NAT traversal.

With reference to FIG. 1, a procedure for establishing a session between peers by determining the endpoints and trying to connect them will be described. The session establishment between the peers is performed by the following procedures I to VI.
I: (Sequence of area I in FIG. 1) The passive and bilateral endpoints (A, B, C1, C2) of the calling node A101 are generated and initialized to accept the connection from the partner node B107.
II: (Sequence of area II in FIG. 1) The address of the end point (A, B, C1, C2) of the calling node A101 is notified to the partner node B107 through the call control server 105.
III: (Sequence of area III in FIG. 1) The called node B 107 generates a passive, bilateral endpoint and initializes it to accept the connection from the partner node A 101.
IV: (Sequence of area IV in FIG. 1) The address of the endpoint of the called node B 107 is notified to the calling node A 101 through the call control server 105.
V: (Sequence of area V in FIG. 1) Calling node A101 is called to generate active endpoints (a, b) corresponding to passive endpoints of side node B107, and connection attempts are made at all endpoints.
VI: (Sequence of area VI in FIG. 1) The called node B 107 generates active endpoints corresponding to the passive endpoints (A, B) of the calling node A 101, and attempts connection at all endpoints.

  Note that the order of the procedures V and VI does not matter and they need to be executed at close timing.

Hereinafter, among the above-described procedures I to VI, which are characteristic of the present embodiment,
・ Method and order of passive bilateral endpoint address determination (I), and
The order of connection attempts (V) of active bilateral endpoints will be described.

( Method and order of passive bilateral endpoint address determination (I) )
This will be described with reference to FIG. 1 and FIG. FIGS. 2A, 2B, and 2C are diagrams illustrating the flow of address determination. FIG. 2A is a diagram in which binding is performed locally (node A 101). FIG. 2B is a diagram for opening a port in the relay server 103. FIG. 2C is a diagram in which the STUN server 104 connects to perform address prediction.

Passive and bilateral endpoints include the following endpoints, and the procedure for determining addresses is different.
・ A in FIGS. 1 and 2; local (node A101) listening (passive open waiting) endpoint (passive endpoint)
Bind (open the port).
・ B in FIGS. 1 and 2; an endpoint that waits on the relay server 103 (passive endpoint)
Connect to the relay server 103 and have the port of the relay server 103 open.
・ C1 in FIGS. 1 and 2; TCP NAT traversal endpoint (bilateral point) for active open
Send STUN request and predict from the returned response.
・ C2 in Figs. 1 and 2; Passive-open TCP NAT end point (bilateral point)
Prediction is performed again from the address predicted by active open. If you see a tendency that the port number increases by one, use the address that is used for active open plus the port number plus 1 for passive open.
Note that the active open and passive open address prediction methods may be reversed.

Referring to FIGS. 1 and 2, the address determination procedure is performed in the following order.
(1) FIG. 1, FIG. 2 (a): The initialization of the endpoint A listening locally (node A 101) is performed in an arbitrary order.
(2) FIG. 1 and FIG. 2 (b); the endpoint B that waits at the relay server 103 “connects to the relay server 103 before the TCP NAT traversal endpoints (C1, C2) to the STUN server 104. Do it. "
(3) FIG. 1 and FIG. 2 (c): The TCP NAT traversing endpoint C 1 to be actively opened connects to the STUN server 104.

( Active bilateral endpoint connection attempt (V) order )
This will be described with reference to FIG. 1 and FIGS. 3 and 4 are diagrams illustrating the flow of connection trials in order. FIG. 3 (a) is a diagram in which connection attempt of the NAT traversing endpoint that is actively opened is performed. FIG. 3B is a diagram in which a connection attempt is made for an endpoint across NAT that is passively opened. FIG. 4A shows a connection attempt to the other party's local address. FIG. 4B is a diagram in which a connection attempt is made to the relay server opened by the other party.

Here, the active endpoint includes the following endpoints.
In FIG. 1 and FIG. 4, a: an endpoint connected to the local listening endpoint of the partner node B 107 b in FIG. 1, FIG. 4; an endpoint connected to the endpoint that waits at the relay server 103 Referring to FIGS. 1, 3, and 4, the connection trial procedure is performed in the following order.
(1) FIG. 1 and FIG. 3 (a): A connection attempt is made at the NAT traversing endpoint C1 (bilateral point) of the TCP to be actively opened.
(2) FIG. 1 and FIG. 3 (b): A connection attempt is performed at the NAT traversing endpoint C2 (bilateral point) of the TCP that is passively opened.
(3) FIG. 1 and FIGS. 4 (a) and 4 (b); the endpoint a (active endpoint) connected to the endpoint listening at the local node B 107 and the endpoint that waits at the relay server 103. Attempt to connect to endpoint b (active endpoint) connecting to. The order of these two connection attempts is arbitrary.

  When the active open and the passive open are reversed in the address determination (I) initialization procedure described above, the connection trial procedures (1) and (2) need to be reversed.

[Other Embodiments]
In addition to the embodiments described above, the following embodiments can be implemented.
1) The above-mentioned embodiment is an illustration and is not restrictive. Therefore, modifications other than the above-described embodiment are possible. As long as the modification is based on the technical idea of the present invention described in the claims, the modification is within the technical scope of the present invention.

It is a communication sequence diagram in a communication system of an embodiment to which the present invention can be applied. 3A and 3B are diagrams illustrating an example of an address determination flow according to an embodiment to which the present invention can be applied, in which FIG. 1A is a diagram in which binding is performed locally, FIG. FIG. FIG. 2 is a diagram exemplarily illustrating a flow of connection attempts according to an embodiment to which the present invention can be applied, where (a) illustrates a connection attempt of a NAT traversing endpoint that is actively opened, and (b) is a connection of NAT traversing endpoint that is passively opened It is a figure which performs a trial. The figure which illustrated the flow of the connection trial of embodiment which can apply this invention in order, (a) is a figure which performs a connection trial with the other party's local address, (b) is connected with the relay server which the other party opened. It is a figure which performs a trial. 2A and 2B are diagrams illustrating a conventional TCP NAT traversal mechanism, in which FIG. 1A illustrates a conventional TCP NAT traversal procedure I to III, and FIG. 2B illustrates a conventional TCP NAT traversal procedure IV to IV; FIG. 10C is a diagram illustrating the conventional procedures VII to IX for NAT traversal of TCP. 5A and 5B are explanatory diagrams of port prediction in the conventional procedures II and V of FIG. 5, where FIG. 7A is an explanatory diagram of port prediction of a Fullcone router, and FIG. . It is explanatory drawing of the example 1 which makes a mistake using the conventional predicted port, (a) is explanatory drawing of the first STUN check, (b) is explanatory drawing of the second STUN check. It is explanatory drawing of the example 2 which uses the port which the conventional prediction was mistakenly, (a) is explanatory drawing of the check of STUN, (b) is explanatory drawing of the connection to a relay server. It is explanatory drawing of the example 3 which makes a mistake and utilizes the conventional estimated port.

Explanation of symbols

101 Node A
102, 106 Router 103 Relay server 104 STUN server 105 Call control server 107 Node B

Claims (3)

In a communication method for performing P2P communication between a first computer connected to a first router having a NAT function and a second computer connected to a second router having a NAT function,
The first router and the second router are connected to a relay server and a STUN server;
A first opening step in which the first computer opens a first endpoint;
A second open step in which the first computer connects to the relay server and causes the relay server to open a second endpoint;
By sending a request from the first computer to the STUN server via the first router, the third router opens a third endpoint over the TCP NAT that the first router actively opens. Open step and
A fourth open step in which the first router opens a fourth endpoint beyond the NAT of the TCP to passively open by predicting from the third endpoint;
A fifth open step in which the first router is replaced with the second router, and the second computer performs the fourth open step from the first open step in place of the first computer; ,
A first connection attempt step in which the first computer attempts to connect to the second router via the third endpoint;
A second connection attempt step in which the first computer attempts to connect to the second router via the fourth endpoint;
A third connection attempt step in which the first computer attempts connection to the first endpoint opened by the second computer in the fifth open step;
A fourth connection trial step in which the first computer attempts to connect to a second endpoint that the second computer has opened to the relay server in the fifth open step;
A fifth connection in which the second router is replaced with the first router, and the first computer performs the fourth connection trial steps from the first connection trial step to the second computer. A communication method comprising: a trial step. The communication method according to claim 1, wherein the first open step is performed in an arbitrary order from the second open step to the fourth open step. The communication method according to claim 1 or 2, wherein the endpoint opened in the third open step is changed to passive open, and the endpoint opened in the fourth open step is changed to active open.

Images