nat/firewall 穿越技术
DESCRIPTION
NAT/Firewall 穿越技术. 常见的 NAT 种类. Full Cone Restricted Cone Port Restricted Cone Symmetric NAT. Full Cone. Restricted Cone(1/2). Restricted Cone(2/2). Port Restricted Cone. Symmetric NAT. NAT Detection Flow. 防火牆造成的問題. NAT 造出的问题. NAT/Firewall 穿越技术. IPV6(Internet Protocol Version 6) - PowerPoint PPT PresentationTRANSCRIPT
NAT/Firewall 穿越技术
常见的 NAT 种类
Full Cone Restricted Cone Port Restricted Cone Symmetric NAT
Full Cone
Restricted Cone(1/2)
Restricted Cone(2/2)
Port Restricted Cone
Symmetric NAT
NAT Detection Flow
防火牆造成的問題
NAT 造出的问题
NAT/Firewall 穿越技术
IPV6(Internet Protocol Version 6) UPnP(Universal Plug and Play) TRUN(Traversal Using Relay NAT) ALG(Application Layer Gatewqy) ICE(Interactive Connectivity Establish) STUN(Simple Traversal of UDP
Through Netwoek Address Translators)
UPnP
Universal Plug and Play
It's being pushed by Microsoft
A UPnP-aware client can ask the UPnP-enabled NAT how it would map a particular IP:port through UPnP
UPnP Operation
STUN(1/2)
Simple Traversal of UDP Through Network Address Translators
需要在 NAT 外部架设 STUN Server Client 端需有特殊的 STUN Client 功能 无法穿透 symmetric NAT 未来将被 ICE 整合
STUN(2/2)
TURN(1/2)
Traversal Using Relay NAT 主要是为了解決 symmetric NATs 必须要架設 TURN Server 未来也将被包含进 ICE
TURN(2/2)
SIP using STUN
1 STUN SharedSecretRequest/TLS
9 100 Trying
User Agent 1
10.2.1.1
STUN Server Registrar/Proxy User Agent 2
7 INVITE Contact:[email protected]
10 200 OK
NAT
192.0.2.101
2 STUN SharedSecretResponse/TLS
3 STUN BindingtRequest/UDP
4 STUN BindingResponse/UDP
6 200 OK
5 REGISTER Contact:[email protected]
8 INVITE Contact:[email protected]
11 200 OK
12 ACK
13 ACK
RTP Media Session
SIP using TURN
User Agent 1
10.2.1.1
STUN/TURN Svr 1 STUN/TURN Svr 2 User Agent 2
192.168.1.1
NAT 1 NAT 2
1 STUN Requests
2 STUN Responses
3 STUN Requests
4 STUN Responses
7 180 Ringing
8 200 OK
9 ACK
12 Peer-to-Peer STUN Responses
11 Peer-to-Peer STUN Requests
14 Peer-to-Peer STUN Responses
13 Peer-to-Peer STUN Requests
RTP Media Session
Established using Derived Transport Addresses
Proxy
5 INVITE 6 INVITE
10 ACK
ALG(1/2)
Application Layer gateway It Understands the signalling messages
and their relationship with the resulting media flows.
It can modify the signalling to reflect the public IP address and ports being used by singalling and media traffic.
ALG(2/2)
ICE
Interactive Connectivity Establishment 非 protocol 而是 framework 主要技术包括: STUN, TRUN, SIP 目前仍在 RFC 草案讨论阶段