Simple traversal of UDP over NATs

Simple traversal of UDP over NATs

Simple Traversal of User Datagram Protocol through Network Address Translators (NATs) (abbreviated STUN), is a standards-based IP protocol used as one of the methods of NAT traversal in applications of real-time voice, video, messaging, and other interactive IP communications.The protocol allows applications operating through a NAT to discover the presence and specific type of NAT, and obtain the mapped (public) IP address (NAT address) and port number that the NAT has allocated for the application's User Datagram Protocol (UDP) connections to remote hosts. The protocol requires assistance from a 3rd-party network server (STUN server) located on the opposing public site of the NAT, usually the public Internet. The protocol is defined in RFC 3489.

Protocol overview

STUN is a light-weight client-server protocol. The client side resides in a protocol library linked into an application, such as a voice-over-IP (VOIP) phone or instant messaging client. The client, operating inside the NAT masqueraded network, initiates a short sequence of requests to a STUN protocol server listening at two IP addresses in the network on the public side of the NAT, traversing the NAT. The server responds with the results, which are the mapped IP address and port on the 'outside' of the NAT for each request to its two listeners. From the results of several different types of requests, the client application can learn the operating method of the network address translator, including the live-time of the NAT's port bindings.

NAT devices are implemented in a number of different types of address and port mapping schemes.STUN does not work correctly with all of them. It does work with primarily three types: full cone NAT, restricted cone NAT, and port restricted cone NAT. In the cases of restricted cone or port restricted cone NATs, the client must send out a packet to the endpoint before the NAT will allow packets from the endpoint through to the client. STUN does not work with symmetric NAT (also known as bi-directional NAT) which is often found in the networks of large companies. Since the IP address of the STUN server is different than that of the endpoint, in the symmetric NAT case, the NAT mapping will be different for the STUN server than for endpoint. For better results with symmetric NAT, see TURN. For details on the different types of NAT, see article on network address translation.

The standard STUN server listening port is 3478.

Once a client has discovered its external addresses, it can communicate with its peers. If the NAT is the full cone type then either side can initiate communication. If it is restricted cone or restricted port cone type both sides must start transmitting together.

Protocols like RTP and SIP use UDP packets for the transfer of sound/video/text and signaling traffic over the Internet.

In many application scenarios it is common that both endpoints are behind a NAT. This double-NAT problem is not easily overcome even with STUN, usually an intermediate application proxy server is required.

Algorithm

STUN uses the following algorithm (adapted from RFC 3489) to discover the presence of NAT gateways and firewalls:

Where the path through the diagram ends in a red box, UDP communication is not possible. Where the path ends in a yellow or green box, communication is possible.

Successors to STUN according to RFC 3489

The methods of RFC 3489 have proven too unreliable to cope with the plethora of different NAT implementations and application scenarios encountered in production networks. The document has now been deprecated and new methods are being formalized, but are still in draft status, as of July 2008 ( [http://tools.ietf.org/html/draft-ietf-behave-rfc3489bis draft-ietf-behave-rfc3489bis] ).

See also

*Network address translation
*NAT traversal
*Interactive Connectivity Establishment (ICE)
*Traversal Using Relay NAT (TURN)
*UDP hole punching

External links

* RFC 3489, STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)
* [http://tools.ietf.org/html/draft-ietf-behave-rfc3489bis Latest revision (bis) to the RFC] - draft-ietf-behave-rfc3489bis
* [http://www.newport-networks.com/whitepapers/nat-traversal1.html NAT traversal White Paper] comparing STUN with other NAT traversal techniques such as TURN, ICE, ALGs and Session Border Controllers - Source: Newport Networks
* [http://nutss.gforge.cis.cornell.edu/stunt.php STUNT] - "STUN and TCP too", which extends STUN to include TCP functionality
* [http://www.youtube.com/watch?v=9MWYw0fltr0&eurl=http%3A%2F%2Fwww%2Evoip%2Dnews%2Ecom%2Ffeature%2Ftop%2Dvoip%2Dvideos%2D051707%2F Yahoo! - Director of Engineering explaining STUN and TURN (Video)]
* [http://www.stunserver.org/ stunserver.org an open and freely-available STUN server.]

Implementations

* [http://sourceforge.net/projects/stun/ STUN Client and Server library]
* [http://jstun.javawi.de/ JSTUN - A Java STUN implementation]
* [https://stun4j.dev.java.net/ Java STUN library "stun4j"]
* [http://numb.viagenie.ca/ Numb] is a free STUN/TURN server.


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Simple traversal of UDP over NATs — Session Traversal Utilities for NAT (STUN, dt. „Werkzeuge zum durchqueren von NATs“) ist ein einfaches Netzwerkprotokoll, um das Vorhandensein und die Art von Firewalls und NAT Routern zu erkennen und letztere zu durchdringen. Es soll den… …   Deutsch Wikipedia

  • Traversal Using Relay NAT — (TURN) is a protocol that allows for an element behind a NAT or firewall to receive incoming data over TCP or UDP connections. It is most useful for elements behind symmetric NATs or firewalls that wish to be on the receiving end of a connection… …   Wikipedia

  • Network address translation — NAT redirects here. For other uses, see Nat (disambiguation). In computer networking, network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. The… …   Wikipedia

  • Hamachi — Infobox Software name = Hamachi caption = Screenshot of Hamachi developer = LogMeIn Inc. latest release version = 1.0.3.0 latest release date = Aug 18, 2008 operating system = Microsoft Windows, Linux, Mac OS X genre = P2P, VPN | license =… …   Wikipedia

  • Abkürzungen/Computer — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. A [nach oben] AA Antialiasing AAA authentication, authorization and accounting, siehe Triple A System AAC Advanced Audio Coding AACS …   Deutsch Wikipedia

  • Liste der Abkürzungen (Computer) — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. A [nach oben] AA Antialiasing AAA authentication, authorization and accounting, siehe Triple A System AAC Advanced Audio Coding AACS …   Deutsch Wikipedia

  • Liste von Abkürzungen (Computer) — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. Inhaltsverzeichnis A B C D E F G H I J K L M N O P Q R S T U V W X Y Z siehe auch: Liste von Dateiendu …   Deutsch Wikipedia

  • Realm-Specific IP — RSIP also stands for Radar System Improvement Program , see E 3 Sentry. Realm Specific IP is an Experimental IETF framework and protocol intended as an alternative to NAT in which the end to end integrity of packets is maintained.RSIP lets an… …   Wikipedia

  • WebPlayer9 Streaming Video On Demand System — WebPlayer9 streaming video on demand software system is a high performance, video media server for on demand streaming. The official homepage is http://www.streaming media server.com.The communication between server and client is using HTTP… …   Wikipedia

  • STUN — (sigla en inglés de Simple Transversal of UDP over NATs) es un protocolo de red del tipo cliente/servidor que permite a clientes NAT encontrar su dirección IP pública, el tipo de NAT en el que se encuentra y el puerto de Internet asociado con el… …   Wikipedia Español

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”