Peer-to-Peer Communication Across Network Address Translators

Network Address Translation (NAT) causes well-known difficulties for peer-to-peer (P2P) communication, since the peers involved may not be reachable at any globally valid IP address. Several NAT traversal techniques are known, but their documentation is slim, and data about their robustness or relative merits is slimmer. This paper documents and analyzes one of the simplest but most robust and practical NAT traversal techniques, commonly known as "hole punching." Hole punching is moderately well-understood for UDP communication, but we show how it can be reliably used to set up peer-to-peer TCP streams as well. After gathering data on the reliability of this technique on a wide variety of deployed NATs, we find that about 82% of the NATs tested support hole punching for UDP, and about 64% support hole punching for TCP streams. As NAT vendors become increasingly conscious of the needs of important P2P applications such as Voice over IP and online gaming protocols, support for hole punching is likely to increase in the future.Comment: 8 figures, 1 tabl

Gozar: NAT-friendly Peer Sampling with One-Hop Distributed NAT Traversal

Gossip-based peer sampling protocols have been widely used as a building block for many large-scale distributed applications. However, Network Address Translation gateways (NATs) cause most existing gossiping protocols to break down, as nodes cannot establish direct connections to nodes behind NATs (private nodes). In addition, most of the existing NAT traversal algorithms for establishing connectivity to private nodes rely on third party servers running at a well-known, public IP addresses. In this paper, we present Gozar, a gossip-based peer sampling service that: (i) provides uniform random samples in the presence of NATs, and (ii) enables direct connectivity to sampled nodes using a fully distributed NAT traversal service, where connection messages require only a single hop to connect to private nodes. We show in simulation that Gozar preserves the randomness properties of a gossip-based peer sampling service. We show the robustness of Gozar when a large fraction of nodes reside behind NATs and also in catastrophic failure scenarios. For example, if 80% of nodes are behind NATs, and 80% of the nodes fail, more than 92% of the remaining nodes stay connected. In addition, we compare Gozar with existing NAT-friendly gossip-based peer sampling services, Nylon and ARRG. We show that Gozar is the only system that supports one-hop NAT traversal, and its overhead is roughly half of Nylon’s

Влияние устройств преобразования сетевого адреса на производительность P2P систем

BitTorrent nowadays is one of the most popular peer-to-peer applications on the Internet, contributing to a significant portion of the total Internet traffic. On the other hand, NAT devices have become widespread in almost all networking scenarios. Despite of the effort of NAT traversal, it is still quite possible that applications, especially P2P ones, cannot receive incoming connection requests, if they are behind NAT. Though this effect has been widely observed in measurement work, so far there is no quantitative study examining the impact of NAT on P2P applications. This article describes analytical model to capture the performance of BitTorrent-like P2P systems in the presence of NAT peers.На сегодняшний день BitTorrent является одним из наиболее популярных peer-to-peer приложений, трафик которого составляет значительную часть всего Internet-трафика. С другой стороны, при построении сети в большинстве случаев используются устройства преобразования сетевого адреса (NAT). Не смотря на существование множества средств для прохождения NAT, вполне вероятно, что приложения, особенно P2P, не могут принимать запросы на входящее подключение, если они находятся за NAT. Хотя это явление широко наблюдалось в измерительных работах, до сих пор в литературе отсутствуют количественные исследования влияния NAT на приложения P2P. В этой статье рассмотрена аналитическая модель для измерения производительности P2P систем, подобных BitTorrent, при наличии однородных и неоднородных NAT-пиров

Network Address Translator Traversal for the Peer-to-Peer Session Initiation Protocol on Mobile Phones

Osoitteenmuuntajat sallivat useiden isäntäkoneiden jakavan yhden tai useamman IP osoitteen. Päätös käyttää osoitteenmuuntajia yhtenä ratkaisuna IP osoitteiden ehtymiseen, on myöhemmin tuonut mukanaan lisähaasteita; osoitteenmuuntajat ovat erityisen ongelmallisia vertaisyhteyksille. ICE (Interactive Connectivity Establishment) on osoitteenmuuntajien läpäisymenetelmä, joka auttaa vertaiskoneita luomaan suoran polun osoitteenmuuntajien läsnä ollessa. ICE perustuu suurilta osin STUN (Session Traversal Utilities for NAT) ja TURN (Traversal Using Relays around NAT) -protokolliin. Nykyään vertaissovellukset ovat levinneet matkapuhelimiin, joilla voi myös olla osoitemuutettu osoite. Matkapuhelinten rajoitukset tietäen, on kiinnostavaa tietää osoitteenmuuntajien läpäisymenetelmien soveltuvuus matkapuhelimille P2PSIP:n (Peer-to-Peer Session Initiation Protocol) yhteydessä. SIP:iä käytettiin kommunikointi-istuntojen hallintaan vertaiskoneiden välillä. Toteutimme ICE-prototyypin mitataksemme STUN tai TURN asiakkaana tai palvelimena toimivan matkapuhelimen suorituskykyä huomioiden keskusyksikön kuorman, muistinkäytön, pakettien pudotusmäärän ja akun kulutuksen. Lisäksi työssä tutkittiin ICE:n vaikutusta P2PSIP:n viiveisiin. TURN välityspalvelimen käytön haittapuoli on kasvanut viive ja STUN koteloinnista johtuvat ylimääräiset tavut. Puhelimessa toimivan TURN palvelimen tulee rajoittaa asiakkaiden määrä sekä millaista dataa se voi välittää. Puhelin toimii hyvin STUN palvelimena, etenkin jos yhteyden ylläpitoviestit voidaan jättää huomiotta. Puhelimet voivat toimia osana P2PSIP-verkkoa myös osoitteenmuuntajien läsnä ollessa. On kuitenkin suotavaa, että osoitteenmuuntajat käyttäisivät osoite- ja porttiriippumatonta kuvausta, koska silloin välitystä ei tarvita.Network Address Translators (NATs) allow multiple hosts to share one or more IP addresses. The initial decision to use NATs as one of the solutions to Internet Protocol (IP) address depletion, has later induced further challenges; NATs are specially problematic in connection with peer-to-peer (P2P) communication. Interactive Connectivity Establishment (ICE) is a NAT traversal mechanism that helps peers in creating a direct path in the presence of NATs. ICE largely relies upon utilizing the mechanisms of Session Traversal Utilities for NAT (STUN) and Traversal Using Relays around NAT (TURN) protocols. Nowadays P2P applications are speading to mobile phones that can also have a NATed address. Knowing the constraints of mobile phones, we were interested in the applicability of NAT traversal mechanisms for mobile phones in the context of Peer-to-Peer Session Initiation Protocol (P2PSIP). SIP was used for controlling communication sessions between the peers. We implemented an ICE prototype for measuring CPU load, memory consumption, packet drop rate and battery consumption of a mobile phone acting as a STUN or TURN client or server. Additionally, we measured the impact of ICE on delays in P2PSIP. The downside of relaying messages via a TURN server is the increase in delay and the increased overhead due to STUN encapsulation. A TURN server running on a mobile phone has to limit the number of allocations and the type of data being transmitted through it. A mobile phone works well as STUN server, especially if keepalives can simply be ignored. Mobile phones can act as P2PSIP peers and TURN servers, even in the presence of NATs, however, it is preferable to have NATs using address and port-independent mapping, since then no relaying is needed. [

IMPLEMENTASI PROTOKOL TURN (TRAVERSAL USING RELAY NAT) PADA JARINGAN YANG MENGGUNAKAN NAT

ABSTRAKSI: Perkembangan teknologi saat ini semakin pesat, sebagai contoh teknologi file sharing dan aplikasi multimedia seperti Voice over IP. Teknologi file sharing dan voice over IP sedang banyak diminati oleh banyak orang terutama para pengguna suatu jaringan seperti LAN (Local Area Network).Dalam suatu jaringan yang berada di bawah atau di belakang NAT (Network Address Translator), seorang user tidak dapat melakukan kegiatan file sharing atau melakukan voice over IP dari user lain melalui sambungan TCP atau UDP.Untuk dapat melakukan koneksi antar user atau klien (single peer) yang berada di belakang NAT, maka dibutuhkan suatu protokol yang dapat “menembus” NAT tersebut. Sehingga user dapat melakukan aktivitas koneksinya tanpa adanya hambatan.Pada proyek akhir ini, dilaksanakan suatu perancangan sebuah aplikasi multimedia dan file sharing dengan user yang berada di belakang NAT atau firewall dengan menggunakan protokol yang dapat “menembus” NAT yaitu TURN (Traversal Using Relay NAT). Dalam implementasi aplikasinya, menggunakan TURNserver.Tujuan dari Proyek Akhir yang dilakukan adalah pengujian sistem pada jaringan yang menggunakan NAT untuk dapat melakukan suatu aplikasi yaitu VoIP dan file sharing pada jaringan, tanpa mengurangi sisi keamanan pada jaringan tersebut. Dalam realisasinya digunakan suatu server yang disebut dengan TURNserver.Kata Kunci : File Sharing, VoIP, NAT, TURN (Traversal Using Relay NAT), dan TURNserver.ABSTRACT: Current technological developments more rapidly, for example file sharing technology and multimedia applications such as Voice over IP. Technology file sharing and voice over IP is great demand by many people, especially the users of a network such as LAN (Local Area Network). In a network that is under or behind the NAT (Network Address Translator), a user can not perform activities files sharing or do voice over IP from other users via TCP or UDP connection.To be able to make connections between users or clients (single peer), which is behind NAT, it needs a protocol that can "penetrate" the NAT. So that the user can perform activities without restriction connections.In this final project, carried out the design of a multimedia application and file sharing with users who are behind NAT or firewall by using the protocol that can "penetrate" the NAT that is TURN (Traversal Using Relay NAT). In the implementation of the applications, using TURNserver.The end goal of the project is testing conducted on systems that use NAT networking in order to make an application that is VoIP and file sharing on the network, without reducing the security on the network. In reality there is a server called TURNserver.Keyword: File Sharing, VoIP, NAT, TURN (Traversal Using Relay NAT), and TURNserver

Mesmerizer: A Effective Tool for a Complete Peer-to-Peer Software Development Life-cycle

In this paper we present what are, in our experience, the best practices in Peer-To-Peer(P2P) application development and how we combined them in a middleware platform called Mesmerizer. We explain how simulation is an integral part of the development process and not just an assessment tool. We then present our component-based event-driven framework for P2P application development, which can be used to execute multiple instances of the same application in a strictly controlled manner over an emulated network layer for simulation/testing, or a single application in a concurrent environment for deployment purpose. We highlight modeling aspects that are of critical importance for designing and testing P2P applications, e.g. the emulation of Network Address Translation and bandwidth dynamics. We show how our simulator scales when emulating low-level bandwidth characteristics of thousands of concurrent peers while preserving a good degree of accuracy compared to a packet-level simulator

Improving ICE Service Selection in a P2P System using the Gradient Topology

GS

Providing End-to-End Connectivity to SIP User Agents Behind NATs

The widespread diffusion of private networks in SOHO scenarios is fostering an increased deployment of Network Address Translators (NATs). The presence of NATs seriously limits end-to-end connectivity and prevents protocols like the Session Initiation Protocol (SIP) from working properly. This document shows how the Address List Extension (ALEX), which was originally developed to provide dual-stack and multi-homing support to SIP, can be used, with minor modifications, to ensure end-to-end connectivity for both media and signaling flows, without relying on intermediate relay nodes whenever it is possibl

Peer-to-Peer Secure Updates for Heterogeneous Edge Devices

We consider the problem of securely distributing software updates to large scale clusters of heterogeneous edge compute nodes. Such nodes are needed to support the Internet of Things and low-latency edge compute scenarios, but are difficult to manage and update because they exist at the edge of the network behind NATs and firewalls that limit connectivity, or because they are mobile and have intermittent network access. We present a prototype secure update architecture for these devices that uses the combination of peer-to-peer protocols and automated NAT traversal techniques. This demonstrates that edge devices can be managed in an environment subject to partial or intermittent network connectivity, where there is not necessarily direct access from a management node to the devices being updated