[p2p-hackers] UDP Hole Punching through Symmetric NATs
David Barrett
dbarrett at quinthar.com
Wed Jun 15 10:09:35 UTC 2005
In my ongoing quest for real-world data, do you know of any significant
P2P deployments that hole-punch through symmetric NATs?
As you know, the simple "rendezvous" hole-punching approach described by
Bryan Ford's paper [1] suggests that upwards of 82% of all NATs can have
holes punched on the assumption that "consistent endpoint translation"
is in place (and thanks to the IETF-BEHAVE group, this number will only
improve). This means if you establish outbound UDP sessions from the
same private endpoint to two separate locations, your NAT will assign
the same public endpoint to each. This allows me to contact you without
"guessing" what NAT port you might be using.
[1] http://www.brynosaurus.com/pub/net/p2pnat/
But as Bryan describes, symmetric NATs make no such consistent
translation, and thus each outbound session is assigned a unique public
endpoint by the NAT. This complicates hole punching, but doesn't
prevent it. To punch through symmetric NATs you must, based on
knowledge of one of a peer's public NAT endpoints, intelligently guess
the others.
So hole punching through symmetric NATs is difficult, and Bryan suggests
not worth the effort. I'm curious what you think, however. Have you
tried it and found it useful in the real world?
In theory it can get you better than 82% success ratio of hole punching,
but I'm not sure if it gets you only to 85% or 90% or 99% or what. Do
you know of any success (or failure) stories of hole punching through
symmetric NATs in the real world?
-david
More information about the P2p-hackers
mailing list