NAT is [Knowledge Introduction]
Introduction As more and more families and small businesses add a computer, they will find that the network is a very powerful computer resource sharing tool. The Internet connection is one of the more precious resources on the network, and it is possible to share. To share the Internet connection, you need to deploy the Internet Gateway for a simple home or small office network with low prices. The Internet Gateway typically uses NAT (Network Address Translation) as a way to connect multiple hosts to the Internet to sharing a single public IP address. But unfortunately, the solution will destroy a variety of web applications. We will explain this herein. Existing NAT Traversal technology allows web applications to detect if there is a local NAT device. After detecting, the application is configured to configure NAT to define a corresponding mapping to resolve compatibility issues. This article belongs to an overview article, which will briefly introduce NAT to users and developers of the web application, describe how to identify common NAT issues, and introduce how the application uses NAT Traversal to solve these problems. Detailed technical information provided by the NAT Traversal API provided in Windows is expected to be obtained in Windows Platform SDK in early summer. Detailed description of the developer is recommended to understand these resources to learn how to make full use of these new operating system features (also extended to third-party gateway devices). NAT Traversal depends on the NAT device that provides UPnP (General Plug and Play), which defines the Internet Gateway Device Working Committee of the UPNP Forum. For information on UPNP, you can see the UPnP Web site. Special detailed information is located within the UPNP site. Support for UPnP and NAT Traversal are more important features in the Internet Gateway device and need to confirm. For users who purchase or rent a service provider Internet gateway device, we strongly recommend only consider using those devices that provide UPnP support for NAT Traversal, because this feature is for users, reduce support, and use more innovative services and services. Applications are critical. For gateway equipment manufacturers, add UPnP support to the Internet Gateway device is not complicated, and the cost is not high, nor does it take a lot of time. By using the UPnP (which is already the Internet standard and protocol), the Internet Gateway device manufacturer can resolve the NAT Traversal problem and extend the advantage to most applications that pass through the device. This has to provide a distinctive contrast to many application developers or gateway equipment manufacturers to provide a distinctive solution to solve the above problems. This article is not intended to provide a detailed guide to hardware manufacturers who wish to implement Nat Traversal in the Internet Gateway device. For this information, see the UPNP Forum Web site. Understand the Windows architecture, network and UPnP will help with fully understand this article, but not there must be the case. What is NAT? "Network Address Conversion" is an Internet Engineering Task Force (IETF) standard for allowing multiple PCs on a private network (using a dedicated address range, such as 10.0.xx, 192.168.xx, 172.xxx) Share a single, the IPv4 address of the global route. One main reason that is often deployed NAT is that IPv4 addresses are getting shortaged.
"Internet Connection Sharing" and many Internet Gateway devices in Windows XP and Windows Me are connected using NAT, especially in the case of connecting broadband networks via DSL or cable modem. NAT is solving the IPv4 address cost (not necessarily in IPv6 deployment) despite the timely effective solution, it is a temporary solution. This IPv4 address consumption problem is more serious in Asia and the world, and it is increasingly necessary to pay attention to North America. This is why people have always been concerned about the use of IPv6 to overcome this issue. In addition to reducing the desired IPv4 address, due to all hosts other than the private network, all hosts are monitored by a shared IP address, the NAT provides a hidden layer for the private network. NAT is different from the firewall or proxy server, but it is indeed safe. Figure 1: Network example of using the NAT device for Internet communication. The PC can be a NAT device, just like a solid-state cable modem or DSL modem can be the NAT device. Conventional NAT Operations NAT devices The clients are typically assigned to a dedicated IP address via DHCP (dynamic host configuration protocol), or is static by administrators. When communicating outside of the private network, the following things will usually occur. When the application wants to communicate with the server when the application wants to communicate with the server, the socket associated with the source IP address, the source port, the target IP address, the target port, and the network protocol is turned on. This identifies two endpoints required for communication. When the application utilizes this socket transmission information, the client's dedicated IP address (source IP address) and port (source port) will be inserted into the source field of the packet. The target field of the packet will contain the server's IP address (remote host-target IP address) and port. Since the destination of the packet is a location outside of the private network, the client will transfer the data package to the default gateway. The default gateway in this case is the NAT device. The output packet NAT device on the NAT device will intercept the output packet, then utilize the target IP address, the target port, the external IP address, external port, network protocol, and client's internal IP address and port of the client. Create a port mapping. The NAT device will maintain the tables consisting of these mappings and store the mapping of the port in the table. External IP addresses and ports are this data communication to replace the public IP address and port of the internal client IP address and port. The NAT device then converts the source field of the client's private internal IP address and port to the public IP address and port of the NAT device to convert these packets. The packet is then transmitted through an external network and finally reaches the target server. Figure 2: Example of output packet conversion. When the server receives the packet, it thinks it is to communicate with a computer with a global routing IP address. It uses the IP address and port in its own source to set the external IP address and port of the NAT device to the NAT device. The input packets on the NAT device NAT receives these packets from the server, and then compares the packet to its port mapping table. If NAT discovers a remote host IP address, remote port, external port, and network protocol, the source IP address of the input packet, the source port, target port, and network protocol matching the packet, and the NAT will perform reverse conversion. NAT will replace external IP addresses and external ports in the packet target field to the dedicated IP address and internal port of the client. Subsequently, NAT sends the packets on the internal network to the client. However, if NAT can't find a corresponding port mapping, it will discard the input packet and interrupt the connection. The role of NAT is that the client will be able to communicate with the dedicated IP address on the global Internet, but the application or client does not need to do any additional work.
This means that the application does not have to call other APIs, and the client does not have to make other configurations. In this case, NAT is transparent to client and server applications - all objects work. However, not all network applications use protocols that can work with NAT. This is the problem. Frequently Asked Questions Between NAT and applications If the client uses the same port when the client starts to connect and receives the reply, let the client use NAT to share the single-enabled IP address of the single global route nothing. However, the assumptions for many applications are not established when the NAT device is used to connect to the Internet. Some of these problems will be discussed here. Services on internal networks Many network services or servers assume: If you create a listener, all clients on the Internet can be connected. However, when there is a NAT device on the edge of the network, NAT requires port mapping to forward input communications to the internal network. Therefore, the service is only valid for clients on a private network. It is unavailable for the rest of the Internet. The most common solution to this question is to manually configure port mappings, enabling the NAT device to forward communication with the NAT-specific external IP address and port to the internal IP address and port used by the service. With this port mapping, the service can receive the input packet, so that the service can be used by the client outside the private network. The network is disconnected before the port mapping is established. Manually configuring the process of the map is often more complicated, requiring more experienced users to correctly map. Therefore, many general users or small enterprise users will not be able to use the required roots and solutions to contact themselves Broadband Internet service providers, PC manufacturers, retailers, or Internet Gateway manufacturers to try to find the root causes of the problem. Applications or services. The above situation can also cause the mapping of the map: Many external clients can use this mapping to connect to the server. Embedded addresses or ports Some web applications assume that the IP address and port allocated by the client will always perform global routing and can be used directly on the Internet. In many cases, they belong to the dedicated IP address within the IETF reserved address range. The application contains the dedicated IP address or port in the load of the packet sent to the server. The server can use the embedded address as the address used when contacting the client. If the server tries to reply with an embedded IP address and port, instead of NAT, the system will discard the packet. This is because the embedded IP address is unable to router. If the network application can find the NAT device and retrieve the external IP address and external port mapping you want to use, the application can embed the correct information in the packet. The application using the dispersed socket also has some network applications to send communication information to the server or peer computer using the socket on port X, and then wait for the server's communication information to receive the port Y independent monitor sleeve. . NAT will monitor the output communication and create a port mapping for port X, but does not perform port mapping for returning packets addressed to port y. The input packets addressed to the port Y will be discarded. Requires port available Some network protocols assume that the known ports that are always available in global routing are available. When multiple clients share IP addresses, only one client can use only a known port each time. For example, only one web service can use port 80 on the local network. If not this, the NAT device will not be able to determine the client applicable to the external request. Even with the help of configuring the port mapping, if multiple clients can be found from the outside of the local network, certain special measures must be taken. Multiple NATs If the client is behind NAT behind a NAT, the problem that occurs be exceeded in this article covers the range. The technical issues related to NAT Traversal are introduced in the previous influence of users and industries. From a user's perspective, the impact it has is relatively simple: people can no longer be able to use NAT interference services or applications. Now, most users don't even realize that they have become the victim of this NAT issue.
They just know that when trying to play multi-game or use peer applications (such as real-time communication) or other applications, it cannot be played or cannot be used. They may see an error message similar to "unable to connect" in the PC, or when trying to use the application, the program has failed. Sometimes users with dial-up modem Internet connection do not have the above problems when using dial-up modems. However, when the user registers the broadband service and uses the DSL or cable modem device with NAT, it is faulty. In the case of a fast Internet connection, these users are in particular suffering from NAT issues: They suddenly prohibit users from playing games or other services. This will cause the user to dissatisfaction, and will pass this dissatisfaction to the PC manufacturer, ISP, Internet gateway manufacturer or other party. Typically, users don't know the root of the problem, and technical support staff does not always know how to solve these problems by phone. This is not only a user problem. It also has a problem with manufacturers who provide products and services to users. Users will call the support when trying to solve these problems caused by NAT, and this part of the cost reduces the profits of manufacturers or retailers and even makes it adverse. These problems can lead to dissatisfaction with the user's trial service, so that certain users have reduced their interest in subsequent new services or applications. Therefore, NAT will interfere with other innovative products / services. In view of the above factors, the NAT issue has become an important task that has become an industry. What is NAT TRAVERSAL? NAT Traversal is a set of functions: it allows the network application to be able to be able to be able to get behind the NAT device, obtain the external IP address, and configure the port mapping to send the data packet of the NAT external port to the internal port used by the application, and All of this is automatically complete, so users do not have to manually configure port mapping or other similar aspects. Relative to other methods of currently used, this is indeed a more comprehensive solution to the connection problem caused by NAT. Those specialized solutions currently use require users to have certain technical knowledge, and some require application developers or Internet gateway manufacturers for specialized development work, and some require both aspects. Although Nat Traversal can solve some NAT issues, it is not universal, but it can't solve all problems. In improving user satisfaction, reducing user support calls and supports new, creative services, and applications, this automatic NAT Traversal represents a very important step, especially for home network environment. NAT Traversal should be considered as a process mechanism used when needed, rather than playing in all cases. In IPv6, each client has an IP address that can be globally routed, so NAT and NAT Traversal are no longer needed. How long will IPv6 get a universal deployment, there are various predictions. The industry (including Microsoft) has put into huge summers to advance IPv6, but in the present and future few years, the NAT Traversal solutions described later will be significant for general users who wish to solve NAT issues and small businesses users. NAT Traversal Operation NAT Traversal Depending on the Discovery and Control protocol of the General Plug and Play (UPNP) Forum specification. The UPNP Forum has a work committee primarily defines the control protocol of the Internet Gateway device and defines services for these devices. The Internet Gateway device that supports Internet Gateway device control protocol basic elements can declare their presence and release XML description documentation to the control points on the LAN.
With these XML description documents, the control point can understand if the Internet gateway supports NAT, obtains the UPnP operation that needs to be called when the NAT external IP address and the creation of the port mapping. The NAT Traversal API in Windows refines the requirements of using UPnP to provide interfaces for detecting, managing, and configuring NAT devices. NAT Traversal API When the network application needs to detect whether there is a NAT device and adjust the behavior of the device, the application can use the NAT Traversal API provided in Windows to implement the following functions: Determine if there is NAT Get the external IP address of the NAT. Get static port mapping information (if mapped) for a particular external port. Add a static port mapping (unless an external port is allocated). Enable or disable specific port mappings without deleting an interface-friendly description of editing static port mapping Deleting Static Port Mapping Get Listing Listing Maps Using these features, applications can solve many factors caused by NAT. Note: The Windows Nat Traversal API is currently supported only within a limited time, otherwise the static port mapping will be called. The NAT Traversal API will be installed in Windows XP by default by default by default, WINDOWS XP will be installed. These APIs can also be installed in a computer running Windows ME and Windows 98, the method is a tool that is called "Network å" in Windows XP CD. To provide additional XML analysis program support, the NAT Traversal API also requires Install Internet Explorer 6.0. NAT Traversal does not currently support in Windows 2000. The NAT TRAVERINTERNET gateway supports the NAT Traversal Internet Gateway is implemented by supporting the Internet Gateway device (IGD) specification defined by the "General Plug Forum" Internet Gateway Working Committee. The gateway manufacturer should also notice that the NAT Traversal API in Windows is assumed to the IGD: IGD only declares an external interface each time. Although the Internet gateway device is technically allowed to declare multiple external interfaces, NAT Traversal APIs are only used. IGD support allows any remote IP addresses to send packets to port mappings of internal clients. IGD supports port mapping IGD supported by broadcast addresses (listed as clients) to support NAT external ports different from the number of ports within the client. IGD will declare the version number 1. Static port mapping (or port maps set to unlimited) will exist in indefinitely. Even the restart system, change the IP address, or the server, there is a client, and the static port mapping cannot be removed. During the writing of this article, several industry-leading manufacturers have announced Internet gateway devices that support these UPnP methods in 2001 and can be used with Windows Nat Traversal API. This is a very important step for the industry and users. With more and more Internet Gateway equipment manufacturers recognize the advantages of using UPnP to solve the above problems, with more general users and small enterprise users began aware of NAT-related issues and these support UPNP NAT Traversal resolution The powerful function of the program, providing UPnP support for NAT Traversal, is expected to be called verification items for such devices or incompetence. The Internet Gateway Manufacturer should join the UPNP Forum to learn how to make our Internet gateway devices comply with UPnP standards.
The "Internet Connection Sharing" on Windows XP supports the UPNP IGD Standard version 0.9. The expected version 1.0 will be compatible with version 0.9. How to use NAT Traversal applications with NAT Traversal is related to multiple factors, including port mapping expectations and portions for multiple clients or services. Applications should clear all static port mappings you created to avoid isolation mapping and ports that are occupied by other applications. If the application is a network service (such as a web server), and the known port is required during the survival period, its installer can use the NAT Traversal API to configure a static port mapping. Assuming other applications, network administrators, and network topology are maintained, and the cleaning mechanism also keeps the mapping unchanged, and the external client can connect to the service during the service life. The application's uninstall service will be responsible for deleting the mapping. If there is a crash, even if the service does not exist, the static port mapping will still exist. If the external IP address changes, the static port mapping will automatically obtain the contents of the changes. If the application does not run, or the trust of the network maintains its static port mapping, it can keep a known port at each startup and resume resource at each time. This can be implemented by running a parallel script. As an alternative to add and delete port mappings, you can enable the application to enable and disable mapping as needed. The application can always reserve static port mappings and refreshes only maps only at each time enabled. Similarly, if the external IP address changes, the static port mapping will automatically obtain the contents of the changes. If multiple applications of different clients on the dedicated network use the same internal port number, the application will require a modification to support the operation of multiple clients. Only a single client can use the internal port number mapped by an external port. It is recommended to use the first client. Other clients should request an inactive port mapping of internal ports different from the number of external ports. There is a special situation: multiple clients can listen on the same external port, and the only purpose is to be discovered by the remote host. The input packet can be converted to a broadcast address using the internal client IP address, not a specific client address. The client listening to this port can reply by launching the connection between its own and the remote host. This solution is not recommended because the input packets of the address will be received by all clients on the network and will affect them. If the service needs to listen for a random port short-term, it should request a static port mapping in the application, not the script. At the end of the service, you should clear (delete mapping). The application should keep a record of its own unique port mapping. In this way, if the application does not turn off the mapping at the crash, the necessary information needed to clear the port mapping can be retrieved at the next startup. If the application does not clear its port mapping when the application leaves the network, the mapping will remain, and the clerution task falls on the user. There is currently no clear mechanism in Windows because it is very difficult to determine that the application is no longer used by mapping. The Limitations of NAT Traversal Although NAT Traversal can solve multiple problems associated with connection through NAT devices, there is also a problem that Nat Traversal cannot solve and causes problems. These issues include: NAT Traversal uses open trust models. This means that all applications on the private network can access all port mappings on the NAT. Although this can increase the flexibility of multi-point management, the application will lose the only possecation of its mapping. Applications will resolve conflicts. If the application attempts to map a port that is mapped to other clients, it should be responsible for finding another port or overwriting the application. NAT Traversal cannot solve problems in ISP distribution dedicated addresses and use NAT for client connection.