NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone...
-
Upload
baylee-bly -
Category
Documents
-
view
367 -
download
1
Transcript of NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone...
![Page 1: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/1.jpg)
NAT/Firewall 穿越技术
![Page 2: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/2.jpg)
常见的 NAT 种类
Full Cone Restricted Cone Port Restricted Cone Symmetric NAT
![Page 3: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/3.jpg)
Full Cone
![Page 4: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/4.jpg)
Restricted Cone(1/2)
![Page 5: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/5.jpg)
Restricted Cone(2/2)
![Page 6: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/6.jpg)
Port Restricted Cone
![Page 7: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/7.jpg)
Symmetric NAT
![Page 8: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/8.jpg)
NAT Detection Flow
![Page 9: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/9.jpg)
防火牆造成的問題
![Page 10: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/10.jpg)
NAT 造出的问题
![Page 11: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/11.jpg)
NAT/Firewall 穿越技术
IPV6(Internet Protocol Version 6) UPnP(Universal Plug and Play) TRUN(Traversal Using Relay NAT) ALG(Application Layer Gatewqy) ICE(Interactive Connectivity Establish) STUN(Simple Traversal of UDP
Through Netwoek Address Translators)
![Page 12: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/12.jpg)
UPnP
Universal Plug and Play
It's being pushed by Microsoft
A UPnP-aware client can ask the UPnP-enabled NAT how it would map a particular IP:port through UPnP
![Page 13: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/13.jpg)
UPnP Operation
![Page 14: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/14.jpg)
STUN(1/2)
Simple Traversal of UDP Through Network Address Translators
需要在 NAT 外部架设 STUN Server Client 端需有特殊的 STUN Client 功能 无法穿透 symmetric NAT 未来将被 ICE 整合
![Page 15: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/15.jpg)
STUN(2/2)
![Page 16: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/16.jpg)
TURN(1/2)
Traversal Using Relay NAT 主要是为了解決 symmetric NATs 必须要架設 TURN Server 未来也将被包含进 ICE
![Page 17: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/17.jpg)
TURN(2/2)
![Page 18: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/18.jpg)
SIP using STUN
1 STUN SharedSecretRequest/TLS
9 100 Trying
User Agent 1
10.2.1.1
STUN Server Registrar/Proxy User Agent 2
7 INVITE Contact:[email protected]
10 200 OK
NAT
192.0.2.101
2 STUN SharedSecretResponse/TLS
3 STUN BindingtRequest/UDP
4 STUN BindingResponse/UDP
6 200 OK
5 REGISTER Contact:[email protected]
8 INVITE Contact:[email protected]
11 200 OK
12 ACK
13 ACK
RTP Media Session
![Page 19: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/19.jpg)
SIP using TURN
User Agent 1
10.2.1.1
STUN/TURN Svr 1 STUN/TURN Svr 2 User Agent 2
192.168.1.1
NAT 1 NAT 2
1 STUN Requests
2 STUN Responses
3 STUN Requests
4 STUN Responses
7 180 Ringing
8 200 OK
9 ACK
12 Peer-to-Peer STUN Responses
11 Peer-to-Peer STUN Requests
14 Peer-to-Peer STUN Responses
13 Peer-to-Peer STUN Requests
RTP Media Session
Established using Derived Transport Addresses
Proxy
5 INVITE 6 INVITE
10 ACK
![Page 20: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/20.jpg)
ALG(1/2)
Application Layer gateway It Understands the signalling messages
and their relationship with the resulting media flows.
It can modify the signalling to reflect the public IP address and ports being used by singalling and media traffic.
![Page 21: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/21.jpg)
ALG(2/2)
![Page 22: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/22.jpg)
ICE
Interactive Connectivity Establishment 非 protocol 而是 framework 主要技术包括: STUN, TRUN, SIP 目前仍在 RFC 草案讨论阶段
![Page 23: NAT/Firewall 穿越技术. 常见的 NAT 种类 Full Cone Restricted Cone Port Restricted Cone Symmetric NAT.](https://reader033.fdocuments.net/reader033/viewer/2022061320/56649cba5503460f94981811/html5/thumbnails/23.jpg)