Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

udp hole punch and port restricted cone NAT

I would like to understand how udp hole punching works when two hosts each behind the port restricted cone NAT establish connection.

As I understood, it happens in several stages and involves three hosts.

Host A and host B are behind the port restricted cone NAT.

Host C is a server that can receive packets from the hosts A and B.

  1. A sends a packet to C.
  2. C receives packet from A and determines A's external address:port pair
  3. B sends a packet to C.
  4. C receives packet from B and determines B's external address:port pair
  5. C sends the external address:port of B to A
  6. C sends the external address:port of A to B
  7. A sends packet_1 to B's external address
  8. B sends packet_2 to A's external address

The questions are:

How can A behind the restricted cone NAT receive a packet from B which is also behind the restricted cone NAT?

The port restricted cone NAT do not allow packets, in which the source address:port pair does not match the destination address:port pair of packets sent by it, to be received. Why do other packets sent between A and B arrive to A and to B?

Is it because the port restricted cone NAT considers packet_2 as the response from B?

So packet_1 will be lost but packet_2 arrives to B. Am I right?

Thank you in advance.

like image 273
Art Spasky Avatar asked Oct 09 '22 14:10

Art Spasky


1 Answers

FYI, here's a paper that addresses your questions and provides a detailed overview of NAT. A pdf version is available here.

like image 57
Ralf Avatar answered Oct 13 '22 09:10

Ralf