stun - simple traversal of user datagram protocol (udp) through network address translators (nats)...

STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) speaker：Wenping Zhang date： 2007.11.21

2

Outline

Introduction Types of NAT VoIP Protocol and NAT NAT Solutions Overview of Operation Message Header Message Attributes Reference

3

Introduction A mechanism for a socket behind NAT(s) to get its mapped (IP,p

ort) on Internet.

Check whether UA is behind NAT. If not true, the STUN mechanism is not applied.

When new socket is created, use this socket to request its mapped (IP,port) from STUN server. The response IP is stored in a string buffer. The response port is saved in a table, using source port as key.

When UA wants to stuff local IP or port in a message, it will first look up mapped IP or port in the table.

4

Types of NAT

Full Cone Restricted Cone Port Restricted Cone Symmetric

5

Full Cone

6

Restricted Cone

7

Port Restricted Cone

8

Symmetric

9

VoIP Protocol and NAT

NAT convert IP addresses on IP layer

Problem 1: SIP, H.323, Megaco and MGCP are application layer proto

col but contain IP address/port info in messages, which is not translated by NAT

Problem 2: Private client must send a outgoing packet first (to create a

mapping on NAT) to receive incoming packet

10

NAT Solutions

11

12

13

Overview of Operation 1/2

STUN is a simple client-server protocol. A client sends a request to a server, and the server r

eturns a response. There are two types of requests

Binding Requests Shared Secret Requests

The client sends a Binding Request to the server, over UDP. The server examines the source IP address and port of the request, and copies them into a response that is sent back to the client.

14

Overview of Operation 2/2

When the STUN client receives the STUN Binding Response, it compares the IP address and port in the packet with the local IP address and port it bound to when the request was sent.

If these do not match, the STUN client is behind one or more NATs.

15

Message Header

0x0001 : Binding Request 0x0101 : Binding Response 0x0111 : Binding Error Response 0x0002 : Shared Secret Request 0x0102 : Shared Secret Response 0x0112 : Shared Secret Error Response

16

17

Message Attributes

0x0001: MAPPED-ADDRESS 0x0002: RESPONSE-ADDRESS 0x0003: CHANGE-REQUEST 0x0004: SOURCE-ADDRESS 0x0005: CHANGED-ADDRESS 0x0006: USERNAME

0x0007: PASSWORD 0x0008: MESSAGE-INTEGRITY 0x0009: ERROR-CODE 0x000a: UNKNOWN-ATTRIBUTES 0x000b: REFLECTED-FROM

18

19

Reference

RFC 3489 STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)

STUN Client and Server library http://

sourceforge.net/project/showfiles.php?group_id=47735