Transcript STUN - Simple Traversal of User Datagram Protocol (UDP

STUN - Simple Traversal of
User Datagram Protocol
(UDP) Through Network
Address Translators (NATs)
speaker：Wenping Zhang
date：2007.11.21
Outline








Introduction
Types of NAT
VoIP Protocol and NAT
NAT Solutions
Overview of Operation
Message Header
Message Attributes
Reference
2
Introduction

A mechanism for a socket behind NAT(s) to get its mapped
(IP,port) on Internet.

Check whether UA is behind NAT.

If not true, the STUN mechanism is not applied.

When new socket is created, use this socket to request its
mapped (IP,port) from STUN server.
 The response IP is stored in a string buffer.
 The response port is saved in a table, using source port as key.

When UA wants to stuff local IP or port in a message, it will first
look up mapped IP or port in the table.
3
Types of NAT




Full Cone
Restricted Cone
Port Restricted Cone
Symmetric
4
Full Cone
5
Restricted Cone
6
Port Restricted Cone
7
Symmetric
8
VoIP Protocol and NAT

NAT convert IP addresses on IP layer

Problem 1:


SIP, H.323, Megaco and MGCP are application layer
protocol but contain IP address/port info in messages,
which is not translated by NAT
Problem 2:

Private client must send a outgoing packet first (to create a
mapping on NAT) to receive incoming packet
9
NAT Solutions
10
11
12
Overview of Operation 1/2


STUN is a simple client-server protocol.
A client sends a request to a server, and the server
returns a response.

There are two types of requests



Binding Requests
Shared Secret Requests
The client sends a Binding Request to the server,
over UDP. The server examines the source IP
address and port of the request, and copies them
into a response that is sent back to the client.
13
Overview of Operation 2/2


When the STUN client receives the STUN
Binding Response, it compares the IP
address and port in the packet with the local
IP address and port it bound to when the
request was sent.
If these do not match, the STUN client is
behind one or more NATs.
14
Message Header






0x0001 : Binding Request
0x0101 : Binding Response
0x0111 : Binding Error Response
0x0002 : Shared Secret Request
0x0102 : Shared Secret Response
0x0112 : Shared Secret Error Response
15
16
Message Attributes






0x0001: MAPPED-ADDRESS
0x0002: RESPONSE-ADDRESS
0x0003: CHANGE-REQUEST
0x0004: SOURCE-ADDRESS
0x0005: CHANGED-ADDRESS
0x0006: USERNAME





0x0007: PASSWORD
0x0008: MESSAGE-INTEGRITY
0x0009: ERROR-CODE
0x000a: UNKNOWN-ATTRIBUTES
0x000b: REFLECTED-FROM
17
18
Reference

RFC 3489 STUN - Simple Traversal of User
Datagram Protocol (UDP) Through Network
Address Translators (NATs)

STUN Client and Server library

http://sourceforge.net/project/showfiles.php?group
_id=47735
19