原文版权: Copyright (C) The Internet Society (2003).All Rights Reserved.
原文地址: http://midcom-p2p.sourceforge.net/draft-ford-midcom-p2p-01.txt
3.3.2. Peers behind the same NAT ** 客户端都处于相同的 ** ** NAT ** ** 之后 **
Now consider the scenario in which the two clients (probably unknowingly) happen to reside behind the same NAT, and are therefore located in the same private IP address space. Client A has established a UDP session with server S, to which the common NAT has assigned public port number 62000. Client B has similarly established a session with S, to which the NAT has assigned public port number 62001.
现在让我们来考虑一下两个客户端 ( 很有可能不知不觉的就会 ) 同时位于相同的 NAT 之后,而且是在同一个子网内部的情况, Client A 与 S 之间的会话使用了 NAT 的 62000 端口, Client B 与 S 之间的会话使用了 62001 端口,如下图所示:
Suppose that A and B use the UDP hole punching technique as outlined above to establish a communication channel using server S as an introducer. Then A and B will learn each other's public IP addresses and port numbers as observed by server S, and start sending each other messages at those public addresses.The two clients will be able to communicate with each other this way as long as the NAT allows hosts on the internal network to open translated UDP sessions with other internal hosts and not just with external hosts. We refer to this situation as "loopback translation," because packets arriving at the NAT from the private network are translated and then "looped back" to the private network rather than being passed through to the public network. For example, when A sends a UDP packet to B's public address, the packet initially has a source IP address and port number of 10.0.0.1:124 and a destination of 155.99.25.11:62001. The NAT receives this packet, translates it to have a source of 155.99.25.11:62000 (A's public address) and a destination of 10.1.1.3:1234, and then forwards it on to B. Even if loopback translation is supported by the NAT, this translation and forwarding step is obviously unnecessary in this situation, and is likely to add latency to the dialog between A and B as well as burdening the NAT.
我们假设, Client A 和 Client B 要使用上一节我们所描述的 “ UDP 打洞技术”,并通过服务器 S 这个“媒人”来认识,这样 Client A 和 Client B 首先从服务端 S 得到了彼此的公网 IP 地址和端口,然后就往对方的公网 IP 地址和端口上发送消息。在这种情况下,如果 NAT 仅仅允许在 内部网主机与其他内部网主机(处于同一个 NAT 之后的网络主机)之间打开 UDP 会话通信通道,而内部网主机与其他外部网主机就不允许的话,那么 Client A 和 Client B 就可以通话了。我们把这种情形叫做“ loopback translation ” ( “回环转换” ) ,因为数据包首先从局域网的私有 IP 发送到 NAT 转换,然后“绕一圈”,再回到局域网中来,但是这样总比这些数据通过公网传送好。举例来说,当 Client A 发送了一个 UDP 数据包到 Client B 的公网 IP 地址,这个数据包的报头中就会有一个源地址 10.0.0.1:124 和一个目标地址 155.99.25.11:62001 。 NAT 接收到这个包以后,就会 ( 进行地址转换 ) 解析出这个包中有一个公网地址源地址 155.99.25.11:62000 和一个目标地址 10.1.1.3:1234 ,然后再发送给 B ,虽说 NAT 支持“ loopback translation ”,我们也发现,在这种情形下 , 这个解析和发送的过程有些多余,并且这个 Client A 和 Client B 之间的对话可能潜在性地给 NAT 增加了负担。
The solution to this problem is straightforward, however. When A and B initially exchange address information through server S, they should include their own IP addresses and port numbers as "observed" by themselves, as well as their addresses as observed by S.The clients then simultaneously start sending packets to each other at each of the alternative addresses they know about, and use the first address that leads to successful communication. If the two clients are behind the same NAT, then the packets directed to their private addresses are likely to arrive first, resulting in a direct communication channel not involving the NAT. If the two clients are behind different NATs, then the packets directed to their private addresses will fail to reach each other at all, but the clients will hopefully establish connectivity using their respective public addresses. It is important that these packets be authenticated in some way, however, since in the case of different NATs it is entirely possible for A's messages directed at B's private address to reach some other, unrelated node on A's private network, or vice versa.
其实,解决这个问题的方案是显而易见的。当 Client A 和 ClientB 最初通过服务器 S 交换彼此的地址信息时,他们也就应该“发现”了自己的 IP 地址和端口——也就是服务器 S 所发现的。两个客户端同时的发送 数据包 到对方的公网地址和私有地址上,然后选择首先使得通信成功的那个地址就可以了。如果两个客户端都位于同一个 NAT 之后,那么发往私有地址的数据包应该先于发往公网地址的数据包到达,这样就建立了一个不包括 NAT 的直连通信通道。如果两个客户端位于不同 NAT 之后,虽然发送到对方私有地址的数据包会毫无疑问的发送失败,但还是很有可能使用他们各自的公网 IP 地址来建立一条通信通道的。所以检测这些数据包的方法和工作就变得非常重要,不论如何,只要双方都处于不同 NAT 之后的话,就完全有可能 Client A 发向 Client B 的信息会发到别的地方去,而与 Client A 的私有地址无关,反之亦然( Client B 发向 Client A 的消息也会发到别的地方去,而与 Client B 的 私有地址无关)。