Skip to main content

Discovering, Querying, and Controlling Firewalls and NATs

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Dan Wing , Jonathan Rosenberg , Hannes Tschofenig
Last updated 2007-10-16
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


A drawback with many NAT UDP hole punching techniques is the keepalive traffic necessary to keep the UDP binding open. It it necessary to send keepalives frequently because it is not possible to determine or modify the NAT's binding lifetime. This keepalive traffic causes server load and additional network traffic, which is especially problematic with battery-operated wireless devices. This document describes two mechanisms to discover NATs and firewalls and a mechanism to query and control their binding lifetime. With these mechanisms, UDP binding discovery and UDP keepalive traffic can be reduced to involve only the necessary NATs or firewalls. This eliminates the keepalive traffic to servers, and vastly reduces keepalive traffic across the network. At the same time, backwards compatibility with NATs and firewalls that do not support this specification is retained, which allows for incremental deployment of this mechanism. This document is discussed on the SAFE mailing list, <>.


Dan Wing
Jonathan Rosenberg
Hannes Tschofenig

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)