Network Working Group P. Srisuresh
Request for Comments: 5128 Kazeon Systems
Category: Informational B. Ford
M.I.T.
D. Kegel
kegel.com
March 2008
State of Peer-to-Peer (P2P) Communication across
Network Address Translators (NATs)
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Abstract
This memo documents the various methods known to be in use by
applications to establish direct communication in the presence of
Network Address Translators (NATs) at the current time. Although
this memo is intended to be mainly descriptive, the Security
Considerations section makes some purely advisory recommendations
about how to deal with security vulnerabilities the applications
could inadvertently create when using the methods described. This
memo covers NAT traversal approaches used by both TCP- and UDP-based
applications. This memo is not an endorsement of the methods
described, but merely an attempt to capture them in a document.
Srisuresh, et al. Informational [Page 1]RFC 5128 State of P2P Communication across NATs March 2008Table of Contents
1. Introduction and Scope ..........................................3
2. Terminology and Conventions Used ................................4
2.1. Endpoint ...................................................5
2.2. Endpoint Mapping ...........................................5
2.3. Endpoint-Independent Mapping ...............................5
2.4. Endpoint-Dependent Mapping .................................5
2.5. Endpoint-Independent Filtering .............................6
2.6. Endpoint-Dependent Filtering ...............................6
2.7. P2P Application ............................................7
2.8. NAT-Friendly P2P Application ...............................7
2.9. Endpoint-Independent Mapping NAT (EIM-NAT) .................7
2.10. Hairpinning ...............................................7
3. Techniques Used by P2P Applications to Traverse NATs ............7
3.1. Relaying ...................................................8
3.2. Connection Reversal ........................................9
3.3. UDP Hole Punching .........................................11
3.3.1. Peers behind Different NATs ........................12
3.3.2. Peers behind the Same NAT ..........................14
3.3.3. Peers Separated by Multiple NATs ...................16
3.4. TCP Hole Punching .........................................18
3.5. UDP Port Number Prediction ................................19
3.6. TCP Port Number Prediction ................................21
4. Recent Work on NAT Traversal ...................................22
5. Summary of Observations ........................................23
5.1. TCP/UDP Hole Punching .....................................23
5.2. NATs Employing Endpoint-Dependent Mapping .................23
5.3. Peer Discovery ............................................24
5.4. Hairpinning ...............................................24
6. Security Considerations ........................................24
6.1. Lack of Authentication Can Cause Connection Hijacking .....24
6.2. Denial-of-Service Attacks .................................25
6.3. Man-in-the-Middle Attacks .................................26
6.4. Security Impact from EIM-NAT Devices ......................26
7. Acknowledgments ................................................27
8. References .....................................................27
8.1. Normative References ......................................27
8.2. Informative References ....................................27
Srisuresh, et al. Informational [Page 2]RFC 5128 State of P2P Communication across NATs March 20081. Introduction and Scope
The present-day Internet has seen ubiquitous deployment of Network
Address Translators (NATs). There are a variety of NAT devices and a
variety of network topologies utilizing NAT devices in deployments.
The asymmetric addressing and connectivity regimes established by
datatracker.ietf.org