Responder a este comentário

The Challenge to Peer-to-Peer Internet Communication

Por Balena - Postado em 7 de maio, 2010

In an ideal world, all internet devices would be able to communicate with each other without restriction. The only intermediaries you would have in end to end communication would be routers. Each device would have a routable IP address giving it a publicly reachable Internet identity. Unfortunately, this isn't an ideal world or an ideal Internet. It is an Internet connected to private intranets with private IP (not publicly routable IP) addresses. These private nets used firewalls to keep out malicious attackers and use NAT (Network Address Translation) and NAT routers or NAT firewall/routers to pass traffic between the public IP space and the private, internal one. This passing of traffic through NAT is called NAT Traversal.

 

VoIP calls are Peer-to-Peer
 
 
The following bulleted item refers to the above figure, "VoIP calls are Peer-to-Peer":
  • IP address:port exposed by each Voice over IP (VoIP) client is the public Internet address. There is no NAT or Firewall changing or interfering with the signaling setup and media transmission/reception.

In brief, the way NAT works is that when a device on the internal, private network initiates a connection with a device on the public Internet, the initiating device will send all traffic to the NAT router first. The NAT router will replace the source address, the device's unroutable private address, with the NAT router's own public address before passing the traffic on to its Internet destination. When a response is received, the NAT router searches its translation tables, also known as mapping tables, to find the appropriate, original internal IP address and port of the initiating device. It then passes the response back to that device.

As you might suspect, while the NAT router can keep a mapping of its internal devices that are calling out to the Internet and fix up the addresses and ports, it has a more difficult problem when a device from the Internet calls into the internal network. That external device knows only the public information, meaning it knows the address of the NAT router not the internal address of the device it is seeking. In this case there needs to be some rule that tells the NAT router what to do with the message and resolve the address so that it can route it to the appropriate internal address. Without a mechanism for doing this, the router would simply discard the message and disallow any connections. Firewalls are meant to stop unknown connections from getting through, so obviously, if a connection can't be resolved the best security is to not let it through the firewall at all.

Different types of mechanisms are used to deal with this issue, the most common being what is referred to as a "Software Perimeter Network" and another technique called "port forwarding." In the first case, the NAT supports simple rules that tell it what to do in specific instances, such as "pass all incoming connection requests to the device with address XXX.XXX.X.X." In port forwarding, the NAT router passes incoming connection requests to different devices on the internal network depending on the type of connection, itself, such as web connections or email connections. If there are multiple devices on the internal network to which a certain type of connection from outside may or may not need to be established, then the rules break down and neither type of mechanism will do the trick.

These are the challenges to be overcome by all peer-to-peer communications, including VoIP. The challenge is industry wide in scope and the issue is definitely non-trivial in magnitude.

Tags

Responder

O conteúdo deste campo é privado não será exibido ao público.
  • Tags HTML permitidas: <p> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Endereços de páginas de internet e emails viram links automaticamente.

Mais informações sobre as opções de formatação