P2P网络中NAT穿透技术的研究与实现
|
摘要
近年来随着P2P技术的日益成熟与发展,以Maze, PPLive, Skype为代表的P2P文件共享软件和即时通信软件受到了越来越多用户的青睐。P2P是一种要求端到端的对等的连接与通信的技术,然而网络上存在的NAT设备却阻止来自外部未知网络主机的连接,这样就造成了P2P技术应用与发展的瓶颈。因为NAT设备隐藏了构建P2P网络的节点信息,因此如何使得位于NAT设备后面的节点在P2P网络中查找对方建立连接成为P2P技术发展过程中亟待解决的问题之一。
本文首先介绍了P2P技术的特点与应用场景,重点分析了本课题研究中涉及到的三种P2P模型。本文对NAT穿越理论的基础做了全面研究,包括NAT的原理,类型与应用,并对基于TCP的NAT穿越技术做了全面介绍,通过测试分析了目前基于TCP的NAT穿越的各种解决方案,并比较了这些技术的优缺点。
本文在研究了NUTSS协议的基础上,基于NUTSS协议应用的局限性提出了改进的NAT穿越模型CNUTS,并且提供了相关设计方案及核心实现代码。CNUTS模型的突出之处在于提出了两种全新的穿越模式:SYN/ACK生成模式和“同时打开”模式以及端口预测功能,这样建立了穿越行为与网络环境之间的关系,使得对于不同的NAT类型以及不同的网络架构,CNUTS能选择最优化的穿越行为建立TCP连接。
本文的重点集中在穿越模型的设计和实现。采取了模块化思想,在客户端以及服务器端实现了用户信息注册,类型检查,端口扫描,穿越选择,穿越通信模块以及维护注册信息的更新等功能。通过理论分析和仿真试验,新的穿越模型不但克服了目前穿透机制的对对称性NAT设备以及高安全性网络的不支持,而且提高了穿越的性能以及成功率,大大增强了P2P网络的通信效率。
本文最后对NAT穿越技术进行了展望。
With the development of P2P (Peer-to-Peer) technologies, some software in file sharing and instance message, for instance, Maze, PPLive and Skype, has been used more and more online. P2P is a technology which enables connection and telecommunication between peers, while some NAT equipment disables unknown outer connections, which prevent the development of p2P. So how to discover other peers behind NAT and make a connection is one of the problems in P2P networks.
First of all, the paper introduces the concept of P2P networks, and analysis three P2P modular covered in this paper. Also introduce NAT traversal theories over TCP, including NAT technology, types and implementation. And compares the advantages and disadvantages of approaches on the NAT traversal over TCP.
Then the paper introduces the optimized mechanism based on NUTSS protocol, CNUTS, and provides the design framework, core coding implantation. The principle method is proposed two traversal modes:SYN/ACK mode and "simultaneously open"mode, which make a optimized mode selection based on the net conditions and NAT types to enhance the traversal success rates effectively.
The paper emphasize on the design and implantation of traversal modular. At client and server point, user register, NAT type detection and selection of NAT traversal methods, updated messages modular are achieved in our system. And the test results identified the system can not only access to symmetric NAT, but also reach a high successful rates.
Finally the paper gives summarizations and prospect to NAT traversal.
本文首先介绍了P2P技术的特点与应用场景,重点分析了本课题研究中涉及到的三种P2P模型。本文对NAT穿越理论的基础做了全面研究,包括NAT的原理,类型与应用,并对基于TCP的NAT穿越技术做了全面介绍,通过测试分析了目前基于TCP的NAT穿越的各种解决方案,并比较了这些技术的优缺点。
本文在研究了NUTSS协议的基础上,基于NUTSS协议应用的局限性提出了改进的NAT穿越模型CNUTS,并且提供了相关设计方案及核心实现代码。CNUTS模型的突出之处在于提出了两种全新的穿越模式:SYN/ACK生成模式和“同时打开”模式以及端口预测功能,这样建立了穿越行为与网络环境之间的关系,使得对于不同的NAT类型以及不同的网络架构,CNUTS能选择最优化的穿越行为建立TCP连接。
本文的重点集中在穿越模型的设计和实现。采取了模块化思想,在客户端以及服务器端实现了用户信息注册,类型检查,端口扫描,穿越选择,穿越通信模块以及维护注册信息的更新等功能。通过理论分析和仿真试验,新的穿越模型不但克服了目前穿透机制的对对称性NAT设备以及高安全性网络的不支持,而且提高了穿越的性能以及成功率,大大增强了P2P网络的通信效率。
本文最后对NAT穿越技术进行了展望。
With the development of P2P (Peer-to-Peer) technologies, some software in file sharing and instance message, for instance, Maze, PPLive and Skype, has been used more and more online. P2P is a technology which enables connection and telecommunication between peers, while some NAT equipment disables unknown outer connections, which prevent the development of p2P. So how to discover other peers behind NAT and make a connection is one of the problems in P2P networks.
First of all, the paper introduces the concept of P2P networks, and analysis three P2P modular covered in this paper. Also introduce NAT traversal theories over TCP, including NAT technology, types and implementation. And compares the advantages and disadvantages of approaches on the NAT traversal over TCP.
Then the paper introduces the optimized mechanism based on NUTSS protocol, CNUTS, and provides the design framework, core coding implantation. The principle method is proposed two traversal modes:SYN/ACK mode and "simultaneously open"mode, which make a optimized mode selection based on the net conditions and NAT types to enhance the traversal success rates effectively.
The paper emphasize on the design and implantation of traversal modular. At client and server point, user register, NAT type detection and selection of NAT traversal methods, updated messages modular are achieved in our system. And the test results identified the system can not only access to symmetric NAT, but also reach a high successful rates.
Finally the paper gives summarizations and prospect to NAT traversal.
引文
[1]罗杰文,中科院计算所,PeertoPeer(P2P)综述,2005年12月
[2]杨天路,刘宇宏著.P2P网络技术原理与系统开发案例[M].北京:人民邮电出版社,2007.6.
[3]魏云飞.P2P网络模型发展研究.电脑与电信,2007,(2).73-75.
[4]刘小君,周文科.跨越NAT的P2P应用UDP通讯.现代计算机.2006.
[5]雷为民,张伟.SIPNAT问题阐述及其解决方案[J].通信世界,2005,6(4):38-39.
[6]杨璐,沈悦,蒋蕾.一种TCP协议穿透Symmetric NAT方案.计算机工程与应用,2007,(6):122-158.
[7]J. Rosenberg, R. Mahy, and P. Matthews, "Traversal Using Relays around NAT (TURN)," IETF Internet draft, work in progress, June 2008
[8]李鸿彬,杨雪华,雷为民.TURN服务器原型系统的设计与实现.计算机应用.2005
[9]J. Rosenberg, J. Weinberger, C. Huitema and R. Mahy,"STUN-Simple Traversal of client Datagram Protocol (UDP)Through Network Address Translators (NATs)", RFC 3489,March 2003
[10]Rosenberg J. Interactive Connectivity Establishment (ICE):A Methodology for Network AddressTranslator (NAT) Traversal for the Session Initia2tion Protocol (SIP) [S]. draft2rosenberg2sipping2ice201 (work in progress) June 30,2003.
[11]Bryan Ford, Pyda Srisuresh and Dan Kegel. "Peer-to-Peer Communication Across Network Address Translators".2005
[12]Srisuresh P. IP Network Address Translator (NAT) Terminology and Cousideration[S].IETF RFC2663,1999,16-19.
[13]Rosenberg J,Mahy R, Sen S. NAT and Firewall Scenarios and Solutions for SIP[S]. draft2ietf2sip2ping2nat2scenarios200 (work in progress), June2002.
[14]Ford B, Srisuresh P, Kegel D. Peer-to-peer communication across network address translators[Z]. In Proceedings of the 2005 USENIX Annual Technical Conference(Anaheim, CA, Apr.2005).
[15]Jianwei Zhang, Renjie Pi, Fuzhou yao, jicheng Quan, Yuanfei Guo." Router UDP switch support NAT traversal".2007
[16]Daniel Collins著,舒英华,李勇译.VoIP技术与应用,2003.6
[17]Gary R.Wright W.Richard Stevens著,陆雪莹,蒋慧等译.TCP/IP详解(卷2):实现,.北京:机械工业出版社,2000
[18]W.Richard Stevens著,范建华,胥光辉,张涛等译.TCP/IP详解(卷1):协议,北京:机械工业出版社,2000
[19]P. Maymounkovand D. Mazieres, "Kademlia:A Peer-to-peer Information System Based on the XOR Metric", In Proc. IPTPS,2002.
[20]Arno Wackerl, Gregor Schiele, Sebastian Holzapfell, Torben Weis, "A NAT Traversal Mechanism for Peer-To_Peer Networks",TENCON 2007-2007 IEEE Region 10 Conference.2007
[2i]A. Muller, A. Klenk, and Carle, "On the Applicability of Knowledge-Based NAT-Traversal for Future Home Networks", Proc. IFIP Networking 2008, Springer, Singapore, May 2008
[22]P.Srisurensh, K.Egevang, Traditional IP Network Address Translator (Traditional NAT) RFC 3022, IETF, January 2001
[23]Hyung-doh Shon; Seok-jun Han; Seung-chan Kang, "A Study on Direct Connection Method from Outside NAT to the Inside", Convergence and Hybrid Information Technology,2008. ICCIT'08. Third International Conference on Volume 2,2008 pp.218-221
[24]祝铭,李佳,陆际光.基于DHT对象定位机制的P2P系统的研究.福建电脑2007,(1):45.
[25]胡雁.P2P网络中资源查找方法的研究.计算机与数字工程,2007,(1):109-112.
[26]索望,方禺,王昆.P2P协议中的安全机制[J].网络信息安全,2004,4(10):32-35.
[2]杨天路,刘宇宏著.P2P网络技术原理与系统开发案例[M].北京:人民邮电出版社,2007.6.
[3]魏云飞.P2P网络模型发展研究.电脑与电信,2007,(2).73-75.
[4]刘小君,周文科.跨越NAT的P2P应用UDP通讯.现代计算机.2006.
[5]雷为民,张伟.SIPNAT问题阐述及其解决方案[J].通信世界,2005,6(4):38-39.
[6]杨璐,沈悦,蒋蕾.一种TCP协议穿透Symmetric NAT方案.计算机工程与应用,2007,(6):122-158.
[7]J. Rosenberg, R. Mahy, and P. Matthews, "Traversal Using Relays around NAT (TURN)," IETF Internet draft, work in progress, June 2008
[8]李鸿彬,杨雪华,雷为民.TURN服务器原型系统的设计与实现.计算机应用.2005
[9]J. Rosenberg, J. Weinberger, C. Huitema and R. Mahy,"STUN-Simple Traversal of client Datagram Protocol (UDP)Through Network Address Translators (NATs)", RFC 3489,March 2003
[10]Rosenberg J. Interactive Connectivity Establishment (ICE):A Methodology for Network AddressTranslator (NAT) Traversal for the Session Initia2tion Protocol (SIP) [S]. draft2rosenberg2sipping2ice201 (work in progress) June 30,2003.
[11]Bryan Ford, Pyda Srisuresh and Dan Kegel. "Peer-to-Peer Communication Across Network Address Translators".2005
[12]Srisuresh P. IP Network Address Translator (NAT) Terminology and Cousideration[S].IETF RFC2663,1999,16-19.
[13]Rosenberg J,Mahy R, Sen S. NAT and Firewall Scenarios and Solutions for SIP[S]. draft2ietf2sip2ping2nat2scenarios200 (work in progress), June2002.
[14]Ford B, Srisuresh P, Kegel D. Peer-to-peer communication across network address translators[Z]. In Proceedings of the 2005 USENIX Annual Technical Conference(Anaheim, CA, Apr.2005).
[15]Jianwei Zhang, Renjie Pi, Fuzhou yao, jicheng Quan, Yuanfei Guo." Router UDP switch support NAT traversal".2007
[16]Daniel Collins著,舒英华,李勇译.VoIP技术与应用,2003.6
[17]Gary R.Wright W.Richard Stevens著,陆雪莹,蒋慧等译.TCP/IP详解(卷2):实现,.北京:机械工业出版社,2000
[18]W.Richard Stevens著,范建华,胥光辉,张涛等译.TCP/IP详解(卷1):协议,北京:机械工业出版社,2000
[19]P. Maymounkovand D. Mazieres, "Kademlia:A Peer-to-peer Information System Based on the XOR Metric", In Proc. IPTPS,2002.
[20]Arno Wackerl, Gregor Schiele, Sebastian Holzapfell, Torben Weis, "A NAT Traversal Mechanism for Peer-To_Peer Networks",TENCON 2007-2007 IEEE Region 10 Conference.2007
[2i]A. Muller, A. Klenk, and Carle, "On the Applicability of Knowledge-Based NAT-Traversal for Future Home Networks", Proc. IFIP Networking 2008, Springer, Singapore, May 2008
[22]P.Srisurensh, K.Egevang, Traditional IP Network Address Translator (Traditional NAT) RFC 3022, IETF, January 2001
[23]Hyung-doh Shon; Seok-jun Han; Seung-chan Kang, "A Study on Direct Connection Method from Outside NAT to the Inside", Convergence and Hybrid Information Technology,2008. ICCIT'08. Third International Conference on Volume 2,2008 pp.218-221
[24]祝铭,李佳,陆际光.基于DHT对象定位机制的P2P系统的研究.福建电脑2007,(1):45.
[25]胡雁.P2P网络中资源查找方法的研究.计算机与数字工程,2007,(1):109-112.
[26]索望,方禺,王昆.P2P协议中的安全机制[J].网络信息安全,2004,4(10):32-35.