局域网的主机 将私有IP转换成公有IP才能出公网 ,哪么他是怎么转的呢? NAT将私网IP转换为公网IP的过程是哪些?
\u79c1\u6709IP\u5730\u5740\u4e0e\u516c\u6709IP\u5730\u5740\u662f\u600e\u6837\u8f6c\u6362\u7684\uff1f\u5728\u8def\u7531\u5668\u91cc\u505aNAT\u5730\u5740\u8f6c\u6362\uff0c\u901a\u5e38\u662f\u67093\u79cd\u8f6c\u6362\u5f62\u5f0f`1\uff0c\u9759\u6001\u8f6c\u6362\uff0c1\u5bf91\uff0c\u4e00\u4e2a\u5185\u7f51\u5730\u5740\u5bf9\u5e94\u4e00\u4e2a\u5916\u7f51\u5730\u5740\uff0c\u8def\u7531\u63a5\u5230\u5bf9\u8fd9\u4e2a\u5916\u7f51\u5730\u5740\u7684\u8bf7\u6c42\u76f4\u63a5\u8f6c\u5230\u5bf9\u5e94\u7684\u5185\u7f51\u5730\u57402\uff0c\u8f6e\u6d41\u8f6c\u6362\u7684\uff0c\u4e00\u822c\u662f\u591a\u5bf9\u591a\uff0c\u6bd4\u5982\u8bf4\u67093\u4e2a\u5185\u7f51\u5730\u5740192.168.1.1 1.2\u548c1.3\uff0c\u67092\u4e2a\u516c\u7f51\u5730\u5740 x.x.x.1\u548cx.x.x.2\uff0c\u8def\u7531\u63a5\u5230x.1\u7684\u8bf7\u6c42\uff0c\u8f6c\u7ed91.1\uff0c\u63a5\u5230x.2\u7684\u8bf7\u6c42\u8f6c\u7ed91.2\uff0c\u53c8\u63a5\u5230x.1\u7684\u8bf7\u6c42\u8f6c\u7ed91.3\uff0c\u8fd9\u6837\u8f6e\u6d413\uff0c\u5355IP\u591a\u7aef\u53e3\uff0c\u591a\u5bf91\uff0c\u4e00\u5806\u5185\u7f51\u5730\u5740\u5bf9\u5e94\u4e00\u4e2a\u516c\u7f51\u5730\u5740\uff0c\u516c\u7f51\u5730\u5740\u7528\u540c\u4e00\u4e2aIP\u4e0d\u540c\u7684\u7aef\u53e3\u5bf9\u5e94\u5185\u7f51\u4e0d\u540c\u7684IP\uff0c\u6bd4\u5982\u516c\u7f51IPx.x.x.1\uff1a1\u5bf9\u5e94192.168.1.1\uff0cIPx.x.x.1\uff1a2\u5bf9\u5e94192.168.1.2\uff0c\u7b49\u7b49\uff0c\u4e00\u822c\u7f51\u5427\u90fd\u7528\u8fd9\u79cd`
\u968f\u7740IPv6\u65f6\u4ee3\u7684\u5230\u6765\uff0c\u6211\u4e5f\u4e00\u76f4\u6000\u7591\uff0c\u662f\u4e0d\u662f\u8fd8\u6709\u5fc5\u8981\u518d\u53bb\u5b66\u4e60NAT\u6280\u672f\u2014\u2014\u56e0\u4e3a\u7f51\u7edc\u7684\u8d44\u6e90\u4e0d\u518d\u5982IPv4\u65f6\u4ee3\u532e\u4e4f\uff0c\u800cNAT\u6280\u672f\u6b63\u662f\u4e3a\u89e3\u51b3IP\u5730\u5740\u7684\u7d27\u7f3a\u800c\u5b58\u5728\u7684\uff0c\u5982\u6b64\uff0cNAT\u4fbf\u6ca1\u6709\u5b58\u5728\u7684\u5fc5\u8981\u4e86\u3002
\u4f46\u662f\uff0c\u968f\u7740\u8fd9\u7bc7\u6587\u7ae0\u7684\u7ffb\u8bd1\uff0c\u6211\u7684\u6000\u7591\u6162\u6162\u53d8\u6210\u5e86\u5e78\uff0c\u6e10\u800c\u53c8\u53d8\u4e3a\u80af\u5b9a\uff0c\u901a\u8fc7\u7ffb\u8bd1\u6240\u5b66\u5230\u7684\u4e1c\u897f\uff0c\u4e0d\u518d\u4ec5\u4ec5\u662f\u7ffb\u8bd1\u7b2c\u4e00\u624b\u8d44\u6599\u5e26\u6765\u7684\u6210\u5c31\u611f\uff0c\u66f4\u591a\u7684\u662f\u901a\u8fc7\u7ffb\u8bd1\uff0c\u53bb\u9886\u609f\u6280\u672f\u524d\u8f88\u4eec\u7684\u667a\u6167\u4e0e\u7ecf\u9a8c\uff0c\u4e5f\u901a\u8fc7\u7ffb\u8bd1\uff0c\u517b\u6210\u81ea\u5df1\u4ece\u7b2c\u4e00\u624b\u8d44\u6599\u83b7\u5f97\u4fe1\u606f\u7684\u4e60\u60ef\uff0c\u4ece\u800c\u5c06\u89c6\u91ce\u653e\u5f97\u66f4\u5bbd\uff0c\u8ba9\u7406\u89e3\u66f4\u4e3a\u900f\u5f7b\u2014\u2014\u81f3\u5c11\uff0c\u5f88\u591a\u4e1c\u897f\u90fd\u662f\u8981\u7ecf\u8fc7\u4ed4\u7ec6\u659f\u914c\u624d\u771f\u6b63\u8f6c\u5316\u4e3a\u81ea\u5df1\u601d\u60f3\u7684\u4e00\u90e8\u5206\u7684\u3002\u6b63\u662f\u5982\u6b64\uff0c\u6211\u624d\u575a\u5b9a\u7684\u8981\u628a\u8fd9\u7bc7\u6587\u7ae0\u7ffb\u8bd1\u5b8c\uff0c\u4e5f\u5982\u4e4b\u524d\u6240\u63d0\u5230\u7684\uff0c\u5982\u679c\u65f6\u95f4\u5141\u8bb8\u7684\u8bdd\uff0c\u6211\u4f1a\u7528C#\u6765\u5199\u4e00\u4e9b\u4f8b\u5b50\uff0c\u8ba9\u5927\u5bb6\u66f4\u597d\u7684\u7406\u89e3NAT\u6280\u672f\uff0c\u638c\u63e1NAT\u6280\u672f\uff08\u4e3b\u8981\u6d89\u53ca\u5230\u5373\u65f6\u901a\u8baf\u3001\u6587\u4ef6\u5bf9\u7b49\u4f20\u8f93\u548c\u8bed\u97f3\u5e94\u7528\u4e09\u4e2a\u65b9\u9762\uff09\u3002
\u8fd9\u7bc7\u6587\u7ae0\u4e3b\u8981\u662f\u4ecb\u7ecd\u4e00\u4e0b\u201c\u4ee3\u7406\u201d\u673a\u5236\u7684\u8d77\u56e0\u4ee5\u53ca\u7ed9P2P\u5e94\u7528\u5e26\u6765\u7684\u4e0d\u4fbf\uff0c\u4e0d\u9700\u8981\u4efb\u4f55\u57fa\u7840\u77e5\u8bc6\uff1a\uff09
1. Introduction
1\u3001\u7b80\u4ecb
\u5173\u952e\u8bcd\uff1a
middleboxe(s) \u2014\u2014 \u6211\u7ffb\u8bd1\u6210\u201c\u4ee3\u7406\u201d\uff0c\u4e5f\u8bb8\u6709\u66f4\u597d\u7684\u7ffb\u8bd1
host \u2014\u2014 \u6211\u7ffb\u8bd1\u6210\u201c\u4e3b\u673a\u201d\uff0c\u5e0c\u671b\u5927\u5bb6\u4e0d\u8981\u7406\u89e3\u6210\u670d\u52a1\u5668\u4e86\uff0c\u4e3b\u673a\u5c31\u662f\u4e00\u53f0\u666e\u901a\u7684\u7ec8\u7aef\u673a
Present-day Internet has seen ubiquitous deployment of "middleboxes" such as network address translators(NAT), driven primarily by the ongoing depletion of the IPv4 address space. The asymmetric addressing and connectivity regimes established by these middleboxes, however, have created unique problems for peer-to-peer (P2P) applications and protocols, such as teleconferencing and multiplayer on-line gaming. These issues are likely to persist even into the IPv6 world, where NAT is often used as an IPv4 compatibility mechanism [NAT-PT], and firewalls will still be commonplace even after NAT is no longer required.
\u5728\u5f53\u4eca\u7684Internet\u4e2d\uff0c\u666e\u904d\u5b58\u5728\u4f7f\u7528\u201c\u4ee3\u7406\u201d\u8bbe\u5907\u6765\u8fdb\u884c\u7f51\u7edc\u5730\u5740\u8f6c\u6362\uff08NAT\uff09\uff0c\u5bfc\u81f4\u8fd9\u79cd\u73b0\u8c61\u7684\u539f\u56e0\u662f IPV4 \u5730\u5740\u7a7a\u95f4\u7684\u8d44\u6e90\u8017\u5c3d\u5371\u673a\u3002\u867d\u7136\u4e0d\u5bf9\u79f0 asymmetric \u7684\u5730\u5740\u5206\u914d\u548c\u8fde\u901a\u6027\u5236\u5ea6\u5df2\u7ecf\u5728\u4ee3\u7406\u4e2d\u88ab\u5b9a\u4e49\uff0c\u4f46\u662f\u5374\u7ed9\u7aef\u5bf9\u7aef\u5e94\u7528\u7a0b\u5e8f\u548c\u534f\u8bae\u5236\u5b9a\u9020\u6210\u4e86\u4e00\u4e9b\u7279\u6b8a\u7684\u95ee\u9898\u3002\u50cf\u7535\u8bdd\u4f1a\u8bae\u548c\u591a\u5a92\u4f53\u7f51\u7edc\u6e38\u620f\u3002\u8fd9\u4e9b\u95ee\u9898\u5373\u4f7f\u5728IPV6\u4e16\u754c\u4e2d\u8fd8\u662f\u4f1a\u5b58\u5728\uff0c\u56e0\u4e3aNAT\u4f5c\u4e3aIPV4\u7684\u4e00\u79cd\u517c\u5bb9\u6027\u673a\u5236\u7ecf\u5e38\u88ab\u4f7f\u7528[NAT-PT]\uff0c\u5e76\u4e14\u9632\u706b\u5899\u5c06\u4ecd\u7136\u5c06\u666e\u904d\u5b58\u5728\uff0c\u5373\u4f7f\u4e0d\u518d\u9700\u8981NAT\u6280\u672f\u3002
Currently deployed middleboxes are designed primarily around the client/server paradigm, in which relatively anonymous client machines actively initiate connections to well-connected servers having stable IP addresses and DNS names.
Most middleboxes implement an asymmetric communication model in which hosts on the private internal network can initiate outgoing connections to hosts on the public network, but external hosts cannot initiate connections to internal hosts except as specifically configured by the middlebox's administrator. In the common case of NAPT, a client on the internal network does not have a unique IP address on the public Internet, but instead must share a single public IP address, managed by the NAPT, with other hosts on the same private network.The anonymity and inaccessibility of the internal hosts behind a middlebox is not a problem for client software such as web browsers, which only need to initiate outgoing connections. This inaccessibility is sometimes seen as a privacy benefit.
\u5f53\u524d\u4f7f\u7528\u7684\u201c\u4ee3\u7406\u201d\u6280\u672f\u4e3b\u8981\u662f\u4e3a \u5ba2\u6237\u7aef/\u670d\u52a1\u7aef C/S \u7ed3\u6784\u8bbe\u8ba1\u7684\uff0c\u4e3a\u4e86\u5b9e\u73b0\u90a3\u4e9b\u9700\u8981\u8fde\u63a5\u4f46\u662f\u53c8\u6ca1\u6709\u56fa\u5b9aIP\u5730\u5740\u7684\u5ba2\u6237\u7aef\u80fd\u591f\u8fde\u63a5\u5230\u4e00\u53f0\u914d\u7f6e\u597d\u7684\u62e5\u6709\u56fa\u5b9aIP\u548cDNS\u57df\u540d\u7684\u670d\u52a1\u5668\u3002
\u5927\u591a\u6570\u7684\u201c\u4ee3\u7406\u201d\u4f7f\u7528\u4e00\u79cd asymmetric \u901a\u4fe1\u6a21\u578b\uff0c\u5373 \u79c1\u7f51\uff08\u5c40\u57df\u7f51\uff09 \u7684\u4e3b\u673a\u80fd\u53d1\u8d77\u4e00\u4e2a\u201c\u5916\u51fa\u201d\u8fde\u63a5\u53bb\u8fde\u63a5\u516c\u7f51\u4e0a\u7684\u4e3b\u673a\u3002 \u4f46\u662f\u516c\u7f51\u4e0a\u7684\u4e3b\u673a\u5374\u65e0\u6cd5\u53d1\u9001\u4fe1\u606f\u7ed9\u79c1\u7f51\u4e0a\u7684\u4e3b\u673a\uff08\u9664\u975e\u5bf9\u201c\u4ee3\u7406\u201d\u8fdb\u884c\u7279\u6b8a\u7684\u914d\u7f6e\uff09\uff0cNAPT\uff08\u7f51\u7edc\u5730\u5740\u7aef\u53e3\u8f6c\u6362\uff09\u7684\u666e\u901a\u60c5\u51b5\u662f\uff0c\u4e00\u4e2a\u79c1\u7f51\u5ba2\u6237\u7aef\u4e0d\u9700\u8981\u4e00\u4e2a\u516c\u7f51\u7684\u56fa\u5b9a\u7684IP\u5730\u5740\uff0c\u4f46\u662f\u5fc5\u987b\u8981\u5171\u4eab\u4e00\u4e2a\u7531NAPT\u63a7\u5236\u7684\u516c\u7f51\u7684\u56fa\u5b9aIP\u5730\u5740\uff08\u5f53\u7136\u8fd9\u4e2aNAPT\u662f\u5904\u4e8e\u540c\u4e00\u4e2a\u79c1\u7f51\u5185\u90e8\u7684\uff09\u3002\u8fd9\u6837\u7684\u8bdd\uff0c\u8fd9\u4e9b\u533f\u540d\u7684\u5e76\u4e14\u770b\u8d77\u6765\u96be\u4ee5\u89e6\u53ca\u7684\u85cf\u5728NAT\u4e4b\u540e\u7684\u5185\u7f51\u4e3b\u673a\u5bf9\u4e8e\u50cf Web\u6d4f\u89c8\u5668 \u8fd9\u79cd\u8f6f\u4ef6\u6765\u8bf4\u5c31\u4e0d\u662f\u4e00\u4e2a\u95ee\u9898,\u56e0\u4e3a\u5185\u7f51\u7684\u4e3b\u673a\u53ea\u9700\u8981\u53d1\u8d77\u5411\u5916\u90e8\u7684\u8fde\u63a5\u5c31\u53ef\u4ee5\u4e86\u3002\u8fd9\u6837\u4e00\u6765\uff0c\u65e0\u6cd5\u89e6\u53ca\u4e5f\u8fd8\u662f\u6709\u4ed6\u7684\u4f18\u70b9\u7684\u2014\u2014\u90a3\u5c31\u662f\u5177\u6709\u4fdd\u5bc6\u6027\u3002
In the peer-to-peer paradigm, however, Internet hosts that would normally be considered "clients" need to establish communication sessions directly with each other. The initiator and the responder might lie behind different middleboxes with neither endpoint having any permanent IP address or other form of public network presence. A common on-line gaming architecture, for example, is for the participating application hosts to contact a well-known server for initialization and administration purposes. Subsequent to this, the hosts establish direct connections with each other for fast and efficient propagation of updates during game play.
Similarly, a file sharing application might contact a well-known server for resource discovery or searching, but establish direct connections with peer hosts for data transfer. Middleboxes create problems for peer-to-peer connections because hosts behind a middlebox normally have no permanently usable public ports on the Internet to which incoming TCP or UDP connections from other peers can be directed.
RFC 3235 [NAT-APPL] briefly addresses this issue, but does not offer any general solutions.
\u7136\u800c\uff0c\u5728P2P\u7684\u5e94\u7528\u4e2d\uff0cInternet\u4e0a\u7684\u201c\u5ba2\u6237\u673a\u201d\u4e4b\u95f4\u662f\u9700\u8981\u5efa\u7acb\u4e00\u4e2a\u901a\u4fe1\u4f1a\u8bdd\u76f4\u8fde\u7684\u3002\u9080\u8bf7\u8005\u548c\u54cd\u5e94\u8005\u4e5f\u8bb8\u4f1a\u5904\u4e8e\u4e0d\u540c\u7684NAT\u4e4b\u540e\uff0c\u4e5f\u8bb8\u4ed6\u4eec\u90fd\u6ca1\u6709\u56fa\u5b9aIP\u6216\u8005\u5373\u4f7f\u6709\u4e5f\u4e0d\u662f\u516c\u7f51\u7684IP\u5730\u5740\u3002\u4e3e\u4f8b\u6765\u8bf4\uff0c\u5728\u4e00\u4e2a\u666e\u901a\u7684\u7f51\u7edc\u6e38\u620f\u4f53\u7cfb\u7ed3\u6784\u4e2d\uff0c\u90fd\u662f\u901a\u8fc7\u5ba2\u6237\u7aef\u5411\u4e00\u4e2a\u5177\u6709\u516c\u7f51\u56fa\u5b9aIP\u7684\u670d\u52a1\u5668\u53d1\u8d77\u7533\u8bf7\u8fdb\u884c\u521d\u59cb\u5316\u5e76\u901a\u8fc7\u9a8c\u8bc1\u7684\u3002\u540c\u65f6\uff0c\u5ba2\u6237\u7aef\u4e4b\u95f4\u4e5f\u8981\u5efa\u7acb\u76f4\u8fde\uff0c\u624d\u4f7f\u7f51\u7edc\u95f4\u4f20\u8f93\u7684\u901f\u5ea6\u52a0\u5feb\uff0c\u4fdd\u8bc1\u6570\u636e\u5373\u65f6\u66f4\u65b0\uff08\u4e0d\u7136\u62a2\u4e0d\u5230\u88c5\u5907\u554a\uff0c\u5475\u5475\uff09\u3002
\u540c\u6837\u7684\uff0c\u4e00\u4e2a\u6587\u4ef6\u5171\u4eab\u5e94\u7528\u7a0b\u5e8f\u4e5f\u5fc5\u987b\u901a\u8fc7\u5230\u4e00\u4e2a\u670d\u52a1\u5668\u4e0a\u53bb\u67e5\u627e\u5b83\u60f3\u8981\u7684\u8d44\u6e90\uff0c\u7136\u540e\u518d\u5230\u62e5\u6709\u8fd9\u4e2a\u6570\u636e\u7684\u4e3b\u673a\u4e0a\u53bb\u4e0b\u8f7d\uff08BT\u7f51\u7ad9\uff0c\u8d70\u4e86\u4e00\u4e2a\u4e2d\u4ecb\uff09\uff0c\u201c\u4ee3\u7406\u201d\u9020\u6210\u4e86\u5f88\u591aP2P\u76f4\u8fde\u7684\u95ee\u9898\uff0c\u56e0\u4e3a\u85cf\u5728\u201c\u4ee3\u7406\u201d\u4e4b\u540e\u7684\u7684\u4e3b\u673a\u901a\u5e38\u6ca1\u6709\u56fa\u5b9a\u7684\u7aef\u53e3\u6765\u4f7f\u5176\u4ed6\u7684\u5ba2\u6237\u7aef\u53d1\u8d77\u7684TCP\u6216UDP\u8fde\u63a5\u80fd\u591f\u6700\u7ec8\u5230\u8fbe\u3002
RFC 3235[NAT-APPL] \u7b80\u8981\u7684\u63d0\u5230\u4e86\u8fd9\u4e2a\u95ee\u9898\uff0c\u4f46\u662f\u6ca1\u6709\u7ed9\u51fa\u4efb\u4f55\u7684\u89e3\u51b3\u65b9\u6848\u3002
In this document we address the P2P/middlebox problem in two ways. First, we summarize known methods by which P2P applications can work around the presence of middleboxes. Second, we provide a set of application design guidelines based on these practices to make P2P applications operate more robustly over currently-deployed middleboxes. Further, we provide design guidelines for future middleboxes to allow them to support P2P applications more effectively. Our focus is to enable immediate and wide deployment of P2P applications requiring to traverse middleboxes.
\u5728\u8fd9\u7bc7\u6587\u7ae0\u4e2d\uff0c\u6211\u4eec\u7528\u4e24\u79cd\u65b9\u5f0f\u8ba8\u8bba P2P/\u4ee3\u7406 \u7684\u95ee\u9898\u3002\u9996\u5148\uff0c\u6982\u8981\u7684\u8bb2\u53d9\u5df2\u6709\u7684P2P\u5e94\u7528\u7a0b\u5e8f\u80fd\u591f\u5728\u73b0\u6709\u7684\u4ee3\u7406\u673a\u5236\u4e2d\u7684\u5de5\u4f5c\u539f\u7406\u3002\u7136\u540e\uff0c\u6211\u4eec\u63d0\u4f9b\u4e00\u7ec4\u5e94\u7528\u7a0b\u5e8f\u8bbe\u8ba1\u6307\u5357\uff0c\u57fa\u4e8e\u5df2\u6709\u7684\u5b9e\u8df5\uff0c\u5728\u73b0\u6709\u7684\u914d\u7f6e\u597d\u7684\u4ee3\u7406\u4e0a\uff0c\u6765\u4f7f\u5f97P2P\u5e94\u7528\u7a0b\u5e8f\u64cd\u4f5c\u66f4\u52a0\u6709\u6761\u7406\u3002\u6700\u540e\uff0c\u6211\u4eec\u63d0\u4f9b\u4e86\u8bbe\u8ba1\u6307\u5357\uff0c\u4e3a\u4ee5\u540e\u7684\u4ee3\u7406\u673a\u5236\u80fd\u591f\u66f4\u65b9\u4fbf\u652f\u6301P2P\u5e94\u7528\u7a0b\u5e8f\u3002\u8ba8\u8bba\u7684\u7126\u70b9\u662f\u5982\u4f55 \u76f4\u63a5\u7684\u3001\u5e7f\u6cdb\u7684 \u914d\u7f6e\u90a3\u4e9b\u9700\u8981\u7ecf\u8fc7\u201c\u4ee3\u7406\u201d\u7684P2P\u5e94\u7528\u7a0b\u5e8f\u3002
Peer-to-Peer (P2P) communication across middleboxes\uff08\u672f\u8bed\u7bc7\uff09
2. Terminology
2. \u672f\u8bed
In this section we first summarize some middlebox terms. We focus hereon the two kinds of middleboxes that commonly cause problems for P2P applications.
\u5728\u8fd9\u4e00\u7ae0\u8282\u4e2d\uff0c\u9996\u5148\u6982\u8981\u7684\u4ecb\u7ecd\u4e00\u4e0b\u201c\u4ee3\u7406\u201d\u6280\u672f\u7684\u4e00\u4e9b\u672f\u8bed\u3002\u7136\u540e\u96c6\u4e2d\u8ba8\u8bba\u4e24\u79cd\u9020\u6210P2P\u5e94\u7528\u95ee\u9898\u7684\u4ee3\u7406\u673a\u5236\u3002
Firewall
A firewall restricts communication between a private internal network and the public Internet, typically by dropping packets that are deemed unauthorized. A firewall examines but does not modify the IP address and TCP/UDP port information in packets crossing the boundary.
\u9632\u706b\u5899
\u9632\u706b\u5899\u9650\u5236\u4e86\u79c1\u7f51\u4e0e\u516c\u7f51\u7684\u901a\u4fe1\uff0c\u5b83\u4e3b\u8981\u662f\u5c06\uff08\u9632\u706b\u5899\uff09\u8ba4\u4e3a\u672a\u7ecf\u6388\u6743\u7684\u7684\u5305\u4e22\u5f03\uff0c\u9632\u706b\u5899\u53ea\u662f\u68c0\u9a8c\u5305\u7684\u6570\u636e\uff0c\u5e76\u4e0d\u4fee\u6539\u6570\u636e\u5305\u4e2d\u7684IP\u5730\u5740\u548cTCP/UDP\u7aef\u53e3\u4fe1\u606f\u3002
Network Address Translator (NAT)
A network address translator not only examines but also modifies the header information in packets flowing across the boundary, allowing many hosts behind the NAT to share the use of a smaller number of public IP addresses (often one). Network address translators in turn have two main varieties:
\u7f51\u7edc\u5730\u5740\u8f6c\u6362\uff08NAT\uff09
\u5f53\u6709\u6570\u636e\u5305\u901a\u8fc7\u65f6\uff0c\u7f51\u7edc\u5730\u5740\u8f6c\u6362\u5668\u4e0d\u4ec5\u68c0\u67e5\u5305\u7684\u4fe1\u606f\uff0c\u8fd8\u8981\u5c06\u5305\u5934\u4e2d\u7684IP\u5730\u5740\u548c\u7aef\u53e3\u4fe1\u606f\u8fdb\u884c\u4fee\u6539\u3002\u4ee5\u4f7f\u5f97\u5904\u4e8eNAT\u4e4b\u540e\u7684\u673a\u5668\u5171\u4eab\u51e0\u4e2a\u4ec5\u6709\u7684\u516c\u7f51IP\u5730\u5740\uff08\u901a\u5e38\u662f\u4e00\u4e2a\uff09\u3002\u7f51\u7edc\u5730\u5740\u8f6c\u6362\u5668\u4e3b\u8981\u6709\u4e24\u79cd\u7c7b\u578b\uff1a
Basic NAT
A Basic NAT maps an internal host's private IP address to a public IP address without changing the TCP/UDP port numbers in packets crossing the boundary. Basic NAT is generally only useful when the NAT has a pool of public IP addresses from which to make address bindings on behalf of internal hosts.
\u57fa\u7840NAT
\u57fa\u7840NAT \u5c06\u79c1\u7f51\u4e3b\u673a\u7684\u79c1\u6709IP\u5730\u5740\u8f6c\u6362\u6210\u516c\u7f51IP\u5730\u5740\uff0c\u4f46\u5e76\u4e0d\u5c06TCP/UDP\u7aef\u53e3\u4fe1\u606f\u8fdb\u884c\u8f6c\u6362\u3002\u57fa\u7840NAT\u4e00\u822c\u7528\u5728\u5f53NAT\u62e5\u6709\u5f88\u591a\u516c\u7f51IP\u5730\u5740\u7684\u65f6\u5019\uff0c\u5b83\u5c06\u516c\u7f51IP\u5730\u5740\u4e0e\u5185\u90e8\u4e3b\u673a\u8fdb\u884c\u7ed1\u5b9a\uff0c\u4f7f\u5f97\u5916\u90e8\u53ef\u4ee5\u7528\u516c\u7f51IP\u5730\u5740\u8bbf\u95ee\u5185\u90e8\u4e3b\u673a\u3002\uff08\u8bd1\u8005\u6ce8\uff1a\u5b9e\u9645\u4e0a\u662f\u53ea\u5c06IP\u8f6c\u6362\uff0c192.168.0.23 210.42.106.35,\u8fd9\u4e0e\u76f4\u63a5\u8bbe\u7f6eIP\u5730\u5740\u4e3a\u516c\u7f51IP\u8fd8\u662f\u6709\u4e00\u5b9a\u533a\u522b\u7684\uff0c\u7279\u522b\u662f\u5bf9\u4e8e\u4f01\u4e1a\u6765\u8bf4\uff0c\u5916\u90e8\u7684\u4fe1\u606f\u90fd\u8981\u7ecf\u8fc7\u7edf\u4e00\u9632\u706b\u5899\u624d\u80fd\u5230\u8fbe\u5185\u90e8\uff0c\u4f46\u662f\u5185\u90e8\u4e3b\u673a\u53c8\u53ef\u4ee5\u4f7f\u7528\u516c\u7f51IP\uff09
Network Address/Port Translator (NAPT)
By far the most common, a Network Address/Port Translator examines and modifies both the IP address and the TCP/UDP port number fields of packets crossing the boundary, allowing multiple internal hosts to share a single public IP address simultaneously.
Refer to [NAT-TRAD] and [NAT-TERM] for more general information on NAT taxonomy and terminology. Additional terms that further classify NAPT are defined in more recent work [STUN]. When an internal host opens an outgoing TCP or UDP session through a network address/port translator, the NAPT assigns the session a public IP address and port number so that subsequent response packets from the external endpoint can be received by the NAPT, translated, and forwarded to the internal host. The effect is that the NAPT establishes a port binding between (private IP address, private port number) and (public IP address, public port number).
The port binding defines the address translation the NAPT will perform for the duration of the session. An issue of relevance to P2P applications is how the NAT behaves when an internal host initiates multiple simultaneous sessions from a single (private IP, private port) pair to multiple distinct endpoints on the external network.
\u7f51\u7edc\u5730\u5740\u548c\u7aef\u53e3\u8f6c\u6362 \uff08NAPT\uff09
\u8fd9\u662f\u6700\u666e\u904d\u7684\u60c5\u51b5\uff0c\u7f51\u7edc\u5730\u5740/\u7aef\u53e3\u8f6c\u6362\u5668\u68c0\u67e5\u3001\u4fee\u6539\u5305\u7684IP\u5730\u5740\u548cTCP/UDP\u7aef\u53e3\u4fe1\u606f\uff0c\u8fd9\u6837\uff0c\u66f4\u591a\u7684\u5185\u90e8\u4e3b\u673a\u5c31\u53ef\u4ee5\u540c\u65f6\u4f7f\u7528\u4e00\u4e2a\u516c\u7f51IP\u5730\u5740\u3002
\u8bf7\u53c2\u8003[NAT-TRAD]\u548c[NAT-TERM]\u4e24\u4e2a\u6587\u6863\u4e86\u89e3\u66f4\u591a\u7684NAT\u5206\u7c7b\u548c\u672f\u8bed\u4fe1\u606f\u3002\u53e6\u5916\uff0c\u5173\u4e8eNAPT\u7684\u5206\u7c7b\u548c\u672f\u8bed\uff0c[STUN]\u5728\u6700\u8fd1\u505a\u4e86\u66f4\u591a\u7684\u5b9a\u4e49\u3002\u5f53\u4e00\u4e2a\u5185\u90e8\u7f51\u4e3b\u673a\u901a\u8fc7NAT\u6253\u5f00\u4e00\u4e2a\u201c\u5916\u51fa\u201d\u7684TCP\u6216UDP\u4f1a\u8bdd\u65f6\uff0cNAPT\u5206\u914d\u7ed9\u8fd9\u4e2a\u4f1a\u8bdd\u4e00\u4e2a\u516c\u7f51IP\u548c\u7aef\u53e3\uff0c\u7528\u6765\u63a5\u6536\u5916\u7f51\u7684\u54cd\u5e94\u7684\u6570\u636e\u5305\uff0c\u5e76\u7ecf\u8fc7\u8f6c\u6362\u901a\u77e5\u5185\u90e8\u7f51\u7684\u4e3b\u673a\u3002\u8fd9\u6837\u505a\u7684\u6548\u679c\u662f\uff0cNAPT\u5728 [\u79c1\u6709IP:\u79c1\u6709\u7aef\u53e3] \u548c[\u516c\u7f51IP:\u516c\u7f51\u7aef\u53e3]\u4e4b\u95f4\u5efa\u7acb\u4e86\u4e00\u4e2a\u7aef\u53e3\u7ed1\u5b9a\u3002
\u7aef\u53e3\u7ed1\u5b9a\u6307\u5b9a\u4e86NAPT\u5c06\u5728\u8fd9\u4e2a\u4f1a\u8bdd\u7684\u751f\u5b58\u671f\u5185\u8fdb\u884c\u5730\u5740\u8f6c\u6362\u4efb\u52a1\u3002\u8fd9\u4e2d\u95f4\u5b58\u5728\u4e00\u4e2a\u8fd9\u6837\u7684\u95ee\u9898\uff0c\u5982\u679cP2P\u5e94\u7528\u7a0b\u5e8f\u4ece\u5185\u90e8\u7f51\u7edc\u7684\u4e00\u4e2a[\u79c1\u6709IP\u5730\u5740:\u7aef\u53e3]\u5bf9\u540c\u65f6\u53d1\u51fa\u591a\u6761\u4f1a\u8bdd\u7ed9\u4e0d\u540c\u7684\u5916\u7f51\u4e3b\u673a\uff0c\u90a3\u4e48NAT\u4f1a\u600e\u6837\u5904\u7406\u5462\uff1f\u8bf7\u770b\u4ee5\u4e0b\u51e0\u79cd\u65b9\u6848\u3002
Cone NAT
After establishing a port binding between a (private IP, private port) tuple and a (public IP, public port) tuple, a cone NAT will re-use this port binding for subsequent sessions the application may initiate from the same private IP address and port number, for as long as at least one session using the port binding remains active.
\u9525\u5f62NAT
\uff08\u8bd1\u8005\u6ce8\uff1a\u4e3a\u4ec0\u4e48\u53eb\u505a\u9525\u5f62\u5462\uff1f\u8bf7\u770b\u4ee5\u4e0b\u56fe\u5f62,\u7ec8\u7aef\u548c\u5916\u90e8\u670d\u52a1\u5668\uff0c\u90fd\u901a\u8fc7NAT\u5206\u6d3e\u7684\u8fd9\u4e2a\u7ed1\u5b9a\u5730\u5740\u5bf9\u6765\u4f20\u9001\u4fe1\u606f\uff0c\u5c31\u8c61\u4e00\u4e2a\u6f0f\u6597\u4e00\u6837\uff0c\u7b5b\u9009\u5e76\u4f20\u9012\u4fe1\u606f\uff09
\u5f53\u5efa\u7acb\u4e86\u4e00\u4e2a [\u79c1\u6709IP:\u7aef\u53e3]-[\u516c\u7f51IP:\u7aef\u53e3] \u7aef\u53e3\u7ed1\u5b9a\u4e4b\u540e\uff0c\u5bf9\u4e8e\u6765\u81ea\u540c\u4e00\u4e2a[\u79c1\u6709IP:\u7aef\u53e3]\u4f1a\u8bdd\uff0c\u9525\u5f62NAT\u670d\u52a1\u5668\u5141\u8bb8\u53d1\u8d77\u4f1a\u8bdd\u7684\u5e94\u7528\u7a0b\u5e8f \u91cd\u590d\u4f7f\u7528\u8fd9\u4e2a\u7aef\u53e3\u7ed1\u5b9a\uff0c\u4e00\u76f4\u5230\u8fd9\u4e2a\u4f1a\u8bdd\u7ed3\u675f\u624d\u89e3\u9664\uff08\u7aef\u53e3\u7ed1\u5b9a\uff09\u3002
For example, suppose Client A in the diagram below initiates two simultaneous outgoing sessions through a cone NAT, from the same internal endpoint (10.0.0.1:1234) to two different external servers, S1 and S2. The cone NAT assigns just one public endpoint tuple\uff08\u5143\u7ec4\uff09, 155.99.25.11:62000, to both of these sessions, ensuring that the "identity" of the client's port is maintained across address translation. Since Basic NATs and firewalls do not modify port numbers as packets flow across the middlebox, these types of middleboxes can be viewed as a degenerate form of Cone NAT.
\u4f8b\u5982\uff0c\u5047\u8bbe Client A\uff08IP\u5730\u5740\u4fe1\u606f\u5982\u4e0a\u56fe\u6240\u793a\uff09\u901a\u8fc7\u4e00\u4e2a \u9525\u5f62NAT \u540c\u65f6\u53d1\u8d77\u4e24\u4e2a\u5916\u51fa\u7684\u8fde\u63a5\uff0c\u5b83\u4f7f\u7528\u540c\u4e00\u4e2a\u5185\u90e8\u7aef\u53e3\uff0810.0.0.1:1234\uff09\u7ed9\u516c\u7f51\u7684\u4e24\u53f0\u4e0d\u540c\u7684\u670d\u52a1\u5668\uff0cS1\u548cS2\u3002\u9525\u5f62NAT \u53ea\u5206\u914d\u4e00\u4e2a\u516c\u7f51IP\u548c\u7aef\u53e3\uff08155.99.25.11:62000\uff09\u7ed9\u8fd9\u4e2a\u4e24\u4e2a\u4f1a\u8bdd\uff0c\u901a\u8fc7\u5730\u5740\u8f6c\u6362\u53ef\u4ee5 \u786e\u4fdd Client\u4f7f\u7528\u7aef\u53e3\u7684\u201c\u540c\u4e00\u6027\u201d\uff08\u8bd1\u8005\u6ce8\uff1a\u5373\u8fd9\u4e2aClient\u53ea\u4f7f\u7528\u8fd9\u4e2a\u7aef\u53e3\uff09\u3002\u800c\u57fa\u7840NATs\u548c\u9632\u706b\u5899\u5374\u4e0d\u80fd\u4fee\u6539\u7ecf\u8fc7\u7684\u6570\u636e\u5305\u7aef\u53e3\u53f7\uff0c\u5b83\u4eec\u53ef\u4ee5\u770b\u4f5c\u662f\u9525\u5f62NAT\u7684\u7cbe\u7b80\u7248\u672c\u3002
Symmetric NAT
A symmetric NAT, in contrast, does not maintain a consistent port binding between (private IP, private port) and (public IP, public port) across all sessions.
Instead, it assigns a new public port to each new session. For example, suppose Client A initiates two outgoing sessions from the same port as above, one with S1 and one with S2. A symmetric NAT might allocate the public endpoint 155.99.25.11:62000 to session 1, and then allocate a different public endpoint 155.99.25.11:62001, when the application initiates session 2. The NAT is able to differentiate between the two sessions for translation purposes because the external endpoints involved in the sessions (those of S1 and S2) differ, even as the endpoint identity of the client application is lost across the address translation boundary.
\u5bf9\u79f0NAT
\u5bf9\u79f0NAT\uff0c\u4e0eCone NAT\u662f\u5927\u4e0d\u76f8\u540c\u7684\uff0c\u5e76\u4e0d\u5bf9\u4f1a\u8bdd\u8fdb\u884c\u7aef\u53e3\u7ed1\u5b9a\uff0c\u800c\u662f\u5206\u914d\u4e00\u4e2a\u5168\u65b0\u7684 \u516c\u7f51\u7aef\u53e3 \u7ed9\u6bcf\u4e00\u4e2a\u65b0\u7684\u4f1a\u8bdd\u3002
\u8fd8\u662f\u4e0a\u9762\u90a3\u4e2a\u4f8b\u5b50\uff1a\u5982\u679c Client A (10.0.0.1:1234)\u540c\u65f6\u53d1\u8d77\u4e24\u4e2a "\u5916\u51fa" \u4f1a\u8bdd,\u5206\u522b\u53d1\u5f80S1\u548cS2\u3002\u5bf9\u79f0Nat\u4f1a\u5206\u914d\u516c\u5171\u5730\u5740155.99.25.11:62000\u7ed9Session1\uff0c\u7136\u540e\u5206\u914d\u53e6\u4e00\u4e2a\u4e0d\u540c\u7684\u516c\u5171\u5730\u5740155.99.25.11:62001\u7ed9Session2\u3002\u5bf9\u79f0Nat\u80fd\u591f\u533a\u522b\u4e24\u4e2a\u4e0d\u540c\u7684\u4f1a\u8bdd\u5e76\u8fdb\u884c\u5730\u5740\u8f6c\u6362\uff0c\u56e0\u4e3a\u5728 Session1 \u548c Session2\u4e2d\u7684\u5916\u90e8\u5730\u5740\u662f\u4e0d\u540c\u7684\uff0c\u6b63\u662f\u56e0\u4e3a\u8fd9\u6837\uff0cClient\u7aef\u7684\u5e94\u7528\u7a0b\u5e8f\u5c31\u8ff7\u5931\u5728\u8fd9\u4e2a\u5730\u5740\u8f6c\u6362\u8fb9\u754c\u7ebf\u4e86\uff0c\u56e0\u4e3a\u8fd9\u4e2a\u5e94\u7528\u7a0b\u5e8f\u6bcf\u53d1\u51fa\u4e00\u4e2a\u4f1a\u8bdd\u90fd\u4f1a\u4f7f\u7528\u4e00\u4e2a\u65b0\u7684\u7aef\u53e3\uff0c\u65e0\u6cd5\u4fdd\u969c\u53ea\u4f7f\u7528\u540c\u4e00\u4e2a\u7aef\u53e3\u4e86\u3002
The issue of cone versus symmetric NAT behavior applies equally to TCP and UDP traffic. Cone NAT is further classified according to how liberally the NAT accepts incoming traffic directed to an already-established (publicIP, public port) pair. This classification generally applies only to UDP traffic, since NATs and firewalls reject incoming TCP connection attempts unconditionally unless specifically configured to do otherwise.
\u5728TCP\u548cUDP\u901a\u4fe1\u4e2d\uff0c \uff08\u5230\u5e95\u662f\u4f7f\u7528\u540c\u4e00\u4e2a\u7aef\u53e3\uff0c\u8fd8\u662f\u5206\u914d\u4e0d\u540c\u7684\u7aef\u53e3\u7ed9\u540c\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\uff09\uff0c\u9525\u5f62NAT\u548c\u5bf9\u79f0NAT\u5404\u6709\u5404\u7684\u7406\u7531\u3002\u5f53\u7136\u9525\u5f62NAT\u5728\u6839\u636e\u5982\u4f55\u516c\u5e73\u5730\u5c06NAT\u63a5\u53d7\u7684\u8fde\u63a5\u76f4\u8fbe\u4e00\u4e2a\u5df2\u521b\u5efa\u7684\u5730\u5740\u5bf9\u4e0a\u6709\u66f4\u591a\u7684\u5206\u7c7b\u3002\u8fd9\u4e2a\u5206\u7c7b\u4e00\u822c\u5e94\u7528\u5728Udp\u901a\u4fe1\uff08\u800c\u4e0d\u662fTcp\u901a\u4fe1\u4e0a\uff09\uff0c\u56e0\u4e3aNATs\u548c\u9632\u706b\u5899\u963b\u6b62\u4e86\u8bd5\u56fe\u65e0\u6761\u4ef6\u4f20\u5165\u7684TCP\u8fde\u63a5\uff0c\u9664\u975e\u660e\u786e\u8bbe\u7f6eNAT\u4e0d\u8fd9\u6837\u505a\u3002\u8fd9\u4e9b\u5206\u7c7b\u5982\u4e0b\uff1a
Full Cone NAT
After establishing a public/private port binding for a new outgoing session, a full cone NAT will subsequently accept incoming traffic to the corresponding public port from ANY external endpoint on the public network. Full cone NAT is also sometimes called "promiscuous" NAT.
\u5168\u53cc\u5de5\u9525\u5f62NAT
\u5f53\u5185\u90e8\u4e3b\u673a\u53d1\u51fa\u4e00\u4e2a\u201c\u5916\u51fa\u201d\u7684\u8fde\u63a5\u4f1a\u8bdd\uff0c\u5c31\u4f1a\u521b\u5efa\u4e86\u4e00\u4e2a \u516c\u7f51/\u79c1\u7f51 \u5730\u5740\uff0c\u4e00\u65e6\u8fd9\u4e2a\u5730\u5740\u5bf9\u88ab\u521b\u5efa\uff0c\u5168\u53cc\u5de5\u9525\u5f62NAT\u4f1a\u63a5\u6536\u968f\u540e\u4efb\u4f55\u5916\u90e8\u7aef\u53e3\u4f20\u5165\u8fd9\u4e2a\u516c\u5171\u7aef\u53e3\u5730\u5740\u7684\u901a\u4fe1\u3002\u56e0\u6b64\uff0c\u5168\u53cc\u5de5\u9525\u5f62NAT\u6709\u65f6\u5019\u53c8\u88ab\u79f0\u4e3a"\u6df7\u6742"NAT\u3002
Restricted Cone NAT
A restricted cone NAT only forwards an incoming packet directed to a public port if its external (source) IP address matches the address of a node to which the internal host has previously sent one or more outgoing packets. A restricted cone NAT effectively refines the firewall principle of rejecting unsolicited incoming traffic, by restricting incoming traffic to a set of "known" external IP addresses.
\u53d7\u9650\u5236\u7684\u9525\u5f62NAT
\u53d7\u9650\u5236\u7684\u9525\u5f62NAT\u4f1a\u5bf9\u4f20\u5165\u7684\u6570\u636e\u5305\u8fdb\u884c\u7b5b\u9009\uff0c\u5f53\u5185\u90e8\u4e3b\u673a\u53d1\u51fa\u201c\u5916\u51fa\u201d\u7684\u4f1a\u8bdd\u65f6\uff0cNAT\u4f1a\u8bb0\u5f55\u8fd9\u4e2a\u5916\u90e8\u4e3b\u673a\u7684IP\u5730\u5740\u4fe1\u606f\uff0c\u6240\u4ee5\uff0c\u4e5f\u53ea\u6709\u8fd9\u4e9b\u6709\u8bb0\u5f55\u7684\u5916\u90e8IP\u5730\u5740\uff0c\u80fd\u591f\u5c06\u4fe1\u606f\u4f20\u5165\u5230NAT\u5185\u90e8\uff0c\u53d7\u9650\u5236\u7684\u9525\u5f62NAT \u6709\u6548\u7684\u7ed9\u9632\u706b\u5899\u63d0\u70bc\u4e86\u7b5b\u9009\u5305\u7684\u539f\u5219\u2014\u2014\u5373\u9650\u5b9a\u53ea\u7ed9\u90a3\u4e9b\u5df2\u77e5\u7684\u5916\u90e8\u5730\u5740\u201c\u4f20\u5165\u201d\u4fe1\u606f\u5230NAT\u5185\u90e8\u3002
Port-Restricted Cone NAT
A port-restricted cone NAT, in turn, only forwards an incoming packet if its external IP address AND port number match those of an external endpoint to which the internal host has previously sent outgoing packets. A port-restricted cone NAT provides internal nodes the same level of protection against unsolicited incoming traffic that a symmetric NAT does, while maintaining a private port's identity across translation.
\u7aef\u53e3\u53d7\u9650\u5236\u7684Cone NAT
\u7aef\u53e3\u53d7\u9650\u5236\u7684\u9525\u5f62NAT\uff0c\u4e0e\u53d7\u9650\u5236\u7684\u9525\u5f62NAT\u4e0d\u540c\u7684\u662f\uff1a\u5b83\u540c\u65f6\u8bb0\u5f55\u4e86\u5916\u90e8\u4e3b\u673a\u7684IP\u5730\u5740\u548c\u7aef\u53e3\u4fe1\u606f\uff0c\u7aef\u53e3\u53d7\u9650\u5236\u7684\u9525\u5f62NAT\u7ed9\u5185\u90e8\u8282\u70b9\u63d0\u4f9b\u4e86\u540c\u4e00\u7ea7\u522b\u7684\u4fdd\u62a4\uff0c\u5728\u7ef4\u6301\u7aef\u53e3\u201c\u540c\u4e00\u6027\u201d\u8fc7\u7a0b\u4e2d\uff0c\u5c06\u4f1a\u4e22\u5f03\u5bf9\u79f0NAT\u4f20\u56de\u7684\u4fe1\u606f\u3002
Finally, in this document we define new terms for classifying the P2P-relevant behavior of middleboxes:
\u6700\u540e\uff0c\u5728\u8fd9\u7bc7\u6587\u6863\u91cc\u6211\u4eec\u5c06\u5b9a\u4e49\u4e00\u7ec4\u65b0\u7684\u672f\u8bed \uff0c\u4ee5\u4fbf\u66f4\u597d\u7684\u5bf9P2P\u4ee3\u7406\u76f8\u5173\u7684\u884c\u4e3a\u8fdb\u884c\u5206\u7c7b\u3002
P2P\u5e94\u7528\u7a0b\u5e8f
P2P\u5e94\u7528\u7a0b\u5e8f\u662f\u6307\uff0c\u5728\u5df2\u6709\u7684\u4e00\u4e2a\u516c\u5171\u670d\u52a1\u5668\u7684\u57fa\u7840\u4e0a\uff0c\u5e76\u5206\u522b\u5229\u7528\u81ea\u5df1\u7684\u79c1\u6709\u5730\u5740\u6216\u8005\u516c\u6709\u5730\u5740\uff08\u6216\u8005\u4e24\u8005\u517c\u5907\uff09\u6765\u5efa\u7acb\u4e00\u4e2a\u7aef\u5230\u7aef\u7684\u4f1a\u8bdd\u901a\u4fe1\u3002
P2P-Application
P2P-application as used in this document is an application in which each P2P participant registers with a public registration server, and subsequently uses either its private endpoint, or public endpoint, or both, to establish peering sessions.
P2P-Middlebox
A P2P-Middlebox is middlebox that permits the traversal of P2P applications.
P2P\u4ee3\u7406
P2P\u4ee3\u7406\u662f\u4e00\u4e2a\u5141\u8bb8 P2P\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u901a\u4fe1\u7684\u4ee3\u7406\u673a\u5236
P2P-firewall
A P2P-firewall is a P2P-Middlebox that provides firewall functionality but performs no address translation.
P2P\u9632\u706b\u5899
P2P\u9632\u706b\u5899\u662f\u4e00\u4e2a\u63d0\u4f9b\u4e86\u9632\u706b\u5899\u7684\u529f\u80fd\u7684P2P\u4ee3\u7406\uff0c\u4f46\u662f\u4e0d\u8fdb\u884c\u5730\u5740\u8f6c\u6362.
P2P-NAT
A P2P-NAT is a P2P-Middlebox that provides NAT functionality, and may also provide firewall functionality. At minimum, a P2P-Middlebox must implement Cone NAT behavior for UDP traffic, allowing applications to establish robust P2P connectivity using the UDP hole punching technique.
P2P-NAT
P2P-NAT \u662f\u4e00\u4e2a P2P\u4ee3\u7406,\u63d0\u4f9b\u4e86NAT\u7684\u529f\u80fd,\u4e5f\u63d0\u4f9b\u4e86\u9632\u706b\u5899\u7684\u529f\u80fd,\u4e00\u4e2a\u6700\u7b80\u7684P2P\u4ee3\u7406\u5fc5\u987b\u5177\u6709 \u9525\u5f62NAT\u5bf9Udp\u901a\u4fe1\u652f\u6301\u7684\u529f\u80fd,\u5e76\u5141\u8bb8\u5e94\u7528\u7a0b\u5e8f\u5229\u7528Udp\u6253\u6d1e\u6280\u672f\u5efa\u7acb\u5f3a\u5065\u7684P2P\u8fde\u63a5\u3002
Loopback translation
When a host in the private domain of a NAT device attempts to connect with another host behind the same NAT device using the public address of the host, the NAT device performs the equivalent of a "Twice-nat" translation on the packet as follows. The originating host's private endpoint is translated into its assigned public endpoint, and the target host's public endpoint is translated into its private endpoint, before the packet is forwarded to the target host. We refer the above translation performed by a NAT device as "Loopback translation".
\u56de\u73af\u8f6c\u6362
\u5f53NAT\u7684\u79c1\u7f51\u5185\u90e8\u673a\u5668\u60f3\u901a\u8fc7\u516c\u5171\u5730\u5740\u6765\u8bbf\u95ee\u540c\u4e00\u53f0\u5c40\u57df\u7f51\u5185\u7684\u673a\u5668\u7684\u65f6\uff0cNAT\u8bbe\u5907\u7b49\u4ef7\u4e8e\u505a\u4e86\u4e24\u6b21NAT\u7684\u4e8b\u60c5\uff0c\u5728\u5305\u5230\u8fbe\u76ee\u6807\u673a\u5668\u4e4b\u524d\uff0c\u5148\u5c06\u79c1\u6709\u5730\u5740\u8f6c\u6362\u4e3a\u516c\u7f51\u5730\u5740\uff0c\u7136\u540e\u518d\u5c06\u516c\u7f51\u5730\u5740\u8f6c\u6362\u56de\u79c1\u6709\u5730\u5740\u3002\u6211\u4eec\u628a\u5177\u6709\u4e0a\u53d9\u8f6c\u6362\u529f\u80fd\u7684NAT\u8bbe\u5907\u53eb\u505a\u201c\u56de\u73af\u8f6c\u6362\u201d\u8bbe\u5907\u3002
NAT英文全称是“Network Address Translation”,中文意思是“网络地址转换”,它是一个IETF(Internet Engineering Task Force, Internet工程任务组)标准,允许一个整体机构以一个公用IP(Internet Protocol)地址出现在Internet上。顾名思义,它是一种把内部私有网络地址(IP地址)翻译成合法网络IP地址的技术
简单的说,NAT就是在局域网内部网络中使用内部地址,而当内部节点要与外部网络进行通讯时,就在网关(可以理解为出口,打个比方就像院子的门一样)处,将内部地址替换成公用地址,从而在外部公网(internet)上正常使用,NAT可以使多台计算机共享Internet连接,这一功能很好地解决了公共IP地址紧缺的问题。通过这种方法,您可以只申请一个合法IP地址,就把整个局域网中的计算机接入Internet中。这时,NAT屏蔽了内部网络,所有内部网计算机对于公共网络来说是不可见的,而内部网计算机用户通常不会意识到NAT的存在。如图2所示。这里提到的内部地址,是指在内部网络中分配给节点的私有IP地址,这个地址只能在内部网络中使用,不能被路由(一种网络技术,可以实现不同路径转发)。虽然内部地址可以随机挑选,但是通常使用的是下面的地址:10.0.0.0~10.255.255.255,172.16.0.0~172.16.255.255,192.168.0.0~192.168.255.255。NAT将这些无法在互联网上使用的保留IP地址翻译成可以在互联网上使用的合法IP地址。而全局地址,是指合法的IP地址,它是由NIC(网络信息中心)或者ISP(网络服务提供商)分配的地址,对外代表一个或多个内部局部地址,是全球统一的可寻址的地址。
NAT功能通常被集成到路由器、防火墙、ISDN路由器或者单独的NAT设备中。比如Cisco路由器中已经加入这一功能,网络管理员只需在路由器的IOS中设置NAT功能,就可以实现对内部网络的屏蔽。再比如防火墙将WEB Server的内部地址192.168.1.1映射为外部地址202.96.23.11,外部访问202.96.23.11地址实际上就是访问访问192.168.1.1。另外资金有限的小型企业来说,现在通过软件也可以实现这一功能。Windows 98 SE、Windows 2000 都包含了这一功能。
NAT技术类型
NAT有三种类型:静态NAT(Static NAT)、动态地址NAT(Pooled NAT)、网络地址端口转换NAPT(Port-Level NAT)。
其中静态NAT设置起来最为简单和最容易实现的一种,内部网络中的每个主机都被永久映射成外部网络中的某个合法的地址。而动态地址NAT则是在外部网络中定义了一系列的合法地址,采用动态分配的方法映射到内部网络。NAPT则是把内部地址映射到外部网络的一个IP地址的不同端口上。根据不同的需要,三种NAT方案各有利弊。
动态地址NAT只是转换IP地址,它为每一个内部的IP地址分配一个临时的外部IP地址,主要应用于拨号,对于频繁的远程联接也可以采用动态NAT。当远程用户联接上之后,动态地址NAT就会分配给他一个IP地址,用户断开时,这个IP地址就会被释放而留待以后使用。
网络地址端口转换NAPT(Network Address Port Translation)是人们比较熟悉的一种转换方式。NAPT普遍应用于接入设备中,它可以将中小型的网络隐藏在一个合法的IP地址后面。NAPT与动态地址NAT不同,它将内部连接映射到外部网络中的一个单独的IP地址上,同时在该地址上加上一个由NAT设备选定的TCP端口号。
在Internet中使用NAPT时,所有不同的信息流看起来好像来源于同一个IP地址。这个优点在小型办公室内非常实用,通过从ISP处申请的一个IP地址,将多个连接通过NAPT接入Internet。实际上,许多SOHO远程访问设备支持基于PPP的动态IP地址。这样,ISP甚至不需要支持NAPT,就可以做到多个内部IP地址共用一个外部IP地址上Internet,虽然这样会导致信道的一定拥塞,但考虑到节省的ISP上网费用和易管理的特点,用NAPT还是很值得的。
端口映射,就是把公IP端口映射到 私有的IP端口上。
如果是2-3层私网,就要映射每个路由转发端口。
具体可以去查看DDNS 的相关资料。
还有VPN隧道技术资料。
转换是通过NAT转化的 通过路由器 由电信的路由分给你个公有IP 用它来上网
NAT的认识
NAT(Network Address Translate)是地址转换操作。
NAT可以将局网中的私有IP转换成公有IP,解决了内部网络访问internet的问题。
NAT可以做负载均衡,将内部多个服务器对外映射成一台服务器。
定义:
Inside local address: 内部网的私有IP。
Inside global address: 内部网的公有IP。
Outside global address: 互联网中的公有IP。
Outside local address: 互联网中的公有IP对应的私有IP。
NAT可分为原地址变换SNAT和目的地址变换DNAT。
按工作方式划分,可分为静态NAT和动态NAT。
SNAT命令中使用source参数,DNAT命令中使用destination参数
基本都是路由在做
是NAT技术,
建议去http://baike.baidu.com/view/16102.htm看看,
我就不复制别人的了。
去这个看看,原理性的东西。
扩展阅读:手机局域网ip扫描工具 ... free ip scanner ... 局域网扫描工具app ... ip扫描工具手机版 ... 手机ip端口扫描工具app ... ip查询入口 ... 网站改了域名怎么进入 ... ip子域名二级域名解析 ... ip搜索工具手机版 ...
