P2P communication across middleboxes(翻譯2)
原文版權(quán):Copyright (C) The Internet Society (2003).? All Rights Reserved.
原文地址:
http://midcom-p2p.sourceforge.net/draft-ford-midcom-p2p-01.txt3.3. UDP hole punching UDP打洞技術(shù)
The third technique, and the one of primary interest in this document, is widely known as "UDP Hole Punching." UDP hole punching relies on the properties of common firewalls and cone NATs to allow appropriately designed peer-to-peer applications to "punch holes" through the middlebox and establish direct connectivity with each other, even when both communicating hosts may lie behind middleboxes. This technique was mentioned briefly in section 5.1 of RFC 3027 [NAT-PROT], and has been informally described elsewhere on the Internet [KEGEL] and used in some recent protocols [TEREDO, ICE]. As the name implies, unfortunately, this technique works reliably only with UDP.
第三種技術(shù),也是這篇文章主要要研究的,就是非常有名的“UDP打洞技術(shù)”,UDP打洞技術(shù)依賴于由公共防火墻和cone NAT,允許適當(dāng)?shù)挠杏?jì)劃的端對(duì)端應(yīng)用程序通過(guò)NAT“打洞”,即使當(dāng)雙方的主機(jī)都處于NAT之后。這種技術(shù)在 RFC3027的5.1節(jié)[NAT PROT] 中進(jìn)行了重點(diǎn)介紹,并且在Internet[KEGEL]中進(jìn)行了非正式的描敘,還應(yīng)用到了最新的一些協(xié)議,例如[TEREDO,ICE]協(xié)議中。不過(guò),我們要注意的是,“術(shù)”如其名,UDP打洞技術(shù)的可靠性全都要依賴于UDP。
We will consider two specific scenarios, and how applications can be designed to handle both of them gracefully. In the first situation, representing the common case, two clients desiring direct peer-to- peer communication reside behind two different NATs. In the second, the two clients actually reside behind the same NAT, but do not necessarily know that they do.
這里將考慮兩種典型場(chǎng)景,來(lái)介紹連接的雙方應(yīng)用程序如何按照計(jì)劃的進(jìn)行通信的,第一種場(chǎng)景,我們假設(shè)兩個(gè)客戶端都處于不同的NAT之后;第二種場(chǎng)景,我們假設(shè)兩個(gè)客戶端都處于同一個(gè)NAT之后,但是它們彼此都不知道(他們?cè)谕粋€(gè)NAT中)。
3.3.1. Peers behind different NATs 處于不同NAT之后的客戶端通信
Suppose clients A and B both have private IP addresses and lie behind different network address translators. The peer-to-peer application running on clients A and B and on server S each use UDP port 1234.? A and B have each initiated UDP communication sessions with server S, causing NAT A to assign its own public UDP port 62000 for A's session with S, and causing NAT B to assign its port 31000 to B's session with S, respectively.
我們假設(shè) Client A 和 Client B 都擁有自己的私有IP地址,并且都處在不同的NAT之后,端對(duì)端的程序運(yùn)行于 CLIENT A,CLIENT B,S之間,并且它們都開放了UDP端口1234。 CLIENT A和CLIENT B首先分別與S建立通信會(huì)話,這時(shí)NAT A把它自己的UDP端口62000分配給CLIENT A與S的會(huì)話,NAT B也把自己的UDP端口31000分配給CLIENT B與S的會(huì)話。如下圖所示:
假如這個(gè)時(shí)候 CLIENT A 想與 CLIENT B建立一條UDP通信直連,如果 CLIENT A只是簡(jiǎn)單的發(fā)送一個(gè)UDP信息到CLIENT B的公網(wǎng)地址138.76.29.7:31000的話,NAT B會(huì)不加考慮的將這個(gè)信息丟棄(除非NAT B是一個(gè) full cone NAT),因?yàn)?這個(gè)UDP信息中所包含的地址信息,與CLIENT B和服務(wù)器S建立連接時(shí)存儲(chǔ)在NAT B中的服務(wù)器S的地址信息不符。同樣的,CLIENT B如果做同樣的事情,發(fā)送的UDP信息也會(huì)被 NAT A 丟棄。
Suppose A starts sending UDP messages to B's public address, however, and simultaneously relays a request through server S to B, asking B to start sending UDP messages to A's public address.? A's outgoing messages directed to B's public address (138.76.29.7:31000) cause NAT A to open up a new communication session between A's private address and B's public address. At the same time, B's messages to A's public address (155.99.25.11:62000) cause NAT B to open up a new communication session between B's private address and A's public address. Once the new UDP sessions have been opened up in each direction, client A and B can communicate with each other directly without further burden on the "introduction" server S.
假如 CLIENT A 開始發(fā)送一個(gè) UDP 信息到 CLIENT B 的公網(wǎng)地址上,與此同時(shí),他又通過(guò)S中轉(zhuǎn)發(fā)送了一個(gè)邀請(qǐng)信息給CLIENT B,請(qǐng)求CLIENT B也給CLIENT A發(fā)送一個(gè)UDP信息到 CLIENT A的公網(wǎng)地址上。這時(shí)CLIENT A向CLIENT B的公網(wǎng)IP(138.76.29.7:31000)發(fā)送的信息導(dǎo)致 NAT A 打開一個(gè)處于 CLIENT A的私有地址和CLIENT B的公網(wǎng)地址之間的新的通信會(huì)話,與此同時(shí),NAT B 也打開了一個(gè)處于CLIENT B的私有地址和CLIENT A的公網(wǎng)地址(155.99.25.11:62000)之間的新的通信會(huì)話。一旦這個(gè)新的UDP會(huì)話各自向?qū)Ψ酱蜷_了,CLIENT A和CLIENT B之間就可以直接通信,而無(wú)需S來(lái)牽線搭橋了。(這就是所謂的打洞技術(shù))!
The UDP hole punching technique has several useful properties. Once a direct peer-to-peer UDP connection has been established between two clients behind middleboxes, either party on that connection can in turn take over the role of "introducer" and help the other party establish peer-to-peer connections with additional peers, minimizing the load on the initial introduction server S. The application does not need to attempt to detect explicitly what kind of middlebox it is behind, if any [STUN], since the procedure above will establish peer- to-peer communication channels equally well if either or both clients do not happen to be behind a middlebox.? The hole punching technique even works automatically with multiple NATs, where one or both clients are removed from the public Internet via two or more levels of address translation.
UDP打洞技術(shù)有很多實(shí)用的地方:第一,一旦這種處于NAT之后的端對(duì)端的直連建立之后,連接的雙方可以輪流擔(dān)任 對(duì)方的“媒人”,把對(duì)方介紹給其他的客戶端,這樣就極大的降低了服務(wù)器S的工作量;第二,應(yīng)用程序不用關(guān)心這個(gè)NAT是屬于cone還是symmetric,即便要,如果連接的雙方有一方或者雙方都恰好不處于NAT之后,基于上敘的步驟,他們之間還是可以建立很好的通信通道;第三,打洞技術(shù)能夠自動(dòng)運(yùn)作在多重NAT之后,不論連接的雙方經(jīng)過(guò)多少層NAT才到達(dá)Internet,都可以進(jìn)行通信。
譯后小記:本來(lái)已經(jīng)翻譯好了,是在網(wǎng)文快捕中翻譯的,結(jié)果,一個(gè)全選把所有翻譯的內(nèi)容全部刪除了(網(wǎng)文快捕的Bug?:),不得不痛苦的再翻一遍。不過(guò),有失必有得,第二次翻譯流暢多了,希望大家讀來(lái)還順口。