Monday, July 30, 2007

STUNT P2P TCP NAT Traversal on a Ad-hoc Overlay Network

I've been thinking about this TCP NAT Traversal (TCP hole punching a method that allows everyone to connect quickly without port forwarding).

I think the following changes are needed to kerjodando to make it work.

  1. Trusted Peers list (and itsDargens User database table) need to include two extra hidden fields, User ID (prob already in itsDargens database) and "use STUNT" flag. For example, if 100 users on a LAN connect to one group they will all have different user IDs although they have the same ip+port. Then when a user wants to connect to another user (after trying direct connection) they connect to STUNT using their user ID and signal (using SIPS) to another users ID. STUNT then tell them what ip+port to use to connect to that user ID. Also STUNT would set the "use STUNT flag" to yes.
  2. ItsDargens user database to change to include "use STUNT" flag
  3. Trusted peer file needs to download and use the included user IDs and "use STUNT" flag as well as ip+port.
The other thing I realised is that for signaling, users will have to maintain a connection to the STUNT server as long as they have a user (user ID) in their trusted peers list that they are not connected to.

However, once they have connected to all their trusted peers they can disconnect form the STUNT server.

Also, probably there will be some users that you can't connect to even with STUNT, maybe these should be marked as such in "use STUNT" flag and counted as connected when deciding if should disconnect form STUNT server.

To me a STUNT server consists of the following processes:
  1. Maintaing TCP user connections with many users (User IDs)
  2. Recording user (user ID) ip+port for at least two test connections from the user
  3. Calculating predicted ip+port for a user (User ID)
  4. Reply to a request to connect to a User ID with predicted ip+port
  5. Telling other User to also make a request etc
  6. Recording "STUNT flag" in user database table so that it can be included in downloaded trusted peers
  7. Recording if STUNT does not work

More About STUNT:

Found STUNT ( Simple Traversal of UDP Through NATs and TCP too) library in java:

What does the stunt.jar library provide?

It provides a way to establish unproxied TCP connections between two end-points, both of which can be behind a NAT. It returns a SocketChannel that can be used for blocking or non-blocking IO as the application desires.

How does one write a server-client or peer-to-peer applications with the library?

We have provided a simple server-client application consisting of an EchoServer ( ) that accepts inbound connections from one or more EchoClient ( ) applications.

Does the library require some infrastructure?

Yes. The library requires a rendezvous server (much like a directory server) where applications with one URI can find the application with another URI and coordinate to establish a connection. The library also requires some STUNT servers that help applications find out their external IP address and port for establishing the real connection.

Does the rendezvous server proxy data?

No. The rendezvous server only helps set up the connection. After that, all data is exchanged directly between the end-points and does not go through the rendezvous server.

Who provides the rendezvous and STUNT service? Who can use them?

We at Cornell University are providing a rendezvous and STUNT service for developers and researchers to use. However, if you wish to deploy your own application that uses the library, we ask that you set up rendezvous and STUNT servers only for your own applications such that you do not overburden the Cornell service (which is for research and development purposes) and so that outages and changes in the Cornell service doesn't affect your application. The rendezvous server ( )and STUNT server ( )code is freely available.

Is this library under active development? Will you implement feature X?

The library is a proof of concept that TCP NAT Traversal is possible and is intended to be a starting-poing for application developers who want to use it in a real-world deployable project. At the same time, it is a library that can be used more-or-less unmodified for research and quicky-development and prototyping of applications. Time permitting, I would like to implement various features that are requested; but I cannot promise that all features will be implemented in a timely fashion. I will do my best to make the library more suited to its primary goal -- show how the NAT TCP problem can be solved easily by applications.

I want to implement TCP NAT traversal in my application but don't want to use your library?

The TCP NAT traversal code is contained in the file ( ). It includes extensive documentation. Feel free to adapt the code to your application. The rendezvous service and the STUNT service are modular and may be replaced by your own implementations if you wish to use the rest of the library.

Also see

Aslo see: