State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs)
RFC 5128
Document Type RFC - Informational (March 2008; Errata)
Authors Bryan Ford  , Dan Kegel  , Pyda Srisuresh 
Last updated 2015-10-14
Replaces draft-srisuresh-behave-p2p-state
Stream IETF
Formats plain text html pdf htmlized bibtex
Reviews
SECDIR Last Call Review
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 5128 (Informational)
Action Holders
(None)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Magnus Westerlund
Send notices to fluffy@cisco.com
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                       P. Srisuresh
Request for Comments: 5128                                Kazeon Systems
Category: Informational                                          B. Ford
                                                                  M.I.T.
                                                                D. Kegel
                                                               kegel.com
                                                              March 2008

           State of Peer-to-Peer (P2P) Communication across
                   Network Address Translators (NATs)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   This memo documents the various methods known to be in use by
   applications to establish direct communication in the presence of
   Network Address Translators (NATs) at the current time.  Although
   this memo is intended to be mainly descriptive, the Security
   Considerations section makes some purely advisory recommendations
   about how to deal with security vulnerabilities the applications
   could inadvertently create when using the methods described.  This
   memo covers NAT traversal approaches used by both TCP- and UDP-based
   applications.  This memo is not an endorsement of the methods
   described, but merely an attempt to capture them in a document.

Srisuresh, et al.            Informational                      [Page 1]
RFC 5128         State of P2P Communication across NATs       March 2008

Table of Contents

   1. Introduction and Scope ..........................................3
   2. Terminology and Conventions Used ................................4
      2.1. Endpoint ...................................................5
      2.2. Endpoint Mapping ...........................................5
      2.3. Endpoint-Independent Mapping ...............................5
      2.4. Endpoint-Dependent Mapping .................................5
      2.5. Endpoint-Independent Filtering .............................6
      2.6. Endpoint-Dependent Filtering ...............................6
      2.7. P2P Application ............................................7
      2.8. NAT-Friendly P2P Application ...............................7
      2.9. Endpoint-Independent Mapping NAT (EIM-NAT) .................7
      2.10. Hairpinning ...............................................7
   3. Techniques Used by P2P Applications to Traverse NATs ............7
      3.1. Relaying ...................................................8
      3.2. Connection Reversal ........................................9
      3.3. UDP Hole Punching .........................................11
           3.3.1. Peers behind Different NATs ........................12
           3.3.2. Peers behind the Same NAT ..........................14
           3.3.3. Peers Separated by Multiple NATs ...................16
      3.4. TCP Hole Punching .........................................18
      3.5. UDP Port Number Prediction ................................19
      3.6. TCP Port Number Prediction ................................21
   4. Recent Work on NAT Traversal ...................................22
   5. Summary of Observations ........................................23
      5.1. TCP/UDP Hole Punching .....................................23
      5.2. NATs Employing Endpoint-Dependent Mapping .................23
      5.3. Peer Discovery ............................................24
      5.4. Hairpinning ...............................................24
   6. Security Considerations ........................................24
      6.1. Lack of Authentication Can Cause Connection Hijacking .....24
      6.2. Denial-of-Service Attacks .................................25
      6.3. Man-in-the-Middle Attacks .................................26
      6.4. Security Impact from EIM-NAT Devices ......................26
   7. Acknowledgments ................................................27
   8. References .....................................................27
      8.1. Normative References ......................................27
      8.2. Informative References ....................................27

Srisuresh, et al.            Informational                      [Page 2]
RFC 5128         State of P2P Communication across NATs       March 2008

1.  Introduction and Scope

   The present-day Internet has seen ubiquitous deployment of Network
   Address Translators (NATs).  There are a variety of NAT devices and a
   variety of network topologies utilizing NAT devices in deployments.
   The asymmetric addressing and connectivity regimes established by
   these NAT devices have created unique problems for peer-to-peer (P2P)
   applications and protocols, such as teleconferencing and multiplayer
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools