Here I am discussing about how a client-server model can work in a NAT enviornment.
Network Address Translation (NAT)
- It works as your office phone extentions, to the outside world the call is coming from a single number but inside there are many phone lines.
- NAT works completely on the network level, meaning that NAT operates by changing IP packets.
- When a computer in the private network sends a request to any external IP address, it will reach at the default gateway.
- At the default gateway a firewall sits and it replaces private IP with a internet IP address & send this packet. It also stores the mapping of private to public IP for routing incoming packets.
- Disadvantage: One-to-one, one public IP can be used by only one private IP at a time
Explaining below how you can initiate a connection between two applications/servers running on different network.
Static IP network
- Your target servers are behind a NAT (private network), which is having a static public IP
Use port forwarding. Your server initiates the connection to the Target server in this case. Firewall configuration should be required at the Target server’s private network side to allow incoming connection from your server.
Dynamic IP network
- Your target servers are behind a NAT (private network), which is having a dynamic public IP
If target is using a dynamic IP, local proxies are required (like messenger clients installed on desktops). Because in this case the client has to initiate the connection to the server. If server also has to initiate the connection (P2P), use one of the following method.
Other Techniques to be considered
- can use when both the peers are behind a NAT (private network).
- most reliable but least efficient method
- a separate relay server with public IP is required and to be known by both peers. This server will act as a relay.
- For example, to send a message to client B, client A simply sends the message to relay server S through its already-established client/server connection, and server S forwards the message on to client B using its existing client/server connection with B.
- Disadvantage: It consumes the server’s processing power and network bandwidth, and communication latency between the peering clients is likely increased even if the server is well-connected.
- can use only when one of the peers is behind a NAT.
- Straightforward but limited technique
- Relay server is required.
- If A is behind NAT and B has public IP, A to B can be a direct connection.
- For B to A, B can relay a connection request to A through a well-known relay server S , asking to attempt a “reverse” connection back to B. Idea is using a well-known server as an intermediary to help set up direct peer-to-peer connections.
- Here relay server is used only to set-up the connection.
TCP Hole Punching
- For TCP hole punching to work, we need to use a single local TCP port to listen for incoming TCP connections and to initiate multiple outgoing TCP connections concurrently