javap2pupnpjxta

P2P message transfer behind firewalls and NAT


I have two java applications running on two different machines in two different part of the world. The machines can be behind NAT (or not!).

The applications are supposed transfer some data (<500kb).

We do have a server, which can do everything (like providing ip address of the peers) but the data from the applications must always be transferred peer-to-peer. The data can not be routed through the server.

Do I have to deal with firewall mess?
Do I have to set port forwarding?
Are JXTA or JGroups something that I need? is UPNP something I need to look into? is UDP Hole Punching something I should look into?

I know my question is a bit vague, but please don't shoot my question down, I just need a nudge in the right direction. I am going to try and explain better as the comments/answers start coming in!


Solution

  • I agree with selbie's advice in the comment above.

    The short answer is that to do peer-to-peer networking you should have a basic understanding of all of the technologies that you mentioned.

    Do I have to deal with firewall mess?

    If the peers are behind NAT you will need to deal with NAT traversal.

    Do I have to set port forwarding?

    Do you "have to"? No. But you could consider this as a solution to your problem. Port forwarding is a way to configure your firewall so that your peers effectively communicate as if they are not behind the firewall. This means that you can write your software as if there is no firewall. NAT hole punching is an alternative to manual port forwarding. You can think of it as "automatic port forwarding."

    Are JXTA or JGroups something that I need?

    Sorry. I don't know what these are.

    is UPNP something I need to look into?

    UPnP is one possible NAT traversal strategy:

    http://en.wikipedia.org/wiki/Universal_Plug_and_Play#NAT_traversal

    Note that UPnP is known to be insecure and probably should not be enabled, see e.g.:

    http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584/

    My impression is that UPnP is not the most important NAT traversal technique, but it could be a useful one to implement to achieve greater compatibility (i.e. as a fallback if STUN fails).

    is UDP Hole Punching something I should look into?

    You will need a NAT traversal strategy. UDP Hole Punching (STUN etc.) is one such strategy, and as selbie says, it is a common one. There are also serverless techniques (look into the mechanism that SubEthaEdit uses).

    A full NAT traversal stack may need to employ multiple approaches for maximum compatibility with different routers/firewalls.