What's so hard about p2p Hole Punching?
I am trying to experiment with some p2p networking. Upon doing some research, one of the biggest obstacle I learnt is "What if a client is behind a NAT/Firewall", later on I discovered about Hole Punching but that it is not always guaranteed to work.
As far a I understand, I don't understand why it might fail, This is what I know so far:
Based on the diagram above, this is how I understand how a successful connection can be established.
- Alice joins the network (1) by creating connection to a directory-server. When this happens, Alice's NAT creates a mapping from her public ip to her local ip.
- The directory server receives the connection and store Alice's public
ip:portin the directory - Bob does the same (2), Joins the network and publishes his
ip:portin the directory - Alice wants to communicate with bob. So she looks up Bob's
ip:portfrom the directory. (3) - Alice sends data on Bob's
ip:portwhich she got from the server. (5) - Since Bob also has a mapping from is
ip:portto his localip:port, the NAT simply forwards any data received on Bob's publicip:portto his computer. - Same works for Alice
I hope I was clear in my explanation of what I understand. My question is, what is so hard or unreliable about this? i must be clearly missing something. Can you explain me what it is?
One problem is that the NAT mappings in Alice's NAT server may time out, either after a fixed time, or after a period of inactivity.
A second potential problem is that the NAT server could make the restriction that Alice's NAT mapping is only "good" for TCP connections established by Alice, or connections between Alice and the initial IP "she" connected to. (In other words, direct communication between Alice & Bob may be blocked.)
And so on.
The problem is that the behaviour of a NAT server is highly dependent on how the managing organization's configuration / policy decisions. Many of these decisions could mean that your particular P2P usage pattern won't work reliably ... or at all.
So then is my whole idea about hole punching wrong?
No. It just means that it won't always work.
- How to Access GKE Private Master from VPN in Hub VPC with Peering
- Azure API Management access from Microsoft Fabric - handling IP restrictions
- Detecting Zero Window State in Windows IOCP Server
- Why traceroute sends UDP packets and not ICMP ones?
- Internal API call from one pod to another pod in same Kubernetes cluster times out
- Does WSASend guarantee processing order in IOCP model on Windows?
- How to fix network error in react-native when access localhost API
- Creating a 2 player game in Python
- Why is network-byte-order defined to be big-endian?
- How do I find my computer's IP address using the bash shell?
- Starting service discovery failed with code: 0
- How to install the dns-sd command line test tool on Windows or Linux?
- Change Response from HTTP Request sent by a program
- pysnmp send request sample code not working
- Find out type of device connected to network
- Is pysnmp thread-safe?
- Is there a way to avoid MITM attacks without encryption?
- Looking for the 302 redirect code, instead getting 200 OK status code
- Docker - how to set iface name when creating a new network
- What does connecting to own network daemon mean?
- Accessing Kafka broker from outside my LAN
- Get local IP address
- PySNMP Fetch variable timeout
- How does TCP PSH work?
- What SNMP library for .NET makes traps, sets or gets simple?
- How to create network map on c#?
- How can I debug network requests from my iPhone?
- Python - Pip Install - Proxy Error - 'Cannot connect to proxy.', OSError'
- Verify Presence of network interface using C (Linux)
- Getting "BadRequest" when trying to deploy web app networking settings using Bicep trmplate