What is NAT?
You have heard of Network Address Translation and also network address port translation. These are those little modems, tiny solid state boxes that work with a low power eliminator and connect you to the Internet.
They may use some optic fiber or wireless tech to get you talking to the Internet. But instead of allowing you to talk freely using a public IP you are allocated a pool of RFC1918 private addresses using DHCP.
This makes you a lesser citizen of the worldwide web since now you can talk to others but others cannot talk to you. NAT firewalls only allow address translation and allow only packets to come inside as responses to an outgoing request.
You cannot allow a request to hit you from outside world. This is heresy in networking world and frowned upon.
When that is the case how are you going to use skype or webrtc or p2p file sharing? NAT devices make Internet brittle and break many things whilst fixing some things.
NAT devices maintain a mapping between your private ports and addresses and the public counterpart in a lookup table of sorts.
If you run a server application inside a private network how can external world ever connect?
What is the problem?
We have seen the problem in enough detail above. The wide prevalance of NAT boxes makes life impossible for p2p , VoIP and quite a few applications that rely on inbound traffic.
Without being able to alert you while you are sitting behind a NAT device nothing works. So what gives?
Why is p2p communication important?
p2p traffic is dominating the Internet these days. WebRTC calls, Zoom calls, Google meet, file sharing and many more use a lot of decentralized applications that are a departure from the traditional client server paradigm we are used to.
It is nice to make do with one public IP address and allocate a globally reusable pool of local 1918 addresses. But that also breaks more than it fixes.
At least in the realm of p2p traffic.
How does UDP hole punching work?
UDP holepunching was created to address this problem. I developed an embedded C application to stream a surveillance camera for a California based company called Eptascape.
Their cameras had to work behind NAT devices and stream the video by punching a hole. Despite doing this work the client demo would not work as reliably as expected.
Lots of details on hole punching here. I got image from over there.
UDP hole punching involves a great deal of coding and architecture gymnastics with a rendezvous server, a mediator of sorts that learns your private and public mapping and sets up a channel.
As you can perhaps glean from the diagram above, UDP hole punching is fundamental to several protocols that work today seamlessly behind networks. Also NAT devices aren’t very well behaved or uniform. These are cheap Chinese gear that are implemented differently from our test environment.
How is the problem solved these days?
Nowadays in 2023 people use other techniques to solve this NAT issue. There is ICE Or interactive connectivity establishment which in turn uses Session traversal across NAT or Traversal using NAT utilities(TURN).
Together very advanced applications like webRTC developed a whole slew of code to deal with pesky NAT problems. Since webRTC traffic has to work from browser to browser, this is very critical.
But applications go well beyond video or multimedia. There is gaming and other applications even data monitorng from industrial applications that need this.
ICE, STUN and TURN
ICE works with the other two techniques to give end user a rich p2p experience. What happens behind the scene is usually a mystery. In worst cases when a direct connection cannot be established a hairpin connection or relay is setup.
This is the last resort in case nothing works.
Conclusion
UDP hole punching is a very well understood method for dealing with private addresss running public servers. But engineers always come up with a way to deal with unworkable situations on the Internet.
This is one such.
Answer
What is the difference between AI and ML?
AI is a field that is fast becoming overwhelmed. It is going to attract a lot of scammers and lay people making it a breeding ground for bubbles.
Whenever people unrelated to tech know a tech term due to popular news outlets things get messy as they are not engineers. Still AI is going to solve a lot of important real life problems for us.
AI is all about teaching machines to work like we humans in the biological world do. We use memory, patterns, habit, creativity, apply thought.
ML is more about learning and feedback. AI is algorithmic. ML is memory based. It can be said ML is subset of AI. Future is going to be rich with several innovations happening in these areas just like Blockchain.
Cryto is a scam, blockchain will get adopted slowly.
Question
How can wireshark help you?
Feedback
This edition of newsletter is thanks to one of the readers asking me to cover this topic. Just like that person you are also welcome to contact me for discussing interesting topics.