227 results about "NAT traversal" patented technology

The subject invention relates to systems and methods that facilitate direct network communications between peers that operate behind Network Address Translators. In one aspect, a network communications system is provided. The system includes one or more Network Address Translators (NAT) to communicate data across a network between peers. A protocol selection component that automatically selects among a plurality of protocols according to one or more NAT types in order to determine a subset of the protocols that facilitate communications between the peers.

Firewalls and network address translators (NAT) provide many advantages for client and the Internet itself, however, these devices break many existing transmission control protocol (TCP) / Internet Protocol (IP) applications, since they conceal the identity of IP clients (i.e., peers) and block transmission control protocol (TCP) call setup requests. Firewalls and NATs make it impossible for one TCP peer to discover another and establish a connection. Embodiments of this invention provides a system and a protocol to enable two TCP peers that exist behind one or more firewalls and NATs to automatically setup a true peer-to-peer TCP connection and exchange data without making changes to the firewall or NAT devices or existing TCP-based applications. In embodiments of this invention, the synchronization between the blind TCP peers is achieved using a system that consists of a registration server, an agent application, and a virtual network interface that together relay and replicate the control signals between the two TCP peers. In addition, embodiments of this invention are also used to traverse the NAT and establish a bi-directional peer-to-peer TCP connection in the firewall.

A peer-to-peer collaboration system in which changes to a shared space may be broadcast to all of the peers in a collaboration session using messages sent with a combination of addressing techniques. Messages may be addressed for direct peer-to-peer transmission, indirect transmission through another peer or indirect transmission through a server. The type of addressing used to communicate with each peer is determined through the use of a routing table. The routing table defines interconnected groups of peers and may be used to select one or more peers in each group as the initial recipients of the message. The initial recipients may forward the message to other peers within their groups, such that all peers receive the message. For peers behind a NAT, one or more NAT traversal techniques may be used to obtain information to construct the routing table.

A method for implementing communication between at least two client devices is provided. The first client device of the at least two client devices is disposed externally with respect to a firewall of an internal network. The method includes performing NAT (Network Address Translation) traversal between the first client device and a media server that is disposed internally with respect to the firewall of the internal network. The NAT traversal is configured to ascertain a NAT scheme employed for exchanging packets with the first client device. The method also includes establishing a communication path at least between the media server and the first client device, wherein logic for implementing the NAT traversal and logic for implementing the establishing the communication path are both implemented in the media server. The method further includes employing the media server to facilitate the communication.

The present invention provides an NAT (Network Address Translator) traversal method in Session Initiation Protocol (SIP) for solving the problems of SIP in Internet phone (VoIP) under current Internet environment. In other words, the present invention solves the SIP problems caused by NAT (Network Address Translator) that P2P (Peer to Peer) transmission cannot traverse the NAT firewall directly. The major content of the present invention is that the computer conducts multiple detections before issueing an Invite message in order to detect the rule of the NAT server to assign port number

Handling of multiple connections during NAT traversal for a node behind a symmetric NAT is disclosed. The likelihood of connection failure during symmetric NAT traversal may be reduced by serializing critical time windows after port prediction. Once port prediction has begun for a first connection, port prediction for a subsequent connection may be delayed until a connectivity check has begun for the first connection. This process may be repeated to handle NAT traversal for multiple simultaneous connections to different nodes.

A system, apparatus and method to use private IP addresses to designate host devices or nodes in different networks for communication purposes are described. Various embodiments of the invention address the problem of a shortage of public IP addresses under IPv4 architecture. In one embodiment of the invention, dynamic NAT penetration capabilities are provided which consequently expand the capability of running peer-to-peer applications on the Internet.

Disclosed are methods and apparatus for methods and apparatus for facilitating a secure connection between a first and a second node in a computer network where one or both of the nodes may or may not reside behind a network address translation (NAT) enabled gateway. Embodiments of the present invention provide a seamless integration by providing a uniform solution for establishing secure connections, such as IPSEC, between two nodes irrespective of whether they are behind a NAT-enabled gateway or not. In general, a gateway is operable to receive a request from a remote host for a secure connection to a local host that within the home network of the gateway. The gateway then forwards this received request to a NAT traversal service. The NAT traversal service receives the request and then automatically sends an initiation message to set up a secure session, e.g., performing authentication and exchanging keys. In a specific aspect, the setup data utilizes an IKE (Internet Key Exchange) initiation message that is sent to the originator of the request via the gateway. Upon receipt of this initiation message, the gateway is then able to set up a two way connection to allow other setup data to flow between the remote and local hosts to complete the setup session and then secure data to flow between the remote and local hosts in a secure communication session, such as in IPSec or VPN session.

In order to realize NAT traversal communication at low cost and without fail, local communication terminals connected as subordinates of a first router having a UPnP™ function obtain an IP address and a port number, both to be converted by a NAT function of the first router, on the basis of a UPnP™ protocol to register them in a relay server as exchange information for the NAT traversal. Local communication terminals connected as subordinates of a second router without the UPnP™ function specify an IP address to be converted by the NAT function of the second router on the basis of a packet obtained from a STUN server and estimate a port number to be converted by the NAT function of the second router to register them in the relay server as the exchange information for the NAT traversal. The present invention may be applied to a personal computer.

A communication device, system and method for managing the local network device remotely include: a local gateway acquires the topology structure and the configuration information of the local network device, and sends them to a remote management server; the remote management server generates configuration instruction to manage the local network device accordingly. The local gateway can manage the local network terminal uniformly, and it is unnecessary that all terminals of the local network support the remote network management protocol. Moreover, the remote management server can easily know the condition of the network organization of the whole local network and optimize the configuration based on the topology of the local network. The solution of the present invention can omit the related information redundancy of the gateway and terminal, reduce the cost of consistency management, and simplify the NAT traversal mechanism when the remote management server visits the private network terminal

The invention provides a method and a system for realizing NAT traversal in a P2P network. The method comprises the following steps: a user node registers on a NAT server; the user node determines a network type of the user node as a node in a public network or a node in an internal network by interacting with the NAT server; if the user node is the node in the public network, the NAT traversal is realized through the reverse connection of an opponent node; and if the user node is the node in the internal network, the opponent node and the user node are determined not to be in the same internal network through the broadcasting in the internal network, and the NAT traversal is realized by using a UDP for hole punching and simulating a TCP mode. Compared with the prior NAT traversal system, the method for the NAT traversal in P2P network environment has the characteristics of reliability and high efficiency.

An IP terminal apparatus has a SIP controller, a UDP packet controller, and an RTP controller. The SIP controller transmits and receives a call control message in order to establish a connection to and from a destination apparatus. The UDP packet controller transmits and receives media data with the destination apparatus in a media session after the connection was established. The RTP controller obtains source port number information of a media data packet that the UDP packet controller has received from the destination apparatus, and sets the obtained source port number as a destination port number for a packet to be transmitted to the destination apparatus. Thereby, a feasible range of NAT traversal can be improved in a simple and secure manner, even when at least one relay apparatuses employs symmetric NAT.

A message passing protocol allows two clients to establish a connection even when the clients are behind different NAT devices such as NAT firewalls. Beneficially, the protocol does not require that either client has knowledge of where the other client is located (e.g., behind the same NAT device or behind a different NAT device). When two clients want to establish a connection, the clients exchange identifying information with each other by passing the information through a rendezvous server. Based on the identifying information, each client determines and sends a plurality of synchronization packets to a number of different predicted addresses. When synchronization packets reach the actual addresses of both devices, a connection can be established between the clients.

The subject invention relates to systems and methods that facilitate direct network communications between peers that operate behind Network Address Translators. In one aspect, a network communications system is provided. The system includes one or more Network Address Translators (NAT) to communicate data across a network between peers. A protocol selection component that automatically selects among a plurality of protocols according to one or more NAT types in order to determine a subset of the protocols that facilitate communications between the peers.

By providing a virtual network interface (1140) to a platform or an operating system wide implementation of the STUN protocol and its TURN extension, the invention allows applications (1110, 1120, 1130) located in a private network behind a NAT to communicate with their respective peers (1321, 1322, 1323) using sockets as usual while still getting the full benefit of the STUN protocol and its TURN extension for NAT traversal purposes.

A system for providing network access translation device traversal to facilitate communications is provided. The system includes a network access translation (NAT) device, a first Session Initiation Protocol (SIP) client located on the interior of the NAT device, a second SIP client located on the exterior of the NAT device, and a proxy server configured to maintain registration information relating to the first SIP client and the NAT device. The proxy server is further configured to allow the second SIP client to initiate contact with the first SIP client and establish a communication session using the registration information. The communication session is established by traversing the NAT device.

The invention discloses a real-time multimedia data transmission method for supporting NAT traversal, which comprises the following steps of: (1) creating a UDP socket on an NSPC, randomly binding a port for the socket, recording the number value of the port as G-Port, judging the NAT type of a client of the NSPC by using the socket through the NSPC, and establishing an NAT traversal channel between the NSPC and other NSPC; (2) during sending data, acquiring data message of an upper application program through the NSPC, searching an NSPC socket control list, retrieving a socket to which the message belongs and an NAT address of a receiving end, finishing encapsulation of the message and sending the message to a network; and (3) during receiving the data, acquiring UDP data message reaching the port G-Port through the NSPC, judging whether the message is subjected to the NSPC encapsulation, if so, removing the encapsulation of the message, pushing the data to a corresponding application program and waiting for further processing.

Presented are systems and methods for monitoring communication link performance between a communication device located behind a NAT, which is coupled to a communication device via a communication link, while enabling NAT traversal. Various embodiments utilize periodic transmissions of a short burst of communication packets between communication devices to monitor communication link performance. To monitor whether a link can support a particular service, a minimum required data rate of the service may be compared to a lower bound of the throughput measured by the dispersion of packets and by detecting excessive queueing delay. Once a problem is detected, a more accurate performance measurement may be triggered. Periodic communication enables NAT traversal via NAT hole puncturing. Overall, communication devices may maintain connection across a NAT, while monitoring communication link performance.

The invention provides a NAT penetration-based video monitoring access strategy and a realization method. The method comprises a network protocol, a penetration server and an agent server, wherein the network protocol refers to a complete NAT penetration flow as the basis of communication between a subsequent apparatus and a server; the penetration server refers to performing processing on a communication command at an apparatus end according to the network protocol so as to finish a NAT penetration process in a cooperative manner, and carrying out basic management on the apparatus actively registered over the server; and the agent server refers to forwarding the data of communication between the apparatus and a client end after the NAT penetration process fails according to the network protocol. According to the invention, the simple and convenient equipment arrangements enable the problems and defects in the prior art to be well handled, and ideal effects are achieved.

The invention belongs to the technical field of network communication, and in particular relates to a video monitoring-based front-end video-on-demand traversal method of NAT. The method realizes the front-end video-on-demand traversing NAT function in the video monitoring service through the media distribution server. The media distribution server allocates different TCP listening ports to the front-end by adding an independent on-demand server module, and tells the front-end through the central management server that the client and the front-end actively connect to establish a TCP connection to transmit RTSP signaling messages. The media distribution server receives the RTSP signaling from the client and forwards it to the front end through necessary simple modifications to complete the establishment of the RTSP signaling; the transmission of the RTP data packet only needs the client to actively and regularly send detection packets to the media distribution server. The invention is simple, convenient and feasible to realize. The client can easily traverse NAT without changing the original video-on-demand process, and the server does not need to allocate any resources before the client establishes the RTSP process, which is efficient and easy to expand.

Methods, Systems, and Apparatus of Providing QoS and Scalability in the Deployment of Real-Time Traffic Services in Packet-based Networks are disclosed. The aim of the invention is to provide QoS for both realtime and non-real-time traffic streams.The invention presents an architectural framework coupled with the functional apparatus necessary to deploy services like Voice over IP (VOIP) in a scalable way in spite of network limitations such as shortage in IPV4 addresses, NAT traversal, and the processor-intensive requirements of RTP termination. Methods to solve these problems associated with large-scale VoIP deployment by distributing application gateways are presented. More importantly, the approach serves to provide consistent broadband performance over access technologies which are prone to capacity degradation due to unregulated admission of real-time traffic streams like VoIP and IP Television.The paper gives emphasis on broadband wireless because of its shared access mechanism.

The invention provides a method and a system for realizing symmetrical NAT traversal based on big data analysis in P2P application. The method comprises: user nodes after symmetrical NAT send the internal network and external network IPs and the port information of NAT to an NAT port analysis server; the analysis server returns a port prediction list to the user nodes if finding out a port distribution rule; if the port distribution rule is not found, the analysis server returns failure information, and then the user nodes originate binding requests to an STUN server and send the obtained NAT port distribution information to the analysis server to obtain the port prediction list; the user nodes exchange the IP and port information with each other and starts to negotiate and traverse; after successful traversal, the NAT latest port distribution information is sent to the analysis server. The symmetrical NAT traversal method has the advantage of reducing the port prediction performance consumption of the user nodes while improving the symmetrical NAT traversal success ratio and efficiency. A simple and convenient engine policy updating / maintaining mode reflects flexibility and maintainability.

The invention relates to the field of a computer network and particularly provides a sharing method based on NAT (Network Address Translation) penetration, wherein two clients which are respectively positioned in different private networks can penetrate through the respective NAT equipment to carry out the stable and reliable data transmission by establishing a tunnel based on a TCP (Transmission Control Protocol). The method provided by the invention can be used for flexibly realizing the data receiving and transmitting among different networks, realizing the communication among different network segments and further supporting the safe and reliable sharing application among different private network users.

Disclosed are methods and apparatus for facilitating translation of packet addresses (or ports) by one or more translation devices (e.g., NAT devices) using a specialized protocol to handle an address (or port) that is used to form part of a payload. In one implementation, this specialized protocol is referred to as Network Layer Signaling (NLS). As a packet traverses along a path containing one or more translation devices, each translation device is configured to translate an address (or port) of such packet's IP header if the packet is traversing between different domains (e.g., traversing between a private and public domain or between two different private domains). One or more of these translation devices may also be configured to implement the specialized protocol which includes translation device traversal mechanisms for detecting whether the traversal path contains a translation device that fails to implement such specialized protocol. When such a failure is detected, recovery mechanisms are also triggered.

The invention provides an NAT (Network Address Translation) penetration method, an NAT penetration device, NAT penetration equipment and a storage medium. The method comprises the steps that a first server obtains an NAT type corresponding to a first host and an NAT type corresponding to a second host; The first server sends first role distribution information to the first host and sends second role distribution information to the second host; The first host acquires an external network address of the second host; The first host sends n first data packets through the first NAT device; The second host obtains an external network address of the first host; The second host sends m second data packets to the first host through a second NAT device according to the external network address of the first host; The first host receives a second data packet forwarded by the first NAT device from the second host; And after receiving the second data packet, the first host establishes a transmissionlink with the second host. The mode of multi-port reservation and multi-port detection provided by the invention is helpful for reducing the difficulty of port detection and improving the success rate of NAT penetration.

Systems, apparatuses and methods are described for facilitating connection between two or more clients across a network that includes network address translators (NATs). In a particular implementation, the techniques include peer-to-peer (P2P) traffic processing and network address translator (NAT) traversal. Low cost data traffic processing techniques with minimal server intervention are disclosed. The techniques can establish direct connections between clients located in private networks behind NATs. In the case where the clients are each behind a symmetric NAT, the connection can be established indirectly via a non-symmetric NAT (used as a relay) which establishes connection with both symmetric NATs using the disclosed direct connection techniques.

The invention discloses a multi-person voice video call method based on WebRTC, and the method comprises the following steps: enabling users to send multiple call requests at the same time through specifying connection room number Room IDs and room sizes; finally achieving the multi-person voice video call through the building of P2P connection between each two users. A communication mechanism based on WebRTC enables a system to be flexible in operation, to be quick in response and to be low in delay. A series of signal exchange and SDP negotiation is needed in the P2P connection building process. Faced with a complex network environment, the mature NAT penetrating technology can enable the users in different local area networks to communicate with each other directly. Based on the development of an Android platform, the method can be applied to various types of mobile equipment more widely, improves the applicability and flexibility, and is suitable for a small-scale multi-person voice video call.