225 results about "NAT traversal" patented technology

The subject invention relates to systems and methods that facilitate direct network communications between peers that operate behind Network Address Translators. In one aspect, a network communications system is provided. The system includes one or more Network Address Translators (NAT) to communicate data across a network between peers. A protocol selection component that automatically selects among a plurality of protocols according to one or more NAT types in order to determine a subset of the protocols that facilitate communications between the peers.

Firewalls and network address translators (NAT) provide many advantages for client and the Internet itself, however, these devices break many existing transmission control protocol (TCP)/Internet Protocol (IP) applications, since they conceal the identity of IP clients (i.e., peers) and block transmission control protocol (TCP) call setup requests. Firewalls and NATs make it impossible for one TCP peer to discover another and establish a connection. Embodiments of this invention provides a system and a protocol to enable two TCP peers that exist behind one or more firewalls and NATs to automatically setup a true peer-to-peer TCP connection and exchange data without making changes to the firewall or NAT devices or existing TCP-based applications. In embodiments of this invention, the synchronization between the blind TCP peers is achieved using a system that consists of a registration server, an agent application, and a virtual network interface that together relay and replicate the control signals between the two TCP peers. In addition, embodiments of this invention are also used to traverse the NAT and establish a bi-directional peer-to-peer TCP connection in the firewall.

A peer-to-peer collaboration system in which changes to a shared space may be broadcast to all of the peers in a collaboration session using messages sent with a combination of addressing techniques. Messages may be addressed for direct peer-to-peer transmission, indirect transmission through another peer or indirect transmission through a server. The type of addressing used to communicate with each peer is determined through the use of a routing table. The routing table defines interconnected groups of peers and may be used to select one or more peers in each group as the initial recipients of the message. The initial recipients may forward the message to other peers within their groups, such that all peers receive the message. For peers behind a NAT, one or more NAT traversal techniques may be used to obtain information to construct the routing table.

A method for implementing communication between at least two client devices is provided. The first client device of the at least two client devices is disposed externally with respect to a firewall of an internal network. The method includes performing NAT (Network Address Translation) traversal between the first client device and a media server that is disposed internally with respect to the firewall of the internal network. The NAT traversal is configured to ascertain a NAT scheme employed for exchanging packets with the first client device. The method also includes establishing a communication path at least between the media server and the first client device, wherein logic for implementing the NAT traversal and logic for implementing the establishing the communication path are both implemented in the media server. The method further includes employing the media server to facilitate the communication.

The present invention provides an NAT (Network Address Translator) traversal method in Session Initiation Protocol (SIP) for solving the problems of SIP in Internet phone (VoIP) under current Internet environment. In other words, the present invention solves the SIP problems caused by NAT (Network Address Translator) that P2P (Peer to Peer) transmission cannot traverse the NAT firewall directly. The major content of the present invention is that the computer conducts multiple detections before issueing an Invite message in order to detect the rule of the NAT server to assign port number

Handling of multiple connections during NAT traversal for a node behind a symmetric NAT is disclosed. The likelihood of connection failure during symmetric NAT traversal may be reduced by serializing critical time windows after port prediction. Once port prediction has begun for a first connection, port prediction for a subsequent connection may be delayed until a connectivity check has begun for the first connection. This process may be repeated to handle NAT traversal for multiple simultaneous connections to different nodes.

A system, apparatus and method to use private IP addresses to designate host devices or nodes in different networks for communication purposes are described. Various embodiments of the invention address the problem of a shortage of public IP addresses under IPv4 architecture. In one embodiment of the invention, dynamic NAT penetration capabilities are provided which consequently expand the capability of running peer-to-peer applications on the Internet.

In order to realize NAT traversal communication at low cost and without fail, local communication terminals connected as subordinates of a first router having a UPnP™ function obtain an IP address and a port number, both to be converted by a NAT function of the first router, on the basis of a UPnP™ protocol to register them in a relay server as exchange information for the NAT traversal. Local communication terminals connected as subordinates of a second router without the UPnP™ function specify an IP address to be converted by the NAT function of the second router on the basis of a packet obtained from a STUN server and estimate a port number to be converted by the NAT function of the second router to register them in the relay server as the exchange information for the NAT traversal. The present invention may be applied to a personal computer.

A communication device, system and method for managing the local network device remotely include: a local gateway acquires the topology structure and the configuration information of the local network device, and sends them to a remote management server; the remote management server generates configuration instruction to manage the local network device accordingly. The local gateway can manage the local network terminal uniformly, and it is unnecessary that all terminals of the local network support the remote network management protocol. Moreover, the remote management server can easily know the condition of the network organization of the whole local network and optimize the configuration based on the topology of the local network. The solution of the present invention can omit the related information redundancy of the gateway and terminal, reduce the cost of consistency management, and simplify the NAT traversal mechanism when the remote management server visits the private network terminal

The invention provides a method and a system for realizing NAT traversal in a P2P network. The method comprises the following steps: a user node registers on a NAT server; the user node determines a network type of the user node as a node in a public network or a node in an internal network by interacting with the NAT server; if the user node is the node in the public network, the NAT traversal is realized through the reverse connection of an opponent node; and if the user node is the node in the internal network, the opponent node and the user node are determined not to be in the same internal network through the broadcasting in the internal network, and the NAT traversal is realized by using a UDP for hole punching and simulating a TCP mode. Compared with the prior NAT traversal system, the method for the NAT traversal in P2P network environment has the characteristics of reliability and high efficiency.

A message passing protocol allows two clients to establish a connection even when the clients are behind different NAT devices such as NAT firewalls. Beneficially, the protocol does not require that either client has knowledge of where the other client is located (e.g., behind the same NAT device or behind a different NAT device). When two clients want to establish a connection, the clients exchange identifying information with each other by passing the information through a rendezvous server. Based on the identifying information, each client determines and sends a plurality of synchronization packets to a number of different predicted addresses. When synchronization packets reach the actual addresses of both devices, a connection can be established between the clients.

By providing a virtual network interface (1140) to a platform or an operating system wide implementation of the STUN protocol and its TURN extension, the invention allows applications (1110, 1120, 1130) located in a private network behind a NAT to communicate with their respective peers (1321, 1322, 1323) using sockets as usual while still getting the full benefit of the STUN protocol and its TURN extension for NAT traversal purposes.

A system for providing network access translation device traversal to facilitate communications is provided. The system includes a network access translation (NAT) device, a first Session Initiation Protocol (SIP) client located on the interior of the NAT device, a second SIP client located on the exterior of the NAT device, and a proxy server configured to maintain registration information relating to the first SIP client and the NAT device. The proxy server is further configured to allow the second SIP client to initiate contact with the first SIP client and establish a communication session using the registration information. The communication session is established by traversing the NAT device.

Presented are systems and methods for monitoring communication link performance between a communication device located behind a NAT, which is coupled to a communication device via a communication link, while enabling NAT traversal. Various embodiments utilize periodic transmissions of a short burst of communication packets between communication devices to monitor communication link performance. To monitor whether a link can support a particular service, a minimum required data rate of the service may be compared to a lower bound of the throughput measured by the dispersion of packets and by detecting excessive queueing delay. Once a problem is detected, a more accurate performance measurement may be triggered. Periodic communication enables NAT traversal via NAT hole puncturing. Overall, communication devices may maintain connection across a NAT, while monitoring communication link performance.

The network address translation (NAT)-based method of bypassing Internet access denial uses NAT as an identity-hiding technique to bypass Internet access denial. The victim network uses NAT routers as a gateway to connect to neighboring networks, and uses a set of non-blocked Internet protocol (IP) addresses as the NAT routers' external public IP addresses. These addresses are not part of the IP ranges registered to the victim network. Rather, they are obtained from a neighboring network. The outgoing packets, therefore, will not be blocked by the malicious ISP, as they will not be recognized as part of the victim network. The method is scalable and has minimal network performance impact. Although NAT introduces some connectivity limitations, these are overcome by using application-layer routing for server reachability behind NAT, and NAT traversal techniques for peer-to-peer (P2P) applications.

Methods, Systems, and Apparatus of Providing QoS and Scalability in the Deployment of Real-Time Traffic Services in Packet-based Networks are disclosed. The aim of the invention is to provide QoS for both realtime and non-real-time traffic streams.

The invention presents an architectural framework coupled with the functional apparatus necessary to deploy services like Voice over IP (VOIP) in a scalable way in spite of network limitations such as shortage in IPV4 addresses, NAT traversal, and the processor-intensive requirements of RTP termination. Methods to solve these problems associated with large-scale VoIP deployment by distributing application gateways are presented. More importantly, the approach serves to provide consistent broadband performance over access technologies which are prone to capacity degradation due to unregulated admission of real-time traffic streams like VoIP and IP Television.

The paper gives emphasis on broadband wireless because of its shared access mechanism.

The invention provides a method and a system for realizing symmetrical NAT traversal based on big data analysis in P2P application. The method comprises: user nodes after symmetrical NAT send the internal network and external network IPs and the port information of NAT to an NAT port analysis server; the analysis server returns a port prediction list to the user nodes if finding out a port distribution rule; if the port distribution rule is not found, the analysis server returns failure information, and then the user nodes originate binding requests to an STUN server and send the obtained NAT port distribution information to the analysis server to obtain the port prediction list; the user nodes exchange the IP and port information with each other and starts to negotiate and traverse; after successful traversal, the NAT latest port distribution information is sent to the analysis server. The symmetrical NAT traversal method has the advantage of reducing the port prediction performance consumption of the user nodes while improving the symmetrical NAT traversal success ratio and efficiency. A simple and convenient engine policy updating/maintaining mode reflects flexibility and maintainability.

The invention relates to the field of a computer network and particularly provides a sharing method based on NAT (Network Address Translation) penetration, wherein two clients which are respectively positioned in different private networks can penetrate through the respective NAT equipment to carry out the stable and reliable data transmission by establishing a tunnel based on a TCP (Transmission Control Protocol). The method provided by the invention can be used for flexibly realizing the data receiving and transmitting among different networks, realizing the communication among different network segments and further supporting the safe and reliable sharing application among different private network users.

Disclosed are methods and apparatus for facilitating translation of packet addresses (or ports) by one or more translation devices (e.g., NAT devices) using a specialized protocol to handle an address (or port) that is used to form part of a payload. In one implementation, this specialized protocol is referred to as Network Layer Signaling (NLS). As a packet traverses along a path containing one or more translation devices, each translation device is configured to translate an address (or port) of such packet's IP header if the packet is traversing between different domains (e.g., traversing between a private and public domain or between two different private domains). One or more of these translation devices may also be configured to implement the specialized protocol which includes translation device traversal mechanisms for detecting whether the traversal path contains a translation device that fails to implement such specialized protocol. When such a failure is detected, recovery mechanisms are also triggered.

Systems, apparatuses and methods are described for facilitating connection between two or more clients across a network that includes network address translators (NATs). In a particular implementation, the techniques include peer-to-peer (P2P) traffic processing and network address translator (NAT) traversal. Low cost data traffic processing techniques with minimal server intervention are disclosed. The techniques can establish direct connections between clients located in private networks behind NATs. In the case where the clients are each behind a symmetric NAT, the connection can be established indirectly via a non-symmetric NAT (used as a relay) which establishes connection with both symmetric NATs using the disclosed direct connection techniques.

The invention discloses a multi-person voice video call method based on WebRTC, and the method comprises the following steps: enabling users to send multiple call requests at the same time through specifying connection room number Room IDs and room sizes; finally achieving the multi-person voice video call through the building of P2P connection between each two users. A communication mechanism based on WebRTC enables a system to be flexible in operation, to be quick in response and to be low in delay. A series of signal exchange and SDP negotiation is needed in the P2P connection building process. Faced with a complex network environment, the mature NAT penetrating technology can enable the users in different local area networks to communicate with each other directly. Based on the development of an Android platform, the method can be applied to various types of mobile equipment more widely, improves the applicability and flexibility, and is suitable for a small-scale multi-person voice video call.