Transport Layer Connectivity for Mobile Peer-to-Peer Applications

1
Transport Layer Connectivity for Mobile
Peer-to-Peer Applications

• T-106.5820 Seminar on Distributed Systems
• Peer-to-peer Systems with Mobile Applications

2
Agenda

• Problem definition
• Solution NAT Traversal techniques
• Tests
• Test setup
• Measured characteristics and test results
• Conclusions

3
Problem definition

• How to connect from one NATted host to
  another...?
• Discovery? Filtering?
• ...and in a mobile context?
• -gt Solution NAT Traversal

4
NAT Traversal Introduction (UDP)
5
NAT Traversal Introduction (UDP)
6
NAT Traversal Introduction (UDP)
7
NAT Traversal Introduction (UDP)
8
TCP NAT Travesal Techniques

• The are TCP NAT travesal techniques which are
  known to work in fixed networks with consumer
  NATs (some up to 88 percent of cases)
• Two groups
• Packet forging based techniques
• TCP simultaneous open based techniques

9
TCP Opening Sequences
Regular 3-way handshake
Simultaneous open
10
NAT Traversal Techniques Based on TCP
Simultaneous Open

• In TCP simultaneous open both peers initiate a
  connection to the other. This results in an
  unsual packet sequence (SYN-out, SYN-in,
  SYN-ACK-out) to be seen by both peers. According
  to TCP spec this is a valid connection sequence.
• Techniques include P2P NAT and STUNT 2
• Peer A uses an initial SYN to create a mapping in
  the NAT, this mapping is used by peer B to send
  an incoming SYN
• STUNT 2 performs this is in a deterministic
  manner, where as in P2P NAT both peers attempt a
  connection simultaneous
• Key issues
• Does the NAT assign ports in a predictable
  manner?
• Does the NAT accept the NAT accept simultanous
  open sequence (SYN-out-SYN-in)?

STUNT 2
P2P NAT
11
NAT Traversal Techniques Based on Packet Forging

• Techniques include NATBLASTER and STUNT 1
• SYN-ACK packet is forged in response to the
  peers initial SYN
• Forging a SYN-ACK requires the peer to record
  their SYNs initial sequence number
• In NATBLASTER the SYN-ACKs are forged by the
  peers themselves, where as in STUNT 1 the
  SYN-ACKs are forged (spoofed) by a server
• Key issues
• Does the NAT assign ports in predictable manner?
• Are the peers able to record the initial sequence
  number (and forge packets)?

STUNT 1
NATBLASTER
12
Are These Techniques Useful in a Mobile Context?

• Is the mobile device capable?
• Yes, Symbian OS does support RAW sockets and
  binding several sockets to one port
• Are the characteristics of operator
  NATs/firewalls suitable?
• Testing is needed

13
Tests

• There are several characteristics of NATs that
  affect the feasability of NAT traversal
• Test software was originally developed for
  testing consumer NATs in fixed networks
• Tests were performed in several major operators
  networks from around the world.
• Elisa (Finland)
• Sonera (Finland)
• Chungwa Telecom (Taiwan)
• Starhub (Singapore)
• China Unicom (China)
• ATT (USA)

14
1 Which Operators Use a NAT?

• Three of the six operators used NAT
• Others allocated public addresses for their
  mobile terminals and (possibly) used a firewall

Operator NAT
Starhub Yes
China Unicom No
ATT Yes
Sonera Yes
Elisa No
Chungwa Telecom No
15
2 NAT Mapping

• How does the NAT external ports for outgoing
  connections from the same local port?
• The mapping can be
• Independent all mapped to the same port
• Address all connections to the ext. address are
  mapped the same port
• Port all connections to the same ext. port are
  mapped to the same port
• Address and Port
• Connection each outgoing connection is assigned
  a different port
• When the does change is the new port assigned
  randomly or with fixed offset (typically 1 or 2)
  to the previous port?

Operator NAT Mapping
Starhub Connection (Random)
China Unicom No NAT
ATT Independent
Sonera Connection (Random)
Elisa No NAT
Chungwa Telecom No NAT
16
3 Endpoint Filtering

• How are incoming packets filtered by the host?
  Which are allowed to use the mapping?
• Endpoint filtering can be based on
• Independent all packets are allowed use the
  mapping
• Address only packets from the same address are
  allowed use the mapping
• Port only packets from the same port are
  allowed to use the mapping
• Address and Port

Operator Endpoint Filtering
Starhub Address and Port
China Unicom Address and Port
ATT Address and Port
Sonera Address and Port
Elisa Address and Port
Chungwa Telecom Open
17
4 TCP State Tracking

• How does the NAT track the state of connection?
• What are allowed packet sequences?
• Which packet sequences close a mapping?
• Does the NAT accept TCP simultaneous open?

  Sequence (for SO techiques) Sequence (for SO techiques) Sequence (for SO techiques) Sequence (for SO techiques) Sequence (for packet forging techniques) Sequence (for packet forging techniques) Sequence (for packet forging techniques)
Operator Unsolic. Sout-Sin Sout-RST-Sin Sout-ICMP-Sin SYN-SYN-ACK SYN-RST-SYN-ACK SYN-ICMP-SYN-ACK
Starhub dropped dropped dropped dropped accepted dropped accepted
China Unicom dropped accepted accepted accepted accepted accepted accepted
ATT dropped accepted accepted accepted accepted accepted accepted
Sonera dropped dropped dropped dropped accepted dropped accepted
Elisa dropped dropped dropped dropped accepted accepted accepted
Chungwa Telecom accepted accepted dropped dropped accepted accepted accepted
18
5 Filtering Response

• When the NAT filters a packet does it silently
  drop it or respond with TCP RST?
• All the tested NATs/firewall silently dropped
  filtered packets

6 Packet Mangling

• Does the NAT change the sequence numbers of
  packets?
• None of the NATs mangled packets

19
Conclusions

• TCP NAT traversal techniques for fixed networks
  are feasible in mobile context
• Simultaneous open techniques feasible 3/6
  networks
• China Unicom, ATT, Chungwa Telecom
• Packet forging techniques feasible in 4/6
  networks
• China Unicom, ATT, Chungwa Telecom and Elisa
• NAT traversal easily allowed/disallowed by
  operator
• Depends on the type of service operator wishes to
  provide