Dan Kolis wrote:
Yes indeed. Probably the #1 biggest use for STUN short
term is going to be SIP. It seems like not too much
information has to go thru the known reachable machine.
Maybe just about the same loading as a DNS server?
Masataka Ohta wrote:
Wrong.
No. _you_ are wrong, Dan is right, it's a glorified DNS server that
instead of resolving names to addresses resolves names to addresses +
ports. In case of P2P, there is also the load associated with searches.
So, two hosts behind NAT can't talk if they don't have a port open can
they?
Here's how it works:
- Dan and Michel are two hosts behind NAT. They both use the same P2P
app. Both their NAT boxes are default config, no ingress open.
- Dan wants to download the file "unforgiven.mp3" that Michel has.
- Michel opens a connection to the P2P server.
- Michel to P2p server: I have "unforgiven.mp3"
- Dan opens a connection to the P2P server.
- Dan to P2P server: search "unforgiven.mp3"
- P2P server to Dan: Michel has it, his IP
address is M.I.P.A
(P2P server knows Michel's public address as
being the src address on Michel's open session)
- Dan to Michel: UDP packet, src port randomA,
dst port randomB, "hello".
(this packet is discarded at Michel's NAT but
opens the NAT hole on Dan's NAT).
- Dan to P2P server: tell Michel that I need to
talk on randomA, randomB.
- P2P server to Michel: BTW, Dan at IP D.I.P.A
needs to talk to you on randomA, randomB.
- Michel to Dan: UDP packet, src port randomB,
dst port randomA, "hi there, what is the name
of the pirated mp3 you want?".
(this opens the NAT hole on Michel's NAT _and_
does reach Dan's host, as the hole was opened
before).
- Dan to Michel (direct, now goes through):
"unforgiven.mp3"
Voila.
If you don't understand/can't code what's above, don't worry: I know
plenty of 16-years-old that can code it for me in exchange for the
latest 60GB mp3 player.
Michel.
P.S. I never had "unforgiven.mp3". Metallica is not the kind of stuff I
listen to.