MSDN Documentation

Advanced Networking: NAT Traversal in Game Development

Network Address Translation (NAT) is a common feature in home and corporate networks that allows multiple devices to share a single public IP address. While it conserves IP addresses, it poses a significant challenge for peer-to-peer (P2P) networking, especially in online gaming where direct communication between players is often required. This document explores the complexities of NAT traversal and various techniques used to overcome these obstacles.

Understanding NAT and Its Impact

NAT works by modifying the IP address and port information in packet headers as they pass between a private network and the internet. This typically involves a NAT device (router) maintaining a table of active connections. When a device on the private network initiates a connection to an external server, the NAT device records the mapping between the device's private IP:port and a unique public IP:port assigned by the router. Incoming packets destined for that public IP:port are then forwarded to the correct private device.

The problem arises when a device on the internet (another player's computer) tries to initiate a connection to a device behind a NAT. Without any prior communication initiated from the inside, the NAT device doesn't know which internal device to forward the incoming packet to, and the connection fails. This is often referred to as the "hole punching" problem.

Common NAT Types and Challenges

Different NAT devices implement NAT in various ways, leading to different NAT types with varying degrees of difficulty for traversal:

• Full Cone NAT (One-to-One NAT): The most permissive. Once an internal client maps an external address, any external host can send data to that internal client using the mapped external address.
• Restricted Cone NAT: An external host can send data to an internal client only if the internal client has previously sent data to that external host's IP address.
• Port Restricted Cone NAT: Similar to Restricted Cone NAT, but the external host must also send data to the same external port that the internal client previously used.
• Symmetric NAT: The most restrictive. If a client sends a UDP packet to the same destination from the same private IP:port to two different destination IP addresses, the NAT device may map them to two different external IP:port mappings. Subsequent incoming packets are only allowed if they arrive from the specific destination IP address and port that the client previously sent a packet to.

NAT Traversal Techniques

Several techniques have been developed to enable P2P communication through NAT:

1. UDP Hole Punching

This is a widely used technique for UDP-based communication. The core idea is to have both peers attempt to send packets to each other simultaneously, thereby creating "holes" in their respective NAT devices. A third-party server (a rendezvous server) is usually involved to facilitate this:

1. Both peers (Player A and Player B) connect to a public rendezvous server.
2. Player A registers its presence and tells the server it wants to connect to Player B.
3. Player B does the same.
4. The rendezvous server, knowing the public IP addresses and ports of both players (as seen by the server), informs Player A about Player B's public IP and port, and vice-versa.
5. Both Player A and Player B then start sending UDP packets to each other's reported public IP and port.
6. When Player A sends a packet to Player B's reported public IP:port, Player A's NAT creates an outbound mapping.
7. When Player B sends a packet to Player A's reported public IP:port, Player B's NAT creates an outbound mapping.
8. If the NATs are not too restrictive (e.g., not Symmetric NAT), the packets sent by Player A might arrive at Player B's NAT, and the packets sent by Player B might arrive at Player A's NAT. The NAT devices, seeing the incoming packets from the expected source and destination, will then allow the traffic through, effectively "punching a hole."

2. STUN (Session Traversal Utilities for NAT)

STUN is a protocol that allows a client to discover its public IP address and NAT mapping information. A STUN client sends a request to a STUN server, which then responds with the client's source IP address and port as seen by the server. This information can be used to inform other peers about the client's external address.

While STUN helps discover addresses, it doesn't inherently solve the problem of unsolicited incoming connections. It's often used in conjunction with other techniques.

3. TURN (Traversal Using Relays around NAT)

TURN is a more robust but less efficient solution. When direct P2P communication fails (e.g., due to Symmetric NAT or firewalls), TURN allows clients to relay their traffic through a TURN server. The TURN server acts as an intermediary, forwarding packets between peers. This guarantees connectivity but introduces latency and bandwidth costs, as all data passes through the relay server.

4. UPnP (Universal Plug and Play) and NAT-PMP (NAT Port Mapping Protocol)

These protocols allow applications on a local network to automatically request port forwarding rules from the NAT device. If the NAT device supports UPnP/NAT-PMP and it's enabled, an application can open specific ports, making itself directly accessible from the internet. This is the simplest method for users but relies on router support and user permission.

Implementation Considerations for Game Developers

• Choose the Right Protocol: UDP is generally preferred for real-time game data due to its lower latency, making UDP hole punching a common starting point.
• Rendezvous Server: A reliable matchmaking or lobby server is crucial to coordinate P2P connections.
• Fallback Mechanisms: Always implement fallback strategies. If hole punching fails, consider using a TURN server or even a dedicated game server.
• NAT Type Detection: Libraries and tools can help detect the type of NAT a client is behind, allowing for more tailored connection attempts.
• Firewall Rules: Remind users that strict firewalls can still block connections, even with successful NAT traversal techniques.

Conclusion

NAT traversal is a critical aspect of building successful multiplayer games. By understanding the challenges posed by NAT and employing appropriate techniques like UDP hole punching, STUN, TURN, and UPnP, developers can ensure that players can connect and play together seamlessly, regardless of their network configurations.

Further Reading:

• RFC 5766: Traversal Using Relays around NAT (STUN)
• RFC 3489: STUN - Simple Traversal of UDP Through NATs
• UPnP Device Architecture