1. Field of the Invention
The present invention relates to an IP (Internet Protocol) communication apparatus and a NAT (Network Address Translation) type determination method performed by the IP communication apparatus, the IP communication apparatus being connected to a wide-area network via a relay apparatus that has a NAT function.
2. Description of Related Art
Conventionally, an IP communication apparatus (IP telephone apparatus and the like) connected to a LAN (Local Area Network) at office or home is generally connected to a WAN (Wide-Area Network) via a predetermined relay apparatus (router and the like). As such a relay apparatus, there is a relay apparatus installed with a NAT function for transparently performing conversion between a private IP address, which is valid only on a LAN, and a global IP address, which allows access to an external WAN. Such a relay apparatus has advantages, including increased flexibility in providing IP addresses to apparatuses connected to the LAN and improved security on the LAN.
However, to access an IP telephone service using such an IP communication apparatus connected to the WAN via the relay apparatus having the NAT function, for example, SIP (Session Initiation Protocol) or the like, which is used as a call control protocol, adds a private IP address and port number to a data potion of an IP packet for communication. Thus, the NAT function, which converts only an IP address in a header portion of an IP packet, cannot convert the IP address in the data portion. In addition, even when attempting to add a global IP address to the data portion of the IP packet, the IP communication apparatus has a problem where the apparatus cannot recognize the global address and port number information that the apparatus uses. As a result, a commonly-called NAT traversal problem has arisen, where the relay apparatus blocks delivery of a communication packet from the WAN side to the LAN side.
To address such problems, methods are known that use STUN (Simple Traversal of User Datagram Protocol). For instance, installing a STUN server for providing information on the global network allows the IP communication apparatus to obtain information required for NAT traversal (global IP address, port number, NAT type, and the like).
Conventional technology to achieve NAT traversal using the STUN protocol is known in an information communication system, for example, where a plurality of terminal apparatuses are respectively connected to different routers and perform P2P (Peer to Peer) communication over the Internet. When the connected router has a UPnP function, the terminal apparatus obtains a global IP address and port number based on a UPnP protocol, and registers the obtained information in an information controller on the Internet as exchange information. When the connected router has no UPnP function, on the other hand, the terminal apparatus obtains a global IP address and port number based on the STUN protocol, and registers the obtained information in the information controller as exchange information. For communication between the terminal apparatuses, the apparatuses mutually obtain the exchange information of the apparatuses to communicate with, so as to achieve NAT traversal communication using the obtained exchange information (see Related Art 1).
[Related Art 1] Japanese Patent Laid-open Publication No. 2005-151142
The algorithm defined by RFC (Request For Comment) 3489 issued by the IETF (Internet Engineering Task Force) categorizes NAT into the following four types: full cone, restricted cone, port restricted cone, and symmetric.
FIG. 10 illustrates an example of a flow for determining a NAT type according to the algorithm defined by RFC 3489; and FIGS. 11A to 11D illustrate an overview of transmission tests executed for the determination.
As shown in FIG. 10, a terminal apparatus that determines a NAT type first executes a transmission test (I) (ST 101). In the transmission test (I), as shown in FIG. 11A, the terminal apparatus transmits a binding request to a first destination of a STUN server, which is IP address A and port number p (a similar combination of IP address and port number is hereinafter referred to, such as “Address (A, p)”), via a router that has a NAT function. In this case, a CHANGE-REQUEST (source information change request) attribute, which requests change of a source IP address and port number in a binding response, is not specified for the STUN server. Subsequently, the terminal apparatus determines whether or not there is a response from the STUN server (ST 102). When there is no response, the terminal apparatus determines: “(1) A firewall exists that blocks UDP.” On the other hand, when receiving a binding response from the STUN server (ST 102: Yes), the terminal apparatus determines whether or not an IP address added as a MAPPED-ADDRESS (mapping address) attribute thereof (i.e., a source IP address in the binding request received by the STUN server) is identical to a private IP address of the terminal apparatus (ST 103).
When the IP addresses are identical, the terminal apparatus determines that the terminal apparatus is not under control of NAT, and further executes a transmission test (II) (ST 104). In the transmission test (II), as shown in FIG. 11B, the terminal apparatus transmits a binding request to the same destination as in the transmission test (I) (Address (A, p)). In the CHANGE-REQUEST attribute, however, the terminal apparatus sets an IP address and port number different from the destination of the binding request (Address (B, q)), as a source address when the STUN server responses. Then, the terminal apparatus determines whether or not there is a response from the STUN server (ST 105). When there is no response, the terminal apparatus determines: “(2) An address is not converted, but a firewall exists that blocks UDP, such as symmetric NAT.” On the other hand, when receiving a binding response from the STUN server (ST 105: Yes), the terminal apparatus determines: “(3) Open Internet that has no access limit.”
Meanwhile, when the IP addresses are not identical in ST 103 (i.e., the terminal apparatus is under control of NAT), the terminal apparatus executes the transmission test (II) similar to ST 104 (ST 106), and determines whether or not there is a response from the STUN server (ST 107). When there is a response, which is from the IP address and port number different from the destination of the binding request (Address (B, q)) as instructed, the terminal apparatus determines that the router's NAT type is “(4) Full cone.” On the other hand, when there is no response (ST 107: No), the terminal apparatus subsequently executes a transmission test (I′) (ST 108). In the transmission test (I′), as shown in FIG. 11D, the terminal apparatus transmits a binding request to a second destination of the STUN server, which is Address (B, q), via the router. Similar to the transmission test (I), the CHANGE-REQUEST attribute is not specified in this case.
Thereafter, when receiving a binding response from the STUN server to the binding request in the transmission test (I′), the terminal apparatus determines whether or not an IP address and port number added as the MAPPED-ADDRESS attribute thereof (i.e., a source IP address and port number in the binding request received by the STUN server) are identical to the IP address and port number added as the MAPPED-ADDRESS attribute in the preceding transmission test (I) (ST 109). When the IP address and port number are not identical, which indicates that the port number of the source router is changed when the binding request is transmitted to the different IP address of the STUN server, the terminal apparatus determines that the NAT type is “(5) Symmetric NAT.”
Meanwhile, when the IP addresses are identical in ST 109, the terminal apparatus subsequently executes a transmission test (III) (ST 110), and determines whether or not there is a response from the STUN server (ST 111). In the transmission test (III), as shown in FIG. 11C, the terminal apparatus transmits a binding request to the same destination as in the transmission test (I) (Address (A, p)). In the CHANGE-REQUEST attribute, however, the terminal apparatus sets a port number different from the destination of the binding request (Address (A, q)), as the source address when the STUN server responses. When there is no response, which indicates that no response is returned from the same IP address and different port number, the terminal apparatus determines that the router's NAT type is “(6) Port restricted cone.” On the other hand, when there is a response, which indicates that a response is returned as far as the IP address is identical, even though the port number is different, the terminal apparatus determines that the NAT type is “(7) Restricted cone.” As described above, the terminal apparatus under control of NAT is capable of determining the NAT type by appropriately executing the transmission tests (I) to (III) and (I′).
According to research by the inventors of the present invention, however, it is confirmed that some routers behave in a manner that may cause an erroneous determination when the above-described NAT type determination flow pursuant to RFC 3489 is employed. In the research, test packets were transmitted from a same LAN-side port number of a terminal apparatus to different addresses (a plurality of IP addresses and port numbers) through a router to be examined, and changes of WAN-side port numbers of the router were detected. FIGS. 12 and 13 illustrate a portion of results of the research conducted by the present inventors.
In FIG. 12, Test 1 (1-1 to 1-3) shows that when the LAN-side port number was set to 10000 and a test packet was first transmitted to a first destination (destination IP address: 192.168.0.200; destination port number: 17000), the WAN-side port number was set to 10000 (1-1); that when a test packet was then transmitted to a second destination (destination IP address: 192.168.0.200; destination port number: 15000), in which the port number was changed from the first destination, the WAN-side port number was similarly set to 10000 (1-2); and that when a test packet was further transmitted to a third destination (destination IP address: 192.168.0.3; destination port number: 15000), in which the IP address was changed from the second destination, the WAN-side port number was changed and set to 33576 (1-3).
Test 2 (2-1 to 2-3) shows that when the LAN-side port number was set to 20000 and a test packet was first transmitted to a first destination (destination IP address: 192.168.0.200; destination port number: 17000), the WAN-side port number was set to 20000 (2-1); that when a test packet was then transmitted to a second destination (destination IP address: 192.168.0.3; destination port number: 15000), in which the IP address and port number were changed from the first destination, the WAN-side port number was similarly set to 20000 (2-2); and that when a test packet was further transmitted to a third destination (destination IP address: 192.168.0.200; destination port number: 15000), in which the IP address was changed from the second destination, the WAN-side port number was changed and set to 33602 (2-3).
Remaining Tests 3 to 6 also show results of three test packet transmissions, in which at least the destination IP address or port number was similarly changed (changed IP addresses and port numbers are indicated with “*”). The research results on the examined router demonstrated that when the test packets were transmitted from the same LAN-side port while the destinations were changed (at least the IP address or port number was different from the immediately preceding packet), the WAN-side port number was changed when the third test packet was transmitted. FIG. 13 illustrates the research results further in detail.
In FIG. 13, Test 7 (7-1 to 7-4) shows that even when a test packet was transmitted to a first destination same as a packet transmission 7-1 (destination IP address: 192.168.0.200; destination port number: 17000), after packet transmissions 7-1 and 7-2 were executed similar to 1-1 and 1-2 in the above-described test, the WAN-side port number was similarly set to 10000 (7-3). When a test packet was further transmitted to a third destination (destination IP address: 192.168.0.3; destination port number: 15000), in which the IP address and port number were changed from the first destination, the WAN-side port number was changed and set to 33576 (7-4).
Further, Test 8 (8-1 to 8-3) shows that when the LAN-side port number was set to 20000 and a test packet was first transmitted to a first destination (destination IP address: 192.168.0.200; destination port number: 15000), the WAN-side port number was set to 20000 (8-1); that when a test packet was then transmitted to a second destination (destination IP address: 192.168.0.200; destination port number: 16000), in which the port number was changed from the first destination, the WAN-side port number is similarly set to 20000 (8-2); and when that a test packet was further transmitted to a third destination (destination IP address: 192.168.0.200; destination port number: 17000), in which the port number was set differently from the first and second destinations, the WAN-side port number was changed and set to 33018 (8-3).
The investigation results on the investigated router demonstrated that when the test packets were transmitted from the same LAN-side port to the three different destinations (at least the IP address or port number was different from the destination to which the packet had already been transmitted), the WAN-side port number was changed (i.e., the router's NAT type was subsequently symmetric).
When the NAT type determination as shown in FIG. 10 is executed using the investigated router above, only the destination in the transmission test (I′) among the transmission tests (I) to (III) and (I′) is different from others (i.e., packet transmissions are executed to two different destinations). Thus, despite the fact that the router functions as symmetric NAT subsequently, the terminal apparatus makes a wrong determination in ST 111 that the NAT type is “(6) Port restricted cone.”
Thus, when a communication is performed via NAT based on information obtained by STUN, it is generally required to confirm the NAT type in advance. When such a router as checked above is used, however, the terminal apparatus wrongly determines symmetric (subsequent) as restricted cone, and thus may not be able to properly execute a NAT traversal process. When the router in the research above is used in the conventional technology described in Related Art 1, the terminal apparatus is unable to accurately anticipate a NAT port number, and thus is difficult to properly execute the NAT traversal process.
In addition, the research by the present inventors indicate that there is a case where a certain type router changes a port number assignment rule depending on an operation environment, and thus, when the above-described NAT type determination process is routinely performed, a different NAT type is detected from a certain point onwards. One of the operations associated with the change in port number assignment rule according to the operation environment is called “port reuse.” A certain proportion of currently existing routers performs the operation.
FIGS. 14A and 14B illustrate examples of the operation environment where the port reuse operation occurs. NAT routers shown in FIGS. 14A and 14B have the port reuse property, which performs NAT setting using a port number same as a source port number of a terminal apparatus (communication apparatus or Internet connecting apparatus) connected to a LAN side.
FIG. 15 illustrates an overview of the port reuse property. As shown in FIG. 15, when transmitting to a WAN side a packet having a port number [Pa] of an Internet connecting apparatus as a source, the NAT router also uses the port number [Pa] as it is as a WAN side port number, and transmits the port number [Pa] to the WAN side. Similarly, when transmitting a packet having a port number [Pb] of the Internet connecting apparatus as the source, the NAT router uses the port number [Pb] as it is as the WAN side port number. The same applies to a case where a packet having a port number [Pc] as the source is transmitted to the WAN side. As described above, “port reuse” is a property that assigns the port number same as the source port number as the WAN side port number in the packet that includes the source port number from the LAN side apparatus.
In most cases at home, for example, a personal computer (hereinafter referred to as PC) is connected to a private side (LAN side) of a router. When an IP telephone service is additionally started, an IP telephone apparatus and the PC are both connected to the LAN side of the router in many cases. When the router has the port reuse property and, in particular, the PC is connected to the LAN side of the router, the NAT router performs the operation that assigns a port number same as a source port number as a WAN side port number, to a packet that includes the source port number from the PC throughout transfer of a large file between the PC and a WAN side server or another terminal.
Even when the communication terminal apparatus (e.g., IP telephone apparatus), which is connected to the LAN side of the NAT router having the port reuse property as shown in FIG. 14A, controls and performs the above-described the NAT type determination process, and the apparatus normally detects the NAT type as “(7) Restricted cone,” a phenomenon described below occurs when the PC and communication terminal apparatus are both connected to the same NAT router as shown in FIG. 14B.
The Internet connecting apparatus (e.g., PC) first connects to the WAN side server using the source port number Pa and starts downloading large data. When the other terminal (IP telephone apparatus) performs the NAT type determination using the source port number Pa during the download, the port number Pb is assigned instead as defined in the NAT router since the WAN side port number Pa was assigned to a communication port on the PC which started communication earlier, and thus the WAN side port number Pa cannot be to used for the IP telephone apparatus which is connected later.
As described above, when a different port number as defined in the NAT router is assigned because of a port number conflict with another apparatus, some NAT routers having the port reuse property operate in a manner similar to symmetric NAT while the port number is assigned. When the NAT type determination process is performed during the operation, the NAT type might be determined as “(5) symmetric.” In other words, the router, which functions as “cone” when the LAN-side PC is not used, changes to “symmetric” when the PC starts transferring a file with the WAN side and functions as “symmetric” during the file transfer. When the PC ends the communication, the NAT type returns to “cone.” Thus, the NAT type frequently changes according to the operation status of the LAN-side apparatus.
The above-described phenomenon may temporarily stop the IP telephone apparatus from communicating. The NAT type determination process is performed at a frequency of once an hour, for example, in FIG. 16 (Δ mark). When the LAN-side PC starts external communication, the NAT type changes (→mark) and the NAT router, which has been restricted cone, changes to symmetric in which a port number is changed per LAN-side terminal. Until the LAN-side IP telephone apparatus recognizes the NAT type change, the IP telephone apparatus performs a process similar to a case where the IP telephone apparatus wrongly recognizes the NAT type, and thus is difficult to properly perform the NAT traversal process. The IP telephone apparatus can detect the change to “symmetric” in the NAT type determination process performed after the NAT router operation has changed. After this point, when the IP telephone apparatus can detect the NAT type of the NAT router, the IP telephone apparatus can perform proper communication control for NAT traversal.
Due to change of the environment to which the NAT router is connected (end of PC communication and the like), however, there may be a case where “restricted cone” is detected in the routine NAT type determination. When the PC starts communication with an external apparatus after the detection, the IP telephone apparatus is difficult to properly perform the NAT traversal process until recognizing the NAT type by performing the NAT type determination. Such a status is repeated depending on the operation environment.
In a case where the NAT type changes according to the router's operation environment as described above, frequent communication repeated between the PC and external apparatus frequently causes a time period when the IP telephone apparatus cannot communicate, thus decreasing usability as a telephone apparatus.