1. Field of the Invention
This invention relates generally to the field of computer networking. More particularly, the invention relates to an improved apparatus and method for efficiently and securely exchanging connection data in the presence of network address translation (“NAT”) systems.
2. Description of Related Art
A. Network Address Translation (“NAT”)
Large public networks, such as the Internet, frequently have connections to smaller private networks, such as those maintained by a corporation, Internet service provider, or even individual households. By their very nature, public networks must have a commonly agreed upon allocation of network addresses, i.e., public addresses. For a variety of reasons, maintainers of private networks often choose to use private network addresses for the private networks that are not part of the commonly agreed upon allocation. Thus, for network traffic from the private network to be able to traverse the public network, some form of private/public network address translation (“NAT”) is required.
A device performing NAT operations alters the data packets being sent out of the private network to comply with the addressing scheme of the public network. Particularly, the network address translator replaces the originating private address and port number of a packet with its own public address and an assigned port number. A network address translator also alters the data packets being received for computers on the private network to replace the destination public address and port number with the correct private address and port number of the intended recipient. As used herein, the term address should be construed to include both an address and a port number if appropriate in the context, as would be understood by one of ordinary skill in the art.
NAT has become increasingly common in modern network computing. One advantage of NAT is that it slows the depletion of public network address space. For example, TCP/IP addressing, which is used on the Internet, comprises four strings of three digits each, thus providing a finite address space. Additionally, certain portions of this address space are reserved for particular uses or users, further depleting the actual number of addresses available. However, if NAT is used, a private network or subnet may use an arbitrary number of addresses, and still present only a single, standardized public address to the outside world. This makes the number of available addresses practically limitless, because each private network could, theoretically, use exactly the same private addresses.
One advantage provided by NAT is increased security arising from the fact that those on the public network cannot determine the actual (i.e., private) network address of a computer on a private network. This is because only the public address is provided on the public network by the network address translator. Additionally, this public address may correspond to any number of computers on the private network.
Different NAT types employ different levels of security. For example, with a “full cone NAT,” once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any external host can send packets to iAddr:iPort by sending packets to eAddr:ePort. With a “restricted cone NAT,” an external host with an address hAddr can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort had previously sent a packet to hAddr. The port of the external host is irrelevant. With a “Port Restricted Cone NAT,” an external host having an address/port hAddr:h Port can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort previously sent a packet to hAddr:h Port. Finally, with a Symmetric NAT, each request from the same iAddr:iPort to a specific destination IP address and port is mapped to a unique eAddr:ePort. If the same internal host sends a packet to a different destination, a different external address and port mapping is used. Only an external host that receives a packet from an internal host can send a packet back to the internal host.
B. NAT Issues with Peer-to-Peer Networking
Peer-to-peer (“P2P”) computing refers to a distributed network architecture comprised of computing nodes which make a portion of their resources directly available to other network participants. Peers in a P2P network establish direct communication channels with one another and act as both clients and servers, in contrast to the traditional client-server model in which servers supply resources and clients consume resources.
The NAT operations described above pose numerous problems for P2P connections. For example, establishing a direct connection between two peers becomes increasingly difficult if one or both of the peers is located behind one or more of the NAT types described above. This problem is exacerbated by the fact that mobile devices such as the Apple iPod Touch®, Apple iPhone®, Apple iPad® and various other devices (e.g., RIM Blackberry® devices, Palm Pre® devices, etc) are frequently moved between networks having different NAT implementations. For example, the Apple iPhone™ is capable of communicating over Wi-Fi networks (e.g., 802.11b, g, n networks); 3G networks (e.g., Universal Mobile Telecommunications System (“UMTS”) networks, High-Speed Uplink Packet Access (“HSUPA”) networks, etc); and Bluetooth networks (known as personal area networks (“PANs”)). Future mobile devices will be capable of communicating over additional communication channels such as WiMAX, International Mobile Telecommunication (“IMT”) Advanced, and Long Term Evolution (“LTE”) Advanced, to name a few.