1. Technical Field
The present invention relates to a symmetric network address translation system using a Simple Traversal of UDP over NAT (STUN) technique and a method for implementing the same.
2. Related Art
A network address translation (NAT) system is a system which maps private Internet Protocol (IP) addresses used in a private network and a public IP address used in a public network to solve a lack of IP addresses. Computers in the private network which uses such a network address translation cannot be recognized and accessed from an external network.
The NAT system is classified into four systems: full cone; restricted cone; port restricted cone; and symmetric NAT systems. Among them, the symmetric NAT system, to which the present invention pertains, will be described below.
A NAT allocates a port whenever packets are forwarded to computers which are external network terminals, and allows the allocated port a single external connection.
In order to perform this operation, the NAT stores address and port information of the computers and information about an internal terminal, a client, to which a packet is forwarded from the external terminals in a routing table. The NAT receives a packet and compares a destination address and a port number in the received packet to those in the routing table. The NAT relays the packet to the internal terminal, which corresponds to the destination address and the port number.
For example, when the client is in communication with the computer, a private IP address of the client is “10.0.0.1,” a port of the client is “8000,” an IP address of the computer is “222.111.99.1,” and a port of the computer is “20202”. Thus, the NAT maps 10.0.0.2:8000 to 222.111.99.1:20202.
If another computer of “222.111.88.2:10101” tries to transmit a packet to the client through the NAT, the NAT blocks transmission of the packet since the destination address and the port of the packet are different from those in the routing table.
The NAT system has many merits, but it restricts use of existing multimedia services and peer to peer (P2P) services. For example, when a voice over Internet protocol (VoIP) is used in a private network environment, a phenomenon whereby media packets are bidirectionally transferred occurs.
Specifically, when the internal terminal transmits an invite message according to a session initiation protocol (SIP), it sends its private IP address inserted in session description protocol (SDP) information. The external terminal sends a media packet to the private IP address of the SDP. However, since the media packets cannot be routed properly when the private IP address is used, a communication between both terminals cannot be performed normally. This problem is referred to as a “NAT traversal problem.”
In order to solve the NAT traversal problem, various techniques, such as Simple Traversal of UDP over NAT (STUN), Traversal Using Relay NAT (TURN), Interactive Connectivity Establishment (ICE) and Universal Plug and Play (UPnP), have been introduced.
The TURN needs a high performance server since packets are delayed due to use of a relay server, the ICE has a very complicated algorithm, and the UPnP has a problem in that its algorithm has to be implemented in both the terminal and the NAT. For these reasons, the STUN technique is usually used.
The STUN is a protocol which makes a VoIP Internet phone aware of the existence and type of the NAT.
An Internet phone which supports the STUN protocol queries several times to a STUN server on the Internet in order to know a public IP address and a port number used by the NAT. The internal network terminal replaces a private IP address and a port number included in a session description protocol (SDP) message of the SIP with the public IP address and the port number. Thus, the SIP message and voice traffic can be transmitted via the NAT without changing an NAT set value. However, the STUN cannot be used in a symmetric NAT.
That is, the STUN can be employed in a typical NAT system to resolve the NAT traversal problem, but it cannot be applied to a private network in the symmetric NAT system having a firewall.
Most companies use the symmetric NAT system due to a security issue, and an IP sharing device using the symmetric NAT is increasingly used at home and Small Office/Home Office (SOHO) business sites. In the light of the trends, there is an urgent need for a method for solving the problem whereby the STUN cannot be used in the symmetric NAT system.