一千萬個為什麽

搜索

為什麽STUN服務器可以到達NAT後面的客戶端?

在這兩個數字中,為什麽173.239.151.99(clientB)和STUN服務器都知道clientA(192.168.0.1)的公共IP,為什麽clientB無法到達clientA而STUN服務器可以?

Or to put my question this way: why we need STUN server after all? Say when clientA send request to clientB, there will be a binding between clientA's IP&port and NAT device's public IP&port in translation table, this " mapping is created when a TCP SYN packet is sent from inside the NAT or when a first UDP packet is sent.", so when clientB sends response back, the translation table will help it to reach clientA. Then why on earth we need STUN?

figurefigure2

最佳答案

同步任務;-)

STUN只能用於“全錐形NAT,受限錐形NAT和端口限制錐形NAT”......但不能用於對稱NAT。 STUN是客戶端的協議,但客戶端(通常在現實世界中)使用對稱NAT(任何連接的唯一端口,動態轉換)!在現實世界中,服務器使用全錐NAT(靜態轉換),並且服務器通常會從客戶端獲取連接,這些客戶端已經知道ip:port ...

但是,正式回答:大多數“頻繁”使用STUN是 sip客戶端到服務器keepalive(udp),但也有其他用法: http://tools.ietf.org/html/rfc5389#section-14

14.  STUN Usages
   At the time of writing, three STUN usages are defined: Interactive
   Connectivity Establishment (ICE) [MMUSIC-ICE], Client-initiated
   connections for SIP [SIP-OUTBOUND], and NAT Behavior Discovery
   [BEHAVE-NAT].  Other STUN usages may be defined in the future.

轉載註明原文: 為什麽STUN服務器可以到達NAT後面的客戶端?