Guaranteed Connectivity & Firewall / NAT Traversal

The problem of firewall and NAT Traversal is not new. It has been hindering connectivity in VoIP, video chat and other real-time services for years, and is often blamed for the slow adoption rates of many of these kinds of services.

Network Address Translation (NAT) provides important services to network owners, such as better IP address utilization, and network topology hiding and security. The problem is that real-time applications such as VoIP and video chat can be broken by  NAT, making delivery of business grade services difficult.

NAT Traversal

Eyeball Networks Solutions for NAT Traversal

Eyeball Networks saw the challenge our customers faced and set out to solve it. We developed innovative methods and technologies to address the problems associated with firewall & NAT traversal. So innovative, in fact, they were patentable.

Eyeball pioneered the STUN TURN ICE NAT traversal technologies which were later adopted by the IETF and other standards bodies. As well as STUN TURN and ICE, Eyeball products have been enhanced to support the MS-STUN, MS-TURN, MS-ICE,  and MS-ICE2 protocols.

These patented technologies can now be found in our suite of products designed to address firewall & NAT traversal – with client support for ICE via our AnyFirewall™ Engine and Eyeball Messgenger SDK, and STUN TURN server support via  AnyFirewall™ Server and AnyConnect Gateway.

If you’re developing an application or service that requires reliable connectivity across any NAT or firewall, contact us and find out why tens of millions of endpoints depend on AnyFirewall Technology.

AFE_full_web90px

STUN TURN ICE Software Development Kit for Guaranteed Connectivity

AFS_full_web90px

STUN TURN Server Software for
Guaranteed IP Connectivity & Standards Based NAT Traversal

AnyConnect-gatewayl

Enterprise Border Session Controller
(E-SBC) for Network Inter-Connectivity

What is a NAT?

NAT stands for Network Address Translation. In general, it is the process used by routers to modify IP information by translating local IP addresses on a private subnet to public IP addresses typically assigned by an Internet service provider (ISP). They present a major challenge when attempting to establish direct connections between clients on a network.

There are four types of NATs present in today’s routers, presented in order from least restrictive to most restrictive:

Full cone

  • Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort will be sent through eAddr:ePort. Any external host can send packets to iAddr:iPort by sending packets to eAddr:ePort.

Address-restricted cone

  • Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort will be sent through eAddr:ePort. An external host (hAddr:any) can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort has previously sent a packet to hAddr:any. “Any” means the port number doesn’t matter.

Port-restricted cone (like address-restricted cone, but the restriction includes port numbers)

  • Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort will be sent through eAddr:ePort. An external host (hAddr:hPort) can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort has previously sent a packet to hAddr:hPort.

Symmetric

  • Each request from the same internal IP address and port to a specific destination IP address and port is mapped to a unique external source IP address and port, if the same internal host sends a packet even with the same source address and port but to a different destination, a different mapping is used. Only an external host that receives a packet from an internal host can send a packet back.

The techniques necessary to establish a direct connection between peers become more challenging as the NATs between them become more restrictive. In the worst case, a relay with a public IP address is needed to exchange packets between peers.

NAT Traversal Guaranteed Connectivity

Trusted by tier one companies around the world, AnyFirewall Technology is embedded in products used by 98% of the Fortune 500 and 100% of the Fortune 100.

Eyeball-customers-300x182