Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

From https://tailscale.com/blog/how-nat-traversal-works/

“First, the protocol should be based on UDP. You can do NAT traversal with TCP, but it adds another layer of complexity to an already quite complex problem, and may even require kernel customizations depending on how deep you want to go. We’re going to focus on UDP for the rest of this article. If you’re reaching for TCP because you want a stream-oriented connection when the NAT traversal is done, consider using QUIC instead. It builds on top of UDP, so we can focus on UDP for NAT traversal and still have a nice stream protocol at the end.”

That article is the best article I have ever read on the nitty gritty of how NAT traversal works.



I've read it before, fantastic article. I agree that using QUIC is better for the purpose. Still I'm curious whether TCP hole punching worth to support direct connection for UDP blocked environment. Maybe TCP hole punching also won't work on such environment?


From article, they use the relay as a fallback if UDP is blocked.

“We’ll probably also still want fallback relays that use a well-like[d] protocol like HTTP, to get out of networks that block outbound UDP.”

“Having relays to handle the long tail isn’t that bad. Additionally, some networks can break our connectivity much more directly than by having a difficult NAT. For example, we’ve observed that the UC Berkeley guest WiFi blocks all outbound UDP except for DNS traffic. No amount of clever NAT tricks is going to get around the firewall eating your packets. So, we need some kind of reliable fallback no matter what.”




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: