EMS (End-point Masquerading Set of rules)

4.8 EMS (End-point Masquerading Set of rules)

It is expected that most of the peers are running behind NAT (Network Address Translation) devices which connect private address networks to the public Internet. When a packet crosses the NAT from a private network towards the public one, the source (private) end-point is replaced (masqueraded) by a public end-point of the NAT and an translation entry is created in the NAT table. NAT translation entries are needed to relate the NAT public end-point with the source (private) end-point.

Basically, there are three types of NATs: (1) full-cone NATs, (2) restricted-cone NATs and (3) symmetric NATs. Depending on the type of the NAT, the number of ﬁelds in the NAT entry and the NAT behaviour is diﬀerent. A Full-Cone NAT Entry (FCNE) has three ﬁelds:

FCNE = (public NAT port $𝒳$ , private IP address $𝒴$ , private port $𝒵$ )

and whatever the origin of the incoming packet^∗ ^∗Incomming packets go from the Internet towards the private network. , if that packet is received by the NAT at the end-point (public NAT IP address, public NAT port $𝒳$ ), the packet will cross the NAT and it will be delivered to the proccess that is listening at the end-point (private IP address $𝒴$ , private port $𝒵$ ).

This procedure is fully compatible with the DBS module because a full-cone NAT-ed peer^† ^†A peer that is behind a full-cone NAT. behaves like a public peer except that the NAT masks its actual private IP address. Nevertheless, a problem arises when two or more peers are behind the same NAT (are in the same private network). Although an eﬃcient (but also complex) solution for this case is proposed in Section7.6, it could happen that this solution can not be applied. Therefore, if two (or more) peers $A$ and $B$ are in the same NAT-ed network and no NAT loopback^∗ is avaiable, the DBS module does not provide enough functionality because the neigbouring peers does not know the private end-point of each other: $A$ only knowns the public-end point of $B$ and viceversa.

For providing the extra functionality to solve this situation peers must implement the EMS. At the beginning of the joining stage, each EMS-powered peer sends to the splitter its local end-point and the splitter checks if the source end-point of the received packet (which ﬁgures in the packet header) matches the local end-point. If these values are the same then the peer is public; otherwise, the peer is running in a private host. When this is true, it holds that

X \neq (X),

(7)

where $X$ denotes the local (private) end-point of peer $X$ and $(X)$ the global (public) end-point of peer $X$ in $X$ ’s NAT. In general, we have also that

𝒩 (T) \subset T,

(8)

where $T$ represents all the elements of a team (including the splitter) and $𝒩 (T)$ those peers that behind a NAT. In other words,

𝒩 (T) = {P \in T ∣ P \neq (P)} .

(9)

Notice also that the splitter can ﬁnd out if a peer $A$ has a neightbour $B$ because in this case, the public IP address of the end-point that the splitter see of $A$ and $B$ matches.

Accordingly, when the splitter is sending the list of peers to a EMS-graded peer $A$ and this peer is hosted by a private machine, the splitter also checks whether $A$ has neighbours, and if this is true, the splitter sends to $A$ the private end-point of $B$ instead of its public end-point, and viceversa. Hence, $A$ will use the private end-point of $B$ to communicate with it and viceversa.

[next] [prev] [prev-tail] [front] [up]