How Double NAT penetration works

In today’s Internet exists a problem with the availability of IP-addresses for everyone. So Internet providers do not give addresses to users and apply the technology of the so-called Network Address Translation (NAT) — when the public IP-address has only one device that carries NAT, and all connected through this device users are visible on the Internet under the NAT device IP-address.

SONM is a Peer-to-Peer (P2P) network that uses a P2P connection between network members. For the correct operation of all elements, it is necessary to provide a direct link between network nodes and solve the problem associated with the lack of public addresses of SONM network participants.

Some solutions enable direct communication using UDP protocol, and they are usually used in IP telephony services. However, the UDP does not guarantee the delivery of data packets — this solution does not suit our needs.

Therefore, we have developed the technology of TCP connection between two machines located behind NAT — Double NAT penetration. The essence of the technology is that we use the specific features of the devices that perform the functions of NAT and provide the P2P connection between SONM network participants. Later, we will release a large overview article for techies, describing the principles of work, but for now, let’s understand the scheme in general.

The Rendezvous is a SONM network unit that routes traffic.

The Relay is a SONM network unit with a public IP-address, which is used to establish a connection using traffic proxying.

We call it Double NAT penetration, because we establish a connection between two devices each of which is behind the NAT, and because it uses dual mechanism — using the Rendezvous and the Relay. We are using two methods for reliability — it allows us to establish a connection in 100% of cases. In most cases, one Rendezvous is enough. However, there are cases, due to the specific devices that perform NAT, the Rendezvous cannot cope, and the connection is via the Relay.

Let’s look at different scenarios:

Successful scenarios for Rendezvous.
— both parties are behind NAT, they have “gray” IP and open ports.
— one party is behind a NAT with “gray” IP, the other party with public IP.
— both participants have public IP

Unsuccessful scenarios for Rendezvous. In such cases, the connection goes via Relay.
— both participants are behind a symmetric NAT, the ports in which are constantly changing.

Thus, regardless of the configuration of the network, Double NAT penetration technology will provide the P2P connection in 100% of cases. And, even more importantly, this solution allows us to refuse the requirement of a public IP-address — everything will work without it.

In the future, the Rendezvous and the Relay functions will perform on SONM Worker’s machines, which have a public IP-address. We consider different scenarios of engagement and the incentives for SONM suppliers to participate in the operation of the Relay, and Double NAT penetration in general.

Subscribe to our channels and social networks not to miss the release of a detailed review article on the principles of Double NAT Penetration.