NAT Traversal (NAT-T) Technology

What is NAT Traversal?

Network Address Translation (NAT) is a technology for connecting multiple devices to a single external IP address. Most ADSL modems, firewalls, and mobile operators perform network address translation. It happens in most homes, hotels, offices, and mobile data connections without users knowing of it.

NAT Traversal refers to techniques for making applications, such as voice-over-IP and multi-player games, work across devices that perform network address translation.

Information for developers

The following links may be useful for developers. This listing is for information only, not an endorsement:

• NAT Punch-through for multiplayer games

• How to make a multiplayer game work reliably behind NAT

• PJNATH - Open Source ICE, STUN, and TURN Library (2.5.5) - PJSIP

• Berkus: Libraries for NAT Traversal and hole punching

• libnatpnp

• Happytime NAT Traversal Library

• NAT Traversal in Javascript

• reTurn STUN/TURN server

• Kademlia DHT with NAT Traversal

NAT Traversal Technology

Technology for NAT Traversal falls into a few categories:

• IETF Standards for UDP: STUN, TURN, ICE. These standards are extremely widely used, including most smartphones, tablets, laptops, and games. There are also many proprietary variations of the same technology.

• Interacting with NAT device to open a port: UPnP IGDP, NAT-PMP, PCP. The problem with these approaches is that 1) they need special support from the NAT device, and 2) they do not work across multiple NATs, which is a common scenario especially with mobile hotspots.

• Forwarding gateway at the NAT device: SOCKS. These require special support from both the firewall and application and are generally only used with some enterprise firewalls.

• Application layer gateways (ALG) in firewalls.

Of these alternatives, only the IETF standardized NAT traversal solutions and their proprietary variations work with all NATs in all networks - even when multiple NATs are present and the types or features of each NAT are not known. What's more important, they work automatically, without manual configuration.

SSH.COM and our role in the development of NAT Traversal

SSH Communications Security was active in the development of NAT Traversal technologies. The modern way of doing NAT traversal - now standardized in STUN, TURN, ICE, SIP-outbound, and many others - was invented by Tatu Ylonen and Tero Kivinen in 1997-1998 and patented by SSH Communications Security.

The SSH-invented NAT Traversal technology is the only known, practical way of reliably communicating across NAT, and NATs are ubiquitous on the Internet.

Today, the technology is extremely widely used in smartphones, tablets, laptops, IP telephones, smart TVs, and multiplayer games.