This article is about the Internet protocol. For the global optimization method, see Stochastic tunneling. STUN (Simple Traversal of UDP (User Datagram Protocol) through NATs (Network Address Translators)) is a network protocol allowing a client behind a NAT (or multiple NATs) to find out its public address, the type of NAT it is behind and the internet-side port associated by the NAT with a particular local port. This information is used to set up UDP communication between two hosts that are both behind NAT routers. The protocol is defined in RFC 3489. Stochastic tunneling (STUN) is one approach to global optimization among several others and is based on the Monte Carlo method-sampling of the function to be minimized. ...
In networking, a communications protocol or network protocol is the specification of a set of rules for a particular type of communication. ...
In Computer Networking, the process of Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a Router or firewall. ...
Protocol overview STUN is a client-server protocol. A VoIP phone or software package may include a STUN client, which will send a request to a STUN server. The server then reports back to the STUN client what the public IP address of the NAT router is, and what port was opened by the NAT to allow incoming traffic back in to the network. Client/Server is a network application architecture which separates the client (usually the graphical user interface) from the server. ...
IP Telephony, also called Internet telephony, is the technology that makes it possible to have a telephone conversation over the Internet or a dedicated Internet Protocol (IP) network instead of dedicated voice transmission lines. ...
The response also allows the STUN client to determine what type of NAT is in use, as different types of NATs handle incoming UDP packets differently. It will work with three of four main types: Full Cone, Restricted Cone, and Port Restricted Cone. (In the case of Restricted Cone or Port Restricted Cone NATs, the client must send out a packet to the endpoint before the NAT will allow packets from the endpoint through to the client.) STUN will not work with Symmetric NAT (also known as bi-directional NAT) which is often found in the networks of large companies. With Symmetric NAT, the IP address of the STUN server is different than that of the endpoint, and therefore the NAT mapping the STUN server sees is different than the mapping that the endpoint would use to send packets through to the client. For details on the different types of NAT, see network address translation. In Computer Networking, the process of Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a Router or firewall. ...
A symmetric NAT is a network address translation where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. ...
In Computer Networking, the process of Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a Router or firewall. ...
Once a client has discovered its external addresses, it can relate it to its peers. If the NATs are full cone then either side can initiate communication. If they are restricted cone or restricted port cone both sides must start transmitting together.
Note that using the techniques described in the STUN RFC does not necessarily require using the STUN protocol; they can be used in the design of any UDP protocol.
Protocols like SIP use UDP packets for the transfer of sound/video/text signaling traffic over the Internet. Unfortunately as both endpoints are often behind NAT, a connection cannot be set up in the traditional way. This is where STUN is useful. The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. ...
The STUN server is contacted on UDP port 3478, however the server will hint clients to perform tests on alternate IP and port number too (STUN servers have two IP addresses). The RFC states that this port and IP are arbitrary.
Algorithm STUN uses the following algorithm (adapted from RFC 3489) to discover the presence of NAT gateways and firewalls:
 Image File history File links STUN_Algorithm3. ...
Where the path through the diagram ends in a red box, UDP communication is not possible. Where the path ends in a yellow or green box, communication is possible.
See also The Interactive Connectivity Establishment (ICE) draft, developed by the IETFs MMUSIC working group, provides a mechanism for NAT traversal, using various techniques. ...
Traversal Using Relay NAT (TURN) is a protocol that allows for an element behind a NAT or firewall to receive incoming data over TCP or UDP connections. ...
In Computing UDP Hole Punching refers to a commonly used NAT Traversal Technique. ...
The Teredo Tunneling IPv6 over UDP through NAT protocol defines a method to access the IPv6 Internet from behind a NAT device. ...
External links - RFC 3489, STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)
- Latest revision (bis) to the RFC - draft-ietf-behave-rfc3489bis-04
- NAT traversal White Paper comparing STUN with other NAT traversal techniques such as TURN, ICE, ALGs and Session Border Controllers - Source: Newport Networks
- STUNT - "STUN and TCP too", which extends STUN to include TCP functionality
- Yahoo! - Director of Engineering explaining STUN and TURN (Video)
Implementations - STUN Client and Server library
- JSTUN - A Java STUN implementation
- Java STUN library "stun4j"
| 
Feeds |
Contact