M
Memnoch
Guest
Most home routers use NAT at some level NAT or Network Address Translation. Because of how NAT works some interactive games and client server applications simply don't work.
A modern NAT gateway must change the Source address on every outgoing packet to be its single public address. It therefore also renumbers the Source Ports to be unique, so that it can keep track of each client connection. The NAT gateway uses a port-mapping table to remember how it renumbered the ports for each client's outgoing packets. The port-mapping table relates the client's real local IP address and source port plus its translated source port number to a destination address and port. The NAT gateway can therefore reverse the process for returning packets and route them back to the correct clients.
When any remote server responds to an NAT client, incoming packets arriving at the NAT gateway will all have the same Destination address, but the destination Port number will be the unique Source Port number that was assigned by the NAT.
The NAT gateway looks in its port mapping table to determine which "real" client address and port number a packet is destined for, and replaces these numbers before passing the packet on to the local client.
When I consider how this relates to Blizzard games played online, I seem to get stuck on the fact that the ports required by Blizzard games thru a proxy of NAT based router will not allow decent connectivity. I have heard of two machines behind the same router being able to play in different games, but not the same game. One of the two machines will drop or never connect.
So I continue to think that the NAT protocol is the problem. I don't think it was ever designed to handle interactive games in the manner that blizzard games work online.
Lets start with your connection. Whatever type connection you use your ISP has either assigned you an IP address or they have a Dynamic Host Configuration Protocol (DHCP) system. DHCP is the more widely used method these days. DHCP is basically an automated method of assigning IP addresses on a network. Most Network configuration menus have some form of DHCP option within the TCP/IP settings.
In our example here involving our NAT router, the router is connected directly to the ISP and our game machines are behind the router. So the router is given the actual IP address by the ISP.
Think of the standard packets coming out of your NIC card going down the line to the router.
The machine boots up, sends out a query during boot up as you specified in your TCP/IP settings. When a client needs to start up TCP/IP operations, it broadcasts a request for IP address information. The DHCP server receives the request, assigns a new address and sends it to the client together with the other required configuration information. This information is acknowledged by the client, and used to set up its configuration. In this example the home router is performing this DHCP task. Other home routers require you to hardcode in the IP addresses. But the resulting configuration is essentially the same. The router has the real IP address.
With this configuration the gaming machines and the router then labels all packets with unique "port numbers". Each IP packet starts with a header containing the source and destination addresses and port numbers.
This combination of numbers completely defines a single TCP/IP connection. The addresses specify the two machines at each end, and the two port numbers ensure that each connection between this pair of machines can be uniquely identified.
“This process involves standards that have been set down by The Internet Engineering Task Force http://www.ietf.org/ a very informative site but also can be difficult to understand. However it remains important as all the standards set in place are clearly defined here. “
Each separate connection is originated from a unique source port number in the client, and all reply packets from the remote server for this connection contain the same number as their destination port, so that the client can relate them back to its correct connection.
In this way, for example, it is possible for a web browser to ask a web server for several images at once and to know how to put all the parts of all the responses back together.
The modern home routers are for the most part a NAT gateway. A device that changes a protocol into another medium or protocol. Home routers use NAT to accomplish this. You could also look at Internet Connection Sharing in Windows 98/2k and see a similar gateway process. Software based yet very effective under Win2k.
A modern NAT router or gateway must change the Source address on every outgoing packet to be its single public IP address (the IP address given by the ISP). So it then renumbers the Source Ports to be unique, so that it can keep track of each client connection. The NAT gateway uses a port-mapping table to remember how it renumbered the ports for each client's outgoing packets. Very similar to a RIP table (Routing Information Protocol), the port-mapping table relates the client's real local IP address and source port plus its translated source port number to a destination address and port. The NAT gateway can then reverse the process for returning packets and route them back to the correct clients.
When any remote address responds to an NAT client, incoming packets arriving at the NAT gateway will all have the same Destination address, but the destination Port number will be the unique Source Port number that was assigned by the NAT.
The NAT gateway looks in its port mapping table to determine which "real" client address and port number a packet is destined for, and replaces these numbers before passing the packet on to the local client.
This process is completely dynamic. When a packet is received from an internal client, NAT looks for the matching source address and port in the port-mapping table. If the entry is not found, a new one is created, and a new mapping port allocated to the client:
1. An incoming packet received on non-NAT port
2. It looks for source address, port in the mapping table
3. If found, replaces source port with previously allocated mapping port
4. If not found, it allocates a new mapping port
5. Replaces source address with NAT address, source port with mapping port
Packets received on the NAT port go thru a reverse translation process.
Many higher-level TCP/IP protocols embed client-addressing information in the packets. For example, during an active FTP transfer the client informs the server of its IP address and port number, and then waits for the server to open a connection to that address. NAT has to monitor these packets and modify them on the fly to replace the client's IP address (which is on the internal network) with the NAT address. Since this changes the length of the packet, the TCP sequence/acknowledge numbers must be modified as well.
When I consider this process (Above) of what NAT is doing to the packets, and what is required to establish a game session Battle.net - I see the a possible issue. Why else would one client be able to connect and play and not the other?
Most protocols and applications can be supported within the NAT but some protocols may require that the clients themselves are made aware of the NAT and that they participate in the address translation process. Or the NAT must be protocol-sensitive so that it can monitor or modify the embedded address or port data.
Because the port-mapping table relates complete connection information - source and destination address and port numbers - it is possible to validate any or all of this information before passing incoming packets back to the client. This checking provides a very effective firewall.
So again, as I look at this issue time and time again as it has been posted frequently here on the Helper.net. I have studied why this happens to so many people who can’t establish two client sessions to the same game over battle.net.
Because is the simplicity of setting up most home routers, I assume the users have done everything correctly in terms of set up. I have owned a few home routers and seen the software used to create filters or map ports. I don’t see this as the issue.
I look at how NAT handles other applications like BattleCom or ICQ and Direct Connect. Certain client server applications will not work at all under NAT. Some of this can be helped with filters that default all packets to one client machine. Thus that machine can join, but not host with these applications. And in any case the second machine is effectively cut off under this configuration.
This equation seems to look the same with Internet Connection Sharing thru Win98/2k as well. The common denominator is NAT.
It breaks down to one simple fact. Battle.net claims to support NAT. And it does as long as only one machine is connecting. But add another instance of the same game thru the same connection and the NAT support no longer exists.
Or, one game session per IP address.
Although I have not tried this method, I often thought that altering the server list on both machine might provide a work around to this issue.
Give one machine a couple of the servers to connect with and give the other machine the others. As long as they are not the same addresses – Two machines would be able to get around the NAT barrier.
A complex problem for those who desire to play behind home routers. And one that seems to be limited to Battle.net. Many people seem to be able to play almost any other game from 2 machines behind a NAT router without issue.
I would be interested to hear if anyone else has had success with any other work arounds to this issue.
A modern NAT gateway must change the Source address on every outgoing packet to be its single public address. It therefore also renumbers the Source Ports to be unique, so that it can keep track of each client connection. The NAT gateway uses a port-mapping table to remember how it renumbered the ports for each client's outgoing packets. The port-mapping table relates the client's real local IP address and source port plus its translated source port number to a destination address and port. The NAT gateway can therefore reverse the process for returning packets and route them back to the correct clients.
When any remote server responds to an NAT client, incoming packets arriving at the NAT gateway will all have the same Destination address, but the destination Port number will be the unique Source Port number that was assigned by the NAT.
The NAT gateway looks in its port mapping table to determine which "real" client address and port number a packet is destined for, and replaces these numbers before passing the packet on to the local client.
When I consider how this relates to Blizzard games played online, I seem to get stuck on the fact that the ports required by Blizzard games thru a proxy of NAT based router will not allow decent connectivity. I have heard of two machines behind the same router being able to play in different games, but not the same game. One of the two machines will drop or never connect.
So I continue to think that the NAT protocol is the problem. I don't think it was ever designed to handle interactive games in the manner that blizzard games work online.
Lets start with your connection. Whatever type connection you use your ISP has either assigned you an IP address or they have a Dynamic Host Configuration Protocol (DHCP) system. DHCP is the more widely used method these days. DHCP is basically an automated method of assigning IP addresses on a network. Most Network configuration menus have some form of DHCP option within the TCP/IP settings.
In our example here involving our NAT router, the router is connected directly to the ISP and our game machines are behind the router. So the router is given the actual IP address by the ISP.
Think of the standard packets coming out of your NIC card going down the line to the router.
The machine boots up, sends out a query during boot up as you specified in your TCP/IP settings. When a client needs to start up TCP/IP operations, it broadcasts a request for IP address information. The DHCP server receives the request, assigns a new address and sends it to the client together with the other required configuration information. This information is acknowledged by the client, and used to set up its configuration. In this example the home router is performing this DHCP task. Other home routers require you to hardcode in the IP addresses. But the resulting configuration is essentially the same. The router has the real IP address.
With this configuration the gaming machines and the router then labels all packets with unique "port numbers". Each IP packet starts with a header containing the source and destination addresses and port numbers.
This combination of numbers completely defines a single TCP/IP connection. The addresses specify the two machines at each end, and the two port numbers ensure that each connection between this pair of machines can be uniquely identified.
“This process involves standards that have been set down by The Internet Engineering Task Force http://www.ietf.org/ a very informative site but also can be difficult to understand. However it remains important as all the standards set in place are clearly defined here. “
Each separate connection is originated from a unique source port number in the client, and all reply packets from the remote server for this connection contain the same number as their destination port, so that the client can relate them back to its correct connection.
In this way, for example, it is possible for a web browser to ask a web server for several images at once and to know how to put all the parts of all the responses back together.
The modern home routers are for the most part a NAT gateway. A device that changes a protocol into another medium or protocol. Home routers use NAT to accomplish this. You could also look at Internet Connection Sharing in Windows 98/2k and see a similar gateway process. Software based yet very effective under Win2k.
A modern NAT router or gateway must change the Source address on every outgoing packet to be its single public IP address (the IP address given by the ISP). So it then renumbers the Source Ports to be unique, so that it can keep track of each client connection. The NAT gateway uses a port-mapping table to remember how it renumbered the ports for each client's outgoing packets. Very similar to a RIP table (Routing Information Protocol), the port-mapping table relates the client's real local IP address and source port plus its translated source port number to a destination address and port. The NAT gateway can then reverse the process for returning packets and route them back to the correct clients.
When any remote address responds to an NAT client, incoming packets arriving at the NAT gateway will all have the same Destination address, but the destination Port number will be the unique Source Port number that was assigned by the NAT.
The NAT gateway looks in its port mapping table to determine which "real" client address and port number a packet is destined for, and replaces these numbers before passing the packet on to the local client.
This process is completely dynamic. When a packet is received from an internal client, NAT looks for the matching source address and port in the port-mapping table. If the entry is not found, a new one is created, and a new mapping port allocated to the client:
1. An incoming packet received on non-NAT port
2. It looks for source address, port in the mapping table
3. If found, replaces source port with previously allocated mapping port
4. If not found, it allocates a new mapping port
5. Replaces source address with NAT address, source port with mapping port
Packets received on the NAT port go thru a reverse translation process.
Many higher-level TCP/IP protocols embed client-addressing information in the packets. For example, during an active FTP transfer the client informs the server of its IP address and port number, and then waits for the server to open a connection to that address. NAT has to monitor these packets and modify them on the fly to replace the client's IP address (which is on the internal network) with the NAT address. Since this changes the length of the packet, the TCP sequence/acknowledge numbers must be modified as well.
When I consider this process (Above) of what NAT is doing to the packets, and what is required to establish a game session Battle.net - I see the a possible issue. Why else would one client be able to connect and play and not the other?
Most protocols and applications can be supported within the NAT but some protocols may require that the clients themselves are made aware of the NAT and that they participate in the address translation process. Or the NAT must be protocol-sensitive so that it can monitor or modify the embedded address or port data.
Because the port-mapping table relates complete connection information - source and destination address and port numbers - it is possible to validate any or all of this information before passing incoming packets back to the client. This checking provides a very effective firewall.
So again, as I look at this issue time and time again as it has been posted frequently here on the Helper.net. I have studied why this happens to so many people who can’t establish two client sessions to the same game over battle.net.
Because is the simplicity of setting up most home routers, I assume the users have done everything correctly in terms of set up. I have owned a few home routers and seen the software used to create filters or map ports. I don’t see this as the issue.
I look at how NAT handles other applications like BattleCom or ICQ and Direct Connect. Certain client server applications will not work at all under NAT. Some of this can be helped with filters that default all packets to one client machine. Thus that machine can join, but not host with these applications. And in any case the second machine is effectively cut off under this configuration.
This equation seems to look the same with Internet Connection Sharing thru Win98/2k as well. The common denominator is NAT.
It breaks down to one simple fact. Battle.net claims to support NAT. And it does as long as only one machine is connecting. But add another instance of the same game thru the same connection and the NAT support no longer exists.
Or, one game session per IP address.
Although I have not tried this method, I often thought that altering the server list on both machine might provide a work around to this issue.
Give one machine a couple of the servers to connect with and give the other machine the others. As long as they are not the same addresses – Two machines would be able to get around the NAT barrier.
A complex problem for those who desire to play behind home routers. And one that seems to be limited to Battle.net. Many people seem to be able to play almost any other game from 2 machines behind a NAT router without issue.
I would be interested to hear if anyone else has had success with any other work arounds to this issue.