Full cone NAT UDP holepunching or just a hole in the head?
So far I've wasted about 8 hours of my time trying to get the masterserver communication to work in Unity3D. I'm currently troubleshooting Network Address Translation (NAT) issues that prevent my test game from acting as a server.
So far, I've tried to get it to work through my existing firewall/router which is a virtual machine running pfSense. Despite configuring uPnP and outbound NAT according to this pfSense forum post to emulate what's referred to as Full Cone NAT it's been a no-go. Unity's networking test function still claims it is Port Restricted NAT which then means I can't really host any games.
Ok - what about my Cisco LinkSys WRT320N router - I've got that one set up as well with it's own public IP address. I changed my default gateway to this device instead, and behold, it didn't work. That device also has a poor implementation of uPnP and NAT traversal so that does not work either. I found this list of devices that describes which NAT-type each device supports and whether or not it supports UDP-Hole Punching. It turns out that the vast majority of routers don't support this very well which explains why the world of multiplayer gaming seems to spend more time speculating and trying to get a game to work than actually playing it.
To be fair, uPnP is an idiotic invention anyway. The idea is that any application can tell the firewall to open itself up. But wait a minute... what if I have a trojan (like Skype =) can that just politely say "Open Sesame" and let all the baddies in? Yep. That's right.
So then, we have uPnP (which stands for Universal Plug and Play) a desperate attempt to solve communication in the world of NAT... and we have most devices implementing uPnP poorly to make it even worse.
Hole in the head.
NAT is used for a number of reasons, one being that there are not enough IPv4 addresses available (only 4.3 billion) to allow all the computers in the world to have a unique address. This means that internal networks usually have addresses in the private ranges such as 10.0.0.0/16, 172.16.0.0/12, and 192.168.0.0/16 which are then translated between the private network and the Internet. There are also security benefits with NAT, for example, by default (more or less) an internal host must initiate traffic to an external host before the external host can communicate back to the client host.
My hope is that IPv6 will solve the NAT-mess in the future. IPv6 has such a large address space (340 undecillion) that in theory NAT wouldn't be needed. How many IPv6 addresses are there I hear you wonder? Well, someone with enough time on their hands calculated that every square millimeter on earth's surface could each be allocated 170,000,000,000,000,000 IPv6 addresses.
But wait... IPv6 is currently being implemented and we can't just switch from IPv4 to IPv6 as nothing would work. How to we solve the transition then? Let's go with our buddy NAT again... now with the selection of more implementations - how about 4in6, 6in4, 6over4, DS-Lite, 6rd, 6to4, ISATAP, IVI, NAT64 / DNS64, Teredo, TSP, TRT, SIIT, Drafts, 4rd, AYIYA, dIVI, NAT-PT, NAPT-PT.... Have fun troubleshooting why network multiplayer gaming isn't working during this transition period =)
Do I sound negative? I wish we could just format the world and start over with stuff that just works instead.
So far, I've tried to get it to work through my existing firewall/router which is a virtual machine running pfSense. Despite configuring uPnP and outbound NAT according to this pfSense forum post to emulate what's referred to as Full Cone NAT it's been a no-go. Unity's networking test function still claims it is Port Restricted NAT which then means I can't really host any games.
Ok - what about my Cisco LinkSys WRT320N router - I've got that one set up as well with it's own public IP address. I changed my default gateway to this device instead, and behold, it didn't work. That device also has a poor implementation of uPnP and NAT traversal so that does not work either. I found this list of devices that describes which NAT-type each device supports and whether or not it supports UDP-Hole Punching. It turns out that the vast majority of routers don't support this very well which explains why the world of multiplayer gaming seems to spend more time speculating and trying to get a game to work than actually playing it.
Hole in the head - and in the firewall
To be fair, uPnP is an idiotic invention anyway. The idea is that any application can tell the firewall to open itself up. But wait a minute... what if I have a trojan (like Skype =) can that just politely say "Open Sesame" and let all the baddies in? Yep. That's right.
So then, we have uPnP (which stands for Universal Plug and Play) a desperate attempt to solve communication in the world of NAT... and we have most devices implementing uPnP poorly to make it even worse.
Hole in the head.
Is there any light at the end of the funnel?
NAT is used for a number of reasons, one being that there are not enough IPv4 addresses available (only 4.3 billion) to allow all the computers in the world to have a unique address. This means that internal networks usually have addresses in the private ranges such as 10.0.0.0/16, 172.16.0.0/12, and 192.168.0.0/16 which are then translated between the private network and the Internet. There are also security benefits with NAT, for example, by default (more or less) an internal host must initiate traffic to an external host before the external host can communicate back to the client host.
My hope is that IPv6 will solve the NAT-mess in the future. IPv6 has such a large address space (340 undecillion) that in theory NAT wouldn't be needed. How many IPv6 addresses are there I hear you wonder? Well, someone with enough time on their hands calculated that every square millimeter on earth's surface could each be allocated 170,000,000,000,000,000 IPv6 addresses.
But wait... IPv6 is currently being implemented and we can't just switch from IPv4 to IPv6 as nothing would work. How to we solve the transition then? Let's go with our buddy NAT again... now with the selection of more implementations - how about 4in6, 6in4, 6over4, DS-Lite, 6rd, 6to4, ISATAP, IVI, NAT64 / DNS64, Teredo, TSP, TRT, SIIT, Drafts, 4rd, AYIYA, dIVI, NAT-PT, NAPT-PT.... Have fun troubleshooting why network multiplayer gaming isn't working during this transition period =)
Do I sound negative? I wish we could just format the world and start over with stuff that just works instead.
Comments
Post a Comment