Client Server Architecture

Question

I'm struggle with what technique to choose for a server client aspect of my application.

Defining design

• Windows, C# on .net 2
• On many machines there is a .net 2 service. I call that the Client.
• Machines can be in different networks behind NAT's (or not) connected to Internet.
• Server services are public.

Requirements

• To communicate with the Clients on demand.
• Client must listen for incoming connections.
• The server can be or not online.
• Port forwarding is not possible.

What are my choices to do something like that? Now I'm looking in the UDP Hole punching technique. The difference between the UDP hole punching technique setup and my setup is that instead of having 2 clients behind a NAT and a mediation Server, I got only the client behind the NAT that must communicate with the server. That must be easier but I'm having hard time to understand and implement. I'm on the right way with the this kind of NAT traversal or may be some other methods much easier to implement?

Other methods that I've taken in consideration:

• When the service sees the server online, creates a connection to the server using TCP. The problem is that I have something around 200 clients, and the number is rising and I was afraid that this is a resource killer.

• When the service sees the server online, checks a database table for commands then at every 30 seconds checks again. This is also a resource killer for my server.

Bottom of line is, if the UDP Hole Punching tehnique is the right way for this scenario, please provide some code ideas for de UDPServer that will run on the service behind NAT.

Thank you.

Answer 1

Hole punching and p2p

You might be interested in a high level discussion of UDP hole punching. Hole punching is needed if you want clients (who both might be behind a firewall) to communicate directly without an relaying server. This is how many peer 2 peer (p2p) communications work.

With p2p, typically NAT'ed clients must use some external server to determine each other's "server reflexive address." When NAT translation occurs, behind the firewall ports can be mapped to some arbitrary port to the public. A client can use a STUN server to determine its "server reflexive address." Clients then will, through an intermediary server, exchange server reflexive addresses and can initiate communication (with hole punching to initiate the session).

Often, a NAT will not behave in a manner to allow direct communication as described above. Sending packets to different destinations will cause a NAT to map ports to entirely different values depending on the destination. In this case, a TURN server is needed.

Links

• Nat traversal and different types of NAT behaviors
• STUN RFC
• TURN RFC

Server-client communication

If your client only needs to communicate with a server, hole punching is not needed. As long as the client can communicate with the public Internet, then you can use any C# socket API (I'm not familiar with C#) to make connections to the server's public IP/port combination. Typically, clients making socket connections don't specify a source port and let the underlying socket API make that decision since it really doesn't matter.

Your server should be listening to a specific port (you make this determination), and when it receives a packet from the client, the source address of the packet will be some NAT'ed address. In other words, the source address will be the public IP of whatever firewall your client is behind. If the NAT changed the source port of the client's packet, the server will see this NAT'ed port as the source port. It really doesn't matter, since when the server sends back a response packet, the NAT on the client machine will translate the destination port (it stores translations internally) and correctly send the packet back to the correct private host (the client).