Implementing NAT traversal with Private Realm Gateway

  title={Implementing NAT traversal with Private Realm Gateway},
  author={Jesus Llorente Santos and Raimo Kantola and Nicklas Beijar and Petri Leppaaho},
  journal={2013 IEEE International Conference on Communications (ICC)},
A Network Address Translator (NAT) allows hosts in a private address space to communicate with servers in the public Internet. There is no accepted solution for an arbitrary host in the Internet to initiate a communication with a host located in a private address space despite the efforts to create one. This paper proposes to replace NATs with a new concept we call Private Realm Gateway (PRGW). Private Realm Gateway creates connection state based on incoming DNS queries towards the hosts in the… 

Figures and Tables from this paper

Securing the Private Realm Gateway

This paper analyses the security of PRGW and introduces mechanisms that protect the served hosts and networks against Internet-borne attacks, in particular: address spoofing and Distributed Denial of Service (DDoS).

Traversal of the customer edge with NAT-unfriendly protocols

The proposed approach significantly cuts the session establishment delays typical in SIP and the implementation of Application Layer Gateways for these two protocols is reported and guidelines for processing other protocols are provided.

Security Mechanisms for a Cooperative Firewall

  • Hammad KabirR. KantolaJesus Llorente Santos
  • Computer Science
    2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS)
  • 2014
The presented work is a part of a larger project that addresses many issues of the current Internet and proposes the use of CES as collaborative firewalls to reduce volume of unwanted traffic and mitigate Denial of Service (DoS) attacks in the Internet.

Transition to IPv6 with Realm Gateway 64

The paper shows that RGW64 is suitable for operators who want to gradually migrate customer networks to IPv6 yet maintaining reachability with the IPv4 Internet, which does not require changes in end-hosts.

Sec-ALG: An Open-source Application Layer Gateway for Secure Access to Private Networks

This paper presents a novel open-source ALG, called Sec-ALG, for providing secure end-to-end communication to the web servers situated in the private address space, that relies on the technique of light Deep Packet Inspection (DPI) for protocol detection and session establishment using a novel parser-lexer generator called YaLe.

Performance of Cooperative Firewalls in Real-World Deployments

An analytical model was developed to estimate the performance in terms of session setup delays and number of servers required for the Customer Edge Traversal Protocol (CETP) to support a large number of IP-based devices.

A NAT traversal mechanism for cloud video surveillance applications using WebSocket

This paper describes a novel Video Surveillance as a Service (VSaaS) architecture that uses an add-on component, named WS-Gateway (WebSocket-based gateway), installed in the client’s private network (along with IP-cameras network) to establish a bi-directional communication among the actors in the system.

Policy-based communications for 5G mobile with customer edge switching

This paper proposes a system controlled by policy that overcomes the classical weaknesses in the Internet, namely source address spoofing and denial of service attacks and proposes to improve the mobile device experience by new methods of network address translator traversal suitable for battery-powered mobile devices.

Attack Resistant Services Delivery over the Internet

The tests done in this thesis show that the Realm Gateway system works well against DoSand DDoS-attacks in some cases and it offers good ideas in the network security and service availability context, but to make the system fully feasible in practice, the RealmGate software itself should be reĄned, updated and tested further.

Trust Networking for Beyond 5G and 6G

  • R. Kantola
  • Computer Science
    2020 2nd 6G Wireless Summit (6G SUMMIT)
  • 2020
This paper analyzes the proposed frameworks for trust networking for the context of 6G and offers several use cases where the framework could be first used and what are the regulatory issues in using the technology for Internet Access under the “open Internet” regulation.



Implementing Trust-to-Trust with Customer Edge Switching

  • R. Kantola
  • Business, Computer Science
    2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops
  • 2010
This paper proposes the replace NATs with a more comprehensive concept the authors call Customer Edge Switching (CES), which assumes connection state on the trust boundary between the user and the core networks.

Proposal of a NAT traversal system independent of user terminals and its implementation

This work proposes a new NAT traversal system which does not need to modify terminals (it needs to modify the DNS server and the NAT router though).

Traversal of the customer edge with NAT-unfriendly protocols

The proposed approach significantly cuts the session establishment delays typical in SIP and the implementation of Application Layer Gateways for these two protocols is reported and guidelines for processing other protocols are provided.

IAB Considerations for UNilateral Self-Address Fixing (UNSAF) Across Network Address Translation

As a result of the nature of Network Address Translation (NAT) Middleboxes, communicating endpoints that are separated by one or more NATs do not know how to refer to themselves using addresses that

Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)

This specification defines a protocol, called TURN (Traversal Using Relays around NAT), that allows the host to control the operation of the relay and to exchange packets with its peers using the relay.

Reducing delays related to NAT traversal in P2PSIP session establishments

This paper focuses on reducing the Network Address Translator (NAT) traversal-related components of the session establishment delay in peer-to-peer Session Initiation Protocol (P2PSIP) overlays by using the Host Identity Protocol (HIP) to perform connection management in P2 PSIP overlays.

Session Traversal Utilities for NAT (STUN)

Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with Network Address Translator (NAT) traversal. It can be used by an endpoint to

Future Internet Is by Ethernet

It is argued that the new architecture of the Future Internet must respond to two key challenges: increase trust among Internet stakeholders and provide cost efficient scaling of the network to new levels of capacity, number of users and applications.

Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols

This document describes a protocol for Network Address Translator (NAT) traversal for multimedia session signaling protocols based on the offer/answer model, such as the Session Initiation Protocol

Unwanted Traffic Control via Global Trust Management

  • Zheng YanR. KantolaYue Shen
  • Computer Science
    2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications
  • 2011
Simulation based evaluation shows that the proposed generic unwanted traffic control solution can control unwanted traffic from its source to destinations according to trust evaluation and is effective against a number of malicious attacks.