1 / 32

MyMed - PowerPoint PPT Presentation

  • Uploaded on

MyMed. Overview after meeting @INRIA (29-30/06/2010) Proposed Architecture PROPOSED Technical Solutions Polito Package (WPF2) Details Activities NAT traversal techniques Solution Fixed vs not Fixed SWOT analysis Slot for Open discussion. General Information. HIGHLIGHTS

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' MyMed' - loring

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


Overview after meeting @INRIA (29-30/06/2010)

Proposed Architecture

PROPOSED Technical Solutions

Polito Package (WPF2) Details


NAT traversal techniques

Solution Fixed vs not Fixed

SWOT analysis

Slot for Open discussion

General information

MyMed WPF2 - Polito

General Information


  • The project MyMed will be deployed within the ALCOTRA region.

  • MyMed is a network for the exchange of contents in a fixed and mobile environment

    • 5500 users*

    • 60 services*

  • 50 machines (Desktop PC) will be installed and will form the Back Bone (BB) of the system.

    • 25 PC in France / 25 PC in Italy


* Expected figures after 3 years

Mymedservices some examples


  • The services are not fully defined yet

  • The definition of the first set of services to be implemented is also pending

    • Proposal: start with MyTranslator & MyAngel (both of them are easy to implement and they can benefit from GPS and possibly geo-localization)

MyMed WPF2 - Polito








MyMedServices(some examples)

Mymed proposed architecture

  • MyMed architecture is based on a P2P backbone (BB) based on a DHT algorithm:

    • DHT type to be finalized (Chord, Kademlia, Cassandra, …)

  • Users interaction with DHT*:

    • Login /Logout into MyMed

    • Add/Remove a Service

    • Publish a content

    • Search a content

    • Subscribe an event

    • Receive notifications

  • Each Node/User have their own internet connection

    • Potentially each one in under a different subnet

  • Users access to the BB with wired, wireless, 3G connections using desktop, laptop or smart phones

MyMed WPF2 - Polito

MyMed Proposed Architecture





BB Node located in France

BB Node located in Italy

Desktop User

Notebook User

SmartPhone User

Super Peers

Clients or Peers

* Users interaction with the DHT not fully defined yet

Proposed mymed implementation in 2 steps

MyMed WPF2 - Polito

Proposed MyMed implementation in 2 steps


Proposed Solutions

Hot points

Login server and entry point selection algorithm have to guarantee load balancing

  • Only BB nodes (Super Peers from now on) belongs to the P2P

    • User first authenticates through a Login Server

      • Login Servers Set is a subset of the Super Peer Set

    • Once authenticated, users access the DHT through a Super Peer as single point on entry

    • The point of entry is selected at each session by the Login Server

Step 1

Selection algorithm should balance among node reliability, node capacity and user reputation

Login servers must track selected nodes

  • Selected nodes (Peers) joins the DHT and can:

    • Become entry point for “external nodes”

    • Bear selected content

    • Offer a specific service

Step 2

On exploiting user nodes

  • The service that runs on MyMed must be 100% reliable, hence we cannot tolerate loss of data

  • User connection is not always stable (wireless, 3G)

  • User may decide to disconnect “ungracefully” at any time

  • User hardware may fail

  • A strong fault tolerance method with 100% reliability is needed among Super Peers

  • The storage capability of selected users (Peers) must not be used to store unique data. In other words, user nodes can be used only for redundancy . Of course, their computational power as well their connectivity can be exploited

MyMed WPF2 - Polito

“On exploiting User Nodes”

Leading Point



Node profile view by steps

MyMed WPF2 - Polito we cannot tolerate loss of data

Node Profile view by Steps



Main Functions

Load balancing


Redirection to a SP

Content storage

Rendezvous server Direct DHT Access

Servers of Clients

Content storage

Rendezvous server Direct DHT Access

Redundancy storage

Access through SP

- - - Every profile can access MyMed and uses services - - -

Smartphone market share

MyMed WPF2 - Polito we cannot tolerate loss of data

SmartPhone Market Share

Results 2010 Q1

Forecast 2012


  • By 2012 Symbian + Androis + iPhone will build up more than 60% of the total smartphone sells

  • A MyMed specific client should be developed for each of these platform in order to penetrate the market

  • RIM = BlackBerry

  • Source Gartner

Mymed proposed clients architecture

MyMed WPF2 - Polito we cannot tolerate loss of data

MyMed proposed clients architecture






Local host:80

- - Packages- -

-- Lite Web Server

-- Virtualization Client

-- P2P Client

-- Transport

-- Reputation Client

-- Security





-- P2P Client

-- Transport

-- Reputation Cl.

-- Security








Implementation with SDK

Implementation C++/JAVA


- - Packages - -

  • The architecture is as for Peer.

  • The MyMedPeer module will be replaced with MyMedSuperPeer

  • Each package has enhanced functions to manage the Login server and SuperPeer role



-- Web Server

-- Virtualization

-- P2P BB

-- Transport

-- Reputation

-- Security





BB Node

Simple Web Client Server

My med draft layered view

  • The main objective of this module is to guarantee the connectivity among P2P nodes

    • Connect(), Disconnect() services

  • The majority of the hosts are nowadays behind Network Address Translator (NAT)

  • A Host behind a NAT is not directly reachable, thus P2P application does not work using simple connections.

  • The connectivity will be guaranteed by Nat Traversal Techniques suitable for P2P systems [1]. However will be required that a certain number of BB nodes have a public and reachable IP (login server, randezvous server,…)

MyMed WPF2 - Polito

My Med draft layered view

User Interface



P2P Overlay


Transport Overlay

Transport {TCP, UDP}


MAC {802.3, 802.11, UMTS}

My Med packages

Existing packages

Polito package wp2 details

Polito will do the following main technical activities: connectivity among P2P nodes

  • Development of the transport underlay package for MyMedPeer and MyMedSuperPeer

    • NAT traversal (STUN [2][3], STUNT[4], ICE[5], … )

    • Relaying (TURN[6],…)

  • Cooperate in service definition and analysis

  • Mobility support:

    • Information dissemination through mobile nodes*

    • Caching techniques on user nodes*

  • Development of MyMedPeer also for:

    • Android[7]

    • Symbian[8]

  • Cooperate in Testing, User farming, demos

MyMed WPF2 - Polito

Polito package (WP2) Details

* Implementation according to viability and service needs

Network address translation nat

Definition connectivity among P2P nodes

  • Network Address Translation (NAT) is the process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device for the purpose of remapping one IP address space into another.

    • Avoid using public IP addresses for internal space

    • Greater security as inbound traffic in not allowed

  • Simple NAT: only the IP address is translated

  • NAPT/NAP: in Network Address Port Translation also the port is re-mapped (a.k.a IP masquerading)

MyMed WPF2 - Polito

Network Address Translation (NAT)

NAPT Example

Nat types

MyMed WPF2 - Polito connectivity among P2P nodes

NAT Types

Nat consideration

  • NAT behaviour is not standardized connectivity among P2P nodes

    • Actual implementation depends on vendor

  • The IETF group BEHAVE [9] specify in the RFC 4787 the rules enabling NAT to be “application friendly”. The rules include:

    • Binding Management

    • Packet filtering policy

    • Deterministic behavior

MyMed WPF2 - Polito

NAT Consideration

How to traverse nat in a real scenario

Assumptions: connectivity among P2P nodes

We do not consider here the cooperation of NAT hardware with zeroconf protocols such as UPnP Internet Gateway Devices (IGD)[10], Bonjour (Apple), etc.. as they are fragmented (OS dependent) and not widely diffused.

Instead, we will consider the following viable options:


Hole punching

MyMed WPF2 - Polito

How to traverse NAT in a real scenario?

Typical Scenario

Traversing nat with relaying

Relaying connectivity among P2P nodes consist in exploiting a public server S and use it to relay all the traffic between the peers

Relaying Key Idea:

Achieve communication through a public server S to which both Clients (Peers) can connect to


Works for any NAT implementation given that both client can connect to the server


Load on server S due to relayed traffic

Latency of communication increases

Single point of failure

The protocol TURN RFC 5766 implements relaying in a secure fashion.

MyMed WPF2 - Polito

Traversing NAT with relaying

NAPT Example

Connection reversal

Connection reversal connectivity among P2P nodesis a simple technique used to allow direct P2P communication using a well-known rendezvous server S when only one Client is behind a NAT:

  • The connection from A to B is straight forward

  • The connection from B to A is achieved by asking A to do a reverse connection to B through S

    Connection Reversal Key Idea

  • Use a well-known rendezvous server S to deliver the Connection request


  • Works with any type of NAT


  • Requires one node to be not NATed

MyMed WPF2 - Polito

Connection Reversal

Connection Reversal scenario

Traversing nat with hole punching udp

UDP hole punching enables two clients to set up a direct peer-to-peer UDP session with the help of a well-known rendezvous server, even if the clients are both behind NATs.

Hole Punching Key Ideas

Use a well-known rendezvous server S to let the peers know about the other end internal and external endpoint

Once the know each other, both peers try to reach each other using both the internal and the external endpoint, creating a “hole” in the NAT


Work with both nodes behind a NAT

Does not require the rendezvous server S to relay traffic


Requires not symmetric NAT

MyMed WPF2 - Polito

Traversing NAT with Hole punching UDP…

Traversing nat with hole punching udp1

Suppose client A wants to establish a UDP session directly with client B:

A initially does not know how to reach B, so A asks S for help establishing a UDP session with B.

S replies to A with a message containing B’s public and private endpoints. At the same time, S uses its UDP session with B to send B a connection request message containing A’s public and private endpoints. Once these messages are received, A and B know each other’s public and private endpoints.

When A receives B’s public and private endpoints from S, A starts sending UDP packets to both of these endpoints, and subsequently “locks in” whichever endpoint first elicits a valid response from B. Similarly, when B receives A’s public and private endpoints in the forwarded connection request, B starts sending UDP packets to A at each of A’s known endpoints, locking in the first endpoint that works. The order and timing of these messages are not critical as long as they are asynchronous.

Remark: This algorithm does not work with symmetric NAT

MyMed WPF2 - Polito

…Traversing NAT with Hole punching UDP …

Traversing nat with hole punching udp2

Scenario 1: with client B:A and B are under the same NAT. It works in any NAT condition

MyMed WPF2 - Polito

… Traversing NAT with Hole punching UDP …

Traversing nat with hole punching udp3

Scenario 2: with client B:A and B are under different NAT. It works if both NAT are not symmetric

MyMed WPF2 - Polito

… Traversing NAT with Hole punching UDP …

Traversing nat with hole punching udp iii

Scenario 3: with client B:A and B are under a common NAT. It work if both NAT are not Symmetric and the common NAT device implements hairpin/loopback translation

MyMed WPF2 - Polito

… Traversing NAT with Hole punching UDP (iii)

Traversing nat with hole punching tcp

Same protocol of UDP, but: with client B:

  • The sockets must be used with the SO_REUSEADDR option which allows the application to bind multiple sockets to the same local endpoint

    • On BSD also the option SO_REUSEPORT have to be specified

  • The application have to open 4 sockets in the same local port

    • In a view of avoiding to open multiple sockets in parallel, a sequenced hole punching technique can be implemented but it increases the total time for the hole punching procedure

  • The application have to handle different cases:

    • NAT active/passive SYN drop

    • Simultaneous TCP open

MyMed WPF2 - Polito

Traversing NAT with Hole punching TCP

Socket to be opened to implement hole punching

How a node can discover to be behind a nat

3 well known server must be used: with client B:

  • The client pings S1 and S2. If the external endpoint is conserved, the NAT is address independent (cone NAT)

    • Otherwise it is a symmetric NAT

  • Server 2 sends the Client’s endpoint to Server 3, who tries to reach the client. If succeed the NAT is a full Cone NAT

MyMed WPF2 - Polito

How a node can discover to be behind a NAT?

Application of nat traversal in mymed

Assumptions: with client B:

  • The Login Servers and the DHT bootstrap nodes MUST have a public and reachable IP

  • Each node learns from login servers whether or not it is behind a NAT, and what NAT type it is

  • Each node records the NAT type of other nodes (learned through login servers, who propagate variations)

    Scenario 1:

  • When a super node SP A which is behind a cone NAT joins the DHT, it has to establish connections with other nodes in the tree. Let’s assume his successor SP B is also behind a cone NAT (full, restricted, port-restricted)

  • SP A will use a rendezvous Peer or Super Peer P/SP to perform Hole Punching.

MyMed WPF2 - Polito

Application of NAT traversal in MyMed…




Session A-P/SP

Session B-P/SP

Direct Session SP A – SP B

Cone NAT

Cone NAT

  • Remarks:

  • The tracking and ranking of available rendezvous server is done by Login Servers

  • In order to avoid delay in DHT operations, Direct Session among SPs have to be maintained with keepalive messages

Application of nat traversal in mymed1

Assumptions: with client B:

  • Same as before

    Scenario 2:

  • When a super node SP A which is behind a cone NAT joins the DHT, it have to establish connections with other nodes in the tree. Let’s assume his successor SP B is behind a symmetric NAT

  • SP A will use Relaying, through a rendezvous Peer or Super Peer P/SP having a public IP, to get directly in touch

MyMed WPF2 - Polito

… Application of NAT traversal in MyMed




Session A-P/SP

Session B-P/SP

Cone NAT*

Symmetric NAT

  • Remarks:

  • As before but:

    • This scenario must be avoided as it will potentially delay all DHT GET and PUT. This means that if possible symmetric NAT should be avoided within the DHT enabled Peer

    • Only SP should be used as relay in order to guarantee reliability

* Hole punching could work with a Full Cone Nat and with Address independent filtering (very rare)

Application of nat traversal in mymed2

Assumptions: with client B:

  • Same as before

    Scenario 3:

  • After authentication, the login server L communicates to the Client C the entry point to MyMed Services (Peer /SuperPeerP/SP)

  • As P/SP is behind a cone NAT, the login server L will act as rendezvous server to allow hole punching, enabling for the direct communication

MyMed WPF2 - Polito

… Application of NAT traversal in MyMed




Session C-L

Session L-S/SP

Direct Session C – P/SP

Cone NAT

Cone NAT

What the others do a look into skype

MAIN FIGURES from []: with client B:

  • Login server used for first contact, authentication and for first super node discovery

  • The client connects to super nodes after login

    • List of well known super nodes is always available

    • A connection error is generated if the host cannot contact any super node

  • User can become super nodes

  • Skype uses super nodes as rendezvous server using an adapted version of TURN/STUN for NAT traversal

  • Both TCP and connections an Port 80 are exploited in order to get through firewalls

  • Relaying is used as last chance

MyMed WPF2 - Polito

What the others do? A look into Skype

Solution fixed vs not fixed

MyMed WPF2 - Polito with client B:




  • Base MyMed achitecture

  • Base SuperPeer and Peer Architecture

  • BB node OS (Ubuntu)

  • Stepwise implementation of MyMed

  • User interface technology (HTML, AJAX, JSCRIPT)

  • Programming languages (Java, C++)

  • DHT type and P2P architecture

  • Virtualization role

  • Security requirements

  • User Flows (login, operations)

  • Other packages services

  • Start-up services

  • GNU license type


  • Approach for NAT Traversal

    • Hole punching

    • Relaying

  • Mobile OS to consider for specific client development

    • Android, Symbian

  • Full NAT traversal procedure

  • Infrastructure less operation

    • Dissemination*

    • Caching*

  • Italian BB nodes location

  • Interfaces with other packages


* Depending on services specifications

Swot analysis of polito package

MyMed WPF2 - Polito with client B:

SWOT Analysis of Polito Package

  • Well known and semi-standardized NAT traversal techniques available

    • STUN

    • TURN

    • ICE

  • Interfaces with other packages not defined yet as their specific content is not clear yet

  • No past experience with Android SDK and limited on Symbian



  • Build a rock solid transport overlay protocol

  • Exploit users as rendezvous server

  • Measure and gather real stats about today’s NAT


  • Possibility to assign to BB nodes public IPs not verified yet

  • Possible traffic increase due to relaying in case of high percentage of symmetric NAT


Free slot for open discussion

MyMed WPF2 - Polito

Free slot for open discussion


[1] FORD, B., SRISURESH, P., AND KEGEL, D. Peer-to-peer communication across network address translators. In Proceedings of the 2005 USENIX Annual Technical Conference (Anaheim, CA, Apr. 2005)

[2] RFC 3489, STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs), J. Rosenberg, J. Weinberger, C. Huitema, R. Mahy, The Internet Society (March 2003)

[3] RFC 5389, Session Traversal Utilities for NAT (STUN), J. Rosenberg, R. Mahy, P. Matthews, D. Wing, The Internet Society (October 2008)

[4] Saikat Guha and Paul Francis. Simple traversal of UDP through NATs and TCP too (STUNT) (

[5] J. Rosenberg. Interactive connectivity establishment (ICE), October 2003. Internet-Draft (Work in Progress)

[6] J. Rosenberg, C. Huitema, and R. Mahy. Traversal using relay NAT (TURN), October 2003. Internet-Draft (Work in Progress).




[10] UPnP Forum. Internet gateway device (IGD) standardized device control protocol, November 2001.

MyMed WPF2 - Polito