What is ICE and NAT Traversal?

To start lets explain what each entity is: ICE (Interactive Communication Establishment) is used in VoIP context to enable NAT, which is a technology that enables communication between devices communicating on various technologies and protocols, such as VoIP, Video, Chat, SaaS and even peer-2-peer applications to communicate using private addressing.

NAT (Network Address Translation) is the underlying technology that enables this, and is fundamental in the technology. NAT was developed to mitigate the problems associated with its limited address range – circa 4 billion unique addresses. The explosive growth of the internet made these addresses very hard to obtain, 4 billion is not a great number when you consider all the people and devices connected to the internet. There were other initiatives such as the adoption of IPv6; however, NAT provided a unique and easy alternative.

To understand how NAT works we must first understand now IPv4 addressing works. There are public addresses that are reachable across the internet, these are the IP addresses of web servers and the like that you wish others to be able to directly connect. However, originally no-one thought the internet would be so vast so that the authority in charge of distributing IP addresses were somewhat reckless in distributing them, for example giving address blocks of millions of addresses to big companies and universities. As the internet grew at an alarming rate it became clear that the IPv4 address range was not sufficient to support global requirements.

In order to address this address shortage, private addresses came available. Private addressing allows enterprises, service providers to use certain address blocks (10.0.0.0 172.16.0.0 and 192.18.0.0) to uniquely identify their customers and hosts, but these addresses are only valid within the company, they cannot communicate over the internet. This was fantastic as now all employees could have an IP address, could communicate on the LAN but not be accessible from the internet. However, there was a problem; many employees did need to access the internet. So how could IT provide an IP address that could access the internet but not be accessible from the internet?

Consequently, engineers began to think how to address this problem, and they came up with a brilliant solution. The idea was that computers used by employees within a company or even residential users did not require a public IP address as they should not be accessible from the internet, after all they were not web servers, so why make them accessible to everyone. The second point was that all these employees and user wanted to access the internet, but that was impossible using private IP addresses.

What NAT does is it utilizes the prized and exceedingly rare public IP address range to address the internet router. Therefore, the router is advertises and accessible throughout the internet. The clever part is that the router translates its own public address for a host’s private address. So for example, this happens:

172.16.5.23 à 203.67.3.19 is sent from the employee, and the internet facing router – sometimes a firewall – intercepts this and translates it to 134.28.56.8 – its own external interface’s internet public address. Therefore, the transmission goes out as 134.28.56.8 à 203.67.3.19. The return message is then translated back to the private address by looking up a NAT table of associations, which addresses the problem as how private addressed computers can access the internet.

Alasdair Gilchrist

Alasdair is a technical writer with interest in business practice, operational strategy, start up philosophy and affordable technology. He lives in Nonthaburi, Thailand with his wife and daughter, and writes terrible novels as a hobby.

We will be happy to hear your thoughts

Leave a reply