A Mediated Connection vs. NAT Traversal Techniques and Hole Punching
When it comes to accessing a remote desktop over the Internet, there are basically two options: a direct IP to IP connection or a mediated connection. In recent years it has been an increasing trend among major remote desktop software vendors to provide the latter connection type. For a customer it is much easier to use a simple number (an ID) for connecting rather than configuring a router and grappling with port forwarding.
Given the popularity of this technique, many users started to ask: “Is the traffic routed through the company’s mediation servers all of the time or is the mediation server used only once to initiate the connection?” This question is often followed by an immediate answer that such-and-such company utilizes a NAT traversal technique, such as UDP hole punching, in their software. And that with NAT traversal the mediation server only initiates the connection and then leaves both sides alone to communicate directly to each other.
What is NAT traversal?
To answer this question we need to know what NAT is. Network Address Translation (NAT) is a technique used in network routers. NAT connects computers in a local (private) network to the Internet using a single public IP address. Without NAT the number of available IP addresses would have been exhausted very fast – a phenomenon called IPv4 address exhaustion.
Although using NAT helps to alleviate Ipv4 address exhaustion, it also poses a problem for peer-to-peer sharing applications, games, VoIP services and also for remote desktop software. Quite understandably, using a direct connection to a remote PC over the Internet provides the fastest user experience because traffic is not pumped through a third-party mediation server. Tricks have emerged that allow a direct connection even behind NAT devices – these tricks received the umbrella name “NAT traversal techniques”.
In theory, NAT traversal allows “hole-punching” in firewalls and NAT devices, thus making a direct connection possible. In practice, however, this technique is significantly overrated. This is because NAT behavior varies from router to router; it is not standardized. In many cases such hole-punching is simply unnecessary because the Internet connection speed, the relative proximity and capacity of a mediation server and other contributing factors provide as fast a user experience as with a direct connection.
Finally, some programs including Remote Utilities can recognize if there is a possibility of a direct connection between Viewer and Host. For example, Remote Utilities finds a direct route automatically – if the route exists – even when an Internet ID connection is used.