10 comments on “Am I behind a Symmetric NAT?

  1. As you point out the cost of symmetric NAT (at BOTH the ends) is the requirement of a TURN. At various times, people have proposed different ways to avoid use of a relay server. For example, https://tools.ietf.org/id/draft-takeda-symmetric-nat-traversal-00.txt proposes some heuristics to predict the rule the NAT uses for port mapping, thereby avoiding use of a relay. Like wise https://tools.ietf.org/html/rfc5780 suggests some other scheme.

    As far as I know, these efforts didn’t get much traction possibly because most are service providers and they see other benefits in routing the traffic through their infrastructure.

    • I remember doing 2 way video/audio using Flash and FMS or Red5. All the traffic was relayed. We just estimated the usage and moved on.

  2. >The personal hotspot on the iPhone is doing symmetric NAT which helps a lot.

    Out of curiosity I’ve connected an iMac to the Personal Hotspot of an iPhone 6S running iOS 10.3.2. I ran the jsfiddle and I only got “normal nat”.

    Maybe in your case it’s the 3G/4G network that’s going out to the Internet through a symmetric NAT ?

  3. It is great article thanks fippo & highly appreciated!

    In the fiddle there is a copy paste typo:
    One server is used twice, and so the fiddle gives back “normal nat” on consloe, even in case of symmetric NAT.

    Please correct this in the fiddle:
    {urls: ‘stun:stun2.l.google.com:19302’},
    {urls: ‘stun:stun2.l.google.com:19302’}
    {urls: ‘stun:stun1.l.google.com:19302’},
    {urls: ‘stun:stun2.l.google.com:19302’}

    ( Or it was planned typo? Just a quick check that we really understand the article? 🙂 )


  4. In the example Firefox 56 gives back false positive (symetric nat).

    My proposal is to replace in the fiddle

    With this simple udp protocol check.
    if (cand.protocol == “udp”) {

      • RTCIceCandidate: candidate:1171761481 1 udp 1685987071 15017 typ srflx raddr rport 55252 generation 0 ufrag OCBk network-id 1 network-cost 10 stun:″

        RTCIceCandidate: candidate: 1171761481 1 udp 1685987071 15023 typ srflx raddr rport 62609 generation 0 ufrag OCBk network-id 1 network-cost 10 stun:″

        • foundation property (in your case 1171761481) is a string which uniquely identifies the candidate across multiple transports. It seems that are actuall the same candidates

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.