Java Remote Method Invocation (RMI) lets developers use the method invocation paradigm to realize communication between remote servers and clients. If the distribution model of an application, however, spans multiple administrative domains, communication needs to be able to traverse firewalls and network address translation (NAT) boxes.
By default, the Java remote method protocol (JRMP) uses HTTP tunneling to deal with these issues; more specifically, if: (1) A direct TCP connection between client and server cannot be set up, then (2) Java RMI encapsulates the JRMP messages in HTTP post requests; if the exchange of these messages fails, (3) the HTTP encapsulated messages are sent to port 80 rather than to the port indicated in the remote object reference.
This technique, however, can only deal with a limited number of possible distribution, firewall, and NAT scenarios. In addition, it is rather heavyweight in the sense that step (3) above requires installation of a CGI-script or servlet on the Web server that receives and forwards the HTTP tunneled JRMP message to the actual RMI server object. This installation often conicts with the administrative domain`s security policies.
Hole Punching
Hole punching is a lightweight NAT and firewall traversal technique invented for VoIP and peer-to-peer systems. Skype is probably the most widely known application that employs hole punching.
NAT is a method by which IP addresses are mapped from one address realm to another (e.g., a public IP address to a private IP address of a private network and vice versa), providing transparent routing. The principle thereby is that an address mapping for a dedicated recipient can only be established -- i.e., a hole into the NAT is punched|from inside the network where a host resides. A hole can be used from outside the NAT from hosts for whom the hole was punched.
The idea of hole punching is now that a first host (e.g., a client) punches a hole from inside into the NAT and communicates its public IP address to a second host (e.g., a server)|by any means. The second host then uses this public IP address and the punched hole to establish a connection to the first host. To communicate public IP addresses between hosts, a mediator server residing in the public Internet can be utilized.
In the following, we illustrate the idea of hole punching by using a simple example (see Figure 1). First, the server registers with the mediator using a TCP connection. It sends its public IP address together with a unique identifier of the server. Thereby, a hole is punched into the server NAT, which can be used later by the mediator to contact the server. For this, it is important that the TCP connection from the server to the mediator is held open
Source:
http://www.ddj.com/java/217400127
By default, the Java remote method protocol (JRMP) uses HTTP tunneling to deal with these issues; more specifically, if: (1) A direct TCP connection between client and server cannot be set up, then (2) Java RMI encapsulates the JRMP messages in HTTP post requests; if the exchange of these messages fails, (3) the HTTP encapsulated messages are sent to port 80 rather than to the port indicated in the remote object reference.
This technique, however, can only deal with a limited number of possible distribution, firewall, and NAT scenarios. In addition, it is rather heavyweight in the sense that step (3) above requires installation of a CGI-script or servlet on the Web server that receives and forwards the HTTP tunneled JRMP message to the actual RMI server object. This installation often conicts with the administrative domain`s security policies.
Hole Punching
Hole punching is a lightweight NAT and firewall traversal technique invented for VoIP and peer-to-peer systems. Skype is probably the most widely known application that employs hole punching.
NAT is a method by which IP addresses are mapped from one address realm to another (e.g., a public IP address to a private IP address of a private network and vice versa), providing transparent routing. The principle thereby is that an address mapping for a dedicated recipient can only be established -- i.e., a hole into the NAT is punched|from inside the network where a host resides. A hole can be used from outside the NAT from hosts for whom the hole was punched.
The idea of hole punching is now that a first host (e.g., a client) punches a hole from inside into the NAT and communicates its public IP address to a second host (e.g., a server)|by any means. The second host then uses this public IP address and the punched hole to establish a connection to the first host. To communicate public IP addresses between hosts, a mediator server residing in the public Internet can be utilized.
In the following, we illustrate the idea of hole punching by using a simple example (see Figure 1). First, the server registers with the mediator using a TCP connection. It sends its public IP address together with a unique identifier of the server. Thereby, a hole is punched into the server NAT, which can be used later by the mediator to contact the server. For this, it is important that the TCP connection from the server to the mediator is held open
Source:
http://www.ddj.com/java/217400127
