UDP hole punching

UDP hole punching is a commonly used technique employed in network address translation (NAT) applications for maintaining User Datagram Protocol (UDP) packet streams that traverse the NAT.

NAT traversal techniques are typically required for client-to-client networking applications on the Internet involving hosts connected in private networks, especially in peer-to-peer, Direct Client-to-Client (DCC) and Voice over Internet Protocol (VoIP) deployments.

[1] UDP hole punching establishes connectivity between two hosts communicating across one or more network address translators.

This technique is widely used in peer-to-peer software and Voice over Internet Protocol telephony.

The same technique is sometimes extended to Transmission Control Protocol (TCP) connections, though with less success because TCP connection streams are controlled by the host OS, not the application, and sequence numbers are selected randomly; thus any NAT device that performs sequence-number checking will not consider the packets to be associated with an existing connection and drop them.

UDP Hole Punching message sequence chart
Message sequence chart with peers A and B, using server S to help establish communication