Have you ever faced this scenario? A user moves to a DSL or cable connection from a 56K modem and all the Internet games, chat tools, and voice and video applications stop working. ISP support staff frequently have to deal with this situation.

The problem is that the user didn’t have a NAT device between his or her machine and the Internet when he or she used the 56K dial-up connection. Now that the user is using a broadband router, he or she is forced to use NAT. NAT devices usually break applications using complex protocols that require dynamic port assignments on the external interface of the NAT device and those that require secondary inbound connections. The situation is often irreparable. The user may even get disgusted with the ISP and dump the broadband connection.

This whole scenario could have been avoided if the NAT device and the client applications supported Universal Plug and Play (UPnP) and NAT Traversal. The good news is that Windows XP includes APIs for client applications to take advantage of UPnP, and the Windows XP Internet Connection Services (ICS) and Internet Connection Firewall (ICF) are both UPnP-compliant.

What is Universal Plug and Play?
UPnP is a collection of networking protocols that allows UPnP network devices to automatically communicate with one another. TCP, UDP, IP, and HTTP are the core networking protocols driving UPnP. UPnP devices are DHCP clients that also support Automatic Private IP Addressing (APIPA) when a DHCP server isn’t available.

UPnP is independent of network architecture. It works equally well on Ethernet, wireless, infrared, and any other network medium. Because UPnP is standards-based, it’s operating system-independent. UPnP standards are developed by the Universal Plug and Play Forum, which has almost 400 members representing virtually all the major hardware and software companies.

Key components of UPnP include:

  • Automatic discovery of UPnP devices.
  • Automatic configuration of UPnP device protocols.
  • Automatic registration and deregistration of UPnP services.
  • Automatic network addressing.
  • Support for protocol bridging that allows UPnP devices to communicate with devices using other protocols such as X10.

For example, suppose you want to connect a wireless network access point to your network. The wireless access point and the wireless clients both support UPnP. The wireless access point will obtain an IP address from a DHCP server. The wireless client will also obtain an address from a DHCP server. If there’s no DHCP server online, both the access point and wireless client will self-assign addresses in the APIPA range (

The wireless access client will use UPnP protocols to discover the wireless access point. This is done using UDP multicast messages. The wireless access point listens on this multicast address. The wireless access point responds with UPnP device-specific information to inform the client of its capabilities and features.

This same technology can be used to enable a whole host of network devices and services. You can enable household devices such as radios, lights, VCRs, DVD players, televisions, heaters, air conditioners, and even clocks, to use UPnP. When these devices join the network, they announce themselves to a multicast address. Devices configured to respond to the multicast announcements get information about the presence and capabilities of these devices. Applications used to configure these devices can discover the devices automatically.

Network address translation (NAT) challenges solved by UPnP
Traditional NAT servers replace the source address and port with the address and a random port number of the external interface of the NAT server. This works well for simple protocols such as HTTP and SMTP, but it can create problems for more complex protocols that require multiple response ports on the external interface of the NAT server. NAT servers also aren’t aware of information stored in the data portion of the application layer header without the help of NAT editors and similar software fixes.

Windows XP’s answer to these problems is NAT Traversal, which can automatically allow the UPnP-enabled NAT client application to communicate with a UPnP NAT device. NAT Traversal provides methods to allow the UPnP client to learn the public IP address of the NAT server and to negotiate dynamically assigned port mappings for UPnP NAT client applications.

NAT Traversal features can be built into any hardware device or software application. Applications that commonly cause troubles for NAT devices but work well when UPnP-enabled include the following:

  • Multiplayer Internet games
  • Audio and video communications
  • Terminal Services clients and servers
  • Peer-to-peer file sharing applications

When these applications are UPnP-enabled, access through the Windows XP ICS allows them to work seamlessly.

Case study: Windows XP Instant Messenger
The Windows XP Instant Messenger (Windows Messenger) application poses special problems for NAT devices. Network and firewall administrators often have to deal with the Instant Messenger’s voice or video features not working. These problems are related to one or more of the following problems:

  • Certain IM features require that a static port be used for all clients. This allows only a single client on the internal network to use that feature. Access for other clients is blocked.
  • Some features require the NAT device to create port mappings that are accessible to an external client and have those map to a specific internal network client.
  • When features imbed the private address in the application-layer header, the Internet host receiving the private address cannot respond to the private network host.

Windows XP provides client support via the NAT Traversal APIs so that the Windows Messenger features will work with the Windows XP ICS and ICF. Some of the specific actions that UPnP support allows for include the following:

  • The Windows XP Messenger can detect that it is behind an ICS gateway.
  • The Windows XP Messenger can inform the ICS gateway which ports need to be dynamically opened to allow external clients to create new inbound secondary connections.
  • The Windows XP Messenger is able to communicate to the ICS gateway which dynamic ports are required for audio, video, and data sharing (such as the Whiteboard feature).
  • The ICS gateway is able to determine whether the peer Messenger client is also located on the internal network and will allow the two to communicate directly.

The ICS UPnP NAT Traversal features work nicely with the Windows XP Messenger because the UPnP client is able to communicate its requirements to the UPnP server. Without the aid of UPnP, making advanced features such as voice and video communications work through a NAT or combination NAT/firewall (such as ISA Server) is impossible. The fact is that you can’t make voice and video work with ISA Server because there is no Application Layer Gateway (like the H.323 Gatekeeper Service) to support these protocols.

Windows XP supports UPnP so that network devices and services can communicate with one another automatically. UPnP uses TCP/IP protocols so that it can work seamlessly on existing networks. Windows XP ICS and ICF use UPnP NAT Traversal, which allows the UPnP-aware client application to negotiate required ports on the ICS NAT device. UPnP NAT Traversal solves many of the problems users have when trying to make applications that require complex protocols work with conventional NAT devices. We can expect to see in the future a number of household devices such as DVD players, VCRs, televisions, and stereos support UPnP so that they can be seamlessly integrated into an existing home network.