Hairpinning

A NAT supports “hairpinning” if it can route packets coming from the private network addressed to a public IP address back into the private network. For example, a mobile user might actually be connected to the private network - thus packets to this user do not actually need to be sent out and then sent back into the private network!

Transcript

[slide372] Now, there's this problem called hairpinning. And that's... You're all familiar with these things shaped like that. Hairpins. You use it to hold your beret on, or whatever. Well, the difficulty is, if I'm inside a private network, and I call another user who also happens to be inside the same private network, what happens? Well, with these NAT traversal solutions, the traffic actually had to go out, translating everything, and then had to come back in again, when what should have been done was, of course, to say, hey, just send the traffic within the private network. There's no need to be changing the addresses. But how can we detect that the other party's inside the private network? We'd need to have a registrar here that learns the private addresses, so when I go and ask for the address of this other party, I see, aha, they're in the same private network that I am. I can send it directly there. But if their registrar is out here, what do I get? Yes, I find out that they're inside, on the other side of the NAT that's here. Oops.