Hello again..

We're seeing higher-than-we-would-like number of people who simply cannot host or connect to games. We're using lidgren which supports some form of NAT punchthrough and all of our user hosted servers are likely behind NAT. For most cases it appears to be client specific i.e. they cannot connect to any games anywhere.

We added some tracking and out of about 40k connection attempts we fail NAT punchthrough about 15% of the time. If we then attempt to connect anyway we get though in an additional 6% of the time giving us an overall failure rate of 9% of our user attempts. Not good enough to stop complaints :-) We've checked out code many times (and found/fixed a few bugs) and also wiresharked to show that the packets simply do not make it through the routers.

So before we spend even more time digging deep I thought I would ask if 15% seems reasonable or if something is wrong?

Many of our users declare they can play other games without problems - we suspect they are playing on servers hosted on machines with no NAT (or very very permissive ones). We tried hosting on AWS and Azure VMs and are seeing about the same 15% - the cloud services are all behind NATs too. Our next step here is to try a server with a static IP/No NAT to see if everyone can connect even if they have a 'bad' router at their end.

And finally any other ideas? We don't have the resources to invest in advanced NAT techniques that we've been reading about http://xboxforums.cr...7670.aspx#37670 - we've heard that the gamespy library may be better http://docs.poweredbygamespy.com but theres no docs on its Nat traversal abilities.

Thanks

You could tell users that if it fails hosting, they need to configure port forwarding if they are hosting. Users generally understand that port forwarding might be necessary for hosting, so at least they'll complain less (plus it will probably up the % of users that "it works" for.)

I don't understand what you mean when you say "NAT fails, but we go ahead and connect anyway, and that gets us another 6%."
How can "NAT fail" if you can connect?

We already have instructions for people hosting. So either they are not doing that, or their router is open enough to let some people through so they don't feel they have to change. We actually have a tooltop that appears if they host for more than 2 minutes without anyone joining...

I'm not sure I can explain exactly but we have a matching server that sends the nat introduction to both sides (server and client) and then both server and client sent out a NAT punch through to each other. Sometimes the client -> server fails from the client point of view but the server -> client punch through has worked so if we follow up the failure with a connection (as if it worked) then we actually make a connection. We did find some vague explanation of why this might work - and it does.

I may be using the wrong terms here so hopefully you can work it all out.

It sounds like you're not being through enough in the punch-through set-up, then.
A proper punch-through procedure means that each side starts sending out a packet with a TTL of 2.
Then, each side sends out a packet with a TTL of 3.
... repeat, until both sides see each other, or you reach some high number of TTL, like 100.
In the best of worlds, you include the matchmaker as a coordinator for each of these steps, and the coordination is done using "reliable" messaging on top of the same UDP port as you're using for the punch-through.

Thanks for that hint. I'll look into lidgren and see what it does and if we can make it do that.

Thanks for that hint. I'll look into lidgren and see what it does and if we can make it do that.

You can look into RakNet as well, it's got some info on punch through and various generic types. But in general, both sides have to initiate a connection attempt, to allow the other side to punch through the firewall.