Author: Kang Shaojun
You need to understand each other’s network so that you can find a link to communicate with each other. The following two processes are required.
- Obtain extranet IP address mapping.
- Exchange network information through the Signal Server.
The ideal network situation is that each browser’s computer has a public IP address and can be directly connected to point-to-point. As shown in the figure.
The actual situation is that our computers are all in a local area Network (LAN) with firewalls, and Network Address Translation (NAT) is required, as shown in the figure.
STUN and TURN are used to solve the above problems in WebRTC usage.
NAT
Network Address Translation (NAT) is a technology to solve the shortage of IPV4 IP addresses. For example, usually we are under a router, and the router usually assigns us the address 192.168.1.1, 192.168.1.2. If there are n devices, it may be assigned to 192.168.1.n, and this IP address is obviously only an Intranet IP address. In this way, the public IP address of a router corresponds to n Intranet addresses. In this way, a small number of public IP addresses represent a large number of private IP addresses, which helps to slow down the exhaustion of available IP address space. As shown in the figure.
NAT protects the security of the Intranet address, so the problem is that when I use P2P connection, NAT will block the access to the external address, so we have to use NAT penetration. So here’s the idea: We use A public IP server. Both peer-A and peer-b send packets to the public IP/PORT, so that the public IP server can get the IP/PORT of peer-A and peer-B. Since peer-A and peer-B actively send packets to the public IP server, Therefore, the public network server can penetrate NAT-A and NAT-B and send packets to peer-A and peer-B. Therefore, as long as the public IP address sends the IP address /PORT of peer-B to peer-A, the IP address /PORT of peer-A to peer-B. In this way, the next time peer-A and peer-B send messages to each other, the NAT will not block them. WebRTC NAT/ firewall traversal technology is based on one of the above ideas to achieve. ICE framework is adopted in WebRTC to ensure that RTCPeerConnection can realize NAT traversal.
ICE
ICE (Interactive Connectivity Establishment) is a framework that enables various NAT penetration technologies (STUN, TURN… Unification can be achieved. This technology allows clients to successfully penetrate the various firewalls that may exist between a remote user and the network.
STUN
Session Traversal Utilities for NAT is a network protocol that allows clients behind a NAT (or multiple NAts) to find out their public address. Find out which type of NAT you are behind and which Internet port the NAT binds to a local port. This information is used to establish UDP communication between two hosts that are behind the NAT router. As shown in Figure 2-7, the STUN server can know the public IP address and port number of peer-A and peer-B.
Even if a public IP address is obtained through the STUN server, the connection may not be established. Because different NAT types handle incoming UDP packets differently. Three of the four main types are STUN permeable: full coned NAT, restricted coned NAT, and port restricted coned NAT. However, Symmetric NAT (also called bidirectional NAT) commonly used on large enterprise networks cannot be used. Such routers implement so-called Symmetric NAT restrictions through NAT. That is, the router will only accept connections made by nodes you’ve previously connected to. This type of network requires TURN technology.
TURN
TURN (Traversal Using Relays around NAT) is an extension of STUN/RFC5389, with the addition of Relay. If the terminal is behind the NAT, the terminal may not be able to communicate directly with its peer in certain scenarios. In this case, the server on the public network is required to forward the incoming and outgoing data. The forwarding protocol is defined as TURN. On the basis of STURN server, set up several TURN servers. If STUN fails to allocate a public IP address, you can use the TURN server to request a public IP address as a trunk address. Media data is relayed by the TURN server. As shown in the figure.
When media data goes through TURN, the bandwidth in this mode is assumed by the server. Therefore, hardware and bandwidth should be considered when setting up the relay service. Tip: Unlike STUN and TURN, ICE is not a protocol, but a framework that integrates STUN and TURN.
STUN and TURN servers are built by coturn open source project. The address is: github.com/coturn/cotu… . You can also use the server developed by Golang technology to set up, and the address is github.com/pion/turn.
WebRTC Group: 425778886 open source address:github.com/kangshaojun