Saturday, October 29, 2011

STUN & TURN

STUN

STUN - Session Traversal Utilities for NAT (RFC 5389) - used in NAT Traversal for applications real-time video, voice, messaging and other IP communications that are interactive.

STUN works with the following types of NAT -

- Full cone NAT
- Restricted cone NAT
- Part Restricted cone NAT

STUN does not work with bi-directional NAT (Symmetric NAT). TURN works better with this type of NAT

STUN works as follows:-

- Client (OS or application) on a private network sends a "binding request" to the STUN server on the public internet.
- STUN Server sends "success response" that contains an IP address and PORT as observed from the the STUN servers. (After the Client has been natted)

Once the client is aware of its external IP address and port number it uses this external IP address and port number when communicating to its peers. This allows its peers to establish communications to the device which would otherwise not be accomplished since the client is on a private IP network.

Standard Ports for STUN
UDP/TCP 3478
TLS 5349

TURN

TURN - Traversal Using Relay NAT - allows a device that is behind a firewall or NAT (Symmetric NAT or better known as Bi Directional NAT) device to receive incoming data leveraging TCP or UDP. TURN will most likely provide connectivity to the client but it does come at a high price to the provider. STUN is generally used first and TURN is used as a last resort.

The host sitting behind the NAT device is called a TURN client which connects the the TURN server on the public internet which acts as a relay. The TURN client communicates and arranges with the TURN server to have the server relay the packets to the desired peer. When the TURN client and peer want to communicate, the communication from the TURN client to the TURN Server is encapsulated within a TURN MESSAGE. The communication between the peer and the TURN server is not encapsulated.

TURN - RFC 5766

No comments:

Post a Comment