Grey Headline (continued)
Configuring the VCS as a Traversal Server
TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE
STUN Services
About STUN
STUN is a network protocol that enables a SIP or H.323 client to communicate via UDP or TCP from behind a NAT firewall.
The VCS Expressway can be configured to provide two types of STUN services to traversal clients. These services are STUN Binding Discovery and STUN Relay. Currently the VCS supports STUN over UDP only.
For detailed information on the base STUN protocol and the Binding Discovery service, refer to Session Traversal Utilities for (NAT) (STUN) [11].
For detailed information on the STUN Relay service, refer to Obtaining Relay Addresses from Simple Traversal Underneath NAT (STUN) [12].
STUN Binding Discovery
The STUN Binding Discovery service provides information back to the client about the binding allocated by the NAT firewall being traversed.
How it works
A client behind a NAT firewall sends a STUN discovery request via the firewall to the VCS Expressway, which has been configured as a STUN discovery server. Upon receipt of the message, the VCS Expressway responds to the client with information about the allocated NAT binding, i.e. the public IP address and the ports being used.
The client can then provide this information to other systems which may want to reach it, allowing it to be found even though it is not directly available on the public internet.
STUN Relay
The STUN Relay service (formerly known as TURN) allows a client to ask for data to be relayed to it from specific remote peers via the relay server and through a single connection between the client and the relay server.
How it works
A client behind a NAT firewall sends a STUN Allocate request to the VCS Expressway which is acting as the STUN relay server. The sending of this request opens a binding on the firewall. Upon receipt of the request, the VCS Expressway opens a public IP port on behalf of the client, and reports back to the client this IP address and port, as well as details of the firewall binding. The client can then provide this IP address and port to other systems which may want to reach it.
The client can restrict the remote address and ports from which the relay should forward on media. Any incoming calls to this IP address and port on the VCS server are relayed via the allocated binding on the NAT to the client.
About ICE
Currently, the most likely users of STUN services are ICE endpoints.
ICE (Interactive Connectivity Establishment) is a collaborative algorithm that works together with STUN services (and other NAT traversal techniques) to allow clients to achieve firewall traversal. The individual techniques on their own may allow traversal in certain network topologies but not others. Also some techniques maybe less efficient than others, involving extra hops (e.g. STUN Relay).
ICE involves the collecting of potential (candidate) points of contact (IP address and port combination) via each of the traversal techniques, the verification of
The endpoint will only be reachable if the firewall has the
RFC 4787 [13].
STUN Relays consume traversal call licences (three relays take one licence) but they do not actually pass through the traversal subzone.
Introduction | Getting Started |
| Overview and |
| System |
| VCS |
| Zones and |
| Call |
| Bandwidth | Firewall | Maintenance |
| Appendices |
| Status |
| Configuration |
| Configuration |
| Neighbors |
| Processing |
| Control | Traversal |
| ||||
|
|
|
|
|
|
|
|
|
|
| |||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
D14049.03 |
|
|
|
|
|
|
|
| 158 |
|
|
|
|
|
| ||
MAY 2008 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
