Table of Contents
Advertisement
Grey Headline (continued)
Configuring the VCS as a TURN server
About ICE
ICE (Interactive Connectivity Establishment)
provides a mechanism for SIP client NAT
traversal. ICE is not a protocol, but a framework
which pulls together a number of different
techniques such as TURN and STUN.
It allows endpoints (clients) residing behind NAT
devices to discover paths through which they
can pass media, verify peer-to-peer connectivity
via each of these paths and then select the
optimum media connection path. The available
paths typically depend on any inbound and
outbound connection restrictions that have been
configured on the NAT device. Such behavior is
described in
RFC 4787
[13].
An example usage of ICE is two home workers
communicating via the internet. If the two
endpoints can communicate via ICE the VCS
Expressway may (depending on how the NAT
devices are configured) only need to take
the signaling and not take the media (and is
therefore a non-traversal call). If the initiating
ICE client attempts to call a non-ICE client, the
call set-up process reverts to a conventional SIP
call requiring NAT traversal via media latching
where the VCS also takes the media and thus
requires a traversal licence.
About TURN
TURN (Traversal Using Relays around NAT)
services are relay extensions to the STUN
network protocol that enable a SIP or H.323
client to communicate via UDP or TCP from
behind a NAT device. Currently the VCS supports
TURN over UDP only.
For detailed information on the base
STUN protocol, refer to
Session
Traversal Utilities for (NAT) (STUN)
Overview and
System
Introduction
status
configuration
D14049.07
March 2010
TURN relay server
The VCS Expressway's TURN relay server can be
configured to provide TURN services to traversal
clients.
How TURN is used by an ICE client
Each ICE client requests the TURN server to
allocate relays for the media components of the
call. A relay is required for each component in
the media stream between each client.
After the relays are allocated, each ICE client
has 3 potential connection paths (addresses)
through which it can send and receive media:
•
its host address which is behind the
NAT device (and thus not reachable from
endpoints on the other side of the NAT)
•
its publicly-accessible address on the NAT
device
•
a relay address on the TURN server
The endpoints then decide, by performing
connectivity checks through ICE, how they are
going to communicate. Depending upon how
the NAT devices are configured, the endpoints
may be able to communicate between their
public-facing addresses on the NAT devices
or they may have to relay the media via the
TURN server. If both endpoints are behind the
same NAT device they can send media directly
between themselves using their internal host
addresses.
After the media route has been selected the
TURN relay allocations are released if the
chosen connection paths do not involve routing
via the TURN server. Note that the signaling
always goes via the VCS, regardless of the
final media communication path chosen by the
endpoints.
[11].
VCS
Zones and
configuration
neighbors
TURN services
Capabilities and limitations
•
The VCS supports up to 70 relay allocations.
This is typically enough to support 5 calls but
does depend on the network topology and
the number of media stream components
used for the call (for example, some calls
may use Duo Video, or other calls might be
audio only).
•
Clustered VCSs: if the requested TURN
server's relays are fully allocated the server
will respond to the requesting client with the
details of an alternative server in the cluster
(the TURN server currently with the most
available resources).
•
The VCS's TURN services are supported over
single and dual network interfaces. For dual
network interfaces, relays are allocated on
the VCS's externally facing LAN interface.
•
ICE calls can only be made between devices
registered to the VCS's Local Zone.
•
Microsoft ICE (which is not standards-based)
is not supported.
•
The TURN server does not support bandwidth
requests. (Note that traversal zone bandwidth
limits do not apply.)
TURN relay status information
The
TURN relays
page (Status > TURN relays)
lists all the currently active TURN relays on the
VCS.
You can also review further details of each
TURN relay including permissions, channel
bindings and counters.
For detailed information on the TURN
relay service, refer to
Relays around NAT (TURN)
Clustering and
Call
Bandwidth
peers
processing
control
138
TANDBERG
VIDEO COMMUNICATION SERVER
Configuring TURN services
TURN relay services are only available on a
VCS Expressway. To use TURN services you
also need the TURN Relay option key (this
controls the number of TURN relays that can be
simultaneously allocated by the VCS).
To configure the VCS's TURN services:
•
VCS configuration > Expressway > TURN
You are taken to the TURN page.
xConfiguration Traversal Server
•
TURN
The configurable options are:
TURN services
Determines whether the VCS offers TURN
services to traversal clients.
Port
The listening port for TURN requests. The
default is 3478.
Authentication realm
The realm sent by the server in its
authentication challenges.
Ensure the client's credentials are
stored in the
database.
Media port range start / end
The lower and upper port in the range used for
the allocation of TURN relays.
Traversal Using
[12].
Firewall
Applications
Maintenance
traversal
ADMINISTRATOR GUIDE
device authentication
Appendices
Advertisement
Table of Contents
