Filter
Top Products
158
D14049.03
MAY 2008
Grey Headline (continued)
TANDBERG VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
Introduction Getting Started
Overview and
Status
System
Conguration
VCS
Conguration
Zones and
Neighbors
Call
Processing
Bandwidth
Control
Firewall
Traversal
Maintenance Appendices
Conguring the VCS as a Traversal Server
About STUN
STUN is a network protocol that enables a SIP or H.323 client to
communicate via UDP or TCP from behind a NAT rewall.
The VCS Expressway can be congured to provide two types of
STUN services to traversal clients. These services are STUN
Binding Discovery and STUN Relay. Currently the VCS supports
STUN over UDP only.
STUN Services
STUN Relay
The STUN Relay service (formerly known as TURN) allows a client
to ask for data to be relayed to it from specic remote peers via
the relay server and through a single connection between the
client and the relay server.
How it works
A client behind a NAT rewall sends a STUN Allocate request to
the VCS Expressway which is acting as the STUN relay server.
The sending of this request opens a binding on the rewall. Upon
receipt of the request, the VCS Expressway opens a public IP
port on behalf of the client, and reports back to the client this IP
address and port, as well as details of the rewall binding. The
client can then provide this IP address and port to other systems
which may want to reach it.
The client can restrict the remote address and ports from which
the relay should forward on media. Any incoming calls to this IP
address and port on the VCS server are relayed via the allocated
binding on the NAT to the client.
STUN Binding Discovery
The STUN Binding Discovery service provides information back
to the client about the binding allocated by the NAT rewall being
traversed.
How it works
A client behind a NAT rewall sends a STUN discovery request
via the rewall to the VCS Expressway, which has been
congured as a STUN discovery server. Upon receipt of the
message, the VCS Expressway responds to the client with
information about the allocated NAT binding, i.e. the public IP
address and the ports being used.
The client can then provide this information to other systems
which may want to reach it, allowing it to be found even though it
is not directly available on the public internet.
The endpoint will only be reachable if the rewall has the
Endpoint-Independent Mapping behavior as described in
RFC 4787 [13].
About ICE
Currently, the most likely users of STUN services are ICE
endpoints.
ICE (Interactive Connectivity Establishment) is a collaborative
algorithm that works together with STUN services (and other
NAT traversal techniques) to allow clients to achieve rewall
traversal. The individual techniques on their own may allow
traversal in certain network topologies but not others. Also some
techniques maybe less efcient than others, involving extra
hops (e.g. STUN Relay).
ICE involves the collecting of potential (candidate) points of
contact (IP address and port combination) via each of the
traversal techniques, the verication of peer-to-peer connectivity
via each of these points of contact and then the selection of the
“best” successful candidate point of contact to use.
For detailed information on the base STUN protocol and
the Binding Discovery service, refer to Session Traversal
Utilities for (NAT) (STUN) [11].
For detailed information on the STUN Relay service, refer to
Obtaining Relay Addresses from Simple Traversal Underneath
NAT (STUN) [12].
STUN Relays consume traversal call licences (three
relays take one licence) but they do not actually pass
through the traversal subzone.