141
D14049.05
February 2009
Grey Headline
(continued)
TANDBERG
VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
Introduction
Getting started
Overview and
status
System
configuration
VCS
configuration
Zones and
neighbors
Call
processing
Bandwidth
control
Firewall
traversal
Appendices
Applications
Maintenance
Configuring the VCS as a traversal server
STUN services
About STUN
STUN is a network protocol that enables a SIP
or H.323 client to communicate via UDP or TCP
from behind a NAT firewall.
The VCS Expressway can be configured to
provide two types of STUN services to traversal
clients. These services are STUN Binding
Discovery and STUN Relay. Currently the VCS
supports STUN over UDP only.
For detailed information on the base
STUN protocol and the Binding Discovery
service, refer to
Session Traversal
Utilities for (NAT) (STUN) [11]
.
For detailed information on the STUN Relay
service, refer to
Obtaining Relay Addresses from
Simple Traversal Underneath NAT (STUN) [12]
.
About ICE
Currently, the most likely users of STUN
services are ICE endpoints.
ICE (Interactive Connectivity Establishment) is
a collaborative algorithm that works together
with STUN services (and other NAT traversal
techniques) to allow clients to achieve firewall
traversal. The individual techniques on their
own may allow traversal in certain network
topologies but not others. Also some techniques
maybe less efficient than others, involving extra
hops (e.g. STUN Relay).
ICE involves the collecting of potential
(candidate) points of contact (IP address and
port combination) via each of the traversal
techniques, the verification of peer-to-peer
connectivity via each of these points of contact
and then the selection of the “best” successful
candidate point of contact to use.
STUN Binding Discovery
The STUN Binding Discovery service provides
information back to the client about the binding
allocated by the NAT firewall being traversed.
How it works
A client behind a NAT firewall sends a STUN
discovery request via the firewall to the VCS
Expressway, which has been configured as a
STUN discovery server. Upon receipt of the
message, the VCS Expressway responds to the
client with information about the allocated NAT
binding, i.e. the public IP address and the ports
being used.
The client can then provide this information
to other systems which may want to reach it,
allowing it to be found even though it is not
directly available on the public internet.
The endpoint will only be reachable if the
firewall has the Endpoint-Independent
Mapping behavior as described in
RFC 4787 [13]
.
STUN Relay
The STUN Relay service (formerly known as
TURN) allows a client to ask for data to be
relayed to it from specific remote peers via the
relay server and through a single connection
between the client and the relay server.
How it works
A client behind a NAT firewall sends a STUN
Allocate request to the VCS Expressway
which is acting as the STUN relay server. The
sending of this request opens a binding on the
firewall. Upon receipt of the request, the VCS
Expressway opens a public IP port on behalf of
the client, and reports back to the client this
IP address and port, as well as details of the
firewall binding. The client can then provide this
IP address and port to other systems which may
want to reach it.
The client can restrict the remote address and
ports from which the relay should forward on
media. Any incoming calls to this IP address
and port on the VCS server are relayed via the
allocated binding on the NAT to the client.
STUN Relays consume traversal call
licences (three relays take one licence)
but they do not actually pass through
the traversal subzone.
Configuring STUN services
To configure the STUN Binding Discovery and
STUN Relay services:
VCS configuration > Expressway > STUN.
•
You will be taken to the
STUN
page.
xConfiguration Traversal Server
•
STU
N
The options are:
STUN Discovery Mode
Determines whether the VCS Expressway will
offer STUN Discovery services to traversal
clients.
STUN Discovery Port
Specifies the port on the VCS Expressway on
which it will be listening for STUN Discovery
requests.
STUN Relay Mode
Determines whether the VCS Expressway will
offer STUN Relay services to traversal clients.
STUN Relay Port
Specifies the port on the VCS Expressway on
which it will be listening for STUN relay requests.
STUN Relay Media port range start
Specifies the lower port in the range to be used
for STUN media relay.
STUN Relay Media port range end
Specifies the upper port in the range to be used
for STUN media relay.