WebRTC 的靈魂 — STUN/TURN server

還是從 P2P 開始，傳統上 webRTC 連線是透過一個 signal server 來交換 IP 的，那實際背後的過程是什麼，最近稍微有點心得，紀錄一下。

2 min readAug 20, 2019

目的：Client A 欲與 Client B 連線

那實際上是這樣，雙方都不知道自己的 public IP /port for transportation 是什麼。這時候就需要一個叫做 STUN server 的東西，用來告知我，我的 public IP 跟 port 是什麼。

解釋一下 NAT …

假設你連線的 LAN 有 5 台電腦對外連線
各自有一個對內的 private IP (01, 02, 03, 04, 05 是你)
對外是 222.222.222.222 (port 99, 98, 97, 96, 95)
所以假如有人對 222.222.222.222:95 發送 request， NAT 就會對應到 05 轉送給你

過程像是這樣

Before Pending Request Process for Connection (補圖)

Client A propose a request to STUN server
STUN get client A ‘s public IP / port and respond to Client A
Client A told webRTC signal server that he wanted to connect Client B
Signal server informed Client B the connection request from Client A (public IP / port included)
Client B repeat step 1–2 get its own IP address information
Signal server respond information to Client A

Now they both use its own IP address information to connect each other, no signal server business included.

上述是一個連線的完成。看似無害也很易懂。（大概啦）

多數情況下，據某個網站指出 STUN 有 86% 的成功率，但現在published的網站掛了，我 REF 也沒用了，所以直接省略，反正這裡我們要知道的就是還是有機會掛點無法連線，但這是為什麼呢？

都是因為 NAT～～

在某些特定的 NAT type 底下，STUN server的運作會沒有意義，為什麼？

Distinctive IP address/ port for each connection between clients.

我們在重新審視一下剛剛透過 STUN server 交換IP information的過程，很容易可以發現，STUN server 回應給我的 IP 資訊，在Symmetric NAT的限制下只限於我與server 間的連線，若有其他Client透過這組 IP 資訊與我連線，會在 NAT 被擋下，無法順利建立連線。

That’s why we need TURN server

以下轉自 WebRTC in the real world: STUN, TURN and signaling

Session Traversal Utilities for NAT

(STUN) is a standardized protocol for such address discovery including NAT classification. Traversal Using Relays around NAT (TURN) places a third-party server to relay messages between two clients when direct media traffic between peers is not allowed by a firewall.

TURN server

TURN servers have public addresses, so they can be contacted by peers even if the peers are behind firewalls or proxies. TURN servers have a conceptually simple task — to relay a stream — but, unlike STUN servers, they inherently consume a lot of bandwidth. In other words, TURN servers need to be beefier