Traversal Using Relay NAT
Encyclopedia
Traversal Using Relays around NAT (TURN) is a protocol
that allows for an element behind a Network address translator (NAT) or firewall to receive incoming data over TCP
or UDP
connections. It is most useful for elements behind symmetric NATs or firewalls that wish to be on the receiving end of a connection to a single peer. TURN does not allow for users to run server
s on well known ports if they are behind a NAT; it supports the connection of a user behind a NAT to only a single peer
. In that regard, its role is to provide the same security functions provided by symmetric NATs and firewalls, but to turn the tables so that the element on the inside can be on the receiving end, rather than the sending end, of a connection that is requested by the client.
TURN is specified by RFC 5766. An update to TURN for IPv6
is specified in RFC 6156.
Session Traversal Utilities for NAT (STUN) provides one means for an application to traverse a NAT. STUN allows a client to obtain a transport address (an IP address and port) which may be useful for receiving packets from a peer. However, addresses obtained by STUN may not be usable by all peers. Those addresses work depending on the topological conditions of the network. Therefore, STUN by itself cannot provide a complete solution for NAT traversal.
A complete solution requires a means by which a client can obtain a transport address from which it can receive media from any peer which can send packets to the public Internet. This can only be accomplished by relaying data through a server that resides on the public Internet. This specification describes Traversal Using Relay NAT (TURN), a protocol that allows a client to obtain IP addresses and ports from such a relay.
Although TURN will almost always provide connectivity to a client, it comes at high cost to the provider of the TURN server. It is therefore desirable to use TURN as a last resort only, preferring other mechanisms (such as STUN or direct connectivity) when possible. To accomplish that, the Interactive Connectivity Establishment
(ICE) methodology can be used to discover the optimal means of connectivity.
Communications protocol
A communications protocol is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications...
that allows for an element behind a Network address translator (NAT) or firewall to receive incoming data over TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
or UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
connections. It is most useful for elements behind symmetric NATs or firewalls that wish to be on the receiving end of a connection to a single peer. TURN does not allow for users to run server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
s on well known ports if they are behind a NAT; it supports the connection of a user behind a NAT to only a single peer
Peer-to-peer
Peer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads among peers. Peers are equally privileged, equipotent participants in the application...
. In that regard, its role is to provide the same security functions provided by symmetric NATs and firewalls, but to turn the tables so that the element on the inside can be on the receiving end, rather than the sending end, of a connection that is requested by the client.
TURN is specified by RFC 5766. An update to TURN for IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
is specified in RFC 6156.
Introduction
NATs, while providing many benefits, also come with many drawbacks. The most troublesome of those drawbacks is the fact that they break many existing IP applications, and make it difficult to deploy new ones. Guidelines have been developed that describe how to build "NAT friendly" protocols, but many protocols simply cannot be constructed according to those guidelines. Examples of such protocols include multimedia applications and file sharing.Session Traversal Utilities for NAT (STUN) provides one means for an application to traverse a NAT. STUN allows a client to obtain a transport address (an IP address and port) which may be useful for receiving packets from a peer. However, addresses obtained by STUN may not be usable by all peers. Those addresses work depending on the topological conditions of the network. Therefore, STUN by itself cannot provide a complete solution for NAT traversal.
A complete solution requires a means by which a client can obtain a transport address from which it can receive media from any peer which can send packets to the public Internet. This can only be accomplished by relaying data through a server that resides on the public Internet. This specification describes Traversal Using Relay NAT (TURN), a protocol that allows a client to obtain IP addresses and ports from such a relay.
Although TURN will almost always provide connectivity to a client, it comes at high cost to the provider of the TURN server. It is therefore desirable to use TURN as a last resort only, preferring other mechanisms (such as STUN or direct connectivity) when possible. To accomplish that, the Interactive Connectivity Establishment
Interactive Connectivity Establishment
Interactive Connectivity Establishment is a technique used in computer networking involving network address translators in Internet applications of Voice over Internet Protocol , peer-to-peer communications, video, instant messaging and other interactive media...
(ICE) methodology can be used to discover the optimal means of connectivity.
See also
- Session Traversal Utilities for NATSTUNSTUN is a standardized set of methods, including a network protocol, used in NAT traversal for applications of real-time voice, video, messaging, and other interactive IP communications....
(STUN) - Interactive Connectivity EstablishmentInteractive Connectivity EstablishmentInteractive Connectivity Establishment is a technique used in computer networking involving network address translators in Internet applications of Voice over Internet Protocol , peer-to-peer communications, video, instant messaging and other interactive media...
(ICE)
External links
- Traversal Using Relays around NAT (TURN): RFC5766
- Traversal Using Relays around NAT (TURN) Extension for IPv6: RFC5766
- Yahoo! - Director of Engineering explaining STUN and TURN (Video)
Implementations
- Restund OpenSource Modular STUN/TURN Server (BSD License)
- Numb is a free STUN/TURN server.
- TurnServer - OpenSource TURN server.
- reTurn - opensource STUN/TURN server and client library (C++)
- AnyFirewall - STUN, TURN & ICE library.