Understanding SFU's, TURN servers in WebRTC

左心房为你撑大大i 提交于 2020-06-25 05:48:06

问题


If I am building a WebRTC app and using a Selective Forwarding Unit media server, does this mean that I will have no need for STUN / TURN servers?

From what I understand, STUN servers are used for clients to discover their public IP / port, and TURN servers are used to relay data between clients when they are unable to connect directly to each other via STUN.

My question is, if I deploy my SFU media server with a public address, does this eliminate the need for STUN and TURN servers? Since data will always be relayed through the SFU and the clients / peers will never actually talk to each other directly?

However, I noticed that the installation guide for Kurento (a popular media server with SFU functionality) contains a section about configuring STUN or TURN servers. Why would STUN or TURN servers be necessary?


回答1:


You should still use a TURN server when running an SFU. To understand diving into ICE a little bit will help. All SFUs work a little differently, but this is true for most.

  • For each PeerConnection the SFU will listen on a random UDP (and sometimes TCP port)
  • This IP/Port combination is giving to each peer who then attempts to contact the SFU.
  • The SFU then checks the incoming packets if they contain a valid hash (determined by upwd). This ensures there is no attacker connecting to this port.

A TURN server works by

  • Provides a single allocation port that peers can connect to. You can use UDP, DTLS, TCP or TLS. You need a valid username/password.
  • Once authenticated you send packets via this connection and the TURN server relays them for you.
  • The TURN server will then listen on a random port so that others can then send stuff back to the Peer.

So a TURN server has a few nice things that an SFU doesn't

  • You only have to listen on a single public port. If you are communicating with a service not on the internet you can just have your clients only connect to the allocation
  • You can also make your service available via UDP, DTLS, TCP and TLS. Most ICE implementations only support UDP.

These two factors are really important in government/hospital situations. You have networks that only allow TLS traffic over port 443. So a TURN server is your only solution (you run your allocation on TLS 443)

So you need to design your system to your needs. But IMO you should always run a well configured TURN server in real world environments.



来源:https://stackoverflow.com/questions/61287054/understanding-sfus-turn-servers-in-webrtc

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!