Cisco Cisco Expressway Maintenance Manual
About ICE and TURN services
About ICE
ICE (Interactive Connectivity Establishment) provides a mechanism for SIP client NAT traversal. ICE is not
a protocol, but a framework which pulls together a number of different techniques such as TURN and STUN.
a protocol, but a framework which pulls together a number of different techniques such as TURN and STUN.
It allows endpoints (clients) residing behind NAT devices to discover paths through which they can pass
media, verify peer-to-peer connectivity via each of these paths and then select the optimum media
connection path. The available paths typically depend on any inbound and outbound connection restrictions
that have been configured on the NAT device. Such behavior is described in
media, verify peer-to-peer connectivity via each of these paths and then select the optimum media
connection path. The available paths typically depend on any inbound and outbound connection restrictions
that have been configured on the NAT device. Such behavior is described in
An example usage of ICE is two home workers communicating via the internet. If the two endpoints can
communicate via ICE the Expressway-E may (depending on how the NAT devices are configured) only need
to take the signaling and not take the media. If the initiating ICE client attempts to call a non-ICE client, the
call set-up process reverts to a conventional SIP call requiring NAT traversal via media latching where the
Expressway also takes the media.
communicate via ICE the Expressway-E may (depending on how the NAT devices are configured) only need
to take the signaling and not take the media. If the initiating ICE client attempts to call a non-ICE client, the
call set-up process reverts to a conventional SIP call requiring NAT traversal via media latching where the
Expressway also takes the media.
About TURN
TURN (Traversal Using Relays around NAT) services are relay extensions to the STUN network protocol
that enable a SIP or H.323 client to communicate via UDP or TCP from behind a NAT device. Currently the
Expressway supports TURN over UDP only.
that enable a SIP or H.323 client to communicate via UDP or TCP from behind a NAT device. Currently the
Expressway supports TURN over UDP only.
, and for detailed information about the base STUN
.
Each ICE client requests the TURN server to allocate relays for the media components of the call. A relay is
required for each component in the media stream between each client.
required for each component in the media stream between each client.
After the relays are allocated, each ICE client has 3 potential connection paths (addresses) through which it
can send and receive media:
can send and receive media:
n
its host address which is behind the NAT device (and thus not reachable from endpoints on the other side
of the NAT)
of the NAT)
n
its publicly-accessible address on the NAT device
n
a relay address on the TURN server
The endpoints then decide, by performing connectivity checks through ICE, how they are going to
communicate. Depending upon how the NAT devices are configured, the endpoints may be able to
communicate between their public-facing addresses on the NAT devices or they may have to relay the media
via the TURN server. If both endpoints are behind the same NAT device they can send media directly
between themselves using their internal host addresses.
communicate. Depending upon how the NAT devices are configured, the endpoints may be able to
communicate between their public-facing addresses on the NAT devices or they may have to relay the media
via the TURN server. If both endpoints are behind the same NAT device they can send media directly
between themselves using their internal host addresses.
After the media route has been selected, the TURN relay allocations are released if the chosen connection
paths do not involve routing via the TURN server. Note that the signaling always goes via the Expressway,
regardless of the final media communication path chosen by the endpoints.
paths do not involve routing via the TURN server. Note that the signaling always goes via the Expressway,
regardless of the final media communication path chosen by the endpoints.
Cisco Expressway Administrator Guide (X8.1)
Page 49 of 344
Firewall traversal
About ICE and TURN services