Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Firewall traversal
Cisco VCS Administrator Guide (X7.0)
Page 236 of 488
About ICE and TURN services
About ICE
ICE (Interactive Connectivity Establishment) provides a mechanism for SIP client NAT traversal. ICE is
not a protocol, but a framework which pulls together a number of different techniques such as TURN and
STUN.
not a protocol, but a framework which pulls together a number of different techniques such as TURN and
STUN.
It allows endpoints (clients) residing behind NAT devices to discover paths through which they can pass
media, verify peer-to-peer connectivity via each of these paths and then select the optimum media
connection path. The available paths typically depend on any inbound and outbound connection
restrictions that have been configured on the NAT device. Such behavior is described in RFC 4787 [
media, verify peer-to-peer connectivity via each of these paths and then select the optimum media
connection path. The available paths typically depend on any inbound and outbound connection
restrictions that have been configured on the NAT device. Such behavior is described in RFC 4787 [
].
An example usage of ICE is two home workers communicating via the internet. If the two endpoints can
communicate via ICE the VCS Expressway may (depending on how the NAT devices are configured)
only need to take the signaling and not take the media (and is therefore a non-traversal call). If the
initiating ICE client attempts to call a non-ICE client, the call set-up process reverts to a conventional
SIP call requiring NAT traversal via media latching where the VCS also takes the media and thus
requires a traversal license.
communicate via ICE the VCS Expressway may (depending on how the NAT devices are configured)
only need to take the signaling and not take the media (and is therefore a non-traversal call). If the
initiating ICE client attempts to call a non-ICE client, the call set-up process reverts to a conventional
SIP call requiring NAT traversal via media latching where the VCS also takes the media and thus
requires a traversal license.
For more information about ICE, refer to RFC 5245 [
].
About TURN
TURN (Traversal Using Relays around NAT) services are relay extensions to the STUN network
protocol that enable a SIP or H.323 client to communicate via UDP or TCP from behind a NAT device.
Currently the VCS supports TURN over UDP only.
protocol that enable a SIP or H.323 client to communicate via UDP or TCP from behind a NAT device.
Currently the VCS supports TURN over UDP only.
For more information about TURN refer to RFC 5766 [
], and for detailed information about the base
STUN protocol, refer to RFC 5389 [
].
TURN relay server
The VCS Expressway's TURN relay server can be configured to provide TURN services to traversal
clients (see
clients (see
).
How TURN is used by an ICE client
Each ICE client requests the TURN server to allocate relays for the media components of the call. A
relay is required for each component in the media stream between each client.
relay is required for each component in the media stream between each client.
After the relays are allocated, each ICE client has 3 potential connection paths (addresses) through
which it can send and receive media:
which it can send and receive media:
n
its host address which is behind the NAT device (and thus not reachable from endpoints on the other
side of the NAT)
side of the NAT)