Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Firewall traversal
About TURN
TURN (Traversal Using Relays around NAT) services are relay extensions to the STUN network
protocol that enable a SIP or H.323 client to communicate via UDP or TCP from behind a NAT device.
Currently the Cisco VCS supports TURN over UDP only.
protocol that enable a SIP or H.323 client to communicate via UDP or TCP from behind a NAT device.
Currently the Cisco VCS supports TURN over UDP only.
For more information about TURN refer to RFC 5766 [
], and for detailed information about the base
STUN protocol, refer to RFC 5389 [
].
TURN relay server
The Cisco VCS Expressway's TURN relay server can be configured to provide TURN services to
traversal clients (see
traversal clients (see
).
How TURN is used by an ICE client
Each ICE client requests the TURN server to allocate relays for the media components of the call. A
relay is required for each component in the media stream between each client.
relay is required for each component in the media stream between each client.
After the relays are allocated, each ICE client has 3 potential connection paths (addresses) through
which it can send and receive media:
which it can send and receive media:
n
its host address which is behind the NAT device (and thus not reachable from endpoints on the
other side of the NAT)
other side of the NAT)
n
its publicly-accessible address on the NAT device
n
a relay address on the TURN server
The endpoints then decide, by performing connectivity checks through ICE, how they are going to
communicate. Depending upon how the NAT devices are configured, the endpoints may be able to
communicate between their public-facing addresses on the NAT devices or they may have to relay the
media via the TURN server. If both endpoints are behind the same NAT device they can send media
directly between themselves using their internal host addresses.
communicate. Depending upon how the NAT devices are configured, the endpoints may be able to
communicate between their public-facing addresses on the NAT devices or they may have to relay the
media via the TURN server. If both endpoints are behind the same NAT device they can send media
directly between themselves using their internal host addresses.
After the media route has been selected the TURN relay allocations are released if the chosen
connection paths do not involve routing via the TURN server. Note that the signaling always goes via
the Cisco VCS, regardless of the final media communication path chosen by the endpoints.
connection paths do not involve routing via the TURN server. Note that the signaling always goes via
the Cisco VCS, regardless of the final media communication path chosen by the endpoints.
Capabilities and limitations
n
The Cisco VCS supports up to 1800 relay allocations. This is typically enough to support 100 calls
but does depend on the network topology and the number of media stream components used for the
call (for example, some calls may use Duo Video, or other calls might be audio only).
but does depend on the network topology and the number of media stream components used for the
call (for example, some calls may use Duo Video, or other calls might be audio only).
n
Clustered Cisco VCSs: if the requested TURN server's relays are fully allocated the server will
respond to the requesting client with the details of an alternative server in the cluster (the TURN
server currently with the most available resources).
respond to the requesting client with the details of an alternative server in the cluster (the TURN
server currently with the most available resources).
n
The Cisco VCS's TURN services are supported over single and dual network interfaces. For dual
network interfaces, relays are allocated on the Cisco VCS's externally facing LAN interface.
network interfaces, relays are allocated on the Cisco VCS's externally facing LAN interface.
n
ICE (Interactive Connectivity Establishment - a mechanism for SIP client NAT traversal) calls can
only be made between devices registered to the Cisco VCS's Local Zone.
only be made between devices registered to the Cisco VCS's Local Zone.
n
Microsoft ICE (which is not standards-based) is not supported.
n
The TURN server does not support bandwidth requests. (Note that traversal zone bandwidth limits
do not apply.)
do not apply.)
Configuring TURN services
TURN relay services are only available on a Cisco VCS Expressway. To use
you
also need the TURN Relay option key (this controls the number of TURN relays that can be
simultaneously allocated by the Cisco VCS).
simultaneously allocated by the Cisco VCS).
Cisco VCS Administrator Guide (X6)
Page 179 of 295