STUN is a protocol that is designed to overcome barriers in communication that are introduced by NAT.
STUN protocol enables devices that are behind a NAT to discover their own public IP address and port number.
The devices communicate with a STUN server that is on the internet, and the STUN server provides this information to the client device
The device can then share this information with another device or devices on the Internet with which it wants to communicate
This allows external devices to communicate with each other directly, effectively traversing the NAT
STUN is important in facilitating peer-to-peer communication in real time.
If you want to know more about what is a STUN server, then you can refer to our article: Stun Server: What is Session Traversal Utilities for NAT?
Explanation of Network Address Translation (NAT) and its widespread use.
Routers map multiple private IP addresses to a single IP public IP address using a technique called NAT or Network Address Translation
This allows multiple devices that are on the local network to connect to the internet using a single public IP.
Thus conserving the limited number of IPv4 addresses.
NAT become widespread due to exponential growth in devices that were connected to the internet and there was a delay in adopting IPv6 which offers a larger address space.
Issues Introduced by NAT in peer-to-peer communication
NAT blocks direct communication between devices by blocking inbound traffic, altering the port mappings and hiding the public IP address from the devices that are behind the NAT
Thus overcoming barriers created by NAT is important for enabling direct communication between devices that are on different networks across the internet
NAT transversal solutions like STUN protocol allow devices to discover their own public IP address and negotiate connections through NAT routers
Many times STUN servers are not enough for NAT traversal and you need to fallback on TURN servers
If you are implementing one to one communication and need a reliable STUN and TURN servers then you can consider
Open Relay Project: Free TURN / STUN servers
Metered.ca TURN servers: Premium TURN servers with global reach
Services like VoIP and Video conferencing require STUN and TURN servers.
STUN or Session Traversal Utilities for NAT is a standardized protocol that is defined in the RFC 5389 that enables devices that are behind a NAT or firewall to discover their own public IP address and PORT number
STUN also lets devices and applications discover what kind of NAT they are behind and obtain the necessary information to establish a direct communication channel with other devices on the internet
The core functionalities of STUN include:
Public IP address discovery: STUN allows a client device to learn its public IP address
Port Mapping: STUN helps the client device know what port number it has been assigned by the NAT device
NAT type detection: The STUN server helps client device know what kind of NAT device it is behind. NAT types include full cone NAT, restricted cone NAT, symmetric NAT etc
Facilitating Peer-to-Peer Communication: Thus the STUN server facilitates peer-to-peer communication between devices
How STUN helps devices to Discover their own Public IP Address and Port number
When a client device sends a request to the STUN server, which is on the internet. The STUN server can see the public IP address and port number from which the request is coming from.
The STUN server then sends this information back to the client. This is how the STUN server helps devices discover their own public IP and port number that is assigned to them by the NAT router.
The process enables the client to
Learn its public endpoint: Understand how other devices see it on the internet
Share correction details with peers: Once the client device gets the details from the STUN server, it can then share it with other devices on the internet with which it wants to start communication
Adapt NAT behaviour: Adjust strategies on how to traverse the NAT based on what type of NAT the client device is behind
Client Initiation
STUN server reception
Binding response
Client receipt
NAT type discovery (optional):
Establishing communication
STUN vs other NAT Traversal Methods
STUN ( Session Traversal Utilities for NAT)
TURN (Traversal Using Relays around NAT)
ICE (Interactive Connectivity Establishment)
Operation
Advantages: Maximizes the chances of establishing a connection while optimizing for best performance
Use STUN alone when
Use STUN TURN and ICE when
Performance
Kerumitan:
Kadar Kejayaan:
Port UDP dan TCP yang biasa digunakan ialah 3478 dan 5349
Protokol STUN menggunakan port rangkaian khusus untuk berkomunikasi antara pelanggan dan pelayan STUN
Pelabuhan UDP
Pelabuhan TCP
Port ganti
Pertimbangan Keselamatan dengan penggunaan Port
Pendedahan kepada pengimbasan port
Tatarajah Firewall
Trafik masuk
Trafik keluar:
Menggunakan Penyulitan
Kemas Kini dan tampalan Biasa: Apabila anda menjalankan pelayan STUN/TURN anda sendiri, anda perlu mengemas kininya secara kerap dan menampalnya untuk keselamatan.
Log dan pemantauan: Sentiasa log dan pantau pelayan STUN dan TURN jika anda menjalankan pelayan STUN/TURN anda sendiri untuk kelemahan keselamatan
Pelayan TURN/STUN bermeter: Menawarkan perkhidmatan STUN dan TURN Global, boleh skala, terurus dan TURN dengan API
Pelayan STUN Awam Google: Google menawarkan senarai pelayan STUN percuma, anda boleh mendapatkan senarai pelayan Google STUN
Pelayan TURN / STUN Relay Terbuka: Pelayan TURN percuma untuk orang ramai
Pelayan Coturn STUN / TURN: Anda boleh menjalankan pelayan giliran anda sendiri dengan kapas projek sumber terbuka. Berikut ialah panduan tentang : Bagaimana untuk menyediakan dan mengkonfigurasi pelayan TURN menggunakan coTURN?
Pelayan AWS TURN: Anda juga boleh menjalankan coturn pada AWS: Berikut ialah panduan mengenainya: Pelayan AWS TURN: Dalam 7 Langkah Mudah
Pelayan Azure TURN: Anda juga boleh menjalankan pelayan TURN pada Azure. Berikut ialah panduan mengenainya: Pelayan Azure TURN: Panduan Langkah demi Langkah.
TURN kos pelayan: berikut ialah panduan tentang potensi kos dan pertimbangan apabila menjalankan pelayan TURN anda sendiri: TURN Kos Pelayan: Panduan Lengkap
Pelayan TURN bermeter
API: HIDUPKAN pengurusan pelayan dengan API berkuasa. Anda boleh melakukan perkara seperti Tambah/Alih keluar bukti kelayakan melalui API, Dapatkan Setiap Pengguna / Bukti kelayakan dan metrik Pengguna melalui API, Dayakan/ Lumpuhkan bukti kelayakan melalui API, Dapatkan semula data Penggunaan mengikut tarikh melalui API.
Penyasaran Geo-Lokasi Global: Menghalakan trafik ke pelayan terdekat secara automatik, untuk kependaman serendah mungkin dan prestasi kualiti tertinggi. kependaman kurang daripada 50 ms di mana-mana sahaja di seluruh dunia
Pelayan di semua Wilayah di dunia: Toronto, Miami, San Francisco, Amsterdam, London, Frankfurt, Bangalore, Singapura, Sydney, Seoul, Dallas, New York
Kependaman Rendah: kurang daripada 50 ms kependaman, di mana-mana sahaja di seluruh dunia.
Kos Efektif: harga bayar semasa anda pergi dengan lebar jalur dan diskaun volum tersedia.
Pentadbiran Mudah: Dapatkan log penggunaan, e-mel apabila akaun mencapai had ambang, rekod pengebilan dan sokongan e-mel serta telefon.
Patuh Standard: Mematuhi RFC 5389, 5769, 5780, 5766, 6062, 6156, 5245, 5768, 6336, 59244, TLS dan TLS. 🎜>
Berbilang‑Penyewaan: Buat berbilang bukti kelayakan dan asingkan penggunaan mengikut pelanggan atau apl yang berbeza. Dapatkan log Penggunaan, rekod pengebilan dan makluman ambang.
Kebolehpercayaan Perusahaan: 99.999% Masa Beroperasi dengan SLA.
Skala Perusahaan: Tanpa had pada trafik serentak atau jumlah trafik. Pelayan TURN Bermeter menyediakan Kebolehskalaan Perusahaan
5 GB/bln Percuma: Dapatkan 5 GB penggunaan pelayan TURN percuma setiap bulan dengan Pelan Percuma
The above is the detailed content of Stun Protocol, Port and Traffic. For more information, please follow other related articles on the PHP Chinese website!