Misplaced Pages

STUN

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

STUN ( Session Traversal Utilities for NAT ; originally Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators ) is a standardized set of methods, including a network protocol, for traversal of network address translator (NAT) gateways in applications of real-time voice, video, messaging, and other interactive communications.

#991008

22-600: STUN is a tool used by other protocols, such as Interactive Connectivity Establishment (ICE), the Session Initiation Protocol (SIP), and WebRTC . It provides a tool for hosts to discover the presence of a network address translator, and to discover the mapped, usually public, Internet Protocol (IP) address and port number that the NAT has allocated for the application's User Datagram Protocol (UDP) flows to remote hosts. The protocol requires assistance from

44-506: A private network and maintain the state of each established connection to later direct responses from the peer on the public network to the peer in the private network, which would otherwise not be directly addressable. VoIP, peer-to-peer, and many other applications require address information of communicating peers within the data streams of the connection, rather than only in the Internet Protocol packet headers. For example,

66-733: A private network , sends a binding request to a STUN server on the public Internet. The STUN server responds with a success response that contains the IP address and port number of the client, as observed from the server's perspective. The result is obfuscated through exclusive or (XOR) mapping to avoid translation of the packet content by application layer gateways (ALGs) that perform deep packet inspection in an attempt to perform alternate NAT traversal methods. STUN messages are sent in User Datagram Protocol (UDP) packets. Since UDP does not provide reliable transport, reliability

88-417: A candidate for communicating with peers by sharing the external NAT address rather than the private address, which is not reachable from peers on the public network. If both communicating peers are located in different private networks, each behind a NAT, the peers must coordinate to determine the best communication path between them. Some NAT behavior may restrict peer connectivity even when the public binding

110-627: A central server would be slow and expensive, but direct communication between client applications on the Internet is very tricky due to network address translators (NATs), firewalls , and other network barriers. ICE is developed by the Internet Engineering Task Force MMUSIC working group and is published as RFC 8445, as of August 2018, and has obsolesced both RFC 5245 and RFC 4091. Network address translation (NAT) became an effective technique in delaying

132-574: A suitable STUN server for communications with a particular peer by querying the Domain Name System (DNS) for the stun (for UDP) or stuns (for TCP/TLS) server ( SRV ) resource record, e.g., _stun._udp.example.com. The standard listening port number for a STUN server is 3478 for UDP and TCP, and 5349 for TLS. Alternatively, TLS may also be run on the TCP port if the server implementation can de-multiplex TLS and STUN packets. In case no STUN server

154-465: A third-party network server (STUN server) located on the opposing (public) side of the NAT, usually the public Internet . STUN was first announced in RFC 3489; the title was changed in a specification of an updated set of methods published as RFC 5389, retaining the same acronym. STUN was first announced in RFC 3489. The original specification specified an algorithm to characterize NAT behavior according to

176-582: A third-party server to relay messages between two clients when direct media traffic between peers is not allowed by a firewall. Interactive Connectivity Establishment Interactive Connectivity Establishment ( ICE ) is a technique used in computer networking to find ways for two computers to talk to each other as directly as possible in peer-to-peer networking. This is most commonly used for interactive media such as Voice over Internet Protocol (VoIP), peer-to-peer communications, video, and instant messaging . In such applications, communicating through

198-566: Is achieved by application-controlled retransmissions of the STUN requests. STUN servers do not implement any reliability mechanism for their responses. When reliability is mandatory, the Transmission Control Protocol (TCP) may be used, but induces extra networking overhead. In security-sensitive applications, STUN may be transported and encrypted by Transport Layer Security (TLS). An application may automatically determine

220-445: Is developed by the Internet Engineering Task Force MMUSIC working group and is published as RFC 8445, as of August 2018, and has obsolesced both RFC 5245 and RFC 4091. Network address translation (NAT) became an effective technique in delaying the exhaustion of the available address pool of Internet Protocol version 4 , which is inherently limited to around four billion unique addresses. NAT gateways track outbound requests from

242-416: Is found using DNS lookups, the standard recommends that the destination domain name should be queried for address records (A or AAAA), which would be used with the default port numbers. In addition to using protocol encryption with TLS, STUN also has built-in authentication and message-integrity mechanisms via specialized STUN packet types. When a client has evaluated its external address, it can use this as

SECTION 10

#1732798085992

264-411: Is known. The Interactive Connectivity Establishment (ICE) protocol provides a structured mechanism to determine the optimal communication path between two peers. Session Initiation Protocol (SIP) extensions are defined to enable the use of ICE when setting up a call between two hosts. Network address translation is implemented via a number of different address and port mapping schemes, none of which

286-421: Is most commonly used for interactive media such as Voice over Internet Protocol (VoIP), peer-to-peer communications, video, and instant messaging . In such applications, communicating through a central server would be slow and expensive, but direct communication between client applications on the Internet is very tricky due to network address translators (NATs), firewalls , and other network barriers. ICE

308-475: Is standardized. STUN is not a self-contained NAT traversal solution applicable in all NAT deployment scenarios and does not work correctly with all of them. It is a tool among other methods and it is a tool for other protocols in dealing with NAT traversal, most notably Traversal Using Relay NAT (TURN) and Interactive Connectivity Establishment (ICE). STUN works with three types of NAT: full cone NAT , restricted cone NAT , and port restricted cone NAT . In

330-522: The Session Initiation Protocol (SIP) communicates the IP address of network clients for registration with a location service, so that telephone calls may be routed to registered clients. ICE provides a framework with which a communicating peer may discover and communicate its public IP address so that it can be reached by other peers. Session Traversal Utilities for NAT (STUN) is a standardized protocol for such address discovery including NAT classification. Traversal Using Relays around NAT (TURN) places

352-523: The exhaustion of the available address pool of Internet Protocol version 4 , which is inherently limited to around four billion unique addresses. NAT gateways track outbound requests from a private network and maintain the state of each established connection to later direct responses from the peer on the public network to the peer in the private network, which would otherwise not be directly addressable. VoIP, peer-to-peer, and many other applications require address information of communicating peers within

374-438: The address and port mapping behavior. This algorithm is not reliably successful and only applicable to a subset of NAT devices deployed. The algorithm consists of a series of tests to be performed by an application. When the path through the diagram ends in a red box, UDP communication is not possible and when the path ends in a yellow or green box, communication is possible. The methods of RFC 3489 proved too unreliable to cope with

396-400: The cases of restricted cone or port restricted cone NATs, the client must send out a packet to the endpoint before the NAT will allow packets from the endpoint through to the client. STUN does not work with symmetric NAT (also known as bi-directional NAT) which is often found in the networks of large companies. Since the IP address of the STUN server is different from that of the endpoint, in

418-495: The data streams of the connection, rather than only in the Internet Protocol packet headers. For example, the Session Initiation Protocol (SIP) communicates the IP address of network clients for registration with a location service, so that telephone calls may be routed to registered clients. ICE provides a framework with which a communicating peer may discover and communicate its public IP address so that it can be reached by other peers. Session Traversal Utilities for NAT (STUN)

440-517: The path between two endpoints of communication. It is implemented as a light-weight client–server protocol, requiring only simple query and response components with a third-party server located on the common, easily accessible network, typically the Internet . The client side is implemented in the user's communications application, such as a Voice over Internet Protocol (VoIP) phone or an instant messaging client. The basic protocol operates essentially as follows: The client, typically operating inside

462-493: The plethora of different NAT implementations and application scenarios encountered in production networks. The STUN protocol and method were updated in RFC 5389, retaining many of the original specifications as a subset of methods, but removing others. The title was changed in a specification of an updated set of methods published as RFC 5389, retaining the same acronym. STUN is a tool for communications protocols to detect and traverse network address translators that are located in

SECTION 20

#1732798085992

484-405: The symmetric NAT case, the NAT mapping will be different for the STUN server than for an endpoint. TURN offers better results with symmetric NAT. Interactive Connectivity Establishment Interactive Connectivity Establishment ( ICE ) is a technique used in computer networking to find ways for two computers to talk to each other as directly as possible in peer-to-peer networking. This

#991008