NAT, STUN, TURN and ICE

In networking while building a p2p application, you might have heard about NAT, STUN , TURN and ICE. So what exactly are these? Let’s look into them with the help of an analogy.

Let’s start by the definition first:
NAT: Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

STUN: (Session Traversal Utilities for NAT; originally Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators) is a standardized set of methods, including a network protocol, for traversal of network address translator (NAT) gateways in applications of real-time voice, video, messaging, and other interactive communications.

TURN: Traversal Using Relays around NAT (TURN) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications. It may be used with the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). It is most useful for clients on networks masqueraded by symmetric NAT devices. TURN does not aid in running servers on well known ports in the private network through a NAT; it supports the connection of a user behind a NAT to only a single peer, as in telephony, for example.

ICE: Interactive Connectivity Establishment (ICE) is a technique used in computer networking to find ways for two computers to talk to each other as directly as possible in peer-to-peer networking. This is most commonly used for interactive media such as Voice over Internet Protocol (VoIP), peer-to-peer communications, video, and instant messaging.

These are the wiki definitions and one do not understands much in them. So let me try to explain what are these.

So first of all the basic use case is that we need 2 parties to talk to each other with as less resource utilization as possible and also latency should be as minimal. Let’s say client1 wants to video call client2. The basic thing that one needs to enable 2 systems to talk to each other is a connection between them over the internet. One way to do this is by adding a server in the middle of 2 clients and letting them connect to the server. The server takes in data from client1 and sends it to client2.
If we were to do this, we need the server to be as close as possible to both the clients to reduce the latency. We can do this by adding multiple servers in different locations but that would cost a lot and also the resource needed to transfer data between 2 clients is heavy. Now let’s assume we have a way to connect the 2 devices to each other (the way will be discussed later). now the data that is being transferred does not have to jump between multiple locations so latency is less also the resource utilization will be relatively less.

Now let’s talk about the basic protocols that are available to use for communication. i.e. TCP and UDP.

TCP (Transmission control protocol) provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network.

UDP (user datagram protocol) is a high-performance data transfer protocol designed for transferring large volumetric datasets over high-speed wide area networks. It is suitable for purposes where error checking and correction are either not necessary or are performed in the application. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

From these 2 protocols, UDP will be better as we do not need every data buffer to reach destination. We are okay if some data buffers are missed i.e. some frames in the video call is missed.

So till now we have seen what we need. now let us see what all we need to establish a direct channel between 2 devices:

• Ip’s of both the parties
• Port number
• Open Sockets

Each device connected to internet have it’s IP address assigned and we need to share these addresses between 2 devices that are willing to share data. But there is 1 more caveat here, the devices that are connected to a NAT device or behind a firewall does not know it’s IP address and port

Let’s consider a scenario where two clients, client1 and client2, are behind NAT devices (routers). Client1 has its private IP address, let’s call it “IP1,” but it’s not aware of it. Similarly, client2 also has a private IP address, say “IP2.” These clients are connected to the internet through their respective NAT devices, each with its own public IP address, let’s call them “Public IP 1” and “Public IP 2.”

When client1 and client2 want to share data, they typically need to route their data through their NAT devices, acting as middlemen. However, if client1 and client2 were aware of their respective IP addresses, sharing data would be much simpler. This is where STUN (Session Traversal Utilities for NAT) servers come in handy.

STUN servers serve a simple yet crucial purpose: they provide clients with their own IP addresses and port numbers upon request. Client1, for instance, can send a request to the STUN server, which will respond with its private IP address and port number. Similarly, client2 can obtain its information from the STUN server as well, even if it’s behind a NAT device or firewall.

However, there are instances where STUN servers fail to fulfill this task effectively. In such cases, TURN (Traversal Using Relays around NAT) servers step in. TURN servers act as relays between two clients, allowing them to exchange data indirectly. While TURN servers operate similarly to traditional servers by receiving and transmitting data, they do so only between the connected clients, preserving their privacy. Nonetheless, when communication occurs via a TURN server, it is no longer a direct peer-to-peer connection.

In practice, STUN and TURN servers are often used together to ensure efficient data transmission between clients, such as from client1 to client2, even when they are behind NAT devices. This combined approach helps overcome various network limitations and ensures seamless communication.

STUN Server: In essence, a STUN server facilitates clients behind firewalls and NAT devices in establishing direct communication with other clients by providing them with their private IP address and port number.

TURN Server: Similarly, a TURN server operates by relaying data from point A to point B, enabling communication between clients, especially when direct peer-to-peer connections are not feasible due to network constraints or any other failures in STUN.

ICE Protocol: ICE (Interactive Connectivity Establishment) serves as a protocol orchestrating these connections. It empowers devices to explore various communication options (such as utilizing STUN or direct peer-to-peer connections) and selecting the most efficient one. ICE executes several essential functions, including gathering candidates, checking connectivity, negotiating, and ultimately establishing connections. This ensures optimal communication while minimizing reliance on intermediaries.

Let me give an analogy now,

Imagine Rahul and Simran are students in the 1st grade, and they want to talk to each other without involving any adults. Rahul needs to know where Simran sits in the classroom, and vice versa. However, being in the 1st grade, they might not remember their own desk numbers. So, they decide to ask their teacher for help, who then tells them their respective desk numbers. In this scenario, the teacher represents the STUN server, assisting Rahul and Simran in finding each other’s locations.

Now, let’s say Rahul and Simran prefer not to ask the teacher for help. Instead, they decide to exchange letters directly. To do this, they write letters to each other and hand them to the school’s postman, who delivers the letters between their desks. This postman acts like a TURN server, relaying messages between Rahul and Simran when direct communication isn’t possible.

In this setup, ICE (Interactive Connectivity Establishment) steps in to help Rahul and Simran establish a channel for communication. ICE coordinates the process, ensuring that Rahul and Simran can exchange messages efficiently, whether it’s through the teacher (STUN server), the postman (TURN server), or directly between themselves.