TURN: Traversal Using Relay NAT
The presence of a NAT presents problems for Voice over IP implementations. Consider this example using the SIP protocol. A SIP device with user Bob sits behind a NAT and wants to register its location with a SIP registrar located on the public Internet. The SIP device has a non-routable Private IP address 192.168.0.10. The SIP device registers its location with the registrar as sip:firstname.lastname@example.org:5060. This tells the registrar that Bob can be reached at the IP address 192.168.0.10 at port 5060 (the default SIP port). This private IP address is meaningless to a device on the public Internet and the registrar would not know how to reach Bob. A second example involves problems in sending RTP media. Alice calls Bob and Alice’s invite contains SDP with her local IP address 10.1.1.10 and media port 1234. Bob accepts Alice’s invite with his SDP containing his local IP address 192.168.0.10 and media port 1234. Both of these IP addresses are meaningless outside the scope of each individual’s private local network and neither party will receive the other’s RTP packets.
TURN is another protocol that was created to work around the problems presented by NATs. TURN is also a client-server protocol. The TURN protocol utilizes a TURN server to relay data from a client to any number of peers. A TURN client first sends a message to a TURN server to allocate an IP address and port on the TURN server that the client can use to communicate with peers. Once the allocation has succeeded, the client will use this IP address and port as its SIP URI in registrations and as its media address and port in its SDP. All data meant for the client’s peer is then encapsulated in a TURN packet and sent to the TURN server. The TURN packet also contains the destination address of the peer. The TURN server then converts this packet into a UDP packet and sends it on to the peer. In the reverse direction the TURN server receives a UDP packet from the peer and encapsulates this packet into a TURN packet and sends it to the client. The TURN packet also contains the peer’s address so that the client knows where the packet originated.