STUN/TURN Use Cases

In general, you don't require a STUN or TURN server for SFU and MCU connections. You do require STUN/TURN for guaranteed peer connections.

This topic describes three recommended STUN and TURN usages:

• Stream Behind NAT: Use STUN/TURN
• Media Blocked by ISP: Use TURNS
• Find Public IP Address: Use STUN

Stream Behind NAT

Use STUN/TURN if both endpoints in a streaming connection are behind a NAT/router. This use case is why LiveSwitch requires STUN/TURN for peer connections. It also explains why STUN/TURN is generally not required for SFU and MCU connections. Since a publicly accessible LiveSwitch Media Server is one of the endpoints in SFU and MCU connections, NAT traversal isn't required. If all endpoints are on the same local subnet, then STUN/TURN is generally not required.

Media Blocked by ISP

Use TURNS if an ISP actively blocks real-time media using packet inspection. The TLS-encrypted TURN transport bypasses prying eyes. This use case is why, in general, LiveSwitch doesn't require STUN or TURN for SFU and MCU connections. An Internet service provider can actively block media packets. Adding a TURNS server, and configuring clients to use it in their ICE server array, ensures a safe fallback.

Find Public IP Address

Use STUN if you want to know your own public IP address. The STUN server echoes back the public IP address of the client that made the request. This use case only applies to the Media Server and is optional. When deploying a LiveSwitch Media Server to the public Internet, there are two possible options for IP addressing:

• The server can bind directly to a private IP address, which is 1:1 port-mapped to a public IP address.
• The server can bind directly to a public IP address.

The LiveSwitch Media Server needs to know its public IP address so it can negotiate streaming routes with clients.

• If you use the first option, which is typical of a cloud compute hosting provider, then you must either manually configure the Media Server with its public IP address or give it the address of an external STUN server that can auto-discover it.
• If you use the second option, then the LiveSwitch Media Server can read the public IP address directly from the operating system and no special configuration is required.

Summary

In summary, LiveSwitch offers the following guidance:

• You require STUN/TURN when creating peer connections unless all peers belong to the same local subnet.
• You might require TURN when creating SFU/MCU connections if their Internet service provider actively blocks real-time media.
• You can optionally use STUN to auto-discover Media Servers' public IP addresses if the servers are configured to bind to private ID addresses and you don't want to manually configure public IP addresses.