Using STUN servers with Pexip Infinity

A STUN server allows clients, such as Conferencing Nodes or WebRTC clients (such as the Connect web app), to find out their public NAT address.

When a client is deployed behind a NAT, it can send a STUN request to the STUN server, which responds back to the client and tells it from which IP address it received the STUN request. Using this method, the client can discover its public NAT address, which is important in order for ICE to work between Conferencing Nodes and other ICE-enabled clients (for example, WebRTC and Skype for Business / Lync clients). In relation to ICE, this public NAT address is also known as the server reflexive address.

In Microsoft Skype for Business and Lync deployments it is essential that a Conferencing Node can discover its public NAT address.

Conferencing Nodes

If a Conferencing Node is deployed on a private network behind a NAT, its system location may already be configured with the details of a TURN server (such as the Pexip TURN server). Often, that TURN server can act as a STUN server and a separate STUN server is not normally required.

By default, Conferencing Nodes send their STUN requests to the TURN server, but if the TURN server is not located outside of the enterprise firewall then the Conferencing Node will not be able to discover its public NAT address. If this is the case in your deployment scenario, you must configure a separate STUN server — the Conferencing Node's STUN requests will then be sent to the STUN server, instead of the TURN server.

A STUN server is not required if:

  • your Conferencing Nodes are publicly-addressable, either directly or via static NAT, or
  • the STUN requests sent from the Conferencing Nodes to the TURN server will return the public NAT address of the Conferencing Node.

The STUN servers used by Pexip Infinity must be located outside of the enterprise firewall and must be routable from your Conferencing Nodes.

Connect apps

When connecting to a privately-addressed Conferencing Node, Connect app WebRTC clients that are behind a NAT may also use a STUN server to find out their public NAT address.

When a Connect app connects to a Conferencing Node, the node will provision it with any Client STUN server addresses that are configured against that node's system location. The WebRTC client can then use those STUN servers to discover its public NAT address. This is typically only required if the WebRTC client is communicating via a TURN server.

For more information, see When is a reverse proxy, TURN server or STUN server required?.

How Conferencing Nodes decide which STUN server to use

The STUN server used by a Pexip Infinity Conferencing Node handling a call is determined as follows:

  • Conferences: uses the STUN server associated with the location of the Conferencing Node that is handling the call signaling.
  • Point-to-point calls via the Infinity Gateway: uses the STUN server associated with the Call Routing Rule that matched the call request. If there is no STUN server associated with the rule, then the STUN server associated with the location of the Conferencing Node that is handling the call signaling is used instead. Note that rules can optionally be configured on a per-location basis.

If a STUN server is not configured for a location or rule, but a TURN server is configured, the Conferencing Node will send STUN requests to that TURN server.

Nominating the STUN servers used by Pexip Infinity and Connect app WebRTC clients

Within Pexip Infinity you can configure the addresses of one or more STUN servers. You then associate those STUN servers with each System location (with separate configuration for the STUN server used by Conferencing Nodes in that location, and the STUN servers to offer to Connect apps connected to that Conferencing Node), and with each Call Routing Rule.

Configuring STUN server addresses

To add, edit or delete STUN server connection details, go to Call control > STUN servers. The options are:

Option Description
Name The name used to refer to this STUN server in the Pexip Infinity Administrator interface.
Description An optional description of the STUN server.
Address The IP address or FQDN of the STUN server. This should not be the same address as any of your configured TURN servers.
Port

The IP port on the STUN server to which the Conferencing Node will connect.

Default: 3478.

Note that Pexip Infinity ships with one STUN server address already configured by default: stun.l.google.com. This STUN server uses port 19302 (rather than the common 3478) and can be assigned to system locations for use by Connect app WebRTC clients.

Associating STUN server addresses with Conferencing Nodes

To associate a STUN server address with a Conferencing Node, you must configure the node's system location:

  1. Go to Platform > Locations.
  2. Select the Conferencing Node's location.
  3. Select a STUN server and select Save.

All Conferencing Nodes in that location will use the nominated STUN server for conference calls.

Associating STUN server addresses with gateway calls

If a gateway call is being placed to an ICE-enabled client (such as Skype for Business / Lync clients and Connect app WebRTC clients), the Conferencing Node placing the call will use the STUN server associated with the matching rule. (For gateway calls, the Conferencing Node does not use the STUN sever associated with its system location.)

To associate a STUN server address with a Call Routing Rule:

  1. Go to Services > Call routing.
  2. Select the relevant rule.
  3. Select a STUN server and select Save.

Configuring the STUN server addresses provided to Connect app WebRTC clients

To configure the specific STUN server addresses that are provisioned to Connect apps, you must configure the system locations used by the Conferencing Nodes that the clients connect to:

  1. Go to Platform > Locations.
  2. Select the Conferencing Node's location.
  3. Select one or more Client STUN servers and select Save.

When a Connect app connects to a Conferencing Node in that location, the Conferencing Node will provide it with the addresses of the nominated STUN servers. These STUN servers are used by the client to discover its public NAT address.

If no Client STUN servers are configured for that node/location, the Connect app may still be able to communicate by using a TURN relay, if a TURN server is configured on the Conferencing Node, but this may cause delays in setting up media.

For clients on the same network as the Conferencing Nodes, where no NAT is present, users may find that WebRTC call setup time is improved by removing all Client STUN servers.