WebRTC STUN server purpose

4
votes

I understand the purpose of STUN and TURN servers and their use in WebRTC, but I don't fully get:

If I as a WebRTC client have already logged in to use the WebRTC service, wouldn't this service already have my public IP address? Why does it need to be found a second time by the STUN server?

1
webrtcstun

1 Answers

4
votes

Short answer: Because Proxies and NATs.

Lots of reasons:

  1. The web server knows your public IP address for the established TCP connection, but for the subsequent P2P communications over UDP, it doesn't know how your local NAT will map the port (or which port its using).

  2. You could be on a network in which all HTTP/HTTPS traffic goes over a proxy. Hence, the WebRTC service only knows the address of your proxy.

  3. The WebRTC service itself could have a front end load balancer. Hence, it only knows the IP address of the load balancer.

  4. The two endpoints attempting to do a WebRTC session may actually be behind the same NAT. Hence, the public IP address isn't as useful.

But the primary reason is around port prediction as discussed in #1 above. Address exchange over ICE or WebRTC involves not just exchanging IP Addresses, but also, UDP ports as well. Even if the web server knows the client's actual IP address, the web server can not infer what UDP port it will use for media traffic.