Archive for the 'MMUSIC' Category

Introducing pjnath – Open Source ICE, STUN, and TURN for NAT Traversal

During the past few weeks, I’ve been busy with implementing ICE (Interactive Connectivity Establishment, with the latest draft as of now is draft-ietf-mmusic-ice-15.txt), and I think now at least I have something that’s quite usable and stable to use.

There’s Something about ICE..

For those who are new to ICE, ICE is probably the most comprehensive method for traversing NAT, for multimedia communications. It provides a method to find the best route to use by both endpoints, and it solves various problems with NAT, such as when both endpoints are behind the same NAT box and no hairpin is available, and when both endpoints are behind symmetric NATs (which in this case, a relay will be used). Please see draft-ietf-mmusic-ice-15.txt for more information.

It’s one heck of a protocol though! First of all, ICE doesn’t run on itself, and instead it uses STUN protocol (Session Traversal Utilities for NAT, with the latest draft is draft-ietf-behave-rfc3489bis-06) for doing the connectivity checks. And for relaying, it uses TURN (Obtaining Relay Addresses from Simple Traversal Underneath NAT, with the latest draft is draft-ietf-behave-turn-03). Combined, they amount to 103+61+44=208 worth of pages of protocol specification to follow! I guess that’s probably why the “Simple” word was removed from the STUN acronym. 😉

Anyway, I think the timing is good to support these protocols now. ICE has just got WGLC-ed (Work Group Last Call) a week ago, and STUN draft is also maturing (TURN is a bit farther behind). In fact, the timing is perfect, as we can also contribute to finding bugs in the specs before they got RFC-ed (this is not to say that we’re expert in any kind!). Had we implemented these sooner, we would have been caught with the changes in the protocol, as many projects seem to have found themselves with.

PJNATH – NAT Traversal Helper Library

So here they are, PJNATH – Open Source NAT Traversal Helper supporting STUN, TURN, and ICE (clicking the link will get you to the documentation).

PJNATH is a new library within PJ projects, along side PJLIB, PJSIP, PJMEDIA, etc., and it consists of these:

In the future, maybe we can also put other NAT traversal methods such as UPnP or SOCKS in this library as well.

To accommodate ICE, PJMEDIA and PJSUA libraries have been updated too:

  • In PJMEDIA, we have a new media transport called pjmedia_ice_transport,
  • In PJSUA-LIB, the STUN settings have been moved from transport setting to global settings, and added option to enable ICE in the media settings.

And pjsua, the SIP UA console application, has been updated too. To enable ICE media transport, just add –use-ice in the command line argument, and pjsua will negotiate ICE in the offer/answer (it will fallback to normal media transport if ICE is not available in remote agent, of course).

So Does It Work?

Yes! (or, erm.. I think so!)

I’ve tried with running two pjsua’s behind the same NAT that doesn’t do hairpin, and the local address pair is used. And trying two pjsua’s behind different NATs, the public address pair is used. So it looks like it’s working!

More over, I’ve been testing it since last week, and quite few bugs have been found and fixed. And negotiation is pretty quick, around 100 ms with two endpoints on different ADSL line, even though the SDP answer was delayed in the proxy (ICE is able to start the checks early even when SDP answer hasn’t been received by caller).

But one of the major difficulties with testing ICE these days is practically there is no other freely available ICE implementation out there (I mean, ICE-14/15 compliant ones), so although ICE implementation in PJNATH does seem to work, and it follows ICE-15 closely, we couldn’t be sure that it is compliant until it talks with other implementation. So if any of you know one, please do let me know!

Interested to try them out?

PJNATH is part of 0.6 release and is not available in the stable branch (0.5.10). And unfortunately we haven’t released tarball for 0.6 yet, so for now just grab yourself a SVN client and pull the source from the trunk!

Subscribe to blog updates

View Perry Ismangil's profile on LinkedIn