STUN TURN Guide

Revision as of 18:58, 26 March 2020 by Jhurley (talk | contribs) (Client Side Testing:)

Zimbra Connect TURN/STUN Server Overview

For a successful Zimbra Connect implementation, a TURN/STUN server needs to be implemented. Typically, users within the same network will not have issues with Zimbra Connect. However, without a TURN/STUN server, Zimbra Connect peer-to-peer connections between networks will fail.

Failure of peer-to-peer connections between networks is not a Zimbra Connect bug. This failure is a result of how networks are configured and how WebRTC communicates between clients. Zimbra Connect uses WebRTC, a peer to peer protocol that crosses different networks.

Zimbra created this wiki to provide our customers an overview and guidance on the STUN/TURN server implementation.

What is a STUN Server?

A STUN server (Session Traversal of User Datagram Protocol [UDP] Through Network Address Translators [NATs]) allows NAT clients to set up voice calls to a VoIP provider hosted outside the local network.

What is a TURN Server?

A TURN server (Traversal Using Relay NAT) is used for multimedia applications to assist traversal of network addresses translators (NAT) or firewalls. End-to-end communication between pairs of endpoints does not reside on public networks but within private address spaces behind network address translators. A TURN Server is needed to bridge the networks: WebRTC traffic between different networks requires a TURN Server to relay the traffic between peers who reside on different networks.

What is WebRTC

WebRTC (Web Real-Time communications) provides peer-to-peer communication within browsers and mobile applications through an applications programming interface (API). It includes audio, video and data transfer, eliminating the need for plugins or native apps. It is supported by the latest releases of Chrome and Firefox. Zimbra Connect customers report that Chrome provides the best experience.

If your users are experiencing the following issues, you will need a TURN server:

  1. Some callers cannot connect.
  2. Video and screen sharing is not working for some attendees.
  3. Audio is not working for some attendees.
  4. Chat is not working for some attendees


Zimbra Connect itself doesn’t need a TURN/STUN server. A TURN/STUN server is needed by the remote clients on a video call, so that they can see each others’ video streams. When users’ workstations are NAT’d on different networks in different locations (i.e. they have IP addresses like 192.168.1.230 and 10.0.15.168), those two workstations route their video stream traffic through the TURN/STUN server, not through the Zimbra Connect server.

STUN/TURN Setup Options

You have many choices for setting up a TURN/STUN server, and you can choose between many TURN PaaS (Platforms as a service) Providers. Zimbra recommends that you review your options and choose what best meets your needs.

Zimbra Support does not recommend using Free TURN/STUN server providers. Read this wiki from bloggeek.me to see why:

https://bloggeek.me/google-free-turn-server/

Zimbra Support does not support the setup, troubleshooting or maintenance of a TURN/STUN server. Zimbra Support recommends reviewing and understanding all setup requirements for your selected TURN/STUN server before proceeding with the Zimbra Connect installation.

If you choose to manage your own server instead of using a TURN PaaS Provider, most software packages contain both the TURN and STUN server functionality. Open source versions like ReSIPprocate, Coturn and Restund are maintained by the community and are reliable.

If you run a local instance of a TURN/STUN server, setting up a system can be complex based on your network and security requirements. We have seen customers run into issues with:

  1. WebSocket Traffic being blocked by Firewall
  2. Implementing multiple TURN/STUN servers with load balancers / proxy servers
  3. TURN/STUN Server tuning
  4. Networks

If you use coTturn or retund, here are some helpful wikis:

    coTurn https://github.com/coturn/coturn/wiki
    reTurn https://www.resiprocate.org/ReTurn_Overview


The following link provides a good understanding of Standard Firewall Port needed for reverse proxy and Turn Server: https://docs.pexip.com/rp_turn/rpturn_ports.htm

Please also see Zimbra Connect section within the Zimbra Admin Guide at: https://zimbra.github.io/adminguide/latest/#_zimbra_connect

And TURN/STUN Server setting at: https://zimbra.github.io/adminguide/latest/#_stunturn_server

For more guidance on installing a TURN server, please see the following posting on the Zimbra forums by Randy Leiker at Skyway Networks:

http://forums.zimbra.com/viewtopic.php?f=45&t=67960&sid=2f85903f49bd050cd9116a9beb38d661

TURN/STUN Server Sizing Recommendation:

Each TURN/STUN instance has its own recommendation, and Zimbra Support recommends reviewing the TURN/STUN documentation for guidance. However, Zimbra Support has seen a number of postings and recommendations stating the following as minimum requirements:

    At least 2 CPU
    8 GB of Memory, SSD my be used but not required

Your network is the most important factor in the performance of a TURN/STUN server.

You need to ensure the network supporting the TURN/STUN has at least:

    PPS (High package per second) performance
    Low network jitter (<=30ms)
    Low latencies (<-150ms)

Bandwidth:

"centered image"

Zimbra Connect uses WebRTC, and all connections are peer-to-peer. Customers have reported bandwidth usage at the client level ranging between 200 - 400 kb / second / attendee for stable audio and video. There are separate inbound and outbound connections for each attendee, each using 200 - 400 kb / sec. Usage increases by this range for each additional attendee.

    200 * x = total bandwidth inbound + 200 * x = total bandwidth outbound


Client system performance will also affect the user experience.

The default setting for the maximum number of attendees with Zimbra Connect is configured as 5. From experience, we have seen conferences over 5 tend to develop performance issues, with 7-9 being the maximum number of attendees before the browser begins having more serious issues.

Client Side Testing:

Once the TURN/STUN server has been set up with Zimbra Connect configured, we recommend this test: start a 2 person session and increase attendees until users start experiencing performance issues. Then use chrome WebRTC debugging to obtain client side performance data by going to the following URL within the latest release of the browser:

    chrome://webrtc-internals/


Also review the TURN/STUN server logs for connection issues. End Users and Admin’s can test the WebRTC performance by going to:

    https://test.webrtc.org/


To test the WebRTC of the TURN server, you will need to enter the same Server information you used to setup Zimbra Connect.

Other issues to be aware of:

Hairpinning: Hairpinning is a NAT loopback where two hosts on the same network or within close proximity send their media data to remote TURN servers. For example, two hosts in India send their media data to a TURN server within the Americas.

Jump to: navigation, search