What is a TURN server?

What is a TURN server?

TURN servers

TURN stands for Traversal Using Relays around NAT. TURN is a protocol that is used in network communications to enable the transmission or relay of data between devices or clients that are located behind different NATs (Network Address Translators) or firewalls

TURN servers are very important in situations like video calling and file sharing over the internet where direct communication between devices is not possible because of NAT or firewalls

Technical Background of TURN

NAT and Communication Challenges:

Network Address Translation or NAT is a method though which multiple private IP address (that are assigned to clients in a private network) are mapped thoough a single Public IP address

NAT helps conserve IP addresses as all the devices in the private network access internet through a single Public IP address. NATs also help increase security

But NATs also create a challenge for P2P communication as devices behind NAT are not reachable from the internet

IP address depletion problem

This is done because there a limited number of IPv4 address in the world and until the advent of IPv6 IP addresses needed to be conserved. Because devices on the internet were increase at a faster rate and there was a real problem that there will not be enough IP address that could be given to every device

How TURN server works

when a client device wants to communicate with another client device on the internet, it first tries to establish a connection using STUN (Session Traversal Utilities for NAT). If this fails because of stricter NAT or firewall rules and then it falls back to TURN server.

The TURN server basically receives the data from one client server and forwards it to the other client server thus effectively bypassing NAT rules.

All the data that passes through the TURN server is encrypted and thus no one, not even the TURN server that is sending the data knows what data it is passing through

STUN server Vs TURN servers

STUN and TURN are both protocols that are used to enable network communications in situations where NAT and firewalls are present.

While there are some similarities between these two protocols their purpose and how they operate are different

STUN server

Primary Purpose: The primary purpose of STUN is to allow a device that is behind NAT to know what its public IP address is

Clients that are behind NATs do not know what is their public IP address, they only know their private IP address. (Public IP address is only known to the NAT device, usually a router)

This information is very important in enabling p2p communications, once the client device knows what is its public IP is, it can then forward this information to the other client device that is on the internet and thus establish p2p communications through the public IP

Useage STUN is in various applications like video conferencing, Audio conferencing, file sharing VoIP communications etc

Working mechanism:

  • When a client needs to establish a direct connection with another client on the internet. It first needs to find out what its public IP address is

  • The client first sends a request to the STUN server, the STUN server responds back with the public IP address and port number (usually it is port 80 and 443)

  • The client now know what is its public IP and then it informs the other client on the internet about its public IP and port number

  • This helps establish direct communication between the two client devices that are on the internet and behind different NATs and firewalls

Limitations:

  • STUN works in many scenarious but fails in symettric NAT, where NAT assigns a different public endpoint for each external connection

  • STUN also fails where there are strong firewall rules blocking connections

TURN server

TURN servers are a fallback for STUN server, when STUN server fails TURN helps relay data between clients, through symmetric NAT and deep inspection firewall rules.

Working Mechanism

  • In scenarious where STUN fails to establish a connection the client fallbacks to TURN servers

  • The TURN server relays data from one client to another

  • Unlike STUN which just helps in descovering the public IP address for direct communication. The TURN server handle the traffic itself, forwarding the data from one client to another

Usage

TURN servers are resource intensive including CPU and bandwidth usage. TURN servers involve data transfers through the TURN server.

Setting Up the TURN server

Considerations for TURN server deployment

When considering a TURN server there are many options

  1. You can setup your own TURN server using open source software like COTURN

  2. You can consider Third party TURN server providers like Metered TURN servers.

Choosing the Right TURN Server Solution

Depending on your needs and technical know how you can consider any one of the solutions

Let us consider pros and cons of both, first let us consider using a TURN server provider. Here we will consider Metered TURN servers

Metered TURN servers

  1. Global Geo-Location targeting: Automatically directs traffic to the nearest servers, for lowest possible latency and highest quality performance. less than 50 ms latency anywhere around the world

  2. Servers in 12 Regions of the world: Toronto, Miami, San Francisco, Amsterdam, London, Frankfurt, Bangalore, Singapore,Sydney (Coming Soon: South Korea, Japan and Oman)

  3. Low Latency: less than 50 ms latency, anywhere across the world.

  4. Cost-Effective: pay-as-you-go pricing with bandwidth and volume discounts available.

  5. Easy Administration: Get usage logs, emails when accounts reach threshold limits, billing records and email and phone support.

  6. Standards Compliant: Conforms to RFCs 5389, 5769, 5780, 5766, 6062, 6156, 5245, 5768, 6336, 6544, 5928 over UDP, TCP, TLS, and DTLS.

  7. Multi‑Tenancy: Create multiple credentials and separate the usage by customer, or different apps. Get Usage logs, billing records and threshold alerts.

  8. Enterprise Reliability: 99.999% Uptime with SLA.

  9. Enterprise Scale: With no limit on concurrent traffic or total traffic. Metered TURN Servers provide Enterprise Scalability

  10. 50 GB/mo Free: Get 50 GB every month free TURN server usage with the Free Plan

  11. Runs on port 80 and 443

  12. Support TURNS + SSL to allow connections through deep packet inspection firewalls.

  13. Support STUN

  14. Supports both TCP and UDP

Setting up your own TURN server

You can also set up your own TURN server using open source software like COTURN

To do this it is a simple matter of creating an instance on any of the cloud provider like aws or google cloud. Here is the link to the tutorials on how to set up a TURN server on various cloud provider

  1. How to setup a TURN server on AWS

  2. Google Cloud TURN server

  3. Azure TURN server

  4. DigitalOcean TURN server

Costs associated with setting up your own TURN server

  1. Instance cost: Depending on how much TURN server bandwidth you need you will need to setup a large enough instance cause TURN servers are resource intensive and require CPU, RAM and bandwidth

  2. Bandwidth costs: All the cloud providers also charge for bandwidth, so you need to factor in the bandwidth costs as well

  3. Maintainenence: You also need to maintain your TURN server, for security and version updates etc. This would create downtime as TURN servers needed to restarted for updates to take place

  4. Reliability: Cloud instances can go into a state of limbo, if this happens then the TURN servers needed to be restarted than that also creates reliability problems

  5. Scalability: The TURN server that you created has a limited capacity for CPU, RAM and bandwidth if with time your TURN server usage increases than you will have problems with scalability of the TURN server.

  6. Latency: If you have customers from all over the world using the TURN server then you need TURN servers in every region of the world, if you have single TURN server customers in other parts of the world might experience latency issues

How to use Metered TURN server

Once you create an account on the Metered.ca website.

  1. select the TURN server on the Dashboard

  2. Select the plan: a. Free Trial. or b. Free Plan

  3. Free Trail gives you access to TURN server all over the world plus detailed access to API. So, for this Tutorial we are going to select free trail

  4. Select the TURN server region. a. Global is the best option but if you want to select a country example: Canada or a region example: E.U. you can do that as well.

  5. You can use the API to fetch the credentials or

  6. You can manually select the credentials and add them to your application

Here are some of the important API calls to integrate the TURN server in your application

  • Add/remove credentials using REST API

  • Fetch per credential usage metrics via API

  • Enable/Disable Credential via the API

Step-by-Step Guide to Setting Up a TURN Server

This is a short guide if you wish to learn more refer to the detailed guide to setting up and configure TURN server using COTURN

You can also setup your own turn server using the COTURN open source TURN server software

Prerequisites for setting up the COTURN

  1. A cloud server with any of the cloud providers such as AWS, Google Cloud

  2. Public IP address

Step 1 Installing Coturn

spin up a linux ubuntu or any other distro on aws or google cloud and update the repo with these commands

sudo apt update
sudo apt upgrade

Then install the coturn

sudo apt-get install coturn

Step 2 Configuring Coturn

now let us setup some basic configuration settings

  • add external IP address

  • Add basic auth

before modifying the configuration file it is important to make a copy of the orignal configuration file in case we need it in the future

mv /etc/turnserver.conf /etc/turnserver.conf.original

this will re name the original configuration file from turnserver.conf to turnserver.conf.original

next replace the coturn server realm and server name

# TURN server name and realm
realm=<DOMAIN>
server-name=<SERVER_NAME>

next let us setup the external ip address for our TURN server

If you want the TURN server to listen to all IP addresses then set the listning IP to 0.0.0.0. If you want it to listen to your specific IP addresses then

# IPs the TURN server will listen to 
listening-ip=0.0.0.0

#external-ip=IP_ADDRESS

Next we define the ports the turn server will listen to

# Main listening Port
listening-port=4001

# External IP-Address of your TURN server
external-ip=IP-Address

lastly we need the port our COTURN will listen to

# Main listining port 
listening-port=3478

#and for TLS (secure)
tls-listening-port=5349

#Further ports open for communication
min-port=10000
max-port=20000

Running COTURN on privileged ports

some linux distributions for example ubuntu run the turn server on unprivilaged user like turnserver

for this reason the coturn cannot run on priveleged ports like 443

you can make changes to the linux configuration to listen to priveleged ports by

setcap cap_net_bind_service=+ep /usr/bin/turnserver

altenatively you can run coturn service to by executed by root like SSL but that is out of the scope of this article you can read more about it in the detailed guide on how to configure and run your own TURN server

Conclusion

In this article we learned about what a TURN server is and how TURN servers function

We also learned about TURN server providers and also how to set up your own turn server of any cloud providers