7 Replies Latest reply on Jun 24, 2009 11:06 AM by Michael Thornburgh

    Exploring TURN, what do you recommend?

    fmaas@incontext.nl

      Hi Mike,

       

      I've done with the fallback: our app now attempts p2p for 4 secs; if it times out falls back to fms; works fine, but of course doesn't reduce latency for those guys behind symmetric nat's.

      Includes Flash9/Flash10 coexistence: if either end is 9, will fall back right away.

      TIP: Had to force the Flash 10 side to Nellymoser 11 kHz or less, otherwise (Speex or Nellymoser > 11) Flash 9 end would severely suffer from slow-motion video!

       

      Now this is out of the way would like to explore TURN.

      There apparently are not so many implementations to choose from.

       

      Found these:

      • reSIProcate
      • free numb by Viagénie
      • pjturn-srv

       

      Is there any tool in particular you would like to recommend?

      Are there additional tools on top of above? (Google produces thousand of pages how to 'turn' proxies on and off, probably masquerading the real stuff)

       

      The reSIProcate seems to be the most promising, but so far it fails to compile on a RHEL5 machine, despite all prereqs seem to be met.

      The free service at Viagénie, if applicable at all, requires authentication, and I didn't see a way to specify credentials in mm.cfg or otherwise.

      The pjturn-srv tools seems to be so rudimentary and has so little documentation on the TURN part that I gave up before even attempting a compile.

      By the way, am I right that actually pjturn is the technology behind Viagénie?

       

      Looking forward for some hints to get this rolling,

       

      - Frans

        • 1. Re: Exploring TURN, what do you recommend?
          M Kaufman

          Most open-source servers will now be supporting IETF TURN drafts later than draft-08, which is what Flash Player 10.0 supports. Additionally, Flash Player 10.0 has no way of sending authentication. I have talked with the authors of some of these packages but they seemed less than interested in adding an unauthenticated mode of operation at that time, so it is unlikely that a draft-08-compatible server with no authentication would be easily available. You will need to implement your own from the draft-08 specification.

           

          Authentication support is not included because for the IT-firewall-bypass case, IT departments already have control over the systems running behind their firewalls and so authentication would simply be an additional configuration hurdle.

          • 2. Re: Exploring TURN, what do you recommend?
            fmaas@incontext.nl Level 1

            Clear answer, Matthew, but not entirely practical.

            Writing proxies like this is not really our kind of business.

            But it must be a piece of cake for Adobe to build such a proxy.

            I just assume this will soon be part of an Adobe product announcement, right? (Yes, I know, you can't say anything)

             

            - Frans

            • 3. Re: Exploring TURN, what do you recommend?
              M Kaufman Level 1

              I would suggest that you or your IT department ask for this proxy protocol support from your firewall or other IT hardware vendor. After all, Flash Player is a widely deployed application and so this requirement shouldn't be that unusual.

               

              Alternatively, you or your IT department can open up outbound UDP access, which is better-performing anyway.

              • 4. Re: Exploring TURN, what do you recommend?
                fmaas@incontext.nl Level 1

                Hi Matthew,

                 

                Unfortunately this isn't going to work in our situation.

                The problem is not that UDP ports aren't open.

                Many of our customers are private persons or small businesses connected to Internet by a ADSL modem plus integrated (wireless) router.

                Many of these boxes (around 30%) contain symmetric NAT translators, unsuitable for p2p.

                We use your "garage server" at http://cc.rtmfp.net to let people test their connection, and each time we find that the test at the bottom ("preserve source UDP port number from original connection") fails for these.

                We have already realized a fallback mechanism, as suggested by Mike, that routes connections over our FMS server in case p2p fails. The FMS solution has been our standard pre-Flash 10.

                As we regularly had complains about latency and network congestion issues, and were benchmarked against a.o.Skype, we wanted to exploit Flash 10 for its p2p and udp support.

                Unfortunately we now discover that too many people can't work with this because of symmetric NAT.

                Mike has suggested to use the TURN proxy capability of Flash 10 in order to take away some of the pain, and at least retain the udp part of the solution.

                I spent precious hours to discover that there isn't any product complying with the TURN standard you have implemented.

                You have confirmed that.

                I believe you too easily turn away from the problem.

                I would really appreciate a more cooperative approach.

                You have all the knowledge.

                We are willing to spend more effort to get this working; see the testing we did with reSIProcate as discussed in the other thread in this forum.

                 

                Please let us know how we can make progress.

                 

                Regards,

                Frans

                • 5. Re: Exploring TURN, what do you recommend?
                  M Kaufman Level 1

                  TURN support in Flash Player 10.0 / AIR 1.5 is there for the "Enterprise Firewall" use case, where an organization wishes to enable RTMFP but not open up outbound UDP to all applications.

                   

                  It is NOT intended for use as a general proxy mechanism elsewhere in the Internet.

                   

                  If you wish to have a fallback mechanism from P2P to client-server networking (sending data via an intermediate service) using UDP and RTMFP, you will need to use an RTMFP-capable FMS, for which there is a pre-release program.

                   

                  Even in that case, you will still sometimes need to switch to client-server networking using RTMP or RTMPT, in which case any FMS will work.

                  • 6. Re: Exploring TURN, what do you recommend?
                    johann querne

                    Hi Mike,

                     

                    How can we get access to the new FMS pre-release? Our service is based on flash p2p video/audio and we are suffering from this NAT issue.

                     

                    Thank you

                     

                    Johann

                    • 7. Re: Exploring TURN, what do you recommend?
                      Michael Thornburgh Adobe Employee

                      you can send email to fmsprerelease@adobe.com and request to be added to the program.

                       

                      -mike