Ideal WebRTC SFU, and relay servers inbound ports configuration.
585 views
Skip to first unread message
Pallab Gain
Jul 20, 2016, 3:36:46 AM7/20/16
to discuss-webrtc
Hi !
I am very curious to know about an ideal SFU/MCU, and relay server security rules.
- What should be the ideal inbound port range for a WebRTC SFU, and Turn servers ?
- Will this be a bad idea to block in-bound ports in server side ?
- Like, when you have control over your SFU servers, should we avoid to relay all WebRTC traffic through Turn servers ?
Regards,
Pallab
Lorenzo Miniero
Jul 20, 2016, 5:08:02 AM7/20/16
to discuss-webrtc
Just chiming in (as Janus author) to add that you can limit the range of ports to use for ICE/RTP in the configuration (assuming your libnice version is recent enough). As to how many and which ports to open, I'll leave it to others to answer: just beware that, the less ports you open, the less concurrent sessions you'll be able to serve.
L.
Boris Grozev
Aug 5, 2016, 2:24:53 PM8/5/16
to discuss...@googlegroups.com
Hi,
On 20/07/16 02:36, Pallab Gain wrote:
> Hi !
>
> I am using Janus <https://janus.conf.meetecho.com/> as SFU, and coturn
> <http://coturn.github.io/> as our turn servers. Currently, the SFU, and
> Turn servers ?
Assuming rtcp-mux and bundle, an SFU can use a single port and multiplex
sessions based on STUN usernames.
Regards,
Boris
On 20/07/16 02:36, Pallab Gain wrote:
> Hi !
>
> <http://coturn.github.io/> as our turn servers. Currently, the SFU, and
> turn servers are hosted in Amazon Virtual Servers
> <https://aws.amazon.com/ec2/>. In these servers, all in-bound UDP ports
> are open. Now, one of our clients flag this as a security issue and
> expecting me to change the in-bound UDP range. [ As minimum as possible.
> may be from 1 to 100 inbound UDP ports at most ]. I am just a starter
> with WebRTC, and I am continuously learning from interesting
> requirements, and challenges.
>
> I am very curious to know about an ideal SFU/MCU, and relay server
> security rules.
>
> * What should be the ideal inbound port range for a WebRTC SFU, and
> expecting me to change the in-bound UDP range. [ As minimum as possible.
> may be from 1 to 100 inbound UDP ports at most ]. I am just a starter
> with WebRTC, and I am continuously learning from interesting
> requirements, and challenges.
>
> I am very curious to know about an ideal SFU/MCU, and relay server
> security rules.
>
> Turn servers ?
Assuming rtcp-mux and bundle, an SFU can use a single port and multiplex
sessions based on STUN usernames.
Regards,
Boris
Reply all
Reply to author
Forward
0 new messages