为什么 WebRTC 需要 ICE 协议才能运行?
Why does WebRTC needs ICE protocol to operate?
据我了解,ICE 协议用于发现从最终用户设备到 "the outside" 的 nodes/devices。
我不明白为什么需要它。数据包路由不是路由器和交换机等网络设备的职责吗?他们应该找到从网关到最终用户设备的最短路径(实际上,路由器会记住它们之前发现的那些路由)。
此外,NAT 协议用于从 "internal ip" 转换为 "external ip",反之亦然。
所以,
为什么其他用户需要熟悉我的内部网络设置?
NAT 是一个大杂烩,用于在 IPv6 变得无处不在之前保存 IPv4 地址,它破坏了 IP 承诺的端到端连接。因此,有些事情无法通过 NAT 正常工作。有多种解决 NAT 问题的方法,ICE 是其中的一部分。这在 RFC 5245, Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols:
中有解释
- Introduction
RFC 3264 [RFC3264] defines a two-phase exchange of Session Description
Protocol (SDP) messages [RFC4566] for the purposes of establishment of
multimedia sessions. This offer/answer mechanism is used by protocols
such as the Session Initiation Protocol (SIP) [RFC3261].
Protocols using offer/answer are difficult to operate through Network
Address Translators (NATs). Because their purpose is to establish a
flow of media packets, they tend to carry the IP addresses and ports
of media sources and sinks within their messages, which is known to be
problematic through NAT [RFC3235]. The protocols also seek to create
a media flow directly between participants, so that there is no
application layer intermediary between them. This is done to reduce
media latency, decrease packet loss, and reduce the operational costs
of deploying the application. However, this is difficult to
accomplish through NAT. A full treatment of the reasons for this is
beyond the scope of this specification.
Numerous solutions have been defined for allowing these protocols to
operate through NAT. These include Application Layer Gateways (ALGs),
the Middlebox Control Protocol [RFC3303], the original Simple
Traversal of UDP Through NAT (STUN) [RFC3489] specification, and Realm
Specific IP [RFC3102] [RFC3103] along with session description
extensions needed to make them work, such as the Session Description
Protocol (SDP) [RFC4566] attribute for the Real Time Control Protocol
(RTCP) [RFC3605]. Unfortunately, these techniques all have pros and
cons which, make each one optimal in some network topologies, but a
poor choice in others. The result is that administrators and
implementors are making assumptions about the topologies of the
networks in which their solutions will be deployed. This introduces
complexity and brittleness into the system. What is needed is a
single solution that is flexible enough to work well in all
situations.
This specification defines Interactive Connectivity Establishment
(ICE) as a technique for NAT traversal for UDP-based media streams
(though ICE can be extended to handle other transport protocols, such
as TCP [ICE-TCP]) established by the offer/answer model. ICE is an
extension to the offer/answer model, and works by including a
multiplicity of IP addresses and ports in SDP offers and answers,
which are then tested for connectivity by peer-to-peer connectivity
checks. The IP addresses and ports included in the SDP and the
connectivity checks are performed using the revised STUN specification
[RFC5389], now renamed to Session Traversal Utilities for NAT. The
new name and new specification reflect its new role as a tool that is
used with other NAT traversal techniques (namely ICE) rather than a
standalone NAT traversal solution, as the original STUN specification
was. ICE also makes use of Traversal Using Relays around NAT (TURN)
[RFC5766], an extension to STUN. Because ICE exchanges a multiplicity
of IP addresses and ports for each media stream, it also allows for
address selection for multihomed and dual- stack hosts, and for this
reason it deprecates RFC 4091 [RFC4091] and [RFC4092].
防火墙。它们通常配置为将来自万维网的任何未经请求的流量反弹给您。他们只批准您与服务器建立联系,然后才允许向您返回流量,仅此而已。除非你的朋友都拥有静态 IP(很少有人能证明这一点),否则这是对等通信的敌对环境。
ICE 试图通过枚举可以到达另一端的地址和端口来解决这个问题,并尝试连接到这些地址,方法是在两端发起出站请求,或者如果所有其他方法都失败,则回退到通过 TURN 服务器通信(如果指定)。
请参阅此 WebRTCHacks article 了解有关该问题的更多信息。
Why does the other user needs to be familiar with my internal network setup?
因为其他用户有时在您的内部网络上。例如局域网游戏。
据我了解,ICE 协议用于发现从最终用户设备到 "the outside" 的 nodes/devices。
我不明白为什么需要它。数据包路由不是路由器和交换机等网络设备的职责吗?他们应该找到从网关到最终用户设备的最短路径(实际上,路由器会记住它们之前发现的那些路由)。
此外,NAT 协议用于从 "internal ip" 转换为 "external ip",反之亦然。
所以,
为什么其他用户需要熟悉我的内部网络设置?
NAT 是一个大杂烩,用于在 IPv6 变得无处不在之前保存 IPv4 地址,它破坏了 IP 承诺的端到端连接。因此,有些事情无法通过 NAT 正常工作。有多种解决 NAT 问题的方法,ICE 是其中的一部分。这在 RFC 5245, Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols:
中有解释
- Introduction
RFC 3264 [RFC3264] defines a two-phase exchange of Session Description Protocol (SDP) messages [RFC4566] for the purposes of establishment of multimedia sessions. This offer/answer mechanism is used by protocols such as the Session Initiation Protocol (SIP) [RFC3261].
Protocols using offer/answer are difficult to operate through Network Address Translators (NATs). Because their purpose is to establish a flow of media packets, they tend to carry the IP addresses and ports of media sources and sinks within their messages, which is known to be problematic through NAT [RFC3235]. The protocols also seek to create a media flow directly between participants, so that there is no application layer intermediary between them. This is done to reduce media latency, decrease packet loss, and reduce the operational costs of deploying the application. However, this is difficult to accomplish through NAT. A full treatment of the reasons for this is beyond the scope of this specification.
Numerous solutions have been defined for allowing these protocols to operate through NAT. These include Application Layer Gateways (ALGs), the Middlebox Control Protocol [RFC3303], the original Simple Traversal of UDP Through NAT (STUN) [RFC3489] specification, and Realm Specific IP [RFC3102] [RFC3103] along with session description extensions needed to make them work, such as the Session Description Protocol (SDP) [RFC4566] attribute for the Real Time Control Protocol (RTCP) [RFC3605]. Unfortunately, these techniques all have pros and cons which, make each one optimal in some network topologies, but a poor choice in others. The result is that administrators and implementors are making assumptions about the topologies of the networks in which their solutions will be deployed. This introduces complexity and brittleness into the system. What is needed is a single solution that is flexible enough to work well in all situations.
This specification defines Interactive Connectivity Establishment (ICE) as a technique for NAT traversal for UDP-based media streams (though ICE can be extended to handle other transport protocols, such as TCP [ICE-TCP]) established by the offer/answer model. ICE is an extension to the offer/answer model, and works by including a multiplicity of IP addresses and ports in SDP offers and answers, which are then tested for connectivity by peer-to-peer connectivity checks. The IP addresses and ports included in the SDP and the connectivity checks are performed using the revised STUN specification [RFC5389], now renamed to Session Traversal Utilities for NAT. The new name and new specification reflect its new role as a tool that is used with other NAT traversal techniques (namely ICE) rather than a standalone NAT traversal solution, as the original STUN specification was. ICE also makes use of Traversal Using Relays around NAT (TURN) [RFC5766], an extension to STUN. Because ICE exchanges a multiplicity of IP addresses and ports for each media stream, it also allows for address selection for multihomed and dual- stack hosts, and for this reason it deprecates RFC 4091 [RFC4091] and [RFC4092].
防火墙。它们通常配置为将来自万维网的任何未经请求的流量反弹给您。他们只批准您与服务器建立联系,然后才允许向您返回流量,仅此而已。除非你的朋友都拥有静态 IP(很少有人能证明这一点),否则这是对等通信的敌对环境。
ICE 试图通过枚举可以到达另一端的地址和端口来解决这个问题,并尝试连接到这些地址,方法是在两端发起出站请求,或者如果所有其他方法都失败,则回退到通过 TURN 服务器通信(如果指定)。
请参阅此 WebRTCHacks article 了解有关该问题的更多信息。
Why does the other user needs to be familiar with my internal network setup?
因为其他用户有时在您的内部网络上。例如局域网游戏。