1

WebRTC, TURN, and WebSocket

WebRTC, TURN, and WebSocket

WebRTC, TURN, and WebSocket

Peter Dunkley, Technical Director, Crocodile RCS Ltd

Email: peter.dunkley@crocodile-rcs.comTwitter: @pdunkley

WebRTC is about media

● GetUserMedia Javascript API– Provides access to microphones, web-cams, and

screen (for screen-sharing)

● MediaStreams Javascript API– Routes streams between microphones/web-

cams/screens/speakers and network connections

● PeerConnection Javascript API– Creates low-latency, secure connections between

peers

– Streams may be audio, video, or data

● New profile RTP/SAVPF– The S means DTLS is used – only the endpoints

can decode the stream

– The F means RTCP feedback is used – enables QoS in the endpoints

● ICE is mandatory– STUN allows traversal of most NAT devices without

relays

– TURN allows traversal of “badly behaved” NAT devices

Security and Quality of Service is built-in

● Audio– G.711

– OPUS

● Video– Big debate between H.264 and VP8

● Connections and codecs are negotiated using SDP

Mandatory To Implement (MTI) Codecs

● Media Gateways or RTCWeb Breakers are required for now

● The RTP/SAVPF profile used by WebRTC:– Mandates security

– Mandates quality of service

– Mandates client-based NAT traversal

– Contains network optimisations

– Is not compatible with most deployed servers and user-agents.

Media session interworking

● TURN can use a lot of network bandwidth● This may be expensive for service providers so

security is needed to make sure it is not abused● Ordinary credentials stored in Javascript web-

apps can be easily read and are not safe● Google recently proposed a web-service API

for creating ephemeral credentials

TURN Security

Browser Browser

Server ServerSignalling

S

igna

lling

WebRTC media or DataChannel

Establishing media sessions requires signalling

Many signalling options

● REST based– For example, PubNub, RestComm, Twilio

● BOSH based– For example, some XMPP implementations

● WebSocket based– For example, SIP or XMPP

What is WebSocket?

● Safe, client-originated, connection to servers● Often used from web-browsers - but does not

have to be● It is an asynchronous protocol● Traffic from the client is masked● Although carried over TCP WebSocket is a

frame based protocol● RFC 6455, “The WebSocket Protocol”

Why use SIP over WebSocket?

● SIP is the “Session Initiation Protocol”● Requires less network infrastructure● Interoperable with existing infrastructure● Well understood fail-over and scaling model● Many regulatory issues already dealt with

– Billing, CALEA/LI, Privacy

● It's taken almost 10 years to sort out the SIP issues. Why start from scratch and make the same mistakes all over again?

SIP over WebSocket

● draft-ietf-sipcore-sip-websocket● WebSocket has limitations

– You can't know your local IP address

– It's basically a NAT traversal issue

● Use Path (RFC 3327)● Use SIP Outbound (RFC 5626)● Use GRUU (RFC 5627)

SIP over WebSocket is widely available

● Open-source server implementations– Asterisk, Kamailio, OverSIP, reSIProcate

● Open-source client implementations– JAIN SIP JavaScript

– JsSIP

– QoffeeSIP

– sipML5

But what about presence and messaging?

● SIP page-mode messaging is great for one-at-a-time messages

● MSRP is well suited for light-weight session-based messaging and file-transfer

● XMPP is the right solution for advanced messaging, network address book, and presence

XMPP and SIP together?

● SIP is best for media session establishment and interoperability

● XMPP is better for messaging and presence● Use the right protocol for the job● CUSAX (Combined Usage of SIP And XMPP)

is the future

Efficient messaging

● MSRP is a natural companion to SIP● Can be used for IM, file transfer, or any other data streaming you

want● MSRP over WebSocket

– Involves an MSRP relay in the network (local policy can be enforced)– Great for client to server data exchanges– draft-pd-dispatch-msrp-websocket

● MSRP over WebRTC– Low-latency, secure, structured messaging between peers– Often a better option than XMPP messaging (even if using XMPP

network address book and presence) as it is peer-to-peer– draft-pd-msrp-webrtc

MSRP over WebSocket

● Open-source server implementations– Kamailio

● Open-source client implementations– Crocodile MSRP

● draft-pd-dispatch-msrp-websocket supported now● draft-pd-msrp-webrtc supported soon

Crocodile RCS Ltdwww.crocodile-rcs.com