Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I do a significant amount of work with Hospitals and secure environments (Military, etc). TURN is needed 100% of the time. P2P traffic is not allowed. All IP addresses need to be known and kept static upfront for firewall whitelisting.

This means products which help alleviate WebRTC infrastructure such as AWS Kinesis are not allowed (due to how they allocate turn servers with unknown IP addresses) and a company needs to manage their own infrastructure / TURN servers (which allows you to cherry pick where server locations are (HIPAA, country legal for what is streamed)) or accept Twillio's, or their competitors etc, large IP ranges (and don't have server location flexibility / increased commercial and market growth restrictions).

Whichever route you go down it is quite an undertaking!

P.s. Tsahi Levent-Levi is truly exceptional in this area. I highly recommend reading his blog and training courses: https://bloggeek.me/, https://webrtccourse.com/, AND he runs an amazing testing product https://www.testrtc.com. if you build your own infrastructure testRTC is a must.



If you can't do P2P, you can have an SFU forwarding the call with more features than a "dumb" TURN relay.

And it would just be STUN between each participant and the SFU deployed in the internal network for example.


Nice suggestion, we do this for certain deployments. Amazing what magic you can do in Janus, etc, :)


Why even need STUN, the SFU can join as a WebRTC participant, right? Node.js maybe


STUN is only useful if you're trying to negotiate a P2P connection, which isn't the case when using an SFU. If everything you're doing is going through an SFU then you don't need STUN.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: