Three Things You Need To Know About ICE
Posted On December 5, 2017 by Sherwin Sim in Blog, Tutorials
ICE – It’s not just for winter anymore!
Those of you from the Northern hemisphere may think we’re talking about that slippery, frozen form of water that often makes life interesting during the cold winter months.
On the other hand, we are geeks, so of course, we’re talking about another ICE altogether.
Interactive Connectivity Establishment (ICE) is a framework that allows real-time peers to discover and connect to each other. For more (maybe too much) information about how ICE works, please visit this previous blog post: https://temasys.io/webrtc-ice-sorcery/
To use ICE, you don’t necessarily need to know EXACTLY how it works. There is a lot of magic behind the scenes that helps find the best path for peers to connect to each other. Below is a list of several things that application developers DO need to know about ICE.
1: ICE finds the shortest path for your media to travel
Generally, ICE helps discover all the possible network IP and port combinations that your local peer can have. These combinations are called “ICE candidates”. When a new session is established these candidates are checked with the other peer’s or peers’ ICE candidates. ICE looks for the pairs of ICE candidates which provide the shortest path between them, and is secure, and then chooses that pair of candidates to send and receive media and data. This helps reduce latency and makes a big difference when peers are on the same network or even within the same local regions globally.
2. ICE allows us to work through firewalls and NATs
The coolest thing about ICE is that when using the STUN and TURN protocols, ICE helps define and create IP and port candidates that increase the chance that connections will work through different firewalls and NAT devices. These protocols find UDP and TCP ports that allow media to be sent and received from peer to peer, even if a firewall is configured to be especially strict with other types of traffic. Sometimes, it’s necessary to bring even more tools to the table to ensure higher successful connection rates. In our case, Temasys provides an optional, globally scalable TURN service. Temasys TURN helps relay media between peers, when our customers encounter tough firewall and NAT configurations. Typically TURN is really a requirement if you’re working with corporate computing environments. Even then, if you encounter an extremely restrictive or locked down firewall, even ICE with TURN will have difficulty working.
3. ICE can work, even through enterprise grade firewalls
Ok…I know what you are thinking…”I work in one of those extremely restrictive or locked down environments! What am I going to do now?”
It’s true. In some environments, WebRTC just doesn’t work very well. If the ports are blocked, then they are blocked.
Well sometimes you are going to need to ask for help from your friendly corporate IT security team for certain kinds of projects and products. Financial institutions, like banks and insurance companies, healthcare clinics and hospitals, and public sector government networks come to mind. In these cases, we recommend you establish a port configuration guide and arrange to whitelist specific URLs or IP ranges, and then open specific ports to facilitate real-time communications.
Remember, the traffic going through the firewall between the connected peers is still encrypted end-to-end, even when using media relay services (like TURN).
At the most extreme there may be cases where you need a custom setup or private TURN server. Temasys has experience assisting customers in situations like this so if you need help, let us know!
What Do I Need To Beware Of?
We know. ICE sounds fantastic! We agree. The ICE framework really solves a lot of connectivity issues for real-time traffic. However, there are some drawbacks, the largest being increased connection times. Delays in setup time may not be acceptable for some use cases. Of course, not being able to establish connections at all is the worst-case scenario and the tradeoffs between connection success and a “longer-than-ideal” connection time are things we have to evaluate all the time.
What’s more, the IETF and its volunteer-members have attempted to address these issues by making improvements to ICE. One example is the Trickle-ICE protocol https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/. Another is QUIC https://datatracker.ietf.org/wg/quic/about/.
Ready to get started? Create a free developer account at https://console.temasys.io
Check out sample code and demos and other free resources: https://temasys.io/developers/code/
We’re ready to help! Contact us at http://support.temasys.io