原文链接:https://datatracker.ietf.org/doc/html/rfc8445#section-2
2、Overview of ICE【ICE总览】
In a typical ICE deployment, there are two endpoints (ICE agents) that want to communicate.
在典型的ICE部署中,有两个需要通信的端点(ICE代理)。
Note that ICE is not intended for NAT traversal for the signaling protocol, which is assumed to be provided via another mechanism.
注意,ICE被假定为通过另一种机制提供的,而不是用于信令协议的NAT穿越。
ICE assumes that the agents are able to establish a signaling connection between each other.
ICE 假设代理之间能够建立信令连接。
Initially, the agents are ignorant of their own topologies.
最初,代理们不知道自己的拓扑。
In particular, the agents may or may not be behind NATs (or multiple tiers of NATs).
具体来说,代理们可能在NATs(或多层NATs)之后,也可能不在其后。
ICE allows the agents to discover enough information about their topologies to potentially find one or more paths by which they can establish a data session.
ICE允许代理们发现足够多有关其拓扑的信息,从而可能找到一条或多条可以建立数据会话的路径。
Figure 1 shows a typical ICE deployment. The agents are labeled L and R. Both L and R are behind their own respective NATs, though they may not be aware of it.
如图1所示为一个典型的ICE部署。代理分别被标记为L和R。L和R都在各自的NATs后面,尽管他们可能没有意识到。
The type of NAT and its properties are also unknown.
NAT的类型和属性也是未知的。
L and R are capable of engaging in a candidate exchange process, whose purpose is to set up a data session between L and R.
L和R能够参与候选(candidate)交换的过程,其目的是在L和R之间建立一个数据会话。
Typically, this exchange will occur through a signaling server (e.g., a SIP proxy).
通常,这种交换将通过信令服务器(例如,SIP代理)进行。
In addition to the agents, a signaling server, and NATs, ICE is typically used in concert with STUN or TURN servers in the network.
除了代理、信令服务器和NATs外,ICE通常与网络中的STUN或TURN服务器协同使用。
Each agent can have its own STUN or TURN server, or they can be the same.
每个代理可以有各自的或相同的STUN或TURN服务器。
The basic idea behind ICE is as follows:
ICE的基本思想如下:
each agent has a variety of candidate transport addresses (combination of IP address and port for a particular transport protocol, which is always UDP in this specification) it could use to communicate with the other agent.
每个代理都有各种候选传输地址(特定传输协议的IP地址和端口的组合,在本规范中通常是UDP),它可以用来与另一个代理通信。
These might include:
这些可能包括:
- A transport address on a directly attached network interface 一个直连网络接口的传输地址
- A translated transport address on the public side of a NAT (a “server-reflexive” address) NAT公共端转换后的传输地址(“服务器自反”地址)
- A transport address allocated from a TURN server (a “relayed address”) 从TURN 服务器分配的传输地址(“中继地址”)
Potentially, any of L’s candidate transport addresses can be used to communicate with any of R’s candidate transport addresses.
L的任何候选传输地址都可能用于与R的任何候选传输地址通信
In practice, however, many combinations will not work.
然而,在实践中,许多组合都不起作用。
For instance, if L and R are both behind NATs, their directly attached interface addresses are unlikely to be able to communicate directly (this is why ICE is needed, after all!).
例如,如果L和R都在NATs后面,它们直接连接的接口地址不太可能直接通信(这就是为什么需要ICE)
The purpose of ICE is to discover which pairs of addresses will work.
ICE的宗旨在于发现哪些地址对是有用的。
The way that ICE does this is to systematically try all possible pairs (in a carefully sorted order) until it finds one or more that work.
ICE的方法是系统地尝试所有可能的配对(按照 仔细排序的顺序),直到找到一个或多个可行的配对。
2.1. Gathering Candidates【收集Candidate】
In order to execute ICE, an ICE agent identifies and gathers one or more address candidates.
为了执行ICE, ICE代理标识并收集一个或多个候选地址。
A candidate has a transport address – a combination of IP address and port for a particular transport protocol (with only UDP specified here).
一个候选者有一个传输地址——特定传输协议(此处仅指定UDP)的IP地址和端口的组合。
There are different types of candidates; some are derived from physical or logical network interfaces, and others are discoverable via STUN and TURN.
有不同类型的候选者;其中一些来自物理或逻辑网络接口,另一些则可以通过STUN和TURN发现。
The first category of candidates are those with a transport address obtained directly from a local interface. Such a candidate is called a “host candidate”.
第一类候选者是那些直接从本地接口获得传输地址的对象。这样的候选者称为“主候选者”。
The local interface could be Ethernet or Wi-Fi, or it could be one that is obtained through a tunnel mechanism, such as a Virtual Private Network (VPN) or Mobile IP (MIP).
本地接口可以是以太网或Wi-Fi,也可以是通过隧道机制获取的接口,如VPN或MIP。
In all cases, such a network interface appears to the agent as a local interface from which ports (and thus candidates) can be allocated.
在所有情况下,这样的网络接口对代理而言似乎是可以从中分配端口(以及候选者)的本地接口。
Next, the agent uses STUN or TURN to obtain additional candidates.
接下来,代理使用STUN或TURN来获得额外的候选者。
These come in two flavors: translated addresses on the public side of a NAT (server-reflexive candidates) and addresses on TURN servers (relayed candidates).
它们有两种形式:NAT的公共端转换后的地址(server-reflexive candidates)和TURN服务器上的地址(中继候选)。
When TURN servers are utilized, both types of candidates are obtained from the TURN server.
当使用TURN服务器时,从TURN服务器获得上述两种候选者类型。
If only STUN servers are utilized, only server-reflexive candidates are obtained from them.
如果只使用STUN服务器,则只能获得server-reflexive candidates。
The relationship of these candidates to the host candidate is shown in Figure 2. In this figure, both types of candidates are discovered using TURN.
这些候选对象与主机候选对象的关系如图2所示。在这个图中,这两种候选都是使用TURN发现的。
In the figure, the notation X:x meansIP address X and UDP port x.
图中X:x 表示sip地址X和UDP端口号x。
When the agent sends a TURN Allocate request from IP address and port X:x, the NAT (assuming there is one) will create a binding X1’:x1’, mapping this server-reflexive candidate to the host candidate X:x.
当代理从IP地址和端口X: x发送一个TURN分配请求时,NAT(假设有一个)将创建一个绑定的X1’: x1’,将此 server-reflexive candidate 映射到主机候选者X: x。
Outgoing packets sent from the host candidate will be translated by the NAT to the server-reflexive candidate.
从 host candidate发送出去的报文将被NAT转换为server-reflexive candidate。
Incoming packets sent to the server-reflexive candidate will be translated by the NAT to the host candidate and forwarded to the agent.
发送到server-reflexive candidate的入站数据包将被NAT转换到 host candidate ,并转发给代理。
The host candidate associated with a given server-reflexive candidate is the “base”.
与给定server-reflexive candidate相关联的host candidate是“Base”。
Note: “Base” refers to the address an agent sends from for a particular candidate. Thus, as a degenerate case, host candidates also have a base, but it’s the same as the host candidate.
注意:“Base”指代理为特定candidate发送的地址。因此,作为一种退化情况,host candidates也有一个“Base”,但与host candidates相同。
When there are multiple NATs between the agent and the TURN server, the TURN request will create a binding on each NAT, but only the outermost server-reflexive candidate (the one nearest the TURN server) will be discovered by the agent.
当代理和TURN服务器之间有多个NAT时,TURN请求会在每个NAT上创建一个绑定,但只有最外面的server-reflexive candidate(离TURN服务器最近的那个)会被代理发现。
If the agent is not behind a NAT, then the base candidate will be the same as the server- reflexive candidate, and the server-reflexive candidate is redundant and will be eliminated.
如果代理不在NAT后面,那么 base candidate 将与server- reflexive candidate,并且server- reflexive candidate是冗余的,将被删除。
The Allocate request then arrives at the TURN server.
分配请求然后到达TURN服务器。
The TURN server allocates a port y from its local IP address Y, and generates an Allocate response, informing the agent of this relayed candidate.
TURN服务器从它的本地IP地址Y分配端口y,并生成一个分配响应,把这个被转发的候选者通知给代理。
The TURN server also informs the agent of the server-reflexive candidate, X1’:x1’, by copying the source transport address of the Allocate request into the Allocate response.
TURN服务器通过将分配请求的源传输地址复制到分配响应中来把server-reflexive candidate X1’: x1’通知给代理。
The TURN server acts as a packet relay, forwarding traffic between L and R.
TURN 服务器作为包中继,转发L和R之间的流量。
In order to send traffic to L, R sends traffic to the TURN server at Y:y, and the TURN server forwards that to X1’:x1’,
为了将流量发送给L, R将流量发送给TURN 服务器Y: y,TURN 服务器将流量转发给X1’: x1’,
which passes through the NAT where it is mapped to X:x and delivered to L.
它通过NAT映射到X: X,并交付给L。
When only STUN servers are utilized, the agent sends a STUN Binding request to its STUN server.
当只使用STUN服务器时,代理发送一个STUN绑定请求 [RFC5389] 到它的STUN服务器。
The STUN server will inform the agent of the server-reflexive candidate X1’:x1’ by copying the source transport address of the Binding request into the Binding response.
STUN服务器将通过将绑定请求的源传输地址复制到绑定响应中,把server-reflexive candidate X1’:x1’通知给代理。
2.2. Connectivity Checks【连接检查】
Once L has gathered all of its candidates, it orders them by highest-to-lowest priority and sends them to R over the signaling channel.
一旦L收集了所有的candidates,它就按从高到低的优先级对它们进行排序,并通过信令通道将它们发送给R。
When R receives the candidates from L, it performs the same gathering process and responds with its own list of candidates.
当R从L接收candidates时,它执行相同的收集过程,并以自己的candidates列表进行响应。
At the end of this process, each ICE agent has a complete list of both its candidates and its peer’s candidates.
在这个过程结束时,每个ICE代理都有一个完整的candidates 名单,包括自己的candidates 和peer的candidates 。
It pairs them up, resulting in candidate pairs. To see which pairs work, each agent schedules a series of connectivity checks.
它将它们配对,产生candidate 对。为了查看哪几对有作用,每个代理都安排了一系列连接检查。
Each check is a STUN req/resp transaction that the client will perform on a particular candidate pair by sending a STUN request from the local candidate to the remote candidate.
每个检查都是一个STUN 请求/响应 事务,客户端将通过从本地candidate 向远程candidate 发送STUN请求,对特定的candidate 对执行该事务。
The basic principle of the connectivity checks is simple:
连接检查的基本原理很简单:
-
Sort the candidate pairs in priority order. 按照优先级顺序对candidate 对进行排序。
-
Send checks on each candidate pair in priority order.按优先级顺序发送对每个candidate 对的检查。
-
Acknowledge checks received from the other agent. 确认收到另一个代理的确认。
With both agents performing a check on a candidate pair, the result is a 4-way handshake:
两个代理都对一个candidate 对执行检查,使用了一个四次握手:
Consequently, agents demultiplex STUN and data using the contents of the packets rather than the port on which they are received.
因此,代理将STUN和数据解复用使用包的内容而不是接收到它们的端口。
Because a STUN Binding request is used for the connectivity check, the STUN Binding response will contain the agent’s translated transport address on the public side of any NATs between the agent and its peer.
由于连接检查使用STUN绑定请求,所以STUN绑定响应将包含代理与它的peer之间的任何NATs的公共端转换后的传输地址。
If this transport address is different from that of other candidates the agent already learned, it represents a new candidate (peer-reflexive candidate), which then gets tested by ICE just the same as any other candidate.
如果这个传输地址与代理已知的其他candidate的地址不同,它就代表了一个新的candidate(peer-reflexive candidate),然后由ICE进行测试,就像任何其他candidate一样。
Because the algorithm above searches all candidate pairs, if a working pair exists, the algorithm will eventually find it no matter what order the candidates are tried in.
因为上面的算法搜索所有的candidate对,如果有一个可用的对存在,无论candidate配对的顺序如何,算法最终都会找到它。
In order to produce faster (and better) results, the candidates are sorted in a specified order.
为了产生更快(更好)的结果,候选对象按照指定的顺序排序。
The resulting list of sorted candidate pairs is called the “checklist”.
排序的candidate对的结果列表称为“checklist(检查表)”。
The agent works through the checklist by sending a STUN request for the next candidate pair on the list periodically. These are called “ordinary checks”.
代理通过定期向列表中的下一个candidate对发送一个STUN请求来处理checklist。这被称为“ordinary checks(常规检查。我猜的)”。
When a STUN transaction succeeds, one or more candidate pairs will become so-called “valid pairs” and will be added to a candidate-pair list called the “valid list”.
当一个STUN事务成功时,一个或多个候选对将成为所谓的“有效对”,并将被添加到称为“有效列表”的候选对列表中。
As an optimization, as soon as R gets L’s check message, R schedules a connectivity-check message to be sent to L on the same candidate pair.
为了优化,一旦R收到L确认信息,R就会安排一条连接检查消息在同一个candidate对上发送给L。
This is called a “triggered check”, and it accelerates the process of finding valid pairs.
这称为“触发检查”,它加速了查找有效对的过程。
At the end of this handshake, both L and R know that they can send (and receive) messages end to end in both directions.
在握手结束时,L和R都知道他们可以在两个方向端对端发送(和接收)消息。
In general, the priority algorithm is designed so that candidates of a similar type get similar priorities so that more direct routes (that is, routes without data relays or NATs) are preferred over indirect routes (routes with data relays or NATs).
一般情况下,优先级算法的设计是为了使相似类型的candidate路由获得接近的优先级,使得更多的直接路由(没有数据中继或NATs的路由)比间接路由(有数据中继或NATs的路由)更受青睐。
Within those guidelines, however, agents have a fair amount of discretion about how to tune their algorithms.
然而,在这些指导方针中,代理对于如何调整他们的算法有相当大的自由裁量权。
A data stream might consist of multiple components (pieces of a data stream that require their own set of candidates, e.g., RTP and RTCP).
一个数据流可能由多个组件组成(数据流的片段需要它们自己的candidate集合,例如RTP和RTCP)。
2.3. Nominating Candidate Pairs and Concluding ICE
【指定Candidate 组合,结束ICE】
ICE assigns one of the ICE agents in the role of the controlling agent, and the other in the role of the controlled agent.
ICE指定其中一种ICE代理作为控制代理,另一种作为被控制代理。
For each component of a data stream, the controlling agent nominates a valid pair (from the valid list) to be used for data.
对于数据流的每个组件,控制代理指定一个用于数据的有效对(从有效列表中)。
The exact timing of the nomination is based on local policy.
指定的确切时间取决于本地策略。
When nominating, the controlling agent lets the checks continue until at least one valid pair for each component of a data stream is found,
在指定时,控制代理允许继续检查,直到为数据流的每个组件找到至少一对有效的配对,
and then it picks a valid pair and sends a STUN request on that pair, using an attribute to indicate to the controlled peer that it has been nominated. This is shown in Figure 4.
然后,它选择一个有效的配对,并对该配对发送一个STUN请求,使用一个属性来通知被控制的peer 它已被指定。如图4所示。
If the transactions above succeed, the agents will set the nominated flag for the pairs and will cancel any future checks for that component of the data stream.
如果上述事务成功,代理将为这些对设置指定标志,并取消之后对数据流的该组件的任何检查。
Once an agent has set the nominated flag for each component of a data stream, the pairs become the selected pairs.
一旦代理为数据流的每个组件设置了指定标志,这些对就成为被选中的对。
After that, only the selected pairs will be used for sending and receiving data associated with that data stream.
在此之后,只有选定的对将用于发送和接收与该数据流相关的数据。
2.4. ICE Restart【重启ICE】
Once ICE is concluded, it can be restarted at any time for one or all of the data streams by either ICE agent.
一旦ICE结束,任何一个ICE代理都可以在任何时间为一个或所有数据流重新启动。
This is done by sending updated candidate information indicating a restart.
这是通过发送更新候选信息的重启指示来实现的。
2.5. Lite Implementations【Lite的实现】
Certain ICE agents will always be connected to the public Internet and have a public IP address at which it can receive packets from any correspondent.
某些ICE代理将始终连接到公共Internet,并拥有一个公共IP地址,在该地址上它可以接收来自任何通信者的数据包。
To make it easier for these devices to support ICE, ICE defines a special type of implementation called “lite” (in contrast to the normal full implementation).
为了使这些设备更容易支持ICE, ICE定义了一种特殊类型的实现,称为“lite”(与普通的完全实现相反)。
Lite agents only use host candidates and do not generate connectivity checks or run state machines, though they need to be able to respond to connectivity checks.
Lite代理只使用主候选,不生成连接性检查也不运行状态机,尽管它们需要响应连接性检查。
扫一扫
380
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
