The Dream of Peer-to-Peer Communication
Imagine two users:
Alice
BobBoth have Internet connections.
Both have browsers.
Both want to start a video call.
The ideal scenario is:
Alice <---> BobNo realy.
No media server.
No middleman.
Just direct communication.
This is called:
Peer-to-Peer (P2P)Communication.
Why P2P Is Attractive
Let's understand why engineers love P2P.
Lower Latency
Consider:
Alice <--> Server <--> BobEvery packet takes an extra trip.
Now compare:
Alice <--> BobFewer hops.
Lower latency.
Better conversations.
Lower Infrastructure Cost
Suppose 1000 users.
Each video stream:
2 MbpsThrough a server:
1000 x 2 Mbps incoming
1000 x 2 Mbps outgoingMassive bandwidth bills
With P2P:
Alice <--> BobMedia bypasses servers.
Much cheaper.
Better Scalability
Every user no longer consumes larger amounts of server bandwidth.
The system scales better.
This is why P2P became highly desirable.
Why Direct Communication Fails
Let's create the simplest scenarios possible.
Example Network:
Alice:
Public IP: 45.10.20.30
Bob:
Public IP: 88.90.100.110No NAT.
No firewall.
No restrictions.
Connection:
Alice <--> BobWorks.
Easy.
Unfortunately, this is not how the real world works.
The Real Internet
Most users look like this:
Laptop
|
Router
|
InternetThe laptop does not have a public IP.
It has private IP.
Example:
192.168.1.10This changes everything.
The Hidden Device Problem
Alice:
Private IP: 192.168.1.10Bob:
Private IP: 192.168.0.25Now Alice tells Bob:
Connect to: 192.168.1.10Bob tries.
Nothing happens.
Why?
Because:
192.168.1.10exists only inside Alice's local network.
It has no meaning on the public Internet.
Understanding NAT
NAT stands for:
Network Address TranslationIts job:
Private IP
↓
Public IPWhen Alice sends traffic:
192.168.1.10becomes:
49.36.10.25on the Internet.
The router performs this translation.
The Critical NAT Rule
Here is the rule that breaks P2P
NAT devices allow outgoing connections easily.
But they generally block unexpected incoming connections.
This behavior protects users.
Example:
Alice opens:
google.comTraffic:
Alice
↓
Router
↓
GoogleWorks perfectly.
Because the connection started from inside.
Now suppose a random computer on the Internet says:
I want to connect to AliceRouter response:
Who are you?Connection rejected.
Why Routers Behave This Way
Imagine if routers accepted all incoming traffic.
Anyone on the Internet could directly connect to:
Your Laptop
Your Phone
Your Smart TVThis would be a security nightmare.
Therefore routers become gatekeepers.
The Core Problem
Peer-to-peer requires:
Alice -> Bob
Bob -> AliceBut both routers block incoming traffic.
So we get:
Alice ❌ BobNobody can reach anybody.
NAT Translation Tables
Routers keep temporary records.
Example:
Internal: 192.168.1.10:5000
Mapped To: 49.36.10.25:620000This mapping exists only because Alice initiated communication.
The router remembers:
If responses arrive,
send them back to Alice.The Important Observation
The router creates a hole.
Example:
Alice -> InternetRouter temporarily opens:
49.36.10.25:62000Responses can come back through this opening.
This observation led to one of the most important techniques in networking.
Hole Punching
Instead of waiting for incoming traffic, both peers send outgoing traffic first. Since outgoing traffic is allowed:
Alice -> Bob
Bob -> AliceEach router creates temporary mappings.
These mappings creates holes.
Hence the name: NAT Hole Punching.
Example:
Alice's Router:
192.168.1.10:5000
↓
49.36.10.25:62000Bob's Router:
192.168.0.25:7000
↓
88.20.15.90:54000Now each peer learns the other's public mapping.
Alice learns:
88.20.15.90:5000Bob learns:
49.36.10.25:62000Both send packets simultaneously.
Routers see expected traffic.
Connection succeeds.
The Missing Piece
Wait. How does Alice learn:
88.20.15.90:54000And how does Bob learn:
49.36.10.25:62000The cannot magically know.
This creates another problem.
The Discovery Problem
Every peer must learn:
Its Public Addressand
The Other Peer's Public AddressThis requirement gave birth to:
STUN (Session Traversal Utilities for NAT)
Think of STUN as:
"What is my public address?"service.
Unfortunately, Hole Puching doesn't always work.
This is where networking becomes interesting.
Not all NAT devices behave the same way.
Different routers implement different rules.
Some are friendly.
Some are hostile.
NAT Types
Historically, NAT devices were categorized into several behaviors.
Full Cone NAT
Most permissive.
Once a mapping exists:
49.36.10.25:62000Almost anyone can send traffic to it.
Easy for P2P.
Restricted Cone NAT
More restrictive.
Only known endpoints can respond.
Still manageable.
Port Restricted NAT
Even stricter.
IP and pot must match expectations.
Symmetric NAT
The nightmare.
Every destination receive a unique mapping.
Why Symmetric NAT Is a Problem
Hole punching elies on predictability.
Symmetric NAT destroys predictability.
As a result:
Direct P2Poften fails.
The Industry Needed a Backup Plan
Engineers realized:
Direct connections will not always work.
A fallback mechanism was required.
The solution:
TURN: Traversal Using Relays around NAT
Concept:
Instead of:
Alice <---> BobUse:
Alice
|
TURN
|
BobThe TURN server relays traffic.
Everyone can reach the TURN server.
Therefore communication succeeds.
Tradeoffs
STUN
Pros:
Direct connection
Low latency
CheapCons:
Doesn't always workTURN
Pros:
Almost always worksCons:
Higher latency
Higher cost
Consumes bandwidthThe Fundamental Strategy
Modern WebRTC follows this philosophy:
Try Direct Connection FirstIf successful:
Use Direct ConnectionIf unsuccessful:
Fallback to TURNThis strategy minimized cost while maximizing reliability.
The Birth of ICE
At this point we have multiple possibilities:
Direct Public IP
Private Network
STUN Address
TURN RelayWhic path should be used?
Which one is fastest?
Which one actually works?
The industry needed a system to:
- Discover possibilties
- Test possibilities
- Choose the best possibility.
That system became:
ICE: Interactive Connectivity Establishment
The brain of WebRTC networking.
Leave a comment
Your email address will not be published. Required fields are marked *