Q-TURN Enabling WebRTC (An SBC for WebRTC)
Q-TURN is an Ingate technology for enabling high-quality real-time communication for WebRTC or other protocols using ICE (Interactive Connectivity Establishment, RFC 5245). In Ingate products, Q-TURN is a module within an Ingate Firewall® or SIParator®.
By integrating the TURN server into the NAT/firewall itself (or in parallel with it), real-time media will take the shortest path, restrictive enterprise firewalls can be enabled for WebRTC, Quality (prioritization and traffic shaping) is added and accounting can be done.
WebRTC is person-to-person real-time multimedia communication directly within the Web browser using the PC’s or smartphone’s HiFi voice, HD video and data capabilities. WebRTC is driven by Google and is being standardized by IETF (the Internet standardization organization) and W3C (the Web technologies standardization organization).
Real-Time Traffic Requires Better Network Access and Pipes
VoIP, Unified Communication and the new WebRTC high-quality voice and video communication between Web browsers need to traverse NATs and firewalls that usually are made only for data communication. For SIP-based person-to-person communication, session border controllers (SBCs) are used in parallel with or built into firewalls, while WebRTC-based real-time communication uses the protocols ICE/STUN/TURN to traverse NATs and firewalls.
However, since the STUN and TURN servers usually are deployed on the public Internet, it leaves the firewall unaware of the real-time traffic; the firewall cannot prioritize the critical traffic, and with restrictive firewalls, the real-time traffic may not even pass through. Therefore, Ingate has developed Q-TURN which is integrated into Ingate’s Firewalls and SIParators® (SBCs). Ingate’s Q-TURN technology can also be integrated into other vendor’s products on an OEM basis.
Q-TURN Adds the Following to WebRTC Real-Time Traffic:
Enables WebRTC traffic through restrictive enterprise firewalls
Prioritization and traffic shaping for high-quality voice and video
Diffserv or RVSP quality of service (QoS) over the network
Authentication, allowance to use the high-quality TURN path
Accounting, reporting usage of the high-quality TURN path
Q-TURN for the Enterprise
The Q-TURN module in Ingate’s Firewall and SIParator solve two severe problems when using global WebRTC communication on the enterprise LAN: WebRTC communication often does not traverse restrictive enterprise firewalls [footnote 1] and WebRTC traffic competes with Internet data traffic, which leads to inferior quality.
Ingate’s Q-TURN-equipped E-SBC catches the real-time traffic, giving it a priority path through the enterprise firewall by prioritizing the real-time traffic over the data traffic, while keeping the total traffic below the available bandwidth (traffic shaping). It will also mark the real-time traffic for quality handling by network.
The Ingate E-SBC also enables SIP-based real-time communication and SIP trunking (with the Ingate SIP Trunking Software Module), allowing both global SIP-based and WebRTC-based real-time communication on the enterprise LAN.
Ingate’s Q-TURN as an Ordinary TURN Server
The Ingate Q-TURN module in an Ingate Firewall or SIParator can also be used as an ordinary TURN server on the Internet. There it can be used by application providers to enable their WebRTC-based applications to reach users behind NATs and firewalls. Some of the special features of the Ingate TURN server are that it is inside its own firewall, protected from DoS attacks, and that it is has IP address-based authentication in addition to the other methods used for authenticating usage of the TURN server.
Q-TURN for the Network Provider
Network providers (e.g. carriers) can offer their subscribers a “WebRTC-ready” broadband using Ingate’s Q-TURN SBCs at their accesses. The subscribers then always get working WebRTC communication with superior quality of the real-time traffic.
Network providers using Ingate’s Q-TURN products will be able to measure the real-time traffic separately from the data traffic, allowing the network provider to offer subscriptions with new price plans based on both data and real-time traffic usage. Ingate’s E-SBC products offer the same capability for SIP-based real-time communication.
A Healthy Win-Win Economy for Users and Carriers
Ingate’s new products with SIP proxies and TURN servers at the carrier demarcation point will allow the already-available bandwidth to be used for high-quality real-time traffic delivery in addition to best-effort data delivery.
Using Q-TURN, the future loss of income from the specific telephone networks can be replaced by prioritized OTT and Internet traffic, charged separately from the less valuable data traffic. This Internet+ model applies to fixed, Wi-Fi and mobile broadband delivery of both SIP and WebRTC traffic.
Ingate’s Q-TURN products are integrated into the E-SBC Firewall and SIParator products, which already offer similar features for SIP-based real-time communication. The Internet+ model using standardized quality end-to-end SIP over the Internet, with real-time usage measured separately from data usage, now also applies to WebRTC and any real-time protocol using ICE for NAT/firewall traversal.
Q-TURN for Mobile Networks’ OTT Internet Channel
The mobile 3G and 4G networks offer more and more bandwidth for data usage over the OTT Internet channel, while a smaller and smaller fraction of the radio bandwidth is being used for telephony, which traditionally has been the cash cow.
Beyond POTS (Plain Old Telephony Service) telephony and new WebRTC real-time communication will happen over the OTT/Internet channel, but they need priority over the data traffic crowding the same network.
Q-TURN detects WebRTC traffic, gives it priority over data traffic and counts customers’ real-time and data traffic usage separately, allowing mobile providers to offer ”WebRTC-ready” access to their customers at new and attractive price plans.
With Q-TURN at the mobile DPI (Deep Packet Inspection) point, the WebRTC real-time traffic initiated by the ICE/STUN/TURN protocols is detected, whereby the required bandwidth can be reserved for perfect quality and the customers’ usage can be counted and reported separately from the data usage.
With smartphones having WebRTC browsers we can get high-quality video conference telepresence terminals in everyone’s pocket.
[footnote 1] Or a work-around method may be available that traverses a firewall using the always-open TCP ports 80 or 443, resulting in RTP real-time traffic over TCP instead of UDP. However, that leads to poor quality of the communications due to TCP retransmissions.
Making Your Enterprise Ready for WebRTC
Ingate WebRTC Demo June 2014
Realistic Future Service Provider Opportunities
ICE Turn Stun and Security
Ingate WebRTC Demo June 2013
Video of the WebRTC Demo June 2013
WebRTC in the Enterprise
WebRTC Security in the Enterprise
Enabling the Internet for Real-time Communications
Integrates WebRTC with your PBX and UC Solution
- The Web browser as the PBX soft client
- The Web browser for remote users
- Click on the company web site to dial in
- Pass a link to persons for joining a call