原文链接:https://datatracker.ietf.org/doc/html/rfc8445#section-15
15. Examples【示例】
This section shows two ICE examples: one using IPv4 addresses and one using IPv6 addresses.
本节展示了两个 ICE 示例:一个使用 IPv4 地址,一个使用 IPv6 地址。
To facilitate understanding, transport addresses are listed using variables that have mnemonic names. The format of the name is entity-type-seqno:
为了便于理解,使用具有助记名称的变量列出传输地址。 名称的格式是entity-type-seqno:
“entity” refers to the entity whose IP address the transport address is on and is one of “L”, “R”, “STUN”, or “NAT”.
“entity”是指传输地址所在IP地址的实体,是“L”、“R”、“STUN”或“NAT”之一。
The type is either “PUB” for transport addresses that are public or “PRIV” for transport addresses that are private [RFC1918].
公共的传输地址的类型是“PUB”,私有的传输地址的类型是“PRIV”[RFC1918]。
Finally, seq-no is a sequence number that is different for each transport address of the same type on a particular entity.
最后,seq-no 是一个序列号,对于特定实体上相同类型的每个传输地址,它是不同的。
Each variable has an IP address and port, denoted by varname.IP and varname.PORT, respectively, where varname is the name of the variable.
每个变量都有一个 IP 地址和端口,分别用 varname.IP 和 varname.PORT 表示,其中 varname 是变量的名称。
In the call flow itself, STUN messages are annotated with several attributes.
在呼叫流程中,STUN 消息使用几个属性进行注释。
The “S=” attribute indicates the source transport address of the message.
“S=”属性表示消息的源传输地址。
The “D=” attribute indicates the destination transport address of the message.
“D=”属性表示消息的目的传输地址。
The “MA=” attribute is used in STUN Binding response messages and refers to the mapped address.
“MA=”属性用于 STUN Binding 响应消息,并指映射地址。
“USE-CAND” implies the presence of the USE-CANDIDATE attribute.
“USE-CAND”意味着存在 USE-CANDIDATE 属性。
The call flow examples omit STUN authentication operations and focus on a single data stream between two full implementations.
调用流程示例省略了 STUN 身份验证操作,并专注于两个完整实现之间的单个数据流。
15.1. Example with IPv4 Addresses【IPv4地址示例】
The example below is using the topology shown in Figure 7.
下面的示例使用图 7 中所示的拓扑。
In the example, ICE agents L and R are full ICE implementations.
在示例中,ICE 代理 L 和 R 是完整的 ICE 实现。
Both agents have a single IPv4 address, and both are configured with the same STUN server.
两个代理都有一个 IPv4 地址,并且都配置了相同的 STUN 服务器。
The NAT has an endpoint-independent mapping property and an address-dependent filtering property.
NAT 有一个独立于端点的映射属性和一个依赖于地址的过滤属性。
The IP addresses of the ICE agents, the STUN server, and the NAT are shown below:
ICE 代理、STUN 服务器和 NAT 的 IP 地址如下所示:
实体 | IP 地址 | 助记符名称 |
---|---|---|
ICE 代理 L: | 10.0.1.1 | L-PRIV-1 |
ICE 代理 R: | 192.0.2.1 | R-PUB-1 |
STUN 服务器: | 192.0.2.2 | STUN-PUB-1 |
NAT (公共的): | 192.0.2.3 | NAT-PUB-1 |
Messages 1-4: Agent L gathers a host candidate from its local IP address, and from that it sends a STUN Binding request to the STUN server. The request creates a NAT binding. The NAT public IP address of the binding becomes agent L’s server-reflexive candidate.
消息 1-4:代理 L 从其本地 IP 地址收集一个host候选,并从中向 STUN 服务器发送一个 STUN 绑定请求。 该请求创建一个 NAT 绑定。绑定的 NAT 公共 IP 地址成为代理 L 的server-reflexive候选。
Message 5: Agent L sends its local candidate information to agent R, using the signaling protocol associated with the ICE usage.
消息 5:代理 L 使用与 ICE 使用相关的信令协议将其本地候选信息发送给代理 R。
Messages 6-7: Agent R gathers a host candidate from its local IP address, and from that it sends a STUN Binding request to the STUN server. Since agent R is not behind a NAT, R’s server-reflexive candidate will be identical to the host candidate.
消息 6-7:代理 R 从其本地 IP 地址收集一个候选主机,并从中向 STUN 服务器发送一个 STUN 绑定请求。 由于代理 R 不在 NAT 之后,因此 R 的server-reflexive候选将与host候选相同。
Message 8: Agent R sends its local candidate information to agent L, using the signaling protocol associated with the ICE usage.
消息 8:代理 R 使用与 ICE 使用相关的信令协议将其本地候选信息发送给代理 L。
Since both agents are full ICE implementations, the initiating agent (agent L) becomes the controlling agent.
由于两个代理都是完整的 ICE 实现,因此启动代理(代理 L)成为控制代理。
Agents L and R both pair up the candidates. Both agents initially have two pairs.
代理 L 和 R 都将候选人配对。 两个代理最初都有两对。
However, agent L will prune the pair containing its server-reflexive candidate, resulting in just one (L1). At agent L, this pair has a local candidate of $L_PRIV_1 and a remote candidate of $R_PUB_1.
但是,代理 L 将精简包含其server-reflexive 候选的对,从而仅生成一个 (L1)。在代理 L,这对有一个本地候选 $L_PRIV_1 和一个远端候选 $R_PUB_1。
At agent R, there are two pairs. The highest-priority pair (R1) has a local candidate of $R_PUB_1 and a remote candidate of $L_PRIV_1, and the second pair (R2) has a local candidate of $R_PUB_1 and a remote candidate of $NAT_PUB_1.
在代理 R,有两对。 最高优先级对 (R1) 具有 $R_PUB_1 的本地候选和 $L_PRIV_1 的远端候选,第二对 (R2) 具有 $R_PUB_1 的本地候选和 $NAT_PUB_1 的远程候选。
The pairs are shown below (the pair numbers are for reference purposes only):
配对如下所示(配对编号仅供参考):
候选对
实体 | 本地 | 远端 | 候选对助记符 | 有效列表 |
---|---|---|---|---|
ICE 代理L: | L_PRIV_1 | R_PUB_1 | L1 | |
ICE 代理 R: | R_PUB_1 | L_PRIV_1 | R1 | |
R_PUB_1 | NAT_PUB_1 | R2 |
Message 9: Agent R initiates a connectivity check for pair #2. As the remote candidate of the pair is the private address of agent L, the check will not be successful, as the request cannot be routed from R to L, and will be dropped by the network.
消息 9:代理 R 启动候选对R1 的连接检查。 由于该对的远程候选者是代理 L 的私有地址,因此检查将不会成功,因为请求无法从 R 路由到 L,并且将被网络丢弃。
Messages 10-13: Agent L initiates a connectivity check for pair L1. The check succeeds, and L creates a new pair (L2). The local candidate of the new pair is $NAT_PUB_1, and the remote candidate is $R_PUB_1. The pair (L2) is added to the valid list of agent L. Agent L can now send and receive data on the pair (L2) if it wishes.
消息 10-13:代理 L 启动对候选对L1 的连接检查。 检查成功,L 创建一个新的候选对 (L2)。 新对的本地候选者是 $NAT_PUB_1,远程候选者是 $R_PUB_1。 对 (L2) 被添加到代理 L 的有效列表中。代理 L 现在可以根据需要在对 (L2) 上发送和接收数据。
候选对
实体 | 本地 | 远端 | 候选对助记符 | 有效列表 |
---|---|---|---|---|
ICE 代理L: | L_PRIV_1 | R_PUB_1 | L1 | |
NAT_PUB_1 | R_PUB_1 | L2 | √ | |
ICE 代理 R: | R_PUB_1 | L_PRIV_1 | R1 | |
R_PUB_1 | NAT_PUB_1 | R2 |
Messages 14-17: When agent R receives the Binding request from agent L (message 11), it will initiate a triggered connectivity check. The pair matches one of agent R’s existing pairs (R2). The check succeeds, and the pair (R2) is added to the valid list of agent R. Agent R can now send and receive data on the pair (R2) if it wishes.
消息 14-17:当代理 R 收到代理 L 的绑定请求(消息 11)时,它将启动触发的连接检查。 该对匹配代理 R 的现有对 (R2) 之一。 检查成功,并且该对 (R2) 被添加到代理 R 的有效列表中。代理 R 现在可以根据需要在该对 (R2) 上发送和接收数据。
候选对
实体 | 本地 | 远端 | 候选对助记符 | 有效列表 |
---|---|---|---|---|
ICE 代理L: | L_PRIV_1 | R_PUB_1 | L1 | |
NAT_PUB_1 | R_PUB_1 | L2 | √ | |
ICE 代理 R: | R_PUB_1 | L_PRIV_1 | R1 | |
R_PUB_1 | NAT_PUB_1 | R2 | √ |
Messages 18-21: At some point, the controlling agent (agent L) decides to nominate a pair (L2) in the valid list. It performs a connectivity check on the pair (L2) and includes the USE-CANDIDATE attribute in the Binding request. As the check succeeds, agent L sets the nominated flag value of the pair (L2) to ‘true’, and agent R sets the nominated flag value of the matching pair (R2) to ‘true’.
消息 18-21:在某个时刻,控制代理(代理 L)决定在有效列表中指定一对(L2)。 它在对 (L2) 上执行连接检查,并在绑定请求中包含 USE-CANDIDATE 属性。 当检查成功时,代理 L 将该对 (L2) 的指定标志值设置为“真”,而代理 R 将匹配对 (R2) 的指定标志值设置为“真”。
As there are no more components associated with the stream, the nominated pairs become the selected pairs. Consequently, processing for this stream moves into the Completed state. The ICE process also moves into the Completed state.
由于没有更多的组件与流相关联,因此指定的对成为选定的对。 因此,对此流的处理将进入 Completed 状态。 ICE 进程也进入 Completed 状态。
15.2. Example with IPv6 Addresses【IPv6地址示例】
The example below is using the topology shown in Figure 9.
下面的示例使用图 9 中所示的拓扑。
In the example, ICE agents L and R are full ICE implementations.
在示例中,ICE 代理 L 和 R 是完整的 ICE 实现。
Both agents have a single IPv6 address, and both are configured with the same STUN server.
两个代理都有一个 IPv6 地址,并且都配置了相同的 STUN 服务器。
The IP addresses of the ICE agents and the STUN server are shown below:
ICE 代理和 STUN 服务器的 IP 地址如下所示:
实体 | IP 地址 | 助记符名称 |
---|---|---|
ICE 代理 L: | 2001:db8::3 | L-PUB-1 |
ICE 代理 R: | 2001:db8::5 | R-PUB-1 |
STUN 服务器: | 2001:db8::9 | STUN-PUB-1 |
Messages 1-2: Agent L gathers a host candidate from its local IP address, and from that it sends a STUN Binding request to the STUN server. Since agent L is not behind a NAT, L’s server-reflexive candidate will be identical to the host candidate.
消息 1-2:代理 L 从其本地 IP 地址收集host候选,并从中向 STUN 服务器发送 STUN 绑定请求。 由于代理 L 不在 NAT 后面,因此 L 的server-reflexive 候选将与主host候选相同。
Message 3: Agent L sends its local candidate information to agent R, using the signaling protocol associated with the ICE usage.
消息 3:代理 L 使用与 ICE 使用相关的信令协议将其本地候选信息发送给代理 R。
Messages 4-5: Agent R gathers a host candidate from its local IP address, and from that it sends a STUN Binding request to the STUN server. Since agent R is not behind a NAT, R’s server-reflexive candidate will be identical to the host candidate.
消息 4-5:代理 R 从其本地 IP 地址收集一个host主机,并从中向 STUN 服务器发送一个 STUN 绑定请求。 由于代理 R 不在 NAT 之后,因此 R 的server-reflexive 候选将与主host候选相同。
Message 6: Agent R sends its local candidate information to agent L, using the signaling protocol associated with the ICE usage.
消息 6:代理 R 使用与 ICE 使用相关的信令协议将其本地候选信息发送给代理 L。
Since both agents are full ICE implementations, the initiating agent (agent L) becomes the controlling agent.
由于两个代理都是完整的 ICE 实现,因此启动代理(代理 L)成为控制代理。
Agents L and R both pair up the candidates. Both agents initially have one pair each.
代理 L 和 R 都将候选人配对。 两个代理最初各有一对。
At agent L, the pair (L1) has a local candidate of $L_PUB_1 and a remote candidate of $R_PUB_1.
在代理 L 处,候选对 (L1) 有一个本地候选 $L_PUB_1 和一个远端候选 $R_PUB_1。
At agent R, the pair (R1) has a local candidate of $R_PUB_1 and a remote candidate of $L_PUB_1.
在代理 R,候选对 (R1) 有一个本地候选 $R_PUB_1 和一个远端候选 $L_PUB_1。
The pairs are shown below (the pair numbers are for reference purpose only):
配对如下所示(配对编号仅供参考):
候选对
实体 | 本地 | 远端 | 候选对助记符 | 有效列表 |
---|---|---|---|---|
ICE 代理L: | L_PUB_1 | R_PUB_1 | L1 | |
ICE 代理 R: | R_PUB_1 | L_PUB_1 | R1 |
Messages 7-8: Agent L initiates a connectivity check for pair L1. The check succeeds, and the pair (L1) is added to the valid list of agent L. Agent L can now send and receive data on the pair (L1) if it wishes.
消息 7-8:代理 L 启动对 L1 的连接检查。 检查成功,配对 (L1) 被添加到代理 L 的有效列表中。代理 L 现在可以根据需要在配对 (L1) 上发送和接收数据。
候选对
实体 | 本地 | 远端 | 候选对助记符 | 有效列表 |
---|---|---|---|---|
ICE 代理L: | L_PUB_1 | R_PUB_1 | L1 | √ |
ICE 代理 R: | R_PUB_1 | L_PUB_1 | R1 |
Messages 9-10: When agent R receives the Binding request from agent L (message 7), it will initiate a triggered connectivity check. The pair matches agent R’s existing pair (R1). The check succeeds, and the pair (R1) is added to the valid list of agent R. Agent R can now send and receive data on the pair (R1) if it wishes.
消息 9-10:当代理 R 收到代理 L 的绑定请求(消息 7)时,它将启动触发的连接检查。 该对匹配代理 R 的现有对 (R1)。 检查成功,并且对 (R1) 被添加到代理 R 的有效列表中。代理 R 现在可以根据需要在对 (R1) 上发送和接收数据。
候选对
实体 | 本地 | 远端 | 候选对助记符 | 有效列表 |
---|---|---|---|---|
ICE 代理L: | L_PUB_1 | R_PUB_1 | L1 | √ |
ICE 代理 R: | R_PUB_1 | L_PUB_1 | R1 | √ |
Messages 11-12: At some point, the controlling agent (agent L) decides to nominate a pair (L1) in the valid list. It performs a connectivity check on the pair (L1) and includes the USE-CANDIDATE attribute in the Binding request. As the check succeeds, agent L sets the nominated flag value of the pair (L1) to ‘true’, and agent R sets the nominated flag value of the matching pair (R1) to ‘true’.
消息 11-12:在某个时刻,控制代理(代理 L)决定在有效列表中指定一对(L1)。 它在对 (L1) 上执行连接检查,并在绑定请求中包含 USE-CANDIDATE 属性。 当检查成功时,代理 L 将配对 (L1) 的指定标志值设置为“真”,代理 R 将匹配对 (R1) 的指定标志值设置为“真”。
As there are no more components associated with the stream, the nominated pairs become the selected pairs. Consequently, processing for this stream moves into the Completed state. The ICE process also moves into the Completed state.
由于没有更多的组件与流相关联,因此指定的对成为选定的对。 因此,对此流的处理将进入 Completed 状态。 ICE 进程也进入 Completed 状态。