Closed Bug 927651 Opened 12 years ago Closed 12 years ago

Deploy a TURN server in EC2

Categories

(Cloud Services :: Operations: Deployment Requests - DEPRECATED, task)

Product:
Cloud Services
Component:
Operations: Deployment Requests - DEPRECATED
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: whd, Assigned: ckolos)

Details

<mmayo> bring up a turn server on a stable hostname/URI by EOD Friday. (10/18/2013) Some useful URLs for the current favored implementation: https://code.google.com/p/rfc5766-turn-server/ https://code.google.com/p/rfc5766-turn-server/downloads/detail?name=turnserver-2.6.5.2-amazon-ec2.txt&can=2&q= Since this is for test/demo purposes authentication can/will be bogus or disabled.
turn server is running at turn1.webrtc.us-east-1.prod.mozaws.net. Testing is ongoing. STUN works, but having issues testing TURN.
Simon, can you chime in on how we should test TURN? Whereby I mean can you test that the TURN server above is working? :) (and tell us what you did so we can reproduce)
Flags: needinfo?(swex)
Under media/mtransport/test, we have a couple of test drivers (turn_unittest.cpp and ice_unittest.cpp) that rely on having a working TURN server. They mostly test our implementation, but do incidentally exercise the TURN server that's specified. To enable these tests, you need to set TURN_SERVER_ADDRESS, TURN_SERVER_USER and TURN_SERVER_PASSWORD in your environment before running the tests.
Mark, does that work for you? ^
Flags: needinfo?(swex)
Note that Mozilla Guest Wifi is restrictive so you'd need a TURN server talking to someone who's on that.
:swex - Testing now
:swex / :abr - can you confirm if one the following would correctly utilize the TURN server? about:config -> media.peerconnection.default_iceservers -> [{url:"turn:turn1.webrtc.us-east-1.prod.mozaws.net"}] or [{"url": "stun:turn1.webrtc.us-east-1.prod.mozaws.net"}]
Flags: needinfo?(swex)
The second one would work only if the javascript didn't supply its own set of ICE servers, although it would only use the STUN functionality. It would not test TURN. In theory, something like this would test TURN: [{"username":"<username goes here>","credential":"<password goes here>","url":"stun:turn1.webrtc.us-east-1.prod.mozaws.net"}] With the same caveat that the media.peerconnection.default_iceservers variable is used only if the script doesn't pass in any ICE servers at PC creation time. In theory, you can force FFx to use these servers by setting media.peerconnection.use_document_iceservers to "false," but the very cursory testing I did earlier didn't show PC honoring this particular pref. I might have done something wrong, though. You'd want to double-check that things were going as expected rather than just relying on these prefs to work. And, of course, unless you're in a very hostile network environment, you're not going to end up using the TURN server anyway. The unit tests that I mention above don't have this shortcoming.
Crud. I meant to say "turn:turn1.webrtc.us-east-1.prod.mozaws.net" in my example above. And that's probably why my previous attempts didn't work. :)
With :ckolos and :bobm's help, we've confirmed that running the upstream AMI provided in us-west-2 will get us a working TURN server. We have been using ec2-50-112-14-161.us-west-2.compute.amazonaws.com (t1.micro) for testing purposes. Tests were conducted with both clients on mozilla-guest in MTV. Additional tests were conducted with one client on mozilla-guest and the other on ethernet. Two clients were able to connect via talkilla and the appspot reference demo with media.peerconnection.use_document_iceservers set to false. We observed with tcpdump the client sending the data and the TURN server relaying it. We haven't been able to get no-auth working yet, but in the worst case we can just provide the bogus credentials for accessing the TURN server. It is possible for multiple users to use the same TURN credentials simultaneously.
A working TURN server has been created in both us-east/west. Rather than burn time on getting no-auth to work, we've done as above and created bogus cred for the server. turn1.webrtc.us-east-1.prod.mozaws.net/turn2.webrtc.us-west-2.prod.mozaws.net
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: needinfo?(swex)
Resolution: --- → FIXED
This is rad guys. Thanks.
You need to log in before you can comment on or make changes to this bug.