About STUN Messaging
STUN messages uses six messages, three of which are used for Binding and three of which are uses for the Shared Secret. While it supports all three Binding messages (request, response, and error), the Oracle® Enterprise Session Border Controller does not support the Shared Secret Request or the message integrity mechanism that relies on the shared secret. When acting as a STUN server, the Oracle® Enterprise Session Border Controller responds to STUN binding requests in accordance with RFC 3489 and the rfc3489bis draft.
STUN messages can contain the following attributes:
| Message Type | Attribute Description |
|---|---|
| MAPPED-ADDRESS | Appears in the Binding Response; contains the source IP address and port from which the Binding Request was sent to the STUN server. |
| XOR-MAPPED-ADDRESS | Appears in the Binding Response; contains the MAPPED-ADDRESS information encoded in a way the prevents intelligent NAT devices from modifying it as the response goes through the NAT. |
| SOURCE-ADDRESS | Appears in the Binding Response; contains the IP address and port from which the STUN server sent its response. |
| CHANGED-ADDRESS | Appears in the Binding Response; contains an alternate STUN server IP address and port, different from the primary STUN server port. The STUN client might use this attribute to perform the NAT tests described in RFC 3489. |
| CHANGE-REQUEST | Appears in the Binding Request; instructs the STUN server to send its response from a different IP address and/or port. The STUN client might use this attribute to perform the NAT tests described in RFC 3489. |
| RESPONSE-ADDRESS | Appears in the Binding Request; defines an IP address and port to which the STUN server should send its responses. Appears in the Binding Request; |
| REFLECTED-FROM | Appears in the Binding Response; reflects the IP address and port from which a Binding Request came. Only included when the Binding Request has used the RESPONSE-ADDRESS attribute. |
| UNKNOWN-ATTRIBUTES | Appears in the Binding Error; reflects the mandatory attributes in a Binding Request message that the server does not support. |
| ERROR-CODE | Appears in the Binding Error; indicates an error was detected in the Binding Request, and contains an error code and reason phrase. |
To perform NAT discovery, the endpoint (STUN client) sends a Binding Request to the STUN server port (IP address and port) with which it is configured. The STUN server then returns either a;
- Binding Response—Allows the transaction to proceed
- Binding Error—Halts the transaction, and prompts the client to take the action appropriate to the response given in the ERROR-CODE attribute
When the transaction proceeds and the STUN server sends the Binding Response, that response contains the MAPPED-ADDRESS attribute, which contains the IP address and port from which the server received the request. The STUN client then uses the MAPPED-ADDRESS when sending signaling messages.
For example, a SIP endpoint sends Binding Requests from its SIP port to determine the public address it should place in SIP headers, like the Via and Contact, of the SIP requests it sends. When this SIP endpoint prepares to make or answer a call, it sends Binding Requests from its RTP port to find out the public address it should place in SDP included in an INVITE request or response.
