Networking Considerations for Video Applications
In real-time video applications, clients must be able to exchange audio, video, and other media with one another with the lowest possible latency. When clients connect to a video Room, the Twilio Video SDK tries to establish a direct media connection between the client and Twilio's media server (also called a Selective Forwarding Unit, or SFU).
Firewalls and Network Address Translation (NAT) can impact the quality and performance of your application if they block direct communication of media.
If a direct connection can't be established between a client and Twilio's media servers, Twilio uses a TURN relay to exchange media. Using TURN adds additional latency to the application, as it adds an extra hop between the client sending the media and the client receiving the media.
Common reasons why a direct connection could fail are firewalls that restrict UDP traffic on Twilio's specified ports or non-BEHAVE-compliant NATs, which can't be traversed using standardized methods.
What is a BEHAVE-compliant NAT?
The following protocols and ports are listed in order of preference. Twilio Video uses a fallback hierarchy: it always attempts the lowest-latency connection first and falls back to higher-latency options only when the preferred method is blocked.
Info
To configure your firewall with IP address ranges, proxy bypass guidance, and troubleshooting, see the Video Firewall and Network Configuration guide.
| Priority | Protocol | Port Range | Latency impact |
|---|---|---|---|
| 1 (Optimal) | STUN and UDP/TLS/RTP/SAVPF | 10000 - 60000 | Lowest latency — direct media connection |
| 2 (Acceptable) | STUN, TURN-UDP | 3478 | Adds < 50ms — TURN relay |
| 3 (Degraded) | TURN-TLS | 443 | Adds > 50ms — TCP retransmission overhead |
When Participants connect to a Room, Twilio's media server dynamically assigns ports for UDP communication. If direct connectivity checks fail on the assigned ports, then TURN-UDP on port 3478 and TURN-TLS on port 443 are used as fallbacks.
The scenarios below describe situations where a client, Alice, connects to a Room and exchanges media with Twilio's media servers under different network environments.
In a non-restrictive network environment or a restricted environment where UDP ports 10000 - 60000 are allowlisted, Alice can establish a direct media connection with the Twilio media server using the specified UDP port range. This provides the lowest latency and best call quality.
In an environment where only UDP port 3478 is allowed, Alice must relay media through a TURN server in order to connect with the Twilio SFU. This adds marginal latency (< 50ms) because the TURN server is now relaying media between Alice and the Twilio media server, rather than Alice directly communicating with the media server.
In an environment where only TCP/TLS port 443 is allowed, the client must relay through the TURN server in order to connect with the SFU. This adds higher latency (> 50ms) because the TURN server is now relaying media using TCP/TLS between the client and the media server. TCP/TLS adds delivery acknowledgments and retransmission, which can further delay transmission of real-time media. Users may experience degraded audio and video quality in this configuration.
