TURN Server Configuration & Comparison

← Back to Benchmark

Server Configurations

QA KRelay — krelay.qa.keepersecurity.com

COTURN Production QA
Software
COTURN (production QA cluster)
Domain
krelay.qa.keepersecurity.com
Ports
3478 (UDP/TCP), 443/5349 (TLS)
Instances
Production ASG (details managed by DevOps)
Instance Type
Production tier (not disclosed)
Load Balancer
NLB with EIPs
Auth
TURN REST API (shared secret)
Realm
connect.keepersecurity.com
Relay Ports
49152–65535
Network
Keeper QA VPC (managed infrastructure)
This is the production QA TURN relay. Configuration managed by Keeper DevOps. Used as baseline for comparison.

Current COTURN — krelay.current.keeperpamlab.com

COTURN 4.6.2 3 instances
Software
COTURN 4.6.2 (compiled from source)
Domain
krelay.current.keeperpamlab.com
Ports
3478/3479 (UDP/TCP), 443/5349 (TLS)
Instances
3× t3.large (2 vCPU, 8GB RAM) in ASG
Load Balancer
NLB with 2 static EIPs (cross-zone enabled)
AZs
us-east-1a, us-east-1b
VPC
10.100.0.0/16 (dedicated)
Auth
TURN REST API (shared secret)
Realm
connect.keepersecurity.com
Relay Ports
49152–65535
TLS Policy
ELBSecurityPolicy-TLS13-1-2-2021-06
EIP per instance
Yes (Lambda auto-assigns from pool)
IPv6
Enabled on VPC and subnets
Baseline COTURN cluster. Matches QA configuration: same COTURN version, same settings. Used to compare COTURN-vs-COTURN.

Experimental COTURN — krelay.experimental.keeperpamlab.com

COTURN 4.6.2 3 instances
Software
COTURN 4.6.2 (compiled from source)
Domain
krelay.experimental.keeperpamlab.com
Ports
3478/3479 (UDP/TCP), 443/5349 (TLS)
Instances
3× t3.large (2 vCPU, 8GB RAM) in ASG
Load Balancer
NLB with 2 static EIPs (cross-zone enabled)
AZs
us-east-1a, us-east-1b
VPC
10.200.0.0/16 (dedicated, isolated from current)
Auth
TURN REST API (shared secret)
Realm
connect.keepersecurity.com
Relay Ports
49152–65535
TLS Policy
ELBSecurityPolicy-TLS13-1-2-2021-06
EIP per instance
Yes (Lambda auto-assigns from pool)
IPv6
Enabled on VPC and subnets
Experimental cluster for testing performance improvements. Identical to Current — modify COTURN config, instance type, or tuning here and compare results.

Stunner (Planned) — docs.l7mp.io

TBD
Software
STUNner — Kubernetes-native TURN server
Architecture
Runs as K8s pods with Gateway API integration
Key Difference
Cloud-native: auto-scaling, no static EIPs, service mesh aware
Status
Not yet deployed — pending evaluation
Potential 4th test candidate. STUNner is a Kubernetes-native STUN/TURN server that integrates with the Gateway API. Would deploy to the existing EKS cluster (pam-eng-prod). Read more →

Comparison Matrix

QA KRelay Current COTURN Experimental COTURN STUNner (planned)
SoftwareCOTURNCOTURN 4.6.2COTURN 4.6.2STUNner
LanguageCCCGo
DeploymentEC2 ASG + NLBEC2 ASG + NLBEC2 ASG + NLBK8s pods + Gateway API
InstancesManaged by DevOps3× t3.large3× t3.largeTBD
Auto-scalingASGASG (fixed at 3)ASG (fixed at 3)K8s HPA
Load BalancerNLBNLB (2 AZs)NLB (2 AZs)K8s Service/LB
Static IPsYes (EIPs)Yes (EIPs via Lambda)Yes (EIPs via Lambda)No (dynamic)
VPCQA VPC10.100.0.0/1610.200.0.0/16Shared EKS VPC
IPv6UnknownYesYesYes (native K8s)
TURN ProtocolRFC 5766RFC 5766RFC 5766RFC 5766
TLSYesTLS 1.3 (NLB termination)TLS 1.3 (NLB termination)TBD
Managed byKeeper DevOpsTerraform (this repo)Terraform (this repo)Helm chart

Network Topology

Component QA KRelay Current COTURN Experimental COTURN
Client → NLBPublic internetPublic internetPublic internet
NLB → COTURNInternal (QA VPC)Public subnet (EIP per instance)Public subnet (EIP per instance)
COTURN → BenchmarkCross-VPC / internetVPC peering or internetVPC peering or internet
NAT GatewayQA managed1 per AZ (2 total)1 per AZ (2 total)
Benchmark Serverbench.keeperpamlab.com — t3.medium in PEDM VPC public subnet (10.0.0.0/24)

Benchmark Results (from latest run)

Run tests on the benchmark page, then return here. Results will be saved to localStorage and displayed in a future update.

Infrastructure Source

EnvironmentTerraform Path
QA KRelayManaged externally (Keeper DevOps)
Current COTURNenvironments/krelay-current/
Experimental COTURNenvironments/krelay-experimental/
Benchmark Serverenvironments/webrtc-benchmark/
COTURN Modulemodules/krelay/
EIP Modulemodules/krelay-eips/