Why does WebRTC need the local IP?

Question

This question Why is my internal IP address (private) visible from the Internet? highlights that the Local IP can be accessible from a website because WebRTC needs it.

However it does not answer why WebRTC needs it. From the wiki page of the STUN Protocol :

When a client has evaluated its external address, it can use this as a candidate for communicating with peers by sharing the external NAT address rather than the private address, which is not reachable from peers on the public network

It says nowhere that the Local IP needs to be disclosed. Indeed if both peer have exchanged the the public IP of their respective NAT with the corresponding port that has been assigned to them, they can now communicate and no Local IP is involved.

Could someone provide a simple explanation or situation where the local IP is legitimately needed ?

Answer 1

WebRTC doesn't require Internal IP Address for P2P communication. It's the STUN server that retrieves it. The purpose of webRTC is to let the client discover its public IP Address.

On the cloud side, STUN server has following work to do:

• Discover client's private & public IP Address

• Discover Internal and external ports

• Behind what type of NAT client is sitting at

There is no way STUN server can be able to discover behind what type of NAT you are sitting at unless it knows your Int IP:int Ports.

You may feel that discovering type of NAT is unnecessary but for STUN protocol it is important. If STUN finds that you are behind a symmetric NAT, the P2P session cannot be initiated.

STUN server reports this to webRTC and webRTC switches from STUN to TURN using RTC Peer Connection Object API. It happens in case of symmetric NAT.

So, basically it's a STUN server who wants to know your Internal IP and not the P2P protocols. Your Internal IP is only visible to those sites who are operating the STUN server.