IETF Logo Mail Archive

Re: [AVTCORE] Last question about AVP profiles for RTP over QUIC (was: Re: Registering AVP Profiles for RTP over QUIC)

Roman Shpount <roman@telurix.com> Tue, 12 July 2022 20:04 UTC

Return-Path: <roman@telurix.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3076AC15A72E for <avt@ietfa.amsl.com>; Tue, 12 Jul 2022 13:04:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telurix.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0I0bLwEq53j for <avt@ietfa.amsl.com>; Tue, 12 Jul 2022 13:04:37 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDC4EC157B4D for <avt@ietf.org>; Tue, 12 Jul 2022 13:04:37 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id d18so9129067qtw.8 for <avt@ietf.org>; Tue, 12 Jul 2022 13:04:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jqXg2LHG4IBGZUkg4YH6ZooU3P4JTVMSWFh8jpGjbG8=; b=KOjg4c8igOv5TPOtfNRvd7CU9vKG7eFnSDLKXWO5n1R0vBNz6l1r2nsVKk6GcQ0yYd wtXASKndcuLj07Y5OpngAkqVl4YaxjA78JgujYSPXZ3jy+g5uUb6VbQrz3Nvq33uYyuV jxmYtQH/49QMpctfpHSmq0iOmq1z871+y5EMk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jqXg2LHG4IBGZUkg4YH6ZooU3P4JTVMSWFh8jpGjbG8=; b=2LM7QJi0b3tYepuO3pCvEv5BV44y0IKUxxPFJJdXzrZbUSwSPR2xm4imyF52AFkXZZ Tc4jphfX5VPV6pF31RJi/CGF14R08IZHWLJplA52X5tzFTJeBP5uj1C5+Wr0F7kvca1R 6wj/5+TdJPrU9RwBe8fCzAkahcxs9qC2nDgC/rY8T4eJOGwQ11CGrST8GvIaXkqymUXP dnl7PUO6qPsp27UyXItQ+NYvpSN2/St5VmrI2o/aT0tNdeNgqdXiZJv2LjKw9xStzhp6 kKD4t5rChvew/hoFyXDv2mQcS7BtPYfCtCsk2qR68EC6EZ4Ud5OlitcYIWUnWuIjhWhI Jzyg==
X-Gm-Message-State: AJIora/iAztRPNgSkd6ECXHM/s4A1UGB9qGSzIEN38SP3j98fbX51Uqx PO2ZeJ4jl79fNJHuLUiSvph3PTyWkKMCZg==
X-Google-Smtp-Source: AGRyM1t67esqtpYFWVPaRyItrE0pJpSg5kIbStVHJnEPaYY1QLji7zfLBNEwpS3kmbvqUHZWFAaHjw==
X-Received: by 2002:ac8:5e49:0:b0:31e:b118:b9f4 with SMTP id i9-20020ac85e49000000b0031eb118b9f4mr12482197qtx.530.1657656276145; Tue, 12 Jul 2022 13:04:36 -0700 (PDT)
Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com. [209.85.128.178]) by smtp.gmail.com with ESMTPSA id bi23-20020a05620a319700b006a6c552736asm9470731qkb.119.2022.07.12.13.04.35 for <avt@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 12 Jul 2022 13:04:35 -0700 (PDT)
Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-31caffa4a45so92797057b3.3 for <avt@ietf.org>; Tue, 12 Jul 2022 13:04:35 -0700 (PDT)
X-Received: by 2002:a81:2f4c:0:b0:31c:2bee:dfa4 with SMTP id v73-20020a812f4c000000b0031c2beedfa4mr27360759ywv.483.1657656274759; Tue, 12 Jul 2022 13:04:34 -0700 (PDT)
MIME-Version: 1.0
References: <CAKKJt-dvotzuaK66T8WQd7YgNLNr_6vqa4W8-z=5FvujpGWA=A@mail.gmail.com> <CAKKJt-c+PrYeackVCyGOpoiPGw6f90D7fZYw+D9MGPNKdEC8cA@mail.gmail.com> <CAD5OKxvVK5WRRY_UQsbnHA2TF9Qd0sNfKcdmuQhCFsFMOr83zA@mail.gmail.com> <CAKKJt-dXF6rLEGBPqTo-q6MwPC8gJ1mKG=ADMXrD86eG-2Q4Og@mail.gmail.com> <CAD5OKxvkWB-xcYDCtuOTq0_um-4UA=3wHphYDwJnE8T9mettfQ@mail.gmail.com>
In-Reply-To: <CAD5OKxvkWB-xcYDCtuOTq0_um-4UA=3wHphYDwJnE8T9mettfQ@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Tue, 12 Jul 2022 16:04:23 -0400
X-Gmail-Original-Message-ID: <CAD5OKxtTX1+xmeinU3H6EQ6H-ja3fk-=X+wvMZrx+mQ96JkXWw@mail.gmail.com>
Message-ID: <CAD5OKxtTX1+xmeinU3H6EQ6H-ja3fk-=X+wvMZrx+mQ96JkXWw@mail.gmail.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Cc: IETF AVTCore WG <avt@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006ab69e05e3a12d42"
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/14NtfWkq3u4Ng6DWTFrHFgsad_E>
Subject: Re: [AVTCORE] Last question about AVP profiles for RTP over QUIC (was: Re: Registering AVP Profiles for RTP over QUIC)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2022 20:04:42 -0000

Hi Spencer,

I wanted to see if my explanation made any sense or if you have any
additional questions.

Best,
_____________
Roman Shpount


On Sun, Jun 26, 2022 at 1:17 AM Roman Shpount <roman@telurix.com> wrote:

> Hi Spencer,
>
> I will try to explain this again. What you are missing here is ICE-TCP
> (RFC 6544).
>
> Let's say a browser generates an offer. It would look something like this
> (I am skipping a bunch of attributes here, but this should be enough to
> convey the point):
> m=audio 55493 UDP/QUIC/RTP/AVPF 111 63 103 104 9 0 8 106 105 13 110 112
> 113 126
> c=IN IP4 192.168.80.1
> a=candidate:88276966 1 udp 2122260223 192.168.80.1 55493 typ host
> generation 0 network-id 2
> a=candidate:227749246 1 udp 2122194687 192.168.86.29 55494 typ host
> generation 0 network-id 1 network-cost 10
> a=candidate:1270940438 1 tcp 1518280447 192.168.80.1 9 typ host tcptype
> active generation 0 network-id 2
> a=candidate:1125175694 1 tcp 1518214911 192.168.86.29 9 typ host tcptype
> active generation 0 network-id 1 network-cost 10
>
> What we have here are two TCP candidates. The only protocol used there is
> the same one used over UDP, except with framing defined in RFC4571. It
> cannot be anything else since ICE can switch between any of those
> candidates during the nomination process, and communications should
> continue. It is not unusual for the first one or two packets to be
> delivered over TCP and subsequent packets over UDP. It cannot happen if the
> switch is between RTP-over-QUIC and DTLS-RTP. Furthermore, there is no way
> to define a switch between two unrelated protocols based on the type of ICE
> candidate used.
>
> Now, let's say the client is behind the UDP-restricted network. This means
> one of the TCP candidates gets nominated. Only the TCP candidate is left if
> another offer is sent after the nomination. This means the offer will look
> like this:
> m=audio 9 TCP/QUIC/RTP/AVPF 111 63 103 104 9 0 8 106 105 13 110 112 113 126
> c=IN IP4 192.168.80.1
> a=candidate:1270940438 1 tcp 1518280447 192.168.80.1 9 typ host tcptype
> active generation 0 network-id 2
>
> You cannot use UDP/QUIC/RTP/AVPF since the connection is over TCP, not
> UDP. This is why you need to register this protocol name.
>
> I do not think any work needs to be done by the QUIC working group. No
> work was required for DTLS or SCTP. This is an ICE-specific issue and is
> quite different from a typical QUIC to HTTP/2 fallback.
>
> I hope this explains the issue. Otherwise, we can go into more detail
> during the IETF meeting.
>
> Best Regards,
> _____________
> Roman Shpount
>
>
> On Wed, Jun 22, 2022 at 5:57 PM Spencer Dawkins at IETF <
> spencerdawkins.ietf@gmail.com> wrote:
>
>> Hi, Roman,
>>
>> On Sun, May 22, 2022 at 11:49 PM Roman Shpount <roman@telurix.com> wrote:
>>
>>> As the person who proposed this, I am for this.
>>>
>>> You would probably need to register TCP/QUIC/RTP/AVPF as well, which
>>> would be RTP over QUICK over TCP with RFC4571 framing. See
>>> https://datatracker.ietf.org/doc/html/rfc8841#section-8 for a similar
>>> definition for SCTP.
>>>
>>
>> I've been thinking about this one for a while (see date on your reply, vs
>> date on my reply).
>>
>> I may be dense, but I'm thinking that it would take (significant) work
>> for us to convince the QUIC working group to produce another QUIC binding,
>> based on TCP, rather than UDP, and that in the absence of such a protocol
>> revision, this isn't useful for the use cases people have been talking
>> about, so far.
>>
>> Usually, when I've had conversations about "falling back to TCP", it's
>> been in an HTTP/3-QUIC context, where a client's UDP packets are being
>> blocked or severely rate-limited, so falling back to HTTP/2 (or even
>> HTTP/1.1) over TCP makes perfect sense.
>>
>> If UDP/QUIC/RTP/AVPF is being blocked, wouldn't an RTP endpoint just
>> failover to TCP/RTP/SAVPF, the same way it would if a path was blocking UDP
>> packets today?
>>
>> Can anyone help me understand what I'm missing here?
>>
>> Best,
>>
>> Spencer
>>
>>
>>> The main reason for this definition is ice-tcp support. If you do a
>>> session update once the ice-tcp candidate is nominated, the protocol in the
>>> m= line should match the protocol for the only remaining candidate,
>>> so TCP/QUIC/RTP/AVPF would be used.
>>>
>>> Best,
>>> _____________
>>> Roman Shpount
>>>
>>>
>>> On Sun, May 22, 2022 at 7:41 PM Spencer Dawkins at IETF <
>>> spencerdawkins.ietf@gmail.com> wrote:
>>>
>>>> So, we had a spirited discussion about a few things in this thread, but
>>>> I'd like to reset back to my original question.
>>>>
>>>> On Wed, May 11, 2022 at 3:46 PM Spencer Dawkins at IETF <
>>>> spencerdawkins.ietf@gmail.com> wrote:
>>>>
>>>>> Dear AVTCORE,
>>>>>
>>>>> I've had an open PR in
>>>>> https://github.com/SpencerDawkins/sdp-rtp-quic/pull/9 for a while,so
>>>>> I could get a sense of how AVT profiles are supposed to work, and I'd like
>>>>> to push on that now (with a virtual interim meeting coming up next week)..
>>>>>
>>>>> The high-level summary of discussion in
>>>>> https://github.com/SpencerDawkins/sdp-rtp-quic-issues/issues/5 (note
>>>>> that this discussion is in a different repo, because reasons) has been
>>>>> roughly,"what's the difference between QUIC/RTP/AVPF and QUIC/RTP/SAVPF"?
>>>>>
>>>>> The arguments about not registering secure AVP profiles involve
>>>>>
>>>>>    -  the computational overhead of double encryption for all
>>>>>    packets, plus
>>>>>    - the payload overhead of 10 bytes per packet since you have 2
>>>>>    HMACs.
>>>>>
>>>>> The arguments about registering secure AVP profiles seem to revolve
>>>>> around
>>>>>
>>>>>    - Minimizing the impact of added QUIC support in existing
>>>>>    implementations that are using /RTP/SAVPF now.
>>>>>    - QUIC encryption protects payloads between QUIC endpoints, but
>>>>>    there are many multi-endpoint RTP topologies (
>>>>>    https://www.rfc-editor.org/rfc/rfc7667 has about 50 pages of
>>>>>    them), and when a middlebox receives  QUIC/RTP/AVPF, it's not obvious
>>>>>    whether the middlebox should
>>>>>       - forward the RTP payload using  RTP/AVPF (where the outgoing
>>>>>       AVPF matches the incoming AVPF), or
>>>>>       - forward the RTP payload using RTP/SAVPF, where the outgoing
>>>>>       SRTP encryption matches the incoming QUIC
>>>>>
>>>>> It seems to me that there are three choices:
>>>>>
>>>>>    - Use only QUIC/RTP/AVPF, and and require middleboxes receiving
>>>>>    QUIC/RTP/AVPF traffic to always forward that traffic over RTP/SAVPF
>>>>>    - Use only QUIC/RTP/AVPF, and and require senders to signal
>>>>>    middleboxes whether they should forward that traffic over RTP/AVPF or
>>>>>    RTP/SAVPF
>>>>>    - Register both QUIC/RTP/AVPF and QUIC/RTP/SAVPF, and if you have
>>>>>    to do double encryption on the QUIC/RTP paths to get RTP/SAVPF on the other
>>>>>    side of a middlebox, too bad
>>>>>
>>>>> So, my questions are,
>>>>>
>>>>>    - What am I missing here?
>>>>>    - Are any of the choices I'm listing obviously the *BEST* choice?
>>>>>
>>>>> My recommendation for what I was registering now, in sdp-rtp-quic, in
>>>> my way-too-quick talk at the interim meeting last week, was that I was
>>>> only registering QUIC/RTP/AVPF (if we ever figure out what SAVP and
>>>> SAVPF mean when RTP is carried over QUIC, we can register them later).
>>>>
>>>> We didn't have time for Q&A after my talk, but in Jabber, this
>>>> happened:
>>>>
>>>> 11:50:08 Roman Shpount It should be UDP/QUIC/RTP/AVPF
>>>> 11:50:26 Sergio Garcia Murillo +1 to UDP/QUIC/RTP/AVPF
>>>>
>>>>
>>>> So, we haven't talked about this, and if I'm making commits
>>>> to sdp-rtp-quic, I should ask about it now.
>>>>
>>>> After a quick spin through
>>>> https://www.iana.org/assignments/sdp-parameters/sdp-parameters.xhtml#sdp-parameters-2,
>>>> I think this is reasonable and correct.
>>>>
>>>> So, that would give me one proto registration for UDP/QUIC/RTP/AVPF.
>>>>
>>>> I'll make this change before IETF 114.
>>>>
>>>> Any obvious objections? Please reply here, if so.
>>>>
>>>> Best,
>>>>
>>>> Spencer
>>>>
>>>>
>>>>> Best,
>>>>>
>>>>> Spencer
>>>>>
>>>> _______________________________________________
>>>> Audio/Video Transport Core Maintenance
>>>> avt@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/avt
>>>>
>>>

v2.23.0 | Report a Bug | By Email